|
|
This document discusses the CiscoView 3.0(3) release. It includes the following information:
CiscoView is a graphical user interface or GUI-based device management software application that provides dynamic status, statistics, and comprehensive configuration information for Cisco Systems' switched internetworking products. CiscoView allows you to display a graphical representation of each network device, display configuration and performance information, and perform minor troubleshooting tasks.
CiscoView allows you to manage the following Cisco devices:
The documentation for CiscoView 3.0 includes this document, a CD-ROM booklet, and online help. The primary documentation for CiscoView is the online help. If you have documentation feedback, please forward comments to cs-ciscoworks@cisco.com.
For more information on online help caveats, refer to the section, "Online Help Caveats," later in this document.
If you cannot open a device in CiscoView, you will receive a message indicating that the device is unmanageable. This message indicates one of the following conditions:
This section lists notes and restrictions that apply to the CiscoView 3.0(3) release.
The installation caveats are described below.
The following caveat is important only if you are running VlanDirector software as well as CiscoView software. It is also important if you are running or want to run the switch configuration applications (CiscoPro, Catalyst 3000, and Kalpana EPS 2015 products).
Two versions of CiscoView software are provided with this installation; one requires X authentication to be in place, one does not. The version of CiscoView software that is installed on your system does not require X authentication for full operation. Read this section if you would like to use, or are currently using X authentication.
For more information about X authentication, refer to the next section, "X Access on Your System." If you are already using or understand X authentication, skip to the section "CiscoView and X Authority."
The X windowing sytem supports several forms of access security. The most common are "xhost" and "Xauthority."
The xhost mechanism controls display access on a per host basis; that is, once enabled for a specific host, any X application from that host can access the display on the machine where the access was granted. Once granted, access is open to all logins.
The Xauthority mechanism controls display access on a per process basis; that is, each process is validated before display access is granted. Validation occurs by matching a token known to both the client process and the X server. Tokens are created using a script described in the section "Creating X Authority Tokens" below. The list of valid tokens is usually maintained in a file (the default is .Xauthority in the user's home directory). Access is controlled by knowledge of the value of these valid tokens which in turn is controlled by access to the file's contents. For Xauthority to function, the X server process running on a given machine must be started with knowledge or access to the file with the tokens.
CiscoView is a Tcl/Tk application. Tcl/Tk applications can be built with versions of the TK library that enforce or ignore the Xauthority mechanism. This issue is important only when two or more application processes wish to communicate using the Tk "send" function. VlanDirector and the Switch applets (domain and channel) are examples of Tcl/Tk applications that are designed to communicate with CiscoView processes using this send facility.
CiscoView is installed by default with binaries that do not enforce X authentication. If you are running an X server with the Xauthority feature enabled, you will need to install the alternate binaries.
If you choose to install the xauth versions of the applications and do not provide the X server support for Xauthority, the applications (for example, VlanDirector and Switch applets) will not function properly and will be unable to communicate with CiscoView.
After installation, you can change the binaries in use (or reinstall them) by running the following script:
$NMSROOT/bin/chgxauth.sh (-t)The -t parameter switches to alternate binaries; the command without the parameter reinstalls the current binaries.
For additional information see the following manual pages: xauth(1), Xserver(1), xinit(1), and Xsecurity(1).
Create the following shell script to add authorization tokens to the .Xauthority file and start the X server. The following line must be the first line when used as a standalone script:
#!/bin/sh
# Get hostname
HOST=\Qhostname\Q
# Create new magic cookie key
randomkey=\Qperl -e 'srand;
for (1..4) {
printf("%08x", int(rand(1024*1024*1024*4)));
}'\Q
# Add new magic cookie key into .Xauthority
xauth add ${HOST}-alf/unix:0 . $randomkey
xauth add ${HOST}/unix:0 . $randomkey
xauth add ${HOST}:0 . $randomkey
# ***** The following command line will start the
# X server using the .Xauthority file created.
#
# Start the X server with authorization turned on
exec X -auth $HOME/.Xauthority :0
#End
Before you start the X server, be sure to create the .Xauthority file. You must create a new .Xauthority file when you switch machines because the name of the machine that the server is on is part of the authority mechanism. This is how the X server knows which token to send to the server to which it is connecting.
You can copy part of the script described in the "Creating X Authority Tokens" section, copy the part of the script described below, or create your own script.
In the script below, one of the following options is used to generate the random numbers used for the tokens:
An example of the .Xauthority creation script follows. The following line must be the first line when used as a standalone script:
#!/bin/sh
# create new .Xauthority file
PATH=/usr/local/X/bin:/usr/gnu/bin:$PATH
# try some security
auth=$HOME/.Xauthority
#cp /dev/null $auth
# generate a nice long random key
if [ "$1" = "-md5" ]; then
# use a random noise source and get a strong checksum of it.
# this is probably a stronger random number than the other method.
key=\Qpstat -pfS | md5\Q
else
# quick and dirty. can probably be recreated if time can be guessed.
key=\Qperl -e 'srand; printf int(rand(10000000000000000))'\Q
# use $key$key to make sure even length.
key=$key$key
fi
# add to auth file.
xauth add ${HOST}/unix:0 . $key
xauth add ${HOST}:0 . $key
# Remember to start the X server with the -auth parameter
#End
To start the X server with X authentication enabled, use one of the following commands:
The X server for each display (UNIX machine) must be started with the parameter -auth or -auth <filename>.
The CiscoView installation puts the X resource file for HyperHelp in the /usr/lib/X11/app-defaults directory. As different systems have different types of X Windows installations, the CiscoView application does not always read this resource file. When the resource file is not read, the HyperHelp viewer text may be unreadable on your screen. Do one of the following to make sure that this resource file is read:
xrdb -merge /usr/lib/X11/app-defaults/HyperHelp
[CSCdi41126] [CSCdi33830]
If you install CiscoView, then deinstall CiscoView, and install it again on a Sun workstation running SunNet Manager (SNM), CiscoView will not appear as an SNM menu item until you do the following:
Step 1 Append the $NMSROOT/snm/struct/ciscoview.menu file to the $SNMHOME/struct/cisco-elements.schema file by entering the following:
hostname# cat $NMSROOT/snm/struct/ciscoview.menu >>
$SNMHOME/struct/cisco-elements.schema
Step 2 Restart SNM by entering the following:
hostname% snm -i
[CSCdi37186]
If you need to install Workgroup Director and CiscoView on the same workstation, Cisco recommends that you install Workgroup Director before installing CiscoView.
If CiscoView 3.0.3 is installed on a machine where CiscoWorks 3.0(1) and WorkGroup Director are already loaded, the cisco.schema and cisco-elements.schema files are located in the /usr/snm/struct directory. When SunNet manager is started, error messages display for duplicate entries.
To avoid this error due to duplicate entries, rename the cisco.schema file to cisco.schema.old after installing CiscoView 3.0.3 and before starting SunNet Manager. [CSCdi41250]
If you install CiscoView 3.0.3 on a machine where CiscoWorks 2.0.2 or CiscoWorks 3.0.1 is already loaded, you must install CiscoView in the same directory in which CiscoWorks is installed.
If CiscoView is installed as a unbundled product (where CiscoWorks is not present), you must load the Cisco and Kalpana traps in Hewlett Packard (HP) OpenView.
The CiscoSpecTraps file loads Cisco Management Information Base (MIB)-II and Cisco-specific traps. The kalpana_traps file loads Cisco switches MIB-II traps.
To load these traps, enter the following command:
/usr/OV/bin/xnmevents -load $NMSROOT/hpov/conf/CiscoSpecTraps
/usr/OV/bin/xnmevents -load $NMSROOT/hpov/conf/kalpana_traps
This should load a new category of Cisco events. If you loaded these traps previously and see the "cisco events" category from the event viewer, delete the traps. Otherwise, xnmevents will not operate correctly. [CSCdi37377]
The deinstallation caveats follow.
If you created map icons in SNM or HP OpenView and want to retain the map icons after deinstalling CiscoView, do not remove the $NMSROOT directory. [CSCdi37187]
If you try to deinstall after installing CiscoView 3.0.3 into an existing CiscoWorks 3.x environment, some files are removed which may alter CiscoWorks operation. The workaround is to modify the CiscoView manifest before deinstalling the CiscoView release. The manifest is located in /etc/filesets/CISCO-VIEW on HP-UX or in /var/sadm/ciscoview.mfs on SUN4.
Delete the lines that contain the following:
[CSCdi41014]
The general caveats follow.
In monitor dialogs, MIB variables of type Counter32 do not display the values correctly. Some of the variables being monitored (graphed) are plotting using absolute values instead of delta values. [CSCdi40858]
When you mount the CiscoView CD-ROM and display the its contents (using the ls command), you will notice a ciscoworks directory and the extract_unbundled file. The ciscoworks directory should be correctly named ciscoview; this error will be addressed in the next CiscoView release.
You may be unable to view a Fiber Distributed Data Interface (FDDI) SBus adapter on a device in CiscoView. Make sure you have the correct SNMP daemon (snmpd) loaded. The default snmpd for SunOS does not allow you to view this adapter. To correct this problem, stop the existing snmpd process and reload the snmp.cfddi daemon, which is generally located in the /etc directory. Check the rc.local file to determine where the snmp.cffdi daemon might be located.
When a device physical view displays in CiscoView, system information is displayed below the toolbar area by default. System information includes system description, system location, system uptime, and CPU utilization. If the system information exceeds the width of the physical view, blank spaces display on the sides of the physical view. To remove blank spaces, change the system information display option using the toggle control under the Options menu. [CSCdi44388]
On Cisco 2503I and Cisco 2504I routers the ports are grayed out. This is a bug in CiscoView. CiscoView scans the interface table for ports that are disabled on these routers and gets a "No such name" response back. When CiscoView receives this response from the agent, all the ports are then grayed out. This problem is related to the Cisco 2503I and Cisco 2504I and will be fixed in the next release. [CSCdi40999]
The CiscoView engine performs an SNMP query on different MIB variables to show the status of ports and LEDs. If the device fails to return a value on any one MIB variable, the status will not be shown on any ports or LEDs. All ports and LEDs will appear with no color and a failure message will display in the status bar. The message will not provide any indication of the problem MIB variable. Status failure may occur due to the following causes:
When a single port is monitored, CiscoView appropriately displays the informational message: "No available category for port <port number>." When multiple ports are monitored, the same message should display. Currently, when multiple ports are being monitored, the error message "Error: bad window path name .mnport-tb.fcI" displays. [CSCdi43193]
CiscoView will not display any port status for Cisco 7500 routers running Cisco IOS images previous to Software Release 11.0 with two FDDI interface cards present. The snmpFddi table shows information for only one interface, even if two interfaces are present. [CSCdi42516]
If routers are not configured properly, then you may not see all statuses on all ports. [CSCdi43460]
If you load a new image, you need to re-enter configuration commands to configure the asynchronous ports as follows:
interface Async1
ip unnumbered TokenRing0 #(or Ethernet0)
interface Async8 #(8 asynchronous ports for Cisco 2509/2511; 16 asynchronous ports for
Cisco 2510/2512)
[CSCdi37062]
The Rewind button will not rewind the same way for all CATEGORY selections on a given port type. In some cases the CATEGORY display will be invalid after rewinding. Select the default CATEGORY and rewind to work around the problem. [CSCdi39539]
If the server or display workstation is running out of swap space, you will see a message such as "X error: Couldn't allocate color cell," and CiscoView will core dump. If you are running other applications, you might want to check your swap space occasionally.
To check swap space on a Sun workstation, enter the following:
hostname% pstat -T
To check swap space on an HP system, enter the following:
hostname# vmstat -n
If your system is running out of swap space (for example, only 200 KB of swap space remains), quit some of the other applications you are running, or increase your swap space if possible. [CSCdi37063]
CiscoView can run out of colors. If this occurs, CiscoView will continue to run, but all the colors it cannot allocate will dither to black or white. You can avoid this by starting CiscoView before starting color-intensive applications, or by using a private color map for the color-intensive applications (for example, application_name -install.
The caveats for the above mentioned devices follow.
In the Sun OpenWindows environment, hidden application windows such as the EtherChannel/Domain application, do not display to the front when you invoke the application again. The application is hidden and must be manually brought to the front of other existing applications.
In high traffic situations, you may experience timeouts. To increase the timeout period, select Options>Properties from the CiscoView menu and change the value for the Timeout field.
The error window "CV_BBAreaX1 no such variable" may display when you click the mouse. Close the window and ignore it.
In OpenWindows, when you drag a port across a device bitmap in order to set the EtherChannel/Domain information, the port image can get stuck on the border of the bitmap. To resolve this problem, move the pointer onto the port and click the middle mouse button.
If you are using the CiscoPro 16/Catalyst 3000 and close the CiscoView window, any application window that was launched from it will automatically close. Remember to close the EtherChannel and Domain Configuration application windows before you open another CiscoView application or exit from the CiscoView application. There is no limitation on the number of CiscoView applications that you can run.
On the CiscoPro (CPW) 16 and Catalyst 3000, when you try to set parameters for the EtherChannel/Domain application under moderate to high traffic situations, the application incorrectly displays an error window indicating that the operation was not successful. In reality, the command was successful, and you should dismiss the error dialog. The application should continue to function properly.
When a switch is configured as two or more domains, HP OpenView discovery may not work properly and may discover only one of the domains. If this occurs, use CiscoView to manage the domain directly rather than launching it from the map.
In Open Look, when tables are read with "Configure Device," the first box in row one, column one may inappropriately be empty. To resolve this problem, choose another box in the table and re-open the table.
In Open Look, if you try to configure a port by clicking on the port, the dialog box may not open. Try to access the port configure dialog box by moving the pointer out of the box and then back in again.
The rear view of the Prostack matrix power supply does not indicate whether the connector link is up or down (for example, the connector does not come up green if there is a link).
On SunOS using OpenWindows, when you open menu boxes shadows display on the bitmaps. To remove the shadows, use the Refresh option in Openwindows or the CiscoView View menu.
The caveats for the above mentioned devices follow.
A mismatch between the user entered "read-only," "read-write," and "read-writeld" entered through the Command Line Interface (CLI) commands will lead to error conditions such as "noSuchName" or "timeout" conditions. These errors are reported, but they are somewhat ambiguous. To avoid these error conditions, use identical community strings in CiscoView and the corresponding agents.
When you view the physical view of a Catalyst 1400, the following error message displays: Error: error reading picture file "$NMSROOT/etc/cview/bitmaps/wg/c14-hub.gif." To resolve the problem, go to the $NMSROOT/etc/cview/bitmaps/wg directory and copy the c1400hub.gif as c14-hub.gif.
The online help caveats are described below.
The following lists the online help links that are missing or broken. These are being addressed and will be resolved in the next release.
Posted: Thu Oct 10 22:19:37 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.