Cisco Systems 5, NAM User Administration

5-16

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 5 User and System Administration

User Administration

User Administration

The User Administration option of the Administration menu provides the following options:

• Local Database, page 5-16

• Establishing TACACS+ Authentication and Authorization, page 5-19

• Configuring a TACACS+ Server to Support NAM Authentication and Authorization, page 5-20

• Current User Sessions, page 5-22

Local Database

When you first install the NAM Traffic Analyzer, you use the NAM command-line interface (CLI) to

enable the HTTP server and establish a username and password to access the NAM for the first time.

After setting up the initial user accounts, you can create additional accounts, enabling or disabling

different levels of access independently for each user.

Table 5-8 provides information about User Privileges and describes each privilege.

For additional information about creating and editing users, see Creating a New User, page 5-17 and

Editing a User, page 5-18.

Recovering Passwords

You can recover passwords by using CLI commands on the switch or router. A user with appropriate

privileges can reset the NAM CLI and passwords to the factory default state.

Tab l e 5-8 User Privileges

Privilege Access Level

AccountMgmt Enables a user to create, delete, and edit user accounts.

SystemConfig Enables a user to edit basic NAM system parameters such as IP address,

gateway, HTTP port, and so on.

Capture Enables a user to perform packet captures and manage capture sessions

Use the NAM Traffic Analyzer protocol decode.

AlarmConfig Enables a user to create, delete, and edit alarms on the switch/router and

NAM.

MonitorConfig Enables a user to create, delete, and edit the following:

• Collections and reports

• Protocol directory entries

• Protocol groups

• URL-based applications

MonitorView Enables a user to view monitoring data and reports (granted to all users).

Contents

Main Page CONTENTS Page Page Page Page Page Page Page About This Guide Chapter Overview Audience Conventions Notices Obtaining Documentation and Submitting a Service Request Page Overview Introducing NAM Traffic Analyzer 5.0 Dashboards Logical Site New Application Classification Architecture Standards-Based NBI NetFlow v9 Data Export Historical Analysis SNMP v3 Support -- NAM to Router/Switch Support Overview of the NAM Platforms Logging In Navigating the User Interface Common Navigation and Control Elements Menu Bar Detailed Views Context Menus Quick Capture Interactive Report Chart View / Grid View Mouse-Over for Details Zoom/Pan Charts Page Context-Sensitive Online Help Understanding How the NAM Works Page Understanding How the NAM Uses SPAN Understanding How the NAM Uses VACLs Understanding How the NAM Uses NDE Understanding How the NAM Uses WAAS Configuration Overview Page Configuring and Viewing Data Cisco WAAS NAM Virtual Service Blade Setting Up The NAM Traffic Analyzer Default Functions Traffic Analysis Application Response Time Metrics Voice Signaling/RTP Stream Monitoring Traffic Usage Statistics Traffic SPAN About SPAN Sessions Page Page Creating a SPAN Session Page Editing a SPAN Session Deleting a SPAN Session Data Sources SPAN ERSPAN Enabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Enabling Auto-Creation of ERSPAN Data Sources Using the CLI Disabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Disabling Auto-Creation of ERSPAN Data Sources Using the CLI Creating ERSPAN Data Sources Using the Web GUI Creating ERSPAN Data Sources Using the CLI Deleting ERSPAN Data Sources Using the Web GUI Deleting ERSPAN Data Sources Using the CLI Configuring ERSPAN on Devices VACL Configuring VACL on a WAN Interface Configuring VACL on a LAN VLAN NetFlow Understanding NetFlow Interfaces Understanding NetFlow Flow Records Managing NetFlow Data Sources Configuring NetFlow on Devices Page Enabling Auto-Creation of NetFlow Data Sources Using the Web GUI Enabling Auto-Creation of NetFlow Data Sources Using the CLI Disabling Auto-Creation of NetFlow Data Sources Using the Web GUI Disabling Auto-Creation of NetFlow Data Sources Using the CLI Creating NetFlow Data Sources Using the Web GUI Page Creating NetFlow Data Sources Using the CLI 2-26 assigned to the new device, you will need it to create the data source! shown here: Step 8 Enter ? to see all the command options available, as in the example below: Step 9 Enter the device ID from Step 4 (required): Deleting NetFlow Data Sources Using the Web GUI Deleting NetFlow Data Sources Using the CLI Testing NetFlow Devices WAAS Understanding WAAS Response Time Monitoring from WAAS Data Sources Monitoring Client Data Sources Monitoring WAN Data Sources Monitoring Server Data Sources Deployment Scenarios Managing WAAS Devices Adding Data Sources for New WAAS Device Editing WAAS Data Sources Deleting a WAAS Data Source Auto Create of New WAAS Devices Hardware Deduplication Alarms Alarm Actions Alarm Action Configuration Editing Alarm Actions Deleting Alarm Actions Thresholds Setting Host Thresholds Setting Conversation Thresholds Setting Application Thresholds Setting Response Time Thresholds Setting DSCP Thresholds Setting RTP Stream Thresholds Setting Voice Signaling Thresholds Setting NDE Interface Thresholds Editing an Alarm Threshold Deleting a NAM Threshold User Scenario Data Export NetFlow Viewing Configured NetFlow Exports Configuring NetFlow Data Export Page Editing NetFlow Data Export Scheduled Exports Editing a Scheduled Export Deleting a Scheduled Export Custom Export Managed Device Device Information Page NBAR Protocol Discovery Network Sites Definition Rules Specifying a Site Using Subnets Specifying a Site Using WAE devices (WAAS Data Sources) Specifying a Site Using Multiple Rules Resolving Ambiguity (Overlapping Site Definitions) Viewing Defined Sites Defining a Site Page Subnet Detection Editing a Site NDE Interface Capacity Creating an NDE Interface DSCP Groups Creating a DSCP Group Editing a DSCP Group Deleting a DSCP Group Classification Applications Creating a New Application Editing an Application Deleting a Protocol Application Groups Creating an Application Group Editing an Application Group Deleting an Application Group URL-based Applications Example Editing a URL-Based Application Deleting a URL-based Application Encapsulations Monitoring Aggregation Intervals Response Time Voice RTP Filter URL Enabling a URL Collection Changing a URL Collection Disabling a URL Collection WAAS Monitored Servers Adding a WAAS Monitored Server Deleting a WAAS Monitored Server Monitoring and Analysis Navigation Context Menus Interactive Report Saving Filter Parameters Traffic Summary Response Time Summary Site Summary Alarm Summary Page Analyzing Traffic Application Hosts Detail Host Applications Detail NDE Interface Traffic Analysis Viewing Interface Details DSCP Detail DSCP Application Groups Detail URL Hits Viewing Collected URLs Filtering a URL Collection List Host Conversations Network Conversation Top Application Traffic Page Application Traffic By Host WAN Optimization Top Talkers Detail Application Performance Analysis Transaction Time (Client Experience) Traffic Volume and Compression Ratio Average Concurrent Connections (Optimized vs. Passthru) Multi-Segment Network Time (Client LAN - WAN - Server LAN) Response Time Page Page Application Response Time Network Response Time Server Response Time Client Response Time Client-Server Response Time Server Application Responses Server Application Transactions Server Network Responses Client-Server Application Responses Client-Server Application Transactions Client-Server Network Responses Managed Device Interface Interfaces Stats Table Interface Statistics Over Time Health Switch Health Chassis Health Chassis Information Crossbar Switching Fabric Ternary Content Addressable Memory Information Router Health Router Health Router Information NBAR Media RTP Streams Purpose Monitoring RTP Streams Voice Call Statistics Calls Table Page RTP Conversation Page Page Capturing and Decoding Packet Data Sessions Viewing Capture Sessions Configuring Capture Sessions Page Page Software Filters Creating a Software Filter Page Page Editing a Software Capture Filter Hardware Assisted Filters Configuring a Hardware Filter VLAN VLAN and IP IP IP and TCP/UDP IP and Payload Data Payload Data Files Page Analyzing Capture Files Error Scan Downloading Capture Files Deleting a Capture File Deleting Multiple Files Viewing Packet Decode Information Browsing Packets in the Packet Decoder Filtering Packets Displayed in the Packet Decoder Viewing Detailed Protocol Decode Information Using Alarm-Triggered Captures Custom Display Filters Creating Custom Display Filters Page Tips for Creating Custom Decode Filter Expressions Editing Custom Display Filters Deleting Custom Display Filters Page User and System Administration System Administration Resources Network Parameters SNMP Agent Working with NAM Community Strings Creating NAM Community Strings Deleting NAM Community Strings Testing the Router Community Strings System Time Synchronizing the NAM System Time with the Switch or Router Synchronizing the NAM System Time Locally Configuring the NAM System Time with an NTP Server E-Mail Setting Web Data Publication Capture Data Storage Creating NFS Storage Locations Configuring the NFS Server Configuring the NFS Storage Location on the NAM Editing NFS Storage Locations Creating iSCSI Storage Locations Editing iSCSI Storage Locations Syslog Setting SNMP Trap Setting Creating a NAM Trap Destination Editing a NAM Trap Destination Deleting a NAM Trap Destination Preferences Diagnostics System Alerts Audit Trail Tech Support User Administration Local Database Recovering Passwords Changing Predefined NAM User Accounts on the Switch or Router Creating a New User Editing a User Deleting a User Establishing TACACS+ Authentication and Authorization Configuring a TACACS+ Server to Support NAM Authentication and Authorization Configuring a Cisco ACS TACACS+ Server Adding a NAM User or User Group Configuring a Generic TACACS+ Server Current User Sessions NAM Traffic Analyzer 5.0 Usage Scenarios Deployment Deploying NAMs in the Branch Deploying NAMs for Voice/Video applications Deploying NAMs for WAN Optimization Deploying Multi-NAM Consolidation Autodiscovery Capabilities of NAM Creating Custom Applications Utilizing Sites to Create a Geographically Familiar Deployment Integrating NAM with Third Party Reporting Tools Integrating NAM with LMS Monitoring Understanding Traffic Patterns at the Network Layer Understanding Traffic patterns for DiffServ-Enabled Networks Using NAM to Evaluate Application-Level Performance Monitoring for TCP-Interactive Applications Using NAM to Evaluate Application-Level Performance Monitoring for UDP Realtime Applications Troubleshooting Using NAM for Problem Isolation Using NAM for SmartGrid Visibility APPENDIX A Troubleshooting General NAM Issues Error Messages Packet Drops NAM Not Responding NAM Behavior WAAS Troubleshooting Page APPENDIX B Supported MIB Objects Supported MIBs Page Page Page INDEX A C D E F G H I M O P R S T U V W