cisco prime network registrar 8.2 user guide · cisco systems, inc. cisco has more than 200 offices...

Cisco Prime Network Registrar 8.2 User Guide

November 2013

Cisco Systems, Inc.www.cisco.com

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Text Part Number: OL-29410-01

http://www.cisco.comhttp://www.cisco.com/go/offices

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco Prime Network Registrar 8.2 User Guide Copyright 2013 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

OL-29410-01

C O N T E N T S

Preface xxix

P A R T 1 Getting Started

C H A P T E R 1 Cisco Prime Network Registrar Components 1-1

Management Components 1-1

Trivial File Transfer 1-2Viewing and Editing the TFTP Server 1-2Managing the TFTP Server Network Interfaces 1-3

Simple Network Management 1-3Setting Up the SNMP Server 1-5How Notification Works 1-6Handling SNMP Notification Events 1-7

Server Up/Down Traps 1-9Handling SNMP Queries 1-10Integrating Cisco Prime Network Registrar SNMP into System SNMP 1-11

Default Ports for Cisco Prime Network Registrar Services 1-11

C H A P T E R 2 Cisco Prime Network Registrar User Interfaces 2-1

Introduction to the Web-Based User Interfaces 2-1Supported Web Browsers 2-2Access Security 2-2Logging In to the Web UIs 2-2Multiple Users 2-3Changing Passwords 2-4Navigating the Web UIs 2-4Waiting for Page Resolution Before Proceeding 2-4Committing Changes in the Web UIs 2-5Role and Attribute Visibility Settings 2-5Displaying and Modifying Attributes 2-5

Grouping and Sorting Attributes 2-5Modifying Attributes 2-6Displaying Attribute Help 2-6

Left Navigation Pane and Quick View Icon 2-6

iiiCisco Prime Network Registrar 8.2 User Guide

Contents

Help Pages 2-6Logging Out 2-6

Local Cluster Web UI 2-7Local Basic Main Menu Page 2-7Local Advanced Main Menu Page 2-8Setting Local User Preferences 2-9Configuring Clusters in the Local Web UI 2-9

Regional Cluster Web UI 2-10

Command Line Interface 2-10

Central Configuration Management Server 2-11Managing CCM Server 2-11Editing CCM Server Properties 2-11

Global Search in Prime Network Registrar 2-12

C H A P T E R 3 Server Status Dashboard 3-1

Opening the Dashboard 3-1

Display Types 3-2Tables 3-3Line Charts 3-3Stacked Area Charts 3-5Other Chart Types 3-5Getting Help for the Dashboard Elements 3-6

Customizing the Display 3-6

Selecting Dashboard Elements to Include 3-7Configuring Server Chart Types 3-8

Host Metrics 3-9System Metrics 3-9JVM Memory Utilization 3-10

DHCP Metrics 3-10DHCP Server Request Activity 3-11DHCP Server Response Activity 3-11DHCP Buffer Capacity 3-12DHCP Response Latency 3-13DHCP DNS Updates 3-13DHCP Address Current Utilization 3-14DHCP Failover Status 3-15DHCP General Indicators 3-15DHCP Server Lease Data 3-16

ivCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Authoritative DNS Metrics 3-16DNS Outbound Zone Transfers 3-17DNS Inbound Zone Transfers 3-17DNS Network Errors 3-18DNS Related Servers Errors 3-18DNS General Indicators 3-19DNS Queries Per Second 3-19

Caching DNS Metrics 3-20DNS Queries Type 3-20DNS Queries Responses 3-20DNS Incoming Queries 3-21DNS Recursive Query Time 3-21DNS Caching 3-22Caching DNS General Indicators 3-22DNS Caching Server Queries Per Second 3-23

C H A P T E R 4 Deploying Cisco Prime Network Registrar 4-1

Target Users 4-1

Regional and Local Clusters 4-2

Deployment Scenarios 4-3Small-to-Medium-Size LANs 4-3Large Enterprise and Service Provider Networks 4-4

Configuration and Performance Guidelines 4-6General Configuration Guidelines 4-6Special Configuration Cases 4-7

Interoperability with Earlier Releases 4-7

P A R T 2 Local and Regional Administration

C H A P T E R 5 Configuring Administrators 5-1

Administrators, Groups, Roles, and Tenants 5-1How Administrators Relate to Groups, Roles, and Tenants 5-2Administrator Types 5-2Roles, Subroles, and Constraints 5-3Groups 5-5Managing Administrators 5-6Managing Passwords 5-7Managing Groups 5-7Managing Roles 5-8

vCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Managing Tenants 5-9Adding a Tenant 5-9Editing a Tenant 5-10Managing Tenant Data 5-10Assigning a Local Cluster to a Single Tenant 5-11Pushing and Pulling Tenant Data 5-12Assigning Tenants When Using External Authentication 5-12Using cnr_exim With Tenant Data 5-13

External Authentication Servers 5-14Configuring an External Authentication Server 5-14

Adding an External Configuration Server 5-15Deleting an External Authentication Server 5-15

Granular Administration 5-15Scope-Level Constraints 5-16Prefix-Level Constraints 5-17Link-Level Constraints 5-19

Licensing 5-19

License History 5-20

Centrally Managing Administrators 5-21Pushing and Pulling Administrators 5-21

Pushing Administrators to Local Clusters 5-21Pushing Administrators Automatically to Local Clusters 5-22Pulling Administrators from the Replica Database 5-23

Pushing and Pulling External Authentication Servers 5-24Pushing External Authentication Servers 5-24Pulling External Authentication Servers 5-24

Pushing and Pulling Groups 5-25Pushing Groups to Local Clusters 5-25Pulling Groups from the Replica Database 5-26

Pushing and Pulling Roles 5-26Pushing Roles to Local Clusters 5-26Pulling Roles from the Replica Database 5-27

Pushing and Pulling Tenants 5-28Pushing Tenants to Local Clusters 5-28Pulling Tenants from the Replica Database 5-28

Local Cluster Management Tutorial 5-29Administrator Responsibilities and Tasks 5-29Create the Administrators 5-30Create the Address Infrastructure 5-31

viCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Create the Zone Infrastructure 5-31Create the Forward Zones 5-32Create the Reverse Zones 5-32Create the Initial Hosts 5-33

Create a Host Administrator Role with Constraints 5-33Create a Group to Assign to the Host Administrator 5-35Test the Host Address Range 5-35

Regional Cluster Management Tutorial 5-36Administrator Responsibilities and Tasks 5-37Create the Regional Cluster Administrator 5-37Create the Central Configuration Administrator 5-37Create the Local Clusters 5-38Add a Router and Modify an Interface 5-39Add Zone Management to the Configuration Administrator 5-39Create a Zone for the Local Cluster 5-40Pull Zone Data and Create a Zone Distribution 5-40Create a Subnet and Pull Address Space 5-41Push a DHCP Policy 5-41Create a Scope Template 5-42Create and Synchronize the Failover Pair 5-43

C H A P T E R 6 Managing the Central Configuration 6-1

Central Configuration Tasks 6-1

Configuring Server Clusters 6-2Adding Local Clusters 6-2Editing Local Clusters 6-3Listing Related Servers for DHCP, DNS, and TCP Listener Servers 6-4Connecting to Local Clusters 6-10Synchronizing with Local Clusters 6-10Replicating Local Cluster Data 6-11Viewing Replica Data 6-11Deactivating, Reactivating, and Recovering Data for Clusters 6-12Polling Subnet Utilization and Lease History Data 6-13

Polling Process 6-13Adjusting the Polling Intervals 6-14

Enabling Subnet Utilization Collection 6-14Enabling Lease History Collection 6-15

Managing DHCP Scope Templates 6-15Pushing Scope Templates to Local Clusters 6-16

viiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Pulling Scope Templates from Replica Data 6-16

Managing DHCP Policies 6-17Pushing Policies to Local Clusters 6-17Pulling Policies from Replica Data 6-18

Managing DHCP Client-Classes 6-18Pushing Client-Classes to Local Clusters 6-19Pulling Client-Classes from Replica Data 6-19

Managing Virtual Private Networks 6-20Pushing VPNs to Local Clusters 6-20Pulling VPNs from Replica Data 6-20

Managing DHCP Failover Pairs 6-21

Managing Lease Reservations 6-21DHCPv4 Reservations 6-22DHCP v6 Reservations 6-22

C H A P T E R 7 Maintaining Servers and Databases 7-1

Managing Servers 7-1

Scheduling Recurring Tasks 7-3

Logging Server Events 7-4Searching the Logs 7-5Logging Format and Settings 7-5

Log Files 7-6

View Change Log 7-7

Dynamic Update on Server Log Settings 7-8

Monitoring and Reporting Server Status 7-9Server States 7-9Displaying Health 7-10

Server Health Status 7-10Displaying Statistics 7-11

DNS Statistics 7-12CDNS Statistics 7-14DHCP Statistics 7-16TFTP Statistics 7-17

Displaying IP Address Usage 7-19Displaying Related Servers 7-20

Monitoring Remote Servers Using Persistent Events 7-20DNS Zone Distribution Servers 7-21DHCP Failover Servers 7-22

viiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Displaying Leases 7-22

Running Data Consistency Rules 7-23

Troubleshooting 7-25Immediate Troubleshooting Actions 7-25Modifying the cnr.conf File 7-25Troubleshooting Server Failures 7-27Troubleshooting and Optimizing the TFTP Server 7-27

Tracing TFTP Server Activity 7-28Optimizing TFTP Message Logging 7-28Enabling TFTP File Caching 7-28

Solaris and Linux Troubleshooting Tools 7-29Using the TAC Tool 7-29

C H A P T E R 8 Backup and Recovery 8-1

Backing Up Databases 8-1Syntax and Location 8-2Backup Strategy 8-2

Using cnr_shadow_backup utility: 8-2Setting Automatic Backup Time 8-3Performing Manual Backups 8-3Using Third-Party Backup Programs with cnr_shadow_backup 8-3

Database Recovery Strategy 8-4Backing Up CNRDB Data 8-5Backing Up all CNRDBs using tar or similar tools 8-5Recovering CNRDB Data from Damaged Databases 8-6Recovering CNRDB Data from Backups 8-7Recovering all CNRDBs using tar or Similar Tools 8-8Recovering single CNRDB from tar or similar tools 8-9Virus Scanning While Running Cisco Prime Network Registrar 8-9

Troubleshooting Databases 8-9Using the cnr_exim Data Import and Export Tool 8-10Using the cnrdb_recover Utility 8-12Using the cnrdb_verify Utility 8-12Using the cnrdb_checkpoint Utility 8-13Restoring DHCP Data from a Failover Server 8-13

P A R T 3 Address Management

ixCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

C H A P T E R 9 Managing Address Space 9-1

Address Block Administrator Role 9-1Required Permissions 9-2Role Functions 9-2

Viewing Address Space 9-3

Pulling Replica Address Space from Local Clusters 9-3

Address Blocks and Subnets 9-4Viewing Address Blocks, Subnets, and Address Types 9-4Knowing When to Add Address Blocks 9-5Adding Address Blocks 9-5Delegating Address Blocks 9-7Pushing Subnets to Local DHCP Servers and Routers 9-8Creating Reverse Zones from Subnets 9-9Reclaiming Subnets 9-9Adding Children to Address Blocks 9-9Adding Address Ranges to Subnets 9-10Viewing Address Utilization for Address Blocks, Subnets, and Scopes 9-11

Generating Subnet Utilization History Reports 9-12Enabling Subnet Utilization History Collection at the Local Cluster 9-12Querying Subnet Utilization History Data 9-13Trimming and Compacting Subnet Utilization History Data 9-14Viewing Subnet Utilization History Data 9-15

C H A P T E R 10 Managing Hosts 10-1

Managing Hosts in Zones 10-1

Adding Additional RRs for the Host 10-2

Editing Hosts 10-2

Removing Hosts 10-3

C H A P T E R 11 Managing Router Interface Configurations 11-1

Adding Routers 11-2Managed Versus Virtual Routers 11-3Secure Mode Connections with Routers 11-3Alternative Login Method to Routers 11-3Creating a Login Template 11-4

Editing Routers 11-4

Resynchronizing Routers 11-4

Pushing and Reclaiming Subnets for Routers 11-5

xCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Viewing and Editing the Router Interfaces 11-5Changeable Router Interface Attributes 11-5Bundling Interfaces 11-5

C H A P T E R 12 Managing Owners and Regions 12-1

Managing Owners 12-1

Managing Regions 12-2

Centrally Managing Owners and Regions 12-2Pushing and Pulling Owners or Regions 12-3

Pushing Owners or Regions to Local Clusters 12-3Pulling Owners and Regions from the Replica Database 12-3

C H A P T E R 13 Managing Reports 13-1

ARIN Reports and Allocation Reports 13-1

Managing ARIN Reports 13-1Managing Point of Contact and Organization Reports 13-2

Creating a Point of Contact Report 13-2Registering a Point of Contact 13-3Editing a Point of Contact Report 13-3Creating an Organization Report 13-4Registering an Organization 13-4Editing an Organization Report 13-5

Managing IPv4 Address Space Utilization Reports 13-5Managing Shared WHOIS Project Allocation and Assignment Reports 13-6

P A R T 4 Domain and Zone Administration

C H A P T E R 14 Introduction to the Domain Name System 14-1

How DNS Works 14-1

Domains 14-2Learning ExampleCo Address 14-3Establishing a Domain 14-3Difference Between Domains and Zones 14-3

Nameservers 14-5

Reverse Nameservers 14-6

Authoritative and Caching DNS servers 14-7

High-Availability DNS 14-7

DNS Database 14-7

xiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

DNS Views 14-7

About EDNS 14-8

C H A P T E R 15 Managing Zones 15-1

Staged and Synchronous Modes 15-1

Creating and Applying Zone Templates 15-2

Managing Primary DNS Servers 15-4Configuring Primary Forward Zones 15-4

Creating Primary Zones 15-5Editing Primary Zones 15-7Confirming Zone Nameservers 15-8Synchronizing Zones 15-8Zone Commands 15-8Importing and Exporting Zone Data 15-9

Adding Primary Reverse Zones 15-11Adding Reverse Zones as Zones 15-11Adding Reverse Zones from Subnets 15-12

Getting Zone Counts on the Server 15-13

Managing Secondary Servers 15-13Adding Secondary Forward Zones 15-13Enabling Zone Transfers 15-14

Managing DNS ENUM Domain 15-15Managing DNS ENUM Defaults 15-15Adding DNS ENUM Domains 15-16Adding DNS ENUM Numbers 15-17Pulling and Pushing ENUM Domains 15-17

Pushing ENUM Domains to Local Clusters 15-18Pulling ENUM Domains from the Replica Database 15-18

Pulling and Pushing ENUM Numbers 15-18Pushing ENUM Numbers to Local Clusters 15-19Pulling ENUM Numbers from the Replica Database 15-19

Adding Subzones 15-19Choosing Subzone Names and Servers 15-20Creating and Delegating Subzones 15-20Undelegating Subzones 15-21Editing Subzone Delegation 15-22

Enabling DNS Updates 15-22

Managing Zone Distributions 15-23Preparing the Zone Distribution Map 15-23

xiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Creating a Zone Distribution 15-25Pulling Zone Distributions from Replica Data 15-27

C H A P T E R 16 Configuring DNS Views 16-1

DNS Views Processing 16-1

Key Points to Remember When you Work on DNS Views 16-1

Managing DNS Views 16-2Reorder DNS Views 16-2

Synchronizing DNS Views 16-3

Pushing and Pulling DNS Views 16-3Pushing DNS Views to Local Clusters 16-3

Pulling DNS Views from Local Clusters 16-4

C H A P T E R 17 Managing Resource Records 17-1

Managing Resource Records 17-1Adding Resource Records 17-2Protecting Resource Record Sets 17-3Editing Resource Records 17-4Removing Resource Records 17-4Listing Records 17-5Searching Server-Wide for Records and Addresses 17-5Filtering Records 17-7Using Service Location (SRV) Records 17-7Using NAPTR Records 17-8

Managing Hosts in Zones 17-9

C H A P T E R 18 Managing Authoritative DNS Server Properties 18-1

Managing DNS Authoritative Servers 18-1Running DNS Authoritative Server Commands 18-1Configuring DNS Server Network Interfaces 18-2

Setting DNS Server Properties 18-2Setting General DNS Server Properties 18-3Specifying Delegation-Only Zones 18-3Enabling Round-Robin 18-4Enabling Subnet Sorting 18-4Enabling Incremental Zone Transfers (IXFR) 18-5Restricting Zone Queries 18-5Enabling NOTIFY 18-5

xiiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Setting Advanced Authoritative DNS Server Properties 18-6Setting SOA Time to Live 18-6Setting Secondary Refresh Times 18-7Setting Secondary Retry Times 18-7Setting Secondary Expiration Times 18-8Setting Local and External Port Numbers 18-8Handling Malicious DNS Clients 18-8Tuning DNS Properties 18-9

Troubleshooting DNS Servers 18-9

C H A P T E R 19 Managing Caching DNS Server Properties 19-1

Managing DNS Caching Servers 19-1Running DNS Caching Server Commands 19-1Configuring CDNS Server Network Interfaces 19-2

Defining Forwarders 19-2

Using Exceptions 19-3

Managing DNS64 19-4

Managing DNSSEC 19-5

Setting DNS Caching Server Properties 19-5Setting General CDNS Server Properties 19-6Specifying Log Settings 19-6Specifying Activity Summary Settings 19-7Specifying Caching Settings 19-7Setting Cache TTLs 19-7Defining Root Nameservers 19-8Dynamic Allocation of UDP Ports 19-8

Setting Advanced Caching DNS Server Properties 19-9Setting Maximum Memory Cache Sizes 19-9Specifying Network Settings 19-10Flushing CDNS Cache 19-10Detecting and Preventing DNS Cache Poisoning 19-11

DNS Cache Poisoning Attacks 19-11Handling DNS Cache Poisoning Attacks 19-11

Handling Unresponsive Nameservers 19-12

Caching DNS Domain Redirect 19-12

C H A P T E R 20 Configuring High-Availability DNS Servers 20-1

HA DNS Processing 20-1

xivCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Configuring an HA DNS Server Pair from Main Server 20-3

DNS Server Configuration for HA DNS 20-4

Synchronizing HA DNS Zones 20-5

HA DNS Configuration Synchronization 20-5Initial Setup Considerations 20-6Migration Procedure 20-6

Pre-install Cisco Prime Network Registrar on the HA DNS backup server 20-6Pre-migration Steps for HA DNS Main Server 20-6Restart Cisco Prime Network Registrar on the HA DNS Main Server 20-7Copy Cisco Prime Network Registrar Database Files to HA DNS Backup Server 20-7Reconfigure Cisco Prime Network Registrar on the HA DNS Backup Server 20-8Configure Cisco Prime Network Registrar HA DNS on the HA DNS Main Server 20-8Reload the DNS Servers 20-9

HA DNS Statistics 20-9

P A R T 5 Dynamic Host Administration

C H A P T E R 21 Introduction to Dynamic Host Configuration 21-1

How DHCP Works 21-1Sample DHCP User 21-2Typical DHCP Administration 21-2Leases 21-3Scopes and Policies 21-3

Cisco Prime Network Registrar DHCP Implementations 21-4DHCP and IPv6 21-4Virtual Private Networks 21-5Subnet Allocation and DHCP Address Blocks 21-5

DNS Update 21-6Effect on DNS of Obtaining Leases 21-7Effect on DNS of Releasing Leases 21-7Effect on DNS of Reacquiring Leases 21-8

DHCP Failover 21-8Allocating Addresses Through Failover 21-8

Client-Classes 21-9DHCP Processing Without Client-Classes 21-10DHCP Processing with Client-Classes 21-11Defining Scopes for Client-Classes 21-11Choosing Networks and Scopes 21-12

xvCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

C H A P T E R 22 Configuring Scopes and Networks 22-1

Configuring DHCP Servers 22-1General Configuration Guidelines 22-1Configuring DHCP Server Interfaces 22-2

Defining and Configuring Scopes 22-3Creating and Applying Scope Templates 22-3

Using Expressions in Scope Templates 22-4Additional Scope Template Attributes 22-8Editing Scope Templates 22-8Applying Scope Templates to Scopes 22-8Additional Scope Template Attributes 22-8Editing Scope Templates 22-8Applying Scope Templates to Scopes 22-8Cloning a Scope Template 22-9

Creating Scopes 22-9Getting Scope Counts on the Server 22-11Configuring Multiple Scopes 22-11

Configuring Multiple Scopes for Round-Robin Address Allocation 22-12Configuring Multiple Scopes Using Allocation Priority 22-12

Editing Scopes 22-17Staged and Synchronous Mode 22-18Configuring Embedded Policies for Scopes 22-18Configuring Multiple Subnets on a Network 22-19Enabling and Disabling BOOTP for Scopes 22-20Disabling DHCP for Scopes 22-20Deactivating Scopes 22-21Setting Scopes to Renew-Only 22-21Setting Free Address SNMP Traps on Scopes 22-21Removing Scopes 22-22

Removing Scopes if Not Reusing Addresses 22-23Removing Scopes if Reusing Addresses 22-23

Managing DHCP Networks 22-23Listing Networks 22-24Editing Networks 22-24

C H A P T E R 23 Configuring Policies and Options 23-1

Configuring DHCP Policies 23-1Types of Policies 23-1Policy Hierarchy 23-3

xviCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Creating and Applying DHCP Policies 23-3Cloning a Policy 23-5Setting DHCP Options and Attributes for Policies 23-5

Adding Option Values 23-6Adding Complex Values for Suboptions 23-7

Creating and Editing Embedded Policies 23-7

Creating DHCP Option Definition Sets and Option Definitions 23-8Using Standard Option Definition Sets 23-8Creating Custom Option Definitions 23-10Creating Vendor-Specific Option Definitions 23-10Option Definition Data Types and Repeat Counts 23-15Adding Suboption Definitions 23-16Importing and Exporting Option Definition Sets 23-17Pushing Option Definition Sets to Local Clusters 23-17Pulling Option Definition Sets from Replica Data 23-18Setting Option Values for Policies 23-18

C H A P T E R 24 Managing Leases 24-1

Configuring Leases in Scopes 24-1Viewing Leases 24-2Lease States 24-2Guidelines for Lease Times 24-3

Restricting Lease Dates 24-4Importing and Exporting Lease Data 24-5Pinging Hosts Before Offering Addresses 24-7Deactivating Leases 24-7Excluding Leases from Ranges 24-8

Searching Server-Wide for Leases 24-9

Using Client Reservations 24-11Differences Between Client Reservations And Lease Reservations 24-14

Creating Lease Reservations 24-14DHCPv4 Reservations 24-14

Setting Advanced Lease and Reservation Properties 24-15Reserving Currently Leased Addresses 24-16Unreserving Leases 24-17Extending Reservations to Non-MAC Addresses 24-18Forcing Lease Availability 24-19Inhibiting Lease Renewals 24-20Handling Leases Marked as Unavailable 24-21

xviiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Setting Timeouts for Unavailable Leases 24-21

Running Address and Lease Reports 24-22Running Address Usage Reports 24-22Running IP Lease Histories 24-22

Enabling Lease History Recording at the Local Cluster 24-23Querying IP Lease History 24-24Trimming Lease History Data 24-27

Running Lease Utilization Reports 24-28Receiving Lease Notification 24-28

Running Lease Notification Automatically in Solaris and Linux 24-29Running Lease Notification Automatically in Windows 24-30Specifying Configuration Files for Lease Notification 24-30

Querying Leases 24-30Leasequery Implementations 24-31Pre-RFC Leasequery for DHCPv4 24-31RFC 4388 Leasequery for DHCPv4 24-32Leasequery for DHCPv6 24-33Leasequery Statistics 24-34Leasequery Example 24-35

Dynamic Lease Notification 24-37Using Dynamic Lease Notification 24-37

Sample Lease Notification Client 24-38Requirements for Sample Java Client 24-39DHCP Listener Configuration 24-41

Lease History Database Compression Utility 24-42General Comments on Running cnr_leasehist_compress 24-43Running Compression on Solaris and Linux 24-44Running Compression on Windows 24-46

Moving Leases Between Servers 24-48

C H A P T E R 25 Advanced DHCP Server Properties 25-1

Configuring BOOTP 25-1About BOOTP 25-2Enabling BOOTP for Scopes 25-2Moving or Decommissioning BOOTP Clients 25-3Using Dynamic BOOTP 25-3BOOTP Relay 25-3

Defining Advanced Server Attributes 25-4Setting Advanced DHCP Server Attributes 25-4

xviiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Deferring Lease Extensions 25-8

Integrating Windows System Management Servers 25-9

Using Extensions to Affect DHCP Server Behavior 25-10Writing Extensions 25-11Preventing Chatty Clients by Using an Extension 25-13

Tuning the DHCP Server 25-15

Configuring Virtual Private Networks and Subnet Allocation 25-17Configuring Virtual Private Networks Using DHCP 25-18

Typical Virtual Private Networks 25-18Creating and Editing Virtual Private Networks 25-19VPN Usage 25-21

Configuring DHCP Subnet Allocation 25-22VPN and Subnet Allocation Tuning Parameters 25-24

Setting DHCP Forwarding 25-24

C H A P T E R 26 Configuring Client-Classes and Clients 26-1

Configuring Client-Classes 26-1Client-Class Process 26-2Defining Client-Classes 26-2Setting Selection Tags on Scopes and Prefixes 26-4Defining Client-Class Hostname Properties 26-5Editing Client-Classes and Their Embedded Policies 26-5Processing Client Data Including External Sources 26-6

Processing Order to Determine Client-Classes 26-7Processing Order to Determine Selection Tags 26-7

Troubleshooting Client-Classes 26-8

Configuring Clients 26-9Editing Clients and Their Embedded Policies 26-10Setting Windows Client Properties 26-11Allocating Provisional Addresses 26-12Skipping Client Entries for Client-Classing 26-13Limiting Client Authentication 26-13Setting Client Caching Parameters 26-13

Subscriber Limitation Using Option 82 26-14General Approach to Subscriber Limitation 26-15Typical Limitation Scenario 26-15Calculating Client-Classes and Creating Keys 26-15Client-Class Lookup Expression Processing 26-16Limitation Processing 26-16

xixCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Expression Processing for Subscriber Limitation 26-16Configuring Option 82 Limitation 26-17Lease Renewal Processing for Option 82 Limitation 26-17Administering Option 82 Limitation 26-18Troubleshooting Option 82 Limitation 26-18Expression Examples 26-19

Configuring Cisco Prime Network Registrar to Use LDAP 26-19About LDAP Directory Servers 26-19Adding and Editing LDAP Remote Servers 26-19Configuring DHCP Client Queries in LDAP 26-20Configuring DHCP LDAP Update and Create Services 26-23

Lease State Attributes 26-24Configuring DHCP to Write Lease States to LDAP 26-25Using LDAP Updates 26-26Configuring LDAP State Updates 26-26Configuring LDAP Entry Creation 26-28

Troubleshooting LDAP 26-29LDAP Connection Optimization 26-29Recommended Values for LDAP 26-30

C H A P T E R 27 Using Expressions 27-1

Using Expressions 27-1

Entering Expressions 27-2

Creating Expressions 27-3Expression Syntax 27-4Expression Datatypes 27-4Literals in Expressions 27-5Expressions Return Typed Values 27-5Expressions Can Fail 27-6Expression Functions 27-6Datatype Conversions 27-21Expressions in the CLI 27-22

Expression Examples 27-22Limitation Example 1: DOCSIS Cable Modem 27-23Limitation Example 2: Extended DOCSIS Cable Modem 27-24Limitation Example 3: DSL over Asynchronous Transfer Mode 27-24

Debugging Expressions 27-26

xxCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

C H A P T E R 28 Managing DHCPv6 Addresses 28-1

DHCPv6 Concepts 28-2IPv6 Addressing 28-2Links and Prefixes 28-2

Determining Links and Prefixes 28-3Generating Addresses 28-4Generating Delegated Prefixes 28-5Prefix Stability 28-5Prefix Allocation Groups 28-6

DHCPv6 Clients and Leases 28-7DHCPv6 Bindings 28-8Lease Affinity 28-8IPv6 Lease States 28-8Lease Life Cycle 28-9DHCPv6 Lease Reservations 28-10DHCPv6 Client Reservations 28-12Searching for Leases 28-12Querying Leases for DHCPv6 28-12

DHCPv6 Policy Hierarchy 28-12DHCPv6 Options 28-13

DHCPv6 Configuration 28-13Viewing IPv6 Address Space 28-14Configuring Links 28-14

Creating and Editing Link Templates 28-14Creating and Editing Links 28-18

Configuring Prefixes 28-20Creating and Editing Prefix Templates 28-20Creating and Editing Prefixes 28-25Viewing IPv6 Leases 28-29Viewing Address Utilization for Prefixes 28-30

Viewing DHCPv6 Networks 28-32Editing DHCPv6 Server Attributes 28-32Configuring DHCPv6 Policies 28-33Configuring DHCPv6 Client-Classes 28-34Configuring DHCPv6 Clients 28-34Setting DHCPv6 Options 28-35Reconfigure Support 28-35

DNS Update for DHCPv6 28-36

xxiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

C H A P T E R 29 Managing DHCP Failover 29-1

How DHCP Failover Works 29-1

DHCP Simple Failover 29-2

DHCPv6 Failover 29-3

Setting Up Failover Server Pairs 29-3Adding Failover Pairs 29-4Synchronizing Failover Pairs 29-5Failover Checklist 29-8

Configuring Failover Parameters Based on Your Scenario 29-8Setting Backup Percentages 29-9Setting the Maximum Client Lead Time 29-10Using the Failover Safe Period to Move Servers into PARTNER-DOWN State 29-11Setting DHCP Request and Response Packet Buffers 29-13Setting Load Balancing 29-13

Configuring Load Balancing 29-14

Recovering from a DHCP Failover 29-14Confirming Failover 29-14Monitoring DHCP Failover 29-15Failover States and Transitions 29-15State Transitions During Integration 29-17

Setting Advanced Failover Attributes 29-19Setting Backup Allocation Boundaries 29-20DHCPLEASEQUERY and Failover 29-20

Maintaining Failover Server Pair 29-20Changing Failover Pair Server Addresses 29-20Restarting the Failover Servers 29-21

Recovering Failover Configuration 29-21

Restoring a Standalone DHCP Failover Server - Tutorial 29-21Background 29-22Repair Procedure 29-23Reversing the Failover Role on Backup Server 29-23Starting with Server A Powered Off 29-24Starting with Server A Powered On and DHCP Server Stopped 29-24Starting with Server A Replaced 29-25Transferring Current Lease State to Server A 29-26Repairing Partners to Their Original Roles 29-26

Changing Failover Server Roles 29-27Establishing Failover Using Standalone Server as Main 29-27

xxiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Replacing Servers Having Defective Storage 29-28Removing Backup Servers and Halting Failover Operation 29-29Adding Main Servers to Existing Backup Servers 29-29Configuring Failover on Multiple Interface Hosts 29-29

Troubleshooting Failover 29-29Monitoring Failover Operations 29-30Detecting and Handling Network Failures 29-30

Supporting BOOTP Clients in Failover 29-31Static BOOTP 29-31Dynamic BOOTP 29-31Configuring BOOTP Relays 29-32BOOTP Backup Percentage 29-32

C H A P T E R 30 Configuring DNS Update 30-1

DNS Update Process 30-1

Special DNS Update Considerations 30-2

DNS Update for DHCPv6 30-2DHCPv6 Upgrade Considerations 30-3Generating Synthetic Names in DHCPv4 and DHCPv6 30-3Determining Reverse Zones for DNS Updates 30-4Using the Client FQDN 30-4

Creating DNS Update Configurations 30-5

Creating DNS Update Maps 30-7

Configuring Access Control Lists and Transaction Security 30-8Access Control Lists 30-9Configuring Zones for Access Control Lists 30-10Transaction Security 30-10

Creating TSIG Keys 30-10Generating Keys 30-11Considerations for Managing Keys 30-12Adding Supporting TSIG Attributes 30-12

Configuring DNS Update Policies 30-12Compatibility with Cisco Network Registrar Releases 30-13Creating and Editing Update Policies 30-13Defining and Applying Rules for Update Policies 30-13

Defining Rules for Named Update Policies 30-14Applying Update Policies to Zones 30-15

Confirming Dynamic Records 30-16

xxiiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Scavenging Dynamic Records 30-16

Troubleshooting DNS Update 30-18

Transitioning to DHCID RR for DHCPv4 30-19

Configuring DNS Update for Windows Clients 30-20Client DNS Updates 30-20Dual Zone Updates for Windows Clients 30-22DNS Update Settings in Windows Clients 30-23Windows Client Settings in DHCP Servers 30-23SRV Records and DNS Updates 30-24Issues Related to Windows Environments 30-25Frequently Asked Questions About Windows Integration 30-29

C H A P T E R 31 Using Extension Points 31-1

Using Extensions 31-1Creating, Editing, and Attaching Extensions 31-2Determining Tasks 31-3Deciding on Approaches 31-3Choosing Extension Languages 31-4

Language-Independent API 31-4Routine Signature 31-4Dictionaries 31-5Utility Methods in Dictionaries 31-5Configuration Errors 31-5Communicating with External Servers 31-6Recognizing Extensions 31-6Multiple Extension Considerations 31-6

Tcl Extensions 31-7Tcl Application Program Interface 31-7Dealing with Tcl errors 31-8Handling Boolean Variables in Tcl 31-8Configuring Tcl Extensions 31-8Init-Entry Extension Point in Tcl 31-9

C/C++ Extensions 31-9C/C++ API 31-9Using Types in C/C++ 31-10Building C/C++ Extensions 31-10Using Thread-Safe Extensions in C/C++ 31-10Configuring C/C++ Extensions 31-11Debugging C/C++ Extensions 31-11

xxivCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

Pointers into DHCP Server Memory in C/C++ 31-11Init-Entry Entry Point in C/C++ 31-12

DHCP Request Processing Using Extensions 31-12Enabling DHCPv6 Extensions 31-14Receiving Packets 31-14Decoding Packets 31-14Determining Client-Classes 31-15Modifying Client-Classes 31-15Processing Client-Classes 31-15Building Response Containers 31-16Determining Networks and Links 31-16Finding Leases 31-16Serializing Lease Requests 31-17Determining Lease Acceptability 31-17DHCPv6 Leasing 31-19

DHCPv6 Prefix Usability 31-19DHCPv6 Lease Usability 31-19DHCPv6 Lease Allocation 31-20

Gathering Response Packet Data 31-20Encoding Response Packets 31-21Updating Stable Storage 31-21Sending Packets 31-21Processing DNS Requests 31-21Tracing Lease State Changes 31-22Controlling Active Leasequery Notifications 31-22

Extension Dictionaries 31-23Environment Dictionary 31-24

General Environment Dictionary Data Items 31-25Initial Environment Dictionary 31-26

Request and Response Dictionaries 31-26Decoded DHCP Packet Data Items 31-27Using Parameter List Option 31-28

Extension Point Descriptions 31-28init-entry 31-29pre-packet-decode 31-30post-packet-decode 31-31

Extension Description 31-31Overriding Client Identifiers 31-31

post-class-lookup 31-32

xxvCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

pre-client-lookup 31-32Environment Dictionary for pre-client-lookup 31-33

post-client-lookup 31-34Environment Dictionary for post-client-lookup 31-35

generate-lease 31-35check-lease-acceptable 31-37lease-state-change 31-37

Environment Dictionary for lease-state-change 31-38pre-packet-encode 31-38post-packet-encode 31-38pre-dns-add-forward 31-39post-send-packet 31-39environment-destructor 31-39

P A R T 6 Virtual Appliance

C H A P T E R 32 Introduction to Cisco Prime Network Registrar Virtual Appliance 32-1

How the Cisco Prime Network Registrar Virtual Appliance Works 32-1How to Download the Cisco Prime Network Registrar Virtual Appliance 32-2

Monitoring Disk Space Availability 32-2

Increasing the Size of Disk 32-3

Troubleshooting 32-3

C H A P T E R 33 Managing the Cisco Prime Network Registrar Virtual Appliance 33-1

Invoking the Cisco Prime Network Registrar Virtual Appliance 33-1

Modifying Virtual Appliance Configuration 33-2Setting the Time Zone 33-2Viewing Network Status 33-2Modifying Network Address Settings 33-2Configuring Proxy Server 33-3

Accessing Cisco Prime Network Registrar Application 33-3

Configurations and Restrictions 33-3

P A R T 7 Appendices

xxviCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

A P P E N D I X A Resource Records A-1

A P P E N D I X B DHCP Options B-1

Option Descriptions B-1RFC 1497 Vendor Extensions B-1IP Layer Parameters Per Host B-3IP Layer Parameters Per Interface B-4Link Layer Parameters Per Interface B-4TCP Parameters B-5Application and Service Parameters B-5DHCPv4 Extension Options B-8Microsoft Client Options B-10DHCPv6 Options B-11

Option Tables B-15Options by Number B-15Options by Cisco Prime Network Registrar Name B-20Option Validation Types B-26

A P P E N D I X C DHCP Extension Dictionary C-1

Extension Dictionary Entries C-1Decoded DHCP Packet Data Items C-1Request Dictionary C-10Response Dictionary C-16

Extension Dictionary API C-26Tcl Attribute Dictionary API C-26

Tcl Request and Response Dictionary Methods C-27Tcl Environment Dictionary Methods C-29

DEX Attribute Dictionary API C-30DEX Request and Response Dictionary Methods C-31DEX Environment Dictionary Methods C-39

Handling Objects and Options C-40Using Object and Option Handling Methods C-40Options and Suboptions in C/C++ C-41

Examples of Option and Object Method Calls C-42Handling Vendor Class Option Data C-42Handling Object Data C-42

G L O S S A R Y

I N D E X

xxviiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Contents

xxviiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Preface

This guide describes configuring Cisco Prime Network Registrar by using the web-based user interface (web UI) and command line interface (CLI).

Who Should Read This GuideThis guide is designed for network managers who are responsible for maintaining the network Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP), and Simple Network Management Protocol (SNMP) servers. The network manager should be familiar with the following topics:

Basic concepts and terminology used in internetworking

Network topology and protocols

How This Guide Is OrganizedThis guide describes how to become familiar with Cisco Prime Network Registrar features so that you can use them to administer network addresses. The parts of this guide are described in the following subsections.

Part 1Getting StartedPart 1 introduces Cisco Prime Network Registrar, describes the management and protocol components, and describes the user interfaces. This part includes the following chapters:

Chapter 1 Cisco Prime Network Registrar Components

Introduces Cisco Prime Network Registrar, its deployment scenarios, and some deployment guidelines.

Chapter 2 Cisco Prime Network Registrar User Interfaces

Describes the Cisco Prime Network Registrar management and protocol components.

xxixCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Part 2Local and Regional AdministrationPart 2 describes how to configure administrators, manage the central configuration, and maintain the servers and databases (including backup and recovery). This part includes the following chapters:

Part 3Address ManagementPart 3 describes how to manage the IP address space and its hierarchy, hosts, Router Interface Configuration (RIC) servers, owners and regions, and reports. This part includes the following chapters:

Chapter 3 Server Status Dashboard Describes the Cisco Prime Network Registrar server status dashboard features and functions.

Chapter 4 Deploying Cisco Prime Network Registrar

Describes the Cisco Prime Network Registrar local and regional web UIs and CLIs.

Chapter 5 Configuring Administrators Describes how to configure the local and regional administrators, and provides administration tutorials. It also describes how to manage tenants.

Chapter 6 Managing the Central Configuration

Describes how to manage the central network configuration from the regional cluster.

Chapter 7 Maintaining Servers and Databases

Describes how to maintain the Cisco Prime Network Registrar servers.

Chapter 8 Backup and Recovery Describes how to back up or recover the databases.

Chapter 9 Managing Address Space Describes how to manage address space elements known as address blocks and subnets.

Chapter 10 Managing Hosts Describes how to manage network hosts.

Chapter 11 Managing Router Interface Configurations

Describes how to manage the RIC server.

Chapter 12 Managing Owners and Regions

Describes how to manage network owners and regions.

Chapter 13 Managing Reports Describes how to manage American Registry of Internet Numbers (ARIN) and address allocation reports.

xxxCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Part 4Domain and Zone AdministrationPart 4 describes how to configure DNS servers, zones, resource records, server attributes, and High Availability (HA) servers. This part includes the following chapters:

Part 5Dynamic Host AdministrationPart 5 describes DHCP and how to configure scopes and leases and their several deployments, IPv6 addresses, clients and client-classes, failover, DNS Update, and special processing using extensions. This part includes the following chapters:

Chapter 14 Introduction to the Domain Name System

Introduces the Domain Name System (DNS) protocol and its Cisco Prime Network Registrar implementation.

Chapter 15 Managing Zones Describes how to manage DNS zones.

Chapter 17 Managing Resource Records Describes how to manage DNS resource records (RRs).

Chapter 18 Managing Authoritative DNS Server Properties

Describes how to set advanced Authoritative DNS server properties.

Chapter 19 Managing Caching DNS Server Properties

Describes how to set more advanced Caching DNS server properties.

Chapter 20 Configuring High-Availability DNS Servers

Describes how to configure a High Availability (HA) DNS server.

Chapter 21 Introduction to Dynamic Host Configuration

Introduces DHCP and its Cisco Prime Network Registrar implementation.

Chapter 22 Configuring Scopes and Networks

Describes how to configure scopes and networks.

Chapter 23 Configuring Policies and Options

Describes how to configure policies and options.

Chapter 24 Managing Leases Describes how to manage leases.

Chapter 26 Configuring Client-Classes and Clients

Describes how to configure DHCP clients and client-classes.

Chapter 27 Using Expressions Describes how to use expressions for DHCP processing.

Chapter 28 Managing DHCPv6 Addresses

Describes how to manage the DHCPv6 address space.

Chapter 29 Managing DHCP Failover Describes how to configure DHCP failover servers.

xxxiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Part 6Virtual AppliancePart 6 describes virtual appliance and how to configure and mange Cisco Prime Network Registrar virtual appliance. This part includes the following chapters:

Part 7Appendixes, Glossary, and IndexPart 7 includes appendixes that describe DNS RRs, DHCP options, and the DHCP extension dictionary. This part also includes a glossary and an index.

Document ConventionsThis guide uses the following documentation conventions.

FormattingThis guide uses the following formatting conventions:

User input and controls are indicated in bold; for example, enter 1234 and click Modify Scope.

Object attributes are indicated in italics; for example, the failover-safe-period attribute.

Chapter 25 Advanced DHCP Server Properties

Describes how to manage the more advanced DHCP server properties.

Chapter 30 Configuring DNS Update Describes how to configure DNS Update for DHCP.

Chapter 31 Using Extension Points Describes how to use extensions for DHCP processing.

Chapter 32 Introduction to Cisco Prime Network Registrar Virtual Appliance

Introduces virtual appliance and its Cisco Prime Network Registrar implementation.

Chapter 33 Managing the Cisco Prime Network Registrar Virtual Appliance

Describes how to manage the Cisco Prime Network Registrar virtual appliance.

Appendix A Resource Records Describes the DNS RRs.

Appendix B DHCP Options Describes the DHCP options.

Appendix C DHCP Extension Dictionary Describes the DHCP extension dictionary.

Glossary Glossary Glossary of terms used in Cisco Prime Network Registrar.

Index Index Index to the guide.

xxxiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

Cross-references to chapters or sections of chapters are indicated in blue type; for example, see the Document Conventions section on page xxxii.

Navigation and ScreensThis guide uses the following navigation and screen display conventions:

Windows systems use a two-button mouse. To drag and drop an object, click and hold the left mouse button on the object, drag the object to the target location, then release the button.

Solaris systems use a three-button mouse. To drag and drop an object, click and hold the middle mouse button on the object, drag the object to the target location, then release the button.

Screen displays can differ slightly from those included in this guide, depending on the system or browser you use.

Web UI Navigation bar labels can have IPv4 and IPv6 variants depending on the administrator role privileges assigned. To simplify procedural instructions, this User Guide uses the most generic versions of the menu bar labels, unless there is a need to be more specific. For example, the Address Space menu label might be rendered as IP v4 and IP v6. The instructions will have the label simply as Address Space.

CalloutsCallouts in the text have the following meaning:

Caution Be careful. The description alerts you to potential data damage or loss.

Note Take note. The description is particularly noteworthy.

Timesaver Save time. The description can present a timesaver.

Tip Consider this helpful hint. The description can present an optimum action to take.

Product Documentation

Note We sometimes update the electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

You can view the marketing and user documents for Cisco Prime Network Registrar at: http://www.cisco.com/en/US/products/ps11808/tsd_products_support_series_home.html

xxxiiiCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

http://www.cisco.com/en/US/products/ps11808/tsd_products_support_series_home.html

The following document gives you the list of user documents for Cisco Prime Network Registrar 8.1: http://preview.cisco.com/en/US/docs/net_mgmt/prime/network_registrar/8.1/doc_overview/guide/CPNR_8_1_Doc_Guide.html

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see Whats New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to Whats New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

xxxivCisco Prime Network Registrar 8.2 User Guide

OL-29410-01

http://www.cisco.com/en/US/docs/net_mgmt/prime/network_registrar/8.1/doc_overview/guide/CPNR_8_1_Doc_Guide.htmlhttp://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

P A R T 1

Getting Started

OL-29410-01

C H A P T E R 1

Cisco Prime Network Registrar Components

Cisco Prime Network Registrar provides the tools to configure and control the servers necessary to manage your IP address space. This chapter provides an overview of the management components and concentrates on the Trivial File Transfer Protocol (TFTP) and Simple Network Management Protocol (SNMP), which are not covered in subsequent parts of this User Guide.

Management ComponentsCisco Prime Network Registrar contains two management components:

Regional component, consisting of:

Web-based user interface (web UI)

Command line interface (CLI)

Central Configuration Management (CCM)

Local component, consisting of:

Web UI

CLI

CCM server

Authoritative Domain Name System (DNS) server

Caching / Recursive Domain Name System (CDNS) server

Dynamic Host Configuration Protocol (DHCP) server

Trivial File Transport Protocol (TFTP) server

Simple Network Management Protocol (SNMP) server

Router Interface Configuration (RIC) server

Management of local address space, zones, scopes, DHCPv6 prefixes and links, and users

Note We do not recommend configuring both DNS and Caching DNS services in one server.

License management is done from the regional cluster when Cisco Prime Network Registrar is installed. You must install the regional server first and load all licenses in the regional server. When you install the local cluster, it registers with regional to obtain its license.

1-1Cisco Prime Network Registrar 8.2 User Guide

Chapter 1 Cisco Prime Network Registrar ComponentsTrivial File Transfer

The regional CCM server provides central management of local clusters, with an aggregated view of DHCP address space and DNS zones. It provides management of the distributed address space, zones, scopes, DHCPv6 prefixes and links, and users.

The local CCM server provides management of the local address space, zones, scopes, DHCPv6 prefixes and links, and users.

The remainder of this chapter describes the TFTP and SNMP protocols. The CCM server, web UIs, and CLI are described in Chapter 2, Cisco Prime Network Registrar User Interfaces. The DNS, CDNS, DHCP, and RIC servers are described in their respective sections of this guide.

Trivial File TransferThe Trivial File Transfer Protocol (TFTP) is a way of transferring files across the network using the User Datagram Protocol (UDP), a connectionless transport layer protocol. Cisco Prime Network Registrar maintains a TFTP server so that systems can provide device provisioning files to cable modems that comply with the Data Over Cable Service Interface Specification (DOCSIS) standard. The TFTP server buffers the DOCSIS file in its local memory as it sends the file to the modem. After a TFTP transfer, the server flushes the file from local memory. TFTP also supports non-DOCSIS configuration files.

Here are some of the features of the Cisco Prime Network Registrar TFTP server:

Complies with RFCs 1123, 1350, 1782, and 1783

Includes a high performance multithreaded architecture

Supports IPv6

Caches data for performance enhancements

Is configurable and controllable in the web UI and using the tftp command in the CLI

Includes flexible path and file access controls

Includes audit logging of TFTP connections and file transfers

Has a default root directory in the Cisco Prime Network Registrar install-path/data/tftp

Related Topics

Viewing and Editing the TFTP Server, page 1-2Managing the TFTP Server Network Interfaces, page 1-3

Viewing and Editing the TFTP ServerAt the local cluster, you can edit the TFTP server to modify its attributes. You must be assigned the server-management subrole of the ccm-admin role.

Local Basic or Advanced Web UI

Step 1 From the Operate menu, choose Manage Servers under the Servers submenu to open the Manage Servers page (see the Managing Servers section on page 7-1).

Step 2 Click the Local TFTP Server link in the left pane to open the Edit Local TFTP Server page.

You can click the name of any attribute to open a description window for the attribute.

Step 3 To unset any attribute value, check the check box in the Unset? column.


OL-29410-01

Chapter 1 Cisco Prime Network Registrar ComponentsSimple Network Management

Step 4 Click Save to save the changes or Revert to cancel the changes.

CLI Commands

Use tftp to show the attribute values. Use tftp set attribute=value or tftp enable attribute to set or enable attributes. You can also use tftp serverLogs show, and tftp serverLogs nlogs=number logsize=size.

Managing the TFTP Server Network InterfacesYou can manage the network interfaces for the TFTP server.

Local Advanced Web UI

Manage the network interfaces associated with the TFTP server by clicking the Network Interfaces tab for the selected Local TFTP Server in the Manage Servers page. You can view the default configured network interfaces, and create and edit additional ones. To create and edit them, you must be assigned the server-management subrole of the ccm-admin role.

The columns in the Network Interfaces page are:

NameName of the network interface, such as the LAN adapter, loopback, and Fast Ethernet interfaces. If the name is under the Configured Interfaces column, you can edit and delete the interface. Clicking the name opens the Edit TFTP Server Network Interface page so that you can edit the interface name and addresses. Make the changes and then click Save on this page.

IP AddressIP address of the network interface.

IPv6 AddressIPv6 address, if applicable, of the network interface.

FlagsFlags for whether the interface should be zero-broadcast, virtual, v4, v6, no-multicast, or receive-only.

ConfigureTo configure a new network interface, click the Configure icon next to the interface name. This creates another interface based on the one selected, but with a more general IP address, and adds this interface to the Configured Interfaces for this TFTP Server.

List of available interfaces for this TFTP serverUser-configured network interfaces, showing each name and associated address. Click the interface name to edit it or click the Delete icon to delete it.

To return to managing the server, click Revert.

CLI Commands

Use the tftp-interface commands.

Simple Network ManagementThe Cisco Prime Network Registrar Simple Network Management Protocol (SNMP) notification support allows you to query the DHCP and DNS counters, be warned of error conditions and possible problems with the DNS and DHCP servers, and monitor threshold conditions that can indicate failure or impending failure conditions.


OL-29410-01


Cisco Prime Network Registrar implements SNMP Trap Protocol Data Units (PDUs) according to the SNMPv2c standard. Each trap PDU contains:

Generic-notification code, if enterprise-specific.

A specific-notification field that contains a code indicating the event or threshold crossing that occurred.

A variable-bindings field that contains additional information about certain events.

Refer to the Management Information Base (MIB) for the details. The SNMP server supports only reads of the MIB attributes. Writes to the attributes are not supported.

The following MIB files are required:

TrapsCISCO-NETWORK-REGISTRAR-MIB.my

DNS serverCISCO-DNS-SERVER-MIB.my

Note The Caching DNS server requires only a subset of the DNS MIB when it is operating. Caching DNS server only supports the server-start and server-stop notification events.

DHCPv4 serverCISCO-IETF-DHCP-SERVER-MIB.my

DHCPv4 server capabilityCISCO-IETF-DHCP-SERVER-CAPABILITY.my

DHCPv4 server extensionsCISCO-IETF-DHCP-SERVER-EXT-MIB.my

DHCPv4 server extensions capabilityCISCO-IETF-DHCP-SERVER-EXT-CAPABILITY.my

DHCPv6 serverCISCO-NETREG-DHCPV6-MIB.my (experimental)

Note The MIB, CISCO-NETREG-DHCPV6-MIB is defined to support query of new DHCP v6 related statistics and new DHCP v6 traps.

These MIB files are available in the /misc directory of the Cisco Prime Network Registrar installation path.

The following URL includes all files except the experimental CISCO-NETREG-DHCPV6-MIB.my file:

ftp://ftp.cisco.com/pub/mibs/supportlists/cnr/cnr-supportlist.html

The following dependency files are also required:

Dependency for DHCPv4 and DHCPv6CISCO-SMI.my

Additional dependencies for DHCPv6INET-ADDRESS-MIB.my

These dependency files are available along with all the MIB files at the following URL:

ftp://ftp.cisco.com/pub/mibs/v2/

To get the object identifiers (OIDs) for the MIB attributes, go to the equivalently named .oid file at:

ftp://ftp.cisco.com/pub/mibs/oid/

Related Topics

Setting Up the SNMP Server, page 1-5How Notification Works, page 1-6Handling SNMP Notification Events, page 1-7Handling SNMP Queries, page 1-10


OL-29410-01

ftp://ftp.cisco.com/pub/mibs/supportlists/cnr/cnr-supportlist.htmlftp://ftp.cisco.com/pub/mibs/v2/ftp://ftp.cisco.com/pub/mibs/oid/


Setting Up the SNMP ServerTo perform queries to the SNMP server, you need to set up the server properties.


Step 1 From the Operate menu, choose Manage Servers under the Servers submenu to open the Manage Servers page (see the Managing Servers section on page 7-1).

Step 2 Click the Local SNMP Server link to open the Edit Local SNMP Server page.

Step 3 The Community string attribute is the password to access the server. (The community string is a read community string only.) The preset value is public.

Step 4 You can specify the Log Settings, Miscellaneous Options and Settings, and Advanced Options and Settings:

trap-source-addrOptional sender address to use for outgoing traps.

server-activeDetermines whether the SNMP server is active for queries. The default value is true. If set to false, the server will run, but is not accessible for queries and does not send out traps.

cache-ttlDetermines how long the SNMP caches responds to queries, default to 60 seconds.

Step 5 To manage the SNMP server interfaces in the Advanced mode, click the Network Interfaces tab. You can view the default configured network interfaces, and create and edit additional ones. To create and edit them, you must be assigned the server-management subrole of the ccm-admin role. The interface properties are similar to those for the TFTP server (see the Managing the TFTP Server Network Interfaces section on page 1-3).

Step 6 To manage trap recipients for the server:

a. Click the Trap Recipients tab.

b. Enter the name and IP address of a trap recipient (both are required).

c. Click Add Trap Recipient.

d. Repeat for each additional trap recipient.

e. To set the port, community string, and agent address for a trap recipient, click its name on the Trap Recipients tab to open the Edit Trap Recipient page, then set the values.

Step 7 Complete the SNMP server setup by clicking Save.

CLI Commands

To set the community string in the CLI so that you can access the SNMP server, use snmp set community=name. Use snmp set trap-source-addr to set the trap source address. Use snmp disable server-active to deactivate the SNMP server and snmp set cache-ttl=time to set the cache time-to-live.

To set trap recipients, use trap-recipient, in the following syntax to include the IP address:

nrcmd> trap-recipient name create ip-addr=ip-addr

You can also add the agent-address, community, and port-number values for the trap recipient.

Other SNMP-related commands include snmp disable server-active to prevent the server from running when started and the snmp-interface commands to configure the interfaces. The addr-trap command is described in the Handling SNMP Notification Events section on page 1-7.


OL-29410-01


How Notification WorksCisco Prime Network Registrar SNMP notification support allows a standard SNMP management station to receive notification messages from the DHCP and DNS servers. These messages contain the details of the event that triggered the SNMP trap.

Cisco Prime Network Registrar generates notifications in response to predetermined events that the application code detects and signals. Each event can also carry with it a particular set of parameters or current values. For example, the free-address-low-threshold event can occur in the scope with a value of 10% free. Other scopes and values are also possible for such an event, and each type of event can have different associated parameters.

Table 1-1 describes the events that can generate notifications.

Table 1-1 SNMP Notification Events

Event Notification

Address conflict with another DHCP server detected (address-conflict)

An address conflicts with another DHCP server.

DNS queue becomes full (dns-queue-size)

The DHCP server DNS queue fills and the DHCP server stops processing requests. (This is usually a rare internal condition.)

Duplicate IP address detected (duplicate-address and duplicate-address6)

A duplicate IPv4 or IPv6 address occurs.

Duplicate IPv6 prefix detected (duplicate-prefix6)

A duplicate IPv6 prefix occurs.

Failover configuration mismatch (failover-config-error)

A DHCP failover configuration does not match between partners.

Caching DNS forwarders not responding (forwarders-not-responding)

Forwarding servers stop responding to the Caching DNS server.

DNS forwarders responding (forwarders-responding)

Forwarding servers respond after having been unresponsive.

Free-address thresholds (free-address-low and free-address-high; or free-address6-low and free-address6-high)

The high trap when the number of free IPv4 or IPv6 addresses exceeds the high threshold; or a low trap when the number of free addresses falls below the low threshold after previously triggering the high trap.

High-availability (HA) DNS configuration mismatch (ha-dns-config-error)

An HA DNS configuration does not match between partners.

HA DNS partner not responding (ha-dns-partner-down)

An HA DNS partner stops responding to the DNS server.

HA DNS partner responding (ha-dns-partner-up)

An HA DNS partner responds after having been unresponsive.


OL-29410-01


Handling SNMP Notification EventsWhen Cisco Prime Network Registrar generates a notification, it transmits a single copy of the notification as an SNMP Trap PDU to each recipient. All events (and scopes or prefixes) share the list of recipients and other notification configuration data, and the server reads them when you initialize the notification.

You can set SNMP attributes in three ways:

For the DHCP server, which includes the traps to enable and the default free-address trap configuration if you are not specifically configuring traps for scopes or prefixes (or their templates).

On the scope or prefix (or its template) level by setting the free-address-config attribute.

For the DNS server, which includes a traps-enabled setting.

To use SNMP notifications, you must specify trap recipients that indicate where trap notifications should go. By default, all notifications are enabled, but you must explicitly define the recipients, otherwise no notifications can go out. The IP address you use is often localhost.

The DHCP server provides special trap configurations so that it can send notifications, especially about free addresses for DHCPv4 and DHCPv6. You can set the trap configuration name, mode, and percentages for the low threshold and high threshold. The mode determines how scopes aggregate their free-address levels.

DHCP v4 Notification

The DHCP v4 modes and thresholds are (see also the Handling Deactivated Scopes or Prefixes section on page 1-8):

scope modeCauses each scope to track its own free-address level independently (the default).

network modeCauses all scopes set with this trap configuration (through the scope or scope template free-address-config attribute) to aggregate their free-address levels if the scopes share the same primary-subnet.

selection-tags modeCauses scopes to aggregate their free-address levels if they share a primary subnet and have a matching list of selection tag values.

DNS masters not responding (masters-not-responding)

Master DNS servers stop responding to the DNS server.

DNS masters responding (masters-responding)

Master DNS servers respond after having been unresponsive.

Other server not responding (other-server-down)

A DHCP failover partner, or a DNS or LDAP server, stops responding to the DHCP server.

Other server responding (other-server-up)

DHCP failover partner, or a DNS or LDAP server, responds after having been unresponsive.

DNS secondary zones expire (secondary-zone-expired)

A DNS secondary server can no longer claim authority for zone data when responding to queries during a zone transfer.

Server start (server-start) The DHCP or DNS server is started or reinitialized.

Server stop (server-stop) The DHCP or DNS server is stopped.

Table 1-1 SNMP Notification Events (continued)

Event Notification


OL-29410-01


low-thresholdFree-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for scopes is the following calculation:

100 * available-nonreserved-leases total-configured-leases

high-thresholdFree-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

DHCP v6 Notification

The DHCP v6 modes and thresholds are (see also the Handling Deactivated Scopes or Prefixes section on page 1-8):

prefix modeCauses each prefix to track its own free-address level independently.

link modeCauses all prefixes configured for the link to aggregate their own free-address levels if all prefixes share the same link.

v6-selection-tags modeCauses prefixes to aggregate their free-address levels if they share a link and have a matching list of selection tag values.

low-thresholdFree-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for prefixes is the following calculation:

100 * max-leases - dynamic-leases max-leases

high-thresholdFree-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

Handling Deactivated Scopes or Prefixes

A deactivated scope or prefix never aggregates its counters with other scopes or prefixes. For example, if you configure a prefix with link or v6-selection-tags trap mode, and then deactivate the prefix, its counters disappear from the total count on the aggregation. Any changes to the leases on the deactivated prefix do not apply to the aggregate totals.

Therefore, to detect clients for deactivated scopes or prefixes, you must set the event mode to scope or prefix, and not to any of the aggregate modes (network, selection-tags, link, or v6-selection-tags).

The use case for setting traps on deactivated prefixes, for example, is network renumbering. In this case, you might want to monitor both the new prefixes (as an aggregate, ensuring that you have enough space for all the clients) and old prefixes to ensure that their leases are freed up. You would probably also want to set the high threshold on an old prefix to 90% or 95%, so that you get a trap fired when most of its addresses are free.


Access the SNMP attributes for the DHCP server by choosing Manage Servers from the Operate menu, then click Local DHCP Server in the left pane. You can view the SNMP attributes under SNMP (in Basic mode) or SNMP Settings (in Advanced mode) in the Edit DHCP Server page.

The four lease-enabled values (free-address6-low, free-address6-high, duplicate-address6, duplicate-prefix6) pertain to DHCPv6 only. Along with the traps to enable, you can specify the default free-address trap configuration by name, which affects all scopes and prefixes or links not explicitly configured.


OL-29410-01


To add a trap configuration, do the following:

Step 1 In Advanced mode, from the Deploy menu choose Traps under the DHCP submenu to access the DHCP trap configurations. The List/Add Trap Configurations page appears.

Step 2 Click the Add Traps icon in the left pane to open the Add AddrTrapConfig page.

Step 3 Enter the name, mode, and threshold percentages, then click Add AddrTrapConfig.

To edit a trap configuration, do the following:

Step 1 Click the desired trap name in the Traps pane to open the Edit Trap Configuration page

Step 2 Modify the name, mode, or threshold percentages.

Step 3 Click the on option for the enabled attribute to enable the trap configuration.

Step 4 Click Save for the changes to take effect.

To delete a trap configuration, select the trap in the Traps pane and click the Delete icon, then confirm or cancel the deletion.

Regional Basic or Advanced Web UI

In the regional web UI, you can add and edit trap configurations as in the local web UI. You can also pull replica trap configurations and push trap configurations to the local cluster on the List/Add Trap Configurations page.

Server Up/Down Traps

Every down trap must be followed by a corresponding up trap. However, this rule is not strictly applicable in the following scenarios:

1. If a failover partner or LDAP server or DNS server or HA DNS partner is down for a long time, down traps will be issued periodically. An up trap will be generated only when that server or partner returns to service.

2. If the DHCP or DNS server is reloaded or restarted, the prior state of the partner or related servers is not retained and duplicate down or up traps can result.

Note Other failover partner or LDAP server or DNS server or HA DNS partner up or down traps occur only to communicate with that partner or server, and therefore may not occur when the other partner or server goes down or returns to service.

CLI Commands

To set the trap values for the DHCP server at the local cluster, use dhcp set traps-enabled=value. You can also set the default-free-address-config attribute to the trap configuration. For example:

nrcmd> dhcp set traps-enabled=server-start,server-stop,free-address-low,free-address-high nrcmd> dhcp set default-free-address-config=v4-trap-config


OL-29410-01


Note If you do not define a default-free-address-config (or v6-default-free-address-config for IPv6), Cisco Prime Network Registrar creates an internal, unlisted trap configuration named default-aggregation-addr-trap-config. Because of this, avoid using that name for a trap configuration you create.

To define trap configurations for DHCPv4 and DHCPv6, use addr-trap name create followed by the attribute=value pairs for the settings. For example:

nrcmd> addr-trap v4-trap-conf create mode=scope low-threshold=25% high-threshold=30% nrcmd> addr-trap v6-trap-conf create mode=prefix low-threshold=20% high-threshold=25%

Handling SNMP QueriesYou can use SNMP client applications to query the following MIBs:

CISCO-DNS-SERVER-MIB.my

CISCO-IETF-DHCP-SERVER-MIB.my

CISCO-IETF-DHCP-SERVER-EXT-MIB.my

CISCO-NETREG-DHCPV6-MIB.my (experimental)

When the SNMP server receives a query for an attribute defined in one of these MIBs, it returns a response PDU containing that attribute value. For example, using the NET-SNMP client application (available over the Internet), you can use one of these commands to obtain a count of the DHCPDISCOVER packets for a certain address:

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444.iso.org.dod.internet.private.enterprises.cisco.ciscoExperiment.ciscoIetfDhcpSrvMIB.ciscoIetfDhcpv4SrvMIBObjects.cDhcpv4Counters.cDhcpv4CountDiscovers

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers.0 = Counter32: 0

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444 1.3.6.1.4.1.9.10.102.1.3.1

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers.0 = Counter32: 0

Both commands return the same results. The first one queries the full MIB attribute name, while the second one queries its OID equivalent (which can be less error prone). As previously described, the OID equivalents of the MIB attributes are located in the relevant files at the following URL:

ftp://ftp.cisco.com/pub/mibs/oid/

For example, the CISCO-IETF-DHCP-SERVER-MIB.oid file includes the following OID definition that corresponds to the previous query example:

"cDhcpv4CountDiscovers" "1.3.6.1.4.1.9.10.102.1.3.1"

Here are some possible SNMP query error conditions:

The community string sent in the request PDU does not match what you configured.

The version in the request PDU is not the same as the supported version (SNMPv2).

If the object being queried does not have an instance in the server, the corresponding variable binding type field is set to SNMP_NOSUCHINSTANCE. With a GetNext, if there is no next attribute, the corresponding variable binding type field is set to SNMP_ENDOFMIBVIEW.

If no match occurs for the OID, the corresponding variable binding type field is set to SNMP_NOSUCHOBJECT. With a GetNext, it is set to SNMP_ENDOFMIBVIEW.


OL-29410-01

Chapter 1 Cisco Prime Network Registrar ComponentsDefault Ports for Cisco Prime Network Registrar Services

If there is a bad value returned by querying the attribute, the error status in the response PDU is set to SNMP_ERR_BAD_VALUE.

Integrating Cisco Prime Network Registrar SNMP into System SNMPYou can integrate the Cisco Prime Network Registrar SNMP server into the SNMP server, for the system it runs on. The integration can be done in a way where the system will respond to queries for Cisco Prime Network Registrar MIB entries. On systems using NET-SNMP (and compatible servers) this is done by adding the following entries to the /etc/snmp/snmpd.conf configuration file

view systemview included .1.3.6.1.4.1.9.9view systemview included .1.3.6.1.4.1.9.10

proxy -v 2c -c public 127.0.0.1:4444 .1.3.6.1.4.1.9.9proxy -v 2c -c public 127.0.0.1:4444 .1.3.6.1.4.1.9.10

The community string public and the port number 4444 may have to be replaced if the Cisco Prime Network Registrar SNMP server has been configured with different values for those settings.

NET-SNMP is commonly available on Linux and other Unix-like systems. On other systems, similar mechanisms may also be available.

Default Ports for Cisco Prime Network Registrar ServicesTable 1-2 lists the default ports used for the Cisco Prime Network Registrar services.

Table 1-2 Default Ports for Cisco Prime Network Registrar Services

PortNumber Protocol Service

22 TCP SSH remote login (RIC server to router)

23 TCP Telnet (RIC server to router)

53 TCP/UDP DNS

53 TCP/UDP Caching DNS

67 UDP DHCP client to server

67 TCP Bulk or Active leasequery client to DHCP server

68 UDP DHCP server to client

69 UDP TFTP (optional) client to server

162 TCP SNMP traps server to server

389 TCP DHCP server to LDAP server

546 UDP DHCPv6 server to client

547 UDP DHCPv6 client to server

647 TCP DHCP failover server to server

653 TCP High-Availability (HA) DNS server to server

1234 TCP Local cluster CCM server to server

1244 TCP Regional cluster CCM server to server


OL-29410-01

Chapter 1 Cisco Prime Network Registrar ComponentsDefault Ports for Cisco Prime Network Registrar Services

4444 TCP SNMP client to server

5480 HTTPS Virtual Appliance

8080 HTTP Local cluster client to server web UI

8090 HTTP Regional cluster client to server web UI

8443 HTTPS Local cluster secure client to server web UI

8453 HTTPS Regional cluster secure client to server web UI

Table 1-2 Default Ports for Cisco Prime Network Registrar Services (continued)

PortNumber Protocol Service


OL-29410-01

OL-29410-01

C H A P T E R 2

Cisco Prime Network Registrar User Interfaces

Cisco Prime Network Registrar provides a regional and a local web-based user interface (web UI) and a regional and local command line interface (CLI) to manage the CDNS, DNS, DHCP, TFTP, and Central Configuration Management (CCM) servers:

Web UI for the regional cluster to access local cluster serversSee the Regional Cluster Web UI section on page 2-10.

Web UI for the local clusterSee the Local Cluster Web UI section on page 2-7.

CLI for the local clustersOpen the CLIContent.html file in the installation /docs directory (see the Command Line Interface section on page 2-10).

CCM servers that provide the infrastructure to support these interfacesSee the Central Configuration Management Server section on page 2-11.

This chapter describes the Cisco Prime Network Registrar user interfaces and the services that the CCM servers provide. Read this chapter before starting to configure the Cisco Prime Network Registrar servers so that you become familiar with each user interface capability.

Introduction to the Web-Based User InterfacesThe web UI provides granular access to configuration data through user roles and constraints. The UI provides quick access to common functions. The web UI granularity is described in the following sections.

Related Topics

Supported Web Browsers, page 2-2Access Security, page 2-2Logging In to the Web UIs, page 2-2Multiple Users, page 2-3Changing Passwords, page 2-4Navigating the Web UIs, page 2-4Waiting for Page Resolution Before Proceeding, page 2-4Committing Changes in the Web UIs, page 2-5Role and Attribute Visibility Settings, page 2-5Displaying and Modifying Attributes, page 2-5Help Pages, page 2-6Logging Out, page 2-6


Chapter 2 Cisco Prime Network Registrar User InterfacesIntroduction to the Web-Based User Interfaces

Supported Web BrowsersThe web UI has been tested on Microsoft Internet Explorer 9 and Mozilla Firefox 21 and later. Internet Explorer 8 is not supported.

Access SecurityAt Cisco Prime Network Registrar installation, you can choose to configure HTTPS to support secure client access to the web UIs. You must specify the HTTPS port number and provide the keystore at that time. With HTTPS security in effect, the web UI Login page indicates that the Page is SSL1 Secure.

Note Do not use a dollar sign ($) symbol as part of a keystore password.

Logging In to the Web UIsYou can log into the Cisco Prime Network Registrar local or regional cluster web UIs either by HTTPS secure or HTTP nonsecure login. After installing Cisco Prime Network Registrar, open one of the supported web browsers and specify the login location URL in the browser address or netsite field. Login is convenient and provides some memory features to increase login speed.

You can log in using a nonsecure login in two ways:

On Windows, from the Start menu, choose Start > All Programs > Network Registrar 8.2 > Network Registrar 8.2 {local | regional} Web UI. This opens the local or regional cluster web UI from your default web browser.

Note Open the regional Web UI first and add the licenses for the required services.

Open the web browser and go to the web site. For example, if default ports were used during the installation, the URLs would be http://hostname:8080 for the local cluster web UI, and http://hostname:8090 for the regional cluster web UI.

This opens the New Product Installation page if no valid license is added at the time of installation. You have to browse and add the valid license. If the license key is acceptable, the Cisco Prime Network Registrar login page is displayed.

Note You can add the licenses only in the regional server. The local has to be registered to the regional at the time of installation to run the desired licensed services.

In the local server, confirm the regional server IP address and port number and also the services you want to run at the time of your first login. Click Register to confirm registration. If the regional server is configured with the required licenses, you will be displayed the login page.

Enter the superuser username and password created at the time of installation to log into the Web UI. The password is case-sensitive (See the Managing Passwords section on page 5-7). If you already added the valid license and superuser and configured a password at the time of installation, then you can log into the web UI using that username and password.

1. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).


OL-29410-01

http://www.openssl.org/


Note There is no default username or password for login.

Note To prepare for an HTTPS-secured login, see the Cisco Prime Network Registrar Installation Guide.

Depending on how your browser is set up, you might be able to abbreviate the account name or choose it from a drop-down list while setting the username.

To log in, click Login.

Adding License

Cisco will e-mail you one or more license files after you register the Cisco Prime Network Registrar Product Authorization Key (PAK) on the web according to the Software License Claim Certificate shipped with the product. Cisco administers licenses through a FLEXlm system. Once you have the file or files:

1. Locate the license file or files in a directory (or on the desktop) that is easy to find.

2. On the List/Add Product Licenses page, browse for each file by clicking the Choose File button.

Note The List/Add Product Licenses option is only available at the Regional.

3. In the Choose file window, find the location of the initial license file, then click Open.

4. If the license key is acceptable, the Add Superuser Administrator page appears immediately.

5. To add further licenses, from Administration menu choose Licenses under the User Access submenu to open the List/Add Product Licenses page. Click Browse to open the Choose file window, locate the additional license file, then click Open. If the key in the file is acceptable, the key, type, count, and expiration date appear, along with whether it is an evaluation key. If the key is not acceptable, the page shows the license text along with an error message. For the list of license types, see the Licensing section on page 5-19.

Above the table of licenses is a License Utilization area that, when expanded, shows the license types along with the total nodes that you can use and those actually used.

If Cisco Prime Network Registrar is installed as a distributed system, the license management is done from the regional cluster. You will not have the option of adding licenses in local cluster.

Multiple UsersThe Cisco Prime Network Registrar user interfaces support multiple, concurrent users. If two users try to access the same object record or data, a Modified object error will occur for the second user. If you receive this error while editing user data, do the following:

In the web UICancel the edits and refresh the list. Changes made by the first user will be reflected in the list. Redo the edits, if necessary.

In the CLIUse the session cache refresh command to clear the current edits, before viewing the changes and making further edits. Make changes, if you feel that it is necessary even after the other users changes.


OL-29410-01


Changing PasswordsWhenever you edit a password on a web UI page, it is displayed as a string of eight dots. The actual password value is never sent to the web browser. So, if you change the password, the field is automatically cleared. You must enter the new password value completely, exactly as you want it to be.

Note The password should not be more than 255 characters long.

For details on changing administrator passwords at the local and regional cluster, see the Managing Passwords section on page 5-7.

Navigating the Web UIsThe web UI provides a hierarchy of pages based on the functionality you desire and the thread you are following as part of your administration tasks. The page hierarchy prevents you from getting lost easily.

Caution Do not use the Back button of the browser. Always use the navigation bar menu, or the Cancel button on the page to return to a previous page. Using the browser Back button can cause erratic failures.

A single sign-on feature is available to connect between the regional and local cluster web UIs. The regional cluster web UI pages include the Connect button ( ) in the List/Add Remote clu

cisco prime network registrar 8.2 user guide · cisco systems, inc. cisco has more than 200 offices...

Documents