Contents |
While configuring Network Configuration Manager for usage in your network, you can perform certain administrative operations. The operations are classified under below categories.
The following operations have been classified as 'Basic Settings':
Network Configuration Manager uses TFTP server to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.
To specify a particular interface,
Go to "Settings" >> "General Settings">> "Server Settings" >> "TFTP Server".
Select the required IP from the drop-down. Click "Save".
To give effect to this change, you need to restart Network Configuration Manager server.
Network Configuration Manager provides the option to use SCP to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.
To specify a particular interface,
Go to "Settings" >> "General Settings" >> "Server Settings" >> "SCP Server".
Select the required IP from the drop-down. Click "Save".
To give effect to this change, you need to restart Network Configuration Manager server.
By default, Network Configuration Manager binds its syslog listener to port 514. In case, your machine is multi-homed and if you want to run some other application with a syslog server in the same machine, you can bind the Network Configuration Manager syslog server to a specific interface leaving the other interface(s) for use by other application(s).
To specify a particular interface,
Go to "Settings" >> "General Settings" >> "Server Settings" >> "Syslog Server".
To give effect to this change, you need to restart Network Configuration Manager server.
Rebranding option helps you replace Network Configuration Manager logo that is displayed in the web client as well as in the reports, with your company's logo. You can also change the product name if needed.
To replace NCM logo and product in the web client and reports, follow the steps given below:
"Settings" >> "General Settings" >> "Rebranding".
Enter the Product Name that you want to display in the Reports.
Browse and import the Image to replace the NCM logo that is displayed in the web client and reports.
Once done with the above changes, restart OpManager.
Upon detecting changes in configuration, Network Configuration Manager provides the option to generate trouble tickets to your Help Desk. You can set your Help Desk email ID here.
Go to "Settings" >> "Global Settings" >> "Trouble Ticket Settings"
Enter Help Desk email ID and click "Save" to give effect to the settings.
SNMP v2 traps could be sent to a specific host upon detecting a configuration change. Settings could be done for that purpose here.
To send SNMP trap to the desired host (based on the change management condition specified through change management rule),
Go to "Settings" >> "Global Settings" >> "SNMP Trap"
Enter hostname or IP address of the recipient. Also, enter SNMP port and community. Default values 162 for port and public for community.
Click "Save".
User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators. Operator do not have this privilege.
Administrators can create as many users as required and define appropriate roles for the user. From Settings >> User Management, administrators can
View all the existing users
Create new users
Change the access level, device list of existing users
Delete an existing user
To view the existing list of users
Note: The default login name and password for fresh Network Configuration Manager installation is 'admin' and 'admin' respectively. The default email ID has been configured as admin@manageengine.com. After logging in to the Network Configuration Manager, change the email ID for admin user. Otherwise, when you invoke 'forgot password' email would be sent to admin@manageengine.com. |
Go to Settings >> User Management. Click "Add"
Define the "Access Level" (role) for the new user - Administrator/Operator; Users falling under "Administrator" category shall have unlimited privilege and access over all functionalities of Network Configuration Manager. On the other hand, the users falling under operator category will have very restricted access.
Provide the user's email ID. This email ID will be used in the 'Forgot Password' feature to intimate the password to the user when the user invokes 'Forgot Password'. While invoking 'Forgot Password' link in the login UI of Network Configuration Manager, the users will have to provide the username and the email ID. Network Configuration Manager will reset the password of the user and it would be mailed to the user's ID
Enter "password"; the password should be at least 5 characters long
Confirm the new password
Select the required time zone and click on next
Now select the devices/ device groups to be assigned to the user
Click "Save". new user account has been created
Go to Settings >> User Management.
In the UI that opens, click on the user account to be edited.
Change the access level and device list of the user as desired and Click "Update"
Go to Settings >> User Management.
In the UI that opens, click the delete icon present against the respective username. The user will be removed from Network Configuration Manager once and for all.
The following table explains the privileges associated with each access level for performing various device configuration operations:
Access Level |
Configuration & Other Operations |
|||||
---|---|---|---|---|---|---|
Device Addition |
Upload (Pushing configuration into the device) |
Authority for approving various requests |
Compliance |
Admin Operations |
User Management |
|
Administrator |
|
|
||||
Operator |
|
You can make Network Configuration Manager work with RADIUS server in your environment. You can also leverage the RADIUS authentication for user access bypassing the local authentication provided by Network Configuration Manager. This section explains the configurations involved in integrating RADIUS server with Network Configuration Manager.
To configure RADIUS server in Network Configuration Manager, provide the following basic details about RADIUS server and credentials to establish connection:
Go to "Setting" >> "User Management" tab and click "RADIUS Server Settings"
In the UI that opens, provide the following details:
Server Name/IP Address - enter the host name or IP address of the host where RADIUS server is running
Server Authentication Port - enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS Authentication
Server Protocol - select the protocol that is used to authenticate users. Choose from four protocols - Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge-Handshake Authentication Protocol (MSCHAP), Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)
Server Secret - enter the RADIUS secret used by the server for authentication
Authentication Retries - select the number of times you wish to retry authentication in the event of an authentication failure
Click "Save".
Devices can be added to the inventory in three ways:
Discovery can be initiated only for the SNMP-enabled devices. So, ensure that your devices are SNMP-enabled before trying discovery.
The SNMP-enabled devices available in the network can be discovered and added to the Network Configuration Manager inventory. You can discover a specific device, devices present in a specific IP range and even multiple devices.
Go to Settings >> Discovery
The discovery wizard provides the option for discovering the devices with specific IP addresses or devices falling under a specific IP range and multiple devices whose details are present in a file. Based on your need for discovery, choose any one of the options for "Discover Devices by".
Create SNMP profile to specify SNMP credentials,
v1 |
v2 |
v3 |
Enter the SNMP port, read community (mandatory). Also specify write community. |
Enter the SNMP port, read community (mandatory). Specify write community. |
Enter the SNMP port User Name: Enter the name of the user (principal) on behalf of whom the message is being exchanged. Context Name: An SNMP context name or "context" in short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts. In other words, if a management information has been defined under certain context by an SNMPv3 entity, any management application can access that information by giving that context name. The "context name" is an octet string, which has at least one management information. Authentication Protocol & Password: Select any of the authentication protocols either MD5 or SHA and enter the password. MD5 and SHA are processes which are used for generating authentication/privacy keys in SNMPv3 applications. Encryption: Select any of the encryption protocols either DES or EAS-128 and enter the password. Note: Only after configuring Authentication it is possible to configure Encryption. |
To initiate discovery, click the OK button. The wizard will discover the desired device(s) and add them to the inventory. You will find the new device(s) in the inventory list.
You can even create multiple profiles and Network Configuration Manager would use all of them for discovery.
To add, edit or delete any profile, go to Settings>>Device Management>>Credential Profile
Format for entries to discover multiple devices from flat filesYou can even discover multiple devices by simply loading a file containing the device details. Entries in the file need to be in a specific format as detailed below.
For example, typical entries in the file would be something like the ones below: 192.168.111.2 cisco1710 |
After starting discovery of devices, you can track the status of discovery on real time basis. You can find the progress of discovery (that is percentage of completion) and finally the result - whether the device/devices was/were discovered successfully and added to the inventory. In case of failure of discovery process, the probable reason for the failure is also reported.
Apart from viewing the status of discovery of a particular attempt on real-time basis, you can even view historical information pertaining to all device discovery attempts made so far and their respective status / result by clicking the link "Discovery Reports".
You can add new devices through Manual Addition also. To add a device manually,
Go to "Settings" >> "Discovery" and click on "IP / Host Name"
The device can be added by providing hostname/IP address of the device to be added, the device vendor, type, series & model from the drop-down and click "Add"
You will see the progress of device addition in the UI and once the device gets added, you will be prompted to enter credentials for the same
Network Configuration Manager provides the option to import devices from a text file and add them to the inventory. To import devices from a text file, Network Configuration Manager requires that the entries in the file conform to a specific format.
Ensure that the entries in the file are in the following format: (column names should be in the same order as shown in the format below with each name separated by a comma):
Format : <Hostname or IP Address>,<Device Template Name>,<Series>,<Model>
Example: catalyst2900,Cisco IOS Switch,2900,2924
192.168.111.11,Cisco IOS Router,800,805
192.168.111.22,Force10 E-Series Switch,E600
procurve2524,HP Procurve Switch
To import devices from a text file,
Go to "Inventory >> Click on '+' symbol" and click "Import Devices from text file", click "browse" and locate the file and "Import"
Check the inventory and see if the device has been added
Configlets offered by Network Configuration Manager are of two types.
The following table provides information about the each type of configlet and when to use them:
TFTP Mode |
Simple Script Execution |
Advanced Script Execution |
TFTP mode is for uploading a partial configuration change to a device/devices through TFTP.
Example:
In all the above case, TFTP mode of configuration upload could be used. In general, for carrying out changes to existing configuration, this mode could be used.
For other cases like executing a command on device, Script execution mode has to be used.
|
To execute a single command on the CLI console.
Example: Synchronizing Running & Startup Configurations. Through a single line in the script containing the command
Other Examples:
|
To execute a series of inter-connected commands on a device in command line. After the execution of one command, some input has to be provided before the next command is invoked. In such a situation, advanced scripting would be useful.
When the execution of a command changes the prompt of the device or takes too much of time to execute or requires fine-grained control to track the flow, advanced script execution has to be used.
Example: Backing up your current IOS image to a TFTP server. To do this, the following sequence would be used:
The above sequence of command execution could be transformed into an advanced script as below:
<command prompt=']?'>copy flash:/%SOURCE_FILE_NAME% tftp</command> <command prompt=']?'>%TFTP_SERVER_IP%</command> <command timeout='70'>%DESTINATION_FILE_NAME%</command>
Other Examples: |
To know more on Configlets and how to use them, please refer to Automation using Configlets & Scripts.
The following operations have been classified as 'Device Management' Operations
Refer to the section 'Scheduling Tasks'
Refer to the page 'Configuration change management' for more information on this.
You can perform various actions on the device such as enabling real-time configuration change detection, executing various 'show' commands on the device, edit device properties, edit credentials and launching telnet connection with the device.
To execute show commands, go to "Settings">>"Device Management">>"Show Command" .
You can execute 'show' commands such as 'Show Version', 'Show Interfaces', "Show Tech Support", "Show Access Lists", "Show Logging", "Show IP Traffic" and "Show Buffers" on specific devices from the inventory tab. Network Configuration Manager executes the command and displays the result.
Enter the name of the command.
Provide the required commands and select the vendor.
Click on 'Save'. The newly created command gets listed under show commands tab.
To execute 'show' commands,
Go to "Inventory >> Devices" and click the hostname of the particular device on which the show command is to be executed.
Note: If you want to execute show commands on multiple devices at one go, make use of the script execution in configuration templates. |
For any version of configuration, you can associate a label - that is, a unique tag. As configuration versions keep on changing, you will have difficulty in remembering the version number of a particular good configuration. To avoid that, you can associate the version with a label for easy identification. You can associate labels directly for the current configuration of any device. Labels can be associated with any other desired version also.
You can create any number of labels and use them whenever needed - that is, associate them with desired configuration versions.
To create labels,
Go to "Settings">>"Device Management">>"Label Management"
In the UI that opens, click "Add". Provide a name for the label and in the text field for "Description" provide details for future reference [to remember and identify the label] and click "Save".
The new label has been created; the name of the label will be listed in UI; it will be listed in all the drop-downs that are related to associating a label.
The current startup and running configuration of any device or group of devices can be labeled with a unique tag. This labelling comes in handy when you want to revert to that particular configuration version. This tagging would also be useful for reverting to a previous good version in the event of a disaster.
To put a label to a current configuration of a device or a group of devices,
Go to Inventory >> "Devices" and select the devices whose current configurations are to be labeled.
Click the button "More Actions" >> "Label Configuration".
In the UI that opens, you can select a label from the available labels OR you can create a new label. In the text field for "Description" provide details for future reference [to remember and identify the label] and click "Update"
Note: You can label the current configurations of devices belonging to a device group from the "Devices" >> "Device Group" >> 'Name of the device group' >> "More Actions" >> "Label Current Configuration".
You can associate labels to any desired configuration version. To associate label for a specific version of a particular device, go to Inventory >> "Devices" >> go to the "Device Details" page by clicking the name of the device. Go to"configs", then click on the "Version" against Startup/Running as required
In the UI that opens up, click on 'Versions' tab from the drop-down; Select "Associate Label" from the more action icon and follow the steps detailed above.
If you want to specify certain additional information about your devices, you can add custom columns. For instance, you can depict information about the department to which a particular device belongs as a custom column. The column-value pair specified here appears in Inventory>>Device>>"+"
Refer to the section 'Compliance' to know more about Compliance management in NCM.
The list of the configuration upload requests made by the Operators and the status of approval by 'Administrators' or 'Power Users' are shown here.
Go to "Change Management".
In the UI that opens, the following details will be displayed.
Pending Requests - Showing the list of all requests that are pending approval
Approved Requests - Showing the list of all requests that were approved by 'Administrators' or 'Power Users'
Rejected Requests - Showing the list of all requests that were rejected by 'Administrators' or 'Power Users'' along with the reason for rejection
Refer to the section 'Configuration Review'.
Option to Exclude Specific Lines/Text
While generating configuration difference between anytwo versions, there might be requirements to exclude certain specific lines or text. For example, lines containing Cryptochecksum information, speed token, NTP clock-period should be ignored while taking the difference. While Network Configuration Manager itself takes care of excluding information like the ones above, users can specify exclude criteria based on specific needs. Once the criteria is specified, Network Configuration Manager will exclude the lines matching the specified criteria for all devices belonging to the device template for which the exclude criteria is created.
You may make use of Regular Expressions while specifying the Exclude Criteria. For instance, if you wish to exclude the lines containing the text "logging" followed by an IP address, you may specify the criteria as logging.*
To specify the exclusion criteria,
Go to
In the UI that opens up, click "Add" at the top right.
Select the required device template in the drop-down and Specify the criteria to be excluded.
Click on 'Save'
Once you do this, the specified criteria will be enforced for the selected devices and the lines matching the criteria will be ignored while taking configuration difference. Similarly You can also delete a particular 'Exclude Criteria' by selecting delete 'Exclude Criteria'.
When you require support for new device models in Network Configuration Manager, the sysObjectID of the new device is needed for supporting discovery of the device. To enable you to find the sysObjectID, Network Configuration Manager provides the tool sysObjectID Finder.
To find the sysObjectID,
Go to "Settings">>"Device Management">>"SysObjectID Finder"
In the UI that opens, provide the Hostname/IP of the device whose sysObjectID has to be found
Set a 'timeout' value and 'retry count' for the sysObjectID finding operation
sysObjectID and sysDescr of the device are returned
In typical production environments, Network Configuration Manager would deal with a huge amount of data related to device configuration. Audit logs on who performed what operation and when, also gets piled up in the database. Over a period of time, it becomes too huge a size. If you want to remove unwanted data, you can do periodic database cleanup.
You can perform two types of cleanup operations:
Device Audit cleanup
Configuration History Cleanup
Go to "Settings">>"Global Settings">>"Database Administration" .
In the UI that opens up, select the checkbox below 'Delete Device audit records older than'. The audit logs generated prior to a specified number of days could be deleted. For example, if you choose '10 days', all audit logs older than 10 days will be deleted. Also, at any point of time, the audit logs of the recent 10 days alone would be maintained. You can select the days in the range of 10,20,30,60,90 and 120 from the drop-down
Click 'Save'
Go to "Settings">>"Global Settings">>"Database Administration"
In the UI that opens up, select the checkbox below "Maintain latest version" or 'Delete Configuration Older than'. You can specify the maximum number of configuration versions that are to be kept in the database for each device and each configuration type. For example, if you choose to keep 10 versions in the history, only the most recent 10 versions would be kept in the history. This applies independently for each configuration type - that is, latest 10 versions in startup and 10 versions in running would be kept in the history. You can select the number in the range of 10,20,30,40,50 and 100 from the drop-down. Similarly you can delete configurations based on number of days. For example, if you choose '10 days', all configurations older than 10 days will be deleted. Also, at any point of time, the configurations of the recent 10 days alone would be maintained. You can select the days in the range of 10,20,30,60,90 and 120 from the drop-down.
Click 'Save'.
Important Note: While removing older versions, as per the number set by you, the following rule would be applied. While removing the versions, BASELINE version and those versions above it will not be removed. For example, if you want to keep only the latest 10 configuration versions in the history and if there are say 15 versions at present, Network Configuration Manager will start removing the versions 1,2,3,4 & 5. While doing so, if, say version 3 has been labelled as BASELINE, Network Configuration Manager will immediately stop the deletion process. Versions 1 and 2 alone would be removed. All versions from 3 to 15 would be left undisturbed even though you have preferred to keep only 10 versions in the history. |
Refer to the section 'Disaster Recovery'
Users having an account with the Network Configuration Manager, can change their own password.
For Users with Administrative Privileges
Users having admin privileges can change their login password through the 'Client settings' functionality of "Settings" Tab.
To Change Login Password
Go to Quick links (present at the top right)>> Change Password
Enter details such as old password, new password, confirm the password, and click "Save"
For non-SNMP devices, the syslocation and description doesn't get updated during discovery. In such cases, Network Configuration Manager helps you to update system location & description in bulk after device discovery
Go to "Settings" >> "Device Management" >> "Syslocation & Description" .
Choose the devices/ device groups for which the Syslocation has to be updated.
Click on "Update".
OpManager is available in English, Spanish, Chinese Simplified, Japanese, French, German, Korean and Italian languages. The following are the steps to change OpManager from one language to other supported language.
You can find the support tab in the right corner on the UI
Go to Support >> "DB Query".
In the console, enter the query to be executed [only 'select' 'delete' and 'update' queries are supported].
Remember the following when executing a query,
Table names and table columns are case-sensitive.
For SELECT queries, set the row limit between 1 and 500. Default row limit is 10.
Warning! You are directly accessing the database at your own risk. Any update or delete operations will result in loss of data. |