Network Configuration Management

Admin Operations

 

Contents

 

Overview

While configuring Network Configuration Manager for usage in your network, you can perform certain administrative operations. The operations are classified under below categories.

 

Basic Settings

The following operations have been classified as 'Basic Settings':

 

  1. Server Settings
  2. Rebranding
  3. Trouble-Ticket Settings
  4. SNMP Trap Settings
  5. Database Administration

 

Server Settings

TFTP Server Setting

Network Configuration Manager uses TFTP server to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.

To specify a particular interface,

  1. Go to "Settings" >> "General Settings">> "Server Settings" >> "TFTP Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

 

SCP Server Setting

Network Configuration Manager provides the option to use SCP to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.

To specify a particular interface,

  1. Go to "Settings" >> "General Settings" >> "Server Settings" >> "SCP Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

     

Syslog Server Setting

By default, Network Configuration Manager binds its syslog listener to port 514. In case, your machine is multi-homed and if you want to run some other application with a syslog server in the same machine, you can bind the Network Configuration Manager syslog server to a specific interface leaving the other interface(s) for use by other application(s).

To specify a particular interface,

  1. Go to "Settings" >> "General Settings" >> "Server Settings" >> "Syslog Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

 

Rebranding

Rebranding option helps you replace Network Configuration Manager logo that is displayed in the web client as well as in the reports, with your company's logo. You can also change the product name if needed.

To replace NCM logo and product in the web client and reports, follow the steps given below:

  1.  "Settings" >> "General Settings" >> "Rebranding".

  2. Enter the Product Name that you want to display in the Reports.

  3. Browse and import the Image to replace the NCM logo that is displayed in the web client and reports.

  4. Click Save.

  5. Once done with the above changes, restart OpManager.

 

Trouble Ticket Settings

Upon detecting changes in configuration, Network Configuration Manager provides the option to generate trouble tickets to your Help Desk. You can set your Help Desk email ID here.

  1. Go to "Settings" >> "Global Settings" >> "Trouble Ticket Settings"

  2. Enter Help Desk email ID and click "Save" to give effect to the settings.

 

SNMP Trap Settings

SNMP v2 traps could be sent to a specific host upon detecting a configuration change. Settings could be done for that purpose here.

To send SNMP trap to the desired host (based on the change management condition specified through change management rule),

  1. Go to "Settings" >> "Global Settings" >> "SNMP Trap"

  2. Enter hostname or IP address of the recipient. Also, enter SNMP port and community. Default values 162 for port and public for community.

  3. Click "Save".

 

User Management

User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators. Operator do not have this privilege.

Administrators can create as many users as required and define appropriate roles for the user. From Settings >> User Management, administrators can

  1. View all the existing users

  2. Create new users

  3. Change the access level, device list of existing users

  4. Delete an existing user

To view the existing list of users

  • Go to Settings >> User Management. The list of users will be displayed with respective login names, access levels and email IDs.

 

Note: The default login name and password  for fresh Network Configuration Manager installation is 'admin' and 'admin' respectively. The default email ID has been configured as admin@manageengine.com. After logging in to the Network Configuration Manager, change the email ID for admin user. Otherwise, when you invoke 'forgot password' email would be sent to admin@manageengine.com.

 

Adding New Users

 

To Add New Users

  1. Go to Settings >> User Management. Click "Add"

  2. Define the "Access Level" (role) for the new user - Administrator/Operator; Users falling under "Administrator" category shall have unlimited privilege and access over all functionalities of Network Configuration Manager. On the other hand, the users falling under operator category will have very restricted access.

  3. Provide the user's email ID. This email ID will be used in the 'Forgot Password' feature to intimate the password to the user when the user invokes 'Forgot Password'. While invoking 'Forgot Password' link in the login UI of Network Configuration Manager, the users will have to provide the username and the email ID. Network Configuration Manager will reset the password of the user and it would be mailed to the user's ID  

  4. Enter "password"; the password should be at least 5 characters long

  5. Confirm the new password

  6. Select the required time zone and click on next

  7. Now select the devices/ device groups to be assigned to the user

  8. Click "Save". new user account has been created

 

To Edit existing Users

  1. Go to Settings >> User Management.

  2. In the UI that opens, click on the user account to be edited.

  3. Change the access level and device list of the user as desired and Click "Update"

 

To Delete existing Users

  1. Go to Settings >> User Management.

  2. In the UI that opens, click the delete icon present against the respective username. The user will be removed from Network Configuration Manager once and for all.

     

Privileges for Configuration and other Operations

The following table explains the privileges associated with each access level for performing various device configuration operations:

 

Access Level

Configuration & Other Operations

Device Addition

Upload (Pushing configuration into the device)

Authority for approving various requests

Compliance

Admin Operations

User Management

Administrator


(create, associate compliance policies)

 

Operator


(only for authorized devices, subject to approval by administrator / Power User)

 

RADIUS Server Settings

You can make Network Configuration Manager work with RADIUS server in your environment. You can also leverage the RADIUS authentication for user access bypassing the local authentication provided by Network Configuration Manager. This section explains the configurations involved in integrating RADIUS server with Network Configuration Manager.
 

Providing Basic Details about RADIUS Server

To configure RADIUS server in Network Configuration Manager, provide the following basic details about RADIUS server and credentials to establish connection:

  1. Go to "Setting" >> "User Management" tab and click "RADIUS Server Settings"

  2. In the UI that opens, provide the following details:

  3. Server Name/IP Address  - enter the host name or IP address of the host where RADIUS server is running

  4. Server Authentication Port - enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS Authentication

  5. Server Protocol - select the protocol that is used to authenticate users. Choose from four protocols - Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge-Handshake Authentication Protocol (MSCHAP), Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)

  6. Server Secret - enter the RADIUS secret used by the server for authentication

  7. Authentication Retries - select the number of times you wish to retry authentication in the event of an authentication failure

  8. Click "Save".

 

Discovery

Devices can be added to the inventory in three ways:

 

1. Discover Devices

Pre-requisite

Discovery can be initiated only for the SNMP-enabled devices. So, ensure that your devices are SNMP-enabled before trying discovery.

The Discovery Process

The SNMP-enabled devices available in the network can be discovered and added to the Network Configuration Manager inventory. You can discover a specific device, devices present in a specific IP range and even multiple devices.

To Initiate Discovery,

  • Go to Settings >> Discovery

  • The discovery wizard provides the option for discovering the devices with specific IP addresses or devices falling under a specific IP range and multiple devices whose details are present in a file. Based on your need for discovery, choose any one of the options for "Discover Devices by".

  • Create SNMP profile to specify SNMP credentials,

  • Network Configuration Manager supports SNMP versions - v1, v2c and v3
  • Enter a name and description for the credential profile for your reference
  • Enter the SNMP credentials depending on the SNMP version chosen

 

v1

v2

v3

Enter the SNMP port, read community (mandatory). Also specify write community.

Enter the SNMP port, read community (mandatory). Specify write community.  

Enter the SNMP port

User Name: Enter the name of the user (principal) on behalf of whom the message is being exchanged.

Context Name: An SNMP context name or "context" in short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts. In other words, if a management information has been defined under certain context by an SNMPv3 entity, any management application can access that information by giving that context name. The "context name" is an octet string, which has at least one management information.

Authentication Protocol & Password: Select any of the authentication protocols either MD5 or SHA and enter the password. MD5 and SHA are processes which are used for generating authentication/privacy keys in SNMPv3 applications.

Encryption: Select any of the encryption protocols either DES or EAS-128 and enter the password. Note: Only after configuring Authentication it is possible to configure Encryption.

  • To initiate discovery, click the OK button. The wizard will discover the desired device(s) and add them to the inventory. You will find the new device(s) in the inventory list.

Note:

  1. You can even create multiple profiles and Network Configuration Manager would use all of them for discovery.

  2. To add, edit or delete any profile, go to Settings>>Device Management>>Credential Profile

 

Format for entries to discover multiple devices from flat files

You can even discover multiple devices by simply loading a file containing the device details. Entries in the file need to be in a specific format as detailed below.

  • You have the option to enter hostname or IP address or both of the devices to be discovered.
  • Each entry has to be entered in a separate line.
  • When you enter both hostname and IP address of a host, you need to separate the entries with a space or a tab.

For example, typical entries in the file would be something like the ones below:

cisco805
catalyst2900 192.168.117.12
foundry2402

192.168.111.2 cisco1710    

 

Tracking Discovery Status

After starting discovery of devices, you can track the status of discovery on real time basis. You can find the progress of discovery (that is percentage of completion) and finally the result - whether the device/devices was/were discovered successfully and added to the inventory. In case of failure of discovery process, the probable reason for the failure is also reported.

Apart from viewing the status of discovery of a particular attempt on real-time basis, you can even view historical information pertaining to all device discovery attempts made so far and their respective status / result by clicking the link "Discovery Reports".

 

2. Manual Addition of Devices

You can add new devices through Manual Addition also. To add a device manually,

  1. Go to "Settings" >> "Discovery" and click on "IP / Host Name"

  2. The device can be added by providing hostname/IP address of the device to be added, the device vendor, type, series & model from the drop-down and click "Add"

  3. You will see the progress of device addition in the UI and once the device gets added, you will be prompted to enter credentials for the same

 

3. Importing Devices from a Text file

 

Network Configuration Manager provides the option to import devices from a text file and add them to the inventory. To import devices from a text file, Network Configuration Manager requires that the entries in the file conform to a specific format.

Ensure that the entries in the file are in the following format: (column names should be in the same order as shown in the format below with each name separated by a comma):

 

Format : <Hostname or IP Address>,<Device Template Name>,<Series>,<Model>

Example: catalyst2900,Cisco IOS Switch,2900,2924

    192.168.111.11,Cisco IOS Router,800,805

    192.168.111.22,Force10 E-Series Switch,E600

    procurve2524,HP Procurve Switch

 

To import devices from a text file,

  1. Go to "Inventory >> Click on '+' symbol" and click "Import Devices from text file", click "browse" and locate the file and "Import"

  2. Check the inventory and see if the device has been added

 

Configlets

Configlets offered by Network Configuration Manager are of two types.

The following table provides information about the each type of configlet and when to use them:

 

TFTP Mode

Simple Script Execution

Advanced Script Execution

TFTP mode is for uploading a partial configuration change to a device/devices through TFTP.

 

Example:

 

  • Enabling TELNET service

  • Changing SNMP Community

  • Forwarding Syslog messages

  • Changing the interface

 

In all the above case, TFTP mode of configuration upload could be used. In general, for carrying out changes to existing configuration, this mode could be used.

 

For other cases like executing a command on device, Script execution mode has to be used.

 

To execute a single command on the CLI console.

 

Example: Synchronizing Running & Startup Configurations. Through a single line in the script containing the command
copy running-config startup-config,
you can synchronize the startup and running configurations of any number of devices.

 

Other Examples:

 

  • Changing Passwords

  • Updating NTP Server Entries

  • Getting 'show version' output

 

To execute a series of inter-connected commands on a device in command line. After the execution of one command, some input has to be provided before the next command is invoked. In such a situation, advanced scripting would be useful.

 

When the execution of a command changes the prompt of the device or takes too much of time to execute or requires fine-grained control to track the flow, advanced script execution has to be used.

 

Example: Backing up your current IOS image to a TFTP server. To do this, the following sequence would be used:

 

  • Command to be used copy flash  tftp

    - the location of your current IOS image

  • TFTP server's IP has to be specified

  • The file where it has to be copied, has to be specified

 

The above sequence of command execution could be transformed into an advanced script as below:

 

<command prompt=']?'>copy flash:/%SOURCE_FILE_NAME% tftp</command>

<command prompt=']?'>%TFTP_SERVER_IP%</command>

<command timeout='70'>%DESTINATION_FILE_NAME%</command>

 

Other Examples:

  • Uploading OS images / firmware upgrade
  • Configuring banner message
  • Resetting passwords of HP ProCurve and Extreme Summit devices
  • Deleting files from flash

 

To know more on Configlets and how to use them, please refer to Automation using Configlets & Scripts.

 

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.
Quick LinksRelated Products