Setting Up Services for Regional
The Setup this Server page opens when you click the Setup icon () on the main menu in the regional Basic user mode. On this page, decide if you want to enable or disable:
- Dynamic Host Configuration Protocol (DHCP)—DHCP provides the mechanism for dynamic address assignment that is an essential part of Cisco Prime Network Registrar. DHCP configuration will takes through a series of pages for DHCP setup or based on the user selection DHCP setup is bypassed. See the Setting Up DHCP Services.
- Bring Your Own Device (BYOD)—BYOD provides the mechanism for authorizing and registering the devices to get access to IP network resources. Configuring BYOD takes through a series of pages for BYOD setup or based on user selection the BYOD setup bypassed. See the Setting Up BYOD Service.
- Security— Security provides option to select the authentication type and configure the external authentication servers. See the Security.
Note |
Selections made in Setup this Server page are not persisted. |
Click Next to go to the next page depending on your selections, or click Finish to end the setup and go to the Setup Interview Report page.
Setting Up DHCP Services
On this page you can choose either one or all the options such as Failover, DHCPv4, and DHCPv6 to configure the DHCP service(s).
DHCP Failover
Failover is a protocol designed to allow a backup DHCP server to take over for a main server if the main server becomes unavailable for any reason. On this page, you can configure the DHCP cluster name for main and backup servers which are going to be in failover relationship. You can also view, modify, and delete the failover pairs.
You need to perform "Synchronize Failover Pair" for newly added Failover Pair. You can choose the Direction of Synchronization. For initial failover configurations, use the Exact or Complete operation.
- Click Report to view the change set details.
- Click Run <mode> to apply the changes.
DHCPv4
DHCP configuration process takes through a series of configuration pages required for issuing IPv4 address. Below pages are related to configuration pages required for issuing IPv4 address.
DHCPv4 - Scope Templates Page
You need to create a scope template to use it in subsequent pages for creating scopes in local cluster from regional. A scope consists of one or more ranges of dynamic addresses in a subnet that a DHCP server manages. You must define one or more scopes before the DHCP server can provide leases to clients.
You can specify expressions in a scope template to dynamically create scope names, IP address ranges, and embedded options when creating a scope. Usage of scope templates will ease the job of configuring multiple scopes.
Steps to create a scope Template:
Procedure
Step 1 |
Click the Add Scope Templates icon in the Scope Templates pane. |
Step 2 |
Enter the scope template name in the Name field, and then click Add DHCP Scope Template. |
Step 3 |
Click Save to save the scope template, and the click Next to move to the next page. |
Step 4 |
Enter "(concat "byod-" subnet)" in the Scope Name Expression text box. |
Step 5 |
Enter "(create-range first-addr last-addr)" in the Range Expression text box and the click Save to save the page. Click Next. |
Step 6 |
Click Add Subnet to create subnet. |
Step 7 |
Enter subnet IP in the Address field, for example 10.76.206.0, and then click the Add Subnet button. |
Step 8 |
Click the Push icon to push the subnet to the local cluster. |
Step 9 |
Select the local cluster host name to which you want to push the subnet, from the Cluster or Failover drop-down list. |
Step 10 |
Select the scope template from the Scope Template drop-down list. |
Step 11 |
Click the Push Subnet button and click Next for BYOD Setup page. |
DHCPv4 - Subnets Page
On this Page, you can create, modify and delete subnets and push to local cluster or failover pair. Click the Push icon to select the local cluster host name or failover pair name to which you want to push the subnet.
Procedure
Step 1 |
Enter subnet IP in the Address field, for example 10.76.206.0, and then click the Add Subnet button. |
Step 2 |
Click the Push icon to push the subnet to the local cluster. |
Step 3 |
Select the local cluster host name to which you want to push the subnet, from the Cluster or Failover drop-down list. |
Step 4 |
Select the scope template from the Scope Template drop-down list. |
Step 5 |
Click the Push Subnet button and then click Next for BYOD Setup page. |
DHCPv6
DHCPv6 configuration process takes through a series of configuration pages required for issuing IPv6 address. Below pages are related to configuration required for providing IPv6 leases by DHCP Server.
DHCPv6 Prefix Templates
You can either configure DHCPv6 prefixes directly, or create prefix templates for creating prefixes.
During Prefix creation, you can specify expressions in a prefix template to dynamically create prefix names, IP address ranges, and embedded options.
DHCPv6 Prefixes
You can create, modify, delete DHCPv6 Prefixes and push selected DHCPv6 prefix to local cluster or failover pair. While pushing the prefix, prefix template is not mandatory.
Setting Up BYOD Service
You need to specify CDNS Server IP and the lifetime of lease to be provided for unregistered devices and click Save. Based on this input, policy configuration for unregistered device (BYOD_Unregistered) is created automatically in the regional server . In addition, client classes (BYOD_Unregistered and BYOD_Registered) required for BYOD setup will be created automatically in the regional server . In the subsequent pages, you are allowed to edit the auto created policy and client classes, but do not delete the auto created policy and client classes unless if you want to do BYOD setup manually.
Choose the configuration values you want, based on information in the following subsections, then click Next to activate your settings.
CDNS Server
Choose a relevant CDNS server to act as a spoof DNS to redirect to a BYOD web server. Set a lease time for the BYOD unregistered device to be connected.
Policies and Client Classes
After configuring the CDNS server and lease time, the Policies (BYOD_Unregistered) and Client Classes (BYOD_Registered and BYOD_Unregistered) will be created automatically.
BYOD - Scope / Prefix creation for unregistered device
This page will help you in creating pool of IPv4 and IPv6 address for unregistered device.
DHCPv4 Tab
User will have two options - split a scope or assign a tag to existing scope. This page will list scopes those are not yet BYOD enabled for each cluster/failover pair. The Split Scope icon will split the existing scope<scope name> into two scopes, one for registered devices and another for unregistered devices. If the split is successful, user can see that two scopes with same subnet having a different range of IP address have been created in the corresponding local cluster or failover pair. The newer scope name will be BYOD_Unregistered_<scope name> and have a selection tag BYOD_Unregistered. Only the range will be modified in the existing scope.
The unregistered scope range of IP address is determined based on the percentage provided by the user. For example, 10.0.0.0/24 subnet will have maximum of 254 hosts and 10% of 254 will be 25 hosts. But, we carve up number of hosts as powers of 2 to find the subnet so it would be 16 hosts. The subnet 10.0.0.0/28 will be used in Access Control List (ACL) to restrict the network access. As top/first 'n' addresses are used, leaving out the subnet ID and first IP address for router, maximum of 14 BYOD devices can be used in this subnet.
Assigning a Tag icon will help in assigning a dedicated subnet for BYOD devices. The entire required DHCP/CDNS Server configuration is done automatically by setup interview. The auto created policies and client classes in regional server for BYOD are automatically pushed to local cluster or failover pair on performing split or assign options for the first time. The "default" client is also created in local client databases. All the unregistered devices will be mapped to this "default" client configuration.
In CDNS, domain redirect functionality is used to redirect the http request from unregistered device to BYOD Webserver. Single CDNS server can be used as spoof DNS as well as actual DNS server. Domain Redirect rule named 'BYODRule' and ACL named 'BYOD' in CDNS server are auto-created by setup interview the first time split/assign operation is performed . "Match List" in ACL is updated with subnets on each split or assigns operation.
Note |
On deleting auto-created BYOD policy/client class, splitting or assigning the tag for the scope/prefix will not happen. |
DHCPv6 Tab
To create an unregistered scope:
Procedure
Step 1 |
In the Scope Creation page, select a cluster/failover pair in the Clusters pane. |
Step 2 |
Select a scope from the scope tree and enter a percentage value. In case of prefix, the split will be 50-50 percentage. |
Step 3 |
Click the Split Scope icon to split the scopes for the BYOD unregistered scope or click the Assign Tag icon to allocate the complete scope for the BYOD unregistered scope. |
BYOD https Configuration
Reload Servers
The changes made in CDNS and DHCP servers for BYOD will get impacted by choosing the corresponding servers and clicking the Reload Servers button in the Reload Servers page.
Security
Choose an authentication type from the drop-down list (Local/Radius/Active Directory).
If the authentication type is Local, local CCM database is used to authenticate the username/password credentials used while login using Cisco Prime Network Registrar WebUI/CLI/SDK.
Active Directory Server configuration is mandatory for BYOD. On the Device Registration page, the credentials provided are validated against Active Directory using GSSAPI mechanism (default).
If the authentication type is Radius/Active Directory, follow the steps below:
Procedure
Step 1 |
For Radius/Active Directory, click Next to configure the corresponding server. |
Step 2 |
For Radius, click the Add Radius icon. Enter the name and address, and click the Add External Authentication Server button. |
Step 3 |
For Active Directory, click the Add Active Directory Server icon. Enter the name, address, and domain, and click the Add External Authentication Server button. |
Setup Interview Summary Report
The Setup Interview Summary Report page summarizes the actions you took on the setup pages and gives you the scopes/prefixes utilization report for BYOD.