Configuring AccessPath Stacks Using APM

This chapter describes the procedure for creating an AccessPath stack in Cisco AccessPath Manager (APM). For information on the configuration of individual AccessPath shelves, see Chapter 4, "Configuring AccessPath Shelves Using APM."

Each AccessPath system is added to APM by first adding a stack, and then adding all of the shelves (access servers, routers, and switches) that make up that stack. After you have finished adding each shelf, you can set up APM to download the configuration (based on your choices in the shelf creation process) to that shelf.

You can modify stacks and shelves to accommodate changes you make in your AccessPath system or its network connections using procedures similar to those you used to create the stacks and shelves.

Overview of AccessPath Stack Types

APM can configure three stack types. These types, and the number of Access Server Shelves and Router Shelves in each of their configurations are explained in Table 3-1.

Table 3-1 AccessPath Shelf Configuration Matrix

Stack Type	Number of Cisco 7206s	Number of Cisco AS5200s or AS5300s
AP-TS3 (with optional Catalyst 5002)	1	1-11 Cisco AS5300s
AP-TS3 (with optional Catalyst 5002)	2	1-21 Cisco AS5300s
AP-TS3 (without optional Catalyst 5002)	1	1-7 Cisco AS5300s
AP-TS	1	1-14 Cisco AS5200s
AP-TS	2	1-12 Cisco AS5200s

Creating or Modifying a Stack

Despite these differences in how shelves are configured, this section will show screens for the Create Stack procedure in order to describe both Create Stack and Stack Modify.

Procedural Overview

Creating or modifying a stack in APM involves two procedures, which must be completed in this order:

To create a stack, you must supply information for all fields presented in bold in each dialog box of the stack creation screens.

Configure Stack General Information

Configuring the general information for your AccessPath stack involves four screens. Follow the procedures in Tables 3-2 through 3-5 and see Figures 3-1 through 3-4.

Table 3-2 Stack Configuration Screen 1—Stack General Information

Step	Description
1. Click Create Stack.	When you click the Create Stack button, the first General Information dialog box appears. (See Figure 3-1.)
2. Enter a stack name.	This case-sensitive stack group authentication name must be unique in the rack.
3. (Optional.) Enter a stack description.	This description of the stack cannot exceed 64 characters.
4. Select a stack type.	APM configures three kinds of AccessPath stacks: AP-TS3 (AS5300-based with optional Catalyst 5002). These stacks contain up to 21 Cisco AS5300 Access Server Shelves and use a Catalyst 5002 Switch Shelf for their primary switching path. AP-TS3 (AS5300-based without optional Catalyst 5002). These stacks contain up to 7 Cisco AS5300 Access Server Shelves and use Cisco Switch Blade port adapters in a Cisco 7206 Router Shelf for switching. AP-TS (AS5200-based). These stacks contain up to 12 Cisco AS5200 Access Server Shelves and use a Catalyst 5000 Switch Shelf.
5. Select the number of 7206(s) in the stack.	The maximum number of Cisco 7206s for all stack types that use a Catalyst 5000 Series Switch Shelf is 2. The AP-TS3 stack without a Catalyst 5002 uses only one Cisco 7206. (See Table 3-1.)
6. Select the number of NAS(es)¹ in the stack.	The number of Access Server Shelves (Cisco AS5200s or AS5300s) in the stack. The number and type of Access Server Shelves is limited depending on your configuration. (See Table 3-1.)
7. Click Next.	The second General Information dialog box appears. (See Figure 3-2.)

1NAS = network access server.

When the second Stack General Information dialog box appears (Figure 3-2), proceed with the steps in Table 3-3.

Table 3-3 Stack Configuration Screen 2—Stack General Information

Step	Description
1. (Optional.) Enter a Cisco IOS enable password and verify it by entering it again.	The Cisco IOS enable password requires that network administrators enter a password to access privileged EXEC mode. This prevents non-administrators from getting access to the EXEC mode. This password cannot exceed 25 characters.
2. Enter a Cisco IOS enable secret password and verify it by entering it again.	The Cisco IOS enable secret password is encrypted so that it cannot be read when crossing a network. After you issue this command, the encryption cannot be reversed. The encrypted version of the password appears in output of the show running-config and show startup-config commands. The enable secret password has precedence over the enable password. Do not enter the same password as the enable password. If the two passwords are the same, the enable secret password is not a secret, because the enable password appears in the output of the show running-config and show startup-config commands. This password cannot exceed 25 characters.
3. Enter a Cisco IOS line password and verify it by entering it again.	To provide access control on a terminal line by entering the password and establishing password checking. This password cannot exceed 25 characters.
4. Enter a Cisco IOS SGBP¹ password and verify it by entering it again.	To establish a username-based authentication system, the stack password is used to access the name argument. The stack password must be from 1 to 25 characters and must be the last option specified in the username command.
5. Enter an EIGRP² Autonomous System Number.	The number of processes that identify the routes to the other EIGRP routers. It is also used to tag the routing information. If you have an autonomous system number, you can use it for the process number. The EIGRP number should be between 1 and 65535.
6. Click Next.	The third General Information dialog box appears. (See Figure 3-3.)

1SGBP = Stack Group Bidding Protocol.

2EIGRP = Enhanced Interior Gateway Routing Protocol.

When the third Stack General Information dialog box appears (see Figure 3-3), proceed with the steps in Table 3-4.

Table 3-4 Stack Configuration Screen 3—Stack General Information

Step	Description
1. Select a stack trunk type.	Trunk type supported by your service provider. The available choices include: PRI—Primary Rate Interface CE1—Channelized E1 CT1—Channelized T1 PRI and CE1—A mixture of Primary Rate Interface and Channelized E1 PRI and CT1—A mixture of Primary Rate Interface and Channelized T1
2. Select a stack controller type.	Controller type (T1 or E1) that accepts incoming calls and sends outgoing calls through ISDN¹ PRI lines. (For all selections of Stack Trunk Type except PRI, this will default to the correct selection for your network.)
3. Verify your time zone.	Default value for your time zone will be retrieved from your local host. Time zones are expressed relative to Greenwich Mean Time (GMT). Verify that this field has the correct value.
4. (Optional.) Configure your system with your local summer time (daylight savings time).	Daylight savings time, the default value is: PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 This means that daylight savings time (in this case, PDT—Pacific Daylight Time) begins on the first Sunday in April at 2:00 a.m. and ends on the last Sunday in October at 2:00 a.m. Edit this text for your situation. If your area does not have daylight savings time, change this field to blank.
5. (Optional.) Specify your name server address(es).	One or more domain name servers to resolve host names and IP addresses.
6. (Optional.) Specify your DNS server address(es).	Dial-in clients using PPP² applications such as CiscoRemote and Windows 95 need Domain Name System (DNS) address information as described in RFC 1877. Enter the server address to enable remote users to gather DNS information transparently as part of the PPP negotiation.
7. (Optional.) Specify your NBNS Server Address(es).	Dial-in clients using PPP applications such as CiscoRemote and Windows 95 need NetBIOS name service (NBNS) address information as described in RFC 1877. Enter the server address to enable remote users to gather NBNS information transparently as part of the PPP negotiation.
8. Click Next.	The fourth General Information dialog box appears. (See Figure 3-4.)

1ISDN = Integrated Services Digital Network.

2PPP = Point-to-Point Protocol.

When the fourth Stack General Information dialog box appears (see Figure 3-4), proceed with the steps in Table 3-5.

Table 3-5 Stack Configuration Screen 4—Stack General Information

Step	Description
1. Select your framing.	Type of transmission unit used in the T1 or E1 link. Available choices for Channelized E1 include: crc4—cyclic redundancy check 4 no crc4—no cyclic redundancy check 4 Available choices for Channelized T1 and PRI include: esf—Extended superframe sf—Super frame
2. Select a linecode.	Variety of Zero Code Suppression used on the link, which in turn affects a number of its characteristics. Available choices for Channelized E1 include: hdb3—An E1 circuit linecode type ami—Alternate mark inversion, a T1/E1 linecode type Available choices for PRI and Channelized T1 include: b8zs—Binary 8-zero substitution, a T1/E1 linecode type ami—Alternate mark inversion, a T1/E1 linecode type
3. (An option for AS5300-based AccessPath systems using PRI, T1/PRI, or E1/PRI trunk types.) Disable or enable VPDN support.	Select Yes or No to enable or disable Virtual Private Dialup Network (VPDN) support. If you select No, none of the shelves in this stack will be able to support VPDN. Selecting Yes allows for a mixed configuration in which some shelves support VPDN and some do not. (You will configure the use of VPDN on a shelf-by-shelf basis when you create the shelves in the stack. See Chapter 4, "Configuring AccessPath Shelves Using APM.")
4. (PRI trunk type only.) Select your ISDN switch type.	ISDN switch type for your T1 or E1 PRI lines. You should obtain the correct switch type from your ISDN service provider (telco). Available choices include: 5ess—AT&T 5ess (US) 4ess—AT&T 4ess (US) dms100—Northern Telecom (Canada and the US) net5—NET5 (Europe) ntt—Nippon Telephone & Telegraph (Japan) ts014—ts014 (Australia) Your selection will be provided to the Access Server Shelves in the stack by default.
5. (PRI trunk type only.) Select a signaling method.	Cisco AS5200 and Cisco AS5300 support channel associated signaling for channelized T1/E1 lines. Typically all channels of a channelized T1 or E1 line are used for analog calls. However, the Cisco AS5200 and Cisco AS5300 require a signal converter to perform conversions between R2 signaling and ear and mouth (E&M) signaling. The Cisco AS5200 supports E&M signaling on its T1/E1 controllers. Valid selections for Channelized E1 include: p7 r2-analog r2-digital r2-pulse Valid selections for Channelized T1 include: e&m-fgb e&m-fgd e&m-immediate-start fxs-loop-start fxs-ground-start sas-loop-start sas-ground-start
6. (E1 R2 configurations only.) Select a CAS¹ custom country.	If you have selected E1 R2 signalling, you may need to select a country customization for this signalling. The options include: None Argentina China Brazil Columbia Costa Rica Greece Indonesia Israel Korea Malaysia New Zealand Paraguay Philippines Singapore Telemex—Mexico Telenor—Mexico Thailand Uruguay Venezuela
7. Select your stack channel type.	Channel Type servicing your T1 PRI or E1 PRI lines. The Channel Type can be: Single channel—For single channel configuration throughout the stack Multi-channel—For multiple-channel configuration throughout the stack Single and multi-channel—A mixture of single and multiple channels in the stack
8. Configure whether or not users can perform EXEC-level commands.	Select Yes to allow users to access the EXEC facility and start EXEC sessions. Select No to refuse access to the EXEC facility to all but APM administrators.
9. Set the external host name for CHAP to use.	Set the Challenge Handshake Authentication Protocol (CHAP) name that the remote users will see when they dial in.
10. Click Next.	The Stack Addressing dialog box appears. (See Figure 3-5.)

1CAS = Channel Associated Signalling.

Configure Stack Addressing

Table 3-6 Stack Configuration Screen 5—Stack Addressing

Step	Description
1. Enter the first 3 octets of the starting /24 network.	Depending on the AccessPath configuration you have specified, this screen will tell you how many contiguous class C (/24) networks you will need. In this field, enter the first 3 octets of the network address for the first class C network. APM will use this information to create IP addresses for the ports in your AccessPath system.
2. Enter the first 3 octets of your management network.	In addition to your data network, you will need a management network. This network will be: A /26 network for AccessPath-TS3 and AccessPath-LS3 systems A /27 network for AccessPath-TS systems Enter the first 3 octets of the IP address of your management network.
3. Enter the 4th octet.	Select the 4th octet of the starting class C network address.
4. (Optional.) Click Show Default IP.	Click this button to view the IP addressing on your AccessPath shelves.
5. (Optional.) Select a shelf type to show address assignment for.	Use this pull-down menu to select the shelves for which you want to see the planned IP addressing. Select from: AS—Access Server Shelves (Cisco AS5200s or AS5300s) RS—Router Shelves (Cisco 7206s) CMS/SW—Console Management Shelves (Cisco 2511 or 3640) and Switches (Catalyst 5000 and Catalyst 5002) Click Update View to view the IP addressing scheme for the shelf you have selected.
6. Click Next.	The Network Management dialog box appears. (See Figure 3-6.)

Configure Network Management

For information on configuring network management, see Figure 3-6 and Table 3-7.

Table 3-7 Stack Configuration Screen 6—Network Management

Step	Description
1. Enter the location of the stack.	Physical location of this AccessPath system.
2. Enter a contact.	Contact person for this AccessPath system.
3. Enter a read-only string.	SNMP¹ read community string.
4. Enter a write string.	SNMP write community string.
5. Enter a read/write all string.	(Catalyst 5000 and 5002 only.) SNMP read write all community string.
6. (Optional.) Configure the NTP² server and secondary NTP server IP addresses.	IP address(es) of NTP server(s) that synchronize the system clock.
7. (Optional.) Choose to have syslogging on or off.	When this box is checked, syslogging is turned ON, and a log of system activity is created.
8. (Optional.) Configure the log server IP address.	IP address of syslog server host.
9. (Optional.) Configure the log level.	Level of logging information. Available levels include: alerts critical debugging emergencies errors informational notifications none warnings
10. (Optional.) Select a syslog facility.	Syslog facility. Values are: auth cron daemon local0 through local 7 lpr mail news sys9 through sys14 syslog user uucp

1SNMP = Simple Network Management Protocol.

2NTP = Network Time Protocol.

Configure Security

Table 3-8 Stack Configuration Screen 7—AAA Configuration

Step	Description
1. Configure the type of security server used.	Select TACACS+¹, RADIUS², or both as your remote security database.
2. Configure the security server.	If you selected both TACACS+ and RADIUS, this selection will appear, allowing you to configure TACACS+ and RADIUS service separately. You may also select Advanced to configure TACACS+ or RADIUS servers to provide specific security services. (See Step 5 below.)
3. Configure the security server IP address.	IP address of the remote TACACS+ or RADIUS server host. This host is typically a UNIX system running TACACS+ or RADIUS software.
4. Configure a server key.	Shared secret text string used between the Access Server Shelf and the TACACS+ or RADIUS server. The Access Server Shelf and TACACS+ or RADIUS server use this text string to encrypt passwords and exchange responses.
5. Configure advanced server features.	If you have selected both TACACS+ and RADIUS, after you enable AAA³ globally on the access server, you must define authentication method lists, which you then apply to lines and interfaces. These authentication method lists are security profiles that indicate the protocol (ARAP⁴ or PPP⁵) or login and authentication method (TACACS+, RADIUS, or local authentication). This screen allows you to specify whether TACACS+ or RADIUS will provide authentication for the following services: Login Admin Login Users PPP Admin PPP Users PPP Tunnels PPP Users and Tunnels Authorization Network—Prevents unauthorized users from accessing network resources Accounting Network—For the delivery of accounting information
6. If you are creating a stack, click Finish.	Clicking Finish means you have finished everything but the downloading of the configuration.
7. (Optional.) Click Browser Update.	Updating the browser will allow you to view your new stack.

1TACACS+ = Terminal Access Controller Access Control System.

2RADIUS = Remote Access Dial-In User Service.

3AAA = authentication, authorization, and accounting.

4ARAP = AppleTalk Remote Access Protocol.

5PPP = Point-to-Point Protocol.

Configure Download Time

Table 3-9 Stack Configuration Screen 8—Configuration Time

Step	Description
1. Select Now or Later.	From the Download Configuration pull-down menu, you can choose to schedule the configuration download for now or later.
2. (Later downloads only.) If you selected Later, configure the time (based on the APM server's clock) when the configuration task should start.	Year—Specify the year. The default for this and the other configuration time screens is the current time according to the APM server. Month—Specify the month as a numerical value from 1-12. Day—Specify the day of the month, from 1-31. Hour—Specify the hour of the download, from 0-23, where 0 equals midnight. Minute—Specify the minute of the download, from 0-59.
3. Click Finish.	Sets the configuration to download at the specified time.

Viewing a Stack

Use this procedure to view a stack. You cannot use the stack view feature to change the value of any field. If you need to modify a stack, see the section "Creating or Modifying a Stack".

Step 5 Click Next to move through the screens. (For an explanation of the data fields in these screens, refer to "Creating or Modifying a Stack".)

Table of Contents