Cisco Systems 15.3.00P1 manual Security Profiles

Installing and Uninstalling CWM 15.3.00 P1

•Security Profiles

Before CWM 15.3.00 P1, a CWM user had to have a valid UNIX user because the user was authenticated against UNIX when he or she logged in to the CWM.

As of CWM 15.3.00 P1, a new feature has been added to support CWM login without depending on UNIX user accounts. With the new procedure, you add and configure users using the Security Manager. Because this feature is configurable, you can use the new feature or use the previous CWM authentication process.

•CWM Database

After creating a new database with the coldstart script, a database inconsistency will result if the CWM is restarted (stop core and start core) before it is synchronized with the network. In this case, rerun the coldstart script; do not use the SV+CreateDb tool. When a gateway node is upgraded or rebuilt before the CWM has synced up with the network, the CWM must be cold-started (create the CWM database and then restart the CWM) to ensure CWM database consistency. For the IGX ports, the asi_line table is populated with the 1-based port number and not the 0-based port number.

•RPM Management Limitations

The RPM-PR card is not supported on MGX PXM1-based nodes that Chassis View manages. The applicable trap is missing so the CWM cannot monitor the back card. For the RPM and RPM-PR cards in the standby state, the status displays as blue, not yellow as on other card types. For the RPM and RPM-PR card types, hardware and firmware revisions are not populated in the database.

The RPM back card support feature is disabled by default. To enable the feature and obtain RPM back card information, edit the emd.conf file before starting the CWM core. Note that when back card support is enabled, back card information is polled from the switch only during a coldstart or a manual resync. After that, any back card configuration or status changes are not updated until you perform another coldstart or a manual resync.

The CWM does not distinguish between the Ethernet back card versions installed with the MGX-RPM-128M/B or RPM-PR. No difference in functionality exists.

•Equipment Management Configuration Notes

In the emd.conf file, the OORequest and OOStart parameters should be customized, depending on network. The OORequest parameter defines the number of configuration files per node that can be requested at one time, with a maximum of 32 configuration files concurrently per node. The range is 1 through 32, and the default is 32. The OOStart parameter defines the number of OOEMC child processes. The range is 1 through 25, and the default is 6.

All of the PNNI nodes that the CWM manages (PXM45-based 8950, 8880, and 8850 nodes; PXM1E- based 8950, 8850, and 8830 nodes; and BPX nodes with SES shelves) are distributed among OOEMC processes.

The number of nodes that a single process manages is computed by dividing the number of PNNI network nodes by the number of processes that OOStart defines. Assume that the number of nodes that one process manages is called MANAGED_NODE_COUNT. Then, MANAGED_NODE_COUNT * OORequest must be less than or equal to 200, which can be achieved by increasing the OOStart or reducing the OORequest. The normal range of OOStart is 5 to 20. If the OOStart value is increased beyond 10, the number of DMD processes has to be increased or the shared memory overflows.

•Network Monitor Server Configuration File (NMServer.conf)

Two parameters in the NMServer.conf configuration file—HELLO_EVENT_INTERVAL and EVENT_REDELIVERY_COUNT—are tied to the NMSERVER_DISCONNECT_TIMEOUT parameter in the CMSCClient.conf client configuration file. The NMSERVER_DISCONNECT_TIMEOUT parameter value needs to be set to the same number as