Professional Documents
Culture Documents
2 Training
Instructor: Bob Elliott
Course Introduction
Instructor Introduction
Student Introduction
Please give the class:
Your name
Your company, position and responsibilities
Experience in networking and DNS and DHCP
Your experience with Cisco Network Registrar
Your objectives for attending this class
Administrivia
Class Rules
Start/Stop Times
Breaks/Breakroom
Restrooms
Telephones
Lunch
Class Structure
Lecture
Demo/Lab
Break
Course Objectives
By the end of the course you should be able to:
Describe the feature set and functions of the local
cluster and regional cluster components of Cisco
Network Registrar (CNR)
Configure CNR to provide DHCP and DNS services,
including Dynamic DNS, HA DNS, DHCP failover
and Class of Service
Debug and troubleshoot various scenarios of DNS
and DHCP problems
CNR Training 6.2
CNR
Training
6.2
CNR
Training
6.2
10
CNR
Training
6.2
2005 Cisco Systems, Inc. All rights reserved.
2001,
Cisco
Systems,
Inc. All rights reserved.
11
12
Section Objectives
Identify the key features of CNR 6.2
Identify the advanced features of CNR 6.2
Understand and identify the components of the CNR
architecture and the supported hardware platforms
Identify the user interfaces available in CNR 6.2
Install, start and troubleshoot CNR 6.2
CNR
Training
6.2
13
Introduction
14
15
16
17
Automating Processes
Manual
Manual
Processes
Processes
Public
Public
Domain
Domain
Software
Software
Policies
Policies
Based
Based on
on
IP
IP Addresses
Addresses
Intelligent
Network
Users
User
User
Provisioning
Provisioning
Scalable
Scalable
DNS
DNS and
and
DHCP
DHCP
Services
Services
Applications
Automated
Automated
Network
Network
Addressing
Addressing
User-Based
User-Based
Policy
Policy
Networking
Networking
18
19
20
21
22
23
Local Cluster
Local Cluster
Regional Cluster
Local Cluster
24
CLI
Tomcat
HTTP/HTTPS
Tomcat
CCM DB
Replica
Server
Agent
DHCP
CCM
Server
SCP
CCM
Server
Subnet Util
DNS
CLI
DHCP DB
DNS DBs
TFTP
IP Lease
History
RIC
Server
Platforms
Solaris
Solaris Linux
LinuxWindows
Windows
Telnet/SSH
CCM DB
Legacy Interface
External Interface
Internal SCP Interface
Embedded Database
MCD DB
Platforms
Solaris
Solaris Linux
Linux Windows
Windows
25
Underlying Processes
CNR Server Agent:
Auto restart capability
Independent of user interface
26
27
28
Supported Platforms
Windows XP or 2003
Solaris 8 or 9
Linux Redhat Enterprise Server 3.0
29
DHCP
TFTP
Core Services
Thread
Manager
HTTP
Server
SCP
Integrated Databases
Servlet Engine
Central Configuration
Manager (CCM) Server
Router Interface
Configuration (RIC) Server
DHCP
TFTP
HTTP
Server
SCP
CNR SDK
SCP
CLI
Telnet/
SSH
Solaris
Windows
Solaris Linux
Linux Windows
SCP
Core Services
Thread
Manager
HTTP/HTTPS
uBR Router
CCM Server
Integrated Databases
30
Regional Cluster
Aggregate management system for up to 100 local
clusters.
Regional Cluster Components:
Server Agent
Tomcat Web Server
Servlet Engine
Central Configuration Management (CCM) Server
Router Interface Configuration (RIC) Server
31
32
DHCP
Failover
DHCP
Primary DNS
10.10.10.2
Central
Management
CNR Training 6.2
DHCP Lease
Secondary DNS
10.10.10.3
DNS Updates
Zone
Transfers
33
Installation Pre-Requisites
JRE 1.4.2
Compatible Web Browser:
Microsoft Internet Explorer 6.0 (Service Pack 2),
Netscape 7.0, or Firefox 1.0.
34
Installation Facts
Installation Modes:
Solaris: pkgadd
Windows: installshield
Linux: install_cnr wrapper script for rpm
35
36
37
38
39
40
41
42
43
44
45
Regional
46
Regional
47
Regional
48
Regional
49
Regional
50
Regional
51
52
Regional
53
54
55
Regional
56
57
58
Regional
59
Regional
60
61
62
63
64
65
66
67
68
cisco1
CNR User
CNR Organization
Cisco Systems
69
San Jose
CA
US
70
nwreg2
Network Registrar
(sparc) 6.2
71
2.
Regional mode
72
73
[y,n,?,q] n
2.
Client only
74
Non-secure/HTTP (default)
2.
3.
75
Do not remove
76
77
78
79
nwreg2
Network Registrar
(sparc) 6.2
80
nwreg2
Network Registrar
(sparc) 6.2
81
2.
Regional mode
82
83
[y,n,?,q] n
Network Registrar uses the CCM management SCP port for internal
communications between servers.
Enter the CCM SCP port number [1244]:
Network Registrar Regional Server Agent 6.2 requires Java
version 1.4.2 (or later) to run.
Where is your Java software installed? [/usr/java]
84
Non-secure/HTTP (default)
2.
3.
85
Do not remove
86
87
88
89
nwreg2
Network Registrar
(sparc) 6.2
90
91
92
93
94
95
96
97
98
99
100
Local Login
Login to the Web UI the default login and password is admin/changeme
101
102
103
104
105
106
107
108
109
110
Warning!
Use the CNR Screen Navigation
Controls and not the Web browser
controls:
111
112
113
114
115
100 Ok
auth-servers=192.168.50.1,10.0.0.1
116
Exercise
Getting Started with CNR
117
Exercise
118
119
120
121
DNS Objectives
Upon completion of this section, you should understand:
What is DNS and its Purpose?
Key DNS Terms
How DNS is Organized
Zones, Subzones, Domains and Subdomains
What Do Name Servers Do?
Types of Name Servers
Resource Records
CNR
Training
6.2
122
123
2104.253.96.2
124
125
126
John at Work
21
9.
2
Web Server
(www.cisco.com)
.1
33
.
19
8
w
w
s
ci
.
w
m
co
.
o
Internet
198.133.219.25
127
128
DNS Terms
Name Server:
Heart of the Domain Name System
Each DNS server maintains a list of Root Name Servers
Internal resolvers know to query that list to resolve names
129
130
131
132
The Hierarchy
DNS is a hierarchical database, meaning the data is structured
in a tree, much like the directory structure of a UNIX or
Windows file system.
The root domain, ".", is at the top, and various subdomains
branch out from the root (much like an upside down tree).
133
Unix
134
Zones, Subzones,
Domains, and Subdomains
135
136
What is a Zone?
A Delegation Point in the DNS tree hierarchy that
contains all the names from a certain point downward:
except those names that were delegated to other zones
137
Subzones:
Are partitions of delegated domains
Always end with the name of its parent
138
139
140
141
142
143
Administrator
USA-East (Secondary)
CNR Training 6.2
Asia (Secondary)
Client
Europe (Secondary)
144
145
146
147
Caching Servers
A type of DNS server that:
Caches information learned from other name servers
Answers requests quickly because information is local
Does not have to query other servers for each transaction
148
Example: Caching
2. Cache data
for cisco.com.
from previous
query
3
5
7. Answer
1. Query
Local
Name
Server
com.
Answer for
sales.cisco.com.
cisco.com.
Answer for
Query for
6
www.sales.cisco.com.
Resolver www.sales.cisco.com.
sales.cisco.com.
CNR Training 6.2
149
Forwarding Servers
150
Primary (Master)
Secondary (Slave)
DNS name server that gets it zone data from another name
server (the primary server).
151
Master = Primary
Slave = Secondary
152
153
154
Resource Records
155
156
Class
TTL
Type
Data
cisco.com.
IN
86400
SOA
cisco.com
IN
NS
ns.cisco.com
ns.cisco.com.
IN
10.100.200.2
student
IN
10.100.200.3
200.100.10.inaddr.arpa.
IN
SOA
200.100.10.inaddr.arpa.
IN
NS
ns.cisco.com.
IN
PTR
ns.cisco.com.
157
Record Types
SOA Start of Authority for a Zone *
A Hostname to IP Address Mapping *
PTR IP Address to Hostname Mapping *
NS Name Server for a Zone *
MX DNS Mail Exchanger *
CNAME Canonical Name (alias)
HINFO DNS Host Information
TXT Text Strings used for descriptive purposes
SRV Use several servers for a single host domain
CNR Training 6.2
158
159
160
161
; Serial
10800
3600
604800
14400 )
162
IN
NS
ns1.cisco.com.
163
Address (A)
Maps host names to IP Address for the Zone
Also known as Forward Records
stargate
IN
172.16.2.1
matrix
IN
172.16.2.2
netprint
IN
172.16.2.3
rotor
IN
172.16.2.4
ldap
IN
172.16.2.5
164
Pointer (PTR)
Maps IP Addresses to host names for the Zone
Also known as Reverse Records
FQDN of the host name must end with a dot .
1.2
IN
PTR
stargate.cisco.com.
2.2
IN
PTR
matrix.cisco.com.
3.2
IN
PTR
netprint.cisco.com.
4.2
IN
PTR
rotor.cisco.com.
5.2
IN
PTR
ldap.cisco.com.
165
Glue Records
166
167
Forward Zones
Maps the Host Name to the IP Address
They contain:
SOA
NS
A
Possibly MX records
168
Reverse Zones
Reverse zones allow resolution of IP addresses to
names.
They contain:
SOA
NS
PTR records
169
in-addr.arpa Domain
www.sales.cisco.com.
170
171
Local
name
server
com.
Answer
Query
Referral to
com.
name servers
cisco.com.
Resolver
Referral to
cisco.com.
name servers
Referral to
sales.cisco.com.
name servers
Answer for
www.sales.cisco.com.
sales.cisco.com.
CNR Training 6.2
172
173
Resolver
174
Recursive
175
Recursive Query
Answer
Query
Local
Name
Server
Query for
www.sales.cisco.com.
Resolver
176
Iterative
177
Iterative Queries
Query for
www.sales.cisco.com.
Referral to
com.
Name Servers
Local
Name
Server
com.
Referral to
cisco.com.
Name Servers
Referral to
sales.cisco.com.
Name Servers
cisco.com.
Answer for
www.sales.cisco.com.
sales.cisco.com.
CNR Training 6.2
178
Local
Name
Server
us.
Referral to
cisco.com.
Name Servers
Referral to
sales.cisco.com.
Name Servers
Answer
Query
Referral to
com.
Name Servers
ma.us.
Answer for
www.sales.cisco.com.
Resolver
sales.cisco.com.
CNR Training 6.2
179
180
181
IPv6 Support
182
IN
192.168.23.18
IN
AAAA 2001:660:3006:1::1:1
183
168.192.in-addr.arpa.
18.23
IN
PTR
sales.cisco.com.
0.0.0.0.8.b.d.0.1.0.0.2.ipv6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0
IN PTR sales.cisco.com.
184
IPv6 Non-Supported
Zone transfers over IPv6
However, IXFR requests coming in on IPv6 interfaces, for
example, are replied to on the same interface
185
186
187
DNS Configuration
188
CNR
Training
6.2
189
Key Terms
190
Key Terms
191
192
193
194
195
196
197
Type a Name for your Forward Zone into the Name box and click Add Zone
198
! " !##$
199
200
Protect/Unprotect RR
Protect (Static):
Unprotected (Dynamic)
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
Zone Delegation
217
218
219
220
221
222
223
224
225
226
From the local cluster Web UI Manage Servers page click the
Server Name to open the Edit DNS Server page:
227
228
229
230
231
232
233
Exercise -
234
235
236
237
CNR
Trainin
g 6.2
238
239
240
Examples:
241
242
243
244
245
246
247
248
249
250
Configuring HA DNS
251
252
253
254
255
From either of the local DNS Server Statistics page click the
Statistics icon ( ) on the Manage DNS Server page:
256
257
258
Exercise -
259
Review Q&A
260
261
262
263
264
265
Server States
Loaded - First step after the server agent starts the server
(transitional).
Initialized - Server was stopped or fails to configure.
Unconfigured - Server is not operational because of a
configuration failure (transitional).
Stopped - Server was administratively stopped and is not running
(transitional).
Running - Server is running successfully.
266
267
To see if your local cluster server is running on Solaris and Linux run:
cnr_status command, in the install-path/usrbin/ directory
bash-2.05# ./cnr_status
DNS server running
DHCP server running
Server Agent running
MCD lock manager running
CCM Server running
WEB Server running
CNRSNMP server running
(pid:
(pid:
(pid:
(pid:
(pid:
(pid:
(pid:
195)
196)
135)
161)
159)
199)
201)
268
269
Web UI Administration
Click the Log icon ( ) in the View Log column to view the log
messages for the server.
Click the Start icon (
270
271
272
273
274
CNR SNMP
The Network Registrar Simple Network Management
Protocol (SNMP) notification support allows you to
be:
Warned of error conditions and possible problems with the
DNS servers.
Monitor threshold conditions that may indicate failure or
impending failure conditions.
275
276
277
278
Log Files
When you start Network Registrar, it automatically starts logging
Network Registrar system activity.
Network Registrar maintains all the logs by default on:
Windows <CNR_ROOT>\logs
Solaris and Linux:
<CNR_VAR>/local/logs
(local cluster)
279
280
281
Log Settings
Logging Server Events:
The DNS, DHCP, and TFTP servers have log settings that can
severely restrict what is logged, and thereby improve server
performance.
These log settings are available using the dns set log-settings,
dhcp set log-settings, and tftp set log-settings commands in the
CLI, respectively.
Caution: To avoid filling up the Windows Event Viewer and
preventing Network Registrar from running:
In the Event Log Settings, check the Overwrite Events as Needed
box.
282
283
For example, to set the logging for the local cluster DNS
server:
1. Click DNS
2. Click DNS Server to open the Manage DNS Server page.
3. Click the name of the server to open the Edit DNS Server page.
4. Expand the Logging attributes section to view the log settings
5. Make changes to these settings as desired
6. Click Modify Server
7. Reload the server
284
285
286
The page shows the file name, Match Line Number of the match,
and the Log Number.
287
attributes.
288
289
290
291
Log Messages
292
293
294
value of 86400.
295
Common Problems
296
files that point to external hosts, without first asking or even informing
the systems managers of those external hosts.
name with a dot: names in zone files that don't end with a dot are
always expanded with the name of the current zone (the domain that
the zone file stands for or the last $ORIGIN).
297
Serial Numbers dont forget to change the serial number when the
data changes.
298
299
300
301
302
Begins with a reverse query for the nameserver itself, which may
fail if the server cannot resolve this due to its configuration
Use the server command, or specify the server on the command
line, to ensure that you query the proper server.
Use the debug, or better yet, the d2, flag to dump the
responses and (with d2) the queries being sent.
303
304
305
306
307
308
Section Objectives
Explain the major advantages and limitations of the
DHCP protocol
Identify the messages exchanged between the
DHCP client and server in the process of DHCP
address leasing
Explain the DHCP client states as it acquires and
maintains its lease
Explain the factors to consider when determining
DHCP lease time
CNR
Traini
ng 6.2
309
310
311
312
313
Manual Configuration
For every device on the network the administrator
must do the following:
Choose a legal IP address.
Assign the IP address to the individual workstation.
Define workstation configuration parameters.
Update the DNS database, mapping the workstation name
to the IP address.
314
315
316
317
DHCPs drawbacks
Security no authentication
Routing issues
Not the way to assign permanent IP addresses
318
319
320
What is a Lease?
Lease the period over which a network address is
allocated to a client
Lease times are as long or short as desired.
Many factors to consider
321
322
DHCP Packet
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
op (operation)
323
Text Overflow
324
DHCP Messages
DHCPDISCOVER Client broadcast to locate
available servers.
DHCPOFFER Servers response to a clients
DHCPDISCOVER.
DHCPREQUEST Client message to servers either:
Requesting offered parameters
Confirming correctness of a previously allocated address
Extending the lease on a particular network address.
325
326
327
DHCP Servers
5
1
3
Client
1 DHCPDISCOVER
2 DHCPOFFER
3 DHCPREQUEST
4 DHCPACK or DHCPNAK
5 DHCPDECLINE or DHCPRELEASE
328
DHCP Servers
Client
1 DHCPREQUEST (Renewal)
2 DHCPACK (Normal response)
3 DHCPREQUEST (Rebind if no normal response)
4 DHCPACK (From other server)
329
DHCP Servers
Client
1 DHCPREQUEST (On reboot, if capable
of storing IP address between reboots)
2 DHCPACK (If no change)
330
1 DHCPREQUEST (Broadcast)
2 DHCPNAK
Subnet 2
CNR Training 6.2
DHCP Servers
Subnet 1
3 DHCPDISCOVER
4 DHCPOFFER
1
3
Client
331
Renewing
T1
Rebinding
T2
Lease
Expiration
Time
332
Init-Reboot
Init-Reboot
Send DHCPDISCOVER
Send DHCPREQUEST
Selecting
Selecting
Receive DHCPPACK;
IP Address Is Taken;
Send DHCPDECLINE
Rebooting
Receive DHCPPACK;
IP Address Is Free;
Start Lease, Set Timers
Reallocation Process
Receive DHCPOFFER;
Select Offer;
Send DHCPREQUEST
Requesting
Requesting
Receive
DHCPNAK
Bound
Receive DHCPPACK;
IP Address Is Free;
Start Lease, Set Timers
Receive DHCPPACK;
IP Address Is Taken;
Send DHCPDECLINE
Renewing
Reallocation Process
Rebinding
Rebinding Process
Allocation Process
Terminate Lease;
Send DHCPRELEASE
T1 Expires;
Send DHCPREQUEST;
To Current Lease Server
Receive DHCPPACK;
Restart Lease;
and Timers
Receive
DHCPNAK
Receive DHCPPACK;
Start New Lease;
and Set Timers
Receive
DHCPNAK
Receive
DHCPNAK
Lease Expiration
333
DHCP Servers
8a
4
1100..2
2..33..00
BOOTP relay agent
7
2
8b
0
.
2
.
.
1
2
.
1100.1. 0
CNR Training 6.2
Client
334
335
336
337
338
VPN Support
172.27.181.1
172.27.181.73
192.168.1.0/24
DHCP Server 1
Blue VPN
192.168.1.0/24
172.27.180.231
DHCP Server 2
Red VPN
339
340
DHCP Review
Advantages:
Ease of administration
User friendly
Adds convenient access
DHCP is tailored to client
Dynamic DNS keeps DNS up to date
Disadvantages:
Difficult to track
Security no authentication
341
342
343
Configuring DHCP
344
Section Objectives
Define: cluster, policy, scope.
Configure DHCP policies.
Configure DHCP scopes.
Identify four limitations of the DHCP protocol
CNR
Training
6.2
345
Key Terms
346
347
Configuring a Policy
348
Scopes
Address space divided up by subnets and ranges
Reservations
Addresses or Leases reserved for specific clients,
usually identified by their MAC address
Server
Global DHCP server configuration
349
350
Policy Types
Embedded Policy - Embedded in the definition of a
Scope.
Named Policy - Explicitly defined objects that can be
attached to a Scope. There will usually be a policy
called default which will be automatically assigned to
a scope.
System-Default-Policy - Options defined here are
applied to all objects that do not have the option
defined in a more specific policy.
351
352
353
354
355
Configuring a Scope
356
What is a Scope?
SCOPE Administrative grouping of TCP/IP
addresses.
Leases are managed within a scope.
357
358
359
360
361
362
363
364
Scope Templates
365
Scope Templates
Where common scope attributes are pre-defined so
new scopes are easily created.
Common scope attributes:
Name based on expression
Policies
Address ranges
Embedded policy options based on an expression
366
367
368
369
370
Functional Language:
3+1
3+1+4
3+1+4+10
(+ 3 1)
(+ (+ 3 1) 4 )
(+ (+ (+ 3 1) 4) 10)
3*4+1
3*(4+1)
(+ (* 3 4) 1)
(* 3 (+ 4 1))
371
372
373
374
375
Understanding Scope/Address
Selection
376
Select IP address
No
Choose scope via
round robin.
DHCPREQUEST
DHCPACK
No
377
378
Configuring a Reservation
379
What is a Reservation?
Some clients need a fixed IP address for various
reasons
Printers
Servers
Static BOOTP clients
Clients without dynamic configurable IP address
Factory floor devices on a switch port irregardless of
MAC
380
Configuring Reservations
From the Web UI Main Menu, click DHCP, and then Scopes to
open the List/Add DHCP page, then click the Scope Name to
edit:
381
DHCP Servers
5
2
Client
3
1
CNR Training 6.2
00:01:02:03:04:05
Solution:
Configure all DHCP
servers with the
identical list of
reserved addresses.
382
383
Lease Status
Available Can be given to a DHCP client.
Unavailable Cant be given to a DHCP client.
Leased IP address currently being used by a client.
Offered Lease has been offered to the client.
Expired - lease is expired.
Deactivated Administratively made unavailable.
Pending available - Failover-related.
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
Exercise
399
Exercise -
400
401
402
CNR
Training
6.2
2005 Cisco Systems, Inc. All rights reserved.
2001,
Cisco
Systems,
Inc. All rights reserved.
403
404
Section Objectives
Explain the function and purpose of the client class
feature.
Define clients, client classes, scope selection tags,
inclusion and exclusion criteria and the default
client
List the steps in the configuration of class of
service.
Identify the levels of the policy hierarchy.
CNR
Training
6.2
405
406
407
408
409
410
411
412
413
414
Database Lookup
Client datastore
Internal CNR Database
External LDAP Database
Lookup-key
Normally MAC address 1,6,aa:bb:cc:dd:ee:ff
Validate-client-name-as-mac
Default disabled
If enabled and set to false allows any name to be used
as key
415
Client Properties
Name - lookup key (usually MAC address).
Selection-criteria (selection tag).
Selection-criteria-excluded (exclusion tag).
Name of named-policy.
Embedded-policy.
Client-class-name - often the only attribute that is
defined in the client database entry.
Others (e.g. hostname, domain, etc.).
416
Client-Class Properties
Name usually a meaningful name associated with
a group of clients.
Selection-criteria ( selection tag).
Selection-criteria-excluded (exclusion tag).
Name of named-policy.
Embedded-policy.
Others (e.g. hostname, domain, etc.).
417
418
Check DB of known
clients.
No
Select IP address.
DB
DHCPOFFER
DHCPACK
DHCP
DHCPREQUEST
419
420
421
Does the
client or a
default
Exist?
Yes
Yes
Is there an
associated
policy with
the client?
Yes
Is there a
scope
selection tag?
Send options in
DHCPOFFER from Scope
Policy that were not
previously defined in client
or client class.
Are any
options left
undefined?
Is there an
associated
client class?
CNR Training 6.2
Yes
Yes
Is there an
associated
Policy with
the client
class?
Yes
Check
System_Default_Policy
for remaining options.
422
423
Hierarchical Grouping
Items in the center groups have higher
precedence than those in the outer groups.
The By Lookup group has the highest.
The Default group has the lowest.
424
425
426
427
428
429
Adding a Client-Class
From the Web UI click DHCP and then Client Classes to open
the List DHCP Client-Classes page:
430
431
Editing a Client-Class
Click the Client-Class name to edit:
432
433
Configuring a Client
From the Web UI click DHCP and then Clients to
open the List/Add DHCP Clients page:
434
435
436
437
438
439
440
DHCP Expressions
Can be used to assign a client class without a client
entry lookup
Enabled by defining DHCP property on the server
client-class-lookup-id
i.e. putting expression in the box
Client class processing need not be enabled, saving
significant performance
Expressions are calculated rather than executed
Read only cant modify a packet
Run in protected memory, prevents crashing
CNR Training 6.2
441
Expression examples
Similar to LISP lots of parentheses everything is a function
(request option 82 remote-id) - returns the remote-id or
null if no option 82 is present null is bad
(try (request option 82 remote-id) no option 82)
returns the remote-id or the string if no option 82 is present a
much better expression
Another expression used in the lab
(if (starts-with (request get chaddr) 01:02:03)
VoIP PC)
442
Expression
A series of IF statements that assign client-class based on
contents of packet
Example:
(try
(or
)
null)
CNR Training 6.2
443
Expression Lookup
DHCPDISCOVER
Client-class
lookup ID
defined?
Yes
Client
class
enabled?
No
Choose
Expression
client class
Yes
No
Use Client
lookup ID as
client key
Client class
enabled?
Yes
Use MAC
address as client
key
Found
Client
Entry?
Yes
Choose
Client Entry
client class
No
Choose
Expression
or default
client class
CNR Training 6.2
444
Lease Limitations
Use expression to define limitation-id in client-class
Expression is evaluated from incoming packet
Creates a grouping (by limitation ID) for clients whose
evaluated expression results in the same answer
445
446
447
448
449
450
Review Q & A
451
452
CNR Extensions
Purpose of CNR Extensions
To affect how Cisco CNS Network Registrar
handles and responds to DHCP requests, and to
change the behavior of a DHCP server that you
cannot normally do using the user interfaces.
453
454
Extension Points
What are Extension Points?
455
456
CNR Extensions
Extensions are called or executed at a certain point during the DHCP process.
These points are called extension points. The ten extension points are :
(Continued) :
6. check-lease-acceptableUsed to change the results of the lease acceptability
test. Do this only with extreme care. Dictionaries used: request, response, and
environment.
7. lease-state-changeUsed to determine when the lease state changes this only
with extreme care. Dictionaries used: response and environment.
*8. pre-packet-encodeUsed to change the data sent back to the DHCP client in
the response, or change the address to which to send the DHCP response.
Dictionaries used: request, response, and environment.
9. pre-dns-add-forwardUsed to alter the name used for the DNS forward (A
record) request. Dictionaries used: environment only.
10. post-send-packetUsed after sending a packet for processing that you want
to perform outside of the serious time constraints of the DHCP request-response
cycle. Dictionaries used: request, response, and environment.
457
Programming Languages
458
459
Location of Files
Installation directories:
UNIX:
Tcl/opt/nwreg2/local/extensions/DHCP/tcl
C or C++/opt/nwreg2/local/extensions/DHCP/dex
Windows:
460
461
DHCP Failover
462
Section Objectives
Identify the purpose, advantages and limitations of
DHCP Failover
Identify and describe and configure the three types
of failover configurations
Understand failover protocol operation and the
various transition states of partner servers
Configure and synchronize failover server pairs
Configure load-balancing
CNR
Check the status of and troubleshoot failover Training
6.2
configurations
Detect and handle network failures.
463
464
DHCP
465
466
DHCP Redundancy
Generic DHCP specification does not include
Cooperative redundancy.
Cooperation between DHCP servers has been
implemented in CNR under the name Safe
Failover.
There is an IETF draft specification that reflects
Ciscos implementation.
467
Goals:
No duplicate IP address
assignment when one
server fails.
468
469
470
Failover Operation
471
Roles of Servers
MAIN - the server with responsibility for DHCP service on a
network segment; also called primary server in protocol
specification.
BACKUP - the server that takes over DHCP service if the main
server fails; it is also called secondary server.
472
473
1
6
Backup
Backup Pool:
231-254
2
4
Main
Address Pool:
10.10.10.2-230
CNR Training 6.2
Client
1. DHCPDISCOVER
2. DHCPOFFER
any address from 2-230
3. DHCPREQUEST
4. DHCPACK
any address from 2-230
5. DHCPBNDUPD
6. DHCPBNDACK
474
DHCPPOLL
Client
2
3
Backup
Backup Pool: 231-254
1
1. DHCPDISCOVER
2. DHCPOFFER any address
from 231-254
Main
3. DHCPREQUEST
4. DHCPACK
Address Pool:
10.10.10.2-230
CNR Training 6.2
475
476
477
478
Startup State.
Normal State.
Servers are unable to
communicate (safe).
Partner Server is known to be
down (possibly unsafe).
POTENTIAL-CONFLICT
RECOVER
PAUSED
SHUTDOWN
RECOVER-DONE
CNR Training 6.2
479
480
481
482
483
Failover Configurations
484
Failover Configurations
In previous versions of CNR there are three basic
Failover configurations:
Simple
Symmetric
Back Office
485
DHCP Server 1
DHCP Server 2
172.168.21.0/24
172.168.22.0/24
172.168.23.0/24
172.168.21.0/24
172.168.22.0/24
172.168.23.0/24
Corporate
WAN
172.168.23.0/24
172.168.21.0/24
172.168.22.0/24
486
DHCP Server 1
Main for subnets
172.168.21.0/24
172.168.22.0/24
DHCP Server 2
Backup for subnets
172.168.21.0/24
172.168.22.0/24
Corporate
WAN
172.168.23.0/24
172.168.21.0/24
172.168.22.0/24
487
DHCP Server 1
Main for subnets
172.168.21.0/24
172.168.22.0/24
DHCP Server 2
Main for subnets
172.168.23.0/24
172.168.24.0/24
DHCP Server 3
Backup for subnets
172.168.21.0/24
172.168.22.0/24
172.168.23.0/24
172.168.24.0/24
CNR Training 6.2
488
489
Configuring Failover
490
Configuring Failover
Configure the main server as required for your network.
Use the Failover Configuration page to configure the failover
pair and synchronize the configurations
Automates copying of:
DHCP server properties
Policy properties & DHCP options
Scopes, scope properties and ranges
Reservations
Clients, client-classes & scope selection tags
Extensions
491
492
493
494
495
496
497
498
499
500
501
502
503
504
Monitoring Failover
If a server enters Communications Interrupted:
If condition understood and expected to clear quickly,
505
setPartnerDown Command
Backup server does not automatically assume that
the other server is down.
Set partnerdown is used to tell a failover partner
that the other server is down. Can be done from
Web UI or CLI
Does NOT cause the other server to shut down.
Will wait MCLT to actually use the other pool
addresses unless a time is specified
506
Safe Period
Safe Period
Normally disabled.
If enabled, backup will wait this period, then automatically
move to the partner down state.
If enabled, duplicate address assignment is possible if
the other server is not really down.
507
508
509
Review Q & A
510
511
512
CNR
Training
6.2
513
514
515
Server States
Loaded - First step after the server agent starts the server
(transitional).
Initialized - Server was stopped or fails to configure.
Unconfigured - Server is not operational because of a
configuration failure (transitional).
Stopped - Server was administratively stopped and is not running
(transitional).
Running - Server is running successfully.
516
517
To see if your local cluster server is running on Solaris and Linux run:
cnr_status command, in the install-path/usrbin/ directory
bash-2.05# ./cnr_status
DNS server running
DHCP server running
Server Agent running
MCD lock manager running
CCM Server running
WEB Server running
CNRSNMP server running
(pid:
(pid:
(pid:
(pid:
(pid:
(pid:
(pid:
195)
196)
135)
161)
159)
199)
201)
518
519
Web UI Administration
Click the Log icon ( ) in the View Log column to view the log
messages for the server.
Click the Start icon (
520
CNR SNMP
The Network Registrar Simple Network Management
Protocol (SNMP) notification support allows you to
be:
Warned of error conditions and possible problems with the
DHCP servers.
Monitor threshold conditions that may indicate address
depletion on particular scopes.
521
522
523
524
Log Files
When you start Network Registrar, it automatically starts logging
Network Registrar system activity.
Network Registrar maintains all the logs by default:
Windows <CNR_ROOT>\logs
Solaris and Linux:
<CNR_VAR>/local/logs
(local cluster)
525
526
527
Log Settings
Logging Server Events:
The DNS, DHCP, and TFTP servers have log settings that can
restrict what is logged, and thereby improve server performance.
These log settings are available using the dns set log-settings,
dhcp set log-settings, and tftp set log-settings commands in the
CLI, respectively.
Caution: To avoid filling up the Windows Event Viewer and
preventing Network Registrar from running:
In the Event Log Settings, check the Overwrite Events as Needed
box.
528
529
530
531
The page shows the file name, Match Line Number of the match,
and the Log Number.
532
file messages
533
534
Log Messages
535
536
537
The
01/31/2006 14:30:56 name/dhcp/1 Info Failover 0 04140 Failover: example failover pair, as main for
10.250.26.15 (re)established contact with its partner while in communications-interrupted state while the
partner was in communications-interrupted state. Performing automatic resynchronization.
01/31/2006 14:30:56 name/dhcp/1 Info Failover 0 04121 Failover: example failover pair, as main for
10.250.26.15: was given a new state. Old state was communications-interrupted, new state is normal.
01/31/2006 14:30:56 name/dhcp/1 Info Failover 0 04249 Failover: example failover pair, as main for
10.250.26.15 allocated 0 IP addresses to backup server: 10.250.26.15 and withdrew 0 IP addresses from
that backup server.
01/31/2006 14:30:58 name/dhcp/1 Info Server 0 05279 Accepted a new SCP client connection from client at
127.0.0.1:33355
01/31/2006 14:31:06 name/dhcp/1 Info Failover 0 04221 The startup period for failover is complete where
it was not already terminated by communications being restored with a partner server. The DHCP server
may be available for DHCP client operations depending on the role of this server (main or backup), its
state, and its connection to other failover servers.
538
Common Problems
539
540
Configuration Errors
Missing Client or Client Class
Missing or Incorrect Scope Selection Tags
Missing or Incorrect Selection-Criteria
Missing or Incorrect Options on Policies or
Embedded Policies
Options placed in Wrong Policies (policy search
order)
541
Configuration Errors
Scopes with no ranges assigned
Addresses depleted from scope
Incorrect or Missing Primary-Subnet setting for
multi-netted networks
CNR Host missing route to destination network
542
Solving Problems
Use the log files and additional log-settings!
With correct log-settings, CNR will tell you exactly
what is wrong.
543
544
Exercise -
545
546
Review Q & A
547
548
Section Objectives
Understand the difference between Local and
Regional Cluster
Identify functions performed by Regional Cluster
Install and configure a Regional Cluster
Configure local clusters and single-sign-on
CNR
Training
6.2
549
550
Regional Cluster
Aggregate management system for up to 100 local
clusters.
Does not provide DNS, DHCP or TFTP services to
clients
Does provide management tools for monitoring,
managing local clusters as well as integrated
management of IP address management and
routers
551
Local Cluster
Local Cluster
Regional Cluster
Local Cluster
552
DHCP
TFTP
Core Services
Thread
Manager
HTTP
Server
SCP
Integrated Databases
Servlet Engine
Central Configuration
Manager (CCM) Server
Router Interface
Configuration (RIC) Server
DHCP
TFTP
HTTP
Server
SCP
CNR SDK
SCP
CLI
Telnet/
SSH
Solaris
Windows
Solaris Linux
Linux Windows
SCP
Core Services
Thread
Manager
HTTP/HTTPS
uBR Router
CCM Server
Integrated Databases
553
554
CLI
Tomcat
HTTP/HTTPS
Tomcat
CCM DB
Replica
Server
Agent
DHCP
CCM
Server
SCP
CCM
Server
Subnet Util
DNS
CLI
DHCP DB
DNS DBs
TFTP
IP Lease
History
RIC
Server
Platforms
Solaris
Solaris Linux
LinuxWindows
Windows
Telnet/SSH
CCM DB
Legacy Interface
External Interface
Internal SCP Interface
Embedded Database
MCD DB
Platforms
Solaris
Solaris Linux
Linux Windows
Windows
555
What is CCM?
CCM = Central Configuration Management
Augments the legacy MCD databases used in
earlier versions of CNR
Tracks incremental changes to the various servers
and allows replication and logging
556
Local Cluster
Local Cluster
Regional Cluster
Local Cluster
557
Router
Telnet/SSH
Router
Interface
Configuration
Server
Router
Regional Cluster
558
DHCP
Failover
DHCP
Primary DNS
10.10.10.2
Central
Management
CNR Training 6.2
DHCP Lease
Secondary DNS
10.10.10.3
DNS Updates
Zone
Transfers
559
560
561
562
Used to check:
Subnet utilization
Lease history.
563
Used to update:
Policies
ACLs
Keys
HA pairs
Update maps
Zone distributions.
CNR Training 6.2
564
565
566
567
568
569
570
571
572
573
574
575
Regional Installation
576
577
578
579
580
581
582
583
584
585
CNR
586
587
588
589
590
591
nwreg2
Network Registrar
(sparc) 6.2
592
2.
Regional mode
593
594
[y,n,?,q] n
Network Registrar uses the CCM management SCP port for internal
communications between servers.
Enter the CCM SCP port number [1244]:
Network Registrar Regional Server Agent 6.2 requires Java
version 1.4.2 (or later) to run.
Where is your Java software installed? [/usr/java]
595
Non-secure/HTTP (default)
2.
3.
596
Do not remove
597
598
599
600
nwreg2
Network Registrar
(sparc) 6.2
601
602
603
604
605
606
607
608
609
610
611
612
613
CLI
Tomcat
HTTP/HTTPS
Tomcat
CCM DB
PULL
Replica
DHCP
CCM
Server
SCP
CCM
Server
Replica
Subnet Util
IP Lease
History
RIC
Server
Platforms
Solaris
Solaris Linux
LinuxWindows
Windows
Telnet/SSH
Server
Agent
DHCP DB
DNS DBs
TFTP
CCM DB
Legacy Interface
External Interface
Internal SCP Interface
Embedded Database
DNS
CLI
MCD DB
Platforms
Solaris
Solaris Linux
Linux Windows
Windows
614
Replicated Objects
DHCP Scopes
Address Block
Subnets and Policies
Scope Templates
Client-Classes
VPNs
DNS zones
Zone Templates
615
Replication
Replication Occurs:
When you first synchronize the clusters.
At a configured time interval.
When manually initiated.
616
617
Configuring Single-Sign-On
Single sign-on enables seamless navigation
between the Regional and Local cluster.
Many of the Web UI pages have an icon that allows
you to do this.
If you have single sign-in privileges the connection takes
you to the related local management page (or a related
page for failover pair configurations).
If you dont have privileges the connection takes you to
the login page for the local cluster.
618
619
620
621
622
623
624
Section Objectives
Define the key terms used in address space
management
Configure and manage address blocks
Delegate address space to local clusters
Configure and manage subnets
Push subnets to local clusters and routers
Configure and run subnet utilization reporting
CNR
Training
6.2
625
Introduction
626
Key Terms
Address block - An aggregate of IP addresses based
on a power-of-two address space that can be delegated
to an authority.
Child Address block - An address block (shown as a
branch in the address allocation hierarchy) that has
been subdivided from a parent address block.
Subnet - The leaf node of the address space and
cannot be further subdivided
Address Range - A range of addresses assigned to an
subnet.
627
628
629
Router
Telnet/SSH
Router
Interface
Configuration
Server
Router
Regional Cluster
630
631
Virtual Routers:
Updated in the Network Registrar database only.
Defined by omitting the router type or connection
credentials on the Add Router or Edit Router pages.
632
Adding a Router
From
633
634
Resynchronizing a Router
635
636
637
638
639
640
641
642
643
Address Block
192.168.0.0/18
Cannot be subdivided.
Subnet Typically is delegated to
a DHCP server.
192.168.50.0/24
Child Address Block
192.168.32.0/20
Can be subdivided
192.168.64.0/18
Child Address Block
192.168.128.0/18
Child Address Block
192.168.192.0/18
644
645
646
647
648
649
650
651
652
653
654
655
Reclaiming Subnets
From
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
Exercise -
688
689
690
691
CNR
Training
6.2
692
693
694
Used to Update:
Policies
ACLs Keys
Maps and Zone Distributions
695
DHCP
TFTP
Core Services
Thread
Manager
HTTP
Server
SCP
Integrated Databases
Servlet Engine
Central Configuration
Manager (CCM) Server
Router Interface
Configuration (RIC) Server
DHCP
TFTP
HTTP
Server
SCP
CNR SDK
SCP
CLI
Telnet/
SSH
Solaris
Windows
Solaris Linux
Linux Windows
SCP
Core Services
Thread
Manager
HTTP/HTTPS
uBR Router
CCM Server
Integrated Databases
696
Local Cluster
Local Cluster
Regional Cluster
Local Cluster
697
698
699
700
701
Forward Zones
Maps the Host Name to the IP Address
They contain:
SOA
NS
A
Possibly MX records.
702
703
704
705
706
Reverse Zones
Maps the Host Name to the IP Address
They contain:
SOA
NS
PTR
707
in-addr.arpa Domain
708
709
710
711
712
Zone Templates
713
714
715
716
717
718
See Notes
719
720
Zone Distributions
721
722
723
724
725
726
727
Synchronizing Distributions
728
Synchronization Modes
Update - Adds new zones, RR sets, and hosts;
replaces existing hosts if there are conflicts; and
creates new secondary zones.
Complete - Like Ensure mode, except that it always
replaces existing RR sets and hosts, and modifies the
master server list on existing secondary zones.
Exact - Like Complete mode, except that it deletes
extra zones, RR sets, hosts, and secondary zones no
longer on the primary.
729
730
731
732
733
734
735
736
737
Section Objectives
CNR
Training
6.2
738
739
DHCP
740
741
DHCP Redundancy
Generic DHCP specification does not include
Cooperative redundancy.
Cooperation between DHCP servers has been
implemented in CNR under the name Safe
Failover.
There is an IETF draft specification that reflects
Ciscos implementation.
742
Goals:
No duplicate IP address
assignment when one
server fails.
743
Roles of Servers
MAIN - the server with responsibility for DHCP service on a
network segment; also called primary server in protocol
specification.
BACKUP - the server that takes over DHCP service if the main
server fails; it is also called secondary server.
744
1
6
Backup
Backup Pool:
231-254
2
4
Main
Address Pool:
10.10.10.2-230
CNR Training 6.2
Client
1. DHCPDISCOVER
2. DHCPOFFER
any address from 2-230
3. DHCPREQUEST
4. DHCPACK
any address from 2-230
5. DHCPBNDUPD
6. DHCPBNDACK
745
DHCPPOLL
Client
2
3
Backup
Backup Pool: 231-254
1
1. DHCPDISCOVER
2. DHCPOFFER any address
from 231-254
Main
3. DHCPREQUEST
4. DHCPACK
Address Pool:
10.10.10.2-230
CNR Training 6.2
746
Failover Configurations
In previous versions of CNR there are three basic
Failover configurations:
Simple
Symmetric
Back Office
747
DHCP Server 1
DHCP Server 2
172.168.21.0/24
172.168.22.0/24
172.168.23.0/24
172.168.21.0/24
172.168.22.0/24
172.168.23.0/24
Corporate
WAN
172.168.23.0/24
172.168.21.0/24
172.168.22.0/24
748
749
750
751
752
753
754
755
756
757
758
759
760
761
Exercise -
762
763
764
765
Managing Administrators/Groups/Roles
Objectives
766
767
Key Terms
Administrator A login account that performs
functions based on assigned roles.
Group - A grouping of roles.
A group must be assigned at least one role to be usable.
768
Constraints
Constraints are used to limit functionality of a role
Examples include:
Limiting a host role to managing the hosts on a single
subnet or a single zone
Read-only access to information
769
Administrators
The types of functions that network administrators
can perform in Network Registrar are based on the
roles that they are assigned.
The Web UI administrators can define these roles,
which lends granularity to the network
administration functions.
770
CNR Groups
Grouping of roles.
An administrator must be associated with one or
more groups.
A group must be assigned to one or more roles.
CNRs predefined groups map each role to a unique
group.
771
CNR Roles
Defines the network objects that an administrator
can manage.
Defines the functions that an administrator can
perform.
Predefined roles are created at installation.
Additional roles can be defined.
Some roles include sub-roles that provide further
functional constraints.
Roles typically are limited to read and/or write
access.
CNR Training 6.2
772
Specialized Administrators:
Created to fulfill specialized functions (e.g., DHCP
scopes)
Must be assigned to administrator group that defines
roles
773
774
775
776
Configuring Administrators,
Groups and Roles
777
Owners
Create owners to associate with:
Address blocks
Subnets
Zones
778
Owners (Cont.)
From the Web UI click Administration and then
Owners to open the List/Add Owners page:
779
Regions
Are created to associate them with:
Address blocks
Subnets
Zones
780
Regions (Cont.)
From the Web UI click Administration and then
Regions to open the List/Add Regions page:
781
Roles
From the Web UI click Administration and then Roles
to open the List/Add Roles page:
782
Groups
From the Web UI click Administration and then
Groups to open the List/Add Groups page:
783
Administrators
Determine:
If the administrator should have full or limited access to the
CLI.
If the administrator should have superuser privileges.
784
Administrators (Cont.)
From the Web UI click Administration and then
Administrators to open the List/Add Administrators
page:
785
786
787
788
Create an Administrator
789
790
791
792
793
794
795
796
797
798
799
800
801
802
Section Objectives
Identify and configure mechanisms through which
CNR system status can be reported
Identify and configure the methods through which
CNR can report problems with system operations
Explain the purpose and use of the CNR TAC Tool
Explain the process by which the CNR database(s)
can be backed up and restored
CNR
Training
6.2
803
804
805
Server States
Loaded - First step after the server agent starts the
server (transitional).
Initialized - Server was stopped or fails to configure.
Unconfigured - Server is not operational because of a
configuration failure (transitional).
Stopped - Server was administratively stopped and is not
running (transitional).
Running - Server is running successfully.
806
Server Status
807
Server Logs
808
809
810
811
812
813
814
815
Threshold Points
Impending Limits
816
817
818
819
DHCP-Specific Traps
Click Add Trap Configuration to open the Add Trap
Configuration page:
820
821
822
823
824
825
826
Manual Backups
827
Database Recovery
828
Database Recovery
829
830
831
mcddb.dbd
mcddb.k01-k03
mcddb.d01-d03
mcdConfig.txt
mcdschema.txt
832
833
834
835
836
837
838
839
Exercise
840
Exercise -
841
842
843
Introduction to DHCPv6
844
Section Objectives
Identify and Understand key IPv6 terms
Understand the concepts of IPv6 Addressing
Understand the operation of the DHCPv6 Protocol
Identify the changes in CNR's Policy Hierarchy for
DHCPv6
Configure DHCPv6 operations in CNR
845
Introduction to IPv6
846
847
Type
Prefix
Unspecified
::/128
Loopback
::1/128
Multicast
FF00::/8
Link-Local unicast
FF80::/10
Site-Local unicast
FEC0::/10
Global unicast
(everything else)
848
849
Host
Stateful
Router - Solicitation
Router - Advertisement
Router
Solicit
DHCP
Server
Assigned Address
850
Introduction to DHCPv6
851
852
853
DHCPv6 Communications
Clients listen for DHCP messages on UDP port 546.
Servers and relay agents listen for DHCP messages
on UDP port 547.
854
855
DHCP Servers
4
2
1
3
Client
1 SOLICIT
2 ADVERTISE
3 REQUEST
4 REPLY
856
857
Advertise
OFFERED
AVAILABLE
Offer - Timeout
DELETED
Solicit
3
3
Reply
6
RELEASED
Release
5
LEASED
Grace
Period
Expires
Lease
Expires
EXPIRED
4
Renew
Rebind
Request
858
Prefix Delegation
Prefix Delegation - Allows a router to request a
prefix (/48 - /64) to be assigned to its interface in
order for it to assign addresses independent of the
DHCPv6 server.
Prefix delegation is specified in RFC 3633, RFC
2640, and RFC 3769.
859
860
861
Not Supported
DHCP Extensions
DNS Updates
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
Exercise
Configuring DHCPv6
883
884
885