Managing System

This chapter contains the following sections:

About Slices

The slices screen provides a way for you, as a network administrator, to partition networks into many logical networks. This feature allows you to create multiple disjoint networks and assign different roles and access levels to each one. Each logical network can be assigned to departments, groups of individuals, or applications. Multiple disjoint networks can be managed using the Cisco Nexus Data Broker application.

The slices are created based on the following criteria:

  • Network devices—The devices that can be used in the slice.

    Network devices can be shared between slices.

  • Network device interfaces—The device interfaces that can be used in the slice.

    Network device interfaces can be shared between slices.

  • Flow Specification—A combination of source and destination IP, protocol, and source and destination transport ports used to identify the traffic that belongs to the slice.

    Flow specifications can be assigned to different slices if the associated network devices and interfaces are disjointed.


    Note

    You can also use VLAN IDs to segregate the slice traffic.

Slices must be created by a Cisco Nexus Data Broker user with the Network Administrator role. After creation, the slices can be managed by a user with the Slice Administrator role.

Slices can overlap if each slice has at least one unique attribute. For example, a slice can share the same physical switches and ports, but be differentiated by the type of traffic it receives.

Adding a Slice

Procedure

Step 1

Navigate to the System tab under Administration and click + Slice.

The Add Slice window is displayed.

Step 2

In the Add Slice window, complete the following fields:

Name

Description

Name

The name that you want to assign to the slice.

Select Devices

Select the devices that you want to associate with the slice.

Step 3

Click Save.

Adding a Flow Specification

Before you begin

Create a slice before you add a flow specification.


Note

Be default, a flow specification is bidirectional.

Procedure

Step 1

Navigate to the System tab under Administration and click + Flow Spec to add a flow specification for the selected slice.

Step 2

In the Add Flow Spec dialog box, complete the following fields:

Name

Description

Name field

The name that you want to use for the flow specification.

VLAN field

The VLAN ID or the range of VLAN IDs that you want to use for the flow specification.

Source IP field

The source IP address that you want to use for the flow specification.

Destination IP field

The destination IP address that you want to use for the flow specification.

Protocol field

The IP protocol number in decimal format that you want to use for the flow specification.

Source Port field

The source port that you want to use for the flow specification.

Destination Port field

The destination port that you want to use for the flow specification.

Step 3

Click Save.

OR you can click Cancel to cancel the action.

About AAA Servers

AAA enables the security appliance to determine who the user is (authentication), what the user can do (authorization), and what the user did (accounting). Cisco Nexus Data Broker uses Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access-Control System Plus (TACACS+) to communicate with an AAA server.

Remote authentication and authorization is supported using the AAA server. To authenticate each user, Cisco Nexus Data Broker uses both the login credentials and an attribute-value (AV) pair that assigns the authorized role for the user as part of the user administration. After successful authentication, the Cisco AV pair is returned to Cisco Nexus Data Broker for resource access authorization.

Adding a AAA Server

Starting with Cisco NSB Release 3.4, you can configure a AAA server using a Domain Name or an IP address.


Note

Starting with Cisco Nexus Data Broker Release 3.7, you can now verify status of AAA TACACS server before adding it using the Check Server option on the Add AAA Server dialog box. The Check Server option verifies whether the AAA server that you are configuring is reachable or not and whether the credentials are valid or not.


Note

When the configured AAA server(s) are not reachable, the user request is authenticated locally. If the AAA server is reachable and the user authentication fails, the user request is not authenticated locally.

Procedure

Step 1

Navigate to the AAA tab under System and click Add Server.

The Add AAA Server window is displayed.

Step 2

In the Add AAA Server window, complete the following fields:

Name

Description

Protocol field

Choose the protocol for the AAA server. This can be one of the following:

  • Radius+

  • TACACS+

  • LDAP

Note 

For detailed information about how to configure LDAP for AAA server, see Configuring User Authentication for LDAP.

Server Address field

Server IP address or Domain Name.

Secret field

The shared secret configured on the AAA server.

User Name field

User name for authentication..

Password field

Password for authenticating the user.

Step 3

(Optional) Click Check Server to verify whether the server is reachable and authentication credentials are valid or not.

Note 

The Check Server option is available only for TACACS AAA server.

Step 4

Click Save.

Viewing Cluster Information

Procedure

Navigate to the Cluster tab under System to view information about the clusters.

The cluster management dialog boxes are read-only. The dialog box lists the IP addresses of all of the Cisco Nexus Data Broker instances in the cluster.

Note 

For the backup and upload features to work properly, all the servers in the cluster should be stopped and then they should be restarted. You should not configure any functionality during this time. Once the upload configuration is done, you should not configure anything from any other nodes in the cluster as it might to lead to few inconsistencies in the data.

Viewing the OSGi Console

You can view all of Cisco Nexus Data Broker bundles that comprise the application by viewing the OSGi Web Console.


Note

This procedure does not provide a step-by-step guide to everything you can do in the OSGi Web Console for Cisco XNC Bundles list. It guides you in opening the OSGi Web Console and viewing bundle information.

Procedure

Step 1

Navigate to the System tab under Administration.

A new browser tab opens.
Step 2

Click OSGI.

Step 3

Enter your username and password, and then press Enter.

The Cisco – XNC Bundles list is displayed. In this page you can view all of the active packages, filter on the package name to specify bundle names, and complete other tasks.
Step 4

When you are finished viewing the list, close the Cisco – XNC Bundles browser tab.

Viewing the Northbound API Content

You can view all of Cisco Nexus Data Broker northbound API content for the application by opening a browser tab using the Northbound API tool (book icon) in the menu bar.

Procedure

Step 1

From the menu bar, click the Northbound API button.

A new browser tab (Swagger UI) is opened and the complete list of northbound API content used in Cisco Nexus Data Broker is displayed.

From this tab, you can do the following:

  • Show or hide the operations for an API.

  • List the operations for an API.

  • Expand the operations for an API.

Step 2

When you are finished viewing northbound API content, close the browser tab.

Downloading the System Log Files

You can download log files for Cisco Nexus Data Broker to use for analysis. Log files are saved as a .zip archive.


Note

Starting with Cisco Nexus Data Broker Release 3.7, naming convention for the System log files has changed. The System log file name now reflects the time stamp when the file is generated. For example, NDBLogs-21Aug2018_11_15_08.zip.


Note

Starting with Cisco Nexus Data Broker Release 3.7, the System log file now provides additional details such as the device connection information, number of redirections, and details about all the devices managed by NDB.

Procedure

Step 1

Navigate to the System tab under Administration.

Step 2

Click Download Logs.

A dialog box opens in the browser prompting you to either open or save the .zip file.

Step 3

Do one of the following:

  • Save the archive to a location of your choosing, for example, home/ndbconfig.
  • Open the archive to view the contents, and then save it.

Backing Up or Restoring the Configuration Using NDB GUI

Starting with Cisco NDB, Release 3.4, you can create and restore a NDB configuration backup instantly during the pre-deployment phase. Support for instant backup is currently available in NX-OS, OpenFlow, and AUX switches.

Using this feature, a backup point is created with current NDB configuration that can be restored to the system. Cisco NDB provides three backup options:

  • Schedule backup to NDB Server—Backup is created at the specified time in the NDB server in the backup directory of xnc.

  • Backup now to NDB server—Backup is created in the NDB server in the backup directory of xnc.

  • Backup now locally—Backup is created and available for download using Web browser.

Cisco NDB provides two restore options:

  • Restore from Server—Configuration is restored from a server.

  • Restore Locally—Configuration is restored from a local directory.

Backing Up or Restoring the Configuration Using the CLI

Procedure

Step 1

Navigate to the xnc/bin directory that was created when you installed the software.

Step 2

Back up the configuration by entering the ./xnc config --backup command.

The --backup option creates a backup archive (in .zip format) of the startup configuration in the current xnc distribution. The backup archive is stored in {xncHome}/backup/. A new archive is created each time that the backup command is entered using a filename with the current timestamp.

Step 3

Restore the configuration by entering the ./xnc config --restore --backupfile {zip_filename} command.

The --restore option restores the startup configuration of the current xnc distribution from an existing backup archive. The restore action requires the absolute path of the backup archive.

Scheduling Configuration Backup to NDB Server

Beginning with Cisco Nexus Data Broker, Release 3.2, you can schedule automatic configuration backup to a server with a start date and an end date. Backup is created at the specified time in the NDB server in the backup directory of XNC. When any configuration is performed in Cisco Nexus Data Broker, it is saved automatically.


Note

Beginning with Cisco Nexus Data Broker, Release 3.2, you do not need to use the Save option to save the Cisco Nexus Data Broker configurations. Even after you restart the server, the configuration is autosaved.

Procedure

Step 1

Navigate to Administration -> System -> Backup/Restore tab.

Step 2

From the Backup drop-down list, select Schedule backup to NDB Server to open the Schedule page.

Step 3

In the Schedule page, enter the following details:

Field

Description

Start Date

Date to start the configuration backup.

Start Time

Time to start the configuration backup.

Choose Pattern

Select the pattern of the backup. Valid options are:

  • Daily

  • Weekly

  • Monthly

Choose

Select when to stop the backup process. Valid options are:

  • No End Date: Continue taking backup as per the specified frequency.

  • End Date: Continue taking backup till the specified date.

  • Occurences: Indicates the number of times to take the backup.

Enable

Enables the scheduled backup.

Restoring Configuration Locally

You can upload the saved system configuration files for Cisco Nexus Data Broker to restore the Cisco Nexus Data Broker application in the case of a failure or other event. After restoring you configuration, you will need to restart Cisco Nexus Data Broker.

Direct upload path to Cisco Nexus Data Broker is available from Cisco Nexus Data Broker, Release 3.0 or above. If you are running a previous release, upload it to Release 3.0 first before uploading to Release 3.2.

Procedure

Step 1

Navigate to the System tab under Administration and click Restore Locally to upload the configuration.

Step 2

Navigate to the location of the file configuration_startup.zip.

Step 3

Click on the archive file.

The system configuration is uploaded and the browser displays a message informing you that you need to restart the server.

Step 4

Restart the server, and then log back in to the Cisco Nexus Data Broker GUI.

Backing Up Configuration Locally

Configuration backup is created in the local machine in the specified directory. You can backup the system configuration locally in case you need to restore the system after an upgrade or other change. System configuration files are saved in a zipped archive.

Procedure

Step 1

Navigate to Administration -> System -> Backup/Restore tab.

Step 2

From the Backup drop-down list, select backup now locally.

The configuration backup is created and dowloaded to the local directory.

Restoring Configuration from a Server

You can restore NDB configuration from a server using the NDB GUI. Complete the following steps to restore a confguration from a server:

SUMMARY STEPS

  1. Navigate to Administration -> System -> Backup/Restore tab.
  2. Select a backup from the list and click Restore to restore the selected configuration.

DETAILED STEPS

Step 1

Navigate to Administration -> System -> Backup/Restore tab.

Step 2

Select a backup from the list and click Restore to restore the selected configuration.

Recovering the Administrative Password

The Cisco Nexus Data Broker network administrator user can return the administrative password to the factory default.


Note

The software may or may not be running when this command is used. If the software is not running, the password reset takes effect the next time that it is run.

Procedure

Step 1

Open a command window where you installed Cisco Nexus Data Broker.

Step 2

Navigate to the xnc/bin directory that was created when you installed the software.

Step 3

Reset the administrative password by entering the ./xnc reset-admin-password [--wait-seconds {wait_time} --password {password}] command.

Resets the admin password to the default or specified password by restarting the user manager.

  • The wait-seconds is the length of time, in seconds, to wait for the user manager to restart. The minimum is 5 seconds and the maximum is 60 seconds.

  • The password is the administrative password.

Note 

  • The password must be from 8 to 256 characters, contain both uppercase and lowercase characters, and have at least one number and one non-alphanumeric character.

  • If you leave the password blank, it is reset to the factory default of "admin".

  • Each time that you reset the administrative password, make sure that the new password meets these requirements or you will not be able to log in to Cisco Nexus Data Broker.

Uninstalling the Application Software

Before you begin

Ensure that your Cisco Nexus Data Broker application is stopped before proceeding.

Procedure

Step 1

Navigate to the directory where you created the Cisco Nexus Data Broker installation.

For example, if you installed the software in Home/ CiscoNDB, navigate to the Home directory.

Step 2

Delete the CiscoNDB directory.