Cisco OL-6918-01 User Manual

CHAPTER

4

Using Service Manager

Cisco Mobile Wireless Home Agent is the anchor point for mobile terminals for which mobile or proxy
mobile services are provided. The Home Agent maintains mobile user registrations and tunnels packets
that are destined for the mobile node to the PDSN or FA. The Home Agent supports reverse tunneling,
and can securely tunnel packets to the PDSN by using IPSec.

You can use the HA Service Manager to manage various Home Agent services for users with homed or
virtually homed IP addresses on the router.

Note Some of the Sync Report functions require Network Operator and Network Administrator privileges.

This chapter provides information about:

• Service Manager Tasks, page 4-2

• Selecting an HA Device Group, page 4-3

• Displaying an HA Configuration, page 4-5

• Generating Sync Reports, page 4-6

• Activating Services on HA Devices, page 4-12

• Managing Batch Configurations, page 4-36

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-1

Service Manager Tasks

Service Manager Tasks

You can use the Service Manager tab to perform these tasks:

Table 4-1 Home Agent Service Manager Tasks

Option Task Topic

Select Group Select a device group Selecting an HA Device Group, page 4-3
Display Config Display HA configuration

commands of a device

Sync Report Check thelatest status of the master

device and other devices in a group,
from RME or DCR.

Generate a Sync report. Generating a Diff Report, page 4-7
Display the differences in

HA-specificconfigurationsbetween
any two devices of the group.

Service
Activation

Batch
Configuration

Activate various services Activating Services on HA Devices, page 4-12
Configure local IP pools Local IP Pools, page 4-12
Configure virtual networks Working With Virtual Networks, page 4-17
Assign home addresses with NAI Assigning Home Addresses With NAI, page

Assign home addresses without
NAI

Configure security associations for
the mobile host, Home Agent, or
Foreign Agent

Configure VRF support on HA
devices

Enable Hot-Lining Hot-Lining, page 4-34
Manage batch configurations Managing Batch Configurations, page 4-36

Chapter 4 Using Service Manager

Displaying an HA Configuration, page 4-5

Checking Device Status, page 4-7

Comparing the Configurations of Two Devices,
page 4-11

4-19
Assigning Home Addresses Without NAI, page

4-23
Security Associations, page 4-26

VRF Support on HA, page 4-30

4-2

User Guide for Cisco Home Agent Service Manager

OL-6918-01

Chapter 4 Using Service Manager

Selecting an HA Device Group

Before you enable service-activation,you must categorize device entities into a logical group. After you
select a group, you can download the service-activation configurations to all the devices in the group.

Note All devices in the group must be fully managed and monitored by Resource Manager Essentials (RME).

To select a HA device group:

Step 1 Choose HA Service Manger > Service Manager > Select Group.

The Group Selection window appears. (See Figure 4-1 on page 4-3.)

Figure 4-1 Group Selection window

Selecting an HA Device Group

Step 2 Choose a group from the list.
Step 3 Click View to see the devices in the group.

A popup window displays the following information about the devices:

Field Description

Display Name Display name of the device.
Host Name Name of the host for the device.
IP Address IP address of the device.

The master device is designated by an asterisk (*).

Step 4 Check the Fetch Config check box to obtain the running configuration of the devices in this group.

Help Desk and Approver operators do not have the privilege to do Fetch Config.

Note Fetch Config fetches the configuration from the device and uploads it to the RME archive. The

HA SM then obtains that configuration from RME, rather than directly from the device. If the
RME archive already contains the running configuration of the device,you need not select Fetch
Config.If you have modifiedthe running configuration on the device, run Fetch Configto ensure
that the RME has the latest configuration for the HA SM to use.

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-3

Selecting an HA Device Group

Step 5 Enter your CiscoWorks password, then click Connect.

If you check the Fetch Configcheck box, this task will take a few minutes to complete. The time depends
on the number of devices in the selected group and the size of the configuration.

A task status window indicates progress.

Step 6 A confirmation window appears, and confirms that this HA device group is selected. The information in

the window varies depending on whether you check or uncheck Fetch Config.

• If you check Fetch Config, the confirmation window displays a list of all devices in the group with:

Click the column heading to sort the list. Click Close to close this window.

• If you uncheck Fetch Config, the confirmation window displays a list of all devices in the group

with the following information:

Click Close to close this window.

The name of the device group appears in the upper-right corner of the window.

–

Device Name

–

Connection Status

–

Cause of any errors

–

Display Name

–

Host Name

–

IP Address

Chapter 4 Using Service Manager

4-4

User Guide for Cisco Home Agent Service Manager

OL-6918-01

Chapter 4 Using Service Manager

Displaying an HA Configuration

You can view the HA-specific configurations commands of specified devices in the selected group by
using the HA Configuration Viewer.

To display an HA-specific configuration:

Step 1 Choose a device group (Choose Service Manager > Select Group). For more information, see Selecting

an HA Device Group, page 4-3.

Step 2 Choose Service Manager > Display Config.

The Display Config window appears.

Step 3 Choose a device from the Device drop-down list, then click Display Config.

The HA Config Viewer appears. (See Figure 4-2 on page 4-5.)

Figure 4-2 HA Config Viewer Window

Displaying an HA Configuration

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-5

Generating Sync Reports

The HA Config Viewer window displays:

• Left pane—Displays all the configlets that the configuration comprises. Click any folder to expand

the tree and display descendant configlets. Choose any configlet to see the required commands.

• Right pane—Displays all the configuration commands corresponding to each configlet in

alphanumeric order.

Step 4 Click Close to exit the HA Config Viewer.

Generating Sync Reports

You can use the Sync Report to compare the HA-specific configurations of the master device and those
of the other devices in the group, and two selected devices.

The Sync Report tab displays:

• Sync Report Dashboard—Displays the latest status of the master device and other devices in a

group, from RME or DCR. Generates a list of differences between the HA-specific configurations
of the master device and those of any other device in the group.

• Compare Config—Displays the differences in HA-specific configurations between any two devices

of the group.

To generate a sync report:

Chapter 4 Using Service Manager

Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA DeviceGroup,

page 4-3.

Step 2 Choose Service Manager > Sync Report. The overview page appears with the table of contents in the

left pane. From here you can go to:

• Sync Report Dashboard—See Using Sync Report Dashboard, page 4-7.

• Compare Config—See Comparing the Configurations of Two Devices, page 4-11.

4-6

User Guide for Cisco Home Agent Service Manager

OL-6918-01

Chapter 4 Using Service Manager

Using Sync Report Dashboard

The Sync Report Dashboard provides the latest status of the master device and other devices in a group,
from RME or DCR. It also polls all the devices in the group and creates a Diff report.

Checking Device Status

When you launch the Sync Report Dashboard, the latest status of the master device from RME or DCR
appears automatically. You can get the latest information about the other devices in a group only when
you click Generate Diff.

When you use the Generate Diff function, the Sync Report Dashboard checks whether the device:

• Is reachable through Telnet and SNMP.

The Sync Report Dashboard does not check the Telnet credentials of the device.

• Display Name, Host Name, or IP Address are changed.

• Exists in RME or DCR.

• Is in Suspended state.

An appropriate message and color appears in the Status field, under the Report pane, depending on the
status of the devices.

All the previous checks are performed on the master device when you launch the Sync Report
Dashboard. HA SM uses the archived configurations of a device from RME rather than the real time
configurations from the device.

Generating Sync Reports

Note The Master Device Status is the current status of the master device at time T1, where T1 is the time that

you launch Sync Report Dashboard. The Device Status is the status of the device at time T2, where T2
is the time that you click Generate Diff.

Generating a Diff Report

To generate a list of differences between the HA-specific configurations of the master device and those
of any other device in the group, and to display the latest status of the devices:

Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA DeviceGroup,

page 4-3.

Step 2 Choose Service Manager > Sync Report > Sync Report Dashboard.

The Sync Report Dashboard window appears. (See Figure 4-3 on page 4-8.)

Step 3 Click Generate Diff to poll all the devices in the group and create a Diff report. The current status of

the operation is automatically updated.
If you have device groups with large numbers of devices, the diff process will take a few minutes. The

window refreshes every fiveseconds while the report is in the Running state. To update status manually,
click Refresh. The process is complete when the Status changes to Completed.

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-7

Generating Sync Reports

The Sync Report Dashboard window contains:

Field Description

Master Device Displays the master device of the selected group.
Master Device Status Current status of the master device at time T1, where T1 is the time you launch

Report

Device Name Displays the devices in the selected group.
Status Displays the status of the device at time T2, where T2 is the time you click

Schedule Status

Status Displays the status of the Diff process. It can be Running or Completed.
Start Time Time at which the Diff process starts.
End Time Time at which the Diff process ends.

Chapter 4 Using Service Manager

Sync Report Dashboard. A (–) appears by default, which indicates that there are
no errors. An appropriate message appears if there are any errors.

Lists the devices in the group and the color-coded Diff status.

Generate Diff. Table 4-2 describes the color code of the Diff Status that appears
in the Status column. An appropriate message appears if there are any errors.

Figure 4-3 Sync Report Dashboard Window

Step 4 In the Report pane, select a device to compare its configurations with the master device.

4-8

User Guide for Cisco Home Agent Service Manager

OL-6918-01

Chapter 4 Using Service Manager

Step 5 Click Show Diff to see a detailed comparison. The Sync Report Config Diff Viewer appears. (See

Figure 4-4 on page 4-9.)

Figure 4-4 Sync Report Config Diff Viewer

Generating Sync Reports

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-9

Generating Sync Reports

Table 4-2 Color Key to the Sync Report Dashboard

Color Meaning

Green No difference exists. The configlets of the master and selected devices are the

Yellow A difference exists. The configlets of the master and selected devices are

Red The device is not reachable.
Black One of these conditions has occurred:

Red asterisk Indicates that a more recent configurationfor this device is present in RME. You

Chapter 4 Using Service Manager

same. The Show Diff button will be disabled.

dissimilar. Click Show Diff to see a detailed comparison.

Note The Show Diff button is enabled only for devices shown in yellow.

• The RME fetch configfor that device failed. If all devices in a group appear

in black, the fetch config for the master device in that group failed.

• An error occurred in retrieving the latest configuration version from RME.

• Authorization failed.

• The devices in the group are suspended or invalid.

can obtain such updated configurations by using the Generate Diff function.

Interpreting the Sync Report Config Diff Viewer

In the Sync Report Config Diff Viewer, Device1 is the master device and Device 2 is the the device being
compared. The Sync Report Config Diff Viewer also displays the date and time that the diff is generated.

The Sync Report Config Diff Viewer has three panes:

• The left pane–Displays all the configlets that the configuration comprises. Click any folder to

expand the tree and display descendant configlets. Choose any configlet to compare the required
command between the configurations of the two devices.

• The center pane–Displays the configuration of Device 1 (master device).

• The right pane–Displays the configuration of Device 2 (selected device).

The Sync Report Diff Viewer displays colored text that highlights differences between the configlets in
the two configurations, as described in Table 4-3:

Table 4-3 Color Key to the Sync Report Config Diff Viewer

Color Description

Black These configlets are present in both devices.
Red These configlets are present on both devices, but differ.
Blue These configlets are present on one of the devices only.

4-10

User Guide for Cisco Home Agent Service Manager

OL-6918-01

Chapter 4 Using Service Manager

Comparing the Configurations of Two Devices

To display the differences in HA-specific configurations between any two devices of the group:

Step 1 Choose Service Manager > Sync Report > Compare Config.

The Sync Report window appears.

Step 2 Choose the devices that you want to compare from the drop-down lists for Device1 and Device2.
Step 3 Click Compare. The Sync Report Config Diff Viewer appears. (See Figure 4-4 on page 4-9.)

Interpreting the Sync Report Config Diff Viewer

The Sync Report Config Diff Viewer displays that the date and time the diff is generated, and the
configurations.

The Sync Report Config Diff Viewer has three panes:

• The left pane–Displays all the configlets that the configuration comprises. Click any folder to

expand the tree and display descendant configlets. Choose any configlet to compare the required
command between the configurations of the two devices.

• The center pane–Displays the configuration of Device 1.

• The right pane–Displays the configuration of Device 2.

The Sync Report Diff Viewer displays colored text that highlights the differences between the configlets
in the two configurations, as described in Table 4-4:

Generating Sync Reports

Table 4-4 Color Key to the Sync Report Config Diff Viewer

Color Description

Black These configlets are present in both devices.
Red These configlets are present on both devices, but differ.
Blue These configlets are present on one of the devices only.

OL-6918-01

User Guide for Cisco Home Agent Service Manager

4-11

Activating Services on HA Devices

Activating Services on HA Devices

You can use the HA Service Manager to manage and activate services on the Home Agent devices in the
selected device groups.

Service activation entails the following tasks:

• Configuring Local IP Pools, page 4-13

• Configuring Virtual Networks, page 4-18

• Assigning Home Addresses With NAI, page 4-19

• Assigning Home Addresses Without NAI, page 4-23

• Configuring Security Associations, page 4-27

• Configuring VRF Support on HA Devices, page 4-31

• Enabling Hot-Lining, page 4-35

To invoke Service Activation in HA Service Manager:

Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA DeviceGroup,

page 4-3.

Step 2 Select HA Service Manager > Service Activation.

The left pane displays the Service Activation table of contents. Choose the required service to activateit.

Chapter 4 Using Service Manager

Local IP Pools

Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA DeviceGroup,

Step 2 Choose HA Service Manager > Service Activation > Local IP Pool.

Step 3 Choose the default pool from the list, then click Execute, to configure a default pool.

To configure Home Agent functionality on your router, you must determine IP addresses or subnets for
which enables roaming service.

Home Agent (HA) dynamically assigns a home address to the mobile node (MN) from address pools that
are configured locally. HA obtains the IP address by accessing the DHCP or AAA server, and allocates
the addresses from the pool on a first come, first serve basis. The MN will keep the address as long as it
has an active binding in the HA. When the binding expires this address is immediately returned to the
pool.

To display a list of the local IP pools that are configured in the HA Service Manager:

page 4-3.

The Local IP Pool dialog box appears with a list of all the local IP pools in the selected group.
If no default pool is configured on the device, a default pool that is designated by an asterisk (*) appears

in the display. You can view or delete a default pool only after you configure one on the device.

4-12

User Guide for Cisco Home Agent Service Manager

OL-6918-01