Managing System Settings

This section describes how to manage system settings.


Note


To manage system settings, you must be logged in either as root or as a user with Administrative Operations permissions.

System settings are managed from the ADMIN > System Management menu.

Managing Active Sessions

IoT FND tracks active user sessions and lets you log out users.

Viewing Active Sessions

To view active user sessions:

Procedure


Choose ADMIN > System Management > Active Sessions.

IoT FND displays the Active Sessions page.
The table describes the Active Session fields:
Field Description

User Name

The user name in the session record. To view user settings, click the user name.

IP

The IP address of the system the user employs to access IoT FND.

Login Time

The log in date and time for the user.

Last Access Time

The last time the user accessed the system.

Tip

 
Click the Reload button (upper-left hand corner) to update the users list.

Logging Out Users

To log out an IoT FND user:

Procedure


Step 1

Choose ADMIN > System Management > Active Sessions.

Step 2

Select the check boxes for those users you want to log out.

Step 3

Click Logout Users.

Step 4

Click Yes to confirm logout of the users.


Filtering the Active Sessions List

To filter the Active Sessions list using column filtering:

Procedure


Step 1

Choose ADMIN > System Management > Active Sessions.

Step 2

Hover the mouse over the User Name column heading to expose the filter icon (triangle). Enter the user name or the first characters of the user name to filter the list.

For example, to list the active sessions for the root user, enter root.

Tip

 
To remove the filter, from the User Name drop-down menu, clear the Filters check box or click Clear Filter.

Displaying the Audit Trail

Use the audit trail to track IoT Field Network Director user activity.

To display the Audit Trail:

Procedure


Choose ADMIN > System Management > Audit Trail.

The table below describes the Audit Trail Fields:
Field Description

Date/Time

Date and time of the operation.

Domain

Specifies domains with root or non-root access.

  • Root - The Admin user who defines root access for other users while creating a domain.

  • Non-root - Admin creates the domain without root access.

User Name

The user who performed the operation. To view user settings, click the user name.

IP

IP address of the system that the user employs to access IoT FND.

Operation

Type of operation performed.

Status

Status of the operation.

Details

Operation details.

Tip

 
Click the Refresh icon (far right) to update the list.

Filtering the Audit Trail List

To filter the Audit Trail list using column filtering:

Procedure


Step 1

Choose ADMIN > System Management > Audit Trail.

Step 2

From the User Name drop-down menu, pass over Filters option and in the field that appears enter the user name or the first characters of the user name to filter the list.

For example, to list the Audit Trail entries for the user jane, enter jane.

Tip

 
To remove the filter, from the User Name drop-down menu, uncheck the Filters check box or click Clear Filter (left of the screen).

Managing Certificates

The Certificates page displays the certificates for CSMP (CoAP Simple Management Protocol), and Web certificates used by IoT FND and lets you download these certificates.

To display the CSMP, and Web certificates:

Procedure


Step 1

Choose ADMIN > System Management > Certificates.

Step 2

To view a certificate, click its corresponding heading (such as Certificate for Routers).

Step 3

To download a certificate, select encoding type (Binary or Base64) radio button, and then click Download.

For more information about certificates, see Generating and Installing Certificates in the Cisco IoT Field Network Director Installation Guide.

Configuring CA Certification to verify the App Signature

Allows you to import and add a trust anchor to the default profile for a Cisco IOx device that is being managed by IoT FND such as IC3000 or IR800. (The default profile is not visible to the user). You can enable this capability on the Application Security tab of the Certificate page.

The Application Security tab only appears when both of the following conditions are met:

  • The user should have application management permission.

  • At least one IOx device is being managed such as IC3000 or IR800.

To import and add a trust anchor to a default profile for a Cisco IOx device:

Procedure


Step 1

Choose ADMIN > System Management > Certificates.

Step 2

Select the Application Security tab. The page that appears displays any existing trust anchors.

Note

 
By default, no information will display for new installations or updates and the fields for Checksum and Trust Anchor will display a value of ‘None’.)

Step 3

To import a new a new trust anchor, check the boxes next to App Signature and Import New Trust Anchor and then enter a path to the file. Click the disk icon to Save your entries. File will also be pushed to Fog Director.

Note

 
After you save and reload the Certificates page, the Checksum and Trust Anchor File name appear on the page replacing the previous values of None.

CGMS Certificate Renewal for Routers

The Renew Certificate for Routers option in the UI automates the CGMS and/or CA certificate renewal process by updating the certificates in the keystore and encrypting the router password with new certificate. The supported certificate file extension is either (.cer) or (.pfx). We recommend you to schedule the automation job during the maintenance window to avoid conflict with other active operations (such as configuration push, firmware upgrade) running in FND.

To automate cgms or CA certificate renewal for routers:

Procedure


Step 1

Choose ADMIN > System Management > Certificates.

Step 2

Select the Renew Certificate for Routers tab.

Step 3

Click either Upload CA Certificate or Upload FND Certificate for Routers to upload a CA or CGMS certificate.

Note

 

You can also upload both CA certificate and CGMS certificate simultaneously.

Step 4

Browse and select a valid CGMS or CA certificate in either (.cer) or (.pfx) format.

Step 5

Enter the password (applicable only for (.pfx file) and then click Upload.

Step 6

After uploading the certificate, click Schedule Renewal Job.

Step 7

Specify the date and time and then click Set Renewal Time to schedule the renewal job. The scheduled job appears in the page.

Use Cancel Renewal Job to cancel the scheduled job.


Configuring Data Retention

The Data Retention page lets you determine the number of days to keep event, issue, and metric data in the IoT FND database.


Note


Data retention prunes events even if they have associated open issues.

To set IoT FND data retention:

Procedure


Step 1

Choose ADMIN > System Management > Data Retention .

Step 2

For each of the retention categories, specify the number of days to retain the data as specified in the table.

Table 1. Data Retention Field Allowable Maximum Values
Field Minimum Values in Days Maximum Values in Days Default Values in Days

Keep Event data for

1

90

31

Keep Endpoint Firmware Operation data for

7

180

7

Keep Historical Dashboard data for

1

90

62

Keep Dashboard data for

1

7

7

Keep Historical Endpoint Metrics for

1

7

7

Keep Closed Issues data for

1

90

30

Keep JobEngine data for

1

30

30

Keep Historical Router Statistics data for

1

90

30

Keep Device Network Statistics data for

1

7

7

Keep Service Provider down routers data for

1

31

31

Step 3

To save the maximum values, click the disk icon.

Step 4

To revert to default settings, click Reset.


Managing Licenses

This section is moved to a new location with improved user experience. For more information on managing licenses on Cisco IoT FND see, Classic Licensing In Cisco IoT FND.

Managing Logs

This section explains about configuring and downloading logs.

Configuring Log Settings

IoT FND lets you change the logging level for the various log categories and download the logs. Logs incur a certain amount of disk space. For example, for 5 million meters at an 8-hour reporting interval and 5000 routers at a 60-minute periodic inventory notification, disk consumption is approximately 7MB/sec. Ensure that your server has enough disk space to contain your logs.

To configure the logging level:

Procedure


Step 1

Choose ADMIN > System Management > Logging.

Step 2

Select Log Level Settings.

Step 3

Check the check boxes of all logging categories to configure.

Step 4

From the Change Log Level drop-down menu, choose the logging level setting (Debug or Informational).

  • To generate all possible logging messages, use the Debug level.

Note

 

Running the Debug logging category can impact performance.

  • To generate a subset of these messages, use the Informational logging level.

Note

 

The Informational logging level is the default for all categories when IoT FND opens. Custom logging level settings are retained between log-in sessions, but not after IoT FND restarts.

Step 5

To apply the configuration, click Go.

Note

 
The server.log file is rotated based on size.

Step 6

Click the disk icon to save the configuration.


Downloading Logs

To download logs:

Procedure


Step 1

Choose ADMIN > System Management > Logging.

Step 2

Click the Download Logs tab.

Step 3

Click the Download Logs button.

  • When you click this button in a single-server deployment, IoT FND compresses the log files into a single zip file and adds an entry to the Download Logs pane with a link to the zip file.

  • In IoT FND cluster deployments, when you click this button, the IoT FND server to which you are connected:

    • Compresses the log files on the server into a single zip file and adds an entry to the Download Logs pane with a link to the zip file.

    • Initiates the transfer of the log files in .zip format from the other servers to this server. As files become available, the server adds entries for these files to the Download Logs pane.

Step 4

To download a zip file locally, click its file name.

Tip

 
In a cluster environment, if you need to send log files to Cisco Support, ensure that you send the log files of all cluster servers.

Configuring Provisioning Settings

The Provisioning Settings page (ADMIN > System Management > Provisioning Settings) lets you configure the IoT FND URL, DHCPv4 Proxy Client, and DHCPv6 Proxy Client settings required for IoT FND to create tunnels between routers and ASRs/C8000 (Provisioning Settings page). For an example of tunnels as used in the IoT FND, see Tunnel Provisioning Configuration Process topic in the Managing Tunnel Provisioning chapter.

During Zero Touch Deployment (ZTD), you can add DHCP calls to the device configuration template for leased IP addresses.


Note


For Red Hat Linux 7.x server installations, you must configure specific IPv4 and IPv6 addresses from the IoT FND Linux host server to which to bind DHCP IPv4 and IPv6 clients by setting the following values in IoT FND:


ADMIN > Provisioning Settings > DHCPv6 Proxy Client > Client Listen Address

Set the value to the IPv6 address of the interface to use to obtain IPv6 DHCP leases from the DHCP server. The default value is “::”. Change the default setting to an actual IPv6 address on the Linux host machine.
ADMIN > Provisioning Settings > DHCPv4 Proxy Client > Client Listen Address Set the value to the IPv4 address of the interface to use to obtain IPv4 DHCP leases from the DHCP server. The default value is “0.0.0.0”. Change the default setting to an actual IPv4 address on the Linux host machine.

Note


To configure tunnel and proxy settings, you must be logged in either as root or as a user with Administrative Operations permissions.

Under ADMIN >System Management > Provisioning Setting page, the CSMP optimization settings help to configure the timeout to acquire lock when processing the csmp messages. By default, the timeout value is 5 seconds which can be configured between 1 to 30 seconds.


Note


This csmp setting is applicable only for Oracle deployments.


If the timeout happens, then during registration, the following message is displayed in the server.log file.
"Failed to acquire lock for <Endpoint Eid> during registration.
Another Operation seems to be in progress."
During csmp notification, the following log message is displayed in the server.log file when handing csmp messages.
"Failed to acquire lock to update Endpoint Status. Another Operation seems to be in progress."

Provisioning Settings Page

Configuring the IoT FND Server URL

The IoT FND URL is the URL that routers use to access with IoT FND after the tunnel is established. This URL is also accessed during periodic inventories. During ZTD, routers transition from accessing IoT FND through the TPS proxy to using this URL, which must be appropriate for use through the tunnel.

To configure the IoT FND URL:

Procedure


Step 1

Choose ADMIN > System Management > Provisioning Settings.

Step 2

In the IoT FND URL field, enter the URL of the IoT FND server.

The URL must use the HTTPS protocol and include the port number designated to receive registration requests. By default, the port number is 9121. For example:


https://nms.sgbu.example.com:9121

Step 3

Click Save.


Configuring DHCP Option 43 on Cisco IOS DHCP Server

To configure for IPv4, enter:

ip dhcp pool fnd-pool
network 192.0.2.0 255.255.255.0
default-router 192.0.2.1
option 43 ascii "5A;K4;B2;I192.0.2.215;J9125"
5 – DHCP type code 5
A – Active feature operation code
K4 – HTTP transport protocol
B2 – PnP/FND server IP address type is IPv4
I - 192.0.2.215 – PnP/FND server IP address
J9125 – Port number 9125

Configuring DHCPv4 Proxy Client

To configure DHCPv4 Proxy client settings:

Procedure


Step 1

Choose ADMIN > System Management > Provisioning Settings.

Step 2

Configure the DHCPv4 Proxy Client settings:

  1. In the Server Address field, enter the address of the DHCPv4 server that provides tunnel IP addresses.

    Note

     

    You can enter multiple addresses separated by commas. However, in most cases, you only need one server. IoT FND tries to get the tunnel IP addresses from the first server in the list. If it cannot, it moves to the next server in the list, and so on.

  2. In the Server Port field, enter the port address on the DHCP server to send DHCPv4 requests to.

    Note

     
    Do not change the default port number (67) unless you have configured your DHCP server to operate on a non-standard port.
  3. In the Client Listen Address field, enter the address to bind to for send and receive DHCPv4 messages.

    Note

     
    This is the address of the interface that the DHCP server uses to communicate with IoT FND. You can enter multiple backup addresses separated by commas.

Step 3

Click Save.


Configuring DHCPv6 Proxy Client

To configure DHCPv6 Proxy client settings:

Procedure


Step 1

Choose ADMIN > System Management > Provisioning Settings.

Step 2

Configure the DHCPv6 Proxy client settings:

  1. In the Server Address field, enter the address of the DHCPv6 server that provides tunnel IP addresses.

    You can enter multiple addresses separated by commas. However, in most cases, you only need one server. IoT FND tries to get the tunnel IP addresses using DHCP protocols. If it cannot, it goes to the next server in the list and so on.
  2. In the Server Port field, enter the port address on the DHCP server to send DHCPv6 requests.

    Note

     
    Do not change the default port number (547) unless you have configured your DHCP server to operate on a non-standard port.
  3. In the Client Listen Address field, enter the address to bind to for DHCPv6 send and receive messages.

    This is the address of the interface that the DHCP server uses to communicate with IoT FND. You can enter multiple backup addresses separated by commas.

    Tip

     
    For IoT FND installations where the host has multiple interfaces, the client sends requests using each listed source address. The default values, “0.0.0.0” (IPv4) and “::” (IPv6), cause the client to send requests out each interface. Usually, one interface faces the DHCP server(s). In these installations, setting the Client Listen Address field to the IP address of the facing interface sends all client requests out that interface.

Step 3

Click Save.


Configuring Server Settings

The Server Settings page (ADMIN > System Management > Server Settings) lets you view and manage server settings.

Configuring Download Log Settings


Note


Configuring download log settings is only required for IoT FND cluster setup.

The Download Logs page lets you configure the Keystore settings.

To configure download log settings:

Procedure


Step 1

Choose ADMIN > System Management > Server Settings.

Step 2

Click the Download Logs tab.

Step 3

Configure these settings:

Table 2. Keystore Settings
Field Description

Keystore Filename

Click Upload Keystore File to upload a Keystore file with the public key of the X.509 certificate that IoT FND uses. You can reuse the same Keystore file.

Keystore Password

Enter the password that IoT FND uses to access the Keystore file on start up.

Confirm Keystore Password

FTP Password

Enter the FTP password.

Confirm FTP Password

Step 4

To save the configuration, click the disk icon.


Configuring Web Sessions

The Web Sessions page lets you specify the number of timeout seconds after which IoT FND terminates web sessions and logs users out.

To configure web session timeout:

Procedure


Step 1

Choose ADMIN > System Management > Server Settings.

Step 2

Click the Web Session tab.

Step 3

Enter the number of timeout seconds.

The valid values are 0–86400 (24 hours).

Note

 
If a web session is idle for the specified amount of time, IoT FND terminates the session and logs the user out.

Step 4

To save the configuration, click the disk icon.


Configuring Device Down Timeouts

The Server Settings page allows you to configure the device down timeout globally for head-end routers (ASR, C8000) and other devices that are managed by IoT FND such as routers (CGR1000, IR800, IR8100, ), endpoints, and gateways. On reaching the specified device down timeout interval, the devices move to Down state in the IoT FND GUI based on the last heard value from the device (must be greater than the down timeout value) and the tunnel interface state. If the tunnel interface that is associated with the device is Down as well, then devices are marked Down in IoT FND GUI. Otherwise, IoT FND must wait until the tunnel interface goes Down to mark the device as Down in IoT FND GUI.

From the Device Configuration page (CONFIG > DEVICE CONFIGURATION), you can configure the device downtime for a specific router or endpoint configuration group. For more information, refer to Configuring Mark-Down Timer


Note


For HER, you can set the device down timeout only in the Server Settings page.


Device status changes to Up when IoT FND detects any of the following:

  • Periodic inventory notifications

  • Events

  • Manual metric refreshes

  • Device registrations

To configure device down timeout settings:

Procedure


Step 1

Choose ADMIN > System Management > Server Settings.

Step 2

Click the Device Down Timeouts tab.

Note

 
The device down timeout value must be greater than the corresponding polling intervals. For example, if the polling interval for routers is 30 minutes (1800 seconds), then the value in the Mark Routers Down After (secs) field must be 1801 or greater.

Step 3

Click the disk icon to save the configuration.


Configuring Billing Period Settings

IoT FND lets you configure the start day of the monthly billing periods for cellular and Ethernet (satellite) services.

To configure the billing period settings:

Procedure


Step 1

Choose ADMIN > System Management > Server Settings.

Step 2

Click the Billing Period Settings tab.

Step 3

Enter the starting days for the cellular and Ethernet billing periods.

Step 4

From the drop-down menu, choose the time zone for the billing period.

Step 5

To save the configuration, click the disk icon.


RPL Tree Settings

The RPL tree routing table is generated using the CSMP messages from the Mesh nodes. The data that is obtained from the Mesh nodes is often outdated. The proposed solution is to use the RPL tree routing data from FAR which is more up to date.

IoT FND uses the command below to fetch the RPL tree data:

show rpl dag 1 itable | xml

RPL Tree Update from Mesh Nodes

The default RPL tree update is always set to 'Mesh Nodes'. This is a global setting for the entire FND.

Traditionally, the RPL data has been reported to the FND by the mesh nodes as part of IPRoute and IPRouteRPLMetrics during the periodic inventory reporting.

Global RPL Tree Settings for Entire FND

Table 3. Global RPL Tree Settings for Entire FND
Field Description

Enable RPL tree update from

Select Routers.

Note

 

By default, Mesh Nodes is selected.

Number of Periodic Notifications between RPL Tree Polls

Number of periodic notification from CGR between each RPL pull.

Maximum Time between RPL Tree Polls (minutes)

Maximum time FND waits to pull RPL from a CGR for the associated PAN.

RPL Tree Update from Routers

As the Mesh nodes data is often outdated, the proposed solution is to use the RPL tree routing from FAR, which is more up to date. The RPL tree is not pushed from the FAR with the periodic notification. Therefore, the FND explicitly needs to pull the RPL tree at regularly configured intervals based on the Device Configuration Group properties. The FND depends on the periodic notification to determine when to poll next for the RPL tree. The FND is configured to poll the FAR for RPL tree update after every "N" periodic notifications. At times, some periodic notifications are missed. If that happens, after an absolute maximum time value, the RPL tree is fetched from the FAR.

The FAR pulls at a much higher frequency than the mesh nodes. Therefore, the RPL data is more accurate and provides a snapshot of entire PAN at any given point in time. The FND invokes show rpl dag 1 itable command on the CGR to obtain the RPL tree for the associated PAN.

Device Configuration Group Properties

Table 4. Device Configuration Group Properties
Field Description

RplTreePullingCycle

The number of periodic notification intervals.

Note

 

The default maximum number of RplTreePullingCycle is 8.

RplTreePullingMaxTime

The maximum time interval between the pulls in minutes.

Note

 

The default maximum time between pulls is 480 minutes (8 * 60).

When processing a periodic notification event, if either of these thresholds have passed, then the FND starts RPL tree retrieval from FAR.

The RPL pull times can be configured to each CGR configuration group as shown in the Device Configuration Group Properties. For the settings to take effect, the Global Settings must be set to 'Routers', refer to Global RPLTree Settings for Entire FND.

RPL Tree Retrieval

The FND currently collects the following information from CGR as part of the RPL tree data:

  • Node IP address

  • Next hop IP address

  • Number of parents

  • Number of hops from root node

  • ETX for path

  • ETX for link

  • Forward RSSI

  • Reverse RSSI


Note


No changes are required on FAR configuration when RPL updates setting is changed to routers or vice versa. When changed, the FND automatically schedules for gathering the RPL updates from FARs.


Configuring RPL Tree Polling

RPL tree polls are derived from router periodic notification events. Since the RPL tree is not pushed from the router with the periodic notification event, Cisco IoT FND must explicitly poll for the RPL tree at the configured intervals. IoT FND lets you configure the RPL tree polling cycle (that is, how many periodic notification events occur between RPL tree polls), and set the maximum amount of time between tree polls.

Procedure


Step 1

Choose ADMIN > System Management > Server Settings.

Step 2

Choose the RPL Tree Settings tab.

Step 3

In the Enable RPL tree update from option, click the Mesh Nodes or Routers radio button to receive the RPL tree update from those devices at the specified intervals.

Note

 
The Mesh Nodes radio button is ON, by default.

Note

 
Select the Mesh Nodes option in the RPL Tree Settings tab in order to ensure proper functionality of the L+G endpoints graph.

Step 4

For Router polling, enter the number of events that pass between RPL tree polling intervals in the Number of Periodic Notifications between RPL Tree Polls field.

Note

 
The default value is 8. If thresholds are exceeded during periodic notification events, IoT FND performs a RPL tree poll.

Step 5

In the Maximum Time between RPL Tree (minutes) field, enter the maximum amount of time between tree polls in minutes.

Note

 
The default value is 480 minutes (8 hours).

Step 6

To save the configuration, click the disk icon.


Configuring the Issue Status Bar

The Issue Status bar displays issues by device type (as set in user preferences) and severity level in the lower-left browser frame.

To enable the Issue Status bar and configure the refresh interval:

Procedure


Step 1

Choose ADMIN > System Management > Server Settings > Issue Settings.

Step 2

To display the Issue status bar in the browser frame, check the Enable/Disable Status Bar > check box.

Step 3

In the Issue Status Bar Refresh Interval (seconds) field, enter a refresh value in seconds.

The valid values are 30 secs (default) to 300 secs (5 minutes).

Step 4

In the Certificate Expiry Threshold (days) field for all supported routers or an IoT FND application server, enter a value in days.

The valid value is 180 days (default) to 365 days.

Note

 
When the configured Certificate Expiry Threshold default date is met, a Major event, certificateExpiration, is created. When the Certificate has expired (>180 days), a Critical event, certificateExpired, is created.

Managing the Syslog

When IoT FND receives device events, it stores them in its database and sends syslog messages to a syslog server that allows third-party application integration.


Note


The syslog server receives only the IoT FND device events (listed on Operations > Events page) and not the other IoT FND application logs in the server.log.

To configure Syslog forwarding:

Procedure


Step 1

Choose ADMIN > System Management > Syslog Settings.

Step 2

In the Syslog Server IP Address field, enter the IP address of the Syslog server.

Step 3

In the Syslog Server Port Number field, enter the port number (default is 514) over which to receive device events.

  • Click Enable Syslog Sending Events to enable message forwarding to the Syslog server.

  • Click Disable Syslog Sending Events to disable message forwarding to the Syslog server.

For IoT FND cluster solutions, each server in the cluster sends events to the same Syslog server.

Viewing Jobs

The user triggered jobs in IoT FND are displayed in the Jobs page. The information about the jobs and their sub jobs are stored in the database in order to ensure that jobs are not lost in case of system restart or failure. IoT FND allows you to monitor and respond to job scheduling events, such as job completion or failure. The status of the jobs of IoT FND such as config push, firware upload and install, and reprovisioning can be seen in the Jobs page. This Jobs page provides a detailed summary of the jobs along with their respective sub jobs.

The supported job types are add/remove/export device, update statuses, change properties, add/remove labels (bulk operation), add/update/remove assets, upload firmware image to devices, install firmware image on devices, tunnel/factory re-provisioning, config push, and export events/dashboard dashlet data.

To view the jobs:

  • Choose ADMIN > SYSTEM MANAGEMENT > JOBS. IoT FND displays the Jobs page.


    Note


    • The logs are not displayed for tunnel provisioning, config push, and firware upgrade. You can view the server logs for more information.

    • The completed or failed jobs show 0 under running sub jobs.

    • The jobs are displayed in the Jobs page as per their retention time.


  • Clicking on Running Sub Jobs opens up the pop-up window to show the status of the running jobs.

  • The filter allows you to filter jobs based on name, action, sub jobs, and status. To filter the job list using column filtering, click show filter to insert the search string. For example, click Name from the drop down and provide the search string. Click + icon to add the job selected and click search icon to display the search results.