Alcatel-Lucent OmniVista Cirrus

Network Management as a Service

Rules

The Provisioning Rules Screen displays information about currently-configured Provisioning Rules, and is used to create, edit, and delete Provisioning Rules. You can create Rules for specific switches (by serial number or MAC Address) or by switch model (e.g., OS6350-P10). If a switch matches a Rule (e.g., matching serial number, matching switch model), the Management and Configuration Templates in the Rule are pushed to the switch. When the configuration process is complete on the switch, the switch is displayed in the Managed Devices List and can be managed by OmniVista. The screen is also used to configure the view/configure the Default Management Users Template, and the Configuration and Management Templates.

Important Note: There are switch configuration steps that must be completed to enable provisioning on a switch. See the Provisioning Overview Online Help for an overview of the application, including switch setup, configuration workflow, and troubleshooting.

Creating a Provisioning Rule

Click on the Add icon at the top of the Rules List. Complete the fields as described below. Click on the Finish icon (checkmark) at the top of the Rules List when you are finished, then click OK at the Confirmation Prompt.

Note: You can create a Rule for a specific switch (Serial Number/MAC Address) or a switch model (e.g., OS6860-P48). A Rule can have Serial Number/MAC or Model Name but not both. Also note that if there is one Rule with a Serial Number and another Rule with MAC Address both pertaining to the same device, the Serial Number Rule will be used.

  • Serial Number/MAC - Enter either the switch serial number or MAC Address. This will match the Rule to a specific switch by serial number or MAC Address. See note below for more information on Serial Number Rules.
  • Switch Model - Enter a specific switch model name (e.g., OS6350-P10, OS6860-P48, OS6900-Q32-F). This will match the Rule to any switch matching the specified switch model. You must enter the specific model name (e.g., OS6860-P48). If you do not include a specific model (e.g., OS6860), the rule will not match any switch model. Note that you can enter an "abbreviated" version of the switch model without hyphens or "OS" (e.g., 6860P48 or OS6860P48 or 6860-P48), but you must include the specific model (e.g., P48). Also note that you can only have one (1) Rule per switch model (e.g., one Rule for OS6860-P24, one Rule for OS6860-P48). Click here for a complete list of supported switch models.
  • Switch Config Template - Select a Configuration Template from the drop-down menu; or click on Add New to create a new Configuration Template. This Configuration Template will be pushed to any switch matching the Rule. Note that you do not have to include a Configuration Template in the Rule. For example, you may want to onboard a switch with an existing configuration but do not want to modify that configuration. If you include a Configuration Template, the configuration in the Configuration Template will be appended to the existing configuration file on the switch.
  • Value Mapping - If you create a dynamic Configuration Template, you must create Value Mappings for the variables in the template. Mapping Variables are explained below.
  • Mgmt Users Template - Select a Management Template from the drop-down menu; or click on Add New to create new Management Template. By default, the Default Management Users Template is pushed to the switch unless you select a different Management Template.
  • Save and Certify - Save the configuration to the Certified Directory.

Note: Switch Model Rules can save time since they allow you to apply a configuration to a large number of switches at once. However, you may want to create a Switch Model Rule for a large number of switches, but want to have a different Rule for some of those switches. In this case, after creating the Switch Model Rule, create a Serial Number Rule for those "different" switches. The Serial Number Rule will take precedence over the Switch Model Rule for those switches.

Creating a Configuration Template

To create a Configuration Template for a Rule, go to the "Switch Config Template" column in the Rules Table, click on the drop-down arrow and select Add New to bring up the Edit Switch Config Template Screen. Click on the "Start From Scratch" tab to create a Configuration Template from scratch; or click on the "Select a Template" tab to select and edit an existing template and save it as a new one. When you are done, click on the Save as New Template button.

Note: Instructions for configuring a Static IP address for a specific switch (using a Serial Number Rule or MAC Address Rule) are displayed when you bring up the Configuration Template. Follow the instructions if you want to configure a Static IP Address in the template. The instructions are commented out. You can delete them or just configure the template below them. Note that configuring a Static IP address from a Configuration Template is not supported for Thin Switch Rules, so the instructions provided do not apply to Thin Switch Rules.

Note: You cannot configure a Static IP address that is assigned to a device in the Managed Devices List. You must first delete that device from the Managed Devices List before using that IP address. If a device serial number (or a device with same IP address) already exists in the Managed Devices List, it must first be deleted from the Managed Devices List before it can be onboarded again.

The Configuration Template is created using CLI syntax. A Configuration Template is a set of commands that are read by the switch on reloading. A template can be static or dynamic. A Static Template (see sample below) is a template without variables. It is useful for deployments where all switches can work with exactly the same configurations. The IP address is typically given by a DHCP server in such a deployment.

Note: Certain commands that are handled by the Configuration Manager in AOS cannot be included in a Configuration Template (e.g., user admin password, write memory, configuration apply). If these commands are included in a Configuration Template, provisioning will fail. If provisioning fails for any reason, go to the Results Screen and check the "Last Provision Message" column for more information. You can also view the Resource Manager Client Service Log in the Audit application (Administration - Audit) for more details. Click on the "Configuration" link on the left-hand side of the screen, then select "resource-manager-client-service". If the Configuration Template is the problem, make any necessary updates to the Configuration Template, and save it. The next time the switch contacts the OmniVista Server, provisioning should be successful.

A Dynamic Template (see sample below) is a template with variables. It allows you to reuse the same Configuration Template even though different switches might need different values for some configurations. For example, different branches of an enterprise might use a different subnet range or VLAN.

Note: Special characters cannot be used when creating mapping variables (e.g., @ # +). OmniVista will ignore special characters. For example, "$test" is a correct mapping variable format. "$test@#+" will also be read as "$test" by OmniVista. Also note that mapping variables cannot have spaces. If required, multi-word variables must be separated by an underscore (e.g., $test_1, not $test 1 or $test-1).

Configuring Value Mapping

A Dynamic Template requires value mapping for the variables in the template. Value Mapping is configured using the Value Mapping field in the Rules List. If the Configuration Template you selected contains variables, the Value Mapping field for the Rule will be activated. If you have already created a Value Mapping Template that you want to associate with the Dynamic Template, select it from the Value Mapping drop-down (e.g., Mapping 1).

To create a new Mapping Template, click on Add New to bring up the Edit Value Mapping Template window. The variables for the Dynamic Configuration Template are displayed at the top of the window (the Dynamic Template is shown at the bottom of the window). Enter values for each of the variables and click on the Save As New Value Mapping button. You can then select that Mapping Template from the Value Mapping drop-down.

Note: If you configure Management Users in the Configuration Template, OmniVista will use the Management User credentials defined in the Management Users Template to manage the switch.

Editing a Configuration Template

To edit an existing Configuration Template for a Rule, click on the Edit icon next to the template in the "Switch Config Template" column of the Rule. The Template Details Screen will appear displaying the current template configuration. Edit the configuration, then click on the Save button.

This change will not affect any switches that have previously matched the Rule and been successfully provisioned. The updated template will only be applied to subsequent switches connected to the network that match the Rule.

Configuring the Default Management Template

The Default Management Users Template is included in every Rule by default. You can edit the pre-configured default template and create and save custom Management Templates to include in a Rule. To edit the default template, click on the Default Mgmt Users Template button to bring up the Default Mgmt Users Template Screen. Complete the fields as described below and click on OK.

SNMP Settings

Configure the basic SNMP settings as described below.

  • SNMP Version - The SNMP version that OmniVista will use to communicate with the switch. The default version for AOS devices is v2, but v3 is also supported.
  • Auth & Priv Protocol (SNMP v3 Only) - The authentication protocol OmniVista will use for SNMP communication with the switch. Authentication uses a secret key to produce a "fingerprint" of the message. The fingerprint is included within the message. The device that receives the message uses the same secret key to validate that the fingerprint is correct. If it is, and if the message was received in a timely manner, then the message is considered authenticated. Otherwise, the message is discarded. The fingerprint is called a Message Authentication Code, or MAC.
  • Timeout - The time period, in milliseconds, that OmniVista will wait for a switch to respond to a connection request before assuming that the request has timed-out (Default = 5,000)
  • Retry Count - The number of times that OmniVista will attempt to connect to a switch (Default = 3).

SNMP User Setup

Configure the SNMP User Credentials for the switch as described below. These are the credentials that OmniVista will use to log into and manage the switch. You can create new SNMP User Credentials to access the switch, or used existing SNMP User Credential switch credentials to access the switch.

  • Create new credentials - Select this radio button and complete the fields as described below to create new SNMP User credentials on the switch. OmniVista will then use these to connect to and manage the switch. This option is recommended for new, "out of the box" switches. If you also select "Use the same credential as SNMP User Setup" in the Other Access Methods section below, OmniVista will log into the switch with the default "admin/switch" login credentials, and then then create a new user based on the username and password you configure.
  • Use existing credentials - Select this radio button and complete the fields as described below to retain the switch's existing SNMP User configuration. If you select this option, OmniVista will communicate with the switch using these credentials (OmniVista will expect that these credentials exist on the switch).
    • Username - The SNMP Username that OmniVista will use to connect to the switch. If you are creating new credentials, this is the new username that OmniVista will use to connect to the switch. If you are using existing credentials, this username must match the existing username on the switch.
    • Auth Password - The SNMP password that OmniVista will use to connect to the switch. If you are creating new credentials, this is the new password that OmniVista will use to connect to the switch. OmniVista auto-generates a password. You can change that password now, or later using OmniVista. If you are using existing credentials, this password must the existing password on the switch.
    • Confirm Auth Password - If you have changed the password (either for a new username/password or to match an existing switch password), re-enter the Auth Password.
    • SNMP Role - Select the SNMP Role OmniVista Cirrus will have for device management - Read Only or Read/Write (Default).

Other Access Methods

Configure the CLI/FTP Credentials for the switch as described below.

  • Use the Same Credential as SNMP User Setup - Use the CLI/FTP Username/Password and Role configured on the switch to access the switch. This option is recommended for new, "out of the box" switches. If this option is selected, OmniVista will log into the switch with the default "admin/switch" login credentials. If you also select "Create New Credentials" in the "SNMP User Setup" section, once OmniVista successfully logs into the switch, OmniVista will create a new username and password for the switch based on the username/password configured in the SNMP User Setup section above.
  • Create New Credentials - Configure the CLI/FTP Username/Password and Role for CLI/FTP access to the switch.
    • CLI/FTP User Name - The user name that OmniVista will use to establish CLI/FTP sessions with the switch. The user name specified will be used to auto-login to devices when CLI sessions are established. It will also be used to perform FTP with the device when configuration files are saved and restored (see note below).
    • CLI/FTP Password - The password that OmniVista will use to establish CLI/FTP sessions with the switch. The user name specified will be used to auto-login to devices when CLI sessions are established. It will also be used to perform FTP with the switch when configuration files are saved and restored.
    • Confirm CLI/FTP Password - Confirm the CLI/FTP Password.
    • CLI/FTP Role - Select the SNMP Role OmniVista Cirrus will have for device management - Read Only or Read/Write (Default).
  • Use Existing Credentials - Use the existing CLI/FTP Username/Password and Role currently configured on the switch for CLI/FTP access. Enter the CLI/FTP Username/Password. OmniVista will expect that these credentials exist on the switch. If they do not, the switch will fail during provisioning with an error message displayed on the Results page.

Note: If no Rule is defined for a switch, and the switch username/password is different than the one defined in the SNMP User Setup in the Default Management Users Template, OmniVista will be unable to connect to the switch and provisioning will fail. The switch will be displayed on the Results Screen with a Provisioning Status of "Failed". If this happens, configure a Rule for the switch using the "Use existing credentials" option under "Other Access Methods" on the Management Users Template, and "Force Provision" the switch. See the Results Screen online help for more information on "Force Provisioning".

Creating a Custom Management Template

You can create a Custom Management Template when creating a Rule. Click on the Add icon at the top of the Rules List to create the new Rule. Go to the "Mgmt Users Template" column in the Rules Table, click on the drop-down arrow and select Add New to bring up the Edit Management Users Template Screen. Complete the fields as described above, click on the Save As New Template button, enter a name for the Rule, and click Save. The new Management Template can then be selected from the drop-down.

Note: If a switch matches a Rule but the switch username/password are different than the credentials defined in the Management Users Template, OmniVista will be unable to connect to the switch and provisioning will fail. The switch will be displayed on the Results Screen with a Provisioning Status of "Failed". If this happens, configure a Rule for the switch using the "Use existing credentials" option under "Other Access Methods on the Management Users Template, and "Force Provision" the switch. See the Results Screen online help for more information on "Force Provisioning".

Editing a Provisioning Rule

Select a Rule in the Rules Table and click on the Edit icon at the top of the table. The Rule will move to the top of the table and all of the Rule fields will be activated above it. Edit any fields as necessary, then click on the small Edit icon to the left of the Rule.

This change will not affect any switches that have previously matched the Rule and been successfully provisioned. The updated Rule will only be applied to subsequent switches connected to the network that match the Rule. Note that if the previous Provisioning Status was "Matched", the status for this edited Rule will change to "Set Up" until a switch is connected to the network that matches the Rule.

Deleting a Provisioning Rule

Select a Rule(s) in the Rules list and click on the Delete icon. Click OK at the Confirmation Prompt. This will not affect any switches that were successfully provisioned after matching the Rule.

Rules List

  • Serial Number/MAC - The switch serial number or MAC Address.
  • VC Serial Number/MAC -The VC serial number or the VC MAC address if the matched rule specifies the VC serial number or the VC MAC address.
  • Switch Model - The switch model number (e.g., OS6860-P48)
  • Provisioning Status - The Provisioning status of the Rule.
    • No Match - Switch has contacted the OmniVista Server but there is not a matching Rule. A switch will contact OmniVista every five (5) minutes until it is matched to a Rule. At any time, you can configure a Rule for the device. The next time the switch contacts the OmniVista Server, it will be matched to the Rule and configured.
    • Set Up - A switch matching the Rule has not yet contacted the OmniVista Server. When the switch contacts the OmniVista Server and receives the configuration, the status will move to "Matched".
    • Matched - The Rule matched at least one switch that contacted the OmniVista Server.
  • Switch Config Template - The Configuration Template used for the Rule.
  • Value Mapping - If the Rule contains a Dynamic Configuration Template, the value mappings are displayed here.
  • Mgmt Users Template - The Management Template used for the Rule.
  • Devices - If one or two switch(es) match the Rule, the switch(es) will be displayed with a link to the switch in the Managed Devices List. If three or more switches match the Rule, two switches will be displayed with a "More" link. Click on the "More" link to display the remaining switches. Click on any specific switch to view the switch in the Managed Devices List.
  • Last Updated Time - The last time the Rule was updated.
  • Save and Certify - Whether the configuration has been saved to the Certified Directory.