User Guide for Cisco Network RegistrarSoftware Release 7.2April 2011

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-20606-01

http://www.cisco.com

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

User Guide for Cisco Network Registrar, 7.2Copyright 1995 2011 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

OL-20606-01

C O N T E N T S

Preface xxvii

Who Should Read This Guide xxvii

How This Guide Is Organized xxviiPart 1Getting Started xxviiPart 2Local and Regional Administration xxviiiPart 3Address Management xxviiiPart 4Domain and Zone Administration xxviiiPart 5Dynamic Host Administration xxixPart 6Virtual Appliance xxxPart 7Appendixes, Glossary, and Index xxx

Document Conventions xxxFormatting xxxNavigation and Screens xxxiCallouts xxxi

Product Documentation xxxii

Obtaining Documentation and Submitting a Service Request xxxiii

P A R T 1 Getting Started

C H A P T E R 1 Cisco Network Registrar Components 1-1

Management Components 1-1

Trivial File Transfer 1-2Viewing and Editing the TFTP Server 1-2Managing the TFTP Server Network Interfaces 1-3

Simple Network Management 1-3Setting Up the SNMP Server 1-5How Notification Works 1-6Handling SNMP Notification Events 1-7

Server Up/Down Traps 1-10Handling SNMP Queries 1-11

Default Ports for Cisco Network Registrar Services 1-12

C H A P T E R 2 Cisco Network Registrar User Interfaces 2-1

Introduction to the Web-Based User Interfaces 2-1

iiiUser Guide for Cisco Network Registrar, 7.2

Contents

Supported Web Browsers 2-2Access Security 2-2Logging In to the Web UIs 2-2Multiple Users 2-4Changing Passwords 2-4Navigating the Web UIs 2-4Waiting for Page Resolution Before Proceeding 2-5Committing Changes in the Web UIs 2-5Role and Attribute Visibility Settings 2-5Displaying and Modifying Attributes 2-5

Grouping and Sorting Attributes 2-6Modifying Attributes 2-6Displaying Attribute Help 2-7

Help Pages 2-7Logging Out 2-7

Local Cluster Web UI 2-7Local Basic Main Menu Page 2-8Local Advanced Main Menu Page 2-9Setting Local User Preferences 2-10Configuring Clusters in the Local Web UI 2-11

Regional Cluster Web UI 2-11

Command Line Interface 2-12

Central Configuration Management Server 2-13

C H A P T E R 3 Server Status Dashboard 3-1

Opening the Dashboard 3-1

Display Types 3-2Tables 3-3Line Charts 3-4Stacked Area Charts 3-5Other Chart Types 3-6Getting Help for the Dashboard Elements 3-7

Customizing the Display 3-7

Selecting Dashboard Elements to Include 3-8Configuring Server Chart Types 3-9

Host Metrics 3-10System Metrics 3-10JVM Memory Utilization 3-11

ivUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

DHCP Metrics 3-11DHCP Server Request Activity 3-12DHCP Server Response Activity 3-12DHCP Buffer Capacity 3-13DHCP Response Latency 3-13DHCP DNS Updates 3-14DHCP Address Current Utilization 3-15DHCP Failover Status 3-16DHCP General Indicators 3-16

DNS Metrics 3-17DNS Attack Detector 3-18DNS Query Responses 3-18DNS Forwarding Errors 3-19DNS Outbound Zone Transfers 3-19DNS Inbound Zone Transfers 3-20DNS Network Errors 3-21DNS Related Servers Errors 3-21DNS General Indicators 3-22

C H A P T E R 4 Deploying Cisco Network Registrar 4-1

Target Users 4-1

Regional and Local Clusters 4-2

Deployment Scenarios 4-3Small-to-Medium-Size LANs 4-3Large Enterprise and Service Provider Networks 4-4

Configuration and Performance Guidelines 4-6General Configuration Guidelines 4-6Special Configuration Cases 4-7

Interoperability with Earlier Releases 4-7

P A R T 2 Local and Regional Administration

C H A P T E R 5 Configuring Administrators 5-1

Administrators, Groups, Roles, and Tenants 5-1How Administrators Relate to Groups, Roles, and Tenants 5-2Administrator Types 5-2Roles, Subroles, and Constraints 5-3Groups 5-5Managing Administrators 5-6

vUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Managing Passwords 5-7Managing Groups 5-7Managing Roles 5-8Managing Tenants 5-9

Adding a Tenant 5-10Editing a Tenant 5-10Managing Tenant Data 5-11Assigning a Local Cluster to a Single Tenant 5-12Pushing and Pulling Tenant Data 5-12Assigning Tenants When Using External Authentication 5-13Using cnr_exim With Tenant Data 5-13

External Authentication Servers 5-14Configuring an External Authentication Server 5-15

Adding an External Configuration Server 5-15Deleting an External Authentication Server 5-16

Granular Administration 5-16Scope-Level Constraints 5-17Prefix-Level Constraints 5-18Link-Level Constraints 5-20

Licensing 5-20

Centrally Managing Administrators 5-21Pushing and Pulling Administrators 5-22

Pushing Administrators to Local Clusters 5-22Pushing Administrators Automatically to Local Clusters 5-23Pulling Administrators from the Replica Database 5-24

Pushing and Pulling External Authentication Servers 5-25Pushing External Authentication Servers 5-25Pulling External Authentication Servers 5-25

Pushing and Pulling Groups 5-26Pushing Groups to Local Clusters 5-26Pulling Groups from the Replica Database 5-27

Pushing and Pulling Roles 5-28Pushing Roles to Local Clusters 5-28Pulling Roles from the Replica Database 5-29

Pushing and Pulling Tenants 5-30Pushing Tenants to Local Clusters 5-30Pulling Tenants from the Replica Database 5-30

Local Cluster Management Tutorial 5-31Administrator Responsibilities and Tasks 5-31

viUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Create the Administrators 5-32Create the Address Infrastructure 5-33Create the Zone Infrastructure 5-33

Create the Forward Zones 5-34Create the Reverse Zones 5-34Create the Initial Hosts 5-35

Create a Host Administrator Role with Constraints 5-35Create a Group to Assign to the Host Administrator 5-37Test the Host Address Range 5-37

Regional Cluster Management Tutorial 5-38Administrator Responsibilities and Tasks 5-38Create the Regional Cluster Administrator 5-39Create the Central Configuration Administrator 5-39Create the Local Clusters 5-40Add a Router and Modify an Interface 5-41Add Zone Management to the Configuration Administrator 5-42Create a Zone for the Local Cluster 5-42Pull Zone Data and Create a Zone Distribution 5-43Create a Subnet and Pull Address Space 5-44Push a DHCP Policy 5-44Create a Scope Template 5-45Create and Synchronize the Failover Pair 5-45

C H A P T E R 6 Managing the Central Configuration 6-1

Central Configuration Tasks 6-1

Configuring Server Clusters 6-2Adding Local Clusters 6-2Editing Local Clusters 6-3Listing Related Servers for DHCP, DNS, and TCP Listener Servers 6-4Connecting to Local Clusters 6-9Synchronizing with Local Clusters 6-9Replicating Local Cluster Data 6-9Viewing Replica Data 6-10Deactivating, Reactivating, and Recovering Data for Clusters 6-11Polling Subnet Utilization and Lease History Data 6-12

Polling Process 6-12Adjusting the Polling Intervals 6-12

Enabling Subnet Utilization Collection 6-13Enabling Lease History Collection 6-14

viiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Managing DHCP Scope Templates 6-15Pushing Scope Templates to Local Clusters 6-15Pulling Scope Templates from Replica Data 6-16

Managing DHCP Policies 6-16Pushing Policies to Local Clusters 6-17Pulling Policies from Replica Data 6-17

Managing DHCP Client-Classes 6-18Pushing Client-Classes to Local Clusters 6-18Pulling Client-Classes from Replica Data 6-19

Managing Virtual Private Networks 6-19Pushing VPNs to Local Clusters 6-20Pulling VPNs from Replica Data 6-20

Managing DHCP Failover Pairs 6-21

Managing Lease Reservations 6-21DHCPv4 Reservations 6-22DHCPv6 Reservations 6-22

C H A P T E R 7 Maintaining Servers and Databases 7-1

Managing Servers 7-1

Scheduling Recurring Tasks 7-4

Logging Server Events 7-5Searching the Logs 7-6Logging Format and Settings 7-6

Log Files 7-7

View Change Log 7-8

Dynamic Update on Server Log Settings 7-9

Monitoring and Reporting Server Status 7-10Server States 7-10Displaying Health 7-11

Server Health Status 7-11Displaying Statistics 7-12

DNS Statistics 7-14DHCP Statistics 7-15TFTP Statistics 7-17

Displaying IP Address Usage 7-19Displaying Related Servers 7-19

Monitoring Remote Servers Using Persistent Events 7-20DNS Zone Distribution Servers 7-21

viiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

DHCP Failover Servers 7-22Displaying Leases 7-22

Running Data Consistency Rules 7-23

Troubleshooting 7-25Immediate Troubleshooting Actions 7-25Modifying the cnr.conf File 7-26Troubleshooting Server Failures 7-27Troubleshooting and Optimizing the TFTP Server 7-28

Tracing TFTP Server Activity 7-28Optimizing TFTP Message Logging 7-28Enabling TFTP File Caching 7-29

Solaris and Linux Troubleshooting Tools 7-29Using the TAC Tool 7-30

C H A P T E R 8 Backup and Recovery 8-1

Backing Up Databases 8-1Syntax and Location 8-2Backup Strategy 8-2

Using cnr_shadow_backup utility: 8-2Setting Automatic Backup Time 8-3Performing Manual Backups 8-3Using Third-Party Backup Programs with cnr_shadow_backup 8-4

Database Recovery Strategy 8-4Backing Up CNRDB Data 8-5Backing Up all CNRDBs using tar or similar tools 8-6Recovering CNRDB Data from Damaged Databases 8-6Recovering CNRDB Data from Backups 8-8Recovering all CNRDBs using tar or Similar Tools 8-8Recovering single DB from tar or similar tools 8-9Virus Scanning While Running Cisco Network Registrar 8-9

Troubleshooting Databases 8-10Using the cnr_exim Data Import and Export Tool 8-10Using the cnrdb_recover Utility 8-12Using the cnrdb_verify Utility 8-13Using the cnrdb_checkpoint Utility 8-13Restoring DHCP Data from a Failover Server 8-14

P A R T 3 Address Management

ixUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

C H A P T E R 9 Managing Address Space 9-1

Address Block Administrator Role 9-1Required Permissions 9-2Role Functions 9-2

Viewing Address Space 9-3

Pulling Replica Address Space from Local Clusters 9-3

Address Blocks and Subnets 9-4Viewing Address Blocks, Subnets, and Address Types 9-5Knowing When to Add Address Blocks 9-5Adding Address Blocks 9-6Delegating Address Blocks 9-7Pushing Subnets to Local DHCP Servers and Routers 9-8Creating Reverse Zones from Subnets 9-9Reclaiming Subnets 9-9Adding Children to Address Blocks 9-9Adding Address Ranges to Subnets 9-10Viewing Address Utilization for Address Blocks, Subnets, and Scopes 9-11

Generating Subnet Utilization History Reports 9-13Enabling Subnet Utilization History Collection at the Local Cluster 9-13Querying Subnet Utilization History Data 9-14Trimming and Compacting Subnet Utilization History Data 9-15Viewing Subnet Utilization History Data 9-16

C H A P T E R 10 Managing Hosts 10-1

Managing Hosts in Zones 10-1

Adding Additional RRs for the Host 10-2

Editing Hosts 10-3

Removing Hosts 10-3

C H A P T E R 11 Managing Router Interface Configurations 11-1

Adding Routers 11-2Managed Versus Virtual Routers 11-3Secure Mode Connections with Routers 11-3Alternative Login Method to Routers 11-3Creating a Login Template 11-4

Editing Routers 11-4

Resynchronizing Routers 11-4

Pushing and Reclaiming Subnets for Routers 11-4

xUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Viewing and Editing the Router Interfaces 11-5Changeable Router Interface Attributes 11-5Bundling Interfaces 11-5

C H A P T E R 12 Managing Owners and Regions 12-1

Managing Owners 12-1

Managing Regions 12-2

Centrally Managing Owners and Regions 12-2Pushing and Pulling Owners or Regions 12-3

Pushing Owners or Regions to Local Clusters 12-3Pulling Owners and Regions from the Replica Database 12-4

C H A P T E R 13 Managing Reports 13-1

ARIN Reports and Allocation Reports 13-1

Managing ARIN Reports 13-1Managing Point of Contact and Organization Reports 13-2

Creating a Point of Contact Report 13-3Registering a Point of Contact 13-4Editing a Point of Contact Report 13-4Creating an Organization Report 13-5Registering an Organization 13-5Editing an Organization Report 13-6

Managing IPv4 Address Space Utilization Reports 13-6Managing Shared WHOIS Project Allocation and Assignment Reports 13-7

P A R T 4 Domain and Zone Administration

C H A P T E R 14 Introduction to the Domain Name System 14-1

How DNS Works 14-1

Domains 14-2Learning ExampleCo Address 14-3Establishing a Domain 14-3Difference Between Domains and Zones 14-3

Nameservers 14-5

Reverse Nameservers 14-6

High-Availability DNS 14-7

About EDNS0 14-7

xiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

C H A P T E R 15 Managing Zones 15-1

Staged and Synchronous Modes 15-1

Creating and Applying Zone Templates 15-2

Managing Primary DNS Servers 15-5Configuring Primary Forward Zones 15-5

Creating Primary Zones 15-6Editing Primary Zones 15-8Confirming Zone Nameservers 15-9Synchronizing Zones and Zone Commands 15-9Importing and Exporting Zone Data 15-9

Zone Lists and Zone Trees 15-12Adding Primary Reverse Zones 15-12

Adding Reverse Zones as Zones 15-12Adding Reverse Zones from Subnets 15-14

Getting Zone Counts on the Server 15-14

Managing Secondary Servers 15-15Adding Secondary Forward Zones 15-15Adding Secondary Reverse Zones 15-16Enabling Zone Transfers 15-16

Adding Subzones 15-17Choosing Subzone Names and Servers 15-17Creating and Delegating Subzones 15-18Undelegating Subzones 15-19Editing Subzone Delegation 15-19

Enabling DNS Updates 15-20

Managing Zone Distributions 15-20Preparing the Zone Distribution Map 15-20Creating a Zone Distribution 15-22Pulling Zone Distributions from Replica Data 15-24

C H A P T E R 16 Managing Resource Records 16-1

Managing Resource Records 16-1Adding Resource Records 16-2Protecting Resource Record Sets 16-3Editing Resource Records 16-4Removing Resource Records 16-4Removing Cached Records 16-5Listing Records 16-5

xiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Searching Server-Wide for Records and Addresses 16-6Filtering Records 16-7Deleting Leftover Zone Records After Recreating Zones 16-8Using Service Location (SRV) Records 16-8Using NAPTR Records 16-9Adding IPv6 Records 16-10

Managing Hosts in Zones 16-10

C H A P T E R 17 Managing DNS Server Properties 17-1

Managing DNS Servers 17-1Running DNS Commands 17-1Configuring DNS Server Network Interfaces 17-2

Setting DNS Server Properties 17-2Setting General DNS Server Properties 17-3Defining Forwarders for DNS Servers 17-3Setting Subzone Forwarding 17-5Using Resolution Exception 17-5Configuring Caching-Only DNS Servers 17-7Specifying Delegation-Only Zones 17-8Defining Root Nameservers 17-8Enabling Recursive Queries 17-8Enabling Round-Robin 17-9Enabling Subnet Sorting 17-9Enabling Incremental Zone Transfers (IXFR) 17-10Changesets and Checkpointing 17-10Restricting Zone Queries 17-11Enabling NOTIFY 17-11

Setting Advanced DNS Server Properties 17-12Setting SOA Time to Live 17-12Setting Secondary Refresh Times 17-13Setting Secondary Retry Times 17-13Setting Secondary Expiration Times 17-14Fetching Glue Records 17-14Reporting Lame Delegation 17-14Setting Maximum Negative Cache Times 17-15Setting Maximum Cache TTLs 17-15Setting Maximum Memory Cache Sizes 17-16Flushing DNS Cache 17-16Handling Rogue Address Records and Other Cache Attributes 17-17

xiiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Setting Query Source Addresses and Port Numbers 17-17Setting Local and External Port Numbers 17-18Handling Malicious DNS Clients and Unresponsive Nameservers 17-18Detecting and Preventing DNS Cache Poisoning 17-20

DNS Cache Poisoning Attacks 17-20Handling DNS Cache Poisoning Attacks 17-20

Dynamic Allocation of UDP Ports 17-21

Tuning DNS Properties 17-23

Troubleshooting DNS Servers 17-24

C H A P T E R 18 Configuring High-Availability DNS Servers 18-1

HA DNS Processing 18-1

Configuring an HA DNS Server Pair from Main Server 18-3

DNS Server Configuration for HA DNS 18-4

HA DNS Configuration Synchronization 18-4Initial Setup Considerations 18-4Migration Procedure 18-5

Pre-install Cisco Network Registrar on the HA DNS backup server 18-5Pre-migration Steps for HA DNS Main Server 18-5Restart Cisco Network Registrar on the HA DNS Main Server 18-6Copy Cisco Network Registrar Database Files to HA DNS Backup Server 18-6Reconfigure Cisco Network Registrar on the HA DNS Backup Server 18-7Configure Cisco Network Registrar HA DNS on the HA DNS Main Server 18-7Reload the DNS Servers 18-7

HA DNS Statistics 18-8

P A R T 5 Dynamic Host Administration

C H A P T E R 19 Introduction to Dynamic Host Configuration 19-1

How DHCP Works 19-1Sample DHCP User 19-2Typical DHCP Administration 19-2Leases 19-3Scopes and Policies 19-3

Cisco Network Registrar DHCP Implementations 19-4DHCP and IPv6 19-4Virtual Private Networks 19-5Subnet Allocation and DHCP Address Blocks 19-6

xivUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

DNS Update 19-7Effect on DNS of Obtaining Leases 19-7Effect on DNS of Releasing Leases 19-8Effect on DNS of Reacquiring Leases 19-8

DHCP Failover 19-8How Failover Works 19-9Failover States and Transitions 19-10Allocating Addresses Through Failover 19-11

Client-Classes 19-12DHCP Processing Without Client-Classes 19-13DHCP Processing with Client-Classes 19-13Defining Scopes for Client-Classes 19-14Choosing Networks and Scopes 19-15

C H A P T E R 20 Configuring Scopes and Networks 20-1

Configuring DHCP Servers 20-1General Configuration Guidelines 20-2Configuring DHCP Server Interfaces 20-2

Defining and Configuring Scopes 20-3Creating and Applying Scope Templates 20-3

Using Expressions in Scope Templates 20-4Additional Scope Template Attributes 20-8Editing Scope Templates 20-8Applying Scope Templates to Scopes 20-9Cloning a Scope Template 20-10

Creating Scopes 20-10Getting Scope Counts on the Server 20-11Configuring Multiple Scopes 20-11

Configuring Multiple Scopes for Round-Robin Address Allocation 20-12Configuring Multiple Scopes Using Allocation Priority 20-12

Editing Scopes 20-17Staged and Synchronous Mode 20-18Configuring Embedded Policies for Scopes 20-19Configuring Multiple Subnets on a Network 20-20Enabling and Disabling BOOTP for Scopes 20-21Disabling DHCP for Scopes 20-21Deactivating Scopes 20-22Setting Scopes to Renew-Only 20-22Setting Free Address SNMP Traps on Scopes 20-22

xvUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Removing Scopes 20-23Removing Scopes if Not Reusing Addresses 20-24Removing Scopes if Reusing Addresses 20-24

Managing DHCP Networks 20-24Listing Networks 20-25Editing Networks 20-25

C H A P T E R 21 Configuring Policies and Options 21-1

Configuring DHCP Policies 21-1Types of Policies 21-2Policy Hierarchy 21-3Creating and Applying DHCP Policies 21-3Cloning a Policy 21-5Setting DHCP Options and Attributes for Policies 21-6

Adding Option Values 21-6Adding Complex Values for Suboptions 21-7

Creating and Editing Embedded Policies 21-8

Creating DHCP Option Definition Sets and Option Definitions 21-8Using Standard Option Definition Sets 21-9Creating Custom Option Definitions 21-10Creating Vendor-Specific Option Definitions 21-10Option Definition Data Types and Repeat Counts 21-16Adding Suboption Definitions 21-17Importing and Exporting Option Definition Sets 21-17Pushing Option Definition Sets to Local Clusters 21-18Pulling Option Definition Sets from Replica Data 21-18Setting Option Values for Policies 21-19

C H A P T E R 22 Managing Leases 22-1

Configuring Leases in Scopes 22-1Viewing Leases 22-2Lease States 22-2Guidelines for Lease Times 22-3

Restricting Lease Dates 22-4Importing and Exporting Lease Data 22-5Pinging Hosts Before Offering Addresses 22-7Deactivating Leases 22-8Excluding Leases from Ranges 22-8

Searching Server-Wide for Leases 22-9

xviUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Using Client Reservations 22-12Differences Between Client Reservations And Lease Reservations 22-14

Creating Lease Reservations 22-14DHCPv4 Reservations 22-15

Setting Advanced Lease and Reservation Properties 22-16Reserving Currently Leased Addresses 22-16Unreserving Leases 22-18Extending Reservations to Non-MAC Addresses 22-18Forcing Lease Availability 22-20Inhibiting Lease Renewals 22-20Handling Leases Marked as Unavailable 22-21Setting Timeouts for Unavailable Leases 22-22

Running Address and Lease Reports 22-22Running Address Usage Reports 22-23Running IP Lease Histories 22-23

Enabling Lease History Recording at the Local Cluster 22-24Querying IP Lease History 22-24Trimming Lease History Data 22-28

Running Lease Utilization Reports 22-29Receiving Lease Notification 22-29

Running Lease Notification Automatically in Solaris and Linux 22-30Running Lease Notification Automatically in Windows 22-30Specifying Configuration Files for Lease Notification 22-31

Querying Leases 22-31Leasequery Implementations 22-32Pre-RFC Leasequery for DHCPv4 22-32RFC 4388 Leasequery for DHCPv4 22-33Leasequery for DHCPv6 22-34Leasequery Statistics 22-35Leasequery Example 22-36

Dynamic Lease Notification 22-38Using Dynamic Lease Notification 22-38

Sample Lease Notification Client 22-39Requirements for Sample Java Client 22-41DHCP Listener Configuration 22-42

C H A P T E R 23 Advanced DHCP Server Properties 23-1

Configuring BOOTP 23-1About BOOTP 23-2

xviiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Enabling BOOTP for Scopes 23-3Moving or Decommissioning BOOTP Clients 23-3Using Dynamic BOOTP 23-3BOOTP Relay 23-4

Defining Advanced Server Attributes 23-4Setting Advanced DHCP Server Attributes 23-4Deferring Lease Extensions 23-8

Integrating Windows System Management Servers 23-9

Using Extensions to Affect DHCP Server Behavior 23-11Writing Extensions 23-11Preventing Chatty Clients by Using an Extension 23-13

Tuning the DHCP Server 23-15

Configuring Virtual Private Networks and Subnet Allocation 23-17Configuring Virtual Private Networks Using DHCP 23-17

Typical Virtual Private Networks 23-18Creating and Editing Virtual Private Networks 23-19VPN Usage 23-20

Configuring DHCP Subnet Allocation 23-22VPN and Subnet Allocation Tuning Parameters 23-23

Setting DHCP Forwarding 23-24

C H A P T E R 24 Configuring Client-Classes and Clients 24-1

Configuring Client-Classes 24-1Client-Class Process 24-2Defining Client-Classes 24-2Setting Selection Tags on Scopes and Prefixes 24-3Defining Client-Class Hostname Properties 24-4Editing Client-Classes and Their Embedded Policies 24-5Processing Client Data Including External Sources 24-6

Processing Order to Determine Client-Classes 24-7Processing Order to Determine Selection Tags 24-7

Troubleshooting Client-Classes 24-8

Configuring Clients 24-9Editing Clients and Their Embedded Policies 24-10Setting Windows Client Properties 24-11Allocating Provisional Addresses 24-12Skipping Client Entries for Client-Classing 24-13Limiting Client Authentication 24-13Setting Client Caching Parameters 24-14

xviiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Subscriber Limitation Using Option 82 24-14General Approach to Subscriber Limitation 24-15Typical Limitation Scenario 24-15Calculating Client-Classes and Creating Keys 24-16Client-Class Lookup Expression Processing 24-16Limitation Processing 24-16Expression Processing for Subscriber Limitation 24-17Configuring Option 82 Limitation 24-17Lease Renewal Processing for Option 82 Limitation 24-18Administering Option 82 Limitation 24-18Troubleshooting Option 82 Limitation 24-19Expression Examples 24-19

Configuring Cisco Network Registrar to Use LDAP 24-19About LDAP Directory Servers 24-20Adding and Editing LDAP Remote Servers 24-20Configuring DHCP Client Queries in LDAP 24-21Configuring DHCP LDAP Update and Create Services 24-24

Lease State Attributes 24-25Configuring DHCP to Write Lease States to LDAP 24-26Using LDAP Updates 24-27Configuring LDAP State Updates 24-27Configuring LDAP Entry Creation 24-29

Troubleshooting LDAP 24-30LDAP Connection Optimization 24-30Recommended Values for LDAP 24-31

C H A P T E R 25 Using Expressions 25-1

Using Expressions 25-2

Entering Expressions 25-3

Creating Expressions 25-4Expression Syntax 25-5Expression Datatypes 25-5Literals in Expressions 25-5Expressions Return Typed Values 25-6Expressions Can Fail 25-6Expression Functions 25-7Datatype Conversions 25-23

Expression Examples 25-24Limitation Example 1: DOCSIS Cable Modem 25-25

xixUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Limitation Example 2: Extended DOCSIS Cable Modem 25-26Limitation Example 3: DSL over Asynchronous Transfer Mode 25-26

Debugging Expressions 25-28

C H A P T E R 26 Managing DHCPv6 Addresses 26-1

DHCPv6 Concepts 26-2IPv6 Addressing 26-2Links and Prefixes 26-2

Determining Links and Prefixes 26-3Generating Addresses 26-4Generating Delegated Prefixes 26-4

DHCPv6 Clients and Leases 26-5DHCPv6 Bindings 26-6Lease Affinity 26-6Lease Life Cycle 26-6DHCPv6 Reservations 26-7Searching for Leases 26-9Querying Leases for DHCPv6 26-9

DHCPv6 Policy Hierarchy 26-9DHCPv6 Options 26-10

DHCPv6 Configuration 26-11Viewing IPv6 Address Space 26-11Configuring Links 26-12

Creating and Editing Link Templates 26-12Creating and Editing Links 26-18

Configuring Prefixes 26-19Creating and Editing Prefix Templates 26-19Creating and Editing Prefixes 26-25Viewing Address Utilization for Prefixes 26-28

Viewing DHCPv6 Networks 26-30Editing DHCPv6 Server Attributes 26-30Configuring DHCPv6 Policies 26-30Configuring DHCPv6 Client-Classes 26-31Configuring DHCPv6 Clients 26-32Setting DHCPv6 Options 26-32Reconfigure Support 26-33

DNS Update for DHCPv6 26-34

xxUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

C H A P T E R 27 Configuring DHCP Failover 27-1

Failover Scenarios 27-1Simple Failover 27-2Back Office Failover 27-3Symmetrical Failover 27-4

Failover Checklist 27-5

Creating and Synchronizing Failover Server Pairs 27-6Adding Failover Pairs 27-6Changing Failover Pair Server Addresses 27-7Synchronizing Failover Pairs 27-7Restarting the Failover Servers 27-10

Confirming Failover 27-11

State Transitions During Integration 27-11

Setting Advanced Failover Attributes 27-15Setting Backup Percentages 27-15

Server and Scope Backup Percentages 27-16BOOTP Backup Percentage 27-17

Setting Backup Allocation Boundaries 27-17Setting the Maximum Client Lead Time 27-18Using the Failover Safe Period to Move Servers into PARTNER-DOWN State 27-19Setting DHCP Request and Response Packet Buffers 27-20Changing Polling Attributes 27-21Setting the Network Discovery Attribute 27-21Setting Load Balancing 27-21

Load Balancing Compatibility with Earlier Cisco Network Registrar Versions 27-22Configuring Load Balancing 27-22

Changing Failover Server Roles 27-22Making Nonfailover Servers Failover Mains 27-23Replacing Servers Having Defective Storage 27-23Removing Backup Servers and Halting Failover Operation 27-24Adding Main Servers to Existing Backup Servers 27-24Configuring Failover on Multiple Interface Hosts 27-24

Restoring a Standalone DHCP Failover Server to Backup State 27-25Background 27-25Repair Procedure 27-26Restoring the Failover Pair with Reversed Roles 27-26Starting with Server A Powered Off 27-27Starting with Server A Powered On and Server Agent Disabled 27-28Starting with Server A Replaced 27-29

xxiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Transferring Current Lease State to Server A 27-30

Repairing Partners to Their Original Roles 27-30

Recovering in Failover Configuration 27-31

Supporting BOOTP Clients in Failover 27-32Static BOOTP 27-32Dynamic BOOTP 27-32Configuring BOOTP Relays 27-33

DHCPLEASEQUERY and Failover 27-33

Troubleshooting Failover 27-33Monitoring Failover Operations 27-33Detecting and Handling Network Failures 27-33

C H A P T E R 28 Configuring DNS Update 28-1

DNS Update Process 28-1

Special DNS Update Considerations 28-2

DNS Update for DHCPv6 28-2DHCPv6 Upgrade Considerations 28-3Generating Synthetic Names in DHCPv6 28-3Determining Reverse Zones for DNS Updates 28-4Using the Client FQDN 28-4

Creating DNS Update Configurations 28-5

Creating DNS Update Maps 28-7

Configuring Access Control Lists and Transaction Security 28-8Access Control Lists 28-8Configuring Zones for Access Control Lists 28-9Transaction Security 28-9

Creating TSIG Keys 28-10Generating Keys 28-10Considerations for Managing Keys 28-11Adding Supporting TSIG Attributes 28-11

Configuring DNS Update Policies 28-12Compatibility with Previous Cisco Network Registrar Releases 28-12Creating and Editing Update Policies 28-12Defining and Applying Rules for Update Policies 28-13

Defining Rules for Named Update Policies 28-13Applying Update Policies to Zones 28-15

Confirming Dynamic Records 28-16

Scavenging Dynamic Records 28-16

xxiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Troubleshooting DNS Update 28-18

Configuring DNS Update for Windows Clients 28-18Client DNS Updates 28-18Dual Zone Updates for Windows Clients 28-20DNS Update Settings in Windows Clients 28-21Windows Client Settings in DHCP Servers 28-21SRV Records and DNS Updates 28-22Issues Related to Windows Environments 28-23Frequently Asked Questions About Windows Integration 28-27

C H A P T E R 29 Using Extension Points 29-1

Using Extensions 29-1Creating, Editing, and Attaching Extensions 29-2Determining Tasks 29-3Deciding on Approaches 29-3Choosing Extension Languages 29-4

Language-Independent API 29-4Routine Signature 29-4Dictionaries 29-5Utility Methods in Dictionaries 29-5Configuration Errors 29-5Communicating with External Servers 29-6Recognizing Extensions 29-6Multiple Extension Considerations 29-7

Tcl Extensions 29-7Tcl Application Program Interface 29-8Dealing with Tcl errors 29-8Handling Boolean Variables in Tcl 29-8Configuring Tcl Extensions 29-8Init-Entry Extension Point in Tcl 29-9

C/C++ Extensions 29-9C/C++ API 29-9Using Types in C/C++ 29-10Building C/C++ Extensions 29-10Using Thread-Safe Extensions in C/C++ 29-10Configuring C/C++ Extensions 29-11Debugging C/C++ Extensions 29-11

Pointers into DHCP Server Memory in C/C++ 29-12Init-Entry Entry Point in C/C++ 29-12

xxiiiUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

DHCP Request Processing Using Extensions 29-12Enabling DHCPv6 Extensions 29-14Receiving Packets 29-14Decoding Packets 29-15Determining Client-Classes 29-15Modifying Client-Classes 29-15Processing Client-Classes 29-15Building Response Containers 29-16Determining Networks and Links 29-16Finding Leases 29-16Serializing Lease Requests 29-17Determining Lease Acceptability 29-17DHCPv6 Leasing 29-19

DHCPv6 Prefix Usability 29-19DHCPv6 Lease Usability 29-20DHCPv6 Lease Allocation 29-20

Gathering Response Packet Data 29-20Encoding Response Packets 29-21Updating Stable Storage 29-21Sending Packets 29-21Processing DNS Requests 29-21Tracing Lease State Changes 29-22Controlling Active Leasequery Notifications 29-22

Extension Dictionaries 29-23Environment Dictionary 29-24

General Environment Dictionary Data Items 29-25Initial Environment Dictionary 29-26

Request and Response Dictionaries 29-26Decoded DHCP Packet Data Items 29-27Using Parameter List Option 29-28

Extension Point Descriptions 29-28init-entry 29-29pre-packet-decode 29-30post-packet-decode 29-31

Extension Description 29-31Overriding Client Identifiers 29-31

post-class-lookup 29-32pre-client-lookup 29-32

Environment Dictionary for pre-client-lookup 29-33post-client-lookup 29-34

xxivUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

Environment Dictionary for post-client-lookup 29-35generate-lease 29-35check-lease-acceptable 29-37lease-state-change 29-37

Environment Dictionary for lease-state-change 29-38pre-packet-encode 29-38post-packet-encode 29-38pre-dns-add-forward 29-38post-send-packet 29-39environment-destructor 29-39

P A R T 6 Virtual Appliance

C H A P T E R 30 Introduction to Cisco Network Registrar Virtual Appliance 30-1

How the Cisco Network Registrar Virtual Appliance Works 30-2How to Download the Cisco Network Registrar Virtual Appliance 30-2

Monitoring Disk Space Availability 30-2

Increasing the Size of Disk 30-3

Troubleshooting 30-4

C H A P T E R 31 Managing the Cisco Network Registrar Virtual Appliance 31-1

Invoking Cisco Network Registrar Virtual Appliance 31-1

Modifying Virtual Appliance Configuration 31-3Setting the Time Zone 31-4Viewing Network Status 31-4Configuring Proxy Server 31-4Checking Updates 31-5Setting Update timings 31-5Setting the Repository 31-5

Accessing Cisco Network Registrar Application 31-6

Configurations and Restrictions 31-6

P A R T 7 Appendices, Glossary, and Index

A P P E N D I X A Resource Records A-1

A P P E N D I X B DHCP Options B-1

Option Descriptions B-1

xxvUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Contents

RFC 1497 Vendor Extensions B-1IP Layer Parameters Per Host B-3IP Layer Parameters Per Interface B-4Link Layer Parameters Per Interface B-4TCP Parameters B-5Application and Service Parameters B-5DHCPv4 Extension Options B-8Microsoft Client Options B-11DHCPv6 Options B-11

Option Tables B-15Options by Number B-15Options by Cisco Network Registrar Name B-20Option Validation Types B-26

A P P E N D I X C DHCP Extension Dictionary C-1

Extension Dictionary Entries C-1Decoded DHCP Packet Data Items C-1Request Dictionary C-10Response Dictionary C-16

Extension Dictionary API C-26Tcl Attribute Dictionary API C-26

Tcl Request and Response Dictionary Methods C-26Tcl Environment Dictionary Methods C-29

DEX Attribute Dictionary API C-30DEX Request and Response Dictionary Methods C-31DEX Environment Dictionary Methods C-38

Handling Objects and Options C-40Using Object and Option Handling Methods C-40Options and Suboptions in C/C++ C-40

Examples of Option and Object Method Calls C-42Handling Vendor Class Option Data C-42Handling Object Data C-42

G L O S S A R Y

xxviUser Guide for Cisco Network Registrar, 7.2

OL-20606-01

Preface

This guide describes configuring Cisco Network Registrar by using the web-based user interface (web UI) and command line interface (CLI).

Who Should Read This GuideThis guide is designed for network managers who are responsible for maintaining the network Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP), and Simple Network Management Protocol (SNMP) servers. The network manager should be familiar with the following topics:

Basic concepts and terminology used in internetworking

Network topology and protocols

How This Guide Is OrganizedThis guide describes how to become familiar with Cisco Network Registrar features so that you can use them to administer network addresses. The parts of this guide are described in the following subsections.

Part 1Getting StartedPart 1 introduces Cisco Network Registrar, describes the management and protocol components, and describes the user interfaces. This part includes the following chapters:

Chapter 1 Cisco Network Registrar Components

Introduces Cisco Network Registrar, its deployment scenarios, and some deployment guidelines.

Chapter 2 Cisco Network Registrar User Interfaces

Describes the Cisco Network Registrar management and protocol components.

Chapter 3 Server Status Dashboard Describes the Cisco Network Registrar server status dashboard features and functions.

Chapter 4 Deploying Cisco Network Registrar

Describes the Cisco Network Registrar local and regional web UIs and CLIs.

xxviiUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

Preface

Part 2Local and Regional AdministrationPart 2 describes how to configure administrators, manage the central configuration, and maintain the servers and databases (including backup and recovery). This part includes the following chapters:

Part 3Address ManagementPart 3 describes how to manage the IP address space and its hierarchy, hosts, Router Interface Configuration (RIC) servers, owners and regions, and reports. This part includes the following chapters:

Part 4Domain and Zone AdministrationPart 4 describes how to configure DNS servers, zones, resource records, server attributes, and High Availability (HA) servers. This part includes the following chapters:

Chapter 5 Configuring Administrators Describes how to configure the local and regional administrators, and provides administration tutorials. It also describes how to manage tenants.

Chapter 6 Managing the Central Configuration

Describes how to manage the central network configuration from the regional cluster.

Chapter 7 Maintaining Servers and Databases

Describes how to maintain the Cisco Network Registrar servers.

Chapter 8 Backup and Recovery Describes how to back up or recover the databases.

Chapter 9 Managing Address Space Describes how to manage address space elements known as address blocks and subnets.

Chapter 10 Managing Hosts Describes how to manage network hosts.

Chapter 11 Managing Router Interface Configurations

Describes how to manage the RIC server.

Chapter 12 Managing Owners and Regions

Describes how to manage network owners and regions.

Chapter 13 Managing Reports Describes how to manage American Registry of Internet Numbers (ARIN) and address allocation reports.

Chapter 14 Introduction to the Domain Name System

Introduces the Domain Name System (DNS) protocol and its Cisco Network Registrar implementation.

Chapter 15 Managing Zones Describes how to manage DNS zones.

Chapter 16 Managing Resource Records Describes how to manage DNS resource records (RRs).

xxviiiUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

Preface

Part 5Dynamic Host AdministrationPart 5 describes DHCP and how to configure scopes and leases and their several deployments, IPv6 addresses, clients and client-classes, failover, DNS Update, and special processing using extensions. This part includes the following chapters:

Chapter 17 Managing DNS Server Properties

Describes how to set more advanced DNS server properties.

Chapter 18 Configuring High-Availability DNS Servers

Describes how to configure a High Availability (HA) DNS server.

Chapter 19 Introduction to Dynamic Host Configuration

Introduces DHCP and its Cisco Network Registrar implementation.

Chapter 20 Configuring Scopes and Networks

Describes how to configure scopes and networks.

Chapter 21 Configuring Policies and Options

Describes how to configure policies and options.

Chapter 22 Managing Leases Describes how to manage leases.

Chapter 24 Configuring Client-Classes and Clients

Describes how to configure DHCP clients and client-classes.

Chapter 25 Using Expressions Describes how to use expressions for DHCP processing.

Chapter 26 Managing DHCPv6 Addresses

Describes how to manage the DHCPv6 address space.

Chapter 27 Configuring DHCP Failover Describes how to configure DHCP failover servers.

Chapter 23 Advanced DHCP Server Properties

Describes how to manage the more advanced DHCP server properties.

Chapter 28 Configuring DNS Update Describes how to configure DNS Update for DHCP.

Chapter 29 Using Extension Points Describes how to use extensions for DHCP processing.

xxixUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

Preface

Part 6Virtual AppliancePart 6 describes virtual appliance and how to configure and mange Cisco Network Registrar virtual appliance. This part includes the following chapters:

Part 7Appendixes, Glossary, and IndexPart 7 includes appendixes that describe DNS RRs, DHCP options, and the DHCP extension dictionary. This part also includes a glossary and an index.

Document ConventionsThis guide uses the following documentation conventions.

FormattingThis guide uses the following formatting conventions:

User input and controls are indicated in bold; for example, enter 1234 and click Modify Scope.

Object attributes are indicated in italics; for example, the failover-safe-period attribute.

Cross-references to chapters or sections of chapters are indicated in blue type; for example, see the Document Conventions section on page xxx.

Chapter 30 Introduction to Cisco Network Registrar Virtual Appliance

Introduces virtual appliance and its Cisco Network Registrar implementation.

Chapter 31 Managing the Cisco Network Registrar Virtual Appliance

Describes how to manage the Cisco Network Registrar virtual appliance.

Appendix A Resource Records Describes the DNS RRs.

Appendix B DHCP Options Describes the DHCP options.

Appendix C DHCP Extension Dictionary Describes the DHCP extension dictionary.

Glossary Glossary Glossary of terms used in Cisco Network Registrar.

Index Index Index to the guide.

xxxUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

Preface

Navigation and ScreensThis guide uses the following navigation and screen display conventions:

Windows systems use a two-button mouse. To drag and drop an object, click and hold the left mouse button on the object, drag the object to the target location, then release the button.

Solaris systems use a three-button mouse. To drag and drop an object, click and hold the middle mouse button on the object, drag the object to the target location, then release the button.

Screen displays can differ slightly from those included in this guide, depending on the system or browser you use.

Web UI Navigation bar labels can have IPv4 and IPv6 variants depending on the administrator role privileges assigned. To simplify procedural instructions, this User Guide uses the most generic versions of the menu bar labels, unless there is a need to be more specific. For example, the Address Space menu label might be rendered as Address Space v4 and Address Space v6. The instructions will have the label simply as Address Space.

CalloutsCallouts in the text have the following meaning:

Caution Be careful. The description alerts you to potential data damage or loss.

Note Take note. The description is particularly noteworthy.

Timesaver Save time. The description can present a timesaver.

Tip Consider this helpful hint. The description can present an optimum action to take.

xxxiUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

Preface

Product Documentation

Note We sometimes update the electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

Table 1 describes the product documentation that is available. You can view the marketing and user documents for Cisco Network Registrar at: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/index.html.

Table 1 Product Documentation

Document Title Available Formats

User Guide for Cisco Network Registrar 7.2 (This guide)

PDF on the product CD-ROM

On Cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_list.html

Documentation Guide for Cisco Network Registrar 7.2

PDF on the product CD-ROM

On Cisco.com:http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/tsd_products_support_general_information.html

Installation Guide for Cisco Network Registrar 7.2

PDF on the product CD-ROM

On Cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_installation_guides_list.html

Quick Start Guide for Cisco Network Registrar 7.2

PDF on the product CD-ROM

On Cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_installation_guides_list.html

CLI Reference Guide for Cisco Network Registrar 7.2

As an HTML document that you can view in your web browser when you install the software. The document is available at Programs > Network Registrar > Registrar CLI Reference Guide.

On Cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_command_reference_list.html

Cisco Network Registrar 7.2 Third Party and Open Source Licenses and Notices

PDF on the product CD-ROM

On Cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.html

xxxiiUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

http://www.cisco.com/en/US/docs/net_mgmt/network_registrar/7.1/user/guide/CNR71_UG_Book.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/index.htmlhttp://www.cisco.comhttp://www.cisco.com/en/US/docs/net_mgmt/network_registrar/7.1/roadmap/CNR71Install.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/tsd_products_support_general_information.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/tsd_products_support_general_information.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_command_reference_list.htmlhttp://www.cisco.com/en/US/docs/net_mgmt/network_registrar/7.1/install/guide/CNR71Install.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_installation_guides_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_installation_guides_list.htmlhttp://www.cisco.com/en/US/docs/net_mgmt/network_registrar/7.0/user/guide/CNR70_QS_book.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_list.html

Preface

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Release Notes for Cisco Network Registrar 7.2

PDF on the product CD-ROM

On Cisco.com:http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.html

Online Help Choose Help > Help Contents in the main menu to view the entire help contents

Table 1 Product Documentation (continued)

Document Title Available Formats

xxxiiiUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.htmlhttp://www.cisco.com/en/US/docs/net_mgmt/network_registrar/7.1/roadmap/CNR71Install.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.htmlhttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/prod_release_notes_list.html

Preface

xxxivUser Guide for Cisco Network Registrar Release 7.2

OL-20606-01

P A R T 1

Getting Started

OL-20606-01

C H A P T E R 1

Cisco Network Registrar Components

Cisco Network Registrar provides the tools to configure and control the servers necessary to manage your IP address space. This chapter provides an overview of the management components and concentrates on the Trivial File Transfer Protocol (TFTP) and Simple Network Management Protocol (SNMP), which are not covered in subsequent parts of this User Guide.

Management ComponentsCisco Network Registrar contains two management components:

Regional component, consisting of:

Web-based user interface (web UI)

Command line interface (CLI)

Central Configuration Management (CCM) server to provide to local cluster, address space, and router management

Local component, consisting of:

Web UI

CLI

CCM server

Domain Name System (DNS) server

Dynamic Host Configuration Protocol (DHCP) server

Trivial File Transport Protocol (TFTP) server

Simple Network Management Protocol (SNMP) server

Router Interface Configuration (RIC) server

Management of local address space, zones, scopes, DHCPv6 prefixes and links, and users

The remainder of this chapter describes the TFTP and SNMP protocols. The CCM server, web UIs, and CLI are described in Chapter 2, Cisco Network Registrar User Interfaces. The DNS, DHCP, and RIC servers are described in their respective sections of this manual.

1-1User Guide for Cisco Network Registrar, 7.2

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsTrivial File Transfer

Trivial File TransferThe Trivial File Transfer Protocol (TFTP) is a way of transferring files across the network using the User Datagram Protocol (UDP), a connectionless TCP/IP transport layer protocol. Cisco Network Registrar maintains a TFTP server so that systems can provide device provisioning files to cable modems that comply with the Data Over Cable Service Interface Specification (DOCSIS) standard. The TFTP server buffers the DOCSIS file in its local memory as it sends the file to the modem. After a TFTP transfer, the server flushes the file from local memory. TFTP also supports non-DOCSIS configuration files.

Here are some of the features of the Cisco Network Registrar TFTP server:

Complies with RFCs 1123, 1350, 1782, and 1783

Includes a high performance multithreaded architecture

Supports IPv6

Caches data for performance enhancements

Is configurable and controllable in the web UI and using the tftp command in the CLI

Includes flexible path and file access controls

Includes audit logging of TFTP connections and file transfers

Has a default root directory in the Cisco Network Registrar install-path/data/tftp

See Also

Viewing and Editing the TFTP ServerManaging the TFTP Server Network Interfaces, page 1-3

Viewing and Editing the TFTP ServerAt the local cluster, you can edit the TFTP server to modify its attributes. You must be assigned the server-management subrole of the ccm-admin role.

Local Basic or Advanced Web UI

Step 1 From the Administration drop-down list, choose Manage Servers to open the Manage Servers page (see the Managing Servers section on page 7-1).

Step 2 Click the Local TFTP Server link to open the Edit TFTP Server page.

Step 3 Values for the attributes marked with asterisks are required for TFTP server operation. You can click the name of any attribute to open a description window for the attribute.

Step 4 To unset any attribute value, click the check box in the Unset? column, then click Unset Fields at the bottom of the page. To modify values you change or unset, click Modify Server, or Cancel to cancel the changes.

CLI Commands

Use tftp to show the attribute values. Use tftp set attribute=value or tftp enable attribute to set or enable attributes. You can also use tftp serverLogs show, and tftp serverLogs nlogs=number logsize=size.

1-2User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Managing the TFTP Server Network InterfacesYou can manage the network interfaces for the TFTP server.

Local Advanced Web UI

Manage the network interfaces associated with the TFTP server by clicking the icon in the Interfaces column of the TFTP server on the Manage Servers page. You can view the default configured network interfaces, and create and edit additional ones. To create and edit them, you must be assigned the server-management subrole of the ccm-admin role.

The columns on the Manage TFTP Server Network Interface page are:

NameName of the network interface, such as the LAN adapter, loopback, and Fast Ethernet interfaces. If the name is under the Configured Interfaces column, you can edit and delete the interface. Clicking the name opens the Edit TFTP Server Network Interface page so that you can edit the interface name and addresses. Make changes, then click Modify Interface on this page.

IP AddressIP address of the network interface.

IPv6 AddressIPv6 address, if applicable, of the network interface.

FlagsFlags for whether the interface should be zero-broadcast, virtual, v4, v6, no-multicast, or receive-only.

ConfigureTo configure a new network interface, click the Configure icon next to the interface name. This creates another interface based on the one selected, but with a more general IP address, and adds this interface to the Configured Interfaces for this TFTP Server.

Configured Interfaces for this TFTP ServerUser-configured network interfaces, showing each name and associated address. Click the interface name to edit it, or click the Delete icon to delete it.

To return to managing the server, click Return.

CLI Commands

Use the tftp-interface commands.

Simple Network ManagementThe Cisco Network Registrar Simple Network Management Protocol (SNMP) notification support allows you to query the DHCP and DNS counters, be warned of error conditions and possible problems with the DNS and DHCP servers, and monitor threshold conditions that can indicate failure or impending failure conditions.

Cisco Network Registrar implements SNMP Trap Protocol Data Units (PDUs) according to the SNMPv2c standard. Each trap PDU contains:

Generic-notification code, if enterprise-specific.

A specific-notification field that contains a code indicating the event or threshold crossing that occurred.

A variable-bindings field that contains additional information about certain events.

Refer to the Management Information Base (MIB) for the details. The SNMP server supports only reads of the MIB attributes. Writes to the attributes are not supported.

1-3User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

The following MIB files are required:

TrapsCISCO-NETWORK-REGISTRAR-MIB.my

DNS serverCISCO-DNS-SERVER-MIB.my

DHCPv4 serverCISCO-IETF-DHCP-SERVER-MIB.my

DHCPv4 server capabilityCISCO-IETF-DHCP-SERVER-CAPABILITY.my

DHCPv4 server extensionsCISCO-IETF-DHCP-SERVER-EXT-MIB.my

DHCPv4 server extensions capabilityCISCO-IETF-DHCP-SERVER-EXT-CAPABILITY.my

DHCPv6 serverCISCO-NETREG-DHCPV6-MIB.my (experimental)

Note A new MIB, CISCO-NETREG-DHCPV6-MIB is defined to support query of new DHCP v6 related statistics and new DHCP v6 traps.

These MIB files are available in the /misc directory of the Cisco Network Registrar installation path.

The following URL includes all files except the experimental CISCO-NETREG-DHCPV6-MIB.my file:

ftp://ftp.cisco.com/pub/mibs/supportlists/cnr/cnr-supportlist.html

The following dependency files are also required:

Dependency for DHCPv4 and DHCPv6CISCO-SMI.my

Additional dependencies for DHCPv6INET-ADDRESS-MIB.my

These dependency files are available along with all the MIB files at the following URL:

ftp://ftp.cisco.com/pub/mibs/v2/

To get the object identifiers (OIDs) for the MIB attributes, go to the equivalently named .oid file at:

ftp://ftp.cisco.com/pub/mibs/oid/

See Also

Setting Up the SNMP ServerHow Notification Works, page 1-6Handling SNMP Notification Events, page 1-7Handling SNMP Queries, page 1-11

1-4User Guide for Cisco Network Registrar, 7.2

OL-20606-01

ftp://ftp.cisco.com/pub/mibs/supportlists/cnr/cnr-supportlist.htmlftp://ftp.cisco.com/pub/mibs/v2/ftp://ftp.cisco.com/pub/mibs/oid/

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Setting Up the SNMP ServerTo perform queries to the SNMP server, you need to set up the server properties.

Local Basic or Advanced Web UI

Step 1 From the Administration drop-down list, choose Manage Servers to open the Manage Servers page (see the Managing Servers section on page 7-1).

Step 2 Click the Local SNMP Server link to open the Edit SNMP Server page.

Step 3 The Community string attribute is the password to access the server. (The community string is a read community string only.) The preset value is public.

Step 4 You can specify log settings and other miscellaneous and advanced options:

trap-source-addrOptional sender address to use for outgoing traps.

server-activeDetermines whether the SNMP server is active for queries. The default value is true. If set to false, the server will run, but is not accessible for queries and does not send out traps.

cache-ttlDetermines how long the SNMP caches responds to queries, default to 60 seconds.

Step 5 To manage the SNMP server interfaces, click List Interfaces (or select Advanced mode and click the icon in the Interfaces column of the SNMP server on the Manage Servers page). You can view the default configured network interfaces, and create and edit additional ones. To create and edit them, you must be assigned the server-management subrole of the ccm-admin role. The interface properties are similar to those for the TFTP server (see the Managing the TFTP Server Network Interfaces section on page 1-3).

Step 6 To manage trap recipients for the server:

a. Click List Trap Recipients to open the List/Add Trap Recipients page.

b. Enter the name and IP address of a trap recipient (both are required).

c. Click Add Trap Recipient.

d. Repeat for each additional trap recipient.

e. To set the port, community string, and agent address for a trap recipient, click its name on the List/Add Trap Recipients page to open the Edit Trap Recipient page, then set the values.

f. Click Modify Recipient.

Step 7 Complete the SNMP server setup by clicking Modify Server.

CLI Commands

To set the community string in the CLI so that you can access the SNMP server, use snmp set community=name. Use snmp set trap-source-addr to set the trap source address. Use snmp disable server-active to deactivate the SNMP server, and snmp set cache-ttl=time to set the cache time-to-live.

To set trap recipients, use trap-recipient, in the following syntax to include the IP address:

nrcmd> trap-recipient name create ip-addr=ip-addr

You can also add the agent-address, community, and port-number values for the trap recipient.

1-5User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Other SNMP-related commands include snmp disable server-active to prevent the server from running when started, and the snmp-interface commands to configure the interfaces. The addr-trap command is described in the Handling SNMP Notification Events section on page 1-7.

How Notification WorksCisco Network Registrar SNMP notification support allows a standard SNMP management station to receive notification messages from the DHCP and DNS servers. These messages contain the details of the event that triggered the SNMP trap.

Cisco Network Registrar generates notifications in response to predetermined events that the application code detects and signals. Each event can also carry with it a particular set of parameters or current values. For example, the free-address-low-threshold event can occur in the scope with a value of 10% free. Other scopes and values are also possible for such an event, and each type of event can have different associated parameters.

Table 1-1 describes the events that can generate notifications.

Table 1-1 SNMP Notification Events

Event Notification

Address conflict with another DHCP server detected (address-conflict)

An address conflicts with another DHCP server.

DNS queue becomes full (dns-queue-size)

The DHCP server DNS queue fills and the DHCP server stops processing requests. (This is usually a rare internal condition.)

Duplicate IP address detected (duplicate-address and duplicate-address6)

A duplicate IPv4 or IPv6 address occurs.

Duplicate IPv6 prefix detected (duplicate-prefix6)

A duplicate IPv6 prefix occurs.

Failover configuration mismatch (failover-config-error)

A DHCP failover configuration does not match between partners.

DNS forwarders not responding (forwarders-not-responding)

Forwarding servers stop responding to the DNS server.

DNS forwarders responding (forwarders-responding)

Forwarding servers respond after having been unresponsive.

Free-address thresholds (free-address-low and free-address-high; or free-address6-low and free-address6-high)

The high trap when the number of free IPv4 or IPv6 addresses exceeds the high threshold; or a low trap when the number of free addresses falls below the low threshold after previously triggering the high trap.

High-availability (HA) DNS configuration mismatch (ha-dns-config-error)

An HA DNS configuration does not match between partners.

1-6User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Handling SNMP Notification EventsWhen Cisco Network Registrar generates a notification, it transmits a single copy of the notification as an SNMP Trap PDU to each recipient. All events (and scopes or prefixes) share the list of recipients and other notification configuration data, and the server reads them when you initialize the notification.

You can set SNMP attributes in three ways:

For the DHCP server, which includes the traps to enable and the default free-address trap configuration if you are not specifically configuring traps for scopes or prefixes (or their templates).

On the scope or prefix (or its template) level by setting the free-address-config attribute.

For the DNS server, which includes a traps-enabled setting.

To use SNMP notifications, you must specify trap recipients that indicate where trap notifications should go. By default, all notifications are enabled, but you must explicitly define the recipients, otherwise no notifications can go out. The IP address you use is often localhost.

The DHCP server provides special trap configurations so that it can send notifications, especially about free addresses for DHCPv4 and DHCPv6. You can set the trap configuration name, mode, and percentages for the low threshold and high threshold. The mode determines how scopes aggregate their free-address levels.

DHCPv4 Notification

The DHCPv4 modes and thresholds are (see also the Handling Deactivated Scopes or Prefixes section):

scope modeCauses each scope to track its own free-address level independently (the default).

HA DNS partner not responding (ha-dns-partner-down)

An HA DNS partner stops responding to the DNS server.

HA DNS partner responding (ha-dns-partner-up)

An HA DNS partner responds after having been unresponsive.

DNS masters not responding (masters-not-responding)

Master DNS servers stop responding to the DNS server.

DNS masters responding (masters-responding)

Master DNS servers respond after having been unresponsive.

Other server not responding (other-server-down)

A DHCP failover partner, or a DNS or LDAP server, stops responding to the DHCP server.

Other server responding (other-server-up)

DHCP failover partner, or a DNS or LDAP server, responds after having been unresponsive.

DNS secondary zones expire (secondary-zone-expired)

A DNS secondary server can no longer claim authority for zone data when responding to queries during a zone transfer.

Server start (server-start) The DHCP or DNS server is started or reinitialized.

Server stop (server-stop) The DHCP or DNS server is stopped.

Table 1-1 SNMP Notification Events (continued)

Event Notification

1-7User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

network modeCauses all scopes set with this trap configuration (through the scope or scope template free-address-config attribute) to aggregate their free-address levels if the scopes share the same primary-subnet.

selection-tags modeCauses scopes to aggregate their free-address levels if they share a primary subnet and have a matching list of selection tag values.

low-thresholdFree-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for scopes is the following calculation:

100 * available-nonreserved-leases total-configured-leases

high-thresholdFree-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

DHCPv6 Notification

The DHCPv6 modes and thresholds are (see also the Handling Deactivated Scopes or Prefixes section):

prefix modeCauses each prefix to track its own free-address level independently.

link modeCauses all prefixes configured for the link to aggregate their own free-address levels if all prefixes share the same link.

v6-selection-tags modeCauses prefixes to aggregate their free-address levels if they share a link and have a matching list of selection tag values.

low-thresholdFree-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for prefixes is the following calculation:

100 * max-leases - dynamic-leases max-leases

high-thresholdFree-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

Handling Deactivated Scopes or Prefixes

A deactivated scope or prefix never aggregates its counters with other scopes or prefixes. For example, if you configure a prefix with link or v6-selection-tags trap mode, and then deactivate the prefix, its counters disappear from the total count on the aggregation. Any changes to the leases on the deactivated prefix do not apply to the aggregate totals.

Therefore, to detect clients for deactivated scopes or prefixes, you must set the event mode to scope or prefix, and not to any of the aggregate modes (network, selection-tags, link, or v6-selection-tags).

The use case for setting traps on deactivated prefixes, for example, is network renumbering. In this case, you might want to monitor both the new prefixes (as an aggregate, ensuring that you have enough space for all the clients) and old prefixes to ensure that their leases are freed up. You would probably also want to set the high threshold on an old prefix to 90% or 95%, so that you get a trap fired when most of its addresses are free.

1-8User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Local Basic or Advanced Web UI

Access the SNMP attributes for the DHCP server by choosing Manage Servers from Administration drop-down list, then the Local DHCP Server link on the Manage Servers page. The SNMP attributes are about two-thirds down the Edit DHCP Server page (see Figure 1-1).

Figure 1-1 SNMP Attributes on the Edit DHCP Server Page (Local)

The four lease-enabled values (free-address6-low, free-address6-high, duplicate-address6, duplicate-prefix6) pertain to DHCPv6 only. Along with the traps to enable, you can specify the default free-address trap configuration by name, which affects all scopes and prefixes or links not explicitly configured.

To add a trap configuration, do the following:

Step 1 Choose Traps from the DHCP menu to access the DHCP trap configurations in Advanced mode. The List Trap Configurations page appears.

Step 2 Enter the name, mode, and threshold percentages in the List Trap Configurations page, then click Add Trap Configuration.

To edit a trap configuration, do the following:

Step 1 Click the desired trap name on the List Trap Configurations page, and modify the name, mode, or threshold percentages on the Edit Trap Configuration page.

Step 2 Check the on check box for enabled attribute to enable the trap configuration.

To delete a trap configuration, click the Delete icon ( ) next to the name, then confirm or cancel the deletion.

Regional Basic or Advanced Web UI

In the regional web UI, you can add and edit trap configurations as in the local web UI. You can also pull replica trap configurations and push trap configurations to the local cluster on the List Trap Configurations page.

1-9User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Server Up/Down Traps

Every down trap must be followed by a corresponding up trap. However, this rule is not strictly applicable in the following scenarios:

1. If a failover partner or LDAP server or DNS server or HA DNS partner is down for a long time, down traps will be issued periodically. An up trap will be generated only when that server or partner returns to service.

2. If the DHCP or DNS server is reloaded or restarted, the prior state of the partner or related servers is not retained and duplicate down or up traps can result.

Note Other failover partner or LDAP server or DNS server or HA DNS partner up or down traps occur only to communicate with that partner or server, and therefore may not occur when the other partner or server goes down or returns to service.

CLI Commands

To set the trap values for the DHCP server at the local cluster, use dhcp set traps-enabled=value. You can also set the default-free-address-config attribute to the trap configuration. For example:

nrcmd> dhcp set traps-enabled=server-start,server-stop,free-address-low,free-address-high nrcmd> dhcp set default-free-address-config=v4-trap-config

Note If you do not define a default-free-address-config (or v6-default-free-address-config for IPv6), Cisco Network Registrar creates an internal, unlisted trap configuration named default-aggregation-addr-trap-config. Because of this, avoid using that name for a trap configuration you create.

To define trap configurations for DHCPv4 and DHCPv6, use addr-trap name create followed by the attribute=value pairs for the settings. For example:

nrcmd> addr-trap v4-trap-conf create mode=scope low-threshold=25% high-threshold=30% nrcmd> addr-trap v6-trap-conf create mode=prefix low-threshold=20% high-threshold=25%

1-10User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsSimple Network Management

Handling SNMP QueriesYou can use SNMP client applications to query the following MIBs:

CISCO-DNS-SERVER-MIB.my

CISCO-IETF-DHCP-SERVER-MIB.my

CISCO-IETF-DHCP-SERVER-EXT-MIB.my

CISCO-NETREG-DHCPV6-MIB.my (experimental)

When the SNMP server receives a query for an attribute defined in one of these MIBs, it returns a response PDU containing that attribute value. For example, using the NET-SNMP client application (available over the Internet), you can use one of these commands to obtain a count of the DHCPDISCOVER packets for a certain address:

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444.iso.org.dod.internet.private.enterprises.cisco.ciscoExperiment.ciscoIetfDhcpSrvMIB.ciscoIetfDhcpv4SrvMIBObjects.cDhcpv4Counters.cDhcpv4CountDiscovers

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers = Counter32: 0

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444 1.3.6.1.4.1.9.10.102.1.3.1

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers = Counter32: 0

Both commands return the same results. The first one queries the full MIB attribute name, while the second one queries its OID equivalent (which can be less error prone). As previously described, the OID equivalents of the MIB attributes are located in the relevant files at the following URL:

ftp://ftp.cisco.com/pub/mibs/oid/

For example, the CISCO-IETF-DHCP-SERVER-MIB.oid file includes the following OID definition that corresponds to the previous query example:

"cDhcpv4CountDiscovers" "1.3.6.1.4.1.9.10.102.1.3.1"

Here are some possible SNMP query error conditions:

The community string sent in the request PDU does not match what you configured.

The version in the request PDU is not the same as the supported version (SNMPv2).

If the object being queried does not have an instance in the server, the corresponding variable binding type field is set to SNMP_NOSUCHINSTANCE. With a GetNext, if there is no next attribute, the corresponding variable binding type field is set to SNMP_ENDOFMIBVIEW.

If no match occurs for the OID, the corresponding variable binding type field is set to SNMP_NOSUCHOBJECT. With a GetNext, it is set to SNMP_ENDOFMIBVIEW.

If there is a bad value returned by querying the attribute, the error status in the response PDU is set to SNMP_ERR_BAD_VALUE.

1-11User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 1 Cisco Network Registrar ComponentsDefault Ports for Cisco Network Registrar Services

Default Ports for Cisco Network Registrar ServicesTable 1-2 lists the default ports used for the Cisco Network Registrar services.

Table 1-2 Default Ports for Cisco Network Registrar Services

PortNumber Protocol Service

22 TCP SSH remote login (RIC server to router)

23 TCP Telnet (RIC server to router)

53 TCP/UDP DNS

67 UDP DHCP client to server

67 TCP Bulk or Active leasequery client to DHCP server

68 UDP DHCP server to client

69 UDP TFTP (optional) client to server

162 TCP SNMP traps server to server

389 TCP DHCP server to LDAP server

546 UDP DHCPv6 server to client

547 UDP DHCPv6 client to server

647 UDP DHCP failover server to server

653 TCP High-Availability (HA) DNS server to server

1234 TCP Local cluster CCM server to server

1244 TCP Regional cluster CCM server to server

4444 TCP SNMP client to server

5480 HTTPS Virtual Appliance

8080 HTTP Local cluster client to CCM server

8090 HTTP Regional cluster client to CCM server

8443 HTTPS Local cluster secure client to CCM server

8453 HTTPS Regional cluster secure client to CCM server

1-12User Guide for Cisco Network Registrar, 7.2

OL-20606-01

OL-20606-01

C H A P T E R 2

Cisco Network Registrar User Interfaces

Cisco Network Registrar provides a regional and a local web-based user interface (web UI) and a regional and local command line interface (CLI) to manage the DNS, DHCP, TFTP, and Central Configuration Management (CCM) servers:

Web UI for the regional cluster to access local cluster serversSee the Regional Cluster Web UI section on page 2-11).

Web UI for the local clusterSee the Local Cluster Web UI section on page 2-7).

CLI for the local clustersOpen the CLIContent.html file in the installation /docs directory (see the Command Line Interface section on page 2-12).

CCM servers that provide the infrastructure to support these interfacesSee the Central Configuration Management Server section on page 2-13).

This chapter describes the Cisco Network Registrar user interfaces and the services that the CCM servers provide. Read this chapter before starting to configure the Cisco Network Registrar servers so that you become familiar with each user interface capability.

Introduction to the Web-Based User InterfacesThe web UI provides granular access to configuration data through user roles and constraints. The web UI granularity is described in the following sections.

See Also

Supported Web Browsers, page 2-2Access Security, page 2-2Logging In to the Web UIs, page 2-2Multiple Users, page 2-4Changing Passwords, page 2-4Navigating the Web UIs, page 2-4Waiting for Page Resolution Before Proceeding, page 2-5Committing Changes in the Web UIs, page 2-5Role and Attribute Visibility Settings, page 2-5Displaying and Modifying Attributes, page 2-5Help Pages, page 2-7Logging Out, page 2-7

2-1User Guide for Cisco Network Registrar, 7.2

Part 1: Getting Started Chapter 2 Cisco Network Registrar User InterfacesIntroduction to the Web-Based User Interfaces

Supported Web BrowsersThe minimum web browsers supported in Cisco Network Registrar are Internet Explorer 5.5 and Netscape 6.2. It will also support Internet Explorer 7.1 and 8.0, and Firefox 3.0 and 3.5.

Access SecurityAt Cisco Network Registrar installation, you can choose to configure HTTPS to support secure client access to the web UIs. You must specify the HTTPS port number and provide the keystore at that time. With HTTPS security in effect, the web UI Login page (see Figure 2-1 on page 2-3) indicates that the Page is SSL1 Secure.

Note Do not use a dollar sign ($) symbol as part of a keystore password.

Logging In to the Web UIsYou can log in to the Cisco Network Registrar local or regional cluster web UIs either by HTTPS secure or HTTP nonsecure login. After installing Cisco Network Registrar, open one of the supported web browsers and specify the login location URL in the browser address or netsite field. Login is convenient and provides some memory features to increase login speed.

You can log in using a nonsecure login in two ways:

On Windows, from the Start menu, choose Start > Programs > Cisco Network Registrar 7.2 > Cisco Network Registrar 7.2 {local | regional} Web UI. This opens the local or regional cluster web UI from your default web browser.

Open the web browser and go to the web site. For example, if default ports were used during the installation, the URLs would be http://hostname:8080 for the local cluster web UI, and http://hostname:8090 for the regional cluster web UI.

This opens the New Product Installation page if no valid license is added at the time of installation. You have to browse and add the valid license. If the license key is acceptable, the Add Superuser Administrator page is displayed. Enter the Name and Password and click Add. The password is case sensitive (See the Managing Passwords section on page 5-7). If you already added the valid license and superuser and configured a password at the time of installation, then you can login to the web UI using that username and password.

Note There is no default username or password for login.

With a conventional login, the page indicates Page is not secure (see Figure 2-1 on page 2-3); with an SSL-secured login, the page indicates Page is SSL Secure.

Note To prepare for an HTTPS-secured login, see the Installation Guide for Cisco Network Registrar.

1. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

2-2User Guide for Cisco Network Registrar, 7.2

OL-20606-01

http://www.openssl.org/http://www.openssl.org/

Part 1: Getting Started Chapter 2 Cisco Network Registrar User InterfacesIntroduction to the Web-Based User Interfaces

Figure 2-1 Web UI Login Page

Depending on how your browser is set up, you might be able to abbreviate the account name or choose it from a drop-down list while setting the username.

To log in, click Login.

Adding License

Cisco will e-mail you one or more license files after you register the Cisco Network Registrar Product Authorization Key (PAK) on the web according to the Software License Claim Certificate shipped with the product. Cisco administers licenses through a FLEXlm system. Once you have the file or files:

1. Locate the license file or files in a directory (or on the desktop) that is easy to find.

2. On the Add Product License page, browse for each file by clicking the Browse button.

3. In the Choose file window, find the location of the initial license file, then click Open.

4. If the license key is acceptable, the Add Superuser Administrator page appears immediately.

5. To add further licenses, click Administration, then Licenses to open the List/Add Product License page. Click Browse to open the Choose file window, locate the additional license file, then click Open. If the key in the file is acceptable, the key, type, count, and expiration date appear, along with whether it is an evaluation key. If the key is not acceptable, the page shows the license text along with an error message. For the list of license types, see the Licensing section on page 5-20.

Under the table of licenses is a License Utilization area that, when expanded, shows the license types along with the total nodes that you can use and those actually used.

To reenter a previously active session, click Reuse current session (assuming that you did not remove cookies in the web browser).

Tip If you log back in to a previously active session without clicking Reuse current session, you could have two active sessions open, which can cause failures. For example, if your active session was the first one after an installation, when you enter the license key, you are prompted for it again indefinitely. To avoid this, click Reuse current session, or close and reopen the browser to initiate a new session.

2-3User Guide for Cisco Network Registrar, 7.2

OL-20606-01

Part 1: Getting Started Chapter 2 Cisco Network Registrar User InterfacesIntroduction to the Web-Based User Interfaces

Multiple UsersThe Cisco Network Registrar user interfaces support multiple, concurrent users. If two users try to access the same object record or data, a Modified object error will occur for the second user. If you receive this error while editing user data, do the following:

In the web UICancel the edits and refresh the list. Changes made by the first user will be reflected in the list. Redo the edits, if necessary.

In the CLIUse the session cache refresh command to clear the current edits, before viewing the changes and making further edits. Make changes, if you feel that it is necessary even after the other users changes.

Changing PasswordsWhenever you edit a password on a web UI page, it is displayed as a string of eight dots. The actual password value is never sent to the web browser. So, if you change the password, the field is automatically cleared. You must enter the new password value completely, exactly as you want it to be.

Note The password should not be more than 255 characters long.

For details on changing administrator passwords at the local and regional cluster, see the Managing Passwords section on page 5-7.

Navigating the Web UIsThe web UI provides a hierarchy of pages based on the functionality you desire and the thread you are following as part of your administration tasks. The page hierarchy prevents you from getting lost easily.

Caution Do not use the Back button of the browser. Always use the navigation bar menu, or the Cancel button on the page to return to a previous page. Using the browser Back button can cause erratic failures.

A single sign-on feature is available to connect between the regional and local cluster web UIs. Many of the regional cluster web UI pages include the Go Local icon ( ), which you can click to connect to the local cluster associated with the icon. If you have single sign-on privileges to the local cluster, the connection takes you to the related local server management page (or a related page for related server configurations). If you do not have these privileges, the connection takes you to the login page for the local cluster. To return to the regional cluster, local cluster pages have the Go Regional icon ( ) at the top right corner of