13 Obtaining Additional Publications and Information
Quick Start Guide
1 Introduction
This document introduces Craft Works Interface (CWI) that supports Cisco IOS XR Software Release 3.4.
NoteThis document refers to CWI managing devices. For Cisco IOS XR software, the devices can be any or all of the secure
domain routers (SDRs) of which your Cisco IOS XR system is composed.
Related Documentation
See the following list for related documents that may be useful:
• CiscoCraft Works Interface User Guide
• Cisco Craft Works Interface Online Help
Intended Audience
This document is intended for experienced service provider administrators, Cisco telecommunication management engineers,
and third-party field service technicians who have completed the required Cisco router training sessions.
2 About CWI
CWI is a powerful, session-based tool that allows you to manage, monitor, and configure a single device or a network of devices.
CWI is designed to operate in as many situations as possible. You can:
• Connect to the devices in several ways through a serial port, a terminal server, or an IP-based method, such as Telnet, SSH,
or CORBA.
• Run Windows, Macintosh, and Linux clients.
• Connect to devices with or without XML or command-line interface (CLI) capabilities.
• Display both the administrative (admin) plane and device plane for Cisco IOS XR devices.
Depending on the tasks that you want to perform, CWI offers a selection of CLI- and graphic-based tools from which you can
choose to perform the tasks. In addition to monitoring tools, CWI provides the following three methods to configure devices:
• Telnet, SSH, and Terminal Plus applications for direct access to the CLI of the device.
• CLI-based configuration editor tool for free-form editing and advanced navigation of the device configuration.
• Table-based applications that are used for bulk-configuration and client-side validation.
Unlike an Element Management System (EMS), CWI provides the following capabilities:
• Any Cisco IOS XR user can download CWI.
• CWI has a small footprint and no server is required.
• CWI has the flexibility to connect to the router through a serial port, terminal server, or management interface that uses
CLI or XML data.
• Many features are aimed at the CLI user.
See Cisco
Craft Works Interface User Guide for details on the activities in the CWI Desktop.
3 Prerequisites
Prerequisites ensure that the CWI client and router are correctly set up to allow them to communicate. Meeting all prerequisites
before starting any of the procedures in this guide is recommended to ensure successful communication between the CWI client
and router. For network information, see “Network Considerations” section on page 21.
2
NoteIf you are using a CORBA connection and require notifications, the router must be explicitly configured for each client
that is to receive notifications. These notifications include real-time inventory updates (for example, online insertion
and removal [OIR]), alarms, and change-of-configuration events. See the “Configuring the Router and CWI Client”
section on page 4 for information on configuring the router to send notifications to a specified client.
These prerequisites sections are described:
• Router Prerequisites, page 3
• CWI Client Prerequisites, page 3
• CWI Client System Requirements, page 3
Router Prerequisites
The router prerequisites ensure that the router is correctly set up. Before logging in to a router using CWI, you must meet the
router prerequisites that are described in Table 1.
Table 1Checklist for Router Prerequisites
ItemTaskAdditional Information
Base image and
manageability PIE
Minimum router
configuration
TTY or CORBA
connection method
1
username and
AAA
password
1. AAA = Authentication, Authorization, and Accounting
Ensure that the base image and manageability pie are
installed and running on the router to which you are
connecting using CWI client. Optionally, install and
activate the Cisco IOS XR Security Package (K9SEC) to
enable SSH and SSL functionality.
Set the minimum router configuration before configuring
the CWI client and required Management Services
Ensure if that connectivity is established between the
router Management Ethernet interface and CWI client.
Configure at least one username and password on the
router. A valid AAA username and password for accessing
the router must be configured.
See Cisco IOS XR System Management Configuration Guide for information on
how to start the base image.
—
See Cisco IOS XR Getting Started Guide
for information on connecting an
Ethernet interface from CWI client to the
router.
See Cisco IOS XR System Security Configuration Guide for information on
configuring usernames and passwords
on the router.
CWI Client Prerequisites
Ensure that the CWI client is correctly set up to communicate with the router. You should test the client connection. No special
configuration is required on CWI client.
Contact your system administrator to obtain the following information required to configure the router for use with CWI:
• Router hostname
• CWI client IP address if the client DNS name is not registered in a DNS server accessible by the router
CWI Client System Requirements
These sections list the CWI client hardware and software requirements. The CWI client hardware requirements ensure that the
CWI client has the proper verified system requirements for the chosen platform.
3
Hardware Requirements
Table 2 lists the CWI client hardware requirements.
Table 2CWI Client Hardware Requirements
System
Requirement CPU and CPU Speed MHzRAMDrive Space
Windows-based
PC
UNIXSolaris 550 MHz minimum,
Linux-based PC IBM PC-compatible 500 MHz PentiumIII minimum,
Macintosh500 MHz minimum,
IBM PC-compatible 500 MHz PentiumIII minimum,
1.20 GHz Pentium IV recommended
1.2 GHz recommended
1.20 GHz Pentium IV recommended
1.20 GHz recommended
256 MB minimum,
512 MB recommended
256 MB minimum,
512 MB recommended
256 MB minimum,
512 MB recommended
256 MB minimum,
512 MB recommended
CWI=5MB,
JRE=48MB.
CWI=5MB,
JRE=48MB
CWI=5MB,
JRE=48MB
CWI=5MB,
JRE=48MB
Software Requirements
Table 3 lists the CWI client software requirements.
Table 3CWI Client Software Requirements
System Requirement Operating SystemAdditional Software
Windows-based PC
Linux-based PCRed Hat Linux Release 7.1 or any Linux operating
MacintoshMAC OS X 10Safari version 1.2.3
1. JRE = Java Runtime Environment
Windows 2000 or Windows XPOne of these browsers:
• Microsoft Internet Explorer 5.0 or higher
• Netscape Navigator 7.0 or higher
JRE version 1.5
Netscape Navigator
JRE version 1.5
See the Sun website for the latest minimum system
requirements for the JRE on Linux.
JRE version 1.5
system on which JRE
1
1.5 runs
Monitor Display
Settings
1024 by
768 pixels
1024 by
768 pixels
1024 by
768 pixels
1024 by
768 pixels
4 Configuring the Router and CWI Client
To install CWI and for CWI to manage a router, specific configuration pieces must be active on the router. If you want to use
the serial port or terminal server connection method after installation, no further router configuration is required. For all other
connection methods, ensure that the router is configured, as described in this section.
The “Troubleshooting Basic IP Connectivity” section on page 24 provides information on resolving connectivity problems. See
Cisco IOS XR System Management Configuration Guide for information on the capabilities of, installation of
Cisco IOS XR software packages on, and bootup of the router.
These sections describe how to set up client connections on the router:
• Enabling the HTTP Server, page 5
• Setting Up the Common Configuration for IP Connection Methods, page 5
• Connection Methods, page 6
• Setting Up the Minimum Crypto Requirements, page 6
4
Enabling the HTTP Server
To download and install CWI, you must enable the HTTP server on the device.
NoteThe HTTP server is used only to install CWI. After installation, the server can be deactivated.
To activate the HTTP server, install the manageability PIE, and add the configuration, use the http server command in global
configuration mode, as shown in the following example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# http server
In addition, you can enable SSL by using the ssl keyword from the http server command in global configuration mode, as shown
in the following example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# http server ssl
Setting Up the Common Configuration for IP Connection Methods
For CWI to manage the device through an IP connection method (for example, Secure Shell Version 1 [SSHv1], Secure Shell
Version 2 [SSHv2], or CORBA) one or more of Telnet, SSHv1, and SSHv2 must be active on the router, regardless of which main
connection method you are using. The default number of available virtual terminal lines (vtys) is relatively small. We strongly
recommend that the number be increased to allow several management sessions to run simultaneously.
To set the maximum number of vtys, use the vty-pool command in global configuration mode, as shown in the following
example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# vty-pool default 0 max vty
For more information, see Cisco IOS XR System Management Command Reference.
Enabling the Telnet Server
To enable the Telnet server on a device for CWI, use the telnet server command in global configuration mode. The following
example shows that you can set the default VPN routing and forwarding (VRF) instance name for the Telnet server, specify the
IPv4 address prefix, and either specify the maximum number of Telnet servers or specify no limit to the maximum number of
Telnet services:
For more information, see Cisco IOS XR IP Addresses and Services Command Reference.
Enabling the SSH Server
Before you begin to enable the SSH server, ensure that you have generated the Rivest, Shamir, and Adelman (RSA) key pair for
SSHv1 and Digital Signature Algorithm (DSA) key pair for SSHv2, as described in the “Setting Up the Minimum Crypto
Requirements” section on page 6. To enable the SSHv1 server and SSHv2 server, use the ssh server command in EXEC mode,
as shown in the following example:
RP/0/RP0/CPU0:router# ssh server
You can set both the rate limit and session limit options for the SSH server. For more information, see Cisco IOS XR System
Security Configuration Guide.
5
Connection Methods
Some connection methods require additional configuration on the router, as described in Table 4. For the connection methods
that require cryptographic (crypto) set up, see the “Setting Up the Minimum Crypto Requirements” section on page 6.
Table 4Connection Methods and Requirements
Additional Router
Connection Method
Serial port———
Terminal server (all types)———
CLI over Telnet/SSHv1/SSHv2——Yes
XML over Telnetxml agent ttyYes—
XML over SSHv1/SSHv2xml agent ttyYesYes
XML over CORBAxml agent corba Yes—
XML over CORBA SSLxml agent corba ssl YesYes
Configuration Command
Manageability PIE
RequirementCrypto Setup Requirement
Setting Up the Minimum Crypto Requirements
This section describes the essential crypto requirements to enable the various secure communication options. If you want to run
CWI in a nonsecure (for example, Telnet- or CORBA-based) environment, this configuration is not required. For more detailed
information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSHv1 or SSHv2
To set up the minimum crypto configuration for SSHv1, use the crypto key generate rsa command in EXEC mode to generate a
RSA key pair. You must accept all prompted defaults. For more detailed information, see Cisco IOS XR System Security Configuration Guide.
To set up the minimum crypto configuration for SSHv2, use the crypto key generate dsa command in EXEC mode to generate
a DSA key pair. For more detailed information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSL
To set up the minimum crypto configuration for SSL (CORBA, HTTP, or both), perform the following steps:
Step 1Generate an RSA key pair. Accept all prompted defaults. If the key pair label is not specified, “the_default” is used.
RP/0/RP0/CPU0:router# crypto key generate rsa
Step 2Configure the certification authority (CA) trust point.
RP/0/RP0/CPU0:router(config)# crypto ca trustpointca-name
RP/0/RP0/CPU0:router(config-trustp)# enrollment urlca-URL
RP/0/RP0/CPU0:router(config-trustp)# rsakeypairkeypair-label (If your RSA key pair was assigned a label)
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
The following example shows how to configure the CA trust point:
Step 4Authenticate the CA by getting the certificate for the CA.
RP/0/RP0/CPU0:router# crypto ca authenticateca-name
Step 5Obtain a router certificate from the CA.
RP/0/RP0/CPU0:router# crypto ca enrollca-name
5 Installing, Launching, and Uninstalling CWI
This section provides information on how to install, launch, and uninstall CWI. For a list of the login modes, see the “Login
Modes and Requirements” section on page 22.
The following sections are presented:
• Installing CWI, page 7
• Launching CWI, page 8
• Closing CWI, page 16
• Uninstalling CWI, page 17
Installing CWI
Use this procedure to install CWI and log in to a router when SSL is either enabled or not enabled on the required Management
Services. Ensure that you have already set up the minimum client connections on the router. See the “Configuring the Router
and CWI Client” section on page 4 for more information.
NoteAll steps associated with accepting a certificate are not required after the first time you have started the CWI client and
logged in to a router if you choose the certificate option Always.
To install CWI, perform the following steps:
Step 1Launch your HTTP- or HTTPS-enabled web browser. See the “CWI Client System Requirements” section on page 3 for
information on web browsers.
If SSL is enabled, the router SSL certificate must be accepted. To choose the applicable option, follow the online
instructions.
NoteIf you click No to deny the SSL certificate, the login process is canceled.
Step 2Enter the DNS name or IP address of the router to be accessed in the Address field located near the top of the web
browser window. Press Enter.
You must enter the DNS name or IP address in the Address field using the following format:
http://router-dns-name or http://ip-address
If SSL is enabled, use the following format:
https://router-dns-name or https://ip-address
Step 3A router HTTP authentication dialog box appears. See Cisco IOS XR System Security Configuration Guide for
information on the AAA username and password.
a. Enter your AAA username and password in the User Name and Password fields.
b. Click OK. The Cisco Systems router home page appears.
Step 4Click the Craft Works Interface link in the web browser to start the CWI installation.
7
NoteYou must install JRE 1.5 to proceed with the CWI installation.
Step 5If this is the first time the CWI client has started CWI, the Java Plug-in must be installed and the CWI Cisco security
certificate must be accepted.
a. If the Java Plug-in installation is completed, a dialog box appears asking you to trust the security certificate distributed
by Cisco Systems. This dialog box differs depending on the client platform.
b. The security certificate must be accepted to run CWI. To choose the applicable option, follow the online instructions.
If applicable, the Craft Works Interface Launcher appears.
Step 6If this is the first time you have started CWI or you have installed a new version of CWI, the CWI components start
downloading. Otherwise, a cached version of the CWI components is used, reducing CWI start time.
Launching CWI
This section describes how to select the devices for managing your CWI session before and after launch.
The CWI device tree is a graphical, user-customized hierarchy of devices to manage, which provides a very simple method to
select devices to manage on a daily basis. The device tree lets you add, delete, and edit devices. In addition, the device tree lets
you to define device groups to organize your devices into logical sets. Your customizations are automatically saved for the next
time you launch CWI.
Because CWI can manage multiple routers in a session, you can select one or more devices or device groups from the device tree
and have CWI automatically log in to all of them. The login credentials for all the devices must be the same; for example, they
must have the same username and password. When you login, the progress window displays the login activity for each device.
When the login has been completed for all the devices, the main desktop appears. The CWI Inventory Tree is populated with
the chosen devices, and from this tree you can launch various applications to manage them.
After launching CWI, you can continue to add or delete devices by choosing File > Login. The following list of attributes are
included:
• Device name or address
• Connection method
• Description (optional)
In addition, you can connect to a device without using the Device Tree by choosing the Login Information root node in the tree.
CWI provides the user and device credentials on the right-hand side of the CWI - Login window.
The following sections are presented:
• Scripted Login Capability Overview, page 8
• Launching CWI Without Using the Device Tree, page 9
• Launching CWI from the Device Tree, page 10
• Encountering an Error While Logging into Multiple Devices Simultaneously, page 14
• Specifying the User Login Script, page 15
Scripted Login Capability Overview
The Scripted Login capability allows CWI to access devices not directly accessible from the CWI workstation. The following
steps are performed through a Scripted Login connection:
1. Connect by using Telnet, Secure Shell Version 1 (SSHv1), and Secure Shell Version 2 (SSHv2) to an intermediate device; for
example, a UNIX server.
2. Execute a user-specified series of commands to open a character-based connection such as a Telnet or SSH connection to
the remote device.
Then, CWI logs in to the remote device and communicates over the end-to-end connection by using XML or CLI, as specified
by the user.
8
Launching CWI Without Using the Device Tree
To launch CWI with SSL either enabled or not enabled, perform the following steps:
Step 1Double-click the CWI icon to launch the client desktop. The CWI - Login window appears (see Figure 1).
You have the option to add a device or device group and log in to multiple routers. See the “Launching CWI from the
Device Tree” section on page 10 for more information.
Figure 1CWI - Login Window
NoteEnter the same AAA username and password that you used in Step 4 to access the router that must be configured. See the
“Installing CWI” section on page 7.
Step 2Enter the same AAA username.
Step 3Enter the same AAA password.
Step 4(Optional) Enter the enable password for IOS.
NoteWhen you connect to an IOS device, you must enter the enable password.
Step 5Choose one of the following connection categories from the drop-down menu:
• IP
• Console/Aux
• Scripted
NoteIf you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.
Step 6Choose one of the following connection types from the drop-down menu:
• XML over CORBA. Choose the node name. Note that XML over CORBA is the default.
• CLI over Telnet/SSH. Choose the server name. Specifying the port is optional. If you specify a port, CWI tries to
connect using only that port. CWI does not automatically try to connect with other ports.
• Terminal Server. Choose the server name and port.
• Serial Port. Choose the Serial Port. You can also set the parameters for the serial port.
9
Step 7(Optional) If you chose the Scripted connection category to log in to the intermediate or Scripted server:
a. Enter the Scripted username.
b. Enter the Scripted password.
c. Click the ellipsis button to display the Login Script Steps window (see Figure 7). Follow the procedure in the “Specifying
the User Login Script” section on page 15.
NoteIn addition, you must enter the applicable information in the Device Description field to uniquely identify the
connection. For example, if you are connecting to a device such as router_1 through the intermediate machine, enter
router_1 in the Description field.
Step 8Enter the node name (DNS name or IP address) of the device that CWI is directly connecting to.
Step 9(Optional) Check the Manage admin plane check box to enable the admin plane for the applicable device group or
device. If checked, the admin plane node appears above the corresponding device node in the Inventory Tree. For more
information, see “Understanding the Admin Planes and Device Planes” section on page 18.
Step 10 Click Login. Note that if you checked the Lite Mode check box, the XML option is disabled.
For SSL enabled: If you did not choose Always to automatically accept the SSL certificate from the “Installing CWI”
section on page 7, you must accept the SSL certificate.
Step 11 After the CWI initialization is completed, the CWI Desktop window appears. The chosen login mode is indicated in the
Inventory Tree. See the “CWI Desktop Window” section on page 19 for information on the CWI Desktop window.
NoteCWI is automatically locked when there is no activity in the CWI session for 15 minutes. To unlock CWI, you
must provide the username and password used when logging in to the router. See Cisco Craft Works Interface User Guide for CWI unlocking procedures.
If any of the minimum requirements of the initialization steps fails, a CWI dialog box appears allowing you to abort,
troubleshoot, or continue the initialization process.
Step 12 If necessary, complete the following steps to troubleshoot the initialization process.
a. To stop the initialization process, click Abort.
b. To troubleshoot the process, click Troubleshoot. The Troubleshooter application is started, and a Troubleshoot New
Device Launch problems dialog box appears. The Troubleshooter application runs fault isolation tests on the
client/server communication path between the CWI and router management agent. The Troubleshooter application
provides a window that describes the reason for the failure, possible cause, and recommended repair action. An
automatic repair option is provided in many instances. See Cisco
using the Troubleshooter feature.
c. To continue the initialization process, click Continue.
Craft Works Interface User Guide for information on
Launching CWI from the Device Tree
These sections describe how to launch CWI through configured devices or device groups:
• Adding or Editing a Device, page 11
• Adding or Editing a Device Group, page 12
• Removing a Device or Device Group, page 12
• Logging In to Multiple Network Elements, page 12
10
Loading...
+ 22 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.