|Switching: CiscoWorks 2000/CWSI|
|Tuesday, 02 November 1999 21:00|
This article continues the series on LAN switching and Cisco Catalyst switches. I thought for a change of pace it might be appropriate to look at how you might manage a switched network. That suggested an article on the CiscoWorks 2000 component, CiscoWorks for Switched Internetworks (CWSI), aka "Campus". A prior article talked about the components of CiscoWorks 2000, but gave rather short shrift to CWSI.
Note (11/5/2001): CWSI is obsolete, replaced by the CiscoWorks 2000 Campus Manager.
Prior articles in the switching series:
What is CWSI?CWSI consists of several components:
CWSI Mapping ToolThe first and most obvious component of CWSI is the Campus mapping tool. CWSI conducts automatic network discovery starting with the seed device you give it during installation. CWSI uses CDP (Cisco Discovery Protocol) to then discover the switched network. If you allow it to, it will discover through routers. Discovery continues until you hit a spot where CDP is disabled, or where the SNMP community strings aren't correct, or a patch of non-Cisco devices.
The following image shows what CWSI Campus Map looks like on the network in the CEMS class. At one point I had CDP turned on in cat1 and cat2, but it is now turned off -- so the links that were discovered then now show up as dotted lines.
The current emphasis with CWSI Map, according to Bill Erdman, the Product Manager, is as an application launch platform. This distinction is necessary since the map is not quite a realtime display suitable for fault management (nor is it intended to compete with, say, HP OpenView Network Node Manager). The CWSI daemons do rediscover the network regularly every 15 minutes, generally rather quickly. So the status information is usually pretty current, but it's hard to tell exactly how current the display is. Double-clicking an icon in CWSI Map launches CiscoView, see below. Clicking on a device icon and the screen icon in the toolbar launches telnet to the device. The rightmost icons in the Toolbar (just below the menus) are from left to right: VLAN Director, User Tracking, Telnet, CiscoView, Traffic Director, ATM Director. This is how you get to the other tools in CWSI.
CiscoViewBelow is an image of CiscoView, launched at a Catalyst 5505 with Supervisor III G card. (To economize, I chose to use an external 2621 router for the course, instead of the nifty new internal RSFC routing daughter card).
What you cannot tell from this picture is that if you click on a blade, a port, or the chassis, console port, or even the power supply. You can then click on the 'i' icon, or on the graphic icon next to it, in the Toolbar. You can also multi-select (left-drag) several ports, and then click the 'i' icon. Clicking on the 'i' icon brings up configuration text dialog boxes. You can fill in the blanks, change things via menus and buttons, then click "modify". An SNMP Set then configures the switch for you, from the forms. Clicking on the graphics icon brings up little meters that show useful information like port utilization, various kinds of errors, collisions, etc.
From the configuration dialog boxes, you can use a pop-up menu to switch to other dialog boxes and configure other things. For example, after clicking on the chassis, then on the 'i' icon (or after double-clicking on the chassis), you get to dialog boxes for configuring the switch (globally). The Pop-Up menus then get you to other aspects of global configuration. One of my favorites is the VLAN & Bridge screen, shown in the next figure.
This screen shows the current VLAN's, both number and name, type, and whether they are Operational. Click on a VLAN and the Members button, and the ports which belong to the VLAN are highlighted in orange. Click on the blue "Inter Switch" button and ISL trunks are highlighted in blue.
If you click on a VLAN, you can configure the Bridge parameters for that VLAN with the dialog boxes brought up by the buttons in the Bridge box area of the window (Configure, Forwarding, and Static).
Using the VTP-VLAN buttons, you can set up the VTP domain, mode, and other parameters. You can then create, delete, or modify VLAN's. That's a pretty powerful window!
Another pop-up menu item lets you configure VMPS, the subject of last month's article.
VLAN DirectorIf you bring up VLAN Director, you see something like the following figure. On the left part of the picture, you'll see the various VTP domains discovered in the switches of your network. (You can use VTP domains to limit how far discovery goes). If you click ona file folder for a VTP domain, it expands and you can view the VLAN's within the domain.
Click on a VLAN and a couple of things happen.One is that the CWSI Map adjusts, showing the switches bearing that VLAN in the appropriate color (pink for the default VLAN selected in the figure). If CiscoView is on-screen, the ports in that VLAN are colored in the CiscoView image. Also, ports in that VLAN are shown in the right half of the window, as well as the name of the devices. This gives you a way of seeing what ports are in the VLAN across all the switches in the VTP domain. You can even drag and drop ports to move them to another VLAN. Clicking on a column header in the right subwindow sorts that column.
The blue arrow brings up a form for easily adding a VLAN. Drag a VLAN to the red arrow box to delete it. (It is advisable to move ports back to the default VLAN first, or they will become disabled by the switch).
User TrackingIf you bring up the User Tracking applet, and then go into Action and display all the end stations, you can see what the tool has learned. It acquires MAC addresses from the dynamic CAM tables in the switches. From CDP, CWSI already knows which ports connect to other switches (shown in VLAN Director with lightning bolts on them). Then MAC addresses associated with such network ports can be ignored. MAC addresses associated with other ports are assumed to be directly connected end stations. ARP caches are then searched to try to obtain an IP address for each MAC address. Finally, any IP addresses found are resolved into names, if possible. All the resulting information is displayed by User Tracking, as you can see from the following figure.
You can search this, highlight devices in the CWSI Map, and do several other things with it. The perhaps most useful aspect is to sort on MAC address or IP address (or search on it), to find a user's PC. Reading across in the table, you then know what switch the PC is connected to, as well as what port it is on. If you've ever had to do this manually, you'll really appreciate this tool! (Asking users for their PC's MAC address as you start troubleshooting generally is a losing proposition).
User Tracking can also be used to download MAC address/VLAN mapping to a VMPS server, preparatory to using dynamic VLAN's. The idea is to learn user PC's and VLAN's on the fly, then cut over to dynamic VLAN's with the tool. User Tracking can also be used to change switch ports from static mode to dynamic. We go through a detailed demo of this in the CEMS course, as well as talking through the pros and cons of dynamic VLAN's.
Traffic DirectorTraffic Director is the repackaged NetScout RMON2 application. It is gradually getting more and more integrated into CWSI. For instance, you can now launch Traffic Director at a switch port directly from CiscoView, to obtain some idea of what's happening on that switch port (see the third figure below).
The following figure shows the main Traffic Director window. Each of the icons on the right is an application or report. The radio buttons (Traffic, Protocol, Application) can be thought of as roughly corresponding to OSI Layers 2, 3, and 4-7. So if you want IP information about what's up, you pick a probe, pick the Protocol button, click a "domain" (protocol suite), then launch Traffic Monitor (say). That will bring up a bar chart showing the mix of network protocols out of the family you selected.
The Cisco routers and switches all contain mini-RMON (see the RMON articles I've written). Supposer we tell Traffic Director about a 2912 XL switch, and then launch a "Traffic" (Layer 2) Traffic Monitor application at it. Traffic Director then pulls back RMON version 1 (MAC layer) data and displays a bar chart. It refreshes it every 60 seconds by default. The result might look something like the following figure:
Note that this gives us a great way to monitor the Cisco switch, using just the software that's in the switch (and has been there for the last 1 to 1.5 years). Yes, you can use an RMON2 probe if you have the money for it and want the extra information it can provide, but you can get plenty of useful troubleshooting information directly from the switches!
Let's just note the bars in the figure cover ports 10, 11,12, 09, and 02, sorted in order of utilization. The blue bar is broadcast %, red is multicast %, green utilization %, salmon is error %, and purple/white is collision %. So in one chart we see the major "Vital Signs" -- and using the menus, we can toggle to view a number of other displays. This is a nice way to check out the health of the various active switch ports at one time.
If you double-click on a set of bars in the above figure, and then click on an Ok button, you'll get the Segment Zoom report for the port you selected (the bars clicked on). This is shown in the figure below. The blue bars show high water and current utilization %, in a logarithmic display. Collisions display similarly to the right of that. Pie charts then show packet size distribution and packet destination mix (unicast, multicast, broadcast). (Note the excessive broadcasts on this segment, also that most of the packets are small, in the 65 to 127 byte range). The short-term history I captured is boring, revealing that there wasn't much traffic, so we maybe just snapshotted a quiet period when there happened to be a burst of broadcast traffic.
Wrap UpI hope the above gives you some idea of what CWSI is all about, and what it can do for you.
I'm still considering doing an article on switched network design. See you in a month!