Extreme Networks EPICenter Guide, EPICenter 5.0 User Manual
Extreme Networks, Inc.
3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
http://www.extremenetworks.com
EPICenter Concepts and
Solutions Guide
Version 5.0
Published: October, 2004
Part number: 100175-00 Rev. 01
2
©2004 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of
Extreme Networks, Inc. in the United States and certain other jurisdictions. EPICenter, ExtremeWare, ExtremeWare Vista,
ExtremeWorks, ExtremeAssist, ExtremeAssist1, ExtremeAssist2, PartnerAssist, Extreme Standby Router Protocol, ESRP,
SmartTraps, Alpine, Summit, Summit1, Summit4, Summit4/FX, Summit7i, Summit24, Summit48, Summit Virtual
Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks,
Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service
mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are
subject to change without notice.
Solaris is a trademark of Sun Microsystems, Inc.
This product includes software developed by the Apache Software Foundation (http://www.apache.org).
This product contains copyright material licensed from AdventNet, Inc. (http://www.adventnet.com). All rights to such
copyright material rest with AdventNet.
All other registered trademarks, trademarks and service marks are property of their respective owners.
EPICenter Concepts and Solutions Guide 3
Contents
Preface
Introduction 9
Terminology 9
Conventions 10
Related Publications 11
Chapter 1 EPICenter Overview
Introduction 13
EPICenter Features 13
Inventory Management 15
The Alarm System 15
The Configuration Manager and the Firmware Manager 16
The Grouping Manager 16
The IP/MAC Address Finder 16
The Telnet Feature 16
Real-Time Statistics 17
Topology Views 17
Enterprise-wide VLAN Management 18
The ESRP Manager 18
The STP Monitor 18
EPICenter Reports 18
Role-based Access Management 19
EPICenter Stand-alone Utilities 19
The EPICenter Policy Manager Upgrade 19
Distributed Server Mode (EPICenter Gold Upgrade) 20
EPICenter Software Architecture 20
Extreme Networks Switch Management 21
SNMP and MIBs 21
Traps and Smart Traps 22
Device Status Polling 22
4 EPICenter Concepts and Solutions Guide
Extreme Networks Device Support 23
Third-Party Device Support 23
Chapter 2 Getting Started with EPICenter
Starting EPICenter 25
Starting the EPICenter Server 25
Starting the EPICenter Client 26
The EPICenter Client Login Window 28
Getting Help 30
Working with the EPICenter Features 31
Device Selection Persistence 31
Running Features in Separate Windows 32
EPICenter User Roles 32
Creating the Device Inventory 33
Using Discovery 33
Adding Devices Individually 35
Setting up Default Device Contact Information 35
Creating and Using Device Groups 35
Managing Device Configurations and Firmware 37
Saving Baseline Configuration Files in the Configuration Manager 37
Scheduling Configuration File Archiving 39
Checking for Software Updates 40
Using the EPICenter Alarm System 41
Predefined Alarms 41
The Alarm Log Browser 42
Filtering the Alarm Log Display 43
Creating or Modifying an Alarm Definition 46
Threshold Configuration for RMON and CPU Utilization Alarms 53
Configuring a CPU Utilization Rule 56
Using Topology Views 58
Automated Map Creation vs. Manual Map Creation 60
Customizing the Look of Your Maps 61
Using Basic EPICenter Reports 61
Chapter 3 Managing your Network Assets
Creating a Network Component Inventory 65
Using Discovery to Find Network Devices 65
Adding Devices Individually 68
Importing Devices Using the DevCLI Utility 69
Making Device Contact Information Changes 69
Organizing Your Inventory with Device Groups 71
EPICenter Concepts and Solutions Guide 5
Monitoring Critical Links with Port Groups 72
Inventory Reports 74
Uploading Inventory Information to Extreme Networks 75
Chapter 4 Configuring and Monitoring Your Network
Scalable, Concurrent Multidevice Configuration 77
User-Defined Telnet Macros 78
Creating Telnet Macros for Re-Use 79
Creating Macros to be Run From a Menu 80
Role-based Telnet Macro Execution 81
Network-wide VLAN Configuration 82
Graphical and HTML-based Configuration Monitoring 83
Chapter 5 Managing VLANs
Graphical Configuration and Monitoring of VLANs 85
Network-wide VLAN Membership Visibility 86
Network-wide Multidevice VLAN Configuration 88
Modifying VLANs from a Topology Map 89
Displaying VLAN Misconfigurations with Topology Maps 90
Chapter 6 Managing Network Device Configurations and Updates
Archiving Component Configurations 93
Baseline Configurations 94
Identifying Changes in Configuration Files 95
Automatic Differences Detection 95
Device Configuration Management Log 96
Managing Firmware Upgrades 97
Automated Retrieval of Firmware Updates from Extreme Networks 97
Detection of Firmware Obsolescence for Network Components 97
Multi-Step Upgrade Management 97
Chapter 7 Managing Network Security
Security Overview 99
Management Access Security 99
Using RADIUS for User Authentication 100
Setting up EPICenter Roles using RADIUS 100
Securing Management Traffic 100
Monitoring Configuration Changes 102
MAC Address Finder 103
6 EPICenter Concepts and Solutions Guide
Using Alarms to Monitor Potential Security Issues 103
Device Syslog History 104
Network Access Security 105
Using VLANs 105
Using IP Access Lists 107
Chapter 8 Managing Wireless Networks
Wireless Networking Overview 109
Inventory Management Using Wireless Reports 110
Security Monitoring with Reports 110
Client MAC spoofing report 111
Monitoring Unauthenticated Clients 111
Detecting Rogue Access Points 112
Enabling Rogue Access Point Detection 112
Detecting Clients with Weak or No Encryption 113
Wireless Network Status with Reports 114
Performance Visibility with Reports 114
Debugging Access Issues with Syslog Reports 115
Fault Isolation with Reports 115
Chapter 9 Tuning and Debugging EPICenter
Monitoring and Tuning EPICenter Performance 117
Polling Types and Frequencies 118
Performance of the EPICenter Server 119
Tuning the Alarm System 120
Disabling Unnecessary Alarms 120
Limiting the Scope of Alarms 121
The Alarm and Event Log Archives 123
Using the MIB Poller Tools 123
Defining a MIB Collection 124
The MIB Poller Summary 125
The MIB Query Tool 130
Reconfiguring EPICenter Ports 131
Using the EPICenter Debugging Tools 132
Chapter 10 VoIP and EPICenter-Avaya Integrated Management
Overview 133
Installation Considerations 134
TFTP Server Coordination 135
EPICenter Concepts and Solutions Guide 7
Discovering Avaya Devices 135
Avaya Devices in EPICenter 136
Launching the Avaya Device Manager from the Devices Sub-Menu 137
Tools Menu Commands 138
Launching the Avaya Integrated Management Console from EPICenter 139
Monitoring IP Phones on Extreme Networks Devices 139
Importing IP Phones 139
Syncing IP Phones 141
The IP Phones Properties Display 141
IP Phones Reports 142
EPICenter System Properties for Avaya Integration 143
Launching EPICenter from the Avaya Integrated Management Console 145
Chapter 11 Policy Manager Overview
Overview of the Policy Manager 147
Basic EPICenter Policy Definition 148
Policy Types 149
Access-based Security Policies 149
IP-Based Policies (Access List Policies) 151
Source Port Policies 154
VLAN Policies 155
Policy Named Components 156
Policy Access Domain and Scope 159
Using Groups in Policy Definitions 160
Precedence Relationships within the Policy Manager 161
Policy Configuration 161
EPICenter Policy Limitations 162
Appendix A Troubleshooting
Troubleshooting Aids 165
Using the Stand-alone Client Application 165
Using the Browser-based Client (Windows Only) 166
EPICenter Client 167
EPICenter Database 168
EPICenter Server Issues 169
VLAN Manager 172
Alarm System 173
ESRP Monitor 174
8 EPICenter Concepts and Solutions Guide
Inventory Manager 175
Grouping Manager 176
Printing 176
To p ol o gy 176
STP Monitor 177
Reports 177
Appendix B EPICenter Utilities
The DevCLI Utility 179
Using the DevCLI Commands 180
DevCLI Examples 182
Inventory Export Scripts 183
Using the Inventory Export Scripts 183
Inventory Export Examples 184
The SNMPCLI Utility 185
Using the SNMPCLI Utility 185
SNMPCLI Examples 186
Port Configuration Utility 187
The AlarmMgr Utility 188
Using the AlarmMgr Command 189
AlarmMgr Output 191
AlarmMgr Examples 191
The FindAddr Utility 191
Using the FindAddr Command 192
FindAddr Output 193
FindAddr Examples 194
The TransferMgr Utility 194
Using the TransferMgr Command 194
TransferMgr Examples 197
The VlanMgr Utility 198
Using the VlanMgr Command 198
VlanMgr Output 201
VlanMgr Examples 201
The ImportResources Utility 202
Using the ImportResources Command 202
ImportResources Examples 203
Index 205
EPICenter Concepts and Solutions Guide 9
Preface
This preface provides an overview of this guide, describes guide conventions, and lists other useful
publications.
Introduction
This guide provides the required information to use the EPICenter software. It is intended for use by
network managers who are responsible for monitoring and managing Local Area Networks, and
assumes a basic working knowledge of:
• Local Area Networks (LANs)
• Ethernet concepts
• Ethernet switching and bridging concepts
• Routing concepts
• The Simple Network Management Protocol (SNMP)
NOTE
If the information in the Release Notes shipped with your software differs from the information in this
guide, follow the Release Note.
Terminology
When features, functionality, or operation is specific to the Summit, Alpine, or BlackDiamond switch
family, the family name is used. Explanations about features and operations that are the same across all
Extreme switch product families simply refer to the product as the “Extreme device” or “Extreme
switch.” Explanations about features that are the same for all devices managed by EPICenter (both
Extreme devices and others) are simply refer to “devices.”
10 EPICenter Concepts and Solutions Guide
Preface
Conventions
Table 1 and Table 2 list conventions that are used throughout this guide.
.
Table 1: Notice Icons
Icon Notice Type Alerts you to...
Note Important features or instructions.
Caution Risk of unintended consequences or recoverable loss of data.
Warning Risk of permanent loss of data.
Table 2: Te x t C on v ent ion s
Convention Description
Screen displays This typeface represents information as it appears on the screen.
Screen displays
bold
This typeface indicates how you would type a particular command.
The words “enter”
and “type”
When you see the word “enter” in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says “type.”
[Key] names Key names appear in text in one of two ways. They may be
• referred to by their labels, such as “the Return key” or “the Escape key.”
• written with brackets, such as [Return] or [Esc].
If you must press two or more keys simultaneously, the key names are linked with a
plus sign (+). For example:
Press [Ctrl]+[Alt]+[Del].
Words in bold type Bold text indicates a button or field name.
Words in italicized type Italics emphasize a point or denote new terms at the place where th ey are defined in
the text.
Related Publications
EPICenter Concepts and Solutions Guide 11
Related Publications
The EPICenter documentation set includes the following:
• EPICenter Reference Guide
• EPICenter Concepts and Solutions Guide (this guide)
• EPICenter Installation and Upgrade Note
• EPICenter Release Notes
• EPICenter License Agreement
Both the EPICenter Reference Guide and the EPICenter Concepts and Solutions Guide can be found online in
Adobe Acrobat PDF format in the
docs subdirectory of the EPICenter installation directory. They are also
available in a Microsoft Windows environment from the EPICenter Start menu.
You must have Adobe Acrobat Reader version 4.0 or later (available from http://www.adobe.com free of
charge) to view these manuals.
The EPICenter software also includes context-sensitive online Help, available from the Help menu in each
EPICenter applet, as well as through Help buttons in most windows and dialogs throughout the software.
Other manuals that you will find useful are:
• ExtremeWare Software User Guide
• ExtremeWare Command Reference Guide
• ExtremeWare XOS Concepts Guide
• ExtremeWare XOS Command Reference Guide
For documentation on Extreme Networks products, and for general information about Extreme Networks,
see the Extreme Networks home page:
• http://www.extremenetworks.com
Customers with a support contract can access the Technical Support pages at:
• http://www.extremenetworks.com/services/eSupport.asp
The technical support pages provide the latest information on Extreme Networks software products,
including the latest Release Notes, information on known problems, downloadable updates or patches
as appropriate, and other useful information and resources.
Customers without contracts can access manuals at:
• http://www.extremenetworks.com/services/documentation/
12 EPICenter Concepts and Solutions Guide
Preface
EPICenter Concepts and Solutions Guide 13
1 EPICenter Overview
This chapter describes:
• The features of the EPICenter
™
software
• The EPICenter software components
Introduction
Today's corporate networks commonly encompass hundreds or thousands of systems, including
individual end user systems, servers, network devices such as printers, and internetworking systems.
Extreme Networks
™
recognizes that network managers have different needs, and delivers a suite of
ExtremeWare
™
management tools to meet those needs.
EPICenter is a powerful yet easy-to-use application suite that facilitates the management of a network
of Summit
™
, BlackDiamond™, and Alpine™ switches, as well as selected third-party switches. EPICenter
makes it easier to perform configuration and status monitoring, create virtual LANs (VLANs), and
implement policy-based networking in enterprise LANs with Extreme Networks switches. EPICenter
offers a comprehensive set of network management tools that are easy to use from a client workstation
running EPICenter client software, or from a workstation configured with a web browser and the Java
plug-in.
EPICenter leverages the three-tier client/server architecture framework represented by Java applets, and
can be accessed using Microsoft Internet Explorer or with Sun’s Java Plug-in. The EPICenter application
and database support two of the most popular operating environments in the marketplace, Microsoft
Windows 2000/XP and Sun Microsystems’ Solaris.
EPICenter Features
In large corporate networks, network managers need to manage systems “end to end.” The EPICenter
software is a powerful, flexible and easy-to-use application for centralizing the management of a
network of Extreme switches and selected third-party devices, regardless of the network size. The
EPICenter software provides the vital SNMP, HTML, and CLI-based tools you need for network-wide
management of Extreme Networks Summit, Black Diamond, and Alpine switches.
• Network Control. The EPICenter software provides configuration and monitoring of Extreme
Networks' switches and selected third-party devices anywhere on the network simultaneously.
14 EPICenter Concepts and Solutions Guide
EPICenter Overview
• Intelligent Management. Extreme SmartTraps™ (patent pending) automatically gather switch
configuration changes and forward them to the EPICenter server, thereby minimizing network
management traffic. EPICenter separates its SNMP status polling, used to asses a device’s
connectivity, from its less frequent and more data-intensive detailed polling.
• Hierarchical Displays. Most information, including that found in EPICenter topology maps, VLAN
management, configuration management, and real-time statistics, is dynamically presented in an
easy-to-navigate hierarchical tree.
• Multi-platform capability. The EPICenter server supports Sun SPARC/Solaris and Intel, Windows
2000, and Windows XP. Client applications on either of these platforms can connect to servers on
either platform.
• Support for multiple users with security. Users must log in to the application, and can be granted
different levels of access to the application features based on their assigned role. Three basic predefined
roles are provided, and additional user roles can be created. Telnet and SSH access to Extreme
Networks switches can also be controlled based on the user identity.
• Installed or web-based clients. The EPICenter software gives you a choice of installing full-function
client software, or connecting to the EPICenter server through a web-browser-based client, available on
Windows client machines. The browser-based client provides slightly limited functionality due to the
constraints of the browser environment.
• Monitor wireless Access Points and wireless clients. Through EPICenter’s dynamic reports you can
monitor the status of the Altitude 300 APs connected to your network and monitor wireless client
activity connected through those APs. You can also detect rogue APs connected to the network, and
add them to a “safe” list, or disable their access if necessary.
• Manage large numbers of devices. The EPICenter Gold Upgrade enables the EPICenter server to
manage up to 2000 devices with a single installation of the EPICenter software. For even larger
networks you can split the management task among several EPICenter servers in a distributed server
mode that lets you monitor the status of those servers from a single client.
• Policy-based Management. The EPICenter Policy Manager Upgrade is an optional,
separately-licensed component of the EPICentersoftware that lets you work with high-level policy
components (users, desktop systems, groups of users, devices, or applications) in defining network
policies used to protect and guarantee delivery of mission-critical traffic. The policy system translates
these into the specific information needed for QoS configuration of network devices. It also detects
overlaps and conflicts in policies, with precedence rules for resolving conflicting QoS rules.
Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled
from a central interface, without exiting EPICenter to run a separate program or telnet session. Features
such as SmartTraps (for Extreme Networks devices) and the EPICenter alarm system further maximize
network monitoring capability while maintaining network usage efficiency.
All devices in the EPICenter inventory database—both Extreme Networks devices and third-party
devices—can also appear on a topology map. The EPICenter alarm system can handle SNMP traps from
any device in the inventory database, including RMON traps from devices with RMON enabled. The
Real-Time Statistics module can display statistics for any device with RMON enabled, and the IP/MAC
Finder applet supports all devices running MIB-2 and the Bridge MIB, with the exception of user
mapping, which is specific to Extreme devices.
You can organize your network resources into multiple, overlapping groups (including groups made up
of selected ports from multiple switches) that you can manage as a single entity. Device groupings can
be based on a variety of factors, such as physical location, logical grouping, devices that support SSH2,
and so on. Using device groups, you can search for individual IP addresses and identify their
connections into the network. You can monitor the status of your network devices visually through the
Inventory Manager or via a Topology map, or by setting alarms that will notify you about conditions or
EPICenter Features
EPICenter Concepts and Solutions Guide 15
events on your network devices. You can display an overview of the status of your network devices as a
hierarchical topology map.
Access to the features of EPICenter can be restricted based on user roles, so that users with certain roles
can have a combination of read-only access, read-write access, or no access to certain features within
EPICenter. Feature access can also be allowed or restricted on a server-wide basis, so that no users will
have access to selected features of the product.
The EPICenter features are described in somewhat more detail in the following sections. The rest of this
manual describes how to best use these features to manage various aspects of your network. For
detailed instructions on using specific features of EPICenter see the context-sensitive online Help
available via the Help menu at the top of every feature, as well as via Help buttons throughout the user
interface of the product. The EPICenter Reference Guide also provides a detailed description of the
functionality of each EPICenter feature.
Inventory Management
EPICenter’s Inventory Manager feature keeps a database of all the devices managed by the EPICenter
software. Any EPICenter user with read-only access to this feature can view status information about
the switches currently known to the EPICenter database.
The EPICenter Inventory Management provides a discovery function to discover the components of
your network. Users with the appropriate access (roles with read/write access) can use this feature to
discover Extreme Networks devices as well as any third-party devices running a MIB-2 compatible
SNMP agent. Devices may be discovered by specific IP address or within a range of IP addresses.
Third-party devices that support SNMP version 3 (SNMPv3) are discovered as SNMP version 1
(SNMPv1) and are added to the EPICenter database as SNMPv1 devices.
Network devices can also be added to the EPICenter database manually, using the Inventory Manager
Add function. Once a network device is known to the EPICenter database, you can assign it to a specific
device group, and configure it using the VLAN Manager, the Configuration Manager, Telnet macros, or
the embedded Device Manager (ExtremeWare Vista for Extreme devices). The Inventory Manger also
allows you to set a device to offline status so that EPICenter will not poll and can ignore traps when a
device is scheduled for maintenance.
EPICenter also provides a command-line utility that lets you create device groups and import large
numbers of devices into the inventory database through scripts, to streamline the process of adding and
organizing devices for management purposes. These utilities are described in the Appendix B
“EPICenter Utilities”.
The Inventory Manager displays detailed information about individual devices through a front panel
image that provides a visual device representation, with associated detailed configuration and status
information. Any EPICenter user can view status information about the network devices known to the
EPICenter database. Users with the appropriate access permissions can also view and modify
configuration information for those switches.
The Alarm System
The EPICenter Alarm System provides fault detection and alarm handling for the network devices
monitored by the EPICenter software. This includes Extreme devices and some third-party
devices—those that the EPICenter software can include in its Inventory database. The Alarm System
also lets you define your own alarms that will report errors under conditions you specify, such as
16 EPICenter Concepts and Solutions Guide
EPICenter Overview
repeated occurrences or exceeding threshold values. You can specify the actions that should be taken
when an alarm occurs, and you can enable and disable individual alarms.
Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The
Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure
alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs
you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script,
or a Telnet macro, sending a page, or sounding an audible alert.
The Configuration Manager and the Firmware Manager
The EPICenter Configuration Manager provides a mechanism and a graphical interface for uploading
and downloading configuration files to and from managed devices. The EPICenter Firmware Manager
can download ExtremeWare software images and BootROM images to Extreme Networks devices, or to
Extreme modules that include software.
The Configuration Manager provides a framework for storing the configuration files, to allow tracking
of multiple versions. Configuration file uploads can be performed on demand, or can be scheduled to
occur at regular times—once a day, once a week, or at whatever interval is appropriate.
The Firmware Manger can be configured to automatically track the firmware versions in Extreme
Networks devices, will indicate whether newer versions are available, and can automatically retrieve
those versions from Extreme Networks if desired.
The Grouping Manager
One of the powerful features of the EPICenter software is its ability to take actions on multiple devices
or resources with a single user action. The Grouping Manager facilitates this by letting you organize
various resources into hierarchical groups, which can then be referenced in other applets. You can then
take actions on a group, rather than having to specify the individual devices or ports that you want to
affect.
You can also create or import named resources such as users and workstations, which can be mapped
through the Grouping Manager to IP addresses and ports. This capability is especially important in
relationship to the optional Policy Manager applet, which takes advantage of these types of resources to
simplify the creation of QoS and Access List policies.
The IP/MAC Address Finder
The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP
addresses) and identify the Extreme Networks switch and port on which the address resides. You can
also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. If you have
enabled EPICenter’s periodic MAC Address polling, which does polls for edge port address
information, you can perform a fast address search by just searching the EPICenter database for this
information. ALternatively you can direct EPICenter to search the FDBs of specific Extreme Networks
switches. You can export the results of your search to a file, either on the server or on your local (client)
system.
The Telnet Feature
The Telnet feature provides two ways to interact with devices via Telnet: either by running an
interactive telnet session on a selected device, or by creating Telnet macros (scripts of CLI commands)
that can be executed on multiple devices in one operation, and can be executed repeatedly. Results of
EPICenter Features
EPICenter Concepts and Solutions Guide 17
the most recent macro run on each device are saved into log files, and can be viewed from within the
Telnet applet.
Saved telnet macros can also be run from outside the Telnet applet, through the Tools menu or from the
right-click pop-up menus that are available in most EPICenter features. When a macro is created, the
administrator can define both an execution context—whether the macro should be available to be run
on all devices in a device group, or only individual devices or individual ports— and can allow these
macros to be run by users with specific roles.
You can use the interactive Telnet capability (but not telnet macros) to view and modify configuration
information for some Cisco and 3COM devices as well as for Extreme Networks devices.
Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software provides a graphical presentation of
utilization and error statistics for Extreme switches in real time. The data is taken from Management
Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. You
can choose from a variety of styles of charts and graphs as well as a tabular display.
You can view data for multiple ports on a device, device slot, or within a port group, optionally limiting
the display to the “top N” ports (where N is a number you can configure). You can also view limited
historical statistics for an individual port. If you choose to view a single port, the display shows the
value of the selected variable(s) over time, and can show utilization history, total errors history, or a
breakdown of individual errors.
In addition, the Real-Time Statistics applet lets you “snapshot” a graph or table as a separate browser
page. You can then save, print, or e-mail the page.
To p o l o g y Vi e w s
The EPICenter software’s Topology feature allows you to view your network (EPICenter-managed
devices and the links between Extreme Networks devices) as a set of maps. These maps can be
organized as a tree of submaps that allow you to represent your network as a hierarchical system of
campuses, buildings, floors, closets, or whatever logical groupings you want.
EPICenter can add device nodes to your topology map automatically as devices are added to EPICenter
software’s device inventory. The EPICenter software automatically detects and adds links that exist
between Extreme Networks devices, and organizes the device nodes into submaps as appropriate. The
links between devices provide information about the configuration and status of the links.
You can customize the resulting maps by creating submaps, moving map elements within or between
submaps, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and
customizing the look and labeling of the discovered nodes themselves. In addition, options are available
to organize and optimize the map layout to display very large numbers of devices with the minimum of
device and link overlap. You can place a background image behind your map—either one of the images
available with EPICenter, or one you provide yourself, such as a building or campus layout.
The Topology applet shows alarm status for individual devices, and propagates that information up the
map hierarchy so that from a higher-level map you can tell the what level of alarms have occurred for
devices in a submap. The Topology applet also provides information about the VLANs configured on
devices in a topology view. Using the Display VLANs feature, you can visually see which links and
devices are configured for a selected VLAN, or select a specific device or link to see what VLANs are
configured on that device. You can also configure a VLAN in a topology by adding ports or trunk links.
18 EPICenter Concepts and Solutions Guide
EPICenter Overview
Finally, from a managed device node on the map, you can invoke other EPICenter functions such as the
alarm browser, telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare Vista
for the selected device.
Enterprise-wide VLAN Management
A virtual LAN (VLAN) is a group of location- and topology-independent devices that communicate as
if they were on the same physical local area network (LAN).
The EPICenter VLAN Manager is an enterprise-wide application that manages many aspects of VLANs
on Extreme Network’s Summit, BlackDiamond, and Alpine switches. Any EPICenter user can view
status information about the VLANs known to EPICenter across the network. Users with the
appropriate access can create and delete VLANs, add and remove ports from existing VLANs, and
create and modify the protocol filters used to filter VLAN traffic. When creating or modifying a VLAN,
you can get EPICenter to determine whether there is connectivity between the devices you have
included in the VLAN, and if not, it can recommend what ports and devices you should add to achieve
connectivity.
The ESRP Manager
The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches
to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP
Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs.
You can view a summary status for all the ESRP-enabled VLANs being monitored by the EPICenter
software. You can also view detailed information for an individual ESRP-enabled VLAN and the
switches in those VLANs.
The STP Monitor
The EPICenter Spanning Tree Protocol (STP) Monitor module displays information about STP domains
network-wide at the domain, VLAN, device, and port levels. The STP Monitor can monitor STP
domains configured on devices running ExtremeWare 6.2.2 or later. Earlier versions of ExtremeWare
supported the Spanning Tree protocol, but STP information via SNMP (required for EPICenter) is
available only with ExtremeWare version 6.2.2 or later.
EPICenter Reports
EPICenter Reports are HTML pages that can be accessed separately from the main EPICenter user
interface, without logging in to the full EPICenter client. EPICenter reports do not require Java, so
reports can be loaded quickly, even over a dial-up connection, and can be viewed on systems that
cannot run the browser-based or installed EPICenter clients. Reports can be printed using the browser
print function.
The Reports capability provides a large number of predefined HTML reports that present a variety of
types of information from the EPICenter database. You can also create your own reports by writing Tcl
scripts. Further, within the Reports Module are several useful tools such as a MIB Browser and other
tools that can provide EPICenter system information.
The Reports module can also be accessed from the Navigation toolbar within the EPICenter client
application. A Summary report is displayed on the EPICenter Home page that provides basic
information on the status of EPICenter devices and alarms. From this report you can access other more
detailed reports.
EPICenter Features
EPICenter Concepts and Solutions Guide 19
Role-based Access Management
All EPICenter users must log in with a user name and password in order to access EPICenter features.
EPICenter initially provides four user roles:
• Monitor role—users who can view status information only.
• Manager role—users who can modify device parameters as well as view status information.
• Administrator role—users who can create, modify and delete EPICenter user accounts as well as
perform all the functions of a user with Manager access.
• Disabled role—users whose account information is maintained, but who have no access to any
features of the product.
An Administrator user can create additional roles, can modify the capabilities available under each role,
and can add and delete EPICenter users, as well as enable or disable access for individual users.
Through the EPICenter Admin applet, EPICenter can be configured to act as a Remote Authentication
Dial In User Service (RADIUS) server. It can then be contacted by RADIUS clients (such as Extreme
Networks switches) to configure access permissions for Extreme switches, and to authenticate user
names and passwords. The use of EPICenter as a RADIUS server avoids the need to maintain user
names, passwords, and access permissions in each switch, and instead centralizes the configuration in
one location in EPICenter.
As an alternative, EPICenter can be configured as a RADIUS client, or RADIUS authentication
functionality can be disabled.
EPICenter Stand-alone Utilities
The EPICenter software provides a number of stand-alone utilities or scripts that streamline the process
of getting information into and out of the EPICenter database, or facilitate certain device
troubleshooting functions. These include the following:
• The DevCLI utility lets you add devices to and remove devices from the EPICenter inventory
database via command, and supports batch additions and deletions specified via a file.
• A set of Inventory Export scripts that enable you to export information from the EPICenter database
about the devices that are being managed. The information is provided in a format suitable for
import into other applications, such as a spreadsheet.
• The SNMPCLI utility provides SNMP Get, GetNext, and SNMP walk features that may be needed to
obtain device MIB information for troubleshooting.
• A set of utilities that provide a command line interface to several EPICenter software functions.
These include the AlarmMgr utility, FindAddr utility, TransferMgr utility, and VlanMgr utility. These
utilities enable you to perform certain EPICenter functions from the command line (or through a
script) rather than through the EPICenter graphical user interface. Results from the Alarm Manager
utility and the Find Address utility can be output to a file.
The EPICenter Policy Manager Upgrade
The EPICenter Policy Manager is a separately-licensed component of the EPICenter product family.
When a Policy Manager license is installed on the EPICenter server, the Policy and Voice over IP icons
icon appears in the Navigation Toolbar at the left of your browser window. When you purchase the
optional Policy Manager, you will receive a separate license key for that feature.
20 EPICenter Concepts and Solutions Guide
EPICenter Overview
The Policy Manager includes three modules:
• The Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme
Networks devices.
• The ACL Viewer, where you can view the access list and QoS rules generated by the Policy Manager
for the devices in your network.
• The Voice over IP Manager module, where you can configure quality of service parameters for
VLANs that are used to carry Voice over IP traffic. (This is a separate feature unrelated to the
features available for IP phone management available through EPICenter integration with the Avaya
Integrated Management software.
Distributed Server Mode (EPICenter Gold Upgrade)
To manage very large numbers of network devices, or devices that are geographically distributed, the
management task can be divided up between multiple EPICenter servers. Each server in the server
group is updated at regular intervals with network summary and status information from the other
servers in the group. From the EPICenter home page, a client attached to any one of the servers in the
server group can view summary status information from the other servers in the group in addition to
the standard Network Summary report. The EPICenter client also lets the user easily navigate between
the different servers in the group to see detailed management information about the devices managed
by those servers.
EPICenter Software Architecture
The EPICenter software is made up of three major functional components:
• The EPICenter Server, which is based on the Tomcat Java server. The server is responsible for
downloading applets, running servlets, managing security, and communicating with the database.
• A Relational Database Management System (RDBMS), Sybase Adaptive Server Anywhere, which is
used as both a persistent data store and a data cache.
• EPICenter client applications. This can be an installed client application that runs on a
Windows 2000, Windows XP, Windows 2003 Server, or a Solaris system.
On Windows systems, the client can also be a set of Java applets downloaded on demand from the
server into the Microsoft Internet Explorer 6.0 browser running the Java plug-in (version 1.4.2_05).
Extreme Networks Switch Management
EPICenter Concepts and Solutions Guide 21
Figure 1 illustrates the architecture of the EPICenter software.
Figure 1: EPICenter software architecture
Extreme Networks Switch Management
The EPICenter software primarily uses the Simple Network Management Protocol (SNMP) to monitor
and manage the devices in the network. The EPICenter server does an status poll, by default every five
minutes, of all the devices it is managing to determine if the devices are still accessible. It also does a
full detailed poll of each device at longer intervals. This interval for this less frequent detailed polling
can be adjusted on each individual device. The EPICenter software also gives you the ability to gather
device status at any time using the Sync feature in the Inventory Manager applet.
To avoid the overhead of frequent device polling, the EPICenter software also uses a mechanism called
SmartTraps to identify changes in Extreme Networks device configuration. In addition, standard SNMP
MIB-2 traps can be used to define alarms for a large variety of other conditions.
SNMP and MIBs
EPICenter uses SNMP whenever possible to obtain information about the devices it is managing, and to
implement the configuration changes made through EPICenter features.
Relational
database
XM_021
Extreme
device
Extreme
device
Third-party
device
Browser with Java plug-in
Windows client system
Server system
EPICenter applets
Installed client
Windows or Solaris client system
EPICenter applets
Browser
HTML reports
EPICenter server
TCP sockets
SNMP Telnet
Application objects
22 EPICenter Concepts and Solutions Guide
EPICenter Overview
The Remote Monitoring (RMON) MIB
EPICenter can use statistics gathered from the Remote Monitoring (RMON) MIB to provide utilization
statistics on a port-by-port basis, if RMON is supported and enabled on the Extreme Networks devices
EPICenter is managing. Utilization and error statistics can be displayed within the Real-Time Statistics
applet, which provides a number of chart, graph, and tabular display formats. RMON utilization
statistics can also be displayed as end-point annotations on the links between devices on a Topology
map. The EPICenter Alarm Manager also provides the ability to define threshold-based RMON rules for
generating trap events that can be used in EPICenter alarm definitions.
Traps and Smar t Traps
Fault detection is based on Simple Network Management Protocol (SNMP) traps, syslog messages, and
some limited polling. The Alarm System supports SNMP Management Information Base-2 (MIB-2), the
Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs.
The EPICenter software uses a mechanism called SmartTraps to identify changes in Extreme Networks
device configuration.
When an Extreme Networks switch is added to the EPICenter database, the EPICenter software creates
a set of SmartTraps rules that define the configuration change events that the EPICenter server needs to
know about. These rules are downloaded into the Extreme Networks switch, and the EPICenter server
is automatically registered as a trap receiver on the switch. Subsequently, whenever a status or
configuration change takes place, the ExtremeWare software in the switch uses the SmartTraps rules to
determine if the EPICenter server should be notified. These changes can be changes in device status,
such as fan failure or overheating, or configuration changes made on the switch through the
ExtremeWare CLI or ExtremeWare Vista.
For non-Extreme devices, EPICenter does not automatically register itself as a trap receiver; you must
manually configure those devices to send traps to EPICenter. See Appendix B in the EPICenter Reference
Guide for information on configuring devices to send traps to EPICenter.
Device Status Polling
EPICenter uses several types of polling to monitor the status of the devices it manages. Since device
polling adds a certain amount of traffic load to the network, EPICenter tries to minimize the amount of
polling that it does, and many aspects of its polling algorithms are configurable.
EPICenter polls for basic device status approximately every five minutes using SNMP. This poll interval
can be changed in the Administration applet under the Server Properties for SNMP. EPICenter also
polls periodically for detailed device status information. By default, this interval is 30 minutes for
Extreme Networks modular chassis switches, and 90 minutes for Extreme Networks stackable chassis
switches. The detailed polling interval can be set for individual devices through the Inventory Manager
feature. The detailed polling gets more complete information, still only polls for information that has
changed; a manual sync is required to retrieve all information about the device. A sync is performed
automatically whenever the EPICenter client is started.
Telnet Polling
When it is not possible to use SNMP to obtain information from Extreme Networks devices, EPICenter
will use Telnet polling instead. EPICenter uses Telnet polling to obtain MAC address information for
edge ports from a device Forwarding Database (FDB) and to obtain netlogin information. For some old
versions of ExtremeWare, ESRP information must be obtained via Telnet rather than SNMP. Telnet
polling is also used to obtain power supply IDs for Alpine devices.
Extreme Networks Switch Management
EPICenter Concepts and Solutions Guide 23
You can disable Telnet polling if necessary through the Server Properties for Devices in the Admin
applet. However, you will lose the ability to collect edge port information via FDB polling, as well as
netlogin information.
Edge Port Polling Using the MAC Address Poller
EPICenter can maintain information about the MAC and IP addresses detected on Extreme Networks
switch edge ports by polling the FDB tables of the Extreme switches it is managing. If MAC address
polling is enabled, EPICenter uses Telnet polling to retrieve FDB information at regular intervals based
on the settings of server properties in the Administration applet.
MAC address polling can be enabled or disabled globally. If enabled, it can then be disabled for
individual devices or for specific ports on devices.
EPICenter distinguishes edge ports from trunk ports based on whether the port is running the Extreme
Discovery Protocol (EDP). EPICenter assumes that ports that run EDP are trunk ports, and ports that do
not run EDP are edge ports. However, since non-Extreme devices do not run EDP, EPICenter may
mis-identify trunk ports to third party devices as edge ports. You can disable MAC address polling on
individual ports to prevent EPICenter from polling trunk ports for MAC addresses.
Syncing Device Status with the EPICenter Database
A user with an appropriate role (a role with read/write access to the Inventory Manager) can use the
Sync command from the Inventory Manager to update the device status in the EPICenter database
when the users believes that the device configuration or status is not correctly reported in EPICenter
applets. Sync causes EPICenter to poll the switch and update all configuration and status information
except for uploaded configuration files. During a Sync operation the SmartTraps rules are also reset in
case the user has accidentally deleted the trap receiver or any SmartTrap rules.
Extreme Networks Device Support
Extreme Networks devices running the ExtremeWare software version 2.0 or later, are supported by
most features in the EPICenter system, including the VLAN Manager and the graphical display features
of the Inventory Manager applet. Some features, such as ESRP, or the Policy Manager, require more
recent versions of the ExtremeWare software. See the EPICenter Release Note for specific information
about the hardware and software versions supported by this release of the EPICenter software.
Third-Party Device Support
Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory
manager, and saved in the Inventory database. All devices in the database can also appear on a
topology map. The EPICenter alarm system can handle SNMP traps from any device in the inventory
database, including RMON traps from devices with RMON enabled. The Real-Time Statistics module
can display statistics for any device with RMON enabled, the IP/MAC Finder applet supports all
devices running MIB-2 and the Bridge MIB, with the exception of user mapping, which is specific to
Extreme devices.
In the Telnet applet, you can use the Telnet feature with any device that supports a Telnet interface. In
the Inventory Manager, all Extreme devices and selected third-party devices (including certain Cisco
and 3COM devices) can display a device-specific front panel view, and a rear panel view if appropriate.
In addition, vendor-specific generic images are available for additional devices, such as Sun and Nortel,
and a standard generic image can be displayed for all other “unknown” MIB-2 compatible devices. New
24 EPICenter Concepts and Solutions Guide
EPICenter Overview
device images and configuration description files may be added over time—check the Extreme
Networks web site for information on new device support.
EPICenter also provides support for Avaya Voice network devices through an integration of EPICenter
and Avaya Integrated Management software that is co-resident on the same system.
EPICenter Concepts and Solutions Guide 25
2 Getting Started with EPICenter
This chapter covers how to use some of the basic features of the EPICenter system:
• Starting EPICenter.
• How to get Help.
• EPICenter User Roles.
• Creating the Device Inventory.
• Organizing your network elements using groups.
• Using the Alarm System.
• Organizing views of your network using the Topology function.
• Using Basic Reports.
Star ting EPICenter
The EPICenter software consists of a server component that runs on a Windows or Solaris server, and a
client component, that can be installed and run on separate Windows or Solaris systems.
Once the EPICenter server is running, multiple clients can connect to it. The EPICenter software
supports multiple administrator users, with different roles that determine the EPICenter functions each
user can perform.
This chapter assumes you have successfully installed (or upgraded to) the current EPICenter software
version—version 5.0 or later, and that the EPICenter server is running.
If you have not yet installed version 5.0, see the EPICenter Installation and Upgrade Note for instructions.
The Installation and Upgrade Note is included in the EPICenter product package along with the EPICenter
software CD, and is also available in Adobe PDF format on the CD, and from the Extreme Networks
web site.
Starting the EPICenter Server
The EPICenter Server consists of two components:
• The EPICenter Database Server
• The EPICenter Server
26 EPICenter Concepts and Solutions Guide
Getting Started with EPICenter
Both components must be running in order to run the EPICenter client applets.
In a Windows environment (Windows 2000, XP, or 2003 Server), the recommended (and default)
method of installing the EPICenter server components is as services. If you have installed the EPICenter
components as services, the two EPICenter Server components will start automatically when you boot
the server.
If you have not installed EPICenter as services, or if you have installed EPICenter in a Solaris
environment, you will need to start the EPICenter server manually.
Starting the EPICenter Server in a Windows Environment
If you installed EPICenter as a regular application rather than as services, you must start the server
from the Start menu:
1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 5.0 to
display the EPICenter menu.
2 Click Start EPICenter 5.0 Server. This runs
runserv.exe, a program that starts the two components
in the required order.
An MS-DOS window may very briefly appear as these processes are started.
Starting the EPICenter Server in a Solaris Environment
To start the EPICenter server as a daemon (recommended):
/etc/init.d/EPICenter start
To run the EPICenter Server as an application:
1 Set the current directory to the EPICenter install directory:
cd <install_dir>
<install_dir> is the directory (path) where you installed the EPICenter components. If you
installed in the default directory, the path is
/opt/extreme/epc5_0.
2 Execute
runserv to start the two EPICenter components in the required order.
runserv &
Starting the EPICenter Client
On Windows 2000, Windows XP, or Windows 2003 Server systems, the EPICenter software provides two
options for connecting to an EPICenter server from a client system:
• A stand-alone client application. This is the recommended client option.
• A browser-based client you can run from Microsoft Internet Explorer. This client provides slightly
limited functionality due to the constraints of the browser environment (for example, you cannot use
cut and paste, you cannot save Telnet macros you create, and you cannot use the configuration file
viewer or difference viewer).
On Solaris-based systems, only the stand-alone client is supported.
The stand-alone client is installed along with the EPICenter server on the system where the server
resides. The stand-alone client can also be installed by itself on any system you want to use as an
EPICenter client. See the EPICenter Installation and Upgrade Note for instructions on installing the client
on a system without the EPICenter server.
Starting EPICenter
EPICenter Concepts and Solutions Guide 27
For Windows 2000, Windows XP, or Windows 2003 Server, the browser-based client is a Java applet that
is downloaded from the EPICenter server when you run it, and requires the following software on the
client:
• Internet Explorer 6.0 with the Java Plug-in version 1.4.2_05 or later.
Starting the EPICenter Client in a Windows Environment
To start the EPICenter stand-alone client:
1 From the Start menu, highlight Programs, then Extreme Networks.
2 If you are running the client on the system where the EPICenter server is installed, select EPICenter
5.0, then select EPICenter 5.0 Client
If you are running the client on a system different from where the EPICenter server is installed, select
EPICenter 5.0 Client, then select Client Application.
The EPICenter Client Login window appears, as shown in Figure 3 on page 29.
To start the EPICenter client in a browser window:
1 Launch your web browser.
2 Enter the following URL:
http://<host>:<port>/
In the URL, replace <host> with the name of the system where the EPICenter server is running.
Replace
<port> with the TCP port number that you assigned to the EPICenter Web Server during
installation.
NOTE
If you configured your EPICenter server uses the default web server port, 80, you do not need to
include the port number.
The EPICenter browser-based client first presents a start-up page, as shown in Figure 2.
28 EPICenter Concepts and Solutions Guide
Getting Started with EPICenter
Figure 2: EPICenter Start-up page
3 In the left-hand column, click the Launch EPICenter link to display the EPICenter login page.
Starting the EPICenter Client in a Solaris Environment
To start the EPICenter client in a Solaris environment:
1 Set the current directory:
cd <install_dir>
<install_dir> is the directory (path) where you installed the EPICenter components. If you
installed in the default directory, the path is
/opt/extreme/epc5_0.
2 Execute the command
runclient
runclient &
Only the stand-alone client is supported in a Solaris environment.
The EPICenter Client Login Window
The EPICenter installed client starts by opening a Client Login window, as shown in Figure 3.
Starting EPICenter
EPICenter Concepts and Solutions Guide 29
Figure 3: EPICenter client Login window
The browser-based client also presents a login page, but as you have already provided the server host
name in the URL, the browser login window does not ask again for that information.
1 In the installed client login window, type or select in the Server Hostname field the name or IP
address of the EPICenter server you want to connect to. If you are running the client on a system
where an EPICenter server is installed, that server name will appear by default in the Server
Hostname field.
2 Type the HTTP port to use to connect to the server in the HTTP Port field. The default is port 8080.
The port must match the HTTP port configured for the EPICenter server.
3 For either the installed client or a browser-based client, type your EPICenter user name in the User
field.
• If you are the network administrator logging in to the EPICenter server for the first time since it
has been installed, use the name “admin.”
Once you have logged in you will be able to change the administrator password (strongly
recommended) and create additional user accounts.
• If you are a new user without your own account on the EPICenter server, type “user” as the User
Name. You will be able to view information in the various modules, but will not be able to
change any configurations.
4 Type your password in the Password field.
The default names (“user” and “admin”) initially have no password, so you can leave the password
field blank.
5 Click Login.
If you are using an evaluation copy of the EPICenter, a dialog box appears informing you that you
are using a limited-time license. Click OK to acknowledge this.
If you installed EPICenter in non-intrusive mode (so that EPICenter will not automatically be
registered as a trap receiver on Extreme Networks devices) a message appears reminding you that
30 EPICenter Concepts and Solutions Guide
Getting Started with EPICenter
you are running in non-intrusive mode. Click OK to dismiss this message. See the EPICenter
Installation and Upgrade Note for more information about non-intrusive mode.
If you enabled Automatic Information Updates when you installed EPICenter, you may be presented
with a message indicating that software updates are available. You can click Update Now (which
opens the Display Software Images Updates window) or Remind Me Later, which closes the
window.
The EPICenter Home page appears, displaying the Network Summary Report, as shown in Figure 4.
Figure 4: The EPICenter Home page.
See “The Network Status Summary Report Page” in Chapter 16 of the EPICenter Reference Guide for an
explanation of this report.
Getting Help
This guide provides an overview of the EPICenter software features with the goal of showing how you
can use EPICenter to simplify your network management tasks and help you solve problems with your
network or its devices. It does not provide a detailed explanation of how to use the features of the
software.
Loading...