|
Table Of Contents
Broadband Access Center for Cable Support Tools and Advanced Concepts
Encoding Types for Defined Options
Adding SNMP TLVs Without a MIB
Non-Secure CableHome Option Support
Using the Configuration File Utility
Running the Configuration File Utility
Using the Configuration File Utility
Converting a Binary File Into a Template File
Parsing an External Template File
Parsing a Template File and Adding a User-Specified Shared Secret
Specifying Macro Variables at the Command Line
Specifying a Device for Macro Variables
Specifying Output to a Binary File
Viewing an External Binary File
Activating PacketCable BASIC Flow
Viewing the RDU's Current Log Level
Using the PKCert.sh Tool to Manage KDC Certificates
Validating the KDC Certificates
Using the changeNRProperties.sh Tool
Using the snmpAgentCfgUtil.sh Command
Adding an SNMP Agent Community
Deleting an SNMP Agent Community
Configuring an SNMP Agent Listening Port
Changing the SNMP Agent Location
Specifying SNMP Notification Types
Using the disk_monitor.sh Tool to Monitor Available Disk Space
Troubleshooting Devices by MAC Address
Broadband Access Center for Cable Support Tools and Advanced Concepts
This chapter contains information on, and explains the use of, tools that help you maintain Broadband Access Center for Cable (BACC) as well as speed and improve the installation, deployment, and use of this product.
This chapter discusses these topics:
• Using the Configuration File Utility
• Using the PKCert.sh Tool to Manage KDC Certificates
• Using the changeNRProperties.sh Tool
• Using the snmpAgentCfgUtil.sh Command
• Using the disk_monitor.sh Tool to Monitor Available Disk Space
• Troubleshooting Devices by MAC Address
Note This section contains many examples of tool use. In many cases, the tool filenames include a path specified as <BACC_HOME>. This indicates the default directory location.
Developing Template Files
BACC uses templates to help administrators deploy dynamic PacketCable, DOCSIS, and CableHome files. Using templates, you can create a template file in an easily readable format, and edit it quickly and simply. A template is an ASCII text file that represents the PacketCable, DOCSIS, or CableHome options and values used for generating a valid PacketCable, DOCSIS, or CableHome file. BACC uses the .tmpl file extension to identify template files. You must add template files to the RDU as an external file using either the administrator's user interface or the API, before any class of service can reference it.
When installing the BACC RDU component, several sample template files are copied to the <BACC_HOME>/rdu/samples directory.
Although all that you need to create or edit a template is a simple text editor, before attempting to create your own template file, you should thoroughly familiarize yourself with this information:
•BACC provisioning flows
•DOCSIS 1.0, 1.1, and 2.0 RFI specifications
•PacketCable 1.0 and 1.1 specifications
•MTA device provisioning specification
•CableHome 1.0 specification
•SNMP MIBs for cable devices (for example, DOCS-CABLE-DEVICE-MIB)
Template Grammar
A template is comprised of four different types of statements:
• Comments
• Includes
• Options
Comments allow you to document your templates. Includes allow you to create building block templates to be used in other templates. Options allow you to specify the PacketCable, DOCSIS, or CableHome type length value (TLV) in a descriptive manner. Table 12-1 describes the available template grammar options.
Comments
Comments provide information only and are always located between the pound (#) symbol and the end of a line. Example 12-1 shows example comment usage.
Example 12-1 Example Comment Usage
#
# Template for gold service
#
option 3 1 # enabling network access
Includes
Include files let you build a hierarchy of similar, but slightly different, templates. This is very useful for defining options that are common across many service classes without having to duplicate the options in several templates.
You can use multiple include statements in a single template although the location of the include statement in the template is significant; the contents of the include file are included wherever the include statement is found in the template. The included template must be added as an external file to the RDU before it can be used. The included file must not contain any location modifiers such as ../.. because the templates are stored without path information in the RDU database. Examples 12-2 and 12-3 illustrate both correct and incorrect usage of the include option.
Example 12-2 Correct Include Statement Usage
# Valid, including common options
include "common_options.tmpl"
Example 12-3 Incorrect Include Statement Usage
# Invalid, using location modifier
include "../common_options.tmpl"
# Invalid, using incorrect file suffix
include "common_options.common"
# Invalid, not using double quotes
include common_options.tmpl
Options
PacketCable, DOCSIS, and CableHome configuration files consist of properly encoded option id-value pairs. Two forms of options are supported: defined and custom.
•Well-defined options require the option number and value. The value is encoded based on the encoding type of the option number.
•Custom options require the option number, explicit value encoding type, and the value.
When using compound options, for example, option 43, you can use the instance modifier to specify the TLV groupings. See the "Instance Modifier" section for additional information.
When specifying one of these well-defined options in a template, it is not necessary to specify a value encoding for the value. See the "Encoding Types for Defined Options" section and the "DOCSIS Option Support" section for additional information on these defined encoding types.
When specifying custom options (e.g. option 43), you must specify the encoding type for the option. The available encoding types are:
•ASCII— ASCII type encodes any given value as an ASCII string without a NULL terminator. If the value contains spaces, they must be double quoted.
•hex—The value must be valid hexadecimal and there must be exactly 2 characters for each octet. If 01 is specified as the value, then exactly one octet is used in the encoding. If 0001 is specified as the value, then exactly two octets are used in the encoding process.
•IP address—IP address type encodes any given value as 4 octets. For example, the IP address 10.10.10.1 is encoded as 0A0A0A01.
Use a comma to separate multi-valued options on a given line. Each value is treated as such, so you might have to double quote one of the values, but not the others. A good example of a multi-valued option is Option 11 (SNMP Varbind). See the "SNMP Varbind" section for additional information.
When specifying compound options, there is no need to specify the top level option (for example option 4 when specifying option 4.1). Examples 12-4 and 12-5 illustrate both correct and incorrect usage of the option statement.
Example 12-4 Correct Option Statement Usage
# Valid, specifying the number for well known option 3
option 3 1
# Valid, specifying the number for option 4 sub-option 1
option 4.1 1
# Valid, specifying a vendor option as hex
option 43.200 hex 00000C
# Valid, specifying a vendor option as ascii
option 43.201 ascii "enable log"
# Valid, specifying a vendor option as IP
option 43.202 ip 10.4.2.1
Example 12-5 Incorrect Option Statement Usage
# Invalid, using hex with incorrect hex separator
option 43.200 hex 00.00.0C
# Invalid, not using double quotes when needed
option 43.201 ascii enable log
# Invalid, not specifying IP address correctly
option 43.202 ip 10-10-10-1
# Invalid, specifying the description for option "Network Access Control"
option "Network Access Control" 1
# Invalid, specifying top level option
option 4
Instance Modifier
The instance modifier is used to group compound options into specific individual Tag-Length-Values (TLVs). Examples 12-6 and 12-7 illustrate both correct and incorrect methods of creating separate TLVs. These are required to enable the IOS DOCSIS modem to interpret the IOS commands as two separate commands.
Example 12-6 Correct IOS Command Line Entries
# Valid, each IOS command gets its own TLV
option 43.8 instance 1 00-00-0C
option 43.131 instance 1 ascii "login"
option 43.8 instance 2 00-00-0C
option 43.131 instance 2 ascii "password cable"
Example 12-7 Incorrect IOS Command Line Entries
# Invalid, IOS commands are grouped into one TLV
option 43.8 00-00-0C
option 43.131 ascii "login"
option 43.131 ascii "password cable"
# Invalid, using instance on non-compound options
option 3 instance 1 1
Note The encoding type for option 43.8 is an organizationally unique identifier (OUI). Unlike that shown in Example 12-4, this only accepts an 00-00-0C format.
SNMP Varbind
You must use an object identifier (OID), when specifying DOCSIS option 11, PacketCable option 64, or CableHome option 28. The MIB that contains the OID must be in one of the following MIBs loaded by the RDU. You must specify as much of the OID as needed to uniquely identify it. You can use the name or the number of the OID. The RDU automatically loads these MIBs:
•SNMPv2-SMI
•SNMPv2-TC
•CISCO-SMI
•CISCO-TC
•SNMPv2-MIB
•RFC1213-MIB
•IANAifType-MIB
•IF-MIB
DOCSIS MIBs
These DOCSIS MIBs are loaded into the RDU:
•DOCS-IF-MIB
•DOCS-BPI-MIB
•CISCO-CABLE-SPECTRUM-MIB
•CISCO-DOCS-EXT-MIB
•SNMP-FRAMEWORK-MIB
•DOCS-CABLE-DEVICE-MIB
•DOCS-CABLE-DEVICE-MIB-OBSOLETE
•CISCO-CABLE-MODEM-MIB
Two versions of the DOCS-CABLE-DEVICE MIB are loaded into the RDU:
•DOCS-CABLE-DEVICE-MIB-OBSOLETE (experimental branch)
•DOCS-CABLE-DEVICE-MIB (mib2 branch)
A fully-qualified MIB OID (.experimental...) always uniquely identifies a MIB OID.
If you use a non-fully qualified MIB OID from DOCS-CABLE-DEVICE-MIB, it will always default to DOCS-CABLE-DEVICE-MIB and not DOCS-CABLE-DEVICE-MIB-OBSOLETE.
Examples 12-8 and 12-9 illustrate using a fully-qualified MIB OID and a non-fully qualified MIB OID.
Example 12-8 Fully Qualified MIB OID
# Valid, uniquely identifying an OID
option 11 .experimental.docsDev.docsDevMIBObjects.docsDevNmAccessTable.docsDevNmAccess Entry.docsDevNmAccessStatus.1, Integer, 4
Example 12-9 Non-Fully Qualified MIB OID (Defaults to DOCS-CABLE-DEVICE-MIB)
# Valid, Non-Fully Qualified MIB OID.
option 11 .docsDevNmAccessStatus.1, Integer, 4
If no DOCSIS CMs in a deployment require DOCS-CABLE-DEVICE-MIB-OBSOLETE, you can always use the shorter form of the MIB OID.
PacketCable MIBs
These PacketCable (North American) MIBs are loaded into the RDU:
•CLAB-DEF-MIB
•PKTC-MTA-MIB
•PKTC-SIG-MIB
•PKTC-EVENT-MIB
CableHome MIBs
These CableHome MIBs are loaded into the RDU:
•CABH-CAP-MIB
•CABH-CDP-MIB
•CABH-CTP-MIB
•CABH-PS-DEV-MIB
•CABH-QOS-MIB
•CABH-SEC-MIB
These additional MIBs are needed but are not part of the BACC product:
•CABH-CTP-MIB needs RMON2-MIB, TOKEN-RING-RMON-MIB
•CABH-SEC-MIB needs DOCS-BPI2-MIB.
Macro Variables
Macro variables are specified as values in templates that let you specify device-specific option values. When a macro variable is encountered in the template, the properties hierarchy is searched for the macro variable name and the value of the variable is then substituted. The variable name is a custom property, which is predefined in the RDU. It must not contain any spaces.
Note When you use custom properties for macro variables, you must use DataType.STRING.
After the custom property is defined, it can be used in this property hierarchy:
•System defaults
•Technology defaults, such as PacketCable, DOCSIS, or CableHome
•DHCP criteria properties
•Class of service properties
•Device properties
The template parser works bottom up when locating properties in the hierarchy (device first, then the class of service, and so on) and converts the template option syntax. The following syntax is supported for macro variables:
•${var-name}—This syntax is a straight substitution. If the variable is not found, the parser will generate an error.
•${var-name, ignore}—This syntax lets the template parser ignore this option if the variable value is not found in the properties hierarchy.
•${var-name, default-value}—This syntax provides a default value if the variable is not found in the properties hierarchy.
Examples 12-10 and 12-11 illustrate both correct and incorrect usage of option 11.
Example 12-10 Correct Macro Variables Usage
# Valid, using macro variable for max CPE's, straight substitution
option 18 ${MAX_CPES}
# Valid, using macro variable for max CPE's, ignore option if variable not found
# option 18 will not be defined in the DOCSIS configuration file if MAX_CPES
# is not found in the properties hierarchy
option 18 ${MAX_CPES, ignore}
# Valid, using macro variable for max CPE's with a default value
option 18 ${MAX_CPES, 1}
# Valid, using macro variable for vendor option
option 43.200 hex ${MACRO_VAR_HEX}
# Valid, using macro variable for vendor option
option 43.201 ascii ${MACRO_VAR_ASCII}
# Valid, using macro variable for vendor option
option 43.202 ip ${MACRO_VAR_IP}
# Valid, using macro variable in double quotes
option 18 "${MAX_CPES}"
# Valid, using macro variable within a value
option 43.131 ascii "hostname ${HOSTNAME}"
# Valid, using macro variables in multi-valued options
option 11 ${ACCESS_CONTROL_MIB, .mib-2.docsDev.docsDevMIBObjects.docsDevNmAccessTable.docsDevNmAccessEntry.docsDevNmAccess Control.1}, Integer, ${ACCESS_CONTROL_VAL, 3}
# Valid, using macro variable in an include statement
include "${EXTRA_TEMPLATE}"
# Valid, using macro variable in an include statement with a default value
include "${EXTRA_TEMPLATE, modem_reset.tmpl}"
# Valid, using macro variable in an include statement with a default value
include "${EXTRA_TEMPLATE, modem_reset}.tmpl"
# Valid, using macro variable in an include statement with an ignore clause
include "${MY_TEMPLATE, ignore}"
Example 12-11 Incorrect Macro Variables Usage
# Invalid, using macro variable as the option number
option ${MAX_CPES} 1
# Invalid, using macro variable with space in name
option 18 ${MAX CPES}
Encoding Types for Defined Options
Table 12-2 identifies the options with defined encoding types.
BITS Value Syntax
When using the BITS type, you must specify either the labels ("interval1 interval2 interval3") or numeric bit location ("0 1 2"). Note that label values are 1-based and bit values are 0-based.
This is the syntax that uses the bit numbers:
option 11 .pktcSigDevR0Cadence.0,STRING,"0 1 2 3 4 5 6 7 8 9 10 11 12 13 14"
This is the syntax for the customer octet string (FFFE000000000000) that uses the labels:
option 11 .pktcSigDevR0Cadence.0,STRING,"interval1 interval2 interval3
interval4 interval5 interval6 interval7 interval8 interval9 interval10
interval11 interval12 interval13 interval14 interval15"
OCTETSTRING Syntax
The OCTETSTRING can be either a string that is converted to hexadecimal notation without a trailing NULL (for example, octet string), or hexadecimal notation contained within single quotes, (for example, 'aa:bb:cc' ).
Adding SNMP TLVs Without a MIB
You can add SNMP TLVs in dynamic configuration files (DOCSIS, PacketCable, CableHome) without requiring the MIB be loaded by the RDU. From within RDU configuration extensions, the functionality can be accessed with the DOCSISOptionFactory interface, using the following method:
public OptionValue createOptionValue(OptionSyntax syntax, String optionNumStr, String[] optionValueList)
The public OptionSyntax.SNMP enumerated value can be used in the above method, in conjunction with the optionValueList containing the tuple: OID, Type, Value.
From RDU dynamic configuration templates, the following syntax is used to specify SNMP TLVs that are not validated against the RDU MIBs:
option <option-number> snmp <OID>, <Type>, <Value>
Examples:
# DOCS-CABLE-DEVICE-MIB:
option 11 snmp .docsDevNmAccessIp.1,IPADDRESS,192.168.1.1
# Arris vendor specific SNMP TLV (OID numbers only, mix names/numbers)
option 11 snmp .1.3.6.1.4.1.4115.1.3.1.1.2.3.2.0, INTEGER, 6
option 11 snmp .enterprises.4115.1.3.1.1.2.3.2.0, INTEGER, 6
# NOTE: trailing colon required for single octet
option 11 snmp .1.3.6.1.2.1.69.1.2.1.6.3, STRING, 'c0:'
The allowed SNMP variable type names are:
For example, to specify a SMI Integer32 type, the following types are accepted (regardless of case sensitivity): Integer32, INTEGER.
For OCTET STRING type, all of the following types are accepted: OCTET STRING, OCTETSTRING, or STRING.
The custom SNMP TLV template option can be used to specify any SNMP TLV, including those that are present in the RDU MIBs. The custom SNMP TLV error checking is less stringent, and will not detect incorrect scalar/columnar references (for example, .0 vs. .n in OID names).
DOCSIS Option Support
Table 12-3 describes DOCSIS options and identifies the specific version support for each option.
PacketCable Option Support
Table 12-4 identifies the PacketCable 1.0 MTA options supported by BACC.
Non-Secure CableHome Option Support
Table 12-5 identifies the non-secure CableHome options supported by BACC.
Using the Configuration File Utility
You use the configuration file utility to test, validate, and view PacketCable 1.0, DOCSIS 1.0/1.1/2.0, and CableHome template and configuration files. These activities are critical to successful deployment of individualized configuration files. See the "Developing Template Files" section for more information on templates.
The configuration file utility is available only when the RDU is installed and the utility is installed in the <BACC_HOME>/rdu/bin directory.
Both the template file being encoded and the binary file being decoded must reside in the directory from which the configuration file utility is invoked.
All examples found in this section assume that the RDU is operating and that these conditions apply:
•The BACC application is installed in the home directory (/opt/CSCObpr).
•The RDU login name is admin.
•The RDU login password is changeme.
Note Some of the examples provided in this section have been truncated whenever the omitted formation is of no consequence to the example of its outcome. Instances where this occurs are identified by a series of periods (...) that are located just prior to the example summary.
This section discusses these topics:
• Parsing a Local Template File
• Parsing an External Template File
• Specifying Macro Variables at the Command Line
• Specifying a Device for Macro Variables
• Specifying Output to a Binary File
• Viewing an External Binary File
Running the Configuration File Utility
In subsequent procedures and examples, the phrase "run the configuration file utility" means to enter the runCfgUtil.sh command from the directory specified. To run the configuration file utility, run this command from the home directory:
runCfgUtil.sh (options)
Where the available (options) include:
•-c <secret>—Specifies the CMTS shared secret when parsing a DOCSIS template file. To specify the default shared secret, enter -c cisco.
•-cablehome—Identifies the input file as a CableHome portal service configuration file. Do not use this with either the -docsis or -pkt options.
•-d—Decodes the binary input file. Do not use this with the -e option.
•-docsis—Specifies the input file is a DOCSIS configuration file. Do not use this default with the -pkt option.
•-e—Encodes the template input file. Do not use this default with the -d option.
•-g—Generates a template file from either a docsis, packetcable or cablehome binary file.
•-h<host:port>—Specifies the host and port number. The default port number id 49187.
•-i <device id>—Specifies the device to use when parsing macro variables. For example, if your device is ID is 1,6,00:00:00:00:00:01, enter -i 1,6,00:00:00:00:00:01. When using this option, you must also use the -u and -p options, respectively, to specify the username and password. Do not use this with the -m option.
•-l <filename>—Identifies the input file as being on the local file system. For example, if your input file is called any_file, enter -l any_file. Do not use this with the -r option.
•-loc—Specifies the PacketCable locale, na (North America) or euro (Europe). The default is na. If the MTA is euro-MTA, then the locale should be set to euro.
•-m <macros>—Specifies key value pairs for macro variables. The format is key=value. If you require multiple macro variables, use a double comma separator between the key value pairs, for example, key_1=value_1,,key_2=value_2. Do not use this with the -i option.
•-p <password>—Specifies the password to use when connecting to the RDU. For example, if your password is 123456, enter -p 123456.
•-o <filename>—Saves parsed template file as a binary file. For example, if you want the output to be found in a file call op_file, enter -o op_file.
•-pkt—Identifies the input file as a PacketCable MTA configuration file. Do not use this with the -docsis option.
•-r <filename>—Identifies the input file as an external file that has been added to the RDU. For example, if your file is called file25 enter -r file25. When using this option you must also use the -u and -p options, respectively, to specify the username and password. Do not use this with the -l option.
•-s—Displays the parsed template or the contents of the binary file in a human readable format.
•-t—Specifies the PacketCable encoding type, secure or basic (default is secure).
•-u <username>—Specifies the username to use when connecting to the RDU. For example, if your username is admin, enter -u admin.
•-v <version>—Specifies the DOCSIS version being used. For example, if you are using DOCSIS 1.1, enter -v 1.1. If you do not specify the version number, the command defaults to use DOCSIS 2.0.
Note The configuration file utility does not include option 19 (TFTP server timestamp) and option 20 (TFTP server provisioned modem address) in the template file, however the BACC TFTP mixing does. Also, options 6 (CM MIC) and 7 (CMTS MIC) are both automatically inserted into the encoded template file. Therefore, you do not have to specify these message integrity checks (MIC).
Using the Configuration File Utility
To use the configuration file utility to test BACC templates:
Step 1 Develop the template as described in the "Developing Template Files" section.
Step 2 Run the configuration file utility on the local file system. If the template contains macro variables, perform these operations in the order specified:
a. Test with command line substitution.
b. Test with a device that has been added to your RDU.
Step 3 Add the template (and any included templates that are used) to the RDU.
Step 4 Run the configuration file utility as an external file. If the template contains macro variables, perform these operations in the order specified:
a. Test with command line substitution.
b. Test with a device that has been added to your RDU.
Step 5 Configure a class of service to use the template.
Converting a Binary File Into a Template File
Usage Guidelines
Use the runCfgUtil.sh command to convert binary configuration memory files into template files. BACC dynamic configuration generation is based on templates that are created. Automatically converting existing, tested, binary files to template files speeds the process and reduces the possibility of introducing errors.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to convert an existing binary file into a template file.
runCfgUtil.sh -g -l <binary_file> -o <template_file>
Where:
•-g—specifies that a template file needs to be generated from an input binary file
•-l <binary_file>—specifies the local input file, including the path name. In all cases, the input binary file name will have a *.cm file extension; bronze.cm for example.
•-o <template_file>—specifies the output template file, including the path name. In all cases, the input binary file name will have a *.tmpl file extension; test.tmpl for example.
Parsing a Local Template File
Usage Guidelines
Use the runCfgUtil.sh command to parse external template files.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to parse a local template file:
runCfgUtil.sh -pkt -l <file>
Where:
•-pkt—identifies the input file as a packetcable MTA file
•-l—specifies the input file is on the local file system
•<file>—identifies the input template file being parsed
Parsing the File
To parse a template file that is on the local file system:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/packet_cable.
Step 2 Select a template file to use.
Note This example uses an existing template file called unprov_packet_cable.tmpl. The -pkt option is used because this is a PacketCable MTA template.
Step 3 Run the configuration file utility using this command:
runCfgUtil.sh -pkt -l unprov_packet_cable.tmpl
Where:
•-pkt—identifies the input file as a packetcable MTA file
•-l—specifies the input file is on the local file system
•unprov_packet_cable.tmpl—identifies the input template file being parsed
After running the utility, results similar to these should appear:
Parsing an External Template File
Usage Guidelines
Use the runCfgUtil.sh command to parse external template files.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to parse an external template file:
runCfgUtil.sh -r <file> -u <username> -p <password>
Where:
•-r <file>—identifies the input file as an external file that has been added to the RDU
•-u <username>—specifies the username to use when connecting to the RDU
•-p <password>— specifies the password to use when connecting to the RDU
Parsing the File
To parse a template file that has been added to the RDU:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/docsis.
Step 2 Select a template file to use.
Note This example uses an existing template file called unprov.tmpl. The -docsis option is used because a DOCSIS template is being used.
Step 3 Run the configuration file utility using this command:
runCfgUtil.sh -r <unprov.tmpl> -u <admin> -p <changeme> -docsis
Where:
•unprov.tmpl—identifies the input file
•admin—identifies the user name
•changeme—identifies the password
•-docsis—identifies the file as a DOCSIS template
After running the utility, results similar to these should appear:
Note The results shown here are for illustration only and have been truncated for brevity.
Parsing a Template File and Adding a User-Specified Shared Secret
Usage Guidelines
Use the runCfgUtil.sh command to parse a template file and add a shared secret that you specify.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to parse a template file and add a shared secret:
runCfgUtil.sh -e -docsis -l <file> -c <secret>
Where:
•-e—identifies the encode option.
•-docsis—Identifies the input file as a DOCSIS template file.
•-l—Specifies the input file is on the local file system.
•<file>—Identifies the input template file being parsed.
•-c <secret>—Specifies the CMTS shared secret when parsing a DOCSIS template file. The default shared secret is -c cisco.
Parsing the File
To parse a locally saved template file, and set a user specified shared secret:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/docsis.
Step 2 Select a template file to parse.
Note This example uses an existing template file called unprov.tmpl. The -docsis option is used because this is a DOCSIS template.
Step 3 Run the configuration file utility using this command:
runCfgUtil.sh -e -docsis -l unprov.tmpl -c shared
Where:
•-e—identifies the encode option.
•-docsis—Identifies the input file as a DOCSIS template file.
•-l—Specifies the input file is on the local file system. The locally saved file used in this example is unprov.tmp.
•-c—Indicates that a shared secret is being set and shared identifies that new shared secret.
After running the utility, results similar to these should appear:
Specifying Macro Variables at the Command Line
Usage Guidelines
Use the runCfgUtil.sh command to specify macro variables.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command when specifying macro variables at the command line:
runCfgUtil.sh -e -l <file> -m <"macros">
Where:
•-e—identifies the encode option.
•-l—Specifies the input file is on the local file system.
•<file>—Identifies the input template file being parsed.
•-m—Specifies the macro variables to be substituted when parsing a template.
•<"macros">—Identifies the desired macros. When multiple macro variables are required, insert a double comma separator between each macro.
To specify values for macro variables at the command line:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/templates.
Step 2 Select a template file to use.
Step 3 Identify the macro variables in the template. In this example, the macro variables are macro1 (option 3) and macro11 (option 4.2).
Step 4 Identify the values for the macro variables. The value for macro1 will be set to 1, and the value for macro11 to 64000.
Step 5 Run the configuration file utility using this command:
runCfgUtil.sh -e -l macro.tmpl -m "macro1=1,,macro11=64000"
Where:
•-e—identifies the encode option.
•-unprov.tmpl—Identifies the input file.
•macro1=1,,macro11=64000—Identifies the key value pairs for macro variables. Since multiple macro variables are necessary, a double comma separator is inserted between the key value pairs.
After running the utility, results similar to these should appear:
Specifying a Device for Macro Variables
Usage Guidelines
Use the runCfgUtil.sh command to specify a device for macro variables.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command when specifying a device for macro variables:
runCfgUtil.sh -e -l <file> -i <MAC> -u <username> -p <password>
Where:
•-e—identifies the encode option
•-l—specifies the input file is on the local file system
•<file>—identifies the input template file being parsed
•-i—specifies the device to use when parsing macro variables
•<MAC>—identifies the MAC address of the device
•-u <username>—specifies the username to use when connecting to the RDU
•-p <password>— specifies the password to use when connecting to the RDU
To specify a device to be used for macro variable substitution:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/templates.
Step 2 Select a template file to use. This example will use the existing template file, macro.tmpl.
Step 3 Identify the macro variables in the template. In this example, the macro variables are macro1 (option 3) and macro11 (option 4.2).
Step 4 Identify the device to use. This example will assume that the device exists in the RDU and has the macro variables set as properties. The value for macro1 will be set to 1, and the value for macro11 to 64000.
Step 5 Run the configuration file utility using this command:
runCfgUtil.sh -l macro.tmpl -i "1,6,00:01:02:03:04:05" -u admin -p changeme
Where:
•macro.tmpl—Identifies the input file.
•1,6,00:01:02:03:04:05—Identifies the MAC address of the device. The MAC address used here is for example purposes only.
•admin—Identifies the default username being used in this example.
•changeme—identifies the default password being used in this example
After running the utility, results similar to these should appear:
Specifying Output to a Binary File
Usage Guidelines
Use the runCfgUtil.sh command to specify a device for macro variables.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command when specifying output to a binary file:
runCfgUtil.sh -l <input_file> -o <output_file>
Where:
•-l—specifies the input file is on the local file system
•<input_file>—identifies the input template file being parsed
•-o—specifies that file name where the binary contents of the parsed template file are stored
•<output_file>—specifies the output filename to be used
To specify the output from parsing a template to a binary file:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/templates.
Step 2 Select a template file to use.
Step 3 Identify the name of the output file. This example will use unprov.cm.
Step 4 Run the configuration file utility using this command:
runCfgUtil.sh -l unprov.tmpl -o unprov.cm
Where:
•unprov.tmpl—identifies the existing template file being parsed into a binary file
•unprov.cm—specifies the output filename to be used
After running the utility, results similar to these should appear:
Viewing a Local Binary File
Usage Guidelines
Use the runCfgUtil.sh command to view a local binary file.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to view a local binary file:
runCfgUtil.sh -d -l <file>
Where:
•-d—specifies that the command is going to decode a binary input file for viewing
•-l—identifies that the input file is located on the local file system
•<file>—identifies the existing binary input file to be viewed
To view a binary file that is on the local file system:
Step 1 Change directory to /opt/CSCObpr/rdu/samples/packet_cable.
Step 2 Select a binary file to view.
Step 3 Run the configuration file utility using this command:
runCfgUtil.sh -d -l unprov_packet_cable.bin
Where:
•unprov_packet_cable.bin—identifies the existing binary input file to be viewed
After running the utility, results similar to these should appear:
Viewing an External Binary File
Usage Guidelines
Use the runCfgUtil.sh command to view an external binary file.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to view external binary files:
runCfgUtil.sh -d -r <file> -u <username> -p <password>
Where:
•-d—specifies that the command is going to decode a binary input file for viewing
•-r—identifies the input file an external file that has been added to the RDU
•<file>—identifies the existing external binary file in the RDU
•-u <username>—specifies the username to use when connecting to the RDU
•-p <password>— specifies the password to use when connecting to the RDU
To view a binary file that has been added to the RDU:
Note This example assumes that the RDU is localhost:49187.
Step 1 Select a binary file to view. This example will use the existing binary file unprov.cm.
Step 2 Run the configuration file utility using this command:
runCfgUtil.sh -d -r unprov.cm -u admin -p changeme
Where:
•unprov.cm—identifies the existing external binary file in the RDU
•admin—identifies the username being used in this example
•changeme—identifies the password being used in this example
After running the utility, results similar to these should appear:
Activating PacketCable BASIC Flow
Usage Guidelines
Use the runCfgUtil.sh command to support the generation and insertion of the PacketCable BASIC Flow integrity hash into a BASIC flow static configuration file.
Syntax Description
You must use this syntax when using the runCfgUtil.sh command to support the PacketCable BASIC Flow.
runCfgUtil.sh -t <basic/secure>
Where:
•-basic—This option calculates and inserts a PacketCable BASIC flow integrity hash into an MTA static configuration file.
•-secure—This option does not insert the PacketCable BASIC flow integrity hash into an MTA static configuration file. This is the default setting.
The RDU Log Level Tool
You use the RDU log level tool to change the current log level of the RDU (on a local computer) from the command line. Although this tool is only available in an RDU installation, it is located in the <BACC_HOME>/rdu/bin directory. Table 12-6 identifies the available log levels and the types of message written to the log file when enabled.
Cisco recommends that you keep the RDU logging level at the Warning level to help maintain a steady operations state. The Information level is recommended if you need to maintain steady state performance during debug operations. You should however, exercise caution when running with the Information level set because this creates a great number of log entries which in itself can adversely impact performance.
Using the RDU Log Level Tool
All examples assume that the user name for the RDU is admin, the password for the RDU is changeme, and the RDU is running.
Enter this command to run the RDU log level tool:
setLogLevel.sh [0..6] [-help] [-show] [-default] [-debug]
Where:
•-[0..6]—Identifies the logging level to be used. These are the available levels:
–0—This is the emergency level. It sets the logging function to save all emergency messages.
–1—This is the alert level. It sets the logging function to save all activities requiring immediate action and those of a more severe nature.
–2—This is the critical level. It sets the logging function to save all unusual conditions and those of a more severe nature.
–3—This is the error level. It sets the logging function to save all error messages and those of a more severe nature.
–4—This is the warning level. It sets the logging function to save all emergency messages and those of a more severe nature.
–5—This is the notification level. It sets the logging function to save all notification level messages and those of a more severe nature.
–6—This is the info level. It sets the logging function to save all available logging messages.
•-help—Displays help for the tool.
•-show—Displays the current log level set for the RDU server.
•-default—Sets the RDU to the installation default level 5 (notification).
•-debug— Sets an interactive mode to enable or disable tracing categories for RDU server.
Note You should only enable the debug settings that the Cisco support staff recommends.
You can also use this tool to perform these functions:
• Viewing the RDU's Current Log Level
Setting the RDU Log Level
You can use this tool to change the logging level from one value to any other value. The following example illustrates how to set the RDU logging level to the warning level, as indicated by the number 4 in the setLogLevel.sh command. The actual log level set is not important for the procedure, it can be interchanged as required.
To set the RDU logging level:
Step 1 Change directory to <BACC_HOME>/rdu/bin.
Step 2 Run the RDU log level tool using this command:
setLogLevel.sh 4
This prompt appears:
Please type RDU username:
Step 3 Enter the RDU username at the prompt. In this example, the default username (admin) is used.
Please type RDU username: admin
This prompt appears:
Please type RDU password:
Step 4 Enter the RDU password for the RDU at the prompt. In this example, the default password (changeme) is used.
Please type RDU password: changeme
This message appears to notify you that the log level has been changed. In this example, the level was 5, for notification, and is now 4, for warning.
RDU Log level was changed from 5 (notification) to 4 (warning).
Viewing the RDU's Current Log Level
You can use this tool to view the RDU log and determine which logging level is configured before attempting to change the value. This procedure illustrates how to use the tool to view the RDU's current logging level, and assumes that you have a computer already connected to the RDU.
To view the RDU's current logging level:
Step 1 Change directory to <BACC_HOME>/rdu/bin.
Step 2 Run this command:
setLogLevel.sh -show
This prompt appears:
Please type RDU username:
Step 3 Enter the RDU username (admin) and press Enter.
Please type RDU username: admin
This prompt appears:
Please type RDU password:
Step 4 Enter the RDU password (changeme) and press Enter.
Please type RDU password: changeme
This message appears:
The logging is currently set at level: 4 (warning)
All tracing is currently disabled.
Using the PKCert.sh Tool to Manage KDC Certificates
The PKCert tool is used to install, and then manage, the KDC certificates that are required by the KDC for its operation. This tool takes the CableLabs service provider certificates that you obtain and converts them into the series of certificate files, similar to those shown below, that the KDC needs to operate.
•Cablelabs_Service_Provider_Root.cer
•Service_Provider.cer
•Local_System.cer
•KDC.cer
This tool also allows you to verify certificate chains and copy and rename a certificate chain to the names required by the KDC.
Note This tool is available for use only when the KDC component is installed.
Running the PKCert Tool
Run the PKCert tool by executing this command, the default location of which is in the <BACC__HOME>/kdc directory:
PKCert.sh [function] [option]
Where:
•[function]—identifies which function will be performed. For example, enter one of these switches to choose the appropriate function:
–-c—Creates a KDC certificate. See the "Creating a KDC Certificate" section for additional information.
–-v—Verifies and normalizes the PacketCable certificate set. See the "Validating the KDC Certificates" section for additional information.
Note If you encounter difficulty using any of these options, you can specify a -? option to display all available help information on your computer screen.
•[option]—Implements optional functions that are dependent on the function selected above.
When you run the PKCert command, it will print a list of all errors encountered while performing the requested activities. You can use this printout to troubleshoot any problems that may have occurred.
Creating a KDC Certificate
Enter this command, from the /opt/CSCObpr/kdc directory, to create the KDC certificate:
PKCert.sh -s <dir> -d <dir> -c <cert> -e -r <realm> -a <name> -k <keyFile> [-n <serial>] [-o]
Where:
•-a <name>—specifies the DNS name of KDC
•-c <Cert File>—uses the service provider certificate (DER encoded)
•-d <directory>—specifies the destination directory
•-e—identifies the certificate as being a Euro-PacketCable certificate
•-k <Key File>—uses the service provider private key (DER encoded)
•-n <Serial#>—set the certificate serial number
•-o—overwrite existing files
•-r <Realm>—specifies the Kerberos realm for KDC certificate
•-s <directory>—specifies the source directory
When a new certificate is created and installed, the new certificate identifies the realm in the subject alternate name field. The new certificate is unique to its current environment in that it contains:
•The KDC realm
•The DNS name associated with this KDC that the MTA will use.
For example:
PKCert.sh -c "-s . \
-d /opt/CSCObpr/kdc/solaris/packetcable/certificates \
-k CLCerts/Test_LSCA_privkey.der \
-c CLCerts/Test_LSCA.cer \
-r PCTEST.CISCO.COM \
-n 100 \
-a kdc.pctest.cisco.com \
-o"
Using this command creates the files /opt/CSCObpr/kdc/solaris/packetcable/certificates/KDC.cer and /opt/CSCObpr/kdc/solaris/packetcable/certificates/KDC_private_key.pkcs8. The KDC certificate will have a realm set to PCTEST.CISCO.COM, a serial number set to 100, and the KDC server's FQDN is set to kdc.pctest.cisco.com.
Note A console message is displayed after the successful completion of the command indicating that the file /opt/CSCObpr/kdc/solaris/packetcable/certificates/KDC_private_key.pkcs8 must be copied to /opt/CSCObpr/kdc/solaris/KDC_private_key.pkcs8. The command line option -o tells the utility that it should overwrite any pre-existing files.
Validating the KDC Certificates
This command examines all files in the source directory specified and attempts to identify them as X.509 certificates. If legitimate X.509 certificates are found, the files are properly renamed and copied to the destination directory. An error is generated whenever more than one legitimate chain of certificates for a particular purpose (service provider or device) is identified. If this occurs, you must remove the extra certificate from the source directory and run the command again.
Note Usage instructions for PKCert are displayed on the screen when you enter the PKCert.sh -v -? command.
Enter this command, from the /opt/CSCObpr/kdc directory, to validate the KDC certificate:
PKCert.sh -v -s <dir> -d <dir> -o -r <dir>
Where:
•-s <directory>—specifies the source directory
•-d <directory>—specifies the destination directory
•-o—overwrites any existing files
•-r <directory>—specifies the reference certificate directory
Verification is performed against reference certificates built into this package. If the '-d' option is specified then certificate(s) are installed in the target directory with name normalization.
For example:
PKCert.sh -v \
"-s . \
-d /opt/CSCObpr/kdc/solaris/packetcable/certificates \
-o"
Using the changeNRProperties.sh Tool
The BACC installation program establishes values for configuration properties used by BACC extensions that are incorporated into the Network Registrar DHCP server. You use the changeNRProperties.sh command, which is found in the <BACC_HOME>/cnr_ep/bin directory, to change key configuration properties.
Invoking the script without any parameters will display a help message listing the properties that can be set.
To run this command:
Step 1 Change directory to <BACC_HOME>/cnr_ep/bin.
Step 2 Run the changeNRProperties.sh command:
changeNRProperties.sh <options>
Where <options> can include:
•-help—Displays this help message. The -help option must be used exclusively. Do not use this in conjunction with any other option.
•-e <enabled|disabled>—Sets the PacketCable enable property. Enter -e enabled to enable the property, and -e disabled to disable it.
•-d—Displays the current properties. The -d option must be used exclusively. Do not use this in conjunction with any other option.
•-s <secret>—Identifies the BACC shared secret. For example, enter -s secret, if the shared secret is the word secret.
•-f <fqdn>—Identifies the RDU's FQDN. For example, enter -f rdu.cisco.com, if you use rdu.cisco.com as the fully qualified domain name.
•-p <port>—Identifies the RDU port you want to use. For example, enter -p 49187, if you wanted to use port number 49187.
•-r <realm>—Identifies the PacketCable realm. For example, enter -r CISCO.COM, if your PacketCable realm is CISCO.COM.
Note The realm must be entered in uppercase letters.
•-g <prov group>—Identifies the provisioning group. For example, enter -g group1, if you are using provisioning group called group1.
•-t <00|01>—Identifies whether or not the PacketCable TGT is set to off or on. For example, enter -t 00 to set this to off, or -t 01 to set it to on.
•-a <ip>—Identifies the PacketCable primary DHCP server address. For example, enter -a 10.10.10.2 if the IP address of your primary DHCP server is 10.10.10.2.
•-b <ip>—Identifies the PacketCable secondary DHCP server address. For example, enter -b 10.10.10.4, if the IP address of your secondary DHCP server is 10.10.10.4. You can also enter -b null to set a null value, if appropriate.
•-y <ip>—Identifies the PacketCable primary DNS server address. For example, enter -y 10.10.10.6, if the IP address of the PacketCable primary DNS server is 10.10.10.6.
•-z <ip>—Identifies the PacketCable secondary DNS server address. For example, enter -z 10.10.10.8, if the IP address of your secondary DNS server is 10.10.10.8. You can also enter -z null to set a null value, if appropriate.
Step 3 Restart the DHCP server.
Examples
This is an example of changing the Network Registrar extensions with the NR Extensions Properties tool:
# /opt/CSCObpr/cnr_ep_bin/changeNRProperties.sh -g primary1
Current NR Properties:
RDU Port: 49187
RDU FQDN: rdu.acme.com
Provisioning Group: primary1
Shared Secret: fggTaLg0XwKRs
PacketCable Enable: enabled
PacketCable TGT: 01
PacketCable Realm: ACME.COM
PacketCable Primary DHCP Server: 192.168.1.2
PacketCable Secondary DHCP Server: NOT SET
PacketCable Primary DNS Server: 192.168.1.2
PacketCable Secondary DNS Server: NOT SET
Note You must restart your NR DHCP server for the changes to take effect.
This is an example of viewing the current properties:
# /opt/CSCObpr/cnr_ep_bin/changeNRProperties.sh -d
Current NR Properties:
RDU Port: 49187
RDU FQDN: rdu.acme.com
Provisioning Group: primary1
Shared Secret: fggTaLg0XwKRs
PacketCable Enable: enabled
PacketCable TGT: 01
PacketCable Realm: ACME.COM
PacketCable Primary DHCP Server: 192.168.1.2
PacketCable Secondary DHCP Server: NOT SET
PacketCable Primary DNS Server: 192.168.1.2
PacketCable Secondary DNS Server: NOT SET
Using the Keygen Tool
The keygen tool is used to generate PacketCable service keys. The service keys are symmetric triple data encryption standard (triple DES or 3DES) keys (shared-secret) required for KDC communications. The KDC server requires service keys for each of the DPE's provisioning FQDNs.
The KDC server reads the service keys on startup. Any modification to the service keys requires the KDC server to be restarted. Any changes made to the DPE provisioning FQDN through the DPE CLI requires a corresponding change to the KDC service key filename. This applies since the KDC service key uses the DPE provisioning FQDN as part of its filename.
This tool, which is located in the <BACC_HOME>/kdc directory, uses command-line arguments for the DPE provisioning FQDN, realm name, and a password, and generates the service key files.
Syntax Description
Use this syntax when using the Keygen tool:
keygen [options] <fqdn> <realm> <password>
Where options include:
•-?—Displays this usage message and exits the command.
•-v, -version—Displays the version of this tool and exits the command.
•-q, -quiet—Implements a quiet mode whereby no output is created.
•-c, -cms—Creates a service key for the CMS system.
•<fqdn>—Identifies the DPE's fully qualified domain name and is a required entry.
•<realm>—Identifies the Kerberos realm and is a required entry.
•<password>—Specifies the password to be used. This is also a required field. The password must be between 6 and 20 characters in length. For example:
Three service key files are written in KDC keys directory using this filename syntax:
mtafqdnmap,<fqdn>@<REALM>
mtaprovsrvr,<fqdn>@<REALM>
krbtgt,<REALM>@<REALM>
The service key file always contains a version field of 0x0000.
Examples
This example illustrates how to generate service keys used for KDC to DPE communications. Enter this command:
bash-2.05b$ keygen dpe.cisco.com CISCO.COM changeme
When this command is implemented, these KDC service keys are written to the <BACC_HOME>/kdc/solaris/keys directory:
mtafqdnmap,dpe.cisco.com@CISCO.COM
mtaprovsrvr,dpe.cisco.com@CISCO.COM
krbtgt,CISCO.COM@CISCO.COM
Note The KDC must be restarted before the new keys are recognized.
Use this BPR agent command to restart the KDC:
/etc/init.d/bprAgent restart kdc
This example illustrates the generation of a CMS service key. Enter this command:
bash-2.05b$ keygen -c cms-fqdn.com CMS-REALM-NAME changeme
When this command is implemented, this CMS service key is written to the <BACC_HOME>/kdc/solaris/keys directory.
cms,cms-fqdn.com@CMS-REALM-NAME
Note When running this tool, enter the same password used for the PacketCable registration, kdc-service-key command. See the Cisco Broadband Access Center for Cable Command Line Reference for additional information.
Using the snmpAgentCfgUtil.sh Command
You can use the snmpAgentCfgUtil.sh command to manage the SNMP agent installed on a Solaris computer. Using this command, which is located in the <BACC_HOME>/snmp/bin directory, you can add (or remove) your host to a list of other hosts that receive SNMP notifications, and start and stop the SNMP agent process. This command should be run from the local directory.
Note The default port number of an SNMP agent running on a Solaris computer, is 8001.
You can use the RDU SNMP agent to:
• Adding an SNMP Agent Community
• Deleting an SNMP Agent Community
• Changing the SNMP Agent Location
Adding a Host
This command adds the host address to the list of hosts that receive SNMP notifications from the SNMP agent.
Syntax Description
To add a host, enter:
> snmpAgentCfgUtil.sh add host <host-addr> community <community> [udp-port <port>]
Where:
•<host-addr>—specifies either the IP address or FQDN of the host that you want to add to the list of hosts
•<community>—specifies the community (read or write) to be used while sending SNMP notifications
•<port>—identifies the UDP port used for sending the SNMP notifications
Examples
This example shows how to use the snmpAgentCfgUtil.sh command to add a host:
> snmpAgentCfgUtil.sh add host test.cisco.com community trapCommunity udp-port 162
OK
Please restart [stop and start] SNMP agent.
Deleting a Host
You can remove a host from the list of those receiving SNMP notifications from the SNMP agent.
Syntax Description
To delete a host, enter:
snmpAgentCfgUtil.sh delete host <host-addr>
Where:
•<host-addr>—Specifies the IP address of the host that you want to delete from the list of hosts.
Examples
This example shows how to use the snmpAgentCfgUtil.sh command to delete a host:
> ./snmpAgentCfgUtil.sh delete host test.cisco.com
OK
Please restart [stop and start] SNMP agent.
Adding an SNMP Agent Community
You can add an SNMP community string to allow access to the SNMP agent.
Syntax Description
To add the community string, enter:
snmpAgentCfgUtil.sh add community string [ro | rw]
Where:
•<string>—Identifies the SNMP community.
•<ro>—Assigns a read only (ro) community string. Only get requests (queries) can be performed. The ro community string allows get requests, but no set operations. The NMS and the managed device must reference the same community string.
•<rw>—Assigns a read write (rw) community string. SNMP applications require read-write access for set operations. The rw community string enables write access to OID values.
Note The default ro and rw community strings are bprread and bprwrite respectively. Cisco recommends that you change these values before deploying BACC.
Examples
This example shows how to add an SNMP agent community string:
> snmpAgentCfgUtil.sh add community fsda54 ro
OK
Please restart [stop and start] SNMP agent.
Deleting an SNMP Agent Community
You can delete an SNMP community string to prevent access to the SNMP agent.
Syntax Description
To delete the community string, enter:
snmpAgentCfgUtil.sh delete community string [ro | rw]
Where:
•<string>—identifies the SNMP community
•<ro>—assigns a read only (ro) community string
•<rw>—assigns a read write (rw) community string
Note See the "Adding an SNMP Agent Community" section for additional information on the ro and rw community strings.
Examples
This example shows how to delete an SNMP agent community string:
> snmpAgentCfgUtil.sh delete community fsda54 ro
OK Please restart [stop and start] SNMP agent.
Starting the SNMP Agent
This command starts the SNMP agent process on any Solaris computer having BACC already installed.
Syntax Description
To start the SNMP agent process, enter:
snmpAgentCfgUtil.sh start
Stopping the SNMP Agent
This command stops the SNMP agent process on any Solaris computer having BACC already installed.
Syntax Description
To stop the SNMP agent process, enter:
snmpAgentCfgUtil.sh stop
Configuring an SNMP Agent Listening Port
This command specifies the port number that the SNMP agent will listen to. The default port number used by RDU SNMP agent is 8001.
Syntax Description
To establish a port for the SNMP agent to listen to, enter:
snmpAgentCfgUtil.sh udp-port <port>
Where <port> identifies the port number that the SNMP agent will listen to.
Changing the SNMP Agent Location
This command lets you enter a string of text that you can use to indicate the location of the device running the SNMP agent. This could, for example, be used to identify the physical location of the device. You can enter anything that you like provided that the location is less than 255 characters long.
Syntax Description
To enter the location of the SNMP agent, enter:
snmpAgentCfgUtil.sh location <location>
Where <location> is the character string identifying the agents location.
Examples
In this example, the physical location of the SNMP agent is in an equipment rack identified as rack 5D:
snmpAgentCfgUtil.sh location "equipment rack 5D"
Setting Up SNMP Contacts
This command lets you enter a string of text that you can use to identify the contact person for the SNMP agent, together with information on how to contact this person. This could, for example, be used to identify a specific person including that person's telephone number. You can enter anything that you like up to 255 characters long.
Syntax Description
Use the following syntax to enter the specific SNMP agent contact information:
snmpAgentCfgUtil.sh contact <contact-info>
Where <contact-info> is the character string identifying the individual to contact concerning the SNMP agent.
Examples
In this example, the contact name is Ace Duffy and the telephone extension is 1234:
snmpAgentCfgUtil.sh contact "Ace Duffy - ext 1234"
Listing SNMP Agent Settings
Usage Guidelines
This command lets you display all current SNMP settings.
Syntax Description
To display all current SNMP settings, enter:
snmpAgentCfgUtil.sh show
Examples
This sample output could be displayed after running this command.
# ./snmpAgentCfgUtil.sh show
Location : Washington_1
Contact : John
Port Number : 8001
Notification Type : trap
Notification Recipient Table :
[ Host IP address, Community, UDP Port ]
[ 10.10.10.1, public , 162 ]
Access Control Table :
Read Only Communities
baccread
Read Write Communities
baccwrite
Specifying SNMP Notification Types
Usage Guidelines
This command lets you specify which types of notifications (traps or informs) will be sent from the SNMP agent. By default, traps are sent although you can set this to send SNMP informs instead.
Syntax Description
Use this syntax to run this command:
snmpAgentCfgUtil.sh inform [retries timeout] |trap
Where the parameter is the back off timeout between retries.
Using the disk_monitor.sh Tool to Monitor Available Disk Space
Monitoring available disk space is an important system administration task. You can use a number of custom written scripts or commercially available tools to do so.
The disk_monitor.sh command, located in the <BACC_HOME>/rdu/sample/tools directory, sets threshold values for one or more file systems. When these thresholds are surpassed, an alert is generated through the Solaris syslog facility, at 60-second intervals, until additional disk space is available.
Note Cisco recommends that, at a minimum, you use the disk_monitor.sh script to monitor the <BACC_DATA> and <BACC_DBLOG> directories.
To monitor available disk space:
# ./disk_monitor.sh (file system-directory) (x)
Where:
•(file system-directory)—identifies any directory in a file system to monitor.
•(x)—identifies the percentage threshold applied to the specified file system.
Examples
Assume that you want to be notified when a file system (/var/CSCObpr for example) with database logs reaches 80% of its capacity. Enter the command using this syntax:
# ./disk_monitor.sh /var/CSCObpr 80
When the database logs disk space reaches 80% capacity, an alert is sent to the syslog file:
Dec 7 8:16:03 perf-u80-1 BPR: [ID 702911 local6.warning] File system /var/bpr usage is 81% (threshold is 80%)
Troubleshooting Devices by MAC Address
You can use node management to troubleshoot a specific device, or a group of devices without turning logging on, and without searching through log files for device- or group-specific information.
BACC maintains a list of devices, based on MAC address, that contains detailed device information for troubleshooting problems. Troubleshooting information is stored centrally at the RDU and is maintained on a per-device basis; neither the DPE or Network Registrar extensions store this data. Rather, they forward this information to the RDU which, upon receiving information writes it to the appropriate device log file. If the connection from either the DPE or Network Registrar extension to the RDU is lost, this information is discarded until that connection is restored.
Note Any modifications to this list, such as the addition of a new device or group, take place immediately; there is no need to reboot the device.
The DPE maps all device MAC addresses to its IP address mapping for that device, and the Network Registrar extensions send the IP update to the DPE whenever the extensions determine that device troubleshooting is enabled.
You can manage the device tracking list using the administrator's GUI to configure the number of devices that can be tracked at any given time; the default value is 100 devices. The tracking feature is considered to be turned off until a device is listed. See Device Management, page 9-3 for more information.
Caution Additional memory and disk space is required whenever this feature is used. As the number of tracked devices increases, so does the amount of memory and disk space that is required to support the number of logs that are created.
Posted: Thu Feb 2 13:14:01 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.