cc/td/doc/product/access/acs_soft/ucp
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Installing and Configuring UCP
Installing the Oracle Enterprise Database Software
Installing the ActiveWeb Software
Installing the CiscoSecure ACS
Installing the UCP UNIX Components
Creating UCP Tables and Triggers - Part 1
Configuring and Starting the ActiveWeb and SMS Database Adapters
Importing UCP Events into the Information Broker
Creating UCP Tables and Triggers - Part 2
Installing the NCC from the Windows NT CD-ROM
Configuring and Starting UCP Services
Installing the CiscoSecure Global Roaming Server
Installing the NetFlow Collector
Installing Netsys
Uninstalling UCP

Installing and Configuring UCP


This chapter describes how to install the various Cisco User Control Point (UCP) components. The installation procedure involves the following steps, which must be completed in the following order:

1. Installing the Oracle Enterprise Database Software

2. Installing the ActiveWeb Software

3. Installing the CiscoSecure ACS

4. Installing the UCP UNIX Components

5. Creating UCP Tables and Triggers - Part 1

6. Configuring and Starting the ActiveWeb and SMS Database Adapters

7. Importing UCP Events into the Information Broker

8. Creating UCP Tables and Triggers - Part 2

9. Installing the NCC from the Windows NT CD-ROM

10. Configuring and Starting UCP Services

11. Installing the CiscoSecure Global Roaming Server

12. Installing the NetFlow Collector

13. Installing Netsys

ActiveWeb, UCP, and the CiscoSecure Access Control Server (ACS) run on one or more Sun Solaris systems. The Network Control Console (NCC) runs on a Windows NT system.

Installing the Oracle Enterprise Database Software

Before installing any UCP components, you must install the Oracle Enterprise database software. Oracle does not need to be installed on the server where other UCP components are running and can be accessed using SQL*Net or by mounting the Oracle directory.

This section describes how to install and configure an Oracle database for use with UCP.

Before Installing Oracle

Before installing Oracle, add the following lines to the /etc/system file:

************************************************************************
set shmsys: shminfo_shmmax = 209715200
set shmsys: shminfo_shmseg = 50
set semsys: seminfo_semmns = 1750
set semsys: seminfo_semmni = 70
************************************************************************
* SHMMAX: The maximum size (in bytes) of a single shared memory
*          segment.
* SHMSEG: The maximum number of shared memory segments that can be
*          attached by a process.
* SEMMNS: The number of semaphores per set. It should be at least the
*          same size as the maximum number of Oracle processes.
* SEMMNI: The number of semaphore set identifiers.
************************************************************************

During Oracle Installation

During Oracle installation, assign tablespace disk usage as follows:

SYSTEM: 150 MB
RBS: 150 MB
TEMP: 100 MB

Note      To reduce I/O contention, assign each tablespace to a separate partition or, ideally, a separate disk drive.


After Installing Oracle

After Oracle is installed, complete the procedures described in this section.

Set the Superuser Environment

To set the superuser environment, follow these steps:


Step 1   Declare the ORACLE_HOME and ORACLE_SID environment variables for the "root" user in /.cshrc and /etc/profile files.

Step 2   Add $ORACLE_HOME/bin to root's PATH environment variable.

Specify Oracle Compatibility

To specify the Oracle compatibility, follow these steps:


Step 1   Use a text editor to open the init{SID}.ora file in the $ORACLE_HOME/dbs directory.

Step 2   Find the line:

compatible = X.X.X.X.X

and change it to the following:

compatible = 7.3.2.0.0

Step 3   Save the file and exit the text editor.

Create Tablespace for UCP

To create tablespace for UCP, follow these steps:


Step 1   Use SQL to create a tablespace for UCP tables named UCP_TBL. Assign 100 MB for the first 10,000 user profiles plus 70 KB for each additional 100 user profiles. For example:

CREATE TABLESPACE ucp_tbl
DATAFILE '/oracle_data_dir_1/ucp_tbl_ts.dbf' size 100M
DEFAULT STORAGE (MAXEXTENTS unlimited);

where oracle_data_dir is the directory where the tablespace will be stored.

Step 2   Use SQL to create a tablespace for UCP indexes named UCP_IDX. Assign 100 MB for the first 10,000 user profiles plus 70 KB for each additional 100 user profiles. For example:

CREATE TABLESPACE ucp_idx
DATAFILE '/oracle_data_dir_2/ucp_idx_ts.dbf' size 1000M
DEFAULT STORAGE (MAXEXTENTS unlimited);

where oracle_data_dir_2 is a different directory where the tablespace will be stored.

Create a UCP User Account

Use SQL to create a UCP user account. For example:

CREATE USER ucpuser IDENTIFIED BY ucppass
DEFAULT TABLESPACE ucp_tbl;
GRANT CONNECT TO ucpuser;
GRANT RESOURCE TO ucpuser;

where ucpuser and ucppass is the name and password of the UCP user account.

Starting and Stopping the Database

To start the Oracle database, log in to the server using the Oracle UNIX account and complete the following steps:


Step 1   Verify the ORACLE_HOME environment variable is declared.

Step 2   Start the srvrmgrl utility that is located in the /$ORACLE_HOME/bin directory.

Step 3   Enter the following commands:

SVRMGR> connect internal
SVRMGR> startup
SVRMGR> quit

To stop the Oracle database, log in to the server using the Oracle UNIX account and complete the following steps:


Step 1   Ensure that no sessions are active.

Step 2   Start the svrmgrl utility.

Step 3   Enter the following commands:

SVRMGR> connect internal
SVRMGR> shutdown
SVRMGR> quit

Accessing the Oracle Database

The following components must be able to access the Oracle database:

To ensure that they can access the Oracle database, install them on the system running Oracle, install SQL*Net, or NFS mount the Oracle directory.


Note      Regardless of how the Oracle database is accessed, make sure the environment variable ORACLE_HOME is set on the client host.


Mounting the Oracle Directory

To mount the Oracle directory, follow these steps:


Step 1   Make sure the mountd and nfsd daemons are running on both systems. To check whether the daemons are running, enter the following commands:

ps -ef | grep mountd
ps -ef | grep nfsd

Step 2   From the remote machine, enter the following command:

share -F nfs pathname

where pathname is the location of the Oracle directory.

Step 3   From the local machine, enter the following command:

mount -F nfs ip_address:path_remote path_local

where ip_address is the IP address of the remote machine, path_remote is the location of the remote Oracle directory, and path_local is the location of the local directory where the Oracle directory will be mounted.

Setting Up a Client Host

Whether a client mounts a database or uses SQL*Net, you must create a tnsnames.ora file. To do this, create the file /var/opt/oracle/tnsnames.ora. and add the following lines:

UCP=
(DESCRIPTION=
(ADDRESS=
(PROTOCOL=TCP)
(HOST=hostname)
(PORT=port_number))
(CONNECT_DATA=(SID=SID)))

where hostname is the name or IP address of the server running Oracle, port_number is the port used to communicate with the client (default: 1521), and SID is the database server ID.

Setting Up the Server Host

To set up a server host, open the /$ORACLE_HOME/network/admin/listner.ora file and append the following lines:

TCP_LISTENER=
(ADDRESS_LIST=
(ADDRESS =
(PROTOCOL = TCP)
(HOST = hostname)
(PORT = port_number)
)
)
SID_LIST_TCP_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = SID)
(ORACLE_HOME = oracle_home)
)
)

where hostname is the name or IP address of the server running Oracle, port_number is the port used to communicate with the client, SID is the database server ID, and oracle_home is the Oracle directory.


Note      After setting up the server host, start the TNS listener utility by changing to the $ORACLE_HOME/bin directory and entering lsnrctl start tcp_listener.


Testing the Oracle Database

To verify that you can connect to the Oracle database, change to the $ORACLE_HOME/bin directory and enter the following command:

./tnsping TNS_name

where TNS_name is the TNS name defined in the tnsnames.ora file.

Installing the ActiveWeb Software

Certain ActiveWeb software components are required to run UCP. This section explains how to install the ActiveWeb software.

ActiveWeb Components

The ActiveWeb software provides components that allow the various UCP services to communicate with each other by means of predefined events.

The following components are installed during the ActiveWeb installation:


Note      Cisco strongly recommends installing the ActiveWeb documentation package.


Running the ActiveWeb Installation Program


Note      Make sure the Oracle server can be accessed from the machine where the ActiveWeb software is installed. For more information, see the "Accessing the Oracle Database" section. Note also that the client software for your Subscriber Management System (SMS) must be able to communicate with the ActiveWeb database adapter (dbAdapter).


Install the ActiveWeb software on any system that requires an ActiveWeb component. Make sure you install it on the systems that will run Information Brokers.

Follow these steps:


Step 1   Place the ActiveWeb CD-ROM in the CD-ROM drive on the Sun Solaris system.

Step 2   Log in as root.

Step 3   Change to the /cdrom/activesw directory and run install.ksh.

Step 4   Locate the Install Keys for the following components:


Note The Install Keys are located in the ActiveWeb CD-ROM booklet.


Step 5   When prompted, enter the Install Keys on a single line. Separate each key with a single space. For example:

key00001 key00002 key00003 key00004 key00005

Note Enter only the Install keys. Do not enter License Keys until prompted.


Step 6   Follow the installation prompts until you are prompted to select installation directories for the ActiveWeb components. Cisco recommends that you accept the default values.

Step 7   Follow the installation prompts until you are prompted to enter a domain name. Enter the domain name. If you are not sure of the name, check the hosts file.

To find the domain name, change to the directory where the hosts file is located (default: /etc) and enter the following:

more hosts
171.69.255.233  machine3  machine3.cisco.com  loghost
171.69.255.234  machine4.cisco.com  machine4
171.69.255.231  machine1.cisco.com  machine1
171.69.255.232  machine2.cisco.com  machine2

The text that appears after the machine name is the domain name. In this example, the domain name is "cisco.com."

Step 8   When prompted, enter the ActiveWeb Broker license key. The license key is located in the ActiveWeb CD-ROM booklet.

Installation is complete.

Step 9   Repeat this procedure for each ActiveWeb installation.

Verifying ActiveWeb Installation

After installing the ActiveWeb software, the Information Broker starts automatically. To verify the broker is working, use the broker_ping command. Change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following command:

broker_ping localhost
Broker #1@localhost is alive

Creating and Starting Multiple ActiveWeb Information Brokers

Because all events flow through the Information Broker, it is a potential performance bottleneck. To improve performance and throughput, UCP event traffic can be distributed between up to four brokers. Assign each broker to one of the following categories:


Note      All UCP services can communicate with up to four brokers. To configure UCP services to communicate with multiple brokers, use the NCC.


Multiple ActiveWeb Information Brokers can be installed on a single system or multiple systems. However, if all brokers are started on the same system, they share the same resources. If one broker becomes overloaded, it might affect the performance of the other brokers.


Note      UCP services access brokers through a combination of the host name or IP address and the broker name. For example, four brokers named Broker#1 can be located on four separate hosts.


To create and start the ActiveWeb Information Brokers, follow these steps:


Step 1   Start the ActiveWeb manager utility on any machine where ActiveWeb is installed. Change to the ActiveWeb directory (default: /opt/active/bin) and enter the following:

./manager &

The manager window appears.

Step 2   From the File menu, select Add Broker Host. Enter the name or IP address of a broker host and click OK.

Repeat this step for each broker host.

Step 3   Add brokers to broker hosts.


Note By default, Broker #1 is created when ActiveWeb is installed. Therefore, when you click on a broker host in the left frame of the manager window, you should see Broker #1 in the right frame. If you are using four broker hosts and Broker#1 appears in the right frame for each host, you do not need to add more brokers.


From the File menu, select Add Broker Host. Enter a name for the broker and click OK.

The broker is added. Repeat this step until all four brokers are created.

Step 4   When you are finished, exit the manager utility.


Note Cisco recommends that the Inter-Component broker runs on a separate machine.


Configuring Network Access Lists

To control access to ActiveWeb Information Brokers, set up network access lists (NALs). NALs control which IP addresses have access to a broker or client group operations.

To set up a NAL, follow these steps:


Step 1   Start the ActiveWeb manager utility on any machine where ActiveWeb is installed. Change to the ActiveWeb directory (default: /opt/active/bin) and enter the following:

./manager &

The manager window appears.

Step 2   Select the local host. From the File menu, select Properties.

The Properties window appears.

Step 3   Click the Security tab.

Step 4   Select Allow access from only these machines and add all machines that will be allowed to access the local host.

Step 5   Click OK.

Step 6   Select a broker. From the File menu, select Properties.

The Properties window appears.

Step 7   Click the Security tab.

Step 8   Select Allow access from only these machines and add all machines that will be allowed to access the broker.

Step 9   Click OK.

Step 10   Select a broker's Client Groups folder and double-click default.

The Properties window appears.

Step 11   Click the Security tab.

Step 12   Select Allow access from only these machines and add all machines that will be allowed to access the broker.

Step 13   Click OK.

Step 14   Repeat Steps 6 through 13 for each Broker on the local host.

Step 15   Repeat this procedure for each local host.

Starting and Stopping the Information Broker

To check whether the broker is running, use the broker_ping or enter the following:

ps -ef | grep active
bin 2204  2203 0 May 08 pts/5 9:54 activebroker -d /var/opt/active Y
bin 2203     1 0 May 08 pts/5 0:00 /opt/active/bin/brokermonitor

To manually start the ActiveWeb processes and the Information Broker, change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following command:

./S45broker start

To manually stop the ActiveWeb processes and the Information Broker, change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following command:

./S45broker stop

Installing the CiscoSecure ACS

The CiscoSecure ACS provides the authentication, authorization, and accounting (AAA) services used by UCP. This section provides instructions for installing a customized version of the CiscoSecure ACS provided with UCP. For more detailed information on the installation procedure for the CiscoSecure ACS, see the chapters "Preparing to Install the CiscoSecure ACS Software," and "Installing the CiscoSecure ACS Software" in the CiscoSecure ACS 2.2.1 for UNIX User Guide.


Note      Make sure the Oracle server can be accessed from the machine where the CiscoSecure ACS is installed. For more information, see the "Accessing the Oracle Database" section.


Installing the CiscoSecure Package

The CiscoSecure ACS software shipped with UCP is provided on the same CD-ROM as the UCP software.


Note      Before installing CiscoSecure ACS, make sure that the system is running Solaris version 2.5.1 with patches 103566-25, 103600-18, and 103640-14. To check the patch level, use the command showrev -p.


Follow these steps to install the CiscoSecure ACS from the UCP CD-ROM:


Step 1   Log in as root on the machine where you will install CiscoSecure. For more information, see Table 1-1.

Step 2   Copy the package CiscoSecure-x.x.x.UCP.solaris.PKG.Z from the CD_ROM to the host where you will install CiscoSecure. For example, copy the package to /tmp.

Step 3   Change directories to /tmp.

Step 4   Uncompress the package using the following command:

# uncompress CiscoSecure-x.x.x.UCP.solaris.PKG.Z

Step 5   Transfer the package into a Solaris installable package using the following command:

# pkgtrans CiscoSecure-x.x.x.UCP.solaris.PKG /tmp

When prompted to select packages to install, press Enter. The Solaris installable package is created.

Step 6   Install the package by entering the following command:

# pkgadd -d .

Step 7   Follow the installation prompts until prompted to select a directory. Enter the directory in Table 1-1 (default: /opt/acs).

Step 8   Follow the installation prompts until prompted to enter the fully qualified domain name. For example, if the system is named "machine1" and the domain is "cisco.com," you would enter machine1.cisco.com.

Step 9   When prompted, enter the CiscoSecure ACS license key. The license key is located in the UCP CD-ROM booklet.

Step 10   When prompted to enter the TACACS+ NAS name, press Enter. UCP does not use TACACS+.

Step 11   When prompted to enter the TACACS+ NAS secret key, press Enter.

Step 12   Follow the installation prompts until prompted to select a database. Enter 2 for Oracle Enterprise.

Step 13   When prompted to enter the username and password for the Oracle database, use the username and password in Table 1-1. For more information, see <Xref_Color><Xref_Color>the "Installing the Oracle Enterprise Database Software" section.

Step 14   Enter the Oracle database TNS name. For more information, see <Xref_Color>the <Xref_Color>"Accessing the Oracle Database" section.

Step 15   When prompted, enter the location of the NFS mounted oracle directory. For more information, see the "Accessing the Oracle Database" section.

Step 16   Continue following the installation prompts. Accept the default values until prompted to select the number of database connections. Cisco recommends at least 10 connections.


Note Do not select more than 40 connections. Otherwise, CiscoSecure ACS might not start due to insufficient file descriptors.


Step 17   Continue following the installation prompts. After CiscoSecure ACS is installed, verify that the SQL tables were created.

Verifying CiscoSecure Installation

To verify CiscoSecure Installation, complete the following steps:


Step 1   Start SQL*Plus with the account used to install CiscoSecure by entering:

./sqlplus ucpname/ucppass@TNS_name

where ucpname and ucppass are the username and password used for Data Store in the Oracle database and TNS_name is the TNS name defined in the tnsnames.ora file.

Step 2   Confirm that 18 entries were created by entering:

SQL> select count(*) from tab where tname like 'CS%';

Step 3   Exit SQL*Plus.

Installing the UCP UNIX Components

The UCP UNIX components must be installed on each system that will run UCP services. For a list of systems that will run UCP services, review Table 1-1.

Follow these steps to install UCP on each target server:


Step 1   Insert the CD-ROM labeled UCP 1.0 into the CD-ROM drive on the target server.

Step 2   Become root on the target system.

Step 3   Copy the UCP package CSCEucp.x.x.x.PKG.Z into a temporary directory. For example, copy the file to /tmp.

Step 4   Change to the temporary directory.

Step 5   Uncompress the package by entering:

# uncompress CSCEucp-x.x.x.PKG.Z

where x.x.x is the UCP version number you are installing.

Step 6   Install the package by entering:

# pkgadd -d CSCEucp-x.x.x.PKG

You are prompted to accept the UCP license agreement.

Step 7   Enter y.

You are prompted to enter the target directory for the installation.

Step 8   Enter the UCP directory you specified in Table 1-1 (default: /opt/ucp).

You are prompted to enter the name of the POP so the target server (the system on which you are installing) will appear in the NCC display.

Step 9   Enter the name of the POP. All UCP components must belong to the same POP.


Note The POP name you enter must also be defined using the NCC interface for the target server to appear in the NCC directory tree.


You are prompted to enter the name or IP address of the host where the Information Broker that will communicate with the server is running.

Step 10   Enter the IP address or the host name of the host where the ActiveWeb Information Broker is installed.

You are prompted to specify whether to turn on the service monitor feature. When this feature is on, it automatically restarts a UCP service for the server if the service goes down.

Step 11   Specify whether you want the service monitor feature turned on or off.

Cisco recommends that you answer y to this prompt.

You are prompted to copy the control adapter start and stop scripts to the rc2.d and rc0.d directories.

Step 12   Enter y and press Enter.

You are prompted to start the master daemon automatically after the installation. The master daemon monitors the health of services.

Step 13   Specify when to start the master daemon:


Note If you enter n in response to this prompt, you can still start or stop the master daemon at any time by executing the following command from the UCP directory:

./S97MasterDaemon {start | stop}

If the master daemon does not start, make sure the events are loaded in the active broker.



Before manually starting the master daemon, verify that one is not already running. If it is, kill the existing process. The script does not check for this condition. Multiple copies of the master daemon will cause system malfunctions.

The system prints out your selections and prompts you to verify them.

Step 14   To change any of your selections, enter y and you will be prompted to reenter your selections. Otherwise, enter n.

You are prompted to continue the installation process.

Step 15   Enter y to complete the installation.

The installation process is complete. A log of the installation processing is saved in the file /tmp/ucp_install.log. Repeat the above procedure for each system running UCP services.

Verifying UCP UNIX Component Installation

To verify the UCP master daemon is running, enter the following command from the command line interface of each system where you installed UCP components:

# ps -ef | grep Master
root 1685  1684 0 20:12:10 ? 0:05 /opt/ucp/MasterDaemon -r /opt/ucp
root 1684     1 0 20:12:10 ? 0:00 /opt/ucp/MasterDaemon -r /opt/ucp

Starting and Stopping the Master Daemon

To manually stop the master daemon, change to the UCP directory (default: /opt/ucp) and enter the following command:

# ./S97 MasterDaemon stop
Stopping the UCP Control Adapter service.

To manually start the master daemon, enter:

# ./S97 MasterDaemon start
UCP Control Adapter Daemon Starting.

Creating UCP Tables and Triggers - Part 1

To create tables and triggers in the Oracle-based UCP Data Store, follow these steps:


Step 1   Confirm that the CiscoSecure ACS tables (there should be 18) are in the Data Store by executing the following SQL statement:

SQL> SELECT COUNT(*) FROM TAB WHERE TNAME LIKE 'CS%';

Step 2   Exit SQL*Plus.

Step 3   Change to the /ds/install directory where UCP s installed (default: /opt/ucp/ds/install).

Step 4   Start the dbinstall utility by entering:

./dbinstall -u ucpuser/ucppass@tns_name install.scp

Step 5   Select a tablespace for UCP table objects by entering:

[UCP@DB] Command: s t
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    UCP_IDX
2   102400    UCP_TBL
3   50000     RBS
4   102400    SYSTEM
5   50000     TEMP
6     500      TOOLS
7    1022      USERS
Choice: 2

Select the number that corresponds to the UCP tablespace (UCP_TBL).

Step 6   Select a tablespace for UCP index objects by entering:

[UCP@DB] Command: s i
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    UCP_IDX
2   102400    UCP_TBL
3   50000     RBS
4   102400    SYSTEM
5   50000     TEMP
6     500      TOOLS
7    1022      USERS
Choice: 1

Select the number that corresponds with the UCP index tablespace (UCP_IDX).


Note For improved performance, Cisco recommends that you store index and table objects in different tablespaces and on different disk drives. However, the same tablespace can be used for both index and table objects.


Step 7   Install part 1 of UCP tables and triggers by entering:

[UCP@DB] Command: i 1

Step 8   Exit dbinstall by entering:

[UCP@DB] Command: quit

Creating the SMS Tables

If you are using an Oracle SMS database, follow these steps:


Step 1   Change to the /ds/install directory where UCP is installed (default: /opt/ucp/ds/install).

Step 2   Start the dbinstall utility by entering:

./dbinstall -s smsuser/smspass@tns_name install.scp

Step 3   Select a tablespace for UCP table objects:

[UCP@DB] Command: s t
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    SMS
2   50000     RBS
3   102400    SYSTEM
4   50000     TEMP
5    500      TOOLS
6   1022      USERS
Choice: 1

Select a tablespace for SMS table objects.

Step 4   Select a tablespace for SMS index objects by entering:

[UCP@DB] Command: s i
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    SMS
2   50000     RBS
3   102400    SYSTEM
4   50000     TEMP
5    500      TOOLS
6   1022      USERS
Choice: 1

Select a tablespace for SMS index objects.

Step 5   Install the UCP tables in the SMS database by entering:

[UCP@DB] Command: i

Step 6   Exit dbinstall by entering:

[UCP@DB] Command: quit

Configuring and Starting the ActiveWeb and SMS Database Adapters

The UCP Data Store requires a database adapter (dbAdapter) to communicate with the information bus.

If you are using an SMS, you must install an SMS dbAdapter to communicate with the information bus and the UCP Data Store.

For detailed information about configuring a Database Adapter in the Solaris environment, refer to "Configuring and Starting a dbAdapter on Solaris 2.x" in the ActiveWeb Installation Guide.


Note      Make sure the Oracle server can be accessed from the machine where the dbAdapters are installed. For more information, see the "Accessing the Oracle Database" section.


Follow these steps to configure and start the dbAdapter(s):


Step 1   On the system where you have installed the ActiveWeb software, change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following:

./adapter_config

The ActiveWeb Adapter configuration window appears.

Step 2   If you are not configuring an SMS dbAdapter, continue to the next step. Otherwise, do the following.

    (a). Click Adapter, then click New.

The Configure Database Adapter window appears.

    (b). In the Adapter window, specify the following information:

    (c). Click the tab that corresponds to the database used by the SMS.

The Configure Database Adapter window appears.

    (d). If your SMS uses an Oracle database, enter the following information:

    (e). If your SMS uses another database, such as Informix or Sybase, specify the correct information for the fields on the configuration tab. Refer to the ActiveWeb documentation for detailed information.

    (f). Press Test. You should see a "No Problems Found" message.

Step 3   Configure the dbAdapter to communicate with the UCP Data Store.

    (a). Click Adapter, then click New.

The Configure Database Adapter window appears.

    (b). In the Adapter window, specify the following information:

    (c). Click the Oracle tab.

The Configure Database Adapter window appears.

    (d). In the Configure Database Adapter window, specify the following information:

    (e). Press Test. You should see a "No Problems Found" message.

Step 4   Click OK.

Step 5   Select Save and Restart Adapters, then exit from the configuration utility.

Starting and Stopping the dbAdapters

If you need to start or stop the dbAdapters, change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following command:

# ./S50adapter {start | stop}

Importing UCP Events into the Information Broker


Note      The dbAdapter must be properly configured and running before you can load events into the Information Broker. If you are able to view the table names in your database using the ActiveWeb query_editor utility, the dbAdapter is properly configured. Definitions for the events the UCP components use to communicate with each other are provided in the /opt/ucp/events/eventdefs.evt file.


To enable UCP components to communicate over the Information Bus, import the event definitions with the ActiveWeb manager utility.

The following steps provide brief instructions for importing event definitions. For detailed information on using the manager utility, see "Importing Information From a File Into a Broker" in the ActiveWeb Broker User Guide.


Step 1   On the system where ActiveWeb is installed, change to the /bin directory where ActiveWeb is installed (default: /opt/active/bin) and enter the following:

./manager &

Step 2   Expand the tree of the host where the broker is running.

Step 3   Select a broker (default: Broker #1).

Step 4   From the File menu, select Import.

Step 5   The Import From File window appears.

Step 6   Browse the list of files and select eventdefs.evt (default location: /opt/ucp/events).

Step 7   Click Open.

Step 8   The Import window appears.

Step 9   Ensure that:

Step 10   Click Import.

Step 11   Repeat Steps 2 through 10 for each broker.

Step 12   Stop and Restart the dbAdapters as described in the "Starting and Stopping the dbAdapters" section.

Creating UCP Tables and Triggers - Part 2

Follow these steps to create additional tables and triggers in the UCP Data Store:


Step 1   Change to the /ds/install directory where UCP is installed (default: /opt/ucp/ds/install).

Step 2   Start the dbinstall utility:

./dbinstall -u ucpuser/ucppass@tns_name install.scp

Step 3   Select a tablespace for UCP table objects:

[UCP@DB] Command: s t
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    UCP_IDX
2   102400    UCP_TBL
3   50000     RBS
4   102400    SYSTEM
5   50000     TEMP
6     500      TOOLS
7    1022      USERS
Choice: 2

Select the number that corresponds to the UCP tablespace (UCP_TBL).

Step 4   Select a tablespace for UCP index objects:

[UCP@DB] Command: s i
Available
seq Space(KB) Tablespace Name
--------------------------------------------------
1   102400    UCP_IDX
2   102400    UCP_TBL
3   50000     RBS
4   102400    SYSTEM
5   50000     TEMP
6     500      TOOLS
7    1022      USERS
Choice: 1

Select the number that corresponds with the UCP index tablespace (UCP_IDX).


Note For improved performance, Cisco recommends that you store index and table objects in different tablespaces and on different disk drives. However, the same tablespace can be used for both index and table objects.


Step 5   Install part 2 of UCP tables and triggers by entering:

[UCP@DB] Command: i 1

Step 6   Verify installation of UCP database objects by entering:

[UCP@DB] Command: v

Step 7   Exit dbinstall by entering:

[UCP@DB] Command: quit

Installing the NCC from the Windows NT CD-ROM

You can install NCC on a Windows NT server or a Windows NT workstation as follows:


Step 1   Insert the CD-ROM labeled NCC x.xx (where x.xx is the current NCC release) into the CD-ROM drive.

Step 2   From My Computer on your desktop, select the CD-ROM drive and double-click setup.exe.

Step 3   Follow the instructions in the prompts displayed by the setup program.

Step 4   After installation, start the NCC. To start the NCC, click Start, point to Programs, point to Network Control Console, and click NCC.

The password prompt appears.

Step 5   Enter the NCC username (default: admin) and password (default: admin).

Step 6   From the Tools Menu, select Options.

The Options properties sheet appears.

Step 7   Verify that NCC is pointing to the correct broker. You can do this by making sure the Broker Host field indicates the host name IP address of the default broker.

Step 8   Click OK.

Step 9   From the Tools Menu, select AWAD Configuration.

The AWAD Configuration dialog box appears.

Step 10   Make sure the host name or IP address of the default broker is in the Broker Name field.

Step 11   Exit and restart NCC.

Step 12   Right-click Root and select New POP from the popup menu. Enter the POP name.

Within a few minutes, servers belonging to the POP will begin appearing in the NCC directory tree.

Configuring and Starting UCP Services

After you have installed UCP and the NCC, you can start and configure the individual UCP services as described in the following sections.

Starting the Master Daemons

Before attempting to configure or start UCP services, the master daemon must be running on each system that will run UCP services. If you selected the option to automatically start the master daemon after installation of the UCP UNIX components, you do not need to do anything. If you chose not to start the master daemon after installation of the UCP UNIX components, you must start the master daemon on each system where it was not started.

If you are not sure whether the master daemon is running, enter the following command:

ps -ef | grep Master
root 1912    1 0 May 20 ? 0:00 /opt/ucp/MasterDaemon -r /opt/nc1
root 1913 1912 0 May 20 ? 1:55 /opt/ucp/MasterDaemon -r /opt/nc1

To manually start the master daemon, go to the UCP installation directory and enter the following command.


Do not enter this command if the master daemon is already running.
S97MasterDaemon start

Or, enter the following command at the system prompt:

# install_directory/S97MasterDaemon start

where install_directory is the name of the directory where UCP was installed.

After the master daemons are running, you can start UCP services from the NCC.

Configuring UCP Services for Multiple Information Brokers

If UCP is using multiple Information Brokers, they must be configured to accept event categories (such as: heartbeat, inter-component, data transfer, and accounting events) from services that are configured and started from the NCC.


Note      For information on configuring multiple ActiveWeb Information Brokers, see the "Creating and Starting Multiple ActiveWeb Information Brokers" section.


If UCP is using a single Information Broker, continue to the next procedure. Otherwise, follow these steps:


Step 1   From the Tools menu, select Options.

The NCC Application Options properties sheet appears.

Step 2   Click the Brokers tab.

Step 3   In the Default Broker Hosts section, select a broker for the following:

  • InterComponent
  • DataTransfer
  • Accounting

Step 4   Click OK.

Configuring and Starting the UCP DS Adapter

Before starting the DS Adapter, make sure CiscoSecure ACS is installed or mounted on the host on which you start the DS Adapter. If it is mounted, make sure the TNS file is properly configured on the ACS machine. Provide the appropriate command-line interface (CLI) path in the NCC configuration.

To start the DS Adapter, follow these steps:


Step 1   From the NCC directory tree, select the host server where the DS Adapter is installed.

Step 2   From the Server menu, select Start New Service.

Step 3   Select Data Store Adapter.

The Data Store property sheet appears.

Step 4   Click the Specific tab.

Step 5   Configure the following settings:

    (a). Select cliscriptpath and enter the path to the CLI directory (default: /opt/acs/CLI) on the system where CiscoSecure ACS is installed.

    (b). Select dbserverhost and enter the host name or IP address of the system where the CiscoSecure ACS is running.

    (c). Select dbserverport and enter the port number on which the DB server on the CiscoSecure ACS is configured to listen (default: 9900).

Step 6   Click Apply.

Step 7   Click Start. Within a few minutes, the service will appear in the NCC directory tree.

Starting the UCP SMS Adapter

Before starting the SMS Adapter, verify that the DS Adapter and Oracle dbAdapters are up and running:

To start the SMS Adapter:


Step 1   From the NCC directory tree, select the host server where the SMS Adapter is installed.

Step 2   From the Server menu, select Start New Service.

Step 3   Select SMS.

Step 4   Click Start.

Within a few minutes, the service will appear in the NCC directory tree.

Configuring and Starting the Caches

This section describes how to start the mother cache and the local caches.

Configuring and Starting the Mother Cache

To configure and start the mother cache, follow these steps:


Step 1   From the NCC directory tree, select the host on which you want to start the mother cache.

Step 2   From the Server menu, select Start New Service, point to Cache, and click Master Cache.

The Cache Manager Properties property sheet appears.

Step 3   Click the Communications tab.

Step 4   In the ListeningPortNum parameter, specify the port that the mother cache will use to listen for update packets (default: 5521).


Note The translation server must be configured to send requests to this port.


Step 5   Click Apply.

Step 6   Click Start.

Within a few minutes, the service will appear in the NCC directory tree.

Configuring and Starting the Local Caches

At each system where a local cache is installed, complete these steps to configure and start the local cache:


Step 1   From the NCC directory tree, select the host on which you want to start the local cache.

Step 2   From the Server menu, select Start New Service, point to Cache, and click Local Cache.

The Cache Manager Properties property sheet appears.

Step 3   Click the Communications tab.

Step 4   In the ListeningPortNum parameter, specify the port number that the local cache will use to listen for update packets (default: 5522).


Note The translation server must be configured to send requests to this port.


Step 5   Click the Specific tab.

Step 6   Go to the peercaches section.

Step 7   Select Primaryserver and enter the port number (default: 5521) and machine name where the mother cache is running. For example:

5521 host_name

where host_name is the name or IP address of the host running the mother cache.

Step 8   If there is a secondary mother cache, select Secondaryserver1 and enter the port number (default: 5521) and machine name where the secondary mother cache is running. For example:

5521 host_name

where host_name is the name or IP address of the host running the secondary mother cache.

Step 9   Click Apply.

Step 10   Click Start.

Within a few minutes, the service will appear in the NCC directory tree.

Configuring and Starting the Translation Service

To configure and start the Translation service, follow these steps:


Step 1   From the NCC directory tree, select the host on which you want to start the Translation service.

Step 2   From the Server menu, select Start New Service.

Step 3   Select Translation Service.

The Translation Properties property sheet appears.

Step 4   Click the General tab and make sure the broker points to the correct machine.

Step 5   Click the Communications tab.

Step 6   In the ListeningPortNum parameter, specify the port number that the Translation service cache will use to listen for update packets (default: 9921).


Note CiscoSecure ACS should be configured to send requests to this port on the translation server. To confirm CiscoSecure ACS is sending requests to the proper port, check the libdb.conf file that is located in the /CSU directory where CiscoSecure ACS is installed (default: /opt/acs/CSU). Make sure it contains the name or IP address of the host where the Translation service runs.


Step 7   Click the Specific tab.

Step 8   Go to the userrecordrequester section.

Step 9   Select Primaryserver and specify the port number (default: 5522) and the machine name where the local cache is running. For example:

5522 host_name

where host_name is the name or IP address of the host running the local cache.

Step 10   Click the Performance tab.

Step 11   Make sure the MaxThreads parameter is set to more than the MaxConnection parameter in $ACS_INSTALLED_DIR/CSU/libdb.conf.

Step 12   Click Apply.

Step 13   Click Start.

Within a few minutes, the service will appear in the NCC directory tree.


Note      Cisco recommends setting the time interval to wait before a port can be reused to 5 seconds on the machine running Translation service. The Solaris default is 240000 ms (4 minutes) and the minimum that can be set is 1 second. To set the parameter, enter:

ndd -set /dev/tcp tcp_close_wait_interval 5000.

To check the parameter setting, enter:

ndd /dev/tcp tcp_close_wait_interval.


Starting and Configuring the CiscoSecure ACS


Note      Before configuring CiscoSecure ACS, make sure the libdb.conf file points to the listening port and IP address of the translation server. The libdb.conf file is located in the CSU directory where CiscoSecure is installed (default: /opt/acs/CSU).


After installing the CiscoSecure ACS, the Network Control Console (NCC), and UCP, you can use the NCC to start and stop the CiscoSecure ACS. Follow these steps:


Step 1   From the NCC directory tree, select the host server where the CiscoSecure ACS is installed.

Step 2   From the Server menu, select Start New Service.

Step 3   Select CiscoSecure.

The CiscoSecure Properties property sheet appears.

Step 4   Click Start.

The CiscoSecure ACS starts. Within a few minutes, the service will appear in the NCC directory tree.

Configuring the ACS to Communicate with UCP

After you install the CiscoSecure ACS, you must configure it to communicate with UCP. This section provides a brief procedure for doing this. For detailed ACS configuration information, see the CiscoSecure ACS for UNIX 2.2.1 User Guide.

Follow these steps:


Step 1   Point a Java- or Javascript-enabled browser to the system where the CiscoSecure ACS is installed. Log in to the CiscoSecure ACS.

Step 2   Click Advanced.

Step 3   Click Servers.

Step 4   Click on the IP address of the CiscoSecure ACS.

Step 5   Select the port (default: 1645) that CiscoSecure ACS will use to listen for authorization and authentication packets from the UCP Protocol Gateway Service (PGS). The port number you specify here should be the same as the port number you specified in the primaryserver parameter under the a1anda2requester section.

Step 6   Select the port (default: 1646) that CiscoSecure ACS will use to listen for accounting packets from the UCP Protocol Gateway Service (PGS). The port number you specify here should be the same as the port number you specified in the primaryserver parameter under the a1anda2anda3requester section.

The procedure for configuring the PGS is described in the section "Configuring and Starting the Protocol Gateway Service" earlier in this chapter.

Configuring and Starting the Protocol Gateway Service

Follow these steps to configure and start the Protocol Gateway Service (PGS):


Step 1   From the NCC directory tree, select the host on which you want to start the Translation service.

Step 2   From the Server menu, select Start New Service.

Step 3   Select PGS.

The Protocol Gateway Properties property sheet appears.

You can now configure the PGS as described in the following sections. When you are done configuring the PGS, click Apply. Then, click Start to start the service.

Configuring the PGS to Receive RADIUS Packets and Forward Them to AAA Servers

Follow these steps:


Step 1   In the Protocol Gateway Properties property sheet, click the Specific tab.

Step 2   Go to the radius section.

Step 3   Configure the portnumber parameter for the PGS.

The portnumber parameter specifies the port number on which the PGS listens for RADIUS authentication and authorization requests (default: 1645).

Step 4   Go to the a1anda2requester section. This section specifies RADIUS authentication and authorization settings.

Step 5   In the primaryserver parameter, specify the port number (default: 1645) and machine name where the CiscoSecure ACS is listening. For example:

1645 abcd-ultra

specifies that PGS will forward RADIUS packets to the primary CiscoSecure ACS abcd-ultra, which is listening for authentication and authorization requests on port 1645.


Note Verify that the CiscoSecure ACS that is running on the specified server is listening on the same port. If you have more than one CiscoSecure ACS, specify it as the secondary server.


You can leave the rest of the configuration parameters set to the default settings.

Configuring the PGS to Receive Accounting Packets and Send Them to the Accounting Server

Follow these steps:


Step 1   In the Protocol Gateway Properties property sheet, click the Specific tab.

Step 2   Go to the radacct section (accounting section).

Step 3   In the portnumber parameter, specify the port on which the PGS will listen for accounting requests (default: 1646).

Verify that your network access server (NAS) client is sending accounting packets to this port number.

Step 4   Go to the a1anda2anda3requester section.

Step 5   In the primaryserver parameter, specify the port number and machine name on which the CiscoSecure ACS is listening for accounting requests. For example:

1646 abcd-ultra

specifies that PGS will forward accounting requests to the primary CiscoSecure ACS abcd-ultra, which is listening for accounting requests on port 1646.


Note If a secondary CiscoSecure ACS is running, set the secondaryserver parameter to specify the port number and host name of the secondary server.


Configuring CiscoSecure to Accept AAA Requests from the PGS

Follow these steps to verify that CiscoSecure ACS is configured to use the correct ports to listen for authorization, authentication, and accounting (AAA) requests:


Step 1   In the Protocol Gateway Properties property sheet, click the Specific tab.

Step 2   Verify that the CiscoSecure ACS is configured to listen for authentication and authorization requests on the same port specified in the PGS configuration (a1anda2requester section, primaryserver parameter).

Step 3   Verify that the CiscoSecure ACS is configured to listen for accounting requests on the same port that was specified in the PGS configuration (a1anda2anda3requester section, primaryserver parameter).

Configuring the PGS to Receive DHCP Packets and Forward Them to the DHCP Service

Follow these steps:


Step 1   In the Protocol Gateway Properties property sheet, click the Specific tab.

Step 2   Go to the dhcp section.

Step 3   Set the configurationfile parameter to dhcp.cfg.

Step 4   In the portnumber parameter, specify the port number on which the PGS will listen for accounting requests (default: 67).

Step 5   Go to the dhcpforwardrequester section.

Step 6   In the primaryserver parameter, specify the port number and machine name of the DHCP server. For example:

3000 dhcp-ultra

specifies that PGS will forward DHCP requests to dhcp-ultra, which is listening for DHCP requests on port 3000.

Step 7   Verify the DHCP service is running on the same host (for example, dhcp-ultra) and listening on the same port (for example, port 3000) for DHCP requests.

Step 8   Go to the Debug section.

Step 9   Set the NoIPCollector parameter value to 0.

Step 10   Set the NoUserRecordUpdater parameter value to 0.

Step 11   Set the Enable parameter to 1.

Configuring the PGS for Dynamic IP Allocation

Follow these steps:


Step 1   In the Protocol Gateway Properties property sheet, click the Specific tab.

Step 2   Go to the RadiusStateMachine section.

Step 3   Create a new parameter and name it DynamicIP. Set its value to Terminal.

Step 4   Select the A1andA2 parameter and change its value to DynamicIP.

Step 5   Go to the requesters section. Select the list parameter and add DynamicIP to the list of services.

Step 6   Go to the dynamiciprequester section.

Step 7   In the primaryserver parameter, specify the port number and machine name of the DHCP server. For example:

3000 dhcp-ultra

specifies that PGS will forward DHCP requests to dhcp-ultra, which is listening for DHCP requests on port 3000.

Step 8   Go to the debug section and make sure the values of NoIpCollector and NoUserUpdater are set to 0.

Step 9   Click Apply.

Step 10   Open the radius.cfg file with a text editor (default: /opt/ucp/config/radius.cfg) and make sure the parameter NoDynamicIP is set to 0.

When you have completed the PGS configuration, click Apply, then Start to start the PGS. Within a few minutes, the service will appear in the NCC directory tree. To view log information, see the file /tmp/pgw.log.

Configuring Known Clients of PGS


The DS Adapter and the Oracle dbAdapter should be up and running before you add any new NAS clients.

In order for PGS to be aware of and perform service for NASes, do the following:


Step 1   Configure the NAS(es) for RADIUS authentication as described in the CiscoSecure ACS for UNIX User Guide.

Step 2   In the Protocol Gateway Properties sheet, click the Valid Clients tab.

Step 3   Click Select.

A list of available NASes appears.

Step 4   Select a client to make a known client of PGS and click the < button.


Note To make all of the NASes known clients of PGS, click the << button.


Step 5   Click Done.

Step 6   Click Apply, then OK.

Setting Up DHCP Address Pools

When users log in and are authorized for network services by UCP, the DHCP service assigns them one or more IP addresses that correspond to specific service levels. To set up address pools that can be correlated with specific service levels, you must edit the DHCP service configuration file, dhcpd.conf.

Configuring and Starting the DHCP Service

Follow these steps to configure and start the DHCP service:


Step 1   From the NCC directory tree, select the host on which you want to start the DHCP Service.

Step 2   From the Server menu, select Start New Service.

Step 3   Select DHCP.

The DHCP Properties property sheet appears.

Step 4   Click the Specific tab.

Step 5   Specify the listening port number in the ListeningPortNum parameter (default: 2000).

The listening port number must be the same one that was configured for PGS to talk to the DHCP service.

Step 6   Go to the dhcp section.

Step 7   Select the ScavengerRate parameter and set its value to -1.

Step 8   Select the ScavengerThreshold parameter and set its value to -1.

Step 9   Start the DHCP service by clicking Apply, then Start.

Within a few minutes, the service will appear in the NCC directory tree.

For logging information, see the file /tmp/dhcpd.log.

Configuring and Starting the DNS Service


Note      Before starting the DNS service, be sure to configure DNS files such as db.main and dns.boot.


Complete these steps to configure and start the DNS service:


Step 1   From the NCC directory tree, select the host on which you want to start the DNS Service.

Step 2   From the Server menu, select Start New Service.

Step 3   Select DNS.

The DNS Properties property sheet appears.

Step 4   Click the Communications tab.

Step 5   In the ListeningPortNum parameter, specify the listening port number (default:1000).

Step 6   Click the Specific tab.

Step 7   Set the allowrecursion parameter to on.

Step 8   Set the usethreadpool parameter to on.

Step 9   Start the DNS server by clicking Apply, then Start.

Within a few minutes, the service will appear in the NCC directory tree.

Configuring and Starting the Accounting Parser

The Accounting Parser is an optional component that is included with UCP. To configure and start the Accounting Parser, complete the following steps:


Step 1   From the NCC directory tree, select the host running the CiscoSecure ACS.

Step 2   From the server menu, select Start New Service.

Step 3   Select Accounting Parser. The Accounting Parser Properties property sheet appears.

Step 4   Click the General tab and make sure the broker is pointing to the correct machine.

Step 5   Click the Specific tab.

Step 6   Select AccountingDirectoryName and enter the path to the accounting directory where the AAA server writes accounting information.

Step 7   Select TimeInterval and specify how often (in seconds) the NetFlow Parser will parse the NetFlow accounting file.

Step 8   Select GuidTarget and enter SMSAdapter.

Step 9   Start the Accounting Parser by clicking Apply, then Start.

Within a few minutes, the service will appear in the NCC directory tree.

Starting the Accounting Tool

Complete these steps to start the Accounting tool:


Step 1   On the system where you want to run the Accounting tool, change to the UCP configuration directory:

# cd /opt/ucp/config

Step 2   Edit the accttool.cfg file.

Step 3   Specify the broker host, server name, and the accounting directory.

The accounting directory is where the Accounting tool will write the accounting information.

Step 4   Change to the ucp directory:

# cd /opt/ucp

Step 5   Enter the following command:

accttool -g accttool -r /opt/ucp

Installing the CiscoSecure Global Roaming Server

Complete these steps to install the CiscoSecure Global Roaming Server (GRS). For more detailed information, refer to the CiscoSecure Global Roaming Server User Guide.


Note      Make sure the Oracle server can be accessed from the machine where the GRS is installed. For more information, see the "Accessing the Oracle Database" section.



Step 1   On the machine where you want to install the GRS, follow the instructions to install GRS. For more information, refer to the CiscoSecure Global Roaming Server User Guide.

Step 2   Log in as root.

Step 3   Insert the CiscoSecure GRS CD-ROM into the CD-ROM drive.

Step 4   At the command prompt, enter:

cd /cdrom
cp CSCOgrs.pkg /tmp/CSCOgrs.pkg

Step 5   At the command prompt, enter:

pkgadd -d /tmp/CSCOgrs.pkg

This installs CiscoSecure GRS in the default directory: /opt/CSCOgrs.


Note To install to a directory other than the default, enter pkgadd -a none -d.


Step 6   The installation program prompts you for an installation directory.


Note When specifying an installation directory, be sure the directory does not reside within the path specified by the -d option.


Installing the NetFlow Collector

The NetFlow Collector collects accounting information about UCP user sessions and stores the information in an accounting file from which you can extract data such as user time online and services used.

You can install the NetFlow Collector on any server that has a network connection to a Cisco 7000 series router.

Complete these steps to install the NetFlow Collector:


Step 1   On the server where you will install the NetFlow Collector, create a directory for the NetFlow files. For example, enter:

mkdir /tmp/netflow

Step 2   Insert the UCP installation CD-ROM into the system's CD-ROM drive.

Step 3   Go to the directory that you just created:

cd /tmp/netflow

Step 4   Copy the NetFlow installation file from the CD-ROM to the netflow directory:

cp NFC1_0.SOL.tar

Step 5   From the NetFlow directory, enter the following command:

tar -xvf NFC1_0.SOL.tar

Step 6   Review the NetFlow README file.

Step 7   Enter the following command:

./NFC1_0.setup.sh NFC1_0.SOL.Z

The NetFlow Collector is installed in the directory /opt/CSCOnfc.

Step 8   Edit the system's .cshrc file to add the following lines:

setenv NFC_DIR /opt/CSCOnfc
setenv NFC_RESOURCEFILE $NFC_DIR/config/nf.resources

Step 9   Save your changes.

Step 10   If NetFlow switching is not already enabled on the router, configure the router to enable NetFlow switching or contact the router administrator to set up NetFlow switching on the router.

For detailed information on configuring the router for NetFlow switching, refer to the chapter "Configuring the NetFlow FlowCollector" in the NetFlow FlowCollector Installation and User Guide.


Note If the master daemon is already running, stop it and start it so that the environment variables are set properly. Otherwise, the NetFlow Collector will not start.


Technical Tips for the NetFlow Installation

Note the following points regarding the NetFlow installation:

  • The NetFlow Collector binaries are present in the /opt/CSCOnfc/bin directory and the configuration files for the NetFlow Collector are present in the /opt/CSCOnfc/config directory. You might have to change some configuration files in the /opt/CSCOnfc/config if you haven't installed the UCP components in the /opt/ucp directory. For example:
    • You might have to go to the nf.resources file and specify the complete locations of the configuration files.
    • You might have to set the DataSetPath of the nfconfig file to the location where the NetFlow flat files are written, and the parameter Period to a time interval in minutes for the NetFlow Collector to write to the flat files.
  • When the NetFlow Parser is started, the NetFlow Collector is automatically started.

Configuring and Starting the NetFlow Parser


Step 1   From the NCC directory tree, select the host on which you want to start the NetFlow Parser.

Step 2   From the server menu, select Start New Service.

Step 3   Select NetFlow.

The NetFlow Properties property sheet appears.

Step 4   Click the General tab and make sure the broker points to the correct machine.

Step 5   Click the Specific tab.

Step 6   Go to the userrecordrequester section.

Step 7   Set NetFlowDirectoryName to the value specified in the DataSetPath parameter in the nfconfig file (the NetFlow configuration file).

Step 8   Select the NFCheckTimeInterval parameter and specify how often (in seconds) the NetFlow Parser should parse the NetFlow accounting files.

Step 9   Select the NFCollectorDirectoryName parameter and enter /opt/CSCOnfg/bin.

Step 10   Select the GuidTarget parameter and enter SMSAdapter.

Step 11   Start the Netflow Parser by clicking Apply, then Start.

The NetFlow Parser starts, and this process automatically starts the NetFlow Collector.

Installing Netsys

Complete the following steps to install Netsys. For more detailed information, refer to the Cisco NSM Installation and Licensing Guide.


Step 1   Go to the machine on which you want to install Netsys.

Step 2   Enter the following:

cd /cdrom

Step 3   Log in as a user:

su username

Note You must log in as root to run the installation script. Also, you must have read permissions across all $ECSP_HOME directories and read/write permissions in the $HOME/netsys_data, $ECSP_HOME/resources/license, $ECSP_HOME/resources/scheduler, and $ECSP_HOME/data directories.


Step 4   Enter the following command to run the installation script from the command line:

home% ./INSTALL

Step 5   If you installed Netsys in the /opt/netsys directory, enter:

home% cd /opt/netsys/netsys
home% source /cshrc.ctk
home% cd resources/nsii
home% ucp_install

Step 6   Enter the following commands to obtain a license:

home% cd $ECSP_HOME/bin
home% ./license.ctk

Step 7   Start the License Manager Daemon(lmgrd):

home% cd $ECSP_HOME/resources/license
home% $ECSP_HOME/bin/solaris/lmgrd -c license.dat -l LOG

Step 8   Start Netsys from the NCC.

Step 9   Enter the following to start the Netsys GUI:

home% cd $ECSP_HOME/bin
home% ctk &

Note If the Netsys GUI doesn't come up, this indicates that there is a problem with the license.


Step 10   Complete the following steps to establish a baseline for Netsys to use to communicate with the router:

    (a). Create a directory for the router configuration files, for example:

mkdir /tmp/config

    (b). Copy the router/NAS files into the directory.

    (c). From the Netsys GUI, click file.

    (d). Click new to create the new baseline.

    (e). Select the directory where you have the configuration files for the router, for example, /tmp/config.

    (f). Select the router(s) for which you want to create a baseline.

    (g). Enter the name of the baseline and click OK.

After you create a baseline, you can view reports of the baseline by clicking on the reports, or you can schedule a process by clicking the Schedule button.

Transferring VPDN Information to Netsys

After installing Netsys, you must configure the CiscoSecure ACS to transfer Virtual Private Dialup Network (VPDN) information to Netsys.

Complete these steps:


Step 1   Start the CiscoSecure ACS Administrator tool.

Step 2   Go to advanced mode.

Step 3   Click members.

Step 4   Create a new Group and name it "VPDN."

Step 5   Select the UCP-vIP-new Dictionary for the VPDN group.

Step 6   In ReplyAttributes, select the 9,1 Cisco avpair attribute twice.

Step 7   Click 9,1 Ciscoavpair and enter vpdn:tunnel-id=xxxx.

Step 8   Click the other 9,1 Ciscoavpair item and enter vpdn:ip-addresses=x.x.x.x.

Step 9   Click submit.


Note You can create users inside this group if you want.


Step 10   After you submit, if you have already scheduled the VPDN transfer process from Netsys, wait for about 10 minutes for it to appear on the NCC.

Step 11   If you haven't scheduled a VPDN collection, from the Netsys Administrator tool, click the Schedule button.

The Schedule window appears.

Step 12   In the Reports section, click Run VPDN Collection And Web Reports.

Step 13   Click the Schedule button.

A series of popup windows appear.

Step 14   Click OK to the series of windows that pop up to schedule your VPDN collection.

After you have scheduled the VPDN collection, the NCC is updated.

Uninstalling UCP

To uninstall UCP, follow these steps:


Step 1   From NCC, stop all services for each server in the POP. To stop a service, right-click the service and select Stop from the popup menu.

Step 2   Stop the master daemon for each system running UCP. Select a system running UCP. From the terminal prompt, change to the directory where UCP is installed (default: /opt/ucp) and enter the following command:

./S97MasterDaemon stop

Step 3   After the master daemon stops, enter the following command:

./pkgrm CSCEucp

Follow the prompts to remove the package.

Step 4   Repeat Steps 2 and 3 for each system running UCP components.

Step 5   Go to the system running CiscoSecure ACS.

Step 6   From the terminal prompt, change to the directory where CiscoSecure ACS is installed (default: /opt/acs) and enter the following command:

./pkgrm CSCEacs

Follow the prompts to remove the package.

Step 7   Go to the system running the ActiveWeb Information Broker.

Step 8   From the terminal prompt, change to the directory where the ActiveWeb components are installed (default: /opt/active/bin) and stop the dbAdapter and broker services. Enter the following commands:

./S50adapter stop
./S45broker stop

Step 9   Uninstall the ActiveWeb Information Broker by entering the following command:

uninstall

Step 10   Go to the Windows NT system running NCC.

Step 11   From the Control Panel, double-click Add/Remove Programs.

The Add/Remove Programs Properties property sheet appears.

Step 12   Select Network Control Console from the list of programs and click Add/Remove. Follow the prompts to uninstall NCC.

The UCP software is now uninstalled.


Note      The UCP uninstall procedure does not remove tables in the database.



hometocprevnextglossaryfeedbacksearchhelp
Posted: Tue Jan 21 04:05:15 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.