Page 1
Cisco Small Business
NSS2000 Series Network Storage System
ADMINISTRATION
GUIDE
Page 2
6bZg^XVh=ZVYfjVgiZgh
8^hXdHnhiZbh!>cX#
HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY#
H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K
6bhiZgYVb!I]ZCZi]ZgaVcYh
8^hXd]VhbdgZi]Vc '%%d[[^XZhldgaYl^YZ#6YYgZhhZh! e]dcZcjbWZgh!VcY [VmcjbWZghVgZa^hiZYdc i]Z8^hXdLZWh^iZVilll#X^hXd#Xdb$\d$d[[^XZh#
889:!88:CI!8^hXd:dh!8^hXdAjb^c!8^hXdCZmjh!8^hXdHiVY^jbK^h^dc!8^hXdIZaZEgZhZcXZ!8^hXdLZW:m!i]Z8^hXdad\d!98:!VcYLZaXdbZidi]Z=jbVcCZildg`VgZigVYZbVg`h08]Vc\^c\i]ZLVnLZLdg` !
6bZg^XVh=ZVYfjVgiZgh
8^hXdHnhiZbh!>cX#
HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY#
H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K
6bhiZgYVb!I]ZCZi]ZgaVcYh
8^hXd]VhbdgZi]Vc '%%d[[^XZhldgaYl^YZ#6YYgZhhZh! e]dcZcjbWZgh!VcY [VmcjbWZghVgZa^hiZYdc i]Z8^hXdLZWh^iZVilll#X^hXd#Xdb$\d$d[[^XZh#
889:!88:CI!8^hXd:dh!8^hXdAjb^c!8^hXdCZmjh!8^hXdHiVY^jbK^h^dc!8^hXdIZaZEgZhZcXZ!8^hXdLZW:m!i]Z8^hXdad\d!98:!VcYLZaXdbZidi]Z=jbVcCZildg`VgZigVYZbVg`h08]Vc\^c\i]ZLVnLZLdg` !
A^kZ!EaVn!VcYAZVgcVcY8^hXdHidgZVgZh Zgk^XZbVg`h0VcY6XX ZhhGZ\^higVg!6^gdcZi!6hncXDH!7g^c\^c\i]ZBZZi^c\IdNdj!8ViVanhi!8896!889E!88>:!88>E!88C6 !88CE!88HE!88KE!8^hXd!i]Z8^hXd8Zg i^[^ZY
>ciZgcZildg`:meZgiad\d!8^hXd>DH!8^hXdEgZhh!8^hXdHnhiZbh!8^hXdHnhiZbh8Ve^iVa!i]Z8^hXdHnhiZbhad\d!8^hX dJc^in!8daaVWdgVi^dcL^i]djiA^b^iVi^dc!:i]Zg;Vhi!:i]ZgHl^iX]!:kZci8ZciZg!;VhiHiZe!;daadlBZ
7gdlh^c\!;dgbH]VgZ!<^\V9g^kZ!=dbZA^c`!>ciZgcZiFjdi^Zci!>DH!^E]dcZ!^Fj^X`HijYn!>gdcEdgi!i]Z>gdcEdgiad\d!A^\]iHigZVb!A^c`hnh!BZY^VIdcZ!BZZi^c\EaVXZ!BZZi^c\EaVXZ8]^bZHdjcY!B<M!CZildg`Zgh!CZildg`^c\
6XVYZbn!CZildg`GZ \^higVg!E8Cdl!E>M!EdlZgEVcZah!Egd8dccZXi!HXg^eiH]VgZ!HZcYZg7VhZ!HB6GIcZi!HeZ Xigjb:meZgi!HiVX`L^hZ!I]Z;VhiZhiLVnid>cXgZVhZNdjg>ciZgcZiFjdi^Zci!IgVchEVi]!LZW:m!VcYi]ZLZW:m
ad\dVgZgZ\^hiZgZYigVYZbVg`hd[8^hXdHnhiZbh!>cX#VcY$dg^ihV[ [^a^ViZh^ci]ZJc^iZYHiViZhVcYXZgiV^cdi]ZgXdjcig^Zh#
6aadi]ZgigVYZbVg`hbZci^dcZY^ci]^hYdXjbZcidglZWh^iZVgZi]ZegdeZgind[i]Z^ggZheZ Xi^kZdlcZgh#I]ZjhZd[i]ZldgYeVgicZgYdZhcdi^beanVeVg icZgh]^egZaVi^dch]^eWZilZZc8^hXdVcYVcndi]ZgXdbeVcn#%-%.G
6bZg^XVh=ZVYfjVgiZgh
8^hXdHnhiZbh!>cX#
HVc?dhZ!86
6h^VEVX^[^X=ZVYfjVgiZgh
8^hXdHnhiZbhJH6EiZ#AiY#
H^c\VedgZ
:jgdeZ=ZVYfjVgiZgh
8^hXdHnhiZbh>ciZgcVi^dcVa7K
6bhiZgYVb!I]ZCZi]ZgaVcYh
© 2008 Cisco Systems, Inc. All rights reserved. OL-17960-01
Page 3
Contents
Chapter 1: Introduction 1
Benefits 1
Using the Help 2
Audience 2
About the NSS Configuration Interface 2
Getting Help 2
Refreshing the GUI Pages 3
Using the Quick Setup Wizards 4
Approved Vendor List for Drives 5
Chapter 2: Managing the System 6
System Alerts 7
Storage Status 7
Network Status 8
Shares Status 8
Backup Status 8
Power Status 9
System Status 9
Viewing the Hardware Monitor 10
Viewing and Managing the System Logs 11
Configuring the System for UPS Support 13
NSS-supported UPS Product Families 14
Chapter 3: Adding the NSS to your Network 15
Physical Interfaces 15
Virtual Interfaces 16
Viewing the Network Settings 17
Configuring the Network Link IP 18
Resetting the DHCP Lease on a Link 20
Viewing VLANs Configured on the NSS 21
Allowing a VLAN Access to the NSS 22
Cisco Small Business NSS2000 Series Administration Guide 1
Page 4
Contents
Changing a VLAN Configuration 24
Removing a VLAN’s Access to the NSS 25
Configuring the NSS Network Identification 27
Configuring DNS or WINS for Name Resolution 30
Joining the NSS to a Network Information System (NIS) Domain 32
Editing Access Control Lists (ACLs) from Windows Explorer:
Restrictions 33
Running Diagnostics of your Physical Link 33
Configuring the Network Ports 34
Setting up the Ethernet Frame Size & Advertising Modes 36
Chapter 4: Configuring your Storage 38
Disk Status Table 38
RAID Arrays Table 39
Volumes Table 40
USB Storage Status 41
Managing RAID Arrays 42
About the RAID Arrays Page 42
Choosing a RAID Array Level 42
Creating a RAID Array 45
Deleting an Array 46
Migrating a RAID Array to another Storage Device 48
Virtualizing Storage within your Network 49
Currently Exported Storage 49
Exporting Storage to your Network 50
Creating Virtualized Storage 51
Unexporting Storage 53
Volume Management 54
Creating a Volume 55
Expanding a Volume 57
Cisco Small Business NSS2000 Series Administration Guide 2
Page 5
Contents
Deleting a Volume 59
Volume Encryption Overview 60
Locking an Encrypted Volume 61
Unlocking a Locked Volume 62
Changing the Password for an Encrypted Volume 63
Storage Options 65
Chapter 5: Setting up End-User Access 67
Managing your NSS Users 68
Creating a User Profile 68
Editing a User Profile 71
Integrating Users from an ADS, NTv4, or NIS Domain 72
Logging into the NSS as a Local User 73
Deleting a User Profile 73
Working with Groups 74
Creating a Group 74
Changing the Users Assigned to a Group 76
Integrating Groups from an Active Directory, NTv4, or NIS Domain 77
Deleting a Group 78
Managing Volume Quotas 79
Changing the User’s Primary Group 79
About the Volume Quota Page 80
Creating Volume Quota for a User or Group 80
Setting up the Grace Period for a Volume Quota 83
Changing a Volume Quota for a User or Group 84
Clearing a Quota 86
Network Filters Overview 87
Defining the Default Network Policy 88
Creating a Network Filter 89
Available Access Filters 91
Cisco Small Business NSS2000 Series Administration Guide 3
Page 6
Contents
Deleting a Network Filter 93
Configuring the User/Group Ranges and Home Directory Location94
Chapter 6: Managing the Shares 96
Creating a Share 97
Editing an Existing Share 102
Adding a DFS Shared Folder 105
Restrictions using Microsoft DFS from the NSS 107
Setting up CIFS Access 108
Setting up Network Filesystem (NFS) Access 109
Configuring the NSS for FTP Access 110
Creating or Running a Backup of a Share 114
Creating a Scheduled Backup for a Share 115
Initiating a Backup for a Share 117
Deleting Backup Images 118
Configuring the Connection Profile 119
Chapter 7: Maintaining the NSS 120
Rebooting or Shutting Down the NSS 121
Upgrading the NSS Firmware 122
Restoring the Factory Default Configuration 125
Managing the NSS Configuration 126
Saving the Current Configuration 127
Restoring a Configuration File 130
Deleting a Configuration File 133
Configuring the Timing Settings 134
Configuring the Email Alerts for a Recipient 135
Changing the Email Alerts for a Recipient 137
Deleting an Email Alert Recipient Profile 138
Configuring SNMP Alerts 139
Cisco Small Business NSS2000 Series Administration Guide 4
Page 7
Contents
Changing the Administrator Password 141
Chapter 8: Instructing your End-Users 142
Logging into the CIFS Shares with Administrator Privileges 142
Windows Users: Accessing the NSS Storage using CIFS/SMB 143
Windows Users: Accessing the NSS Storage through FTP 144
Mac Users: Accessing Storage through CIFS/SMB 144
Mac Users: Accessing Storage through FTP 145
UNIX/Linux Users: Accessing Storage through NFS 146
UNIX/Linux Users: Accessing Storage through FTP 147
Appendix A: Troubleshooting 148
Power LED/Button (Front Panel) 148
System LED (Front Panel) 149
Reset Button (Front Panel) 149
LAN LED (Front Panel) 150
Hard Disk Drive LEDs (Front Panel) 150
UPS LED (Back Panel) 151
Repairing a Degraded Array 151
Working with a Failed Array 153
Drive Error LED Remains On 154
Firmware Upgrade Failed 154
Free Bound Virtualized Storage when the Master System Fails 155
All CIFS Connections were Unexpectedly Ended 155
Hotplugging the Ethernet Link doesn’t Reset IP or Link Rate 156
Unable to Create a Share or Quota for a Volume 156
Cannot Access the NSS through FTP 157
Cannot Rename a Folder through FTP 157
Configuration Page does not Appear in Internet Explorer 158
Handling an Unexpected (Unclean) Shutdown 158
Cisco Small Business NSS2000 Series Administration Guide 5
Page 8
Contents
Boosting the Performance of NFS Transfers 159
Appendix B: Glossary of Storage-Related Terms & Acronyms 160
Appendix C: Environmental Specifications 176
Appendix D: Additional Information 177
Regulatory Compliance and Safety Information 177
Warranty 177
End User License Agreement (EULA) 177
Appendix E: Support Contacts 178
Cisco Small Business NSS2000 Series Administration Guide 6
Page 9
Introduction
Thank you for choosing the Cisco Small Business Network Storage System (NSS).
Administering a network can be a difficult job. Finding low-cost ways to simplify
your data-management tasks means that you have more resources to dedicate
elsewhere. The NSS is a Network Attached Storage (NAS) unit that appears as a
native file server for the various clients within your network, including Windows,
Apple Macintosh, UNIX, and Linux platforms. The biggest benefit to your users is
that they can now access data that might be stored across different physical
platforms as simply as if it were on their own computers. The NSS provides a
single repository that is completely dedicated to storage, ensuring the integrity,
reliability, and accessibility of your data for a relatively low cost.
The NSS lets you install up to two physical disk drives. The NSS uses the most
common file-based protocols such as NFS, CIFS, and FTP for file sharing.
1
Benefits
The NSS offers the following main advantages to your business:
• Cross-platform File Sharing: Share files easily and inexpensively across
heterogeneous platforms over a cost-effective Ethernet and IP network.
• Easy Installation and Administration: With a basic understanding of
networking, the NSS is easily configured, managed, and made available to
all of your networked users.
• Data Consolidation: Centralize data to reduce management costs and
maximize your investment in existing hardware. This also means better data
security.
The NSS2000 Series includes the NSS2000 and NSS2050 models. Check
www.cisco.com/go/smallbiz for additional information.
Cisco Small Business NSS2000 Series Administration Guide 1
Page 10
Introduction
Using the Help
Using the Help
1
The NSS (Network Storage System) help file provides information about using the
configuration interface to configure the NSS.
Audience
The information contained in these help pages is intended for use by network
administrators. It assumes a basic understanding of storage-related concepts,
including RAID, filesystems, and networking.
About the NSS Configuration Interface
The NSS configuration interface contains some basic navigation features to help
you as you configure the NSS.
• Manager Menu: The Manager Menu forms the left side of the configuration
interface window. It contains the menu options that represent the major
configuration areas for the NSS. For example, System, Network, Share,
Storage. When you click an option, a sub-menu of related options appears.
Clicking a topic opens the associated topic in the To p i c page in the right
side of the window.
• To p ic Pa g e: When you select a topic from the Manager Menu, the
configuration page for that topic appears in the right side of the window.
Getting Help
There are two buttons on the NSS configuration interface window that you can
click to access help:
• From the Manager Menu click Help to display the full online Administrator
Guide. Use the navigation tools within the help to find information for your
chosen topic.
Cisco Small Business NSS2000 Series Administration Guide 2
Page 11
Introduction
Using the Help
1
• A context-sensitive help button appears in the upper-right corner of the
topic page. Click it to display help on the specific configuration area. For
example, if the current configuration topic is about the status of your
system, click the Help button for information about the details that appear
on the System Status page.
Refreshing the GUI Pages
Although certain GUI pages automatically refresh at a preselected time interval,
some pages do not refresh until they are reselected. The best way to manually
refresh a GUI page is to reselect it through the options in the Manager Menu on the
left side of the GUI window. For example, to refresh the NTP Configuration page,
from the Manager Menu, click Admin and then click Tim e. We recommend you do
not use the Refresh button on the Web browser toolbar as this can cause data
issues.
Cisco Small Business NSS2000 Series Administration Guide 3
Page 12
Introduction
Using the Quick Setup Wizards
Using the Quick Setup Wizards
There are three wizards available from the Manager Menu of the configuration
interface:
• Initial Setup: This wizard automatically appears when you log into the
configuration interface for the first time. Although you can access it at any
time from the Manager Menu, if you have saved any configuration settings
before you run the wizard, note that running the wizard will erase any saved
data. For example, if you configure a RAID and then run the wizard, the RAID
will be deleted. This wizard steps you through the basic configuration to
create a RAID, volume, share, user, to set the Home Directory location, set
the time, and so on. (For detailed help on the full set of configuration options,
refer to the online help or to the Administrator’s Guide which you can
download from the Cisco website.)
1
• IP Camera Options: The following wizards let you set up the NSS to store
videos from IP surveillance cameras. The type of wizard you should choose
depends on the way the camera transfers the video clips. Note that you only
need to run the wizard once and then you must configure each the camera
to output the video to the configured share. To run either of the following
wizards, make sure you have created a RAID array, a volume, and any users
that you want to grant access to the surveillance videos. After running this
wizard, you must map a network drive to the share on the PC running the
camera utility and configure the camera utility to save the video to this
mapped network drive
- FTP: Run this wizard if the cameras are set up to transfer motion-
triggered clips. Running the wizard creates a single user and FTP share
for the cameras. The videos are then saved within an FTP folder which
contains a subfolder for each camera.
- CIFS: Run this wizard if the cameras have a Windows utility program that
lets you save the streaming video to a local drive (or in this case, the
NSS) and then view the video from its saved location. The wizard
creates a single user and share for all cameras that are configured to
output to the Windows Utility program. After you run the wizard, you
must map the network drive from the PC that runs the Windows utility
program to the CIFS share.
Cisco Small Business NSS2000 Series Administration Guide 4
Page 13
Introduction
Approved Vendor List for Drives
Approved Vendor List for Drives
If you are purchasing disk drives to install in the NSS, refer to the product support
information offered on the Cisco website (www.cisco.com) for a list of
recommended disk drives.
When you select a disk drive, consider the type of RAID levels required to service
your business needs. For example, if you are creating a RAID (versus a JBOD),
make sure that each of the disks used in the array have the same disk capacity.
The RAID is built using the capacity of the smallest disk in the array.
1
Cisco Small Business NSS2000 Series Administration Guide 5
Page 14
Managing the System
The System Status page provides an overview of the current operating condition
of the NSS. For example, you can view system alert messages such as if a disk
drive is failing or has failed, if a volume is approaching its full capacity, and if an
array rebuild is complete. You can also view the current status of any of the
following: storage, shares, backups, network, power, and system details. Status
pages like the System Status page automatically refresh on a regular interval and
are helpful for monitoring the progress of certain processes such as building a
RAID.
2
The following sections provide a detailed explanation of the information that
appears on the System Status page.
Cisco Small Business NSS2000 Series Administration Guide 6
Page 15
Managing the System
2
System Alerts
The System Alerts section shows any system messages issued since the last time
they were cleared. Messages can range in severity from informational to
immediate action required.
There are three type of alerts that can appear in this area of the System Status
page:
• Error: These types of messages indicate the most severe types of
problems with the NSS. They require immediate action. For example, if a
disk drive or RAID array is in a failed condition.
• Warning: These types of messages indicate there is a problem with the
NSS that requires eventual action. For example, if the amount of storage
used for a volume is over 90%.
• Notification: These types of messages are simply to advise of changes to
the NSS. For example, the RAID rebuild is complete.
Storage Status
The Storage area displays details about the configured storage on the NSS,
including:
• Drives: The number of physical disk drives installed.
• RAID Arrays: The number of configured RAID arrays.
• Volumes: The number of configured volumes.
• To t al C on fi gu re d Ca pa ci t y : The total aggregate size of all configured
volumes.
• Percent Used: The total amount of the configured capacity used.
Cisco Small Business NSS2000 Series Administration Guide 7
Page 16
Managing the System
2
Network Status
The Network area displays the following:
• Link: The current status of the Ethernet link. The only status that is visible is if
the link is up. If the link is down, you cannot access the Configuration
Manager.
• VLANs: The number of VLANs configured on the NSS.
• Link IP: The IP address of the Ethernet link.
Shares Status
The Shares area displays the status of the following:
• Shares: The number of configured shares.
• Connected Users: The total number of user sessions currently connected to
the NSS.
• FTP: The FTP access state (enabled or disabled).
• NFS: The NFS access state (enabled or disabled).
Backup Status
The Backup area displays the following:
• Last Backup: The date and time of the last backup run. If a backup has never
been run on the system, the word "never" appears.
Cisco Small Business NSS2000 Series Administration Guide 8
Page 17
Managing the System
2
Power Status
The Power area displays the following:
• UPS: The following options are available depending on the current
operating condition of the UPS. For more information about the functioning
of the UPS, refer to the UPS documentation.
- Disabled: A UPS is not currently connected to the NSS or is not enabled.
- Online: A UPS is connected to the NSS and is enabled. The NSS is
deriving power from the mains power.
- On Battery (%): The NSS is currently deriving its power from the UPS
battery. The percentage of power still available is also listed.
System Status
The System area displays the following:
• Serial Number: The serial number of the NSS.
• Firmware Version: The current version and date of the firmware installed on
the NSS.
• Uptime: The number of days the NSS has been running since it was last
rebooted.
• Last Boot: The date when the NSS was last rebooted.
Cisco Small Business NSS2000 Series Administration Guide 9
Page 18
Managing the System
Viewing the Hardware Monitor
Viewing the Hardware Monitor
The Hardware Monitor page displays details about the following physical
conditions related to the NSS:
2
• Voltages : The current voltage reading for all voltage rails in the system. The
reading is color-coded depending on if the voltage level is within
specification (green) or out of specification and in need of attention (red).
• Fans: The fan speed for each chassis fan. If the fan has stalled, the reading is
color-coded red. Normal fan operation is color-coded green.
• Te m p e r a t u r e s : The NSS has temperature sensors located at various parts
of the chassis. Temperature readings are done from these sensors as well
as from any installed disks (if the disk has an internal temperature sensor). If
a disk does not have a temperature sensor, the reading appears as
"unavailable". If the temperature of the system or disks is over or under the
ideal temperature, the temperature is color-coded red. When the
temperature is within the normal range the color-coding is green.
Cisco Small Business NSS2000 Series Administration Guide 10
Page 19
Managing the System
Viewing and Managing the System Logs
Viewing and Managing the System Logs
The NSS captures various types of information into log files, such as user access
details. You can store the logs locally or on a remote server on the network. Since
local space allocated for log files is limited, the logs are overwritten once the
space is filled.
To work with the log files:
STEP 1 From the Manager Menu, click System Logs.
The System Logs page appears.
2
STEP 2 You can view, download, or delete any of the following types of log files:
• Admin: A full list of time-stamped actions that were initiated through the
NSS configuration interface.
• Web Access: This log displays IP addresses of the systems that accessed
the NSS configuration interface and the date and time of the authentication
requests. This information helps you detect unauthorized attempts to
access the NSS configuration interface.
Cisco Small Business NSS2000 Series Administration Guide 11
Page 20
2
• CIFS Sharing: A time-stamped event log of events initiated by users
accessing shares through CIFS.
• FTP Access: A time-stamped log of FTP actions, including user logins, file
transfers, and user logouts.
• All Logs: A concatenation of all the log files. You can download and save this
file.
The following screenshot is an example of the Administrator Log:
STEP 3 Choose where you want to store the log files:
• Locally: To store the log files on the NSS, select Store Logs Locally, and then
select the volume to which you want to store the logs from the options in the
Store Logs to drop-down menu.
• Remotely: To store the log files on a remote server, select Forward Log
Messages, and then enter the hostname or IP address of the server in one
or both of the Remote Log Host fields. (If you set up two remote hosts, the
log file is sent to both servers.) Note that the remote server must be running
a syslog server.
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 12
Page 21
Managing the System
Configuring the System for UPS Support
Configuring the System for UPS Support
The Power Status page provides an overview of the current power condition of
the NSS. You can set up the NSS to use an uninterruptible power supply (UPS) if
one is connected directly to the UPS port on the NSS.
NOTE: When the UPS power goes to low
battery, a signal is sent via the USB port on the
NSS and a shutdown of the NSS is initiated.
Make sure that the UPS has enough reserve
power at this point to sustain the NSS through
the shutdown (approximately 5 minutes).
The Power area displays the following:
2
• AC Status: The following options are available depending on the current
operating condition of the UPS. For more information about the functioning
of the UPS, refer to the UPS documentation.
- Disconnected: A UPS is not currently connected to the NSS or has not
yet been enabled.
- Online: A UPS is connected to the NSS and is enabled. The NSS is
deriving power from the mains power.
- On Battery: The NSS is currently deriving its power from the UPS
battery.
• Battery Status: The percentage of power still available is also listed and is
color-coded according to the amount of battery remaining.
Cisco Small Business NSS2000 Series Administration Guide 13
Page 22
Managing the System
Configuring the System for UPS Support
To enable the UPS:
STEP 1 From the Manager Menu, click System Power.
The System Power page appears.
2
STEP 2 Select Enable UPS support.
STEP 3 Click Update.
NSS-supported UPS Product Families
The NSS supports the following UPS product families:
• APC Back-UPS Pro USB
• APC Back-UPS RS USB
• APC Back-UPS USB
• APC Back-UPS LS USB
• APC Back-UPS ES/CyberFort 350
• APC Smart-UPS USB
Cisco Small Business NSS2000 Series Administration Guide 14
Page 23
Adding the NSS to your Network
The Network Device Settings page displays the current status of the NSS’s
physical and virtual network interfaces.
3
Physical Interfaces
The Network Device Status table displays the current status of the physical
Ethernet link connected to the NSS.
• Link: The number of the physical link attached to the NSS. The number
appears as 1.
• Status: The status of the physical link. Options include:
- Up: The link is up (color-coded green) and operational.
- Down: The link is down (color-coded red) and not operational. If a cable
Cisco Small Business NSS2000 Series Administration Guide 15
is connected to the Ethernet port, check the cable integrity and the
status of the device (switch, router, or computer) at the other end of the
cable. You can use the NSS’s cable diagnostic feature to assist you (see
Page 24
Adding the NSS to your Network
• Speed: The configured speed, in Mbps, of the physical link. Options include:
10 Mbps, 100 Mbps, 1000 Mbps.
• MAC Address: The Ethernet MAC address for the link.
• MTU: The Maximum Transmission Unit (MTU) in bytes defined for the link.
This is set either manually from the Network Properties page or via the
DHCP server.
• Rx Pkts: The total number of IP packets received since the last boot.
• Tx P k t s : The total number of IP packets transmitted since the last boot.
• Dropped Pkts: The total number of IP packets dropped since the last boot.
3
”Running Diagnostics of your Physical Link” section on page 33). This
status is not visible as you cannot access the Configuration Manager
when the link has failed.
Virtual Interfaces
The VLAN Status area of the Network Status page displays the current status and
details regarding each configured VLAN.
• Link: The number that appears in this column identifies the physical link on
which the VLAN is configured.
• VLAN: The VLAN number.
• Priority: The 802.1p priority set for the VLAN. Options include 0 through 7 (0
being best effort data and 7 being network critical data).
• Label: The text description defined for the VLAN.
• Rx Pkts: The total number of IP packets received on the VLAN interface
since the last boot.
• Tx P k t s : The total number of IP packets transmitted on the VLAN interface
since the last boot.
• Dropped Pkts: The total number of IP packets dropped on the VLAN
interface since the last boot.
Cisco Small Business NSS2000 Series Administration Guide 16
Page 25
Adding the NSS to your Network
Viewing the Network Settings
Viewing the Network Settings
The Network Device Settings page displays information about the physical and
virtual interfaces currently configured on the NSS.
NOTE: If you hotplug the Ethernet link after
the initial installation of the NSS, make sure you
wait 15 seconds between the time you unplug
the cable and then plug it back in. The NSS
displays the correct new settings within 10
seconds.
3
To display the Network Device Settings page, from the Manager Menu, click
Network
• Link: The number of the physical link attached to the NSS. It appears as 1.
• VLAN: The ID assigned to the virtual interface. For physical interfaces, this
column is blank.
Cisco Small Business NSS2000 Series Administration Guide 17
IP. The Network Device Settings table displays the following:
Page 26
Adding the NSS to your Network
Configuring the Network Link IP
• Assign Via: The method used to assign an IP configuration to the physical or
virtual interface. Options include:
- DHCP: The IP configuration was assigned by a DHCP server. Or, if the
- Static: A static IP configuration was manually entered through the NSS
• IP Address: The IP address for the physical or virtual interface.
• Netmask: The netmask for the physical or virtual interface.
• Gateway: The address of the gateway for the physical or virtual interface.
3
interface was configured to use DHCP for IP configuration but no DHCP
server was found, the IP address was assigned by the AutoIP protocol.
configuration interface.
Configuring the Network Link IP
You need to configure the method for assigning an IP configuration to each
interface connected to the NSS.
NOTE: If you hotplug the Ethernet link after
the initial installation of the NSS, make sure you
wait 15 seconds between the time you unplug
the cable and then plug it back in. The NSS
displays the correct new settings within 10
seconds.
To set the IP address allocation method for an interface:
STEP 1 From the Manager Menu, click Network IP.
The Network IP page appears listing each interface.
Cisco Small Business NSS2000 Series Administration Guide 18
Page 27
Adding the NSS to your Network
Configuring the Network Link IP
STEP 2 Click Edit on the row of the interface you want to configure.
The Network Link Configuration page appears.
3
STEP 3 Select one of the following:
• Obtain IP Address Automatically: Use a DHCP server to retrieve the IP
address, netmask, and gateway address for the interface.
• Use the Following IP Address: Enter the IP configuration details manually for
the IP address, netmask, and gateway, in dotted-quad notation (i.e., set of
four digits separated by periods where each digit is in the range of 0-255).
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 19
Page 28
Adding the NSS to your Network
Resetting the DHCP Lease on a Link
Resetting the DHCP Lease on a Link
You can force a renewal of the DHCP lease on the physical link or VLAN that is
configured for DHCP:
STEP 1 From the Manager Menu, click Network IP.
The Network IP page appears listing each physical and virtual interface.
STEP 2 Click Edit on the row of the link IP you want to reset.
The Network Link Configuration page appears.
3
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 20
Page 29
Adding the NSS to your Network
Viewing VLANs Configured on the NSS
Viewing VLANs Configured on the NSS
When you first display the Network VLAN page, the currently configured VLANs
appear. Configuring a VLAN to connect to the NSS depends if it is trunk-based or
port-based. To configure a trunk-based VLAN, follow the steps to allow a VLAN to
access the NSS; see ”Allowing a VLAN Access to the NSS” section on page 22. To
configure a port-based VLAN, configure the switch to assign the port to which the
NSS is connected to the desired VLAN. In this case, no NSS configuration changes
are required.
To view the VLANs currently configured on the NSS:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
3
STEP 2 View the following details for each existing VLAN that appears in the VLAN
Configuration table:
• Link: The physical link attached to the NSS. The number appears as 1.
• VLAN: The ID of the VLAN. This is configured when the VLAN is added to
the NSS and should match the ID of the VLAN as it is configured in your
network. The range of valid VLAN IDs is from 1 to 4095.
Cisco Small Business NSS2000 Series Administration Guide 21
Page 30
Adding the NSS to your Network
Allowing a VLAN Access to the NSS
• Priority: The quality of service (QoS) as defined in the IEEE 802.1p standard
for the VLAN traffic. VLAN Ethernet frames contain a three-bit priority tag
ranging from 0 to 7 (where 0 is best effort and 7 is network-critical traffic).
• Label: A text description for the VLAN (for example, "Data," "Voice," "Video,"
and so on). This description is used solely as a reference within the NSS
interface and does not affect its operation.
Allowing a VLAN Access to the NSS
Configuring a VLAN to connect to the NSS depends if it is trunk-based or portbased. To configure a trunk-based VLAN, follow the steps described next. To
configure a port-based VLAN, configure the switch to assign the port to which the
NSS is connected to the desired VLAN. In this case, no NSS configuration changes
are required.
3
To set up a network VLAN to access the NSS:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
STEP 2 In the New VLAN area of the page, set up the following fields:
Cisco Small Business NSS2000 Series Administration Guide 22
Page 31
Adding the NSS to your Network
Allowing a VLAN Access to the NSS
• Link: This shows as "1" for the Ethernet link.
• VLAN: Enter the ID of the VLAN as it is defined within your network. The
range of valid VLAN IDs is from 1 to 4095.
• Priority: Select the QoS priority for the VLAN traffic as it is defined for your
network. Valid options range from 0 to 7 (as defined by the IEEE 802.1p
standard). VLAN Ethernet frames contain a three-bit priority tag ranging
from 0 to 7 (where 0 is best effort and 7 is network-critical traffic).
• Label: Enter a text description for the VLAN (for example, "Data", "Voice",
"Video", etc.). It can be made up of alphanumeric characters. Note that this
description is used solely as a reference within the NSS interface and does
not affect its operation.
STEP 3 Click Add.
The newly added VLAN appears in the VLAN Configuration table. A message
appears to advise that the VLAN does not take effect until you configure the IP
address.
3
STEP 4 Click OK.
The Network IP page appears. The newly added VLAN appears in the list.
STEP 5 Click Edit for the VLAN you need to configure.
The Network Configuration page appears.
Cisco Small Business NSS2000 Series Administration Guide 23
Page 32
Adding the NSS to your Network
Changing a VLAN Configuration
STEP 6 Click one of the following, depending on how you want to assign the VLAN IP
addressing:
• Obtain IP Address Automatically: Use a DHCP server to retrieve the IP
address, netmask address, and gateway address for the VLAN.
• Use the Following IP address: Enter the IP configuration details manually.
STEP 7 Click Update.
Changing a VLAN Configuration
After you set up a VLAN to access the NSS, you can change its configuration
details.
3
To edit a VLAN configuration:
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
STEP 2 Click Edit for the VLAN you want to change.
Cisco Small Business NSS2000 Series Administration Guide 24
Page 33
Adding the NSS to your Network
Removing a VLAN’s Access to the NSS
The Edit VLAN page appears.
STEP 3 Make changes to any of the VLAN configuration fields as required.
3
STEP 4 Click Update.
Removing a VLAN’s Access to the NSS
All connected VLANs appear when you first display the VLAN Configuration page.
You can delete the connection between a VLAN and the NSS. Note that deleting
the VLAN only affects the VLAN’s ability to access the NSS. It does not impact the
VLANs operation within your network.
To disconnect a VLAN’s access to the NSS:
Cisco Small Business NSS2000 Series Administration Guide 25
Page 34
Adding the NSS to your Network
Removing a VLAN’s Access to the NSS
STEP 1 From the Manager Menu, click Network VLAN.
The VLAN Configuration page appears.
3
STEP 2 From the VLAN Configuration table, click Delete for the VLAN you want to remove.
The VLAN disappears from the VLAN Configuration table and can no longer
access the NSS.
Cisco Small Business NSS2000 Series Administration Guide 26
Page 35
Adding the NSS to your Network
Configuring the NSS Network Identification
Configuring the NSS Network Identification
The Network Identification page is where you configure the network identity of the
NSS, including the hostname and domain membership.
NOTE Before you join the NSS to an NTv4 or Active Directory Service (ADS) domain, do
the following:
— Configure the IP and DNS information.
— Set up your user and group ID ranges on the User/Group Settings page (from the
Manager Menu, click Access and then Options). If you make a change to the range
after the domain is joined you must rejoin the NSS to the domain after the change
is made.
3
— Set up the Home Directory Location on the User/Group Settings page. This is
used for any domain users as well as local users.
To configure the NSS network identity:
Cisco Small Business NSS2000 Series Administration Guide 27
Page 36
Adding the NSS to your Network
!
Configuring the NSS Network Identification
STEP 1 From the Manager Menu, click Network Identification.
The Network Identification page appears.
3
STEP 2 In the Hostname field, enter the name you want to use for the NSS. Note any
special naming restrictions or conventions enforced by the domain(s) into which
the NSS is being joined.
CAUTION: If you change the hostname, any
current CIFS connections to shares on the NSS
are disconnected.
STEP 3 To assign the hostname for the NSS using the DHCP server, select Assign
automatically via DHCP. If the DHCP server is not available or if it is not configured
to supply a hostname, the NSS hostname is assigned using the information
entered in the Hostname field.
STEP 4 In the Description field, enter the textual description for the NSS as you want it to
appear in the file manager window for your users.
STEP 5 Select the type of network into which you are making the NSS a member from the
following options:
Cisco Small Business NSS2000 Series Administration Guide 28
Page 37
Adding the NSS to your Network
Configuring the NSS Network Identification
• Workgroup: Make the NSS part of a peer-to-peer network.
• NTv4 Domain: Make the NSS a part of a pre-Windows 2000 domain. If you
select this option, set up the following fields:
- NTv4 Domain: Enter the domain name.
- Domain Controller: Enter the hostname or IP address of the domain
controller.
- Username: Enter the username of an account that has administrator
privileges for this domain. Note: The username cannot contain the "%"
character.
- Password: Enter the password for the administrator account. This
password is cleared each time you click Update. You must re-enter the
password each time you edit the fields on this page to ensure the rejoin
of the domain is successful.
3
• Member of Active Directory domain: Make the NSS part of an Active
Directory (ADS) domain. If you select this option, set up the following fields:
- Active Directory Domain: Enter the domain name. Note that you might
have to use the DNS fully qualified domain name. For example,
"domain.com" versus just "domain."
- Kerberos Realm: Enter the name of your Kerberos realm. If you are not
sure what to enter here, enter the domain name. In most standard
Windows domain installations, this is the correct value. Note that you
might have to use the fully qualified domain name for the Kerberos
Realm fields. For example, "domain.com" versus just "domain".
- Domain Controller: Enter the hostname or IP address of the domain
controller.
- Username: Enter the username of an account that has administrator
privileges for this domain. Note: The username cannot contain the "%"
character.
- Password: Enter the password for the administrator account. This
password is cleared each time you click Update. You must re-enter the
domain password each time you edit fields on this page to ensure the
rejoin of the domain is successful.
Cisco Small Business NSS2000 Series Administration Guide 29
Page 38
Adding the NSS to your Network
Configuring DNS or WINS for Name Resolution
STEP 6 Click Update.
If you configured the NSS to join a domain, when you click Update, the domain
join occurs. The NSS configuration interface displays the status of the domain
join (that is, successful or not successful). Note: If you are joined to a domain
and make changes to the fields on this page, make sure you re-enter the
domain password as the NSS automatically rejoins the domain when you click
Update.
Configuring DNS or WINS for Name Resolution
Within a network, DNS and WINS are used to translate hostnames into IP
addresses. For example, the hostname "myserver" might translate to 172.1.135.6.
Configuring how the NSS works with name resolution depends on what type of
servers exist within your network.
3
To configure the DNS or WINS server addresses for your network:
STEP 1 From the Manager Menu, click Network DNS/WINS.
The Network Name Resolution page appears.
Cisco Small Business NSS2000 Series Administration Guide 30
Page 39
Adding the NSS to your Network
Configuring DNS or WINS for Name Resolution
STEP 2 Based on your network setup, configure the following fields:
• Search Domain: Enter the address of the DNS search domain accessible by
the NSS. For example, "mycompany.com".
• Primary DNS Server: Enter the IP address of the primary DNS server on
your network.
• Alternate DNS Server: Enter the IP address of a second DNS server to be
used should the primary DNS server become unavailable. This field is
optional.
• Assign automatically via DHCP: Select this to assign the IP address for the
DNS server using the DHCP server. If the DHCP server cannot be found or
times out, the DNS server IP address is assigned the IP address manually
entered in the Primary or Alternate DNS Server fields.
• Primary WINS server: If your network has a WINS server, enter its address
or hostname. This field is optional.
3
• Alternate WINS server: If your network has a secondary WINS server, enter
its address or hostname. This field is optional.
• Assign automatically via DHCP: Select this to assign the IP address or
hostname for the WINS server using the DHCP server. If the DHCP server
cannot be found or times out, the DNS server IP address is assigned the IP
address manually entered in the Primary or Alternate WINS Server fields.
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 31
Page 40
Adding the NSS to your Network
Joining the NSS to a Network Information System (NIS) Domain
Joining the NSS to a Network Information System (NIS)
Domain
To join the NSS to a NIS domain, you need to configure and enable it.
NOTE: Before you join a NIS domain, make
sure you set up or make changes to the NIS
domain users and groups ID range on the User/
Groups Settings page. This minimizes the risk
of collisions of user or group IDs within your
network.
To configure the NSS for NIS:
3
STEP 1 From the Manager Menu, click Network NIS.
The NIS Configuration page appears.
STEP 2 Select Enable NIS.
STEP 3 Enter the NIS domain name in the NIS Domain Name field.
STEP 4 Set the bind state by clicking one of the following:
Cisco Small Business NSS2000 Series Administration Guide 32
Page 41
Adding the NSS to your Network
Running Diagnostics of your Physical Link
• Broadcast for NIS Server: Click this option to have the NSS search until it
finds the NIS server on the network.
• Use the following NIS Servers: To manually identify the NIS server you want
the NSS to use, click this option, and then enter the address of up to three
different NIS servers.
The Bind State field shows the current bind status of the NSS. Options include:
"Invalid" (the NSS is not joined to an NIS domain), or "Enabled" (the NSS is
successfully joined to a NIS domain).
STEP 5 Click Update.
Editing Access Control Lists (ACLs) from Windows Explorer:
Restrictions
3
Access Control Lists (ACLs) are used to set user and group access privileges for
specific files and folders stored on the NSS. There are certain restrictions to be
aware of as you work with ACLs through Windows Explorer:
• Group versus User ACLs: You can only set up an ACL for individual users.
You cannot set up a group ACL.
• NIS domain: You cannot create or edit ACLs for NIS domain users; they do
not appear in the Security tab in Windows Explorer.
Running Diagnostics of your Physical Link
The NSS lets you test the physical network cable attached to the Ethernet link for
certain fault conditions. The test automatically runs each time you display the
Network Diagnostics page. Running this test does not affect the use of the link in
any way.
NOTE: The diagnostics test is only supported
when the NSS is connected to a Gigabit switch.
To test the physical link:
Cisco Small Business NSS2000 Series Administration Guide 33
Page 42
Adding the NSS to your Network
Configuring the Network Ports
STEP 1 From the Manager Menu, click Network Diagnostics.
The Network Diagnostics page appears.
3
STEP 2 View the Link Status area for the test result. If the link is down, you cannot access
the Configuration Manager.
Configuring the Network Ports
By default the NSS runs network services on their well known (IETF defined) port
numbers. You can change the port on which any particular service runs. When you
disable WAN access for a given service, only hosts on the same subnet as the
NSS may connect to that service. This is in essence a shortcut to manually
defining an equivalent network filter.
Cisco Small Business NSS2000 Series Administration Guide 34
Page 43
Adding the NSS to your Network
Configuring the Network Ports
To set up the network services:
STEP 1 From the Manager Menu, click Network Ports.
The Network Ports Configuration page appears.
3
STEP 2 Change the port assignment for any of the following service types:
• FTP/FTPS Port: The well-known port setting is 21. Select Disable WAN
Access to disallow FTP and FTPS protocol access to the NSS from a WAN.
• Web Server Port: The well-known port setting is 80. Note that to access the
NSS configuration interface, you must have either the HTTP port or HTTPS
port enabled. Select Disable WAN Access to disallow HTTP protocol
access to the NSS from a WAN.
• SSL Web Server Port: The well-known port setting is 443. Select Disable
WAN Access to disallow HTTPS protocol access to the NSS from a WAN.
STEP 3 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 35
Page 44
Adding the NSS to your Network
Setting up the Ethernet Frame Size & Advertising Modes
Setting up the Ethernet Frame Size & Advertising Modes
The Network Properties page lets you set the Ethernet frame size and determine
how you want to advertise the presence of the NSS within your network.
To configure the network properties:
STEP 1 From the Manager Menu, click Network Properties.
The Network Properties page appears.
3
STEP 2 Set the Maximum Transmission Unit (MTU), in bytes, in the MTU field. This is the
largest Ethernet frame that your network can handle. The default MTU size is 1500
bytes. MTU sizes greater than 1500 bytes are considered "jumbo frames".
STEP 3 To assign the link MTU size automatically using the DHCP server, click Assign
automatically via DHCP. In this case, the value entered in the MTU field is used as a
backup if the DHCP server does not provide an MTU value or if the server cannot
be reached.
STEP 4 Based on your network requirements, enable any of the following:
• Advertise using UPnP: The NSS is advertised within the network using
UPnP.
• Advertise using Zeroconf/Bonjour: The NSS is advertised within the
network using Zeroconf/Bonjour.
Cisco Small Business NSS2000 Series Administration Guide 36
Page 45
Adding the NSS to your Network
Setting up the Ethernet Frame Size & Advertising Modes
STEP 5 Click Update.
3
Cisco Small Business NSS2000 Series Administration Guide 37
Page 46
Configuring your Storage
The Storage Status page shows the current state of the disk drives, arrays, and
volumes currently installed or exported to the NSS. You can also view the
S.M.A.R.T. health report for each physical disk. To display the Storage Status page,
from the Manager Menu, click Storage
Status page automatically refresh on a regular interval and are helpful for
monitoring the progress of certain processes such as checking the condition of a
drive.
4
Status. Status pages like the Storage
Disk Status Table
The Disk Status table lists each of the physical disks installed in the NSS. The table
is made up of the following columns:
• Port: The port number on the NSS in which the disk is installed.
Cisco Small Business NSS2000 Series Administration Guide 38
Page 47
Configuring your Storage
4
• Model: The model of the disk drive. This information is read from the disk
drive.
• Size: The size of the disk drive.
• Health: The system monitors each disk drive and reports the condition of
the disk drive. Options include:
- Passed: The disk drive has passed the S.M.A.R.T. test and is considered
fully operational. The Error LED on the disk drive is off.
- Failing: The disk drive has failed the S.M.A.R.T. test and is predicated to
fail. The red Error LED on the disk drive is blinking.
- Failed: The disk drive is not operational (has failed). The red Error LED on
the disk drive is on solid.
• Status: The state of use for the disk drive. Options include:
- Online: The disk drive is spun up.
- Standby: The disk drive is idle and is spun down.
- Offline: The disk drive is failed.
• Action: There are available action buttons associated with each installed
disk drive:
- Get Details: View the current, detailed S.M.A.R.T. report for the disk drive.
RAID Arrays Table
The RAID Arrays table lists each array (either RAID or JBOD) currently configured.
The table is made up of the following:
• Label: The name assigned to the array.
• RAID Level: The configured RAID level.
• Spare: Indicates if the RAID has a spare or not.
• Size: The size allocated for the array. The amount of available storage for an
array depends on the number of drives in the array, the size of the smallest
drive, as well as the RAID level assigned.
• Status: The current condition of the RAID array. Options include:
- Clean: The array is in a normal state. The status is color-coded green.
Cisco Small Business NSS2000 Series Administration Guide 39
Page 48
Configuring your Storage
4
- Degraded: For RAID arrays with redundancy (i.e., RAID levels 1), one or
more of the redundant disk drives is removed from the system or is
failed. In this state, the array is fully recoverable. The status is colorcoded orange.
- Failed: One or more disk drives have been removed or are
unrecoverable from a RAID0 or a JBOD array. For RAID level 1, it
indicates a loss of the redundant disk in the array. In this state, the array
is unrecoverable.
- Rebuilding: A RAID level with redundancy is being rebuilt. Note that
during a rebuild, the RAID array is still fully usable. The status is colorcoded orange. During the rebuild, the disk drive LED slowly blinks green.
- Stopped: A RAID array has been stopped by the system (through
degraded mode management) due to it being in degraded mode for the
amount of time configured in the Storage Options page. Volumes
associated with a stopped array are unmounted and unusable. To start
the RAID array, click the Start button.
Volumes Table
The Volumes table provides a list of the existing volumes. The table is made up of
the following:
• Location: The name of the RAID array on which the volume is configured.
• Volume: The name assigned to the volume.
• To t al S p a ce : The amount of space configured for the volume.
• Used Space: The amount of space used on the volume.
• Avail. Space: The amount of unused space on the volume.
• % Used: The percentage of available space that is used.
• Encrypted: Whether the volume is encrypted or unencrypted.
• Locked: The encrypted volume is locked and is not accessible. To make the
volume accessible, the volume must be unlocked.
Cisco Small Business NSS2000 Series Administration Guide 40
Page 49
Configuring your Storage
USB Storage Status
If you mount a USB flash device by inserting it into the AUX-1 port on the back of
the chassis, the USB Storage Status table appears. If there is no USB flash device
mounted, the USB Storage Status table does not appear. You can use the USB
flash device to save a backup of the configuration file. When you finish using the
USB flash device, click Unmount before you remove it from the AUX-1 port. (The
AUX-1 LED on the back of the chassis must be off before you can safely remove
the USB flash device.) If you remove the USB flash device in a mounted state, you
risk corrupting the files or filesystem.
The USB Storage Status table provides the following details about the mounted
USB flash device:
4
• Disk: The type of disk in this case is the USB flash.
• To t al S p a ce : The total amount of space (both used and available) on the
USB flash device.
• Used Space: The amount of space taken up on the USB flash device.
• Available Space: The amount of unused space on the USB flash device.
• %Used: The percentage of space used on the USB flash device.
• Action: The Unmount button unmounts the USB flash device so that it can be
safely removed from the AUX-1 port.
Cisco Small Business NSS2000 Series Administration Guide 41
Page 50
Configuring your Storage
Managing RAID Arrays
Managing RAID Arrays
RAID is an acronym for Redundant Array of Inexpensive Disks. In storage
environments, a RAID array uses multiple physical disk drives to create a single
logical unit from which data can be shared or replicated between the drives. A
RAID array also simplifies the data management as the data appears in one logical
unit. Choosing to store your data using a RAID array gives you the benefit of speed
and performance; storage capacity; decreased downtime costs and increased
availability; fault tolerance; and higher data security.
About the RAID Arrays Page
The RAID Arrays page is where you manage the local RAID and JBOD arrays. To
display the RAID Arrays page, from the Manager Menu, click Storage
4
RAID.
Choosing a RAID Array Level
RAID (Redundant Array of Inexpensive Disks) is a technology that enables multiple
low-cost hard drives to be used together in a way that increases performance
and/or reliability compared to that of a single drive. The component devices in a
RAID array appear as a single logical storage device. There are various types of
Cisco Small Business NSS2000 Series Administration Guide 42
Page 51
Configuring your Storage
Choosing a RAID Array Level
RAID, referred to as RAID levels. Some RAID levels increase the performance of
the array, some increase the reliability, and others do a mixture of both. The NSS
supports the following RAID levels: 0 and 1. The NSS also supports JBOD (Just a
Bunch of Disks), which is technically not a RAID level.
The following variables are used in the formulas used to calculate the total
capacity of each RAID level:
Stripe (RAID0): RAID0 stripes the data written to the array across the component
disks. The data is broken into chunks and each chunk is written to a different disk.
Reads and writes to each disk occur in parallel, speeding up the total read and
write performance of the array.
4
• m – capacity of the smallest disk in the array
• n – number of disks in the array
• Minimum Number of Disks: 2
• Total capacity: m * n
• Advantages: Increased read and write performance.
• Disadvantages: Decreased reliability. A failure of any component disk in the
array causes the entire array to fail.
Mirror (RAID1): RAID1 writes the same data to each disk in the array. The disks are
referred to as "mirrors" because each one mirrors the data stored on the others. As
long as one disk in the array is intact, all data can be read back from the array. If a
disk fails in the array and is then replaced, the array must copy the entire contents
of a good disk to the new disk. This process is referred to as “resyncing”. During a
resync, the array continues to be available for reads and writes. When an array
contains a failed disk, it is said to be operating in “degraded” mode. This reflects
the decreased performance and reliability of the array when it is missing disks.
• Minimum Number of Disks: 2
• Total capacity: m
• Advantages: Increased reliability. The array can sustain the loss of all but
one disk without any data loss. Each mirror disk added to the array
increases the reliability (for example, a two-disk RAID1 is half as likely to fail,
a three-disk RAID1 is one-third as likely to fail, and so on). Increased read
performance.
• Disadvantages: Decreased aggregate storage capacity (each mirror disk
does not contribute to the total capacity of the array). Decreased write
performance. I/O intensive when resyncing mirrors.
Cisco Small Business NSS2000 Series Administration Guide 43
Page 52
Configuring your Storage
Choosing a RAID Array Level
JBOD: JBOD lets you combine multiple disks of mixed capacities into a single
logical storage device. The capacity of the JBOD array is the sum of the total
capacities of the individual component disks (that is, it does not have the limitation
of RAID0 where you lose some capacity when using mixed sized disks). JBOD
offers no performance increase compared to the component disks. It has lower
reliability than the component disks, as the failure of a single disk results, in
general, in the failure of the whole array. Depending on how you create volumes on
the JBOD array, you may be able to recover data when one or more disks in the
JBOD fail. This, however, is not guaranteed.
4
• Minimum Number of Disks: 1
• Total capacity: sum of capacities of component disks.
• Advantages: Maximal storage capacity, especially when using mixed size
disks.
• Disadvantages: Decreased reliability.
Cisco Small Business NSS2000 Series Administration Guide 44
Page 53
Configuring your Storage
Creating a RAID Array
Creating a RAID Array
After you install the physical disks, you can create the RAID arrays. Before you
create a RAID array, either for the first time, or when you are rebuilding it as a result
of failed disks in the array, it is a good idea to set the Rebuild Priority (see ”Storage
Options” section on page 65) to determine how you want to allocate the system
resources for the rebuild.
4
NOTE: When adding disks to an array, we
recommend you use the same model of disk
with the same capacity. With the exception of a
JBOD, RAIDs are configured to use the
maximum of the smallest disk capacity in the
array for each additional disk in the array. For
example, if you install one, 250 GB disk and one
500 GB disk in a RAID0 array, the total capacity
is only 500 GB.
To create an array:
STEP 1 From the Manager Menu, click Storage RAID.
The RAID page appears:
Cisco Small Business NSS2000 Series Administration Guide 45
Page 54
Configuring your Storage
Deleting an Array
STEP 2 The available disks appear in the New RAID Device table. Select each disk that
you want to include in the array.
STEP 3 From the RAID Level drop-down menu, click the RAID level of the RAID array you
want to create.
STEP 4 Click Add.
4
The RAID creation can take some time to complete (depending on the size of
the disks and the selected RAID level). You can monitor the progress of the
RAID build from the Storage Status page. When the build is finished, the array
appears in the RAID Arrays table. The disks used in the array are no longer
available for creating additional arrays.
Deleting an Array
You can remove an existing array and release the disks used in the array back into
available storage. Note that deleting an array also deletes any existing data on the
array (including the volumes, shares, and quotas). If you delete an array that
contains the volume that is used as the location of your users’ Home Directories,
note that you must assign a new volume as the Home Directory location.
Cisco Small Business NSS2000 Series Administration Guide 46
Page 55
Configuring your Storage
Deleting an Array
To delete an existing array:
STEP 1 From the Manager Menu, click Storage RAID.
4
STEP 2 Click Delete in the row of the RAID array that you want to delete.
A warning message appears.
STEP 3 To continue, click OK.
The deleted array disappears from the list of existing arrays. The disks used in
the array are released back into available storage and appear in the New RAID
Device table.
Cisco Small Business NSS2000 Series Administration Guide 47
Page 56
Configuring your Storage
Migrating a RAID Array to another Storage Device
Migrating a RAID Array to another Storage Device
After you build a RAID array, you can migrate it to a different NSS as required. Note
that you cannot migrate a RAID to or from the NSS4000. You can migrate a RAID
array to or from any of the other NSS models. If you are migrating a RAID array
from the NSS to another network NSS, ensure that you coldplug the RAID array
(versus hotplug it) into the new system as per the following:
STEP 1 Power down the NSS (from which you are removing the RAID array).
STEP 2 Remove each of the disk drives that make up the RAID array to be moved.
STEP 3 Power down the NSS to which you are migrating the RAID array.
STEP 4 Insert each of the disk drives in the RAID array into the new NSS.
4
NOTE: You can install the drives into the new
NSS in any order (that is, you do not need to
install them in the same order or slots that they
were installed in the original NSS).
STEP 5 When all the disk drives are installed, power up the NSS.
STEP 6 If any local users were assigned permissions to shares on the RAID array, you
must either save the configuration from the original RAID array device and then
upload it to the new NSS, or manually reconfigure the users and their share
permissions.
Cisco Small Business NSS2000 Series Administration Guide 48
Page 57
Configuring your Storage
Virtualizing Storage within your Network
Virtualizing Storage within your Network
NOTE: After you configure a virtual RAID, you
cannot migrate the disks used for that RAID to
another NSS. You also cannot export storage
from a device that uses imported storage.
Currently Exported Storage
When you display the Storage Virtualization page, the Currently Exported Storage
table appears. It shows the details for any exported disks or arrays:
• Device: The name of the exported disk or array.
4
• Size: The size of the exported storage.
• Exported As: The serial number of the exported NSS.
• Imported by: The serial number of the NSS that has imported the storage. If
the exported disk or array has not yet been imported by the master NSS,
"None" appears in this column.
• Action: Click the Unexport button to stop the NSS from exporting the
associated drive or array. This frees up the drive or array for use in local
RAID arrays.
Cisco Small Business NSS2000 Series Administration Guide 49
Page 58
Configuring your Storage
!
Exporting Storage to your Network
Exporting Storage to your Network
If you have multiple NSS units in your network, you can easily export the storage to
form a large, logical storage unit that can be managed from the master NSS. The
first step in creating virtualized storage is to export the disk(s) or array to the
network. Note that when you export storage, you need to consider how things like
rebooting an NSS might impact users of the virtualized storage. While the logical
storage is controlled from the master NSS, the physical device (including the disk
drives) is still controlled through the slave’s configuration interface and is affected
by the conditions of the physical unit.
CAUTION: After you configure a virtual RAID,
you cannot migrate the disks used for that RAID
to another NSS. You also cannot export storage
from a device that uses imported storage.
4
To export storage to the network:
STEP 1 Log into the configuration interface for the device from which you are exporting
storage.
STEP 2 From the Manager Menu, click Storage Virtualization.
The Storage Virtualization page appears.
Cisco Small Business NSS2000 Series Administration Guide 50
Page 59
Configuring your Storage
Creating Virtualized Storage
STEP 3 From the Export a device area, select each device that you want to expor t from the
list of available devices.
STEP 4 From the Link field, select the physical link that you want to use to export the
storage.
STEP 5 Click Export.
The selected disk(s) disappear from the available list of arrays and appear in
the Currently Exported Storage table at the top of the page. Follow the steps to
create a JBOD from virtualized storage to use the exported storage.
Creating Virtualized Storage
4
After you export storage from a slave storage unit, it becomes available to other
storage units in your network. The recommended way to use virtualized storage is
to assign a master storage unit (the master must be an NSS6000 series model).
The designated master unit then becomes the configuration point for all your
storage-related management. Exported storage can be used to create a JBOD,
which can then be used to set up volumes and shares. Keep in mind that although
the storage is managed through the master unit, the physical device that contains
the exported storage is still managed through the applicable slave unit. If you
affect the physical disk drives (e.g., shut down the power to the unit), this affects
any logical storage built using those disk drives.
NOTE: After you configure a virtual RAID, you
cannot migrate the disks used for that RAID to
another NSS. You also cannot export storage
from a device that uses imported storage.
To create a JBOD with exported disks:
STEP 1 Log in to the configuration interface from the master NSS6000 series unit.
STEP 2 From the Manager Menu, click Storage RAID.
Cisco Small Business NSS2000 Series Administration Guide 51
Page 60
Configuring your Storage
Creating Virtualized Storage
4
The RAID page appears
Exported disks from other NSS units in the network appear in the New RAID
Device table.
STEP 3 From the New RAID Device table, click the disks or arrays that you want to include
in the JBOD.
STEP 4 Select JBOD as the RAID level.
STEP 5 Click Add.
The JBOD appears in the RAID Arrays listing. You can now create volumes from
the virtualized JBOD.
Cisco Small Business NSS2000 Series Administration Guide 52
Page 61
Configuring your Storage
Unexporting Storage
Unexporting Storage
You can choose to unexport pieces of the storage currently exported to the
network. Note that you can only unexport storage that has not yet been used.
To unexport a piece of storage:
STEP 1 From the Master device, delete any RAID arrays (see the ”Deleting an Array”
section on page 46) associated with the storage you want to unexport.
STEP 2 Display the Configuration Interface for the slave device that contains the storage
you want to unexport.
STEP 3 From the Manager Menu, click Storage Virtualization.
The Storage Virtualization page appears.
4
STEP 4 Click Unexport for the device you want to release from the network.
The disk drive(s) or array no longer appears in the Currently Exported Storage
list. It now appears in the Export a device list and is again available for use.
Cisco Small Business NSS2000 Series Administration Guide 53
Page 62
Configuring your Storage
Volume Management
Volume Management
A volume is a way to partition storage space available on an array. The Storage
Volumes page shows the following details about configured volumes or create
additional volumes.
4
The Volumes table displays the following:
• Volume: The name of the volume.
• Location: The array on which the volume is located.
• To t al S p a ce : The amount of space allocated for the volume (in MB, GB, or
TB).
• % Used: The amount of space, as a percentage, that is currently used.
• Crypto: Whether the volume is encrypted or not. Note that file transfer
performance to encrypted volumes is generally lower than to nonencrypted volumes.
• Action: Click Edit to make changes to the current volume. Click Delete to
remove the volume (and any saved data on the volume) from the array. If the
volume is encrypted, you can either click Unlock to unlock it and make it
usable, or click Lock to manually lock it.
Cisco Small Business NSS2000 Series Administration Guide 54
Page 63
Configuring your Storage
Creating a Volume
Creating a Volume
After you define at least one RAID array, you can create a volume. You need to
create at least one volume before you can create users, groups, or shares.
To c re a te a v o l u m e :
STEP 1 From the Manager Menu, click Storage Volumes.
The Storage Volumes page appears.
4
STEP 2 From the New Volume area, set up the following fields:
• Array: Click the drop-down menu to select the array on which you want to
create the volume.
• Name: Enter the name you want to give the volume. The volume name must
consist of at least one alphanumeric character, must begin with a letter, but
cannot contain any spaces.
• Size: Enter the size for the volume, and then select the unit from the drop-
down menu. The final size of the shared volume is less than the size you
Cisco Small Business NSS2000 Series Administration Guide 55
Page 64
Configuring your Storage
!
Creating a Volume
STEP 3 To encrypt the volume, select Encrypted. To create an unencrypted volume, go to
step 6.
4
enter in this field due to filesystem overhead. The minimum volume size is
32 MB. Volume sizes are rounded down to the nearest 32 MB increment.
NOTE: Once the volume is created, you can
expand the volume but you cannot reduce its
size.
NOTE: You can encrypt the volume only when
the volume is first created. After a volume is
created, you cannot change whether it is
encrypted or unencrypted. File transfer
performance to encrypted volumes is generally
lower than to non-encrypted volumes.
STEP 4 Enter a password in the Password field. The password must be entered to unlock
an encrypted volume when the NSS is started up following a power interruption,
shutdown, or rebooted, or, if the volume was manually locked through the NSS
configuration interface. The password can be any alphanumeric characters (with
the exception of the ";" |", and "&"). It cannot contain any spaces and must be a
minimum of one character (no maximum).
CAUTION: Because you need the password to
decrypt a locked volume, keep a secure
backup of the password to ensure that it is
accessible when required. There is no way to
unlock the volume without the password. (If the
password is forgotten, the only way to unlock
the volume is if a known password was saved
in a configuration file. You can then restore the
configuration, and then use that password to
unlock the volume. See Restoring the
Configuration for help on this.)
STEP 5 Re-enter the password in the Confirm Password field.
STEP 6 Click Add.
Cisco Small Business NSS2000 Series Administration Guide 56
Page 65
Configuring your Storage
Expanding a Volume
Expanding a Volume
After a volume is created, you can increase its size, provided there is available
space on the array.
To increase the size of a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Edit for the volume you want to expand.
Cisco Small Business NSS2000 Series Administration Guide 57
Page 66
The Grow File System page appears for the selected volume.
4
STEP 3 In the Resize by field, select one of the following:
• Grow By: Select this option to add the space allocated in the Size field to
the existing space for the volume. For example, if the volume currently has
224 MB of space and you want to add another 224 MB, select "Grow By",
then enter 224 in the Size field, and then set the unit field to MB. Note: The
system rounds up the total space to the nearest 32 MB boundary.
• Resulting Size: Select this option to resize the volume to the space entered
in the Size field. For example, if the volume currently has 224 MB of space
and you want it to have 928 MB, select "Resulting Size" and then enter 928 in
the Size field. Note: The system rounds up the total space to the nearest 32
MB boundary.
STEP 4 Depending on your choice in the previous step, enter the new number in the Size
field, and then select the unit from the drop-down menu. If you selected "Grow By",
the new number is added to the existing volume size. If you selected "Resulting
Size", the new number becomes the total size for the volume.
STEP 5 Click OK.
Cisco Small Business NSS2000 Series Administration Guide 58
Page 67
Configuring your Storage
!
Deleting a Volume
Deleting a Volume
You can choose to delete a volume at any time.
To delete a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Storage Volumes page appears.
4
CAUTION: Deleting the volume removes any
shares or data currently saved to that volume. If
the volume was assigned as the users’ Home
Directory Location, you must reassign the
Home Directory Location to another volume.
STEP 2 From the Volumes area, click Delete for the volume you want to delete.
Cisco Small Business NSS2000 Series Administration Guide 59
Page 68
Configuring your Storage
Volume Encryption Overview
Volume Encryption Overview
The Volumes page lists both the encrypted and unencrypted volumes and lets
you create a volume, and lock, unlock, or change the password for encrypted
volumes.
4
NOTE: File transfer performance to encrypted
volumes is generally lower than non-encrypted
volumes.
Cisco Small Business NSS2000 Series Administration Guide 60
Page 69
Configuring your Storage
Locking an Encrypted Volume
Locking an Encrypted Volume
You can manually lock an encrypted volume at any time. Locking a volume means
that it becomes unmounted and is unusable (you cannot create or use shares
stored on the locked volume). This provides an extra layer of security against the
theft of data.
To l oc k a v ol um e :
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
The Crypto column displays whether the volume is encrypted (Yes) or not
encrypted (No).
STEP 2 Click Lock to lock the volume.
Cisco Small Business NSS2000 Series Administration Guide 61
Page 70
Configuring your Storage
Unlocking a Locked Volume
Unlocking a Locked Volume
When an encrypted volume is locked, either automatically as a result of the NSS
being rebooted or manually locked through the configuration interface, you must
unlock it before it can be used for tasks such as creating shares or quotas.
To unlock a volume:
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Unlock for the volume you want to unlock.
The Unlock Volume page appears.
Cisco Small Business NSS2000 Series Administration Guide 62
Page 71
Configuring your Storage
!
Changing the Password for an Encrypted Volume
STEP 3 Enter the password for the volume in the Password field.
4
STEP 4 Click OK.
The Volume Encryption page appears. The volume is now unlocked.
Changing the Password for an Encrypted Volume
A password must be set up when you create an encrypted volume. After the
volume is created, you can change the password at any time. The password must
be entered under two conditions: when the NSS is started up after a power
interruption, or, the volume has been manually locked.
CAUTION: Because the password is required
to de-crypt a locked volume, keep a backup of
the password to ensure that it is accessible
when required. There is no way to unlock the
volume without the password. (If the password
is forgotten, the only way to unlock the volume
is if there is a known password saved in a
configuration file. See Restoring the
Configuration for help on this.)
To change the password on an existing encrypted volume:
Cisco Small Business NSS2000 Series Administration Guide 63
Page 72
Configuring your Storage
Changing the Password for an Encrypted Volume
STEP 1 From the Manager Menu, click Storage Volumes.
The Volumes page appears.
4
STEP 2 Click Edit for the volume you want to change.
The Edit Volume page appears.
Cisco Small Business NSS2000 Series Administration Guide 64
Page 73
Configuring your Storage
Storage Options
STEP 3 In Current Password field, enter the password.
STEP 4 In the New Password field, enter the new password. The password can be any
alphanumeric characters (with the exception of the ";" |", and "&"). It cannot contain
any spaces and must be a minimum of one character (no maximum).
STEP 5 Re-enter the new password in the Confirm Password field.
STEP 6 Click Update.
Storage Options
The Storage Options page lets you define the following:
4
• Idle Drive Spin Down: Configure the NSS to spin down the disk drives after
a predefined time of inactivity. Select the period of time that the disk drive
must be idle before it is spun down.
• RAID Rebuild Priority: During normal operation, the CPU switches between
tasks to service all active tasks on the system. Creating a RAID array or
rebuilding an existing array can take up a significant amount of the available
percentage of CPU processing power. You can control how the system
prioritizes the rebuild and allocates the system’s resources based on your
system’s current workload and need for responsiveness. To set the RAID
rebuild priority, choose one of the following from the RAID Rebuild Priority
field:
- High: The CPU focuses on the RAID rebuilding process. This setting
allows for the fastest possible RAID rebuild at the expense of other
system tasks. File-sharing throughput is adversely affected during a
RAID rebuild when this setting is chosen.
- Medium: This option gives a balance between the rebuild process and
other system tasks. The rebuild process takes longer than if it was set to
High.
- Low: The CPU focuses on other tasks versus the RAID rebuild process.
This results in a longer rebuild time on a busy system. However, if the
workload on the system is low, the CPU services the rebuild process
well. Note that if you are repairing an array, this option leaves the array
the most vulnerable of all the options as it takes the longest for the
rebuild to complete.
Cisco Small Business NSS2000 Series Administration Guide 65
Page 74
Configuring your Storage
Storage Options
4
• Degraded Mode Grace Period: Set the period of time after which the
system automatically shuts down degraded arrays. You can manually
restart a RAID array that has been automatically stopped by the degraded
mode management feature. Warning messages are sent out periodically
while the RAID array is degraded.
If you make changes to any of the storage options, click Update.
Cisco Small Business NSS2000 Series Administration Guide 66
Page 75
Setting up End-User Access
The Access Status page shows the current end-user connections to the NSS,
grouped by the file-sharing protocol used. The page displays the username, the
name of the host from which the user is currently connected, and the share or path
that the user is accessing. Status pages like the Access Status page automatically
refresh on a regular interval and are very helpful for monitoring the progress of
certain processes such as the current end-user connections to the NSS.
5
Cisco Small Business NSS2000 Series Administration Guide 67
Page 76
Setting up End-User Access
Managing your NSS Users
Managing your NSS Users
You can create, view, and maintain the list of users who can access the NSS. The
Configured Users page displays the Configured Users table. This table lists each
defined user whether the user was created locally via the NSS configuration
interface or imported from an NTv4, Active Directory, or NIS domain. Note that
users not created locally via the NSS are read-only with the exception of the email
address field which you can update directly through the NSS Configuration
Manager. Once a user profile is created, you cannot rename the username. To
rename an existing user profile, delete the user profile and then create a new one.
User profiles are maintained by the administrator. Users cannot make changes to
their passwords.
5
Creating a User Profile
Depending on your network setup, you might administer users and groups locally
or via the domain controller. The NSS configuration interface gives you read-only
access to users provided by NTv4, Active Directory, or NIS domains (with the
exception of being able to edit the email address). You can also create and
manage local users from the NSS configuration interface. Before you can create a
user profile, you must configure the volume you want to use as the home directory
location for your users on the Access Options page (from the Manager Menu, click
Access
To add a local user:
Cisco Small Business NSS2000 Series Administration Guide 68
Options).
Page 77
Setting up End-User Access
Creating a User Profile
STEP 1 From the Manager Menu, click Access Users.
STEP 2 Click Add to create a user.
5
The Configured Users page appears. Users created from the NSS
configuration interface and provided by the ADS, NTv4, or NIS domain appear
in the Configured Users table.
The New User page appears.
STEP 3 In the Username field, type the username. The name must be made up of
alphanumeric characters (that is, a-z, 0-9), any case, to a maximum of 32
characters. This field is required.
STEP 4 Select the group you want to assign as the user’s primary group from the Primary
Group field. If there are no groups configured, the only available choice is the
default group "nasusers". This field is required.
NOTE: Although you can assign the user to
multiple groups (through the Add Group or Edit
Group page), the primary group is the group
against which quota charges for the user’s
storage usage are made and is the group that
defines the group ownership for all files created
by the user. The primary group applies to users
set up locally on the NSS. A domain user’s
primary group is set up from the domain and is
not derived from the Primary Group field in the
NSS user profile.
Cisco Small Business NSS2000 Series Administration Guide 69
Page 78
Setting up End-User Access
Creating a User Profile
STEP 5 Assign a password by entering any valid (ASCII table) characters in the Password
field. The password is required.
STEP 6 To verify the password, re-enter it in the Confirm Password field.
STEP 7 To record the user’s full name, enter it in the Real Name field. This field is optional.
Note that you cannot enter the "/" character in this field.
STEP 8 To record the user’s email address, enter it in the Email Address field. This field is
optional.
STEP 9 Click OK to create the user and exit the New User page. Click Apply to create the
user and then add another new user.
5
NOTE: All password changes to end-user
accounts set up through the NSS configuration
pages must be made by the administrator.
Cisco Small Business NSS2000 Series Administration Guide 70
Page 79
Setting up End-User Access
Editing a User Profile
Editing a User Profile
You can change certain aspects of the user’s profile. Note that once you create a
username, the only way to "rename" that user is to delete the existing user profile
and then create a new one. Domain user profiles are read-only with the exception
of their email address which you can add or edit directly from the NSS
Configuration Manager. All password changes for end-user accounts set up
directly through the NSS configuration pages must be done by the Administrator.
To edit an existing user profile:
STEP 1 From the Manager Menu, click Access Users.
The Configured Users page appears.
5
The existing users appear in the Configured Users table.
STEP 2 Select the user from the list, and then click Edit.
Cisco Small Business NSS2000 Series Administration Guide 71
Page 80
Setting up End-User Access
Integrating Users from an ADS, NTv4, or NIS Domain
The end user’s profile appears in the Edit User page.
5
STEP 3 The username is read-only. You can make changes to any of the other fields in the
user’s profile.
STEP 4 Click Update.
Integrating Users from an ADS, NTv4, or NIS Domain
When the NSS is joined to an ADS, NTv4, or NIS domain, a list of existing domain
users is imported into the Configured Users list. You can view the entire user list
from the Configured Users page but can only edit or delete locally created users
(not domain users). (The one exception to this is that you can edit the email
address directly from the Configuration Manager.) The naming conventions use
the NetBIOS format with the domain name as a prefix of the username. The
primary group for users set up within the ADS, NTv4 or NIS domain is taken from
the user’s domain profile versus the Primary Group field in the NSS user profile.
NOTE: It is important to set up your User and
Group ID ranges before you join the NSS to an
ADS, NTv4, or NIS domain. After you join the
NSS to a domain, you should not make changes
to the range as this might lead to an ID collision.
Cisco Small Business NSS2000 Series Administration Guide 72
Page 81
Setting up End-User Access
Deleting a User Profile
Logging into the NSS as a Local User
When the NSS is joined to an NTv4 or ADS domain, local users must prefix their
username with the hostname of the NSS. Users who log in without the hostname
prefix are automatically assumed to be domain users. For example, if the NSS
hostname is "NASadmin" and the local username is "bob", the user would need to
log in as "NASadmin\bob" in the login dialog.
Deleting a User Profile
You can delete user profiles that were created via the NSS. Note: When you delete
a user profile, the user’s home directory and any files or folders created by the
user on the various shares are not deleted. As an administrator, you can log into
CIFS using the administrator account to delete the user’s data as required.
5
To delete an existing user profile:
STEP 1 From the Manager Menu, click Access Users.
The Configured Users page appears.
STEP 2 Click the username and then click Delete. To delete multiple users, use the
following mouse-key combinations:
Cisco Small Business NSS2000 Series Administration Guide 73
Page 82
Setting up End-User Access
Working with Groups
• Shift-click: To select a contiguous group of users that you want to delete,
hold down the Shift key, then click the first user, and then the last user in the
series. Click Delete to delete the highlighted users.
• Ctrl-click: To select a non-contiguous group of users that you want to delete,
hold down the Ctrl key, and then click each user from the list. Click Delete to
delete the highlighted users.
The selected user(s) disappear from the list of available users.
Working with Groups
Groups are an easy way to manage users with the same storage needs and
privileges. A group consists of one or more users. You can add or remove users
from a group at any time. The user’s primary group (the group to which quota
charges for storage usage are applied) is set up in the Primary Group field of the
user’s profile.
5
A group called "nasusers" is automatically created when you first install the NSS.
This group is the default primary group when you create new users.
Creating a Group
Groups let you specify the share access privileges for a set of users. After you
create a group, you can define the group’s access privileges on a per-share basis.
You can add or remove users to and from the group at any time. Note that users are
assigned a primary group within their user profile. When users create a file, the
group ownership is automatically set to their primary group. The storage usage is
charged to their primary group for the purposes of volume quota accounting.
Group membership, other than the primary group, is defined in either the Add
Group or Edit Group page and is used only to control access to shares and files.
NOTE: You cannot grant security privileges to
a group for a CIFS share through ACL.
To create a group:
Cisco Small Business NSS2000 Series Administration Guide 74
Page 83
Setting up End-User Access
Creating a Group
STEP 1 From the Manager Menu, click Access Groups.
5
The Configured Groups page appears.
STEP 2 Click Add.
The New Group page appears.
STEP 3 In the Group Name field, type the name you want to assign to the group. The name
can only contain lower-case alphanumeric characters and underscores (i.e., a-z, 09, _) to a maximum of 32 characters.
Cisco Small Business NSS2000 Series Administration Guide 75
Page 84
Setting up End-User Access
Changing the Users Assigned to a Group
STEP 4 Move the users you want to assign to the group from the Users Available list to the
Users in Group list. Note that a user can be assigned to multiple groups. (The
single angled bracket "<" or ">" moves the selection in the direction of the bracket.
The double angled bracket "<<" or ">>" moves the entire list in the direction of the
bracket.)
STEP 5 Click OK to save the current group and display the Configured Groups page. Click
Apply to save the current group and remain in the New Group page to add another
group.
Changing the Users Assigned to a Group
After you create a group, you can delete or add to the list of users that belong to
that group.
5
NOTE: When you delete an end user from a
group, the end user must log out of their client
machine before the change takes effect. This
means that users no longer assigned to a group
maintain full group privileges (i.e., access to
shares) until they log off/log on to their
computer.
To change the group membership:
STEP 1 From the Manager Menu, click Access Groups.
The Configured Groups page appears.
STEP 2 From the list of configured groups, select the group that you want to change.
Cisco Small Business NSS2000 Series Administration Guide 76
Page 85
Setting up End-User Access
Integrating Groups from an Active Directory, NTv4, or NIS Domain
STEP 3 Click Edit.
The Edit Group page appears.
5
STEP 4 Set up the Users in Group list as required. (The single angled bracket "<" or ">"
moves the selection in the direction of the bracket. The double angled bracket "<<"
or ">>" moves the entire list in the direction of the bracket.)
STEP 5 Click Update.
Integrating Groups from an Active Directory, NTv4, or NIS
Domain
When the NSS is joined to an Active Directory, NTv4, or NIS domain, domain
groups only appear on the Shares page (they do not appear in the list of
configured groups). Group membership for imported domain groups are readonly. The naming conventions use the NetBIOS format with the domain name as a
prefix of the group name. For example, "DOMAINNAME\GroupName".
NOTE: It is important to set up your User and
Group ID ranges before you join the NSS to an
ADS, NTv4, or NIS domain. After you join the
NSS to a domain, you should not make changes
to the range as this might lead to an ID collision.
Cisco Small Business NSS2000 Series Administration Guide 77
Page 86
Setting up End-User Access
Deleting a Group
Deleting a Group
When you delete a group, the group is automatically removed from having access
to any configured shares.
To delete a group:
STEP 1 From the Manager Menu, click Access Groups.
5
The Configured Groups page appears.
STEP 2 Before you can delete a group, you must remove any assigned users.
STEP 3 You can delete a group from two locations in the NSS configuration interface:
• Groups page: Highlight the group you want to delete from the Configured
Groups table, and then click Delete. To delete multiple groups, use the
following key-mouse combination:
- Shift-click: To select a contiguous list of groups that you want to delete,
hold down the Shift key, then click the first group, and then the last group
in the series. Click Delete to delete the highlighted groups.
- Ctrl-click: To select a non-contiguous set of groups that you want to
delete, hold down the Ctrl key, and then click each group from the list.
Click Delete to delete the highlighted groups.
• Edit Groups page: Select the group you want to edit, and then click Edit. The
Edit Groups page appears. Click Delete to remove the group.
Cisco Small Business NSS2000 Series Administration Guide 78
Page 87
Setting up End-User Access
Managing Volume Quotas
Managing Volume Quotas
You can set up specific space limits for each user or group who has write access
to a volume. Defining a user or group’s quota means that you can set a space limit
(referred to as a soft quota) that, when reached, sends a warning to the
administrator and initiates a countdown of the defined grace period. The user has
the amount of time in the grace period to reduce the amount of space used to
under the soft quota limit. Users who do not reduce the space in the allotted grace
period, or who reach their hard quota limit, no longer have write access to the
volume until they reduce their usage to under their soft quota limit.
When a user creates, modifies or deletes a file on a volume, note that there is a
small delay before the usage is updated on the Filesystem Quota page. This delay
is due to the caching in the filesystem used to provide high performance.
5
NOTE: Before you create or edit a quota
located on an encrypted volume, make sure the
volume is unlocked. You also need to set up the
Warn For time for each volume from the
Filesystem Quota page. The Warn For time only
affects individual quota that was created after
the Warn For time was set.
Changing the User’s Primary Group
Quotas are charged to the group assigned as the user’s primary group at the time
of file creation. If the user’s primary group changes, files created under the
previous group continue to be charged against that group. Note that if the user’s
primary group changes while the user is connected to the NSS, the previous
primary group continues to be the group charged until the user’s connection is
closed. The new primary group becomes the group charged only after the
connection is re-opened.
NOTE: If the user is created within a domain,
the primary group defined is in the user profile
from the domain, not the Primary Group field in
the NSS user profile.
Cisco Small Business NSS2000 Series Administration Guide 79
Page 88
Setting up End-User Access
Creating Volume Quota for a User or Group
About the Volume Quota Page
The Volume Quota page is where you manage user and group quotas for each
volume. To display the Volume Quota page, from the Manager Menu, click Access
Quota.
5
Creating Volume Quota for a User or Group
You can set up a quota on a volume for each user or group. This quota limits the
user or group to the allocated amount of space within the volume. To give certain
users or groups assigned to a volume full access to the space on the volume, do
not create a quota for that user or group.
NOTE: Before you can create quota on an
encrypted volume, make sure it is unlocked.
You also need to set up the Warn For time for
each volume from the Filesystem Quota page.
The Warn For time only affects individual quota
that was created after the Warn For time was
set.
Cisco Small Business NSS2000 Series Administration Guide 80
Page 89
Setting up End-User Access
Creating Volume Quota for a User or Group
To create a quota for a user or group:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
5
STEP 2 Click Create Quota.
The New Filesystem Quota page appears.
STEP 3 Select the volume on which you want to set the quota from the New Quota on FS
drop-down list.
Cisco Small Business NSS2000 Series Administration Guide 81
Page 90
Setting up End-User Access
Creating Volume Quota for a User or Group
STEP 4 Select the user or group for which you are creating the quota from the For User/
Group drop-down list.
STEP 5 In the Warning at field, enter the threshold of space that, when exceeded, triggers
a warning that the quota is close to being used up. Select the size unit from the
drop-down menu. When the threshold is exceeded, the grace period set up for the
volume begins. The user has the amount of time set in the grace period to reduce
the amount of space used to under the space set in the Warning at field or they are
not allowed to write further data to the volume. Another way to think about this
field is as a "soft quota".
STEP 6 In the Space Limit field, enter the amount of space that the user or group has
available to use, and then select the size unit from the drop-down menu. Another
way to think about this field is as the "hard quota". If the user reaches the space
limit, the user can no longer write data to the volume until they either reduce the
amount of space used to under the limit by deleting files or have the quota
increased.
5
STEP 7 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 82
Page 91
Setting up End-User Access
Setting up the Grace Period for a Volume Quota
Setting up the Grace Period for a Volume Quota
You can set up a limit on the amount of space available to your users or groups.
This limit can be set as a soft quota and hard quota. When the users reach their
"soft quota", a warning is issued and the grace period begins. Users then have the
amount of time set in the grace period to either reduce the amount of spaced used
by deleting files, or have the quota increased. If the amount of space is not
reduced before the grace period expires or the user reaches the hard quota, the
user is automatically denied write access to the volume.
NOTE: Before you create quotas for a user or
group, make sure you set up the Warn For time
for each volume from the Filesystem Quota
page. The Warn For time only affects individual
quota that was created after the Warn For time
was set.
5
To set up the grace period for a volume:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
STEP 2 To set up the grace period, after which if the soft limit set for the user or group is
still exceeded, the user or group is denied write access, enter the time period in
the Warn for <time period> before denying access field. Enter the number in the
first part of the field, and the time unit in the second part of the field. For example,
Cisco Small Business NSS2000 Series Administration Guide 83
Page 92
Setting up End-User Access
Changing a Volume Quota for a User or Group
to warn the user or group that they have reached their soft limit and have three
days to reduce it, enter "3" and then select "days". Normally, when the quota is
under the limit, it appears in black type. When a user reaches their soft quota limit,
the amount listed on Filesystem Quota page turns red.
STEP 3 Click Update.
STEP 4 Repeat steps 2 and 3 for each applicable volume.
Changing a Volume Quota for a User or Group
After a quota is created, you can increase or decrease it. You can also change the
limit at which the user or group receives a warning message and the grace period
begins.
5
To change the quota limit or warning limit:
STEP 1 From the Manager Menu, click Access Quota.
The Filesystem Quota page appears.
Cisco Small Business NSS2000 Series Administration Guide 84
Page 93
Setting up End-User Access
Changing a Volume Quota for a User or Group
STEP 2 Click Edit for the user or group for which you want to change the quota.
The Edit Quota page appears.
5
STEP 3 Make the required changes to the soft (warning) or hard quota (space limit) limits.
STEP 4 Click Update.
Cisco Small Business NSS2000 Series Administration Guide 85
Page 94
Setting up End-User Access
Clearing a Quota
Clearing a Quota
After a quota has been set up, you can clear it. Clearing a quota means that the
user or group no longer has a space limitation on their use of the associated
volume (other than the actual unused storage space on the volume).
To clear a quota for a user or group:
STEP 1 From the Manager Menu, click Access Quota.
5
The Filesystem Quota page appears.
Quotas are displayed according to their associated volume.
STEP 2 Click Clear for the user or group whose quota you want to remove.
Cisco Small Business NSS2000 Series Administration Guide 86
Page 95
Setting up End-User Access
Network Filters Overview
Network Filters Overview
In addition to providing storage for your data, the NSS provides a configurable
firewall to protect that data. Defining network filters lets you specify which
network hosts have access to the NSS via the various supported protocols.
To view the network filters:
STEP 1 From the Manager Menu, click Access Network.
The Network Filters page appears.
5
STEP 2 You can do any of the following:
• Set the default network policy to control what happens to traffic not
explicitly covered by defined filters. See the ”Defining the Default Network
Policy” section on page 88.
• View or delete the existing filters defined for the NSS from the Active
Network Access Filters table. See the ”Network Filters Overview” section
on page 87.
• Create a new filter based on an IP or MAC address or a range of IP
addresses. See the ”Creating a Network Filter” section on page 89.
Cisco Small Business NSS2000 Series Administration Guide 87
Page 96
Setting up End-User Access
Defining the Default Network Policy
Defining the Default Network Policy
The default network policy is the overarching policy that defines the gateway for
communication to the NSS. It specifies how traffic that is not covered by defined
filters is handled. The default policy can be defined to either accept or reject such
traffic.
To define the default network policy:
STEP 1 From the Manager Menu, click Access Network.
The Network Filters page appears.
5
STEP 2 From the Default Network Policy drop-down menu, click one of the following:
• Accept Traffic: Allow the NSS to communicate with all initiating hosts.
Select this option if you have a limited number of systems that you want to
disallow. When you set up your individual filters, select those filters that
"disallow" (i.e., drop or reject) certain types of connections. For example, you
might want to disallow CIFS connections but allow all other types.
• Drop Traffic: Disallow the NSS from communicating with any initiating
systems. Select this option if you have a limited number of systems that you
want to allow to communicate with the NSS. When you set up your filters,
Cisco Small Business NSS2000 Series Administration Guide 88
Page 97
Setting up End-User Access
Creating a Network Filter
STEP 3 Click Change Policy.
5
select those filters that "allow" certain types of connections. For example,
you might only want to allow FTP connections.
NOTE: If you set the default policy to Drop
and you want to enable FTP connections, make
sure you set the FTP connection type on the
host to "active". (If you set the connection type
to "passive" you can connect to the NSS but are
not able to list, transfer the data, and so on.)
Creating a Network Filter
The Active Network Access Filters table on the Network Filters page displays
currently defined filters. These filters control if access to the NSS from specified
hosts is granted or denied on a per-protocol basis. Each device in your network is
assigned a fixed 48-bit MAC address and changeable 32-bit IP address. When
you define a filter, it grants or denies access via the specified protocol from the
specified IP/MAC address or range of IP addresses.
NOTE: When you define a new filter, any
existing connections that would normally be
denied by this rule remain in tact. These
connections are denied during the next attempt
to connect to the NSS.
Cisco Small Business NSS2000 Series Administration Guide 89
Page 98
Setting up End-User Access
Creating a Network Filter
To add a network filter:
STEP 1 From the Manager Menu, click Access Network.
5
The Network Filters page appears.
STEP 2 From the New Network Access Filter table, type the IP/MAC address to which you
are applying the filter, in the IP/MAC address field. You can also enter addresses
for the following:
• An IP Address Range: Type the range according to the following format:
address-last address
first, followed by a hyphen, and then the last IP address in the range.)
. (Where the first IP address in the range is entered
first
• A Subnet: Enter the subnet to set a filter for all the addresses within the
subnet. The format should appear as shown in the following example:
192.168.1.0/24 (where the digits following the slash represent the number of
bits in the network portion of the IP address).
STEP 3 From the Filter drop-down menu, select the type of filter you want to apply to the
IP/MAC address.
STEP 4 Click Add.
Any connections that apply to the new filter rule are affected by the rule during
the next connection attempt.
Cisco Small Business NSS2000 Series Administration Guide 90
Page 99
Setting up End-User Access
Available Access Filters
Available Access Filters
When you configure network filters, determine which protocols can or cannot
access the NSS. To display the list of available filters, click the drop-down arrow
next to the Filter field on the Network Filters page.
5
• Allow All: This is the default filter. It tells the NSS to accept traffic via all
supported protocols.
• Allow CIFS: Allow CIFS filesharing access.
Cisco Small Business NSS2000 Series Administration Guide 91
NOTE: Rejecting versus Dropping Traffic:
When incoming traffic matches a "reject" filter,
the NSS drops the traffic and then sends a
notice to the initiating system of the denial of
service. When incoming traffic matches a "drop"
filter, the NSS drops the traffic but no notice is
sent to the initiating system
Page 100
Setting up End-User Access
Available Access Filters
5
• Allow FTP: Allow FTP access.
• Allow FTPS: Allow FTPS access.
• Allow HTTP: Allow access to the NSS configuration interface via a Web
browser via HTTP.
• Allow HTTPS: Allow access to the NSS configuration interface via a Web
browser via HTTPS.
• Allow NFS: Allow NFS access.
• Reject All: Reject traffic via all supported protocols.
• Reject CIFS: Do not allow CIFS filesharing access. The NSS informs the
system initiating the connection about the denial of service.
• Reject FTP: Do not allow FTP traffic. The NSS informs the system initiating
the connection about the denial of service.
• Reject FTPS: Do not allow FTPS traffic. The NSS informs the system
initiating the connection about the denial of service.
• Reject HTTP: Do not allow access to the NSS configuration interface via a
Web browser through HTTP. The NSS informs the system initiating the
connection about the denial of service.
• Reject HTTPS: Do not allow access to the NSS configuration interface via a
Web browser through HTTPS. The NSS informs the system initiating the
connection about the denial of service.
• Reject NFS: Do not allow NFS filesharing access. The NSS informs the
system initiating the connection about the denial of service.
• Drop All: Do not allow access from any of the supported protocols. The NSS
does not inform the system initiating the connection about the denial of
service.
• Drop CIFS: Do not allow CIFS filesharing access. The NSS does not inform
the system initiating the connection about the denial of service.
• Drop FTP: Do not allow FTP traffic. The NSS does not inform the system
initiating the connection about the denial of service.
• Drop FTPS: Do not allow FTPS traffic. The NSS does not inform the system
initiating the connection about the denial of service.
Cisco Small Business NSS2000 Series Administration Guide 92
Loading...