CISCO NETWORK ASSISTANT

Cisco's network management flagship is CiscoWorks. The application-really a sundry of management applications-is certainly useful and worthwhile. However, it also comes with a beefy price tag-it costs upwards of USD 20,000.

This is all fine and good for a big corporation that has the budget to pay for such a tool (and the need to manage many devices). Smaller companies may not have the budget or the necessity for such a robust set of tools like CiscoWorks. That doesn't leave them out in the cold when it comes to network management applications, however. Cisco Network Assistant (CNA) is a tool that can help.

CNA 4.0 is a PC-based network management application for smalland mediumsized organizations with networks of up to 250 users. The tool features network management and device configuration capabilities from a centralized location.

How much does this application cost? That's the best part. It's free.

Features

CNA utilizes a GUI (graphical user interface), so Cisco switches, routers, and access points can be easily configured and managed. CNA's features include:

• Configuration management

• Troubleshooting information

• Inventory

• Event logging

• Network security

• Password synchronization

• IOS upgrades

CNA manages communities of devices. Communities are groupings of up to 20 networked devices. The devices use the Cisco Discovery Protocol (CDP) to identify qualified network devices ("qualified" means that they are Cisco devices). Once a device has been added to the community, it becomes a member device.

Since each member device is individually managed, monitored, and configured, it must have its own IP address.

Communities might sound a lot like clusters. However, there are some important distinctions between the two. First, clusters can only support up to 16 devices, whereas communities can support 20 devices. Second, only switches are clusterable. Communities allow the inclusion of APs, routers, switches, and other network devices.

In addition, CNA can communicate securely with each device in a community. In a cluster, secure communications are only possible between CNA and the command device-the primary switch in the cluster.

Communities offer more failover support than clusters. If a command device fails, CNA won't be able to manage any other devices in the cluster. However, using communities, CNA is able to manage any other device in the community in the event another device fails.

Installation

Installing CNA is simple and free of charge. All you need is an account at http://www.cisco.com. Don't worry-a http://www.cisco.com account is also free; you just need to fill out some online forms and you'll be able to download CNA in no time.

System Requirements

Before you download CNA, you must ensure that the computer you'll be running it on is up to speed. Table 13-2 outlines the system requirements.

Table 13-2: System Requirements for Cisco Network Assistant 4.0

Feature	Requirement
Processor	1 GHz
Memory	256 MB minimum, 512 MB recommended
Hard drive space	70 MB minimum, 200 MB recommended
Colors	65,536
Screen resolution	1,024 x 768
Supported operating systems	Windows XP Service Pack 1 or later
	Windows 2000 Service Pack 3 or later

Be aware, however, that CNA is only available for Windows XP and 2000 at this time.

How To

To install CAN, follow these steps:

1. Go to http://www.cisco.com/go/NetworkAssistant.

2. Locate and download the CNA installer: cna-windows-k9-installer-4-0.exe.

3. Double-click the installer on your computer, and follow the on-screen instructions to complete installation and setup.

4. Once installed, double-click the Cisco Network Assistant icon on your desktop, or locate it on your Start menu.

Views

There are two ways you can look at your community and devices. CNA offers the Front Panel view and the Topology view.

Front Panel View

The Front Panel view is used to manage the port settings and configuration details for one or more devices. The Front Panel view of a Cisco Catalyst 2950 switch is shown in Figure 13-22.

Figure 13-22: Cisco Network Assistant's Front Panel view gives an overview of your device's status

To access the Front Panel view, click Front Panel on the toolbar, or click Monitor | View | Front Panel.

This displays the front panel of the device. If the device belongs to a community, all the devices that were selected the last time the Front Panel view was displayed appear for that community. If the device is a command device of a cluster, cluster members that were selected the last time the view was selected are displayed.

The Front Panel view allows you to:

• Rearrange devices

• Select and configure devices

• Configure individual ports

• Configure multiple ports on multiple devices simultaneously

Topology View

Whereas the Front Panel view allowed you to examine a specific device or devices, the Topology view shows the entire membership of your community or cluster. The Topology view is the default view. If you need to switch back to the view once in Front Panel view, click Topology view on the toolbar or click Monitor | View | Topology.

The Topology view allows you to view VLAN links and add or remove devices from the community.

Figure 13-23 shows the Topology view of a small network with a switch and an AP.

Figure 13-23: Cisco Network Assistant's Topology view shows a diagram of your network's managed devices

Interaction

CNA allows you to configure and manage devices in several ways. This section explains the various ways you can interact with CNA.

Guide and Expert Mode

The two fundamental ways to interact with CNA are either through Guide mode or Expert mode.

Guide mode is oriented more to beginners, as it walks you through configuration and management steps one at a time. Expert mode presents all the configuration options at once.

By default, CNA is in Expert mode. Clicking a feature on the Feature bar that shows a signpost icon, as shown in Figure 13-24, takes you to Guide mode.

Figure 13-24: Signpost icons on the Feature bar show items that can be managed in Guide mode

If you select a feature without this icon, you will be in Expert mode.

Wizards

CNA also offers a number of wizards to help with configuration and management. Wizards are like Guide mode in that they are meant to simplify the configuration process. However, they are unlike Guide mode in that they do not prompt you for every bit of information. Rather, they prompt you for minimal information and fill in the blanks with default settings.

Smartports Advisor

Smartports Advisor uses predefined settings, or roles, for devices. When CNA starts, it checks to see if Smartports have already been applied to the device. If they have not been applied, CNA will ask you if you want those roles applied to your devices.

Smartports can help you configure your devices with optimal security, availability, Quality of Service, and manageability.

Smartports Advisor shows you the devices to which you are connected, and then the ports to which Smartports roles have been applied are shown. It also shows the ports to which Smartports roles could be applied.

Communities

Once you've installed and started CNA, you can connect to an existing community or device. You can also create a new community.

Connecting

When you start CNA, use the Connect window, as shown in Figure 13-25, to connect to a specific device or an existing community.

Figure 13-25: The Connect window allows you to select which community you'll connect to

To connect to a specific community, click the Connect to a new community option.

To connect to a specific community, click the Connect to option, and then select the community from the drop-down menu.

To connect to an existing cluster, select the command device's IP address from the drop-down menu.

Clicking the Options button allows you to:

• Communicate with a stand-alone device or cluster command device using HTTPS rather than unsecure HTTP

• Use an HTTP port other than 80

• Connect with read-only access

Once you've selected the community that you want to access, you'll be prompted for a user name and password.

If you are connecting to a cluster, CNA asks you if you'd like to convert the cluster to a community. You simply enter the cluster command device's IP address, and CNA will convert it. Don't worry if you want to retain the cluster's properties. CNA will not delete that information, and you can still use it as part of a cluster.

Planning

While CNA is rather user-friendly, it is not without its limitations and rules for developing your own communities.

As noted earlier, a community cannot exceed 20 devices. That said, there are maximum numbers of each specific device that can be included. Table 13-3 details the maximum number of specific devices allowed within each community.

Table 13-3: Maximum Number of Devices Allowed in a Community

Device	Maximum Allowed
Nonmodular Catalyst Switches	16
Modular Catalyst Switches	4
Access Routers	2
PIX Firewalls	2
Access Points	Unlimited

When you exceed the number of maximum allowable devices, a window will open and tell you how many of each type of device you have. You will not be able to manage the community until you get the appropriate number of devices.

But what if you have too many devices? Easy: Just create a new community. There is no limit on the number of communities you can manage with CNA.

Discovery

When CNA starts, you enter the IP address of one of your devices (as shown in Figure 13-26), and, using CDP, CNA will discover all the Cisco devices in your network. CNA can discover devices across multiple networks and VLANs, assuming they have valid IP addresses.

Figure 13-26: Enter the IP address of one of your devices to start the discovery process

Once CNA has discovered all the devices on your network, you can sort through them to place them into the community or communities you desire.

Note

You won't need host names for devices when using CNA. However, IOS automatically assigns switches the host name of Switch. You might want to rename your switches before running CNA, simply to make it easier to know which switch is which.

You will be prompted for passwords only when an already entered password does not work on a given device. For example, if you have 20 devices and they all have the same password, you will only have to enter the password once. However, if they all have different passwords, you'll have to enter 20 different passwords.

Creation

The aforementioned sections were useful when connecting to an existing community, but you'll likely need to create your own community before you start.

Communities can be created in one of three ways:

• Discovering and adding devices

• Creating manually

• Converting a cluster

Discovering and Adding Devices To generate a list of candidate devices and then add them to your community:

1. Start CNA.

2. Select Connect to a new community in the Connect window.

3. Click Connect.

4. In the Create Community window, enter a name for your community.

5. If you want to select an HTTP port other than 80, click the Advanced button, and then Click OK.

6. Enter the IP address for a device in your network.

7. Click Discover Neighbors.

8. In the Devices Found list, select devices you wish to remove.

9. Click Remove.

10. To add the remaining devices to your new community, Click Add All To Community.

Adding Members Manually There are two ways in which you can manually add member devices to a community:

• In the Create Community window, enter the device's IP address, and then click Add to Community.

• The second way utilizes the Topology view. Right-click a candidate device's icon, and select Add to Community from the resulting context menu.

Note

Members of a community are labeled green, while candidate devices are cyan.

Converting a Cluster If you want to convert a cluster to a community from the application, you can do so by clicking Configure | Cluster | Cluster Conversion Wizard.

Using CNA

Once you're connected to your community, using CNA is simply a matter of navigating the GUI. In this section, the configuration and management of a Catalyst 2950 switch is examined.

There are many ways to get to the different settings and windows described in this section. We'll turn our attention to the leftmost pane (also called the Feature bar) in CNA. This contains the various settings we can manage, but many can also be set by clicking an icon at the top of the screen or from within a context menu somewhere within the application. For the sake of consistency, we'll talk about the attributes as they are accessed from the Feature bar.

Configure

The Configure portion of the CNA tool allows you to manage such features as:

Ports This window allows you to manage port settings and EtherChannels. Figure 13-27 shows the Configuration Settings tab of Port Settings. Making a change is as easy as rightclicking an attribute, and selecting the new setting from the drop-down menu.

Figure 13-27: Port Settings is where you can manage attributes of your device's ports

The Runtime Status tab shows the current status of the device. Selecting EtherChannels allows you to manage EtherChannel settings for this device.

Security Port Security is managed with this setting. This window has two tabs:

• Security Configuration This is used for checking port security settings and configuring a secure port. Secure ports are ports where a user-specified action initiates whenever an address-security violation occurs.

• Secure Address This is used for adding, removing, or managing secure addresses. Secure addresses are MAC addresses that are forwarded to only one port per VLAN.

To manage this setting, select a device from the Hostname list whose security settings you want to manage.

You can filter the results of the list by clicking Filter and using the Filter Editor window.

Quality of Service The device's Quality of Service (QoS) settings are managed with this attribute. Incoming packets contain a Class of Service (CoS) value (0 to 7) or a Differentiated Services Code Point (DSCP) value (0 to 63).

You decide which marker you want to trust and what default CoS value to assign a packet if it contains no marker. This is done by selecting Trust Settings under the Quality of Service setting. The resulting window is shown in Figure 13-28.

Figure 13-28: Quality of Service management in Cisco Network Assistant helps control network traffic flow

Switching This attribute allows you to configure various features of your switch. The features here are similar to the configuration capabilities of Cluster Management Suite (CMS), which was covered in Chapter 5. CNA simply provides another way to configure these settings. It also provides an environment in which you can apply consistent configuration settings across all or select devices in a community.

For more information on configuring a switch, flip back to Chapter 5.

Device Properties The Device Properties setting allows you to manage such device basics as IP address, gateway information, and user names and passwords.

Monitor

The Monitor section of the Feature bar allows you to review various bits of information and statistics about your device. There are two portions of the Monitor attribute: Reports and Views.

Reports The Reports setting lets you review statistics for your device. Information includes:

• Inventory Gives a listing of devices in your community, along with device type, serial number, MAC address, IP address, and IOS version.

• Port statistics Gives information about port transmit and receive rates.

• Bandwidth graphs Provides line and bar charts depicting bandwidth usage, like the one shown in Figure 13-29.

  
  Figure 13-29: The Bandwidth graphs show line and bar charts showing bandwidth usage

• Link graphs Provides line and bar charts depicting link statistics.

• ARP Provides a table linking the device and its MAC address to its IP address. The table also shows the age of the entry in the table, its encapsulation method, and the device interface.

Views Views allows you to review system events and messages. For example, the Event Notification setting will alert you to events that CNA deems important. Such events include:

• A device with a high temperature

• A device with a broken fan

• A port with a duplex mismatch

• An unknown device on the network

System messages can be configured to send you an e-mail when a message is generated.

Troubleshoot

If you're having trouble with a device, the Troubleshoot attribute offers a Ping and Trace feature.

You can trace on a layer-2 or layer-3 route. A layer-2 route determines the source-todestination network path of a layer-2 device. A layer-3 trace determines the path that a packet travels in a layer-3 network, but does not include information about layer-2 devices.

The Ping and Trace window is shown in Figure 13-30.

Figure 13-30: Cisco Network Assistant provides Ping and Trace services to help with troubleshooting

Maintenance

The final attribute is Maintenance, where you can manage the functionality of CNA.

One of its best features is the ability to upgrade software for devices in your community. Click Software Upgrade, and the window shown in Figure 13-31 opens.

Figure 13-31: Your devices' firmware is easily upgraded using Cisco Network Assistant

This allows you to select specific devices in your community that you wish CNA to upgrade. When you select Upgrade settings, you specify where on your computer or in the network the updated file is located. Your devices' upgrade files can be found on http://www.cisco.com.

Configuration Archive stores old community and device configurations, and System Reload saves the current device configuration and restarts the device.

Network management is an incredibly important task to keep up on. The work on a network doesn't stop once it's been built and configured. Networks are dynamic environments, and it is necessary to constantly monitor your network's performance and make the requisite tweaks. Happily, Cisco offers a number of applications to keep on top of your network's behavior.