Configure Crosswork Data Gateway Instance

A Cisco Crosswork Data Gateway instance is created as a standalone instance and can be geographically separate from the controller application (the controller application could be Cisco Crosswork Infrastructure or Crosswork Cloud). This instance is capable of connecting to the controller application which will enable data collection from the network.

This chapter contains the following topics:

Use the Interactive Console

Cisco Crosswork Data Gateway launches an interactive console upon successful login. The interactive console displays the Main Menu as shown in the following figure:


Note

The Main Menu shown here corresponds to dg-admin user. It is different for dg-oper user as the operator does not have same privileges as the administrator. See Table Table 1.

Figure 1. Interactive Console - Main Menu
Interactive Console - Main Menu

The Main Menu presents the following options:

1. Get Enrollment Package

2. Show System Settings

3. Change Current System Settings

4. Vitals

5. Troubleshooting

p. Change Passphrase

l. Log out


Important

When using an IPv6 address, it must be surrounded by square brackets ([1::1]).

Manage Crosswork Data Gateway Users

This section contains the following topics:

Supported User Roles

Cisco Crosswork Data Gateway supports only two users with the following user roles:

  • Administrator: One default dg-admin user with administrator role is created when Cisco Crosswork Data Gateway is brought up for the first time. This user cannot be deleted and has both read and write privileges such as starting and shutting down the Cisco Crosswork Data Gateway VM, registering an application, applying authentication certificates, configuring server settings, and performing a kernel upgrade.

  • Operator: The dg-oper user is also created by default during the initial VM bring up. This user can review the health of the Cisco Crosswork Data Gateway, retrieve error logs, receive error notifications and run connectivity tests between Cisco Crosswork Data Gateway instance and the output destination.


Note

  • User credentials are configured for both the user accounts during Cisco Crosswork Data Gateway installation.

  • Users are locally authenticated.

The following table shows the permissions available to each role:

Table 1. Permissions Per Role

Permissions

Administrator

Operator
Get Enrollment Package

Show system settings

vNIC Addresses

NTP

DNS

Proxy

UUID

Syslog

Certificates

First Boot Provisioning Log

Timezone

Change Current System Settings

Configure NTP

Configure DNS

Configure Control Proxy

Configure Static Routes

Configure Syslog

Create new SSH keys

Import Certificate

Configure vNIC MTU

Configure Timezone

Configure Password Requirements

Configure Simultaneous Login Limits

Configure Idle Timeout

Configure Login Check Frequency

Configure Interface Address

Vitals

Docker Containers

Docker Images

Controller Reachability

NTP Reachability

Route Table

ARP Table

Network Connections

Disk Space Usage

Linux services

NTP Status

System Uptime

Troubleshooting

Run Diagnostic Commands

Run show-tech

Remove All Non-Infra Containers and Reboot VM

Reboot VM

Export auditd logs

Re-enroll Data Gateway

Enable TAC Shell Access

Change Passphrase

Change Passphrase

Both administrator and operator users can change their own passphrases but not each others'.

Follow these steps to change your passphrase:

Procedure

Step 1

From the Main Menu, select Change Passphrase and click OK.

Step 2

Enter your current password and press Enter.

Step 3

Enter new password and press Enter. Re-type the new password and press Enter.

View Current System Settings

Crosswork Data Gateway allows you to view the following settings:

Figure 2. Show Current System Settings Menu
Show Current System Settings Menu

Follow these steps to view the current system settings:

Procedure

Step 1

From the Main Menu, select Show System Settings.

Step 2

In the prompt, click OK to open the Show Current System Settings menu.

Step 3

Select the setting you want to view.

Setting Option

Description

1 vNIC Addresses

Displays the vNIC configuration, including address information.

2 NTP

Displays currently configured NTP server details.

3 DNS

Displays DNS server details.

4 Proxy

Displays proxy server details (if any configured).

5 UUID

Displays the system UUID.

6 Syslog

Displays the Syslog forwarding configuration. If no Syslog forwarding is configured, this will display only "# Forwarding configuration follows" on screen.

7 Certificates

Provides options to view the following certificate files:

  • Crosswork Data Gateway signing certificate file

  • Controller signing certificate file

  • Controller SSL/TLS certificate file

  • Syslog certificate file

  • Collector certificate file

8 First Boot Provisioning Log

Displays the content of the first boot log file.

9 Timezone

Displays the current timezone setting.

b Enrollment Token

Attention

 

This menu option is for users of Crosswork Data Gateway for Cloud applications.

Displays the token that Crosswork Data Gateway used to enroll with Crosswork Cloud.

Change Current System Settings

Crosswork Data Gateway allows you to configure the following settings:

Figure 3. Change System Settings Menu
Change Current System Settings Menu

Follow these steps to modify the current system settings:

Procedure

Step 1

From the Main Menu, select 3 Change Current System Settings.

Step 2

Select the setting that you want to modify.

  • NTP

  • DNS

  • Control proxy

  • Static routes

  • Syslog

  • SSH keys

  • Certificate

  • vNIC MTU

  • Timezone

  • Password requirements

  • Simultaneous login limits

  • Idle timeout

  • Auditd

  • Login check frequency

  • Interface address

  • Enrollment token

    Note

     

    This Enrollment token menu option is for users of Crosswork Data Gateway for Cloud applications.

Note

 

  • Crosswork Data Gateway system settings can only be configured by the administrator.

  • When using an IPv6 address, it must be surrounded by square brackets ([1::1]).

  • In the Settings options where you require to use SCP, if you are not using the default SCP port 22, you can specify the port as a part of the SCP command. For example, 

    -P55 user@host:path/to/file

    Where 55 is a custom port.

Configure NTP

It is important that NTP time be synchronized with the controller application and its Crosswork Data Gateway instances. If not, then session handshake doesn’t happen and functional images are not downloaded. In such cases, error message clock time not matched and sync failed is logged in controller-gateway.log. To access log files, see Run show-tech. You can use Controller Reachability and NTP Reachability options from Main Menu > Vitals to check NTP reachability for the controller application as well as the Crosswork Data Gateway. See View Crosswork Data Gateway Vitals. If NTP has been set incorrectly,you will see error Session not established.

When configuring Crosswork Data Gateway to use authentication via a keys file, the chrony.keys file must be formatted in a specific way as documented at https://chrony.tuxfamily.org/doc/3.5/chrony.conf.html#keyfile. For sites that use ntpd and are configured to use a ntp.keys file, it is possible to convert from ntp.keys to chrony.keys using the tool https://github.com/mlichvar/ntp2chrony/blob/master/ntp2chrony/ntp2chrony.py. The tool converts ntpd configuration into a chrony compatible format, but only the keys file is required to be imported into Crosswork Data Gateway.

Follow the steps to configure NTP settings:

Procedure

Step 1

From the Change Current System Settings Menu, select Configure NTP.

Step 2

Enter the following details for the new NTP server:

  • Server list, space delimited

  • Use NTP authentication?

  • Key list, space delimited and must match in number with server list

  • Key file URI to SCP to the VM

  • Key file passphrase to SCP to the VM

Step 3

Click OK to save the settings.

Configure DNS

Procedure

Step 1

From the Change Current System Settings menu, select Configure DNS and click OK.

Step 2

Enter the new DNS server address(es) and domain.

Step 3

Click OK to save the settings.

Configure Control Proxy

If you have not configured a proxy server during installation, avail this option to set up a proxy sever:

Procedure

Step 1

From the Change Current System Settings menu, select Configure Control Proxy and click OK.

Step 2

Click Yes for the following dialog if you wish to proceed. Click cancel otherwise.

Step 3

Enter the new Proxy server details:

  • Server URL

  • Bypass addresses

  • Proxy username

  • Proxy passphrase

Step 4

Click OK to save the settings.

Configure Static Routes

The static routes are configured when Crosswork Data Gateway receives add/delete requests from the collectors. The Configure Static Routes option from the main menu can be used for troubleshooting purpose.


Caution

Static routes configured using this option are lost when the Crosswork Data Gateway reboots.

Add Static Routes

Follow the steps to add static routes:
Procedure

Step 1

From the Change Current System Settings menu, select 4 Configure Static Routes.

Step 2

To add a static route, select a Add.

Step 3

Select the interface for which you want to add a static route.

Step 4

Select the IP version.

Step 5

Enter IPv4 or IPv6 subnet in CIDR format when prompted.

Step 6

Click OK to save the settings.

Delete Static Routes

Follow the steps to delete a static route:
Procedure

Step 1

From the Change Current System Settings Menu, select 4 Configure Static Routes.

Step 2

To delete a static route, select d Delete.

Step 3

Select the interface for which you want to delete a static route.

Step 4

Select the IP version.

Step 5

Enter IPv4 or IPv6 subnet in CIDR format.

Step 6

Click OK to save the settings.

Configure Syslog

You can configure the remote servers during the Day0 installation through the configuration file. If you want to modify the Syslog server list, port number, protocol, and certificate file in Day1 installation or later use the Interactive Console.


Note

For any Syslog server configuration with IPv4 or IPv6 support for different Linux distributions, please refer to your system administrator and configuration guides.

Follow the steps to configure Syslog:

Before you begin

Crosswork Data Gateway lets you configure multiple servers through the following modes:

  • Simultaneous: Crosswork Data Gateway sends messages to all the configured Syslog server addresses. When one of the servers is unresponsive, the message is queued to the disk until the servers are response.

  • Failover: Crosswork Data Gateway sends message to the first Syslog server address. If the server is not available, the message is sent to the subsequent configured address. When all the servers in the list are unresponsive, the message is queued to the disk until the servers are response.

Procedure

Step 1

From the Change Current System Settings menu, select 5 Configure Syslog.

Step 2

In the Use Syslog window, select True to continue configuring the Syslog server.

Step 3

In the Select Syslog Multiserver Mode window, select Simultaneous or Failover.

Step 4

Enter the values for the following Syslog attributes:

  • Server address or hostname: Space-delmited list of IPv4 or IPv6 address of Syslog server accessible from the management interface.

  • Port: Port number of the Syslog server

  • Protocol: Use UDP, TCP, or RELP when sending system logs.

  • Use Syslog over TLS?: Use TLS to encrypt Syslog traffic.

  • TLS Peer Name: Syslog server's hostname exactly as entered in the server certificate SubjectAltName or subject common name.

  • Syslog Root Certificate File URI: PEM formatted root cert of Syslog server retrieved using SCP.

  • Syslog Certificate File Passphrase: Password of SCP user to retrieve Syslog certificate chain.

Step 5

Click OK to save the settings.

Create New SSH Keys

Creating new SSH keys will remove the current keys.

Follow the steps to create new SSH keys:

Procedure

Step 1

From the Change Current System Settings Menu, select 6 Create new SSH keys.

Step 2

Click OK. Crosswork Data Gateway launches an auto-configuration process that generates new SSH keys.

Import Certificate

Updating any certificate other than Controller Signing Certificate causes a collector restart.

Crosswork Data Gateway allows you to import the following certificates:

  • Controller signing certificate file

  • Controller SSL/TLS certificate file

  • Syslog certificate file

  • Proxy certificate file

Procedure

Step 1

From the Change Current System Settings Menu, select Import Certificate.

Step 2

Select the certificate you want to import.

Step 3

Enter SCP URI for the selected certificate file.

Step 4

Enter passphrase for the SCP URI and click OK.

Configure vNIC2 MTU

You can change vNIC2 MTU only if you are using 3 NICs.

If your interface supports jumbo frames, the MTU value lies in the range of 60-9000, inclusive. For interfaces that do not support jumbo frames, the valid range is 60-1500, inclusive. Setting an invalid MTU causes Crosswork Data Gateway to revert the change back to the currently configured value. Please verify with your hardware documentation to confirm what the valid range is. An error will be logged into kern.log for MTU change errors which can be viewed after running showtech.

Procedure

Step 1

From the Change Current System Settings menu, select Configure vNIC1 MTU.

Step 2

Enter the vNIC2 MTU value.

Step 3

Click OK to save the settings.

Configure Timezone of the Crosswork Data Gateway VM

The Crosswork Data Gateway VM first launches with default timezone as UTC. Update the timezone with your geographical area so that all Crosswork Data Gateway processes (including the showtech logs) reflect the timestamp corresponding to the location you have chosen.

Procedure

Step 1

Log in to the Crosswork Data Gateway VM.

Step 2

In the Crosswork Data Gateway VM interactive menu, select 3 Change Current System Settings.

Step 3

From the menu, select 9 Timezone.

Step 4

Select the geographic area in which you live.

Figure 4. Timezone Settings - Geographic Area Selection
Timezone Settings - Geographic Area Selection

Step 5

Select the city or region corresponding to your timezone.

Figure 5. Timezone Settings - Region Selection
Timezone Settings - Region Selection

Step 6

Select OK to save the settings.

Step 7

Reboot the Crosswork Data Gateway VM so that all processes pick up the new timezone. See Reboot Crosswork Data Gateway VM section in Cisco Crosswork Network Controller 6.0 Administration Guide.

Step 8

Log out of the Crosswork Data Gateway VM.

Configure Password Requirements

You can configure the following password requirements:

  • Password Strength

  • Password History

  • Password expiration

  • Login Failures

Procedure

Step 1

From Change Current System Settings menu, select Configure Password Requirements.

Step 2

Select the password requirement you want to change.

Set the options you want to change:

  • Password Strength

    • Min Number of Classes

    • Min Length

    • Min Changed Characters

    • Max Digit Credit

    • Max Upper Case Letter Credit

    • Max Lower Case Letter Credit

    • Max Other Character Credit

    • Max Monotonic Sequence

    • Max Same Consecutive Characters

    • Max Same Class Consecutive Characters

  • Password History

    • Change Retries

    • History Depth

  • Password expiration

    • Min Days

    • Max Days

    • Warn Days

  • Login Failures

    • Login Failures

    • Initial Block Time (sec)

    • Address Cache Time (sec)

Step 3

Click OK to save the settings.

Configure Simultaneous Login Limits

By default, Crosswork Data Gateway supports 10 simultaneous sessions for the dg-admin and dg-oper user on each VM. To change this:

Procedure

Step 1

From the Change Current System Settings menu, select a Configure Simultaneous Login Limits.

Step 2

In the window that appears, enter the number of simultaneous sessions for the dg-admin and dg-oper user.

Step 3

Select Ok to save your changes.

Configure Idle Timeout

Procedure

Step 1

From the Change Current System Settings menu, select b Configure Idle Timeout.

Step 2

Enter the new value of idle timeout in the window that appears.

Step 3

Enter Ok to save your changes.

Configure Remote Auditd Server

Use this procedure to configure the auditd daemon export to a remote server.

Procedure

Step 1

From the Change Current System Settings menu, select c Configure auditd.

Step 2

Enter the following details:

  • Remote auditd server address.

  • Remote auditd server port.

Step 3

Select OK to save your changes.

Configure Login Frequency

You can configure the number of permissible log in attempts the user can make after a log in failure.

Procedure

Step 1

From the Change Current System Settings menu, select Configure Login Check Frequency and click OK.

Step 2

In the Login Check Frequency window, enter the number of log in attempts you want to monitor. To disable the feature, enter 0.

Figure 6. Login Check Frequency Window
Login Check Frequency Window

After the timer is updated, a confirmation window appears.

Figure 7. Timer Frequency Updated Window
Timer Frequency Updated Window

Configure Interface Address

After you have deployed a Crosswork Data Gateway instance, you can reconfigure the interfaces that are already associated with an instance. When you reconfigure an interface, you can change its name, associate IP address, or access the security group that is associated with an interface.

Before you begin

  • All the devices must be detached from the Crosswork Data Gateway instance for which you want to reconfigure the interface address.

  • The Crosswork Data Gateway instance must be in the maintenance mode.

Procedure

Step 1

From the Change System Settings menu, select Configure Interface Address.

Figure 8. Change System Settings Menu
Change System Settings Menu

Step 2

In the Change Interface Address confirmation box, click Yes.

Figure 9. Change Interface Address Confirmation Message
Change Interface Address Confirmation Message

Step 3

Select the interface that you want to reconfigure and click OK. The options are eth0, eth1, eth2, or eth3.

Figure 10. Interface Selection Menu
Interface Selection Menu

Step 4

Select the <interface> IPv4 addressing method. The options are DHCP, Static Address, or No address. Cisco recommends that you select the option that you had specified during the Day0 installation.

Figure 11. IPv6 Address Selection
IPv6 Address Selection

Step 5

Enter the IPv4 address and click OK.

Step 6

Enter the IPv4 Netmask address and click OK.

Step 7

In the Skip <interface> IPv4 gateway configuration confirmation box, select True or False and click OK.

Step 8

If you have selected True in the previous step, specify the IPv4 gateway address.

Step 9

In the Change Interface Address confirmation box, click OK.

Figure 12. Confirmation Message
Confirmation Message
After the interface is configured, make sure to reboot the VM.

View Crosswork Data Gateway Vitals

Follow these steps to view Cisco Crosswork Data Gateway vitals:

Procedure

Step 1

From the Main Menu, select Vitals.

Step 2

From the Show VM Vitals menu, select the vital you want to view.

Figure 13. Show VM Vitals Menu
Show VM Vitals Menu

Vital

Description

Docker Containers

Displays the following vitals for the Docker containers currently instantiated in the system:

• Container ID

• Image

• Name

• Command

• Created Time

• Status

• Port

Docker Images

Displays the following details for the Docker images currently saved in the system:

• Repository

• Image ID

• Created Time

• Size

• Tag

Controller Reachability

Displays the results of controller reachability test run:

• Default IPv4 gateway

• Default IPv6 gateway

• DNS server

• Controller

• Controller session status

NTP Reachability

Displays the result of NTP reachability tests:

• NTP server resolution

• Ping

• NTP Status

• Current system time

Route Table

Displays IPv4 and IPv6 routing tables.

ARP Table

Displays ARP tables.

Network Connections

Displays the current network connections and listening ports.

Disk Space Usage

Displays the current disk space usage for all partitions.

Linux Services

Displays the status of the following Linux services:

  • NTP

  • SSH

  • Syslog

  • Docker

  • Cisco Crosswork Data Gateway Infrastructure containers.

Check NTP Status

Displays the NTP server status.

Check System Uptime

Displays the system uptime.

Troubleshooting Crosswork Data Gateway VM

To access Troubleshooting menu, select 5 Troubleshooting from the Main Menu.


Note

The image shows the Troubleshooting menu corresponding to dg-admin user. Few of these options are not available to dg-oper user. See Table Table 1.

The Troubleshooting menu that provides the following options:

Run Diagnostic Commands

The Run Diagnostics menu provides you the following options in the console:

Figure 14. Run Diagnostics Menu

Ping a Host

Crosswork Data Gateway provides you ping utility that can be used to check reachability to any IP address.

Procedure

Step 1

From Main Menu, navigate to Troubleshooting > Run Diagnostics > ping.

Step 2

Enter the following information:

  • Number of pings

  • Destination hostname or IP

  • Source port (UDP, TCP, TCP Connect)

  • Destination port (UDP, TCP, TCP Connect)

Step 3

Click OK.

Traceroute to a Host

Crosswork Data Gateway provides the traceroute option to help troubleshoot latency issues. Using this option provides you a rough time estimate for the Crosswork Data Gateway to reach the destination.

Procedure

Step 1

From Main Menu, navigate to Troubleshooting > Run Diagnostics > traceroute.

Step 2

Enter the traceroute destination.

Step 3

Click OK.

Command Options to Troubleshoot

Crosswork Data Gateway provides several commands for troubleshooting.

Procedure

Step 1

From Main Menu, navigate to Troubleshooting > Run Diagnostics.

Step 2

Select the command and other option or filters for each of the commands:

  • 4 top

  • 5 lsof

  • 6 iostat

  • 7 vmstat

  • 8 nsolookup

Step 3

Click Ok.

Once you have selected all the options, Crosswork Data Gateway clears the screen and runs the command with the specified options.

Download tcpdump

Crosswork Data Gateway provides the tcpdump option that allows you to capture and analyze network traffic.


Note

This task can only be performed by a dg-admin user.

Procedure

Step 1

From Main Menu, navigate to Troubleshooting > Run Diagnostics > tcpdump.

Step 2

Select an interface to run the tcpdump utility. To run the utility for all the interfaces, select the All option.

Step 3

Select the appropriate check box to view the packet information on the screen or save the captured packets to a file.

Step 4

Enter the following details and click OK.

  • Packet count limit

  • Collection time limit

  • File size limit

  • Filter expression

Depending on the option you choose, Crosswork Data Gateway displays the packet capture information on the screen or saves it to a file. After the tcpdump utility reaches the specified limit, Crosswork Data Gateway compresses the file, and prompts for the SCP credentials to transfer the file to a remote host. The compressed file is deleted once the transfer is complete or if you've decided to cancel the file transfer before completion.

Run a Controller Session Test

After Crosswork Data Gateway is installed, you can validate if the instance is able to establish a connection with Crosswork Cloud by using the controller session test option. In addition to the connection tests, the utility validates and analyzes the discrepancies between the resources (CPU and memory) assigned to the VM and the resources prescribed by the deployment profile.

Procedure

From Main Menu, navigate to Troubleshooting > Run Diagnostics > Run Controller Session Tests. If the connection is completed, the console displays a message indicating that the instance was able to establish a connection. When the connection fails, additional validation tests are performed, and the following information is displayed:

  • DNS server IP address

  • DNS domain

  • NTP server address

  • NTP status

  • Proxy URL

  • Proxy reachability status

  • Controller URL

  • Controller reachability status

  • The date when the tests were last performed.

Figure 15. Run Controller Session Tests Menu
Figure 16. Result of the Run Controller Session Tests Menu
What to do next

If the controller session was not established, review the information displayed on the console to determine the probable cause of the failure and perform the corrective actions proposed on the console.

Run show-tech

Crosswork Data Gateway provides the show_tech option to export its log files to a user-defined SCP destination.

The collected data includes the following:

  • Logs of all the Data Gateway components running on Docker containers

  • VM Vitals

It creates a tarball in the directory where it is executed. The output is a tarball named DG-<CDG version>-<CDG host name>-year-month-day--hour-minute-second.tar.xz.enc .

The execution of this command may take several minutes depending on the state of Crosswork Data Gateway.

Procedure

Step 1

From Troubleshooting menu, select Show-tech and click OK.

Step 2

Enter the destination to save the tarball containing logs and vitals.

Step 3

Enter your SCP passphrase and click OK.

The showtech file downloads in an encrypted format.

Note

 
Depending on how long the system was in use, it may take several minutes to download the showtech file.

Step 4

After the download is complete run the following command to decrypt it:

Note

 

In order to decrypt the file, you must use OpenSSL version 1.1.1i. Use the command openssl version to check the openssl version on your system.

To decrypt the file on a MAC, you must install OpenSSL 1.1.1+. This is because LibreSSL's openssl command does not support all the switches supported by OpenSSL's openssl command.

openssl enc -d -AES-256-CBC -pbkdf2 -md sha512 -iter 100000 -in <showtech file> -out <decrypted filename> -pass pass:<password>

Reboot Crosswork Data Gateway VM


Note

This task can only be performed by dg-admin user.

Crosswork Data Gateway gives you two options to reboot the VM:

  • Remove all Collectors and Reboot VM: Select this option from the Troubleshooting menu if you want to stop the containers that were downloaded after installation (collectors and offload), remove the images from docker, remove collector data and configuration and reboot VM. This returns the VM to a state just after initial configuration is complete with only infrastructure containers running.

  • Reboot VM: Select this option from the Troubleshooting menu for a normal reboot.

Shutdown the Crosswork Data Gateway VM

From the Troubleshooting Menu, select 5 Shutdown VM to power off the Crosswork Data Gateway VM.

Export auditd Logs

Follow the steps to export auditd logs:

Procedure

Step 1

From Troubleshooting, select Export audit Logs.

Step 2

Enter a passphrase for auditd log tarball encryption.

Step 3

Click OK.

Re-enroll Crosswork Data Gateway

Follow the steps to re-enroll Crosswork Data Gateway:

Before you begin

The existing Crosswork Data Gateway enrollment must be deleted from the controller prior to re-enrolling.

Procedure

Step 1

From Troubleshooting menu, select Re-enroll Data Gateway.

Step 2

Review the information inn the confirmation window and click Yes.

Figure 17. Re-enroll Data Gateway Confirmation Window

Remove Rotated Log Files

Follow the steps to removes all rotated log files (*.gz or *.xz) in the /var/log and /opt/dg/log folders.

Procedure

Step 1

From Troubleshooting menu, select Remove Rotated Log files.

Step 2

Select Yes in the dialog that appears to save your changes.

Enable TAC Shell Access

The TAC Shell Access function allows a Cisco engineer to directly log in to the Ubuntu shell via multifactor authentication, using a reserved user named dg-tac.

Initially, the dg-tac user account is locked and password is expired to prevent the user from getting a shell prompt. Once enabled, the dg-tac user is active until the next calendar day, 12:00 a.m UTC (midnight UTC), which is less than 24 hours.

The steps to enable the dg-tac user are as follows:


Note
Enabling this access requires you to communicate actively with the Cisco engineer.

Before you begin

Ensure that the Cisco engineer who is working with you has access to the SWIMS Aberto tool.

Procedure

Step 1

Log in to the Data Gateway VM as the dg-admin user.

Step 2

From the main menu, select Troubleshooting.

Step 3

From the Troubleshooting menu, select t Enable TAC Shell Access.

A dialog appears, warning that the dg-tac user login requires a password that you set and a response to a challenge token from TAC. At this point, you may answer No to stop the enable process or Yes to continue.

Step 4

If you continue, the system prompts for a new password to use and shows the day when the account disables itself.

Step 5

Enter a password to unlock the account in the console menu.

Step 6

Log out of the Crosswork Data Gateway.

Step 7

Follow these steps if the Crosswork Data Gateway VM can be accessed by the Cisco engineer directly. Move to Step 8 otherwise.

  1. Share the password that you had set in Step 5 for the dg-tac user with the Cisco engineer who is working with you.

  2. The Cisco engineer logs in as the dg-tac user Via SSH with the password you had set.

    After entering the password, the system presents the challenge token. The Cisco engineer signs the challenge token using the SWIMS Aberto tool and pastes the signed response to the challenge token back at the Crosswork Data Gateway VM.

  3. The Cisco engineer logs in successfully as the dg-tac user and completes the troubleshooting.

    There is a 15-minute idle timeout period for the dg-tac user. If logged out, the Cisco engineer needs to sign a new challenge to log in again.

  4. After troubleshooting is complete, the Cisco engineer logs out of the TAC shell.

Step 8

If Crosswork Data Gateway VM cannot be accessed directly by the Cisco engineer, start a meeting with the Cisco engineer with desktop sharing enabled.

  1. Log in as the dg-tac user Via SSH using the following command:

    ssh dg-tac@<DG hostname or IP>

  2. Enter the password that you set for the dg-tac user.

    After entering the password, the system presents the challenge token. Share this token with the Cisco engineer who will then sign the token using the SWIMS Aberto tool and share the response with you.

  3. Paste the signed response to the challenge token back to the Crosswork Data Gateway VM and press enter to get the shell prompt.

  4. Share your desktop or follow the Cisco engineer's instructions for troubleshooting.

    There is a 15-minute idle timeout period for the dg-tac user. If logged out, the Cisco engineer needs to sign a new challenge to log in again.

  5. Log out of the TAC shell after troubleshooting is complete.