DCNM Server
The DCNM Server menu includes the following submenus:
Starting, Restarting, and Stopping Services
By default, the ICMP connectivity between DCNM and its switches validates the connectivity during Performance Management. If you disable ICMP, Performance Management data will not be fetched from the switches. You can configure this parameter in the server properties. To disable ICMP connectivity check from Cisco DCNM Web UI, choose Administration > DCNM Server > Server Properties, and set skip.checkPingAndManageable parameter value to true.
To clean up the performance manager database (PM DB) stale entries, start, restart, or stop a service, from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Server Status. The Status window appears that displays the server details. |
Step 2 |
In the Actions column, click the action you want to perform. You can perform the following actions:
|
Step 3 |
View the status in the Status column. |
What to do next
See the latest status in the Status column.
From Cisco DCNM Release 11.4(1), you can see the status of the following services as well:
Note |
The following services are available for OVA/ISO deployments only. |
-
NTPD server: NTPD service running on DCNM OVA, the IP address, and the port to which the service is bound.
-
DHCP server: DHCP service running on DCNM OVA, the IP address, and the port to which the service is bound.
-
SNMP traps
-
Syslog Receiver
The DCNM servers for these services are as follows:
Service Name |
DCNM Server |
---|---|
NTPD Server |
0.0.0.0:123 |
DHCP Server |
0.0.0.0:67 |
SNMP Traps |
0.0.0.0:2162 |
Syslog Server |
0.0.0.0:514 |
Using the Commands Table
The commands table contains links to commands that launch new dialog boxes to provide information about the server status and server administrative utility scripts. You can execute these commands directly on the server CLI.
-
ifconfig: click this link to view information about interface parameters, IP address, and netmask used on the Cisco DCNM server.
-
appmgr status all: click this link to view the DCNM server administrative utility script that checks the status of different services currently running.
-
appmgr show vmware-info: click this link to view information about the CPU and Memory of Virtual Machine.
-
clock: click this link to view information about the server clock details such as time, zone information.
Note |
The commands section is applicable only for the OVA or ISO installations. |
Customization
From Cisco DCNM Release 11.3(1), you can modify the background image and message on the Web UI login page. This feature helps you to distinguish between the DCNM instances, when you have many instances running at the same time. You can also use a company-branded background on the login page. Click on Restore Defaults to reset the customizations to their original default values.
To remove the customizations and restore to the default values, click Restore defaults.
Login Image
This feature allows you to change the background image on the Cisco DCNM Web UI login page. If you have many instances of DCNM, this will help you identify the correct DCNM instance based on the background image.
To edit the default background image for your Cisco DCNM Web UI login page, perform the following steps:
-
Choose Administration > DCNM Server > Customization.
-
In the Login Image area, click Add (+) icon.
Browse for the image that you need to upload from your local directory. You can choose any of the following format images: JPG, GIF, PNG, and SVG.
-
Select the image and click Open.
A status message appears on the right-bottom corner.
Login image Upload Successful
Note
We recommend that you upload a scaled image for fast load times.
The uploaded image is selected and applied as the background image.
-
To choose an existing image as login image, select the image and wait until you see the message on the right-bottom corner.
-
To revert to the default login image, click Restore Defaults.
Message of the day (MOTD)
This feature allows you to add a message to the Cisco DCNM Web UI login page. You can a list of messages that will rotate on the configured frequency. This feature allows you to convey important messages to the user on the login page.
To add or edit the message of the day on the Cisco DCNM Web UI login page, perform the following steps:
-
Choose Administration > DCNM Server > Customization.
-
In the Message of the day (MOTD) field, enter the message that must appear on the login page.
-
Click Save.
Viewing Log Information
You can view the logs for performance manager, SME server, web reports, web server, and web services. These processes have no corresponding GUI that allows you to view information about these log files. If you see errors, preserve these files for viewing.
Beginning with Release 11.2(1), for DCNM OVA and DCNM ISO installations, all log files with .log extension are also listed.
Note |
Logs cannot be viewed from a remote server in a federation. |
To view the logs from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Logs. You see a tree-based list of logs in the left column. Under the tree, there is a node for every server in the federation. The log files are under the corresponding server node. |
||
Step 2 |
Click a log file under each node of the tree to view it on the right. |
||
Step 3 |
Double-click the tree node for each server to download a ZIP file containing log files from that server. |
||
Step 4 |
(Optional) Click Generate Techsupport to generate and download files required for technical support. This file contains more information in addition to log files.
|
||
Step 5 |
(Optional) Click the Print icon on the upper right corner to print the logs. |
Server Properties
You can set the parameters that are populated as default values in the DCNM server.
To set the parameters of the DCNM server from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Server Properties. |
Step 2 |
Click Apply Changes to save the server settings. |
Configuring SFTP/TFTP/SCP Credentials
A file server is required to collect device configuration and restoring configurations to the device.
To configure the SFTP/TFTP/SCP credentials for a file store from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Archive FTP Credentials. The Archive FTP Credentials window is displayed.
|
||
Step 2 |
In the Server Type field, use the radio button to select SFTP.
|
||
Step 3 |
In the Server Type field, use the radio button to select TFTP. Cisco DCNM uses a local TFTP server for data transfer. Ensure that there is no external TFTP server running on the DCNM server.
|
||
Step 4 |
In the Server Type field, use the radio button to select SCP.
|
||
Step 5 |
Choose Configuration > Templates > Templates Library > Jobs to view individual device verification status. The configurations that are backed up are removed from the file server and are stored in the file system. |
SFTP Directory Path
Use Case 1:
If Cisco DCNM is installed on Linux platforms, like OVA, ISO, or Linux, and the test folder is located at /test/sftp/, you must provide the entire path of the SFTP directory. In the SFTP Directory field, enter /test/sftp.
Use Case 2:
If Cisco DCNM is installed on the Windows platform, and the test folder is located at C://Users/test/sftp/, you must provide the relative path of the SFTP directory. In the SFTP Directory field, enter /.
For Example:
-
If the path in the external SFTP is C://Users/test/sftp/, then the Cisco DCNM SFTP Directory path must be /.
-
If the path in the external SFTP is C://Users/test, then the Cisco DCNM SFTP Directory path must be /sftp/.
Examples for SCP Directory Path
Use Case 1:
If Cisco DCNM is installed on Linux platforms, like OVA, ISO, or Linux, and the test folder is located at /test/scp/, you must provide the entire path of the SCP directory. In the SCP Directory field, enter /test/scp.
Use Case 2:
If Cisco DCNM is installed on the Windows platform, and the test folder is located at C://Users/test/scp/, you must provide the relative path of the SCP directory. In the SCP Directory field, enter /.
For Example:
-
If the path in the external SCP is C://Users/test/scp/, then the Cisco DCNM SCP directory path must be /.
-
If the path in the external SCP is C://Users/test, then the Cisco DCNM SCP directory path must be /scp/.
Modular Device Support
To support any new hardware that does not require many major changes, a patch can be delivered instead of waiting for the next DCNM release. Modular Device Support helps to deliver and apply the DCNM patch releases. An authorized DCNM administrator can apply the patch to the production setup. Patch releases are applicable for the following scenarios:
-
Support any new hardware, like chassis or line cards
-
Support latest NX-OS versions
-
Support critical fixes as patches
To view the patch details from Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Modular Device Support. You see the DCNM Servers column on the left in the window and Modular Device support information window on the right. |
Step 2 |
Expand DCNM Servers to view all the DCNM servers. It includes the list of patches installed along with the version number, corresponding platforms supported, chassis supported, NX-OS version supported, PID supported, backup directory and the last patch deployment time in the Modular Device support information table. |
What to do next
Managing Switch Groups
You can configure switch groups by using Cisco DCNM Web UI. You can add, delete, or move a switch to a group, or move switches from a group to another group.
Creating switch groups will help you to manage switches because they are grouped logically. For example, you can create host or flow policies for switches in a specific switch group instead of creating it for all the switches. Similarly, you can view the flow topology for a specific switch group containing switches.
The switch groups are listed under the SCOPE drop-down list at the top right part of windows under Media Controller.
Note |
The hostname of the switch should be unique across all the switch groups. You cannot have the same hostname and management IP address for two different switches in two switch groups. |
This section contains the following:
Adding Switch Groups
To add switch groups from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Switch Groups. |
||
Step 2 |
Click the Add icon. The Add Group window is displayed, that allows you to enter the name for the switch group. |
||
Step 3 |
Enter the name of the switch group and click Add to complete adding the switch group. The switch group name validation, and the maximum tree depth is 10. If you do not choose a parent group before adding a new switch group, the new group is added on the top of the hierarchy. Whenever you add a new switch group, the default policies are automatically created for this switch group.
|
Removing a Group or a Member of a Group
You can remove a group or a member of the group from the Cisco DCNM Web UI. When you remove a group, the ethernet switches of the deleted group are moved to the default LAN group. When you remove a member of a group, the member is moved to the default LAN group.
To remove a group or a member of a group from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose the switch group or members of a group that you want to remove. |
||
Step 2 |
Click the Remove icon. A dialog box prompts you to confirm the deletion of the switch group or the member of the group.
|
||
Step 3 |
Click Yes to delete or No to cancel the action.
|
Moving a Switch to Another Group
To move a switch to another group from the Cisco DCNM Web UI, perform the following steps:
Warning |
When the switches are moved from one group to another, all the existing media-controller config will be removed on those switches and new config associated with target group will be deployed. This operation may take time depending on the number of switches being moved and the amount of config that needs to be deployed. |
Procedure
Step 1 |
Select a switch. |
Step 2 |
Drag the highlighted switch to another group. To move multiple switches across different switch groups, use Ctrl key or Shift key. |
Native HA
Before you begin
Note |
Ensure that you clear your browser cache and cookies everytime after a Federation switchover or failover. |
Procedure
Step 1 |
By default, DCNM is bundled with an embedded database engine PostgreSQL. The native DCNM HA is achieved by two DCNMs running as Active / Warm Standby, with their embedded databases synchronized in real time. So once the active DCNM is down, the standby takes over with the same database data and resume the operation. The standby host database down scenario is documented after this procedure. |
Step 2 |
From the menu bar, choose Administration > DCNM Server > Native HA. You see the Native HA window. |
Step 3 |
You can allow manual failover of DCNM to the standby host by clicking the Failover button, and then click OK.
|
Step 4 |
You can allow manual syncing database and disk files to standby host by clicking Force Sync, and then click OK. |
Step 5 |
You can test or validate the HA setup by clicking Test and then click OK. |
What to do next
Some HA troubleshooting scenarios are noted in this sub section.
The standby host database is down: Typically, the DCNM database (PostgreSQL) is up on the active and standby hosts. In DCNM 10.1 and earlier versions, the standby database can be down due to a database synchronization failure.
-
Enter “ps -ef | grep post”. You should see multiple postgres processes running. If not, it indicates that the database is down.
-
Restore database data from a backup file that is created at the beginning of database synchronization. Change directory to “/usr/local/cisco/dcm/db”
-
Check existence of file replication/ pgsql-standby-backup.tgz. If the file exists, restore database data files:
rm -rf data/* tar -zxf replication/ pgsql-standby-backup.tgz data /etc/init.d/postgresql-9.4 start ps -ef | grep post
The active DCNM host will synchronize the two databases.
The TFTP server is not bound to the eth1 VIP address on the active host: The TFTP server should run on the active host (not on the standby host), and it should be bound to the eth1 VIP address. In some setups, the bind address is not the VIP address, as per the TFTP configuration file, and this could cause issues when switches try to use TFTP.
-
Enter “grep bind /etc/xinetd.d/tftp” to check if the TFTP configuration file has the right bind address. If the displayed IP address is not the eth1 VIP address, then change the bind address to the VIP address. Repeat the procedure for the standby host. Update the bind address to the VIP address.
-
Enter " " /etc/init.d/xinetd restart” on the active host to restart TFTP.
Note |
The TFTP server can be started or stopped with the “appmgr start/stop ha-apps” command. |
Multi Site Manager
Procedure
Step 1 |
Multi-Site-Manager (MsM) provides a single pane for users to search for switches that are managed by DCNM globally. MSM can do realtime search to find out which switch globally handles the traffic for a given virtual machine based on IP address, name or mac address, and supporting VXLAN basing on segment ID as well. It provides hyperlink to launch the switch only. This window also plays the role of remote site registration. The registration only allows the current DCNM server to access the remote DCNM server or site. For the remote site to access the current DCNM server, registration is required on the remote site as well. |
Step 2 |
Choose Administration > DCNM Server > Multi Site Manager. The MsM window displays the overall health or status of the remote site and the application health. |
Step 3 |
You can search by Switch, VM IP, VM Name, MAC, and Segment ID. |
Step 4 |
You can add a new DCNM server by clicking +Add DCNM Server. The Enter Remote DCNM Server Information window opens. Fill in the information that is required and click OK to save. |
Step 5 |
Click Refresh All Sites to display the updated information. |
NX-API Certificate Management for Switches
Cisco NX-OS switches require an SSL certificate to function in NX-API HTTPS mode. You can generate the SSL certificates and get it signed by your CA. You can install the certificates manually using CLI commands on switch console.
From Release 11.4(1), Cisco DCNM provides a Web UI framework to upload NX-API certificates to DCNM. Later, you can install the certificates on the switches that are managed by DCNM.
This feature is supported only on Cisco DCNM OVA/ISO deployments.
Note |
This feature is supported on switches running on Cisco NXOS version 9.2(3) or higher. |
For each switch, the data center administrator generates an ASCII (base64) encoded certificate. This certificate comprises two files:
-
.key file that contains the private key
-
.crt/.cer/.pem file that contains the certificate
Cisco DCNM also supports a single certificate file that contains an embedded key file, that is, .crt/.cer/.pem file can also contain the contents of .key file.
DCNM doesn’t support binary encoded certificates, that is, the certificates with .der extension are not supported. You can protect the key file with a password for encryption. Cisco DCNM does not mandate encryption; however, as this is stored on DCNM, we recommend that you encrypt the key file. DCNM supports AES encryption.
You can either choose CA-signed certificates or self-signed certificates. Cisco DCNM does not mandate the signing; however, the security guidelines suggest you use CA-signed certificates.
You can generate multiple certificates meant for multiple switches, to upload to DCNM. Ensure that you name the certificates appropriately, to help you choose the switch meant for that certificate.
You can upload one certificate and corresponding key file, or bulk upload multiple certificates and key files. After the upload is complete, you can view the upload list before installing these on the switches. If a certificate file that contains an embedded key file is uploaded, DCNM derives the key automatically.
Certificate and the key file must have the same filename. For example, if a certificate filename is mycert.pem, the key filename must be mycert.key. If the certificate and key pair filenames are not the same, then DCNM will not be able to install the certificate on the switch.
Cisco DCNM allows you to bulk install the certificates to the switches. Because bulk installation uses the same password, all encrypted keys must be encrypted with the same password. If the password is different for a key, you cannot install the certificate in bulk mode. Bulk mode installation allows you to install encrypted and unencrypted keys certificates together, but all encrypted keys must have the same password.
When you install a new certificate on the switch, it replaces the existing certificate and replaces it with the new certificate.
You can install the same certificate on multiple switches; however, you cannot use the bulk upload feature.
Note |
DCNM doesn’t enforce the validity of certificates or options provided in it. It is up to you and the requirements on the switch to follow the convention. For example, if a certificate is generated for Switch-1 but it is installed on Switch-2, DCNM doesn’t enforce it; switches may choose to accept or reject a certificate based on the parameters in the certificate. |
On Cisco DCNM Web UI > Administration > DCNM Server > NX API Certificates, the following tables are displayed:
-
Certificate Installation Status table: Displays the status of certificates last installed on the switches. It also displays the time when the certificates were updated previously.
-
Certificates Uploaded to DCNM table: Displays the certificates uploaded on DCNM and any switch association.
However, refer to the Certificate Installation Status table to see the certificate and switch association. Upload table is only meant for uploading certificates on DCNM and installing on the switches.
You can also watch the video that demonstrates how to use Switch NX-API SSL Certificate Management feature. See Video: Switch NX-API SSL Certificate Management.
Uploading the certificates on DCNM
To upload the certificates onto DCNM using the Cisco DCNM Web Client UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > NX API Certificates. |
Step 2 |
In the Certificates Uploaded to DCNM area, click Upload Certificates to upload the appropriate license file. |
Step 3 |
Browse your local directory and choose the certificate key pair that you must upload to DCNM. You can choose certificates with extension .cer/.crt/.pem + .key file separately. Cisco DCNM also allows you to upload a single certificate file that contains an embedded key file. The key file is automatically derived after upload. |
Step 4 |
Click Open to upload the selected files to DCNM. A successful upload message appears. The uploaded certificates are listed in the Certificates Uploaded to DCNM area. In the Certificate Installation Status area, the certificate appears, with Status as UPLOADED. If the certificate is uploaded without the key file, the status shows KEY_MISSING. |
Installing Certificates on Switches
To install certificates on the switches using Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > NX API Certificates. |
Step 2 |
In the Certificate Installation Status area, for each certificate, click on the Switch column. |
Step 3 |
From the drop-down list, select the switch to associate with the certificate. Click Save. |
Step 4 |
Select the certificate that you need to install and click Install Certificates on Switch. You can select multiple certificates to perform a bulk install. |
Step 5 |
In the Bulk Certificate Install window, upload the certificates to DCNM. Perform the following steps: You can install a maximum of 20 certificates at the same instance, using the Bulk Install feature. In the Certificate Installation Status area, the Status of certificate now shows INSTALLED. |
Unlinking and Deleting certificates
After the certificates are installed on the switch, DCNM cannot uninstall the certificate from DCNM. However, you can always install a new certificate on the switch. The certificates that are not installed on the switches can be deleted. To delete the certificate installed on the switch, you must unlink the certificate from the switch, and then delete it from DCNM.
Note |
Unlinking the certificate from the switch does not delete the certificate on the switch. The certificate still exists on the switch. Cisco DCNM cannot delete the certificate on the Switch. |
To delete certificates from DCNM repository, using the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > NX API Certificates. |
Step 2 |
In the Certificate Installation Status area, select the certificate(s) that you need to delete. |
Step 3 |
Click Clear Certificates. A confirmation message appears. |
Step 4 |
Click OK to clear the selected certificates. The status column shows UPLOADED. The Switch column shows NOT_INSTALLED. |
Step 5 |
Select the certificate and click Clear Certificates. The Certificate is removed from the Certificate Installation Status table. |
Step 6 |
In the Certificates Uploaded to DCNM area, select the certificate that is now unlinked from the Switch. Click Delete Certificates. The certificate is deleted from DCNM. |
Troubleshooting NX API Certificate Management
While installing a certificate, you can encounter errors. The following sections provide information about troubleshooting the NX-API Certificate Management for switches.
COPY_INSTALL_ERROR
Problem Statement: Error message COPY_INSTALL_ERROR
Reason Cisco DCNM cannot reach the switch.
Solution:
-
Verify if the switch is reachable from Cisco DCNM. You can perform an SSH login and ping the switch to verify.
-
Switch connects to DCNM through it’s management interface. Verify if you can ping DCNM from the Switch console. If the switch requires VRF, very if the correct vrf is provided.
-
If the certificate private key is encrypted, ensure that you provide the correct password.
-
Verify is the correct key file is uploaded with the certificate. Ensure that the certificate file and the key file have the same filename.
CERT_KEY_NOT_FOUND
Problem Statement: Error message CERT_KEY_NOT_FOUND
Reason: Key file was not uploaded while uploading the certificate (.cer, .crt, .pem).
Solution:
-
Ensure that the certificate (.cer, .crt, or .pem) file and its corresponding .key file has the same filename
For example: If the certificate file name is mycert.crt, the key file must be mycert.key.
-
DCNM identifies key file with certificate file name, and therefore, it is necessary to have the key file with same filename.
-
Upload the certificate and key file with same filename, and install the certificate.
Backing up DCNM
From Cisco DCNM, Release 11.5(1), you can trigger scheduled DCNM backups from the Cisco DCNM Web UI. When you trigger a backup from the Web UI, the appmgr backup command is run. You can see the following information under the Server Backup Jobs tab in the Backup window.
Parameters |
Description |
||
---|---|---|---|
Node |
Specifies if the backup is active or standby. For standalone nodes, it will appear as a localpath.
|
||
Schedule |
Specifies when the scheduled backup is triggered. |
||
Local Path |
Specifies the local path, where the backup is stored. |
||
Remote Destination |
Specifies the username, host IP, and the remote destination, where the backup is stored. It is empty if you do not save the backup in a remote location.
|
||
Log Path |
Specifies the path where the log entries are stored. You can use this information to troubleshoot any issues. |
||
Saved Backups |
Specifies the number of versions of a backup. The default value is 5. |
You can perform the following actions in the Backup window:
Creating a Backup
To create a backup from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Backup. The Backup window appears, which has all the information under the Server Backup Schedules area. |
||||||||||||||
Step 2 |
Click Add. The Create Backup Schedule dialog box appears. |
||||||||||||||
Step 3 |
Choose the time using the Start At drop-down list under the Schedule area. |
||||||||||||||
Step 4 |
Choose the frequency of the backup. The valid options are:
|
||||||||||||||
Step 5 |
Enter the number of backups you want to save in the Max # of Saved Backups field under the Destination area. You can save upto 10 backups and the default value is 5. |
||||||||||||||
Step 6 |
(Optional) Check the Remote Destination check box to save the backup in a remote location. The following fields will be available after you check the Remote Destination check box.
|
||||||||||||||
Step 7 |
Click Create. The Backup window is populated even when you run the appmgr backup command using the CLI. You can also view the backups, which you scheduled from the Web UI, in the CLI using the appmgr backup schedule show command. |
Modifying a Backup
To modify a backup from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Backup. The Backup window appears, which has all the information under the Server Backup Schedules area. |
Step 2 |
Click Modify. The Modify Backup Schedule dialog box appears. |
Step 3 |
Make the necessary changes. |
Step 4 |
Click Modify. |
Deleting a Backup
To delete a backup from the Cisco DCNM Web UI, perform the following steps:
Procedure
Step 1 |
Choose Administration > DCNM Server > Backup. The Backup window appears, which has all the information under the Server Backup Schedules area. |
||
Step 2 |
Click Delete. The confirmation dialog box appears. |
||
Step 3 |
Click Yes.
|
Job Execution Details
You can see the following information under the Job Execution Details tab in the Backup window.
Parameters |
Description |
---|---|
Node |
Specifies if the node is active or standby. For standalone nodes, it will appear as a local node. |
Backup File |
Specifies the path, where the backup is stored. |
Start Time |
Specifies the time when the backup process started. |
End Time |
Specifies the time when the backup process ended. |
Log File |
Specifies the path where the log entries are stored. You can use this information to troubleshoot any issues. |
Status |
Specifies if the backup was a success or failed. |
Error Message |
Specifies error messages, if any, that appeared during the backup. |