Getting Started with URT

To make administrative changes to URT, you must first start the application. URT VPSs and clients are typically started automatically when the systems on which they are installed are booted.

To start URT, select Start>Programs>Urt>Start User Registration Tool.

The URT main window is displayed; this is the starting point for using the URT Administrative GUI.

Using the URT Main Window

When you start URT, the main window is displayed, showing folder information in the left pane and information about the selected folder item in the right pane.

Note Unless otherwise noted, you run all procedures in this guide from the URT main window.

Figure 2-1 shows the URT main window.

Figure 2-1 URT Main Window

Understanding Folder Items

The expandable folders show the following:

VTP domains—including switches and VLANs.
NT and Novel Directory Services (NDS) domains—including usernames, groups, organizational units, and NT hosts.
URT VPSs.
MAC addresses.
Directories (LDAP servers including Active Directory and NDS domains).
RADIUS servers.

Tips for Working with Folder Items

To change the settings for a folder item, select the item, then select an appropriate command from the menus.
To change the associated attributes for usernames, groups, organizational units, or VLANs, double-click the folder name.
To expand or collapse a folder, click the icon next to the folder or click the folder.

Understanding Folder Item Information

When you start URT, all VTP domains, switches, and VLANs known to URT are displayed in the left pane. You can add or import additional network information from CiscoWorks2000, from a comma-separated value (CSV) file, or by adding individual devices.

You must add NT domains, NDS and LDAP directories, and RADIUS servers manually.

The selected folder item attributes are displayed in the right pane of the URT main window.

Note If no attributes are associated with the selected item, nothing is displayed in the right pane.

Tips

To rearrange the columns, click a column heading, then drag it to the desired location in the display.
To sort the column information, click the column heading.
You cannot print any of the displays.

Table 2-1 describes the information displayed for selected folder items.

Table 2-1 Information Associated with URT Folder Items

Column	Information Displayed	Description
Name of VTP domain (folder)	Logon VLAN	Information about the logon VLAN for the VTP domain. If more than one subnet and subnet mask are used on the VLAN, separate lines are displayed for each subnet and mask pair.
Switch (items in the Switch folder in a VTP domain)	VPS Address	IP addresses for the URT VPSs used by the switch, including VPS types (primary or secondary) and which server is currently being used by the switch.
VLAN (items in the VLAN folder in a VTP domain)	Logged On Users	Logged on users associated with the VLAN.
NT or NDS domain	Logged On Users	Detailed information about users logged onto the domain: Username Hostname IP Address Subnet Gateway VTP domain VLAN Switch MAC Address Port Last Seen
NT or NDS domain (continued)	Logged On Users	To move the columns, drag and drop them; to sort the data, double-click a column heading. To assign a VLAN more quickly, you can select an NT group to display users in that group, rather than displaying the whole domain.
User name	VLAN Associations	VLAN associations you created for the logged on user. There are separate lines for each VTP domain in which you created a VLAN association for the user.
Group or organizational unit	VLAN Associations	VLAN associations you created for the group or organizational unit. There are separate lines for each VTP domain in which you created a VLAN association for the group or organizational unit. Also lists logged on users.
NT Hosts	Host List	Windows NT systems in the NT domain, including the status and current version of the URT Client Module on that system. Systems are not listed for NDS directories.
VPS (item in the URT VPS Servers folder)	VPS Clients	Switches configured to use the URT VPS as a VMPS; also indicates whether the server is a primary or secondary VPS for the switch.
MAC Addresses	MAC Addresses	All MAC addresses for which there are VLAN mappings. Note To map VLANs to MAC addresses, see the "Adding MAC Addresses and Host Mappings" section.
Directory	LDAP Users	Configured LDAP (NDS and AD) directories and logged on users.
RADIUS Server	RADIUS Users	Configured RADIUS servers and logged on users.

Understanding Folder Icons

After you add a domain or directory, URT queries the server and shows all users, groups, and organizational units defined in that domain or directory.

Table 2-2 describes how user, group, and organizational unit name icons are color-coded to indicate their status.

Table 2-2 Color-Coding of URT Icons

This Icon Color...	Indicates that the name is...
Gray	Not associated with a specific VLAN.
Blue	Associated with a specific VLAN in at least one VTP domain.
Gray with red X	Currently defined in the URT Administrative Server database but no longer defined in the domain server, NetWare server, or directory. Note This name is automatically deleted from the database the next time you save your changes in the URT Administrative Server. A red X icon also indicates deleted VLANs and VPSs that are unavailable. When a VPS becomes available, the red X is no longer displayed.
Gray with blue X	Associated with a VLAN that no longer exists. You should associate this name with a different VLAN.

Refreshing Folder Contents

Any changes you make in the NT domains and NDS directories are not reflected in the URT folders until you refresh those folders. For example, you should refresh your view if you add or delete a user, group, or organizational unit in the domain or NDS NetWare server.

If your NT user account does not have Administrator authority in an NT domain that you are refreshing, you are prompted for a username and password that do have Administrator authority. Enter the username using the format NT_domain\username.
To refresh NDS directories, you must have browse and read privileges for the directory. If you do not have these privileges, you must exit URT and log onto the NetWare network from an appropriate account.

Note A refresh updates the URT list folder, but changes to NT group or organizational unit membership do not affect user logons until the VPS lists are also refreshed.

Step 1 Select a folder.

Step 2 Click Refresh, or select View>Refresh.

Note Refreshing a VTP domain does not refresh the list of switches in the domain. If you add or delete switches in your network, you must add or delete the switches in URT.

Finding a User or Resource in a Folder

If there is a large number of users or other resources (such as VLANs, VTP domains, switches, and so on), you can use the Find command to search for them.

Step 1 Select Edit>Find.

Note You can use the Find command only to find items in folders. You cannot search for information displayed in the right pane.

The Find command searches down through the folders from the current cursor position. If the search finds no match, move the cursor to the topmost folder, then retry the search.

Step 2 Enter the text or IP address you want to find.

Note Check Match Case if you want to find only those items spelled exactly as you entered them.

Step 3 Click Find Next.

If found, the item is highlighted. If the item is found in a closed folder, that folder opens.

Using Common Buttons

The button bar in the URT main window contains icons that you can use as shortcuts for common tasks. These buttons—displayed below the main menu items (File, Import, Edit, and so on)—perform the same function as the menu items. For example, clicking Add produces the same results as selecting Edit>Add.

Some commonly used buttons are described in Table 2-3.

Tip Move your mouse over each button for information about its function.

Table 2-3 Common Buttons

Button	Function	Usage Notes
	Add	To add a user, server, directory, or other component, select a folder in the left pane, then click Add.
	Delete	To delete a user, server, directory, or other component, select a folder item in the left pane, then click Delete.
	Configure	To set options for the user, server, directory or other component, select a folder item in the left pane, then click Configure.
	Refresh	To refresh the contents of the main window or the History Log window, click Refresh.

Adding Information to the URT Administrative Server

You must add network information to the URT Administrative Server to provide URT with data to manage logons—including the assignment of users, groups, or organizational units to specific VLANs. You can:

Import data from CiscoWorks2000.
Import data from a comma-separated value (CSV) file.
Add or delete individual switches.

If URT is already active on the network, changes to the Administrative Server take effect immediately.

Importing Network Information from CiscoWorks2000

To provide URT with information collected by CiscoWorks2000, you can import network information from a CiscoWorks2000 Web Server into your network.
URT imports the following information:

VTP domains
VLANs
Switches
SNMP community strings for any imported switches
MAC addresses discovered by CiscoWorks2000

Step 1 Select Import>Import from CiscoWorks2000.

Step 2 Enter the IP address of your CiscoWorks2000 Web Server.

Step 3 Enter the port that the server uses (typically port 1741).

Step 4 Enter your username and password.

Step 5 Click Connect.

URT downloads network information from the CiscoWorks2000 Web Server and displays the imported information in the URT main window.

Note The information you enter in the Import from CiscoWorks2000 window is saved in URT and used when you refresh information from CiscoWorks2000. To delete this information from URT, click Delete in the Import from CiscoWorks2000 window.

Refreshing Network Information from CiscoWorks2000

If you imported network information from CiscoWorks2000, you can refresh the data by selecting View>Refresh from CiscoWorks2000.

If an error message tells you there is no CiscoWorks2000 Server from which to import data, this indicates that no logon information for the CiscoWorks2000 Server is stored in URT. In this case you must reenter the login information.

Step 1 Select Import>Import from CiscoWorks2000.

Step 2 Enter the logon information.

Step 3 Click Connect to refresh the data.

For information about deleting switch and VTP domain information from URT, see the "Deleting Switches from URT" section.

If any information you deleted was imported from the CiscoWorks2000 Server, you can import the information into URT again when you select
View>Refresh from CiscoWorks2000.

Debugging VPS Information from the CiscoWorks2000 Server

To access the CiscoWorks2000 Server for debugging VPS information, enter the following URL in your browser:

 
http:VPS_address/cw2000.html

Importing Network Information from a Comma-Separated Value File

You can import network information from a comma-separated value (CSV) file you create. Doing this might be useful if you do not have CiscoWorks2000, and you have a large number of switches to import.

Step 1 Create a CSV file using the following format: IP address, SNMP read-only community string, SNMP read-write community string.

For example:

 
10.10.10, public, private,
20.20.20, public, private,

Step 2 Repeat step 1 for every switch you need to import.

Step 3 Save the CSV file.

Step 4 Start URT.

Step 5 Select Import>Import from file.

Step 6 Navigate to the directory that contains your CSV file.

Step 7 Select the CSV file.

Step 8 Click Import.

URT imports the information from the CSV file and displays it in the main window.

Adding Switches to URT

You can add individual switches to be managed by the URT Administrative Server.

Step 1 Under the applicable VTP domain, select the Switches folder.

Step 2 Click Add or select Import>Add Switch.

Step 3 Enter the IP address of the new switch.

Step 4 Enter the SNMP community strings.

Note The SNMP community strings are added to the URT database; URT does not change the SNMP community strings on the switch.

Step 5 Click Add.

URT adds the switch to the appropriate VTP domain in the main window.

Deleting Switches from URT

You can delete switches from the network information managed by the URT Administrative Server.

Step 1 From the VTP domain folder in the left pane, select a switch or switches.

Step 2 Click Delete or select Edit>Delete.

Step 3 In the confirmation dialog box, click Yes.

Step 4 To delete a VTP domain after you have deleted all switches in the domain, select the VTP domain folder.

Step 5 Click Delete or select Edit>Delete.

Step 6 In the confirmation dialog box, click Yes.

Any switch that you delete from URT must be reconfigured to use a switch-based VMPS instead of a URT VPS.

If you imported network information from CiscoWorks2000, network information is reimported every time you select View>Refresh in the CiscoWorks2000 Server. If the switch still exists in the network, the switch is displayed again in the folder after the refresh.

Customizing URT Options

To set the global URT parameters, select Customize>Options.

These topics describe the global parameters in more detail:

Setting Web Options

You can use web options to customize the page that web clients see upon logon. To do so, click the Web tab in the URT Options dialog box.

For more information about the web options, see the "Customizing the Web Logon Page" section.

Enabling Trace and Refreshing User Data

You use the administrative options to determine:

Whether to include trace and debug messages in the URT Administrative Server log file. By default, this log file, which records interactions with the URT VPSs, resides in C:\Program Files\Urt\data\UrtAdminServer.log.
The time of day to refresh the URT VPSs with updated group data.

Note Setting this option affects all domain servers.

For each domain, you can enter a list of domain controllers to determine the order the Administrative Server uses during group refreshes. During a refresh, the Administrative Server checks the domain controllers in the order you specify. If the first one in the list is unavailable, it checks the next one in the list, and so on.

For more information about the domain options, see the "Configuring Domain Options" section.

Step 1 Select Customize>Options.

The URT Options dialog box is displayed.

Step 2 Click the Admin tab.

Step 3 Set the time at which to refresh the VPS with updated group entries.

The entries are refreshed once every 24 hours at the time you specify. If you do not set this time, the default value of midnight (00:00) is used.

Step 4 To add debugging and trace messages to the log file, select the Enable Trace checkbox.

Step 5 To change the name and location of the log file, enter a new filename and location or browse to select a file.

The log file shows interactions between the URT Administrative Server and the VPSs.

Step 6 Click OK.

Setting History Options

You use history options to determine whether to trace user logons and logoffs to the domain server. History files are stored in a central location.

Step 1 Select Customize>Options.

The URT Options dialog box is displayed.

Step 2 Click the History tab.

Step 3 To create history files, select the Enable history logging checkbox.

Step 4 Enter the log filename and location in the Logging directory text box or browse to select a file.

Step 5 You can manage files by date or by size.

If you select Date, you can also select the Total days of history to store checkbox, then enter the number days for which you want to keep data.
If you select Size, you can enter a maximum log file size and a maximum number of log files to store.

Step 6 Click OK.

Retaining MAC-to-VLAN Associations

You use URT global logon options to determine whether a system logging onto the network with MAC-to-VLAN mappings retains those mappings or if it uses URT user-based VLAN policies.

Note Setting this option affects all systems logging onto the network.

You can also set specific logon options for different domains. For more information about the logon options, see the "Configuring Domain Options" section.

Step 1 Select Customize>Options.

The URT Options dialog box is displayed.

Step 2 Click the Logon tab.

Step 3 To preserve these mappings, select the Retain MAC to VLAN Associations checkbox.

Note If you select this option but the system does not have MAC-to-VLAN associations, user-based VLAN policies are used.

Step 4 Click OK.

Setting MAC Security Options

For security reasons, you can use only MAC-assigned VLANs and block unregistered MAC addresses. A MAC address is registered if it has a VLAN association. If a system powers on with an unregistered MAC address, you can use one of these MAC security options:

Place unauthorized users in a security violation VLAN instead of defaulting to the logon VLAN. For each VTP domain, you can define an unauthorized MAC VLAN to provide a higher level of security without requiring any changes to the switch.
Shut down the port of unauthorized users. After a port is shut down, you can reenable it on the switch using the command-line interface or SNMP to provide the highest level of security.

Step 1 Select Customize>Options.

The URT Options dialog box is displayed.

Step 2 Click the MAC Security tab.

Step 3 To preserve these mappings, select the Only Allow MAC Assigned VLANs checkbox.

Note If you select this option, select one of the options in step 4.

Step 4 Select one of the following:

Use Unauthorized MAC VLAN—Places a user in a security VLAN if the MAC address does not have a MAC-assigned VLAN.
Shut Down Port—Shuts down a user port if the MAC address does not have a MAC-assigned VLAN.

Step 5 Click OK.

Backing Up and Restoring the URT Administrative Server

The URT database contains XML files stored in the data folder on the disk drive where the URT Administrative Server is installed. As part of regular system maintenance, you should back up these files. If the system on which the URT Administrative Server resides becomes inoperable, you will need these files to quickly restore the URT Administrative Server on another system.

Step 1 Install the URT Administrative Server on the selected system.

For more information about the installation process, see Installation and Setup Guide for the Cisco Secure User Registration Tool.

Step 2 Move all XML files from the backup copy of the URT data folder to the URT data folder on the new system.

Step 3 To restore communication between the URT Administrative Server and the VPSs and domain servers, perform the following tasks from the main window:

a. To delete the VPSs from URT, select the servers from the URT VPS folder.

b. Click Delete.

c. Add the same VPSs to URT. (See the "Adding a VPS" section.)

d. When adding the servers again, you are prompted to reinstall the URT logon script on each domain server. To do so, follow the installation prompts.

Table of Contents