Professional Documents
Culture Documents
Version 5.0.3
Administrator Guide
Administrator Guide
Revision: #41302
iii
Administrator Guide
iv
Administrator Guide
v
Administrator Guide
vi
Administrator Guide
vii
Administrator Guide
viii
Administrator Guide
ix
Administrator Guide
x
Administrator Guide
xi
Administrator Guide
xii
Administrator Guide
xiii
Administrator Guide
xiv
Administrator Guide
xv
Administrator Guide
xvi
Administrator Guide
xvii
Administrator Guide
xviii
Administrator Guide
Managing the IP Addresses/Interfaces Link from the IPAM Module ................... 779
Using Default Behaviors to Associate IP Addresses with Interfaces .......... 780
Using the Menu to Manage the IP Addresses/Interfaces Link ................... 781
Editing the Devices Topology from the IPAM Module ........................................ 783
70. Rules Impacting Device Manager ...................................................................... 785
Other Modules Rules Impacting Device Manager ............................................ 785
DHCP Rules ......................................................................................... 785
NetChange Rules .................................................................................. 785
Adding Device Manager Rules ....................................................................... 785
Enabling or Disabling Device Manager Rules .................................................. 786
XI. VLAN Manager ......................................................................................................... 788
71. Introduction ..................................................................................................... 790
Objectives of VLAN Manager ......................................................................... 790
VLAN Domains ............................................................................................. 790
VLAN Ranges ............................................................................................... 791
72. Managing VLAN Domains ................................................................................. 792
Browsing VLAN Domains ............................................................................... 792
Browsing the VLAN Domains Database .................................................. 792
Customizing the VLAN Domains Display ................................................. 793
Adding VLAN Domains .................................................................................. 793
Editing VLAN Domains .................................................................................. 793
Deleting VLAN Domains ................................................................................ 794
Importing VLAN Domains ............................................................................... 794
Defining a VLAN Domain as a Group Resource ............................................... 794
Creating Classes at VLAN Domain Level ........................................................ 795
73. Managing VLAN Ranges .................................................................................. 796
Browsing VLAN Ranges ................................................................................. 796
Browsing the VLAN Ranges Database .................................................... 796
Customizing the VLAN Ranges Display ................................................... 797
Adding VLAN Ranges .................................................................................... 797
Editing VLAN Ranges .................................................................................... 798
Changing a Range Properties ................................................................ 798
Changing a Range Size ......................................................................... 798
Deleting VLAN Ranges .................................................................................. 799
Importing Ranges .......................................................................................... 799
Defining a VLAN Range as a Group Resource ................................................ 800
Creating Classes ........................................................................................... 800
74. Managing VLANs ............................................................................................. 801
Browsing VLANs ........................................................................................... 801
Browsing the VLANs Database ............................................................... 801
Customizing the VLANs Display ............................................................. 802
Understanding the VLANs Statuses ........................................................ 802
Adding VLANs ............................................................................................... 802
Editing VLANs ............................................................................................... 803
Deleting VLANs ............................................................................................. 803
Importing VLANs ........................................................................................... 804
75. Managing the IPAM / VLAN Interaction .............................................................. 805
Configuring the IPAM / VLAN Interaction ......................................................... 805
Applying the IPAM / VLAN Interaction ............................................................. 806
XII. Rights Management ................................................................................................. 808
76. Introduction ..................................................................................................... 810
77. Managing Groups ............................................................................................ 811
Browsing Groups of Users ............................................................................. 811
Browsing the Groups Database .............................................................. 811
xix
Administrator Guide
xx
Administrator Guide
xxi
Administrator Guide
xxii
Administrator Guide
xxiii
Administrator Guide
xxiv
About This Guide
SOLIDserver is an appliance suite that allows to manage a network on all levels (from the IP
address to the network devices) through key services, systems and protocols such as the IPAM,
the DNS, the DHCP or even NTP, SNMP, TFTP, etc. Its main purpose is to provide users with
the possibility to manage their network using only one device.
SOLIDserver Administrator Guide is a document that describes and details the modules you
might have purchased with your license. This guide will not detail the existing types of licenses
and what modules and options they contain or lack. Note that some of the configurations described
in this document should not be handled by end users if the do not have previous knowledge of
the basic principles of certain protocols and what creating, editing or deleting some objects implies
on the network configuration.
Documentation Organization
SOLIDserver Administrator Guide is divided into ten parts:
• Starting: the description of the appliance hardware front panel and the descriptions of its basic
and first configuration.
• Graphical User Interface: the description of the Graphical User Interface and everything you
need to know to manipulate SOLIDserver at the best of its potential. It also provides very
useful GUI tips such as the dashboards and gadgets as well as how to customize your session
through images.
• System Configuration: the system configuration possibilities of an appliance such as the
network configuration or the services.
• Global Policies: a description of all the features and options available in all the modules of
the appliance: the alerts, default behaviors, imports, exports, reports and Smart Folders.
• IPAM Management: a description of all the options available in the IP addresses dedicated
module.
• DHCP Management: a description of all the options available in the DHCP protocol dedicated
module.
• DNS Management: a description of all the options available in the DNS protocol dedicated
module.
• NetChange: a description of all the options available in the module NetChange dedicated to
devices connected to your network.
• Workflow: a description of all the options available in the Workflow dedicated module.
• Device Manager: a description of all the options available in the module Device Manager
dedicated to devices, ports and interfaces personalized management.
• VLAN Manager: a description of all the options available in the module VLAN Manager dedic-
ated to Virtual Local Area Network personalized management.
• Rights Management: a description of the pages dedicated to users, groups of users and the
available rules that allow their authentication management.
• Administration: a description of all the options available in the Administration module, including
high availability, users, groups and delegation options, etc.
At the end of the guide, you will also find appendices containing technical details regarding:
xxv
About This Guide
• DHCP Options includes options and parameters from basic options to lease information, host
IP, interfaces, servers, BOOTP, Microsoft, NetWare NIS/NISplus or even vendors options.
• MAC Address Types References displays the reference number, in the GUI, of DHCP statics
supported MAC types.
• DNS Resources Records Related Fields displays the fields that will need to be configured
when adding resource record to a zone.
• Matrices of Network Flows details the network flows of the DNS, the DHCP, the IPAM as
well as the High Availability Management or NetChange.
• Configuring Radius: provides procedures to configure FreeRadius and Radius with Cisco
ACS and make them compatible with SOLIDserver.
• Class Studio Pre-defined Variables: provides a table detailing the values available when
configuring a pre-defined variable class object.
• SPX: the Service Provider eXtension module that allows you to manage your RIPE database
from SOLIDserver.
Documentation Convention
Each part of this guide is divided into chapters dedicated to configurations of specific objects is
order to give a clear presentation of their goal before providing procedures detailing the steps
to follow to configure, add, edit or modify objects managed through the appliance. To illustrate
the concepts explanations, you will find illustrations, diagrams and screenshots.
In each procedure, you will find some words highlighted to differentiate them from explanations
or actions. You will also find notes and explanatory tables like the one below:
Caution messages contain critical information that must be taken into account.
xxvi
About This Guide
Browser Version
Tip messages contain advices to help the user enhance the use of SOLID-
server or the management of particular objects.
xxvii
Part I. Starting
Table of Contents
1. Hardware Appliance Front Panel .................................................................................... 3
2. Basic Network Configuration .......................................................................................... 5
Prerequisites ............................................................................................................ 5
Hardware requirements ..................................................................................... 5
Supported Browser ........................................................................................... 5
Basic Network Configuration using the LCD Screen .................................................... 5
Basic Network Configuration through the LCD .................................................... 6
Resetting the Basic Network Configuration ......................................................... 7
Basic Network Configuration using a Terminal ............................................................. 7
Using SOLIDserver For the First Time ...................................................................... 10
Logging on SOLIDserver ................................................................................. 10
Setting the Main Modules Default Behaviors ..................................................... 11
Requesting and Adding a License .................................................................... 11
2
Chapter 1. Hardware Appliance Front
Panel
The front panel of SOLIDserver allows you to plug in one or more physical interfaces. It is also
possible to plug in a console cable to visualize the display output on another computer/screen.
Using the server panel, you can easily set up basic network configuration.
1 1 2 2 3 4
1 eth1/eth2: These ports allow you to plug in one or more cables for the management. To
understand how SOLIDserver manages all physical interfaces, please refer to the System
configuration section.
2 eth3/eth4: These ports allow you to plug in one or more cables for the network services.
To understand how SOLIDserver manages all physical interfaces, please refer to the System
configuration section.
3 rmgmt: This port is IPMI and LAN dedicated . The IPMI protocol leverages an out-of-band
network (typically dedicated for server monitoring and management), that provides a flawless
and secure path for mission-critical applications when regular in-band connectivity is lost or
is unresponsive. This port is only available on the SDS-500, SDS-1000, SDS-2000 and
SDS-3000.
4 console: This port allows you to plug in a console cable to visualize the output on a terminal
device. The console port on SOLIDserver is an asynchronous serial port. The console port
is configured as data terminal equipment (DTE). The console port uses RJ-45 connectors
(Cisco). Adapters are available for connections to PC terminals, modems, or other external
communication equipment. To connect a PC terminal to the console port, use either a RJ-
45-to-RJ-45 rollover cable, a RJ-45-to-DB-25 female DTE adapter or the RJ-45-to-DB-9 fe-
male DTE adapter (labeled "TERMINAL"). The default parameters for the console port are:
• 9600 baud.
• 8 data bits.
• No parity generated or checked.
• 1 stop bit.
• No Flow Control.
3
Hardware Appliance Front Panel
1 2 3
reset
4 5
4
Chapter 2. Basic Network Configuration
SOLIDserver can be configured using the hardware appliance front panel LCD screen itself or a
terminal. We will discuss in detail the two different configuration approaches as well as the steps
to follow during the very first appliance use.
Prerequisites
Before using SOLIDserver Graphical User Interface (GUI) you need to connect your device to
the network and configure an IP address for it (i.e. The default gateway configured during the
installation).
The management client is the computer from which you configure and manage SOLIDserver, it
must meet the requirements below to operate a SOLIDserver.
Hardware requirements
The minimum hardware requirements are:
Warning
You must disable your WEB browser pop-up blocker for the IP address you configured
for your SOLIDserver to manage it properly.
Supported Browser
You must have at least one of the following WEB browsers:
Once SOLIDserver has booted and is up and running, you have 30 seconds to press any arrow
button to get into the edition mode. Through this mode you can edit the IP address as well as
the netmask and the gateway. By default, the first physical interface is configured (eth1 on the
5
Basic Network Configuration
server panel, called em0 in the system) with an IP address 192.168.1.1/255.255.255.0 and a
gateway set to 0.0.0.0.The configuration of the Basic Network using LCD display can be applied
only on eth1 with one IP address.
2. To visualize the network configuration.
The LCD screen displays at all times the following information when SOLIDserver server is
running : the hostname, serial number, IP address, profeix/netmask and gateway. So during
the very first configuration if you let the 30 seconds timer run out, the default configuration will
be implemented and displayed on the screen after 90 seconds. No matter how you configured
the appliance, the LCD screen will provide a summary of the key network configuration data.
6. Modify the Netmask: to move from one octet to the other, press / . To decrease/increase
its value, press / . By default, the netmask is 255.255.255.0 .
7. To commit the new Netmask, go on the last position of the menu (on the far right). A new
Menu appears:
8. Modify the Gateway: to move from one octet to the other, press / . To decrease/increase
its value, press / . By default, the gateway is 0.0.0.0 .
9. To commit the new Gateway, go on the last position of the menu (on the far right). A new
Menu appears:
6
Basic Network Configuration
10. The basic network configuration is applied. Now you can launch your browser and point it
to the IP address you just configured.
Warning
Once the reset has been confirmed, SOLIDserver reboots automatically.
1. If the SOLIDserver is not turned on, push . During the boot sequence, the LCD screen
displays Device booting. Once SOLIDserver is started, a timer is displayed. Press to enter
in the setup.
2. Push until the EXIT menu appears. Then press to enter in the RESET menu. The mes-
sage WARNING: net conf will be lost is displayed.
3. To commit the reset, push . The message Restarting appliance... appears. If you do not
want reset, push to discard.
In the procedure below, we will configure a virtual interface and physical interface before setting
an IP address, netmask, gateway and DNS resolver IP address.
To configure the appliance from a web browser, an IP address and a gateway must be configured.
By default, there is already an interface configured with IP address 192.168.0.1 and netmask
255.255.255.0.
2. Enter the login root and hit Enter. The root account does not use a password at the first in-
stallation. The Main menu appears.
3. Select N Network Configuration and hit Enter.
7
Basic Network Configuration
Note
According to the support used, the display can be in color (VMware, your own
appliance system) or in black and white (SOLIDserver's appliance with console
port used).
8
Basic Network Configuration
Hit Enter to confirm the use of the interface. The IP addresses list menu.
8. Select the default IP address 1 192.168.1.1 255.255.255.0 and hit Enter.
Click on OK to save your changes. The IP addresses list menu opens again. Select E EXIT
and hit Enter until you get back to the Network configuration menu.
10. Select G Global configuration:
Click on OK to save your changes. The Network configuration menu opens again. Select E
EXIT and hit Enter until you get back to the Main Menu.
12. Select C Commit modifications to system:
9
Basic Network Configuration
Now your configuration is complete and you can access your SOLIDserver through the browser
of your choice. Make sure the browser version complies with the prerequisites mentioned above.
Logging on SOLIDserver
No matter the browser you choose to use, to access SOLIDserver you need to follow the procedure
below:
1. Open your browser, in the URL field type in https://{IP address}. If you defined a name for
your SOLIDserver in your DNS, you can use its name.
2. Hit Enter. The browser displays a security warning prompting you to accept or reject
SOLIDserver certificate. If the default certificate is in use, warning messages appear stating
the certificate is not from a trusted certifying authority, and that the hostname on the certificate
is either invalid or does not match the name of the site.
3. Accept the certificate. SOLIDserver Login page appears.
10
Basic Network Configuration
Right after you validated your credentials on the Login page, the Home page appears. You need
to set the internal module setup. You can configure them later but we recommend that you set
them right away.
5. Click on OK to commit your choice. The wizard closes. SOLIDserver homepage is visible
again.
At any point, you can change your mind and modify what you selected in that wizard through the
Settings menu that appears on every page of SOLIDserver (Settings > Expert > Internal Module
Setup).
11
Basic Network Configuration
can see in the gadget on the left, the System information gadget, a it has no license so you only
have the Administration tab available. You need to request a license to EfficientIP and then add
it.
Indeed, the operating licenses provided by Efficient IP allow customers to manage SOLIDserver,
the appliance cannot be operated until a valid activation key is installed. Each activation key is
unique and specific to one SOLIDserver appliance. It means that an activation key generated by
EfficientIP for an appliance will not work for another.
To request a license
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System Information > Licenses. The Licenses page opens.
3. In the menu, select Add > Request license. The wizard opens.
4. Read the Software License Agreement and click on NEXT . The next page opens.
5. Copy the content of the Key field and email it to requestlicense@efficientip.com. In the email,
ask for a test license.
6. Click on OK to close the wizard.
Once EfficientIP license team has answered your request and sent you a license key follow the
procedure below.
To add a license
1. From the EfficientIP email response to your license request, cut the license key.
2. Connect to SOLIDserver using the superuser credentials.
3. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
4. In the menu, select System Information > Licenses. The Licenses page opens.
5. In the menu, select Add > License. The wizard opens.
6. In the License field paste the license key.
7. Click on OK to save the key. The homepage refreshes. In the System Information panel,
the license type is now modified and all the modules that come with your license are now
visible.
12
Part II. Graphical User Interface
Table of Contents
3. Understanding the GUI ................................................................................................ 16
The Appliance Homepage ....................................................................................... 17
The Modules ........................................................................................................... 18
The Breadcrumb ..................................................................................................... 18
The Menu ............................................................................................................... 19
Connected User Account Configuration ............................................................ 20
The Pages .............................................................................................................. 22
The Homepages ............................................................................................. 22
The Listing Pages ........................................................................................... 23
The Properties Pages ...................................................................................... 31
The Wizards and Pop-up Windows ................................................................... 33
The Tree View ......................................................................................................... 42
The Bookmarks ....................................................................................................... 43
The Global Search Engine ....................................................................................... 46
4. Dashboards and Gadgets ............................................................................................ 48
Introduction ............................................................................................................. 48
Dashboards .................................................................................................... 48
Gadgets ......................................................................................................... 49
Gadgets Library .............................................................................................. 55
My Gadgets .................................................................................................... 56
Statistics Page ................................................................................................ 56
Adding a Gadget ..................................................................................................... 57
Adding a Gadget from a Dashboard ................................................................. 57
Adding a Gadget from the Statistics Page ......................................................... 57
Adding a Gadget from a Properties Page .......................................................... 58
Assigning a Gadget ................................................................................................. 58
Handling a Gadget .................................................................................................. 59
Moving a Gadget ............................................................................................. 59
Collapsing or Expanding a Gadget ................................................................... 59
Hiding a Gadget from a Dashboard .................................................................. 60
Displaying or Hiding a Gadget from My Gadgets ............................................... 60
Creating New Gadgets ............................................................................................ 61
Creating a Chart ............................................................................................. 61
Creating a Top List .......................................................................................... 62
Creating a Quick Search .................................................................................. 62
Creating a Quick Wizard Gadget ...................................................................... 63
Creating a Bookmark Gadget ........................................................................... 65
Editing a Gadget ..................................................................................................... 66
Granting User Access to the Gadgets ....................................................................... 66
Configuring Read-Write Access to a Group ....................................................... 67
Setting Gadgets Visibility ................................................................................. 67
Enabling or Disabling a Gadget ................................................................................ 68
Enabling or Disabling a Gadget through the GUI ............................................... 68
Enabling or Disabling a Gadget through the Menu ............................................. 69
Deleting a Gadget ................................................................................................... 69
5. Customizing the GUI .................................................................................................... 71
Customizing SOLIDserver Login Page With an Image ............................................... 71
Uploading an Image to SOLIDserver ................................................................ 71
Displaying an Image on SOLIDserver Login Page ............................................. 71
Removing the Image Displayed on SOLIDserver Login Page ............................. 72
Customizing SOLIDserver Homepage Welcome Banner ............................................ 72
14
Graphical User Interface
15
Chapter 3. Understanding the GUI
SOLIDserver offers a GUI that centralizes the management of the addressing/naming plan of IP
subnets, DNS servers, DHCP servers and so forth. Its purpose is to provide a simple, easy and
scalable interface enabling you to carry out all administrative tasks through a WEB interface:
managing IP addresses, managing DNS/DHCP services, etc.
Each module is composed in the same way to ease the navigation: you will find common icons,
menus, be able to see where you are in the module thanks to the breadcrumb etc. First of all,
we will provide you with the useful elements that you will see all throughout the appliance and
then details each of the key elements to understand the GUI and use it efficiently.
The image below shows a typical listing page within SOLIDserver (the IPAM subnets management
page).
In spite of the separation of protocols within modules, they all share common icons numbered in
the image above:
1 This icon allows to go back to SOLIDserver home page from anywhere in the appliance.
2 This field allows to look for data within all the modules (except Administration). For more
details, refer to the section The Global Search Engine.
3 This button is present on every page at the end of the breadcrumb line. Click on it to book-
mark the page you are on. For more details, refer to the section Bookmark Engine.
16
Understanding the GUI
4 This shortcut button is visible on the pages providing IPv4 and IPv6 management: the blue
color indicates that you are displaying IPv4 data. If you click on it, the IPv6 data page will
be displayed.
5 This gray shortcut button is visible on the pages providing IPv4 and IPv6 management; the
gray color indicates that you are displaying IPv4 data. If you click on it, the IPv6 data page
will be displayed.
6 This shortcut button is visible on almost any list and opens the addition wizard of whatever
object listed on the page. Note that on many pages it opens directly the by search addition
wizard.
7 This button is the Logout button. You will find it in the upper right corner of every module, it
allows to quickly log out of the current user session and login with different user credentials
for instance.
8 This button is visible everywhere within SOLIDserver and allows to open the tree view. For
more details, refer to the section The Tree View.
17
Understanding the GUI
Both these gadgets provide a number of options and links, for more details refer to the section
Descriptive Gadgets of the chapter Dashboards and Gadgets of this guide.
The Modules
Each module that you can manage through SOLIDserver is represented in the GUI by a tab.
When you navigate between each module, the tabs will remember the last page that you worked
on so when you go back to a tab, the page displayed is the last one you visited. Within the GUI
the tabs indicate in which module you currently are, the lightest tab is the one open:
Each tab has its own graphic design to help you visualize the internal organization of the module:
the modules are all designed in the same way but the items listed all correspond to particular
icons that share different gradations of a common color in each module. For instance, IPAM is
a gradation of orange, DHCP of deep blue, DNS of red, etc.
The Breadcrumb
According to the tab previously selected, the breadcrumb, i.e. navigation bar, displays the module
internal tree.
As you can see in the image above, the breadcrumb uses the graphic design of each module:
here the orange matches the IPAM tab color and the icons respect the module internal hierarchy
3 . The colored icon represents the page you are currently on 2 , here the All subnets page. The
house icon 1 allows you to go directly to the module homepage, in the procedures of this guide
it will be represented as follows: .
18
Understanding the GUI
Keep in mind that the breadcrumb is a linear representation of the module hierarchy. Therefore,
once you are displaying the subnets of a space for instance, this space will be visible in the
breadcrumb.
Figure 3.5. The Breadcrumb: Useful Location Reminder and Access Provider
In the image above, you can see that the mouse pointer is not an arrow but a hand and that the
space name is underlined: each element of the breadcrumb is a link in essence. In this example,
the subnets of the block USA belonging to the Local space are listed. Once you click on Local,
you will access the properties page of said space: once an element is named in the breadcrumb,
clicking on the name opens its properties page. So in the image above you could access the
USA block properties page as well from the breadcrumb.
The Menu
The menu is displayed on every page but will vary according to the page you are on: the available
options change on each page. It allows you to perform specific actions, in the example below
you can add, edit, access tools, change display features and launch reports for th listed items.
On every page of SOLIDserver you will always have access to three menus:
Preferences
This menu contains:
• Links toward the pages My Quick Wizards, My Smart Folders, My Bookmarks and the two
gadgets related page: Gadgets Library and My Gadgets.
• Links toward the account configuration through the My Account section. For more details
refer to the section Connected User Account Configuration below.
• Links toward the gadgets addition. The gadgets available will vary on each page, for more
details refer to the chapter Dashboards and Gadgets.
Settings
At the very least this menu will contain an Expert section that allows to access the Internal
module setup wizard. Otherwise, depending on the page your are on it might contain:
• Customize user fields: a link toward the Class Studio pop-up window to see the existing
classes defined for the objects listed on the page. For more details, refer to the section
Browsing the Classes Database.
• Default behaviors: a link toward the Default behaviors configuration wizard that allows to
display a number of behaviors (fields) within the edition wizards of the objects listed on
the page. For more details, refer to the chapter Managing Default Behaviors.
• Listing templates: a link toward the listing template configuration wizard that allows you to
choose which columns you want to display or hide on the current listing page. For more
details, refer to the section Customizing The List Layout.
?
This menu offers links toward two documents:
19
Understanding the GUI
• Help opens SOLIDserver Administrator Guide in the version corresponding to your appliance
version in a new tab in your browser.
• About opens the License wizard that contains the Software License Agreement.
Within all modules - but the Administration module - you will find on the listing pages the Display
menu. This menu will be useful for a number of reasons:
With version 5.0.3, the gadget My account preferences & configuration is available on the appli-
ance Home page. It provides the connected user with shortcuts: to access the Gadgets Library
and to edit the interface language.
From the Configure Time and Date Format you can change your time reference: either Local
time zone or UTC time zone and/or the date format : either day/month/year or month/day/year.
Note that the local time is based on the time zone of your browser whereas the UTC (Universal
Time, Coordinated) is the international standard for civil time and the Internet.
Note
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems.
1. From any page of SOLIDserver, in the menu select Preferences > My Account > Set
Time/Date Format. The Configure Time and Date Format wizard opens.
2. In the Time zone drop-down list, select Local time or UTC-GMT.
3. In the Date format drop-down list, select mm/dd/yyyy or dd/mm/yyyy.
4. Click on OK to commit your configuration. The report opens and closes. You can see the
display change on the Administration syslog page for instance.
Listings Configuration
At any time you can choose how many lines to display on the listing pages or decide to alternate
gray and white lines in the listing one by one or three by three.
20
Understanding the GUI
To change the list format and/or the number of lines displayed on the listing pages
1. From the menu, select Preferences > My Account > Set Format List. The Set List Format
wizard opens.
2. In the List line count field, type the number of lines you want to display.
3. In the List format field, select 1-1 or 3-3.
4. Click on OK to commit your changes. The report opens and closes. You can see the result
on any listing page.
Caution
The more you increase the number of lines displayed, the more the resources used
by SOLIDserver to display lines are important.
Language Configuration
By default, SOLIDserver is in English, but you can change the language following the steps below:
1. From the menu, select Preferences > My Account > Set Language. The Change language
wizard opens.
2. In the Language list, select English, French, Spanish, German, Dutch, Chinese or Japanese.
3. Click on OK to commit your choice. The report opens and closes. SOLIDserver refreshes,
the GUI is in the selected language.
To set the GUI language from the gadget My account preferences & configuration
Password Configuration
At any time if you were granted sufficient rights, you can edit the password used to connect to
SOLIDserver.
1. From the menu, select Preferences > My Account > Change password. The Modify user
password wizard opens.
2. In the Previous password field, type in the old password.
3. In the New password and Confirmation fields, type in the new password.
4. Click on OK to commit your change. The report opens and closes.
21
Understanding the GUI
The Pages
SOLIDserver provides different kinds of pages depending on the objects managed or the actions
you can preform on them. Consequently, we can distinguish four "families" of pages within the
GUI.
The Homepages
Each module has its own Homepage. It contains buttons toward the module different pages
and the module dashboard that you can customize.
The Listing Pages
The most widely used kind of page: it is a list that provides an overview of all the data and
gives access to a number of actions to perform on the object summarized by the menus
available.
The Properties Pages
This page is accessed through a listing page. It can either be a simple reminder of all there
is to know regarding a particular element or it can provide additional information not displayed
in the listing page you came from. In that case, you will be able to set up very specific config-
urations (e.g. DHCP options).
The Wizards and Pop-ups Windows
Both these pages will appear above the other pages and provide you with fields and/or buttons
to make changes and commit them.
The Homepages
The homepage is the page that you will see the first time that you open a module. As it gathers
a number of buttons and menus that you will sometimes not find elsewhere in the module.
The homepage it has its own shortcut icon (the house) in the breadcrumb. The Setting menu is
particularly interesting on the homepage: it gathers specific links towards page that you can only
access form this page.
All the buttons are concentrated in a light gray area under the menu. Right under the buttons,
you will find the dashboard that allows you to customize your homepage with the gadgets of your
choice. Refer to the chapter Dashboards and Gadgets for more details.
Keep in mind that from every homepage you can access a page from its button, the Display menu
or directly through the breadcrumb. For instance, to open the All spaces page, you can click on
the Spaces button or on All spaces in the breadcrumb or through the menu by selecting Display
> All spaces.
22
Understanding the GUI
In the example below, you will see the list of all the IPv4 subnets of the space My_Company
sorted through the Address column:
As there is no limit to the data listed on SOLIDserver listing pages, the GUI provides
some key fields, buttons and areas:
23
Understanding the GUI
Keep in mind that you can use the SHIFT key on your keyboard to select a set of suc-
cessive items: select the first item, press the SHIFT key, select the last item you want
and release the SHIFT key.
Moreover the checkbox located above the list, left of the first column search engine, allows
you to select at once all the items counted in the Result. If the list is filtered, checking
this box will select all the items listed in the search result. If there is no filter applied to
the list, all the objects listed will be selected on every sub-page and no matter how many
sub-pages there are.
DNS/DHCP Smart Architectures special Display
Both DNS and DHCP modules provide the smart architecture management of physical
servers. A smart architecture, once added, will behave and be displayed like a physical
server. Therefore, the physical server(s) it manages will not be visible in the list which is
why, on DHCP and DNS listing pages you will find the Show / Hide smart members button.
Clicking on it will either display or hide the physical server(s) the smart architecture is
managing.
Figure 3.10. The Show / Hide Smart Members Button On DNS And DHCP Listing Pages
All the data listed on most SOLIDserver pages can be filtered one column at a time or using
several columns. This column filter allows you to perform custom searches through each column
search engine field. Therefore you can include or exclude certain criteria when looking for partic-
ular data. It is possible to perform a search with multiple criteria on one or several columns at
once. The table below describes everything you need to know before filtering a list:
1 This icon allows you to unset altogether the filters applied, no matter how many filters were
set.
2 This arrow indicates that the list is sorted through the Address column in ascending order.
24
Understanding the GUI
3 The underlined column names indicate that you can sort the column data in direct/reverse
alphabetical order.
5 These fields allow to type in the data you are looking for the in the column: it is the column
search engine. If this field is not visible, you cannot filter through said column, you might
only be able to sort.
4 This button allows you to apply the filter using the data entered in the column search engine.
You can also hit Enter to perform a filtered search.
The procedure below describes how to filter a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.
1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. In the search engine field of the column of your choice, type in the data (string) that suits
your needs.
3. Click on SEARCH to perform the search.
Keep in mind that there is number of operators that will help you center of widen your search.
The following table lists the available operators that you can apply to filter the listed data: keep
in mind that you can put a space between the operator and the string as well.
25
Understanding the GUI
You can also automate the search using the Filter constructor: double-click in the column search
engine field to display it and configure your search.
Figure 3.12. Example of Filter Constructor: on the DHCP Servers Status Column
As you can see in the example above the filter constructor indicates the different types of statuses
available for the DHCP servers. The drop-down list on the left allows you to choose the action
to perform on the string you will type in the field on the right (see next image for more details).
To look for different strings at once click on the plus button 3 and in the new field type in the
data you want to find or avoid. In the same way, to remove a string click on the minus button 2
that will be located on each new line. Then click on APPLY 1 or hit Enter to perform the search
using the filter(s) you just configured.
Depending on the objects listed on the page, you might find a list of checkboxes like for the
servers statuses we saw earlier or only one checkbox called Top occurrences, if you check it you
will display the most used values in the column and how many times they appear.
Figure 3.14. Example of the Filter Constructor Top occurrences: on Device Manager Ports & Interfaces MAC
Vendors Column
On some pages, you might have columns dedicated to the Date or to time and date. These
columns provide specific filtering operators:
In addition, some keywords allow you to filter the list using specific dates or whole periods of
time. This filter is based on UTC time. The keywords are listed in the table below.
26
Understanding the GUI
SOLIDserver makes it possible to sort by ascending or descending alphabetical order the inform-
ation contained in each column by clicking on the column name. Only one list can be sorted at
time. By clicking twice on the same name, you change the sorting order. Keep in mind that the
order will respect the ASCII alphabetical order: the digits will appear first, followed par capital
letters in alphabetical order and finally the small letters.
27
Understanding the GUI
The procedure below describes how to sort a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.
1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. If you click on Name 2 , the listing will be sorted in the alphabetical order of the subnets
name. If you click on Name 2 again, the list will be sorted in reverse. The blue arrow 3
symbolizes the sorting order.
This method is really efficient to sort the list according to your needs, for instance filter data
through the Size 1 column to display first the largest subnets.
Keep in mind that if a column contains too much data it cannot be sorted anymore. In this case,
the blue arrow next to the column name will be replaced by a red cross like 1 in the example
below.
Figure 3.17. A Red Cross Indicates That You Cannot Sort a Column Anymore
SOLIDserver allows users to select different layouts of listing pages. Layouts are stored in column
templates and allow to display, hide and order the columns of the listing page. Only a user be-
longing to the admin group can create, update and remove a template.
By default, each listing has a default listing template, if you choose it when editing a page listing
template, you will overwrite the default setting and will not be able to get it back, unless you know
which columns you chose to add or remove and edit it. So we strongly advise that you create
new templates rather than modifying the default one.
Columns corresponding to class objects can also be added to those already available in the listing
templates. These columns appear in the format Class param: <object label>.
The procedure below describes how to sort a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.
1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. In the menu, select Settings > Listing templates. The configuration wizard opens.
3. In the Action drop-down list, select New template. A next field appears.
4. In the Name field, type in the new template name.
5. Click on NEXT . The <Objects> lists configuration page opens.
6. The page allows editing the list of the Hidden columns and the list of the Displayed columns:
• To add a new column in the displayed list, select it in the Hidden columns list and click on
.
28
Understanding the GUI
• To remove a displayed column, select it in the Displayed columns list and click on .
• To change the order of the columns on the page, select one by one the columns you want
to move in the Displayed columns list and place them where you want using and .
Note that from any module homepage, except the Administration tab, you can create listing
templates through the menu Settings > Listing templates configuration > available page.
Warning
When you edit a template, your update will be applied to all user.
1. Go to the homepage of any module for which you created a listing template. If the homepage
is not displayed, click on .
2. In the menu, select Settings > Listing templates management. The Listing Templates
Management page opens. This page contains several panels: one for each list in the module.
3. Open the panel that contains the template you want to rename.
4. Select the name of the template to rename.
29
Understanding the GUI
1. Go to the homepage of any module for which you created a listing template. If the homepage
is not displayed, click on .
2. In the menu, select Settings > Listing templates management. The Listing Templates
Management page opens. This page contains several panels: one for each list in the module.
3. Open the panel that contains the template you want to delete.
4. Select the name of the template to delete.
5. Click on DELETE . The Delete template wizard opens.
6. Click on OK to delete the template. The report opens and closes. The Listing Templates
Management page is visible again, the template is no longer listed.
With version 5.0.3, SOLIDserver introduces the Multi-Status column in all the modules. It gathers
useful status and state information regarding an object itself or the configuration within the module.
It is displayed by default on all the DNS module pages and concerns Hybrid compatibility at each
level of the hierarchy. In the DHCP, it is displayed by default on the All servers and All failover
channel v4 and v6 pages to provide in real information regarding the failover configuration between
servers. As for the other pages, you can add it through the Listing template configuration wizard
as explained in the section Customizing The List Layout.
Multi-status provides messages divided into 6 levels of severity. Each message and level of
severity is specific to each object.
30
Understanding the GUI
A colored square appears on the line of the object it applies to. It contains a number that corres-
ponding to the total amount of messages matching the severity. Put your mouse over the square
to display all the messages and deal with them if need be.
Each module contains a set of dedicated message numbers: IPAM from 0 to 999, DHCP from
1000 to 1999, DNS from 2000 to 2999, NetChange from 3000 to 3999, Device Manager from
4000 to 4999, Workflow from 5000 to 5499, VLAN Manager from 5500 to 5499 and finally Admin-
istration from 9000 to 9999. The message number precedes the message itself.
On every listing page, SOLIDserver provides the Info Bar. This tool is a shortcut in essence toward
editing listed objects, accessing the properties of an object or filtering the list using a particular
column. To use this tool, you have to put your cursor over the data you want to handle. After one
second, the Info Bar will appear under the column entry of your choice and above the list:
1 This shortcut button allows you to go to the current element properties page.
2 This shortcut button allows you to open the object editing wizard. This is basically the same
wizard than the one you open from the object properties page through the Main properties
panel EDIT button.
3 This button allows you to display a chart right over the page. The chart differs from a page
or object to the other. For instance, from the DNS servers page it displays a server statistics
chart. No matter the object, if a chart is available for an object, it is also displayed on the
properties page.
4 This button allows you to visualize quickly in a table under the Info Bar the most important
information regarding the object.
5 This button allows you to filter the list using the value over which you put the cursor: name,
IP address, etc.
The example above displays the full Info Bar with five available buttons. Most of the time you
have four buttons, at the very least the Filter button will be available on a standard listing page.
The properties page display is different from a listing page: it is composed of a number of panels
that always respect the following criteria:
31
Understanding the GUI
• All the panels that you can edit have an EDIT button embedded that allows you to access a
wizard.
• All the objects belonging to the same module and level of hierarchy (like the IPAM subnets,
the DNS servers, etc.) will share a common set of panels. The options that you choose to apply
to one but not the other might add a panel or simply change the value displayed in it.
Figure 3.19. Example of the Properties Page of a DNS Name Master Zone
As you can see in the example above, the properties page of a name master zone allows you to
display the information regarding the zone divided into panels: Main properties, Default behavior
properties, Name servers, Forwarding, Groups access, Ticket, Notify, Access control, Sources,
Sources V6, State log and Audit. Each panel (except the State log and the Audit) contains an
EDIT button to configure the zone according to your needs. Obviously, the panels will differ for
every object and every module but this example gives you an overview of the information available
on a properties page.
Note that some pages within SOLIDserver use the properties page display but do not display
properties: the Listing templates Management for instance that you can access from any homepage
through the Settings menu.
32
Understanding the GUI
The Wizards
The wizard is a key element of the GUI as it is present on every page to add, edit, delete or
configure all the objects that you will manage through the appliance. Its title will remind you of
the action your are performing on the page.
The wizard is composed of a number of buttons and fields that you need to understand before
using SOLIDserver at its best potential. The content of a wizards varies according to the actions
and configuration that the wizard enables. We will detail the common fields and options that the
wizard provides in SOLIDserver GUI.
Note that we will not detail the buttons of the wizard as they are self-explanatory and always
mentioned within each procedure in this guide.
Standard Fields
Using the screenshot below we will describe the fields that you will always find in a wizard.
1 The pushpin icon is present on every wizard. It allows to save the current page in a
quick wizard. For more details, refer to the section Quick wizards below.
2 The cross button allows to close the wizard and cancel whatever configuration or changes
you were doing.
3 This section is a location reminder located on the left down corner of the wizard. It is
especially useful when adding objects to an existing space, server, etc. As you can see
in the example above, it indicates the block you selected in a previous step - start IP
address/prefix (name) - as well as the selected class - class name or none - and finally
33
Understanding the GUI
the start address of the subnet you need to name and finish configuring before ending
the process.
4 The fields are present on all the wizards that allow you to configure objects. They might
have different colors: a blank white field indicates that you need to type in the value of
your choice, the field you are working on is surrounded by an orange line. If the field
background color turns orange, it indicates that you typed in an error (syntax error). If
you do not correct it you will be able to continue configuring or save any changes made
through the wizard. All the fields in which you need to type in data are referred to as
field in this guide.
5 The star icon indicates that a field/parameter/option is required. If you leave the field
blank you will not be able to go on with the configuration. If the field or drop-down list
has a default value, it will be selected and applied, if you do not change it, when you fi-
nally click on OK on the last page of the wizard.
6 The drop-down list field contains a down arrow that indicates that you might have a list
of values to choose from. Click on the field to display the list. We will refer to this kind
of field as a drop-down list in this guide.
7 This gray field is a read-only section of the wizard: you cannot edit it. In the case of our
example it is a sum of the basic information regarding the subnet being created. In
other cases you might find simple fields in light gray, they cannot be edited either but
are displayed as a reminder of the main information to remember, especially when
editing an object.
8 The checkbox is present on a number of wizards to configure particular parameters. It
will be located right or under of the field name and can be ticked or unticked according
to your needs. Note that ticking the box might reload the page. When located before a
field name, it will open a section with additional parameters to configure.
9 This information section might be located above or under the field it describes to guide
you in the configuration.
The PREVIOUS button allows to go the previous page to check what you configured on
these pages while keeping the change you just added to the current page. Once you
went back to a previous page, click on NEXT to go ahead in the configuration steps.
The OK button indicates that you are on the last page of the wizard. Clicking on it saves
and applies, in other words commits, the changes made through the wizard.
The CANCEL button, like the cross button, allows to close the wizard and cancel whatever
configuration or changes you were doing.
Every action within SOLIDserver opens a wizard. In particular the deletion process of any
object. Here below, you will find the most used wizard of all: the deletion confirmation wizard.
The GUI will also provide more information in the WARNING message section if needed.
34
Understanding the GUI
1 The warning message contains key information regarding the action you are performing
on an object, you must take into consideration before going further.
Additional Icons
The configuration and edition wizards will provide extra information icons embedded in the
page. These icons will open a window containing more detailed information to help with a
through configuration of the object. The DNS zone edition wizard is a good example:
1 The question mark icon is located after a field name and provides additional information
regarding the field and the particularities of the configuration.
2 Once you put your mouse over the question mark, a window opens above the wizard
with the relevant information to help you set the field parameter.
35
Understanding the GUI
Additional Pages
SOLIDserver provides a tool to customize almost every resource through classes. If you or
your administrator configured classes for any resource, you might see a page, similar to the
one below, when adding or editing resources.
As you can see, a <resource> class list is displayed, it allows users to select one of the
classes configured by the administrator or None. Once a class is selected, there will probably
be a set of additional fields and pages in the wizard that will not be detailed in the procedures
as they are specific to every appliance customization configuration. For more details, refer
to the Class Studio chapter of this guide.
Configuration Lists
In a number of wizards you will find configurations lists. That is to say a set of two lists that
gather all available data and allow you to choose a set of value from a large list. They usually
go in pairs: Avialable/Selected or Hidden/Displayed. The listing template configuration is a
good example of such lists:
36
Understanding the GUI
1 This field is a list in essence that displays all the available columns that can be chosen
from. In this case, the columns that can be displayed on the All scopes listing page. You
can select every line that you want one by one and move them to the second field
(Displayed columns).
2 Once you selected a value in the first field, click on this button to move it to the second
field. You can also double-click on the line to move it to the other list. In this case, you
would add columns to the listing template display of the All scopes listing page.
3 This field is a list in essence that displays all the columns that are selected and kept in
the configuration. In this case, the columns that will be displayed on the all scopes listing
page. You can select every line that you want to remove one by one and move them to
the first field (Hidden columns).
4 Select a line (value) in the second field, click on this button to remove it from the list and
put it in the first field. You can also double-click on the line to move to the other list. In
this case, you would remove columns from the listing template display of the All scopes
listing page.
5 This button allows you to move up a value in the list and manage the order of the values
listed. The order displayed before you click on OK is the one that is saved. In this case,
the order of the values will correspond to the order of the columns displayed on the all
scopes page.
6 This button allows you to move down a value in the list and manage the order of the
values listed.
Management Fields and Buttons
Some wizards are management tools that provide within the window a list of values that you
can manage (modify or delete). These fields are all the more important as they are very
helpful when it comes to configure quickly key parameters like a virtual interface:
As you can see in this wizard, the IP addresses list contains two IP addresses. Such a list
located under a set of configuration fields indicate that you can manage the values listed
from the wizard. Indeed, you can select one of the lines and modify or delete them one by
one.
37
Understanding the GUI
1 Once you selected the item of your choice in the list at the bottom of the wizard page,
you can modify the value of any field displayed in white. In this case, you would be able
to modify the value of any of the following fields: IP address, Netmask, Specific route,
802.1q number and VIP service.
2 Click on this button to save your changes and overwrite the former configuration. Then
follow the wizards steps ( NEXT or OK ) to commit the changes.
3 Click on this button to delete the line i.e. the whole set of values displayed in the fields
that correspond to the selected line. In this case, the line 10.0.30.171-255.255.0.0 gw:
tag: vip: vhid: would be deleted. To delete data in a field, select it in the field use the
keyboard to delete the value. Then follow the wizards steps ( NEXT or OK ) to commit the
changes.
4 Click on this button to discard any changes made in the fields and be able to select
another line or add a whole new set of data, see the same page as the image Manage-
ment Wizard Page above. In this case, it would allow you to add a new interface.
5 The blue color indicates that the line has been selected to be modified or deleted. During
the modification, it turns gray.
Autocompletion Fields
Some wizards provide autocompletion fields to make the configuration faster and easier.
There are actually two kinds of auto-completion methods within SOLIDserver: the manual
one and the automated one.
Manual Autocompletion Field
The manual autocompletion field is signaled by a SEARCH button embedded in the
wizard page.
38
Understanding the GUI
As you can see in the example above, the autocompletion option is available for the IP
address field.This option relies on a basic DNS query to find the corresponding IP address
and allows you not to learn the IP addresses by heart.
Automated Autocompletion Field
The automated autocompletion field is a very useful field that will offer a set of matching
values to the data you entered in the field. A good example of an automated autocomple-
tion implemented in a field of SOLIDserver is configuration of a DHCP range:
39
Understanding the GUI
1 There is no indicator of the autocompletion fields. In this field, type in the value you
are looking for and a list of matching items will be provided. If only one value corres-
ponds to the data entered, the list will not appear and the matching value will be
displayed. The autocompletion will return an orange field if no values match the
data you type in the field.
The automated autocompletion tool will either return a list or a single matching value. In
the case of our example, a set of the commonly used ACL are saved in the database to
provide a list in the field and help you configure your range.
Saving a Wizard
Each wizard page can be saved using the pushpin button. This page and the data you typed in
or selected is saved within a quick wizard. The quick wizard is an extra feature offered by
SOLIDserver that allows you to go back to a configuration at any time and from any page.
All quick wizards are saved and listed on the page My Quick Wizards of the Administration
module. A quick wizard is a shortcut in essence that will open the wizard in the corresponding
module.
• From anywhere in the appliance, in the menu select Preferences > My Quick Wizards. My
Quick Wizards page opens.
There are three ways to access the wizard: through a quick access, a shortcut embedded in the
Quick Wizard gadget or through My Quick Wizards page. The creation wizard will allow you to
set the type of quick wizard that suit your needs.
1. From any wizard page, click on . The Adding a Quick Wizard page appears.
2. In the Name field, name the quick wizard.
3. In the Module drop-down list, select a Quick Access to create a shortcut through the Prefer-
ences menu or a module to include a shortcut toward the quick wizard you are creating in
the quick wizard gadget. For more details, refer to the chapter Dashboards and Gadgets.
4. In the Description field, you can type in a description.
5. Click on OK to commit the creation. The report opens, the wizard closes. The page you
where on appears again. The quick wizard is listed on the Quick Wizards page.
Whatever the value you selected in the Module drop-down list, the quick wizard is listed on My
Quick Wizards pages. This page allows you to manage the quick wizards more thoroughly. It
contains five columns to organize the list as you please (you can sort of filter them):
• Name displays the quick wizard name. If you click on a name, the Edit a Quick Wizard wizard
opens and allows you to rename the quick wizard, add or remove a description, add or remove
the quick wizard from the dashboard of the module of you choice (or even make it a shortcut
within the quick wizard gadget and a quick access shortcut through the Preferences menu)
and finally change its visibility settings.
• All users indicates if you share the bookmark visibility with other users or not (yes or no).
• Description displays the description you might have added to the quick wizard among creation
or edition.
40
Understanding the GUI
• Dashboard indicates the module dashboard on which you decided to display the shortcut in
the Quick Wizard gadget. For more details regarding the Quick Wizard gadget, refer to the
section Creating a Quick Wizard Gadget of the Dashboards and Gadgets chapter of this guide.
• Access contains the Access link toward the wizard saved through the quick wizard.
If you created a Quick Wizard gadget, My Quick Wizards page will allow you to modify it. Editing
the quick wizard gadget through My Quick Wizards page basically allows to assign the quick
wizard buttons one by one to the gadget displayed. In other words, it allows to choose on which
dashboard you want to display the shortcut toward a particular quick wizard.
1. From any list, through the menu, select Preferences > My Quick Wizards. My Quick Wizards
page opens.
2. Click on the name of a Quick Wizard you want to add to the Quick Wizard gadget. The Edit
QuickWizard wizard opens.
3. In the Available list, select the module you want the Quick Wizard to be displayed on.
4. Click on . The module is now in the Configured field. You can repeat this action for every
additional Quick wizard gadget you want the Quick Wizard to be displayed in. If you list a
dashboard on which the gadget has not been created yet, it will be created and displayed
on the selected dashboard.
5. Click on OK to commit the creation. The report opens and closes. The Quick Wizard is in-
cluded in the Quick Wizard gadget of the dashboard(s) you selected.
This page also allows you to delete or define the visibility of several quick wizards shortcuts at
once. Note that there is no quick wizard properties page as all the information is displayed on
the page directly.
The pop-up window appears mostly when there are configuration errors: for instance, you just
selected an action through the menu without selecting the objects it is supposed to apply to. Or,
on the contrary, you selected two many elements at once for the chosen option. It will always
contain a question or a statement with an OK button that you will use to commit your choice or
close the window.
Caution
To use SOLIDserver to the best of its potential, make sure your Internet browser is
not configured to block pop-up windows.
However, there are some modules and pages in which the pop-ups are not error related: in the
Administration module the Groups page and Class Studio, use pop-up windows to configure
41
Understanding the GUI
group and classes respectively. In the same way, to assign an IP address in the IPAM, you need
to click on it and confirm via a pop-up that you mean to assign it.
Figure 3.30. Overview of the Opened IPAM Section in the Tree View
1 This button allows to open or close a section: this one indicates the section of the tree view
is closed.
2 This button allows to open or close a section: this one indicates the section of the tree view
is open.
3 This icon indicates that a branch of the tree view hierarchy is open. If you click on it you will
open the branch and display its hierarchical content.
4 This icon indicates that a branch of the tree view hierarchy is closed: it is a link toward the
content of the listed data. In this example, if you click on the block address you will access
the list of subnets of the block FR of My_Company space in the IPAM module.
5 The last element of the displayed hierarchy, preceded by a dotted line: it is a link toward the
listed data. In this example, it provides access toward the IP addresses list of the subnet
test of My_Company space in the IPAM module.
6 This button allows to refresh a section of the tree view.
7 This button is called the tree view button and allows display the tree view. You can also click
on it to drag open or closed the tree view according to your needs. Click on it and move
rightward to widen the tree view and leftward put it back to its default size.
The tree view is composed of several sliding panels. By clicking on one of them, you will open
the data it contains. If you click on a branch, you open the data it contains. You can perform a
number of actions from the tree view.
42
Understanding the GUI
1. Put your mouse over tree view button in the lower left corner of SOLIDserver GUI. The Tree
view window opens.
2. Click on the section name of arrow button to open it, display its hierarchy and access the
page of your choice.
The Bookmarks
To access different product resources with a simple click, SOLIDserver provides a bookmark
engine. Based on the web browser's philosophy, it allows you to save any pages you want as a
bookmark.
Once saved, bookmarks are saved in the My Bookmarks page and accessible from the Tree
View module (for more details, refer to The Tree View section). Any page can be bookmarked,
even a listing page displaying filtered data, it allows you to make customized bookmarks according
to your needs.
If you click on a bookmark - here the third IPAM bookmark in the example above, Blocks allocated
more than 10% - you can see all the blocks used at least at 10% of their total capacity.
To bookmark a page
1. From any page within SOLIDserver, click on at the end of the breadcrumb. The Bookmark
this page wizard opens.
2. In the Name field, rename the bookmark if need be: by default a bookmark is named Module:
Page. This field is mandatory.
43
Understanding the GUI
3. The Bookmark Folder field allows you to put your bookmark in a directory and organize the
final display in the tree view. The name you type in will create the folder. If you already created
folders, click on SEARCH to display the list of existing bookmarks folders and select the one
you need.
4. Tick the Add to the Bookmark gadget checkbox if you want to add the bookmark to the
1
bookmark gadget.
5. Tick the Share with the other users checkbox if you want this bookmark to be visible to any
user in the Tree View. If you leave it unticked, you will be the only one to see the bookmark.
6. Click on OK to create your bookmark. The report opens and closes. The page is visible again
and now it is marked . The bookmark is now listed in the Tree View and on My Bookmarks
page.
1. From any page where you have added a bookmark, click on , a wizard opens.
2. Click on OK to delete your bookmark.
To manage the bookmarks more thoroughly, you need to go to My Bookmark page. It is accessible
from any page of SOLIDserver through the Preferences menu and contains four columns to or-
ganize the bookmark list as you please (you can sort of filter them):
• Name displays the bookmark name. If you click on a name, the Edit Bookmark wizard opens
and allows you to rename the bookmark, place it in a folder or remove it from one, add it to the
bookmark gadget and/or change the visibility settings.
• All users indicates if you share the bookmark visibility with other users (Yes) or not (No).
• Bookmark Folder indicates if the bookmark belongs to a folder or not: it displays either the
folder name or /.
• Path contains the Access link toward the bookmarked page.
My Bookmarks page also allows you to delete or define the visibility of several bookmarks at
once. Note that you cannot see the properties page of a bookmark: all the information regarding
the bookmark is displayed on the page directly.
1
For more details, refer to the sections The Bookmark Gadget and Creating a Bookmark Gadget.
44
Understanding the GUI
From this page, you can Access each bookmarked page, delete bookmarks and configure other
users access once the bookmark is created.
1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. At the end of the line of the bookmark of your choice, click on Access. The corresponding
page opens.
1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) you want to delete.
3. In the menu, select Edit > Delete. The Delete Bookmark wizard opens.
4. Click on OK to commit the bookmark deletion. The report opens and closes. My Bookmarks
page is visible again.
1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) for which you want to change the visibility.
3. In the menu, select Edit > Visible to all users > Set. The Bookmark Visibility wizard opens.
4. Click on OK to commit the configuration. The report opens and closes. My Bookmarks page
is visible again: the bookmark is marked Yes in the All users column.
1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) for which you want to change the visibility.
3. In the menu, select Edit > Visible to all users > Unset. The Bookmark Visibility wizard
opens.
4. Click on OK to commit the configuration. The report opens and closes. My Bookmarks page
is visible again: the bookmark is marked No in the All users column.
45
Understanding the GUI
Figure 3.34. The Global Search Window: the Results of a Search Performed Through the Engine
1 This field allows you to type in the data you are looking for.
2 This button, the magnifying glass, allows you to perform the search. You can also hit enter.
3 This icon, located at the end each result line, allows you to access the properties page of
the listed data.
4 Each line is preceded by the icon corresponding to its object type (like on every listing page)
in order to display an overview of all the occurrences of the data researched within SOLID-
server on each page and every module separately. In the example, the address corresponds
to an IP address, a pool, two subnets and three blocks in the IPAM module; two RRs in the
DNS and two MAC addresses listed in NetChange. This line is also useful when it comes
to displaying basic information regarding the object, see the procedures below for more
details.
5 This button allows you to drag open or closed the global search window according to your
needs. Click on it and move downward and leftward to widen the window or upward and
rightward to return to its default size.
6 This button allows you to close the window. Once you performed a search the window will
stay open, above the page you are currently on, until you close it.
The Global search is useful if you are looking for particular objects. You can type in fragments
of information (a section of a MAC address, some letters of a name...)for any data you are looking
for except IPv6 addresses that you will only find if you type them entirely.
The result of your search will respect the internal hierarchy of each module on the one hand and
the order of the modules in SOLIDserver on the other hand.Therefore if you look for an IP address,
the Global search window will display the block(s) that it belongs to, then the subnet(s) and finally
the IP address with their corresponding name in brackets (like in the example above). After these
46
Understanding the GUI
three IPAM sections, you will find in which other modules the IP address is used in the following
order: DHCP, DNS and finally NetChange.
Keep in mind that the Global search covers the following objects:
• From the IPAM module: Space, Subnet, IP Address in v4 or v6 even in their compressed form.
• From the DHCP module: Scope, Range, Static Reservation, Lease, ACL.
• From the DNS module: Server, View, DNS Zone, Resource record.
• From NetChange Network Device, NetChange Port.
• From all modules: MAC address, hostname.
1. On the top-right of the screen, type in the data you are looking for in the Global search field.
Once you put your cursor in the field Global search disappears.
2. Click on the Magnifying Glass or hit Enter to perform the search.
3. The window opens under the Global search field and displays the results found in each
module.
1. Once you performed a search through the engine, the list of results appears in the global
search window.
2. Click on the line result of your choice. A table appears under the line, it displays key inform-
ation regarding the search result:
1 This field allows you to type in the data you are looking for.
2 This button, the magnifying glass, allows you to perform the search. You can also hit
enter.
3 The displayed result provides more information regarding the object listed. Click on the
icon or the result itself to display or hide the information table. This action is the equival-
ent to the Information provided via the Info Bar.
47
Chapter 4. Dashboards and Gadgets
Introduction
SOLIDserver offers a number of customization options that include the personalization of every
homepage. You can add gadgets to the dashboards, decide to share them with other users,
make them visible or hide them, create new ones, organize them on each homepage as well as
delete them from the gadgets library.
Dashboards
The Dashboard is the gray customizable part of every module homepage. The appliance
homepage does not contain any buttons linking to any listing, it is therefore a dashboard in es-
sence. We will call it the main dashboard in this guide. On every other tab homepage, the dash-
board is located under the access buttons.
On each dashboard you can add, arrange, display, collapse or hide a number of gadgets. However,
the creation of new gadgets will be handled from the lists themselves.
In SOLIDserver every list of the IPAM, DHCP, DNS, NetChange and Device Manager modules
allows you to create gadgets from the preferences menu. The gadgets do not need to be related
to the dashboard of the module it is displayed on: you can therefore display a DNS zones related
chart on the IPAM homepage dashboard, etc.
Note
In this chapter, the reference to “any list” when it comes to the available gadgets
refers only to the listing pages of the IPAM, DHCP, DNS, NetChange and Device
Manager modules.
48
Dashboards and Gadgets
Gadgets
A gadget is a drag and drop window displaying any data you need on a dashboard. You have
the possibility to create a number of different types of gadgets that you can choose to display,
hide, share with other users or even delete.
• the upper gray part is the gadget drag bar. It contains from left to right: the gadget name, a
pushpin icon that allows you to remove it from the dashboard and the button to collapse or
expand the gadget.
• the lower white part contains the information and has a different display for every type of gadget.
There are six different kinds of gadgets available within SOLIDserver. They all offer different
possibilities that are detailed further down.
It is important to keep in mind that two lists help you manage the existing gadgets - the gadgets
library and my gadgets - and the statistics page of the administration that offers a number of
configured gadgets that you can easily assign to any dashboard.
Descriptive gadgets cannot be edited and provided assistance in monitoring the appliance key
aspects of network management from any dashboard. They are displayed by default on the ap-
pliance main dashboard of the superuser session and provide special options related to SOLID-
server current user or configuration.
System Information
This gadget sums up system related information such as who is connected (Connected as), the
appliance Version, the current Date and time, the License type and finally the support used
(Manufacturer, Product and Serial).
In addition to this information, this gadget provides a shortcut to the Configure user settings
wizard through the user. This wizard puts together Account options that are otherwise accessible
one by one via Preferences menu: Set Line Format, Set Time/Date Format and Set Language.
49
Dashboards and Gadgets
1. From the System Information gadget, click on the user name displayed after the Connected
as field. The Configure user settings wizard opens.
2. In the List line count field, you can define how many entries (lines) will be displayed on each
page of SOLIDserver.
3. In the List format drop-down list, you can define how to color the lines to ease reading the
listings: you can let one white and color the next in gray (1-1) or alternate the coloring every
three lines (3-3).
4. In the Time zone drop-down list, you can either set it to the Local time or to the UTC-GMT
time.
5. In the Date format drop-down list, you can choose to display the day before the month or
vice versa (mm/dd/yyyy or dd/mm/yyyy).
6. In the Language drop-down list, you can the interface language: English, French, Spanish,
German, Dutch, Chinese or Japanese. By default, English is selected.
7. Click on OK to commit your configuration. The report opens and closes. The homepage is
visible again.
General Information
This gadget sums up hardware related information such as which modules are running or not
(Services), the Hostname, the IP addresses involved, the Default gateway, the Member type and
finally the Status of HA Management.
From the General Information gadget you can disable services and access some pages of
SOLIDserver.
1. Click on a service marked (i.e. it is running). The Stop a service wizard opens.
2. Click on OK to commit your choice. The report opens and closes. The service is disabled
and marked .
The General Information gadget provides links towards three key pages of the Administration
page: the Services configuration, the Network configuration and the All SOLIDserver pages.
50
Dashboards and Gadgets
• The hostname: you need to click on the hostname and not the field, in the example above
it would imply clicking on solid.intranet.
• The default interface: you need to click on the interface name, in the example above it
would imply clicking on DEFAULT_INTERFACE.
• The default gateway: you need to click on the gateway address, in the example above it
would imply clicking on 10.0.0.254.
For more details regarding the configurations available on this page, refer to the section
Network configuration of this guide.
The All SOLIDserver page
This page is accessible through the appliance Status value ( OK in the example)
The SOLIDserver Configuration Checklist Gadget is currently the only configuration gadget. It
was introduced with version 5.0.3 to gather a set of shortcuts that help setting SOLIDserver main
configurations. It allows the administrator to make sure that your appliance is used at the best of
its potential from the first connexion onward.
As you can see on the image above, each configuration is followed by a red cross that will turn
into a green check mark once the configuration is complete, thus providing a checklist. Obviously,
the rest of the configurations (network, services, etc.) has to be done from the dedicated pages.
The text underlined provides a direct link toward a specific wizard as detailed below:
Local SOLIDserver
Allows to configure your local SOLIDserver appliance from the homepage. Click on Config-
uration to open the Configure local SOLIDserver wizard. For more details, refer to the Con-
figuring your Master Appliance Locally section of this guide.
Remote SOLIDserver
Allows to add remote appliances to the All SOLIDserver page from the homepage. Click on
Add to open the Add/modify remote SOLIDserver wizard. For more details, refer to the
Adding an Appliance to the All SOLIDserver List section of this guide.
NTP servers configuration
Allows to add NTP servers from the homepage. Click on Configuration to open the NTP
servers configuration wizard. For more details, refer to the Configuring the NTP Server
section of this guide.
DNS smart architecture
Allows to create a DNS smart architecture from the homepage. Click on Add to open the
Add a DNS server wizard. For more details regarding smart architectures, refer to the Adding
a DNS Smart Architecture section of this guide.
51
Dashboards and Gadgets
Once the configuration matches your needs, you can hide the gadget from the dashboard if you
want.
The Charts
This gadget allows you to create a chart representing graphically – with a pie chart or a bar chart
- the activity of given items within the different modules. For instance, the RRs type distribution
within a DNS server.
52
Dashboards and Gadgets
In addition, note that both charts allow to compare a value and a label.
This gadget allows you to create a specific list displaying only the first 5 and up to 25 items of
your choice and is settable from each list separately. This gadget looks like a table composed of
a maximum of 4 columns. The main advantage of this gadget is that you can add it from filtered
data in a list and for instance display a list of the first five heavily used subnets, in order not to
overload them.
This gadget allows you to easily access filtered data in lists, one list at a time, by providing a set
of columns to choose from. Basically, each column displayed in the gadget supplies a field in
which you can enter a value that will automatically provide, in the corresponding list, a filtered
result according to the values entered. One of the advantages of this gadget is that you can filter
data in the corresponding list several columns at a time from any dashboard.
This gadget allows you to save any wizard at any step of its configuration. You can save any
given step as a gadget on any dashboard or as a quick access accessible through the preferences
menu.
53
Dashboards and Gadgets
The quick wizard gadget is a sole gadget providing buttons to access the saved quick wizards.
The gadget is by default named QuickWizard, it can be duplicated on every dashboard but will
be unique on each dashboard. It is editable through the icon.
The quick access is accessible from everywhere in the appliance through the preferences menu.
This gadget allows you to access selected bookmarks from any dashboard. It will display a set
of chosen bookmarks as buttons named “tab: List” if you keep their default name.
The bookmark gadget is a sole gadget that you can duplicate on as many dashboards as you
want but that you cannot name.
A set of gadgets are available by default with version 5.0.3.You can assign them to the dashboard
of your choice from the Gadgets Library.
This gadget gathers shortcuts that open pages or wizards to assist the connected user in setting
preferences.
Shortcuts
This gadget is a bookmark gadget in essence that provides shortcuts toward key objects of the
IPAM, DNS and DHCP modules.
54
Dashboards and Gadgets
For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.
Alerts
This gadget is a Top 10 list of all the raised alerts on the Alerts page.
For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.
This gadget is a Device Manager Top 5 list of the alert set by default if their is a drift in the Re-
conciliation column of the All ports and interfaces page.
For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.
Gadgets Library
Gadgets library contains all the gadgets available in SOLIDserver. It is accessible from every-
where in the appliance through the menu Preferences > My Dashboards > Gadgets Library.
Gadgets library allows you to enable, disable and delete the gadgets.
By default, the gadgets library contains a list of default gadgets that are all Enabled in the status
column and displayed on the Main dashboard and NetChange, Device Manager and the Admin-
istration dashboards.
To ease up the gadgets management, a set of columns allow to sort and filter the entries in the
list but you cannot edit the listing template of this page.
55
Dashboards and Gadgets
At the end of each entry, you can access the gadgets properties page. It contains a panel called
Main properties that sums up the gadget name, type, accessibility settings and status. This page
does not allow you to edit the gadget like other items in the appliance.
Clicking on the gadgets name will displayed My gadgets list, if said gadget has been assigned
to a dashboard, if not the list is empty.
My Gadgets
My gadgets is the list of all the gadgets displayed on the dashboards. It is accessible from
everywhere in the appliance through the menu Preferences > My Dashboards > My Gadgets.
My gadgets allows you to manage the gadgets displayed on the dashboards. Under the menu,
each dashboard has a specific bullet that allows you to filter the list. You can also list them all
using All.
Note
Depending on the module from which you access this list, my gadgets list will auto-
matically filter the data and only display the gadgets assigned to the dashboard of
the module from where you access My Gadgets.
This page contains the same columns than the Gadgets Library and you cannot edit the listing
template of this page either.
By default, all the gadgets displayed on the main dashboard and on the NetChange, Device
Manager and Administration dashboards will be listed on the page (when the dashboards filter
is set to All). Among these defaults gadgets, the charts will be empty during the first use of the
appliance and as long as there is no data to display in the corresponding lists.
Statistics Page
Within the administration page, Statistics offers fourteen gadgets ready to be assigned to any
dashboard. The available gadgets are:
• DNS traffic.
• DHCP traffic.
• HTTP traffic.
• SNMP traffic.
• Database replication traffic.
• CPU per process.
• Memory usage per process,.
• IOs per process.
• SQL queries.
• Threads.
• Memory.
• User sessions.
• Disk Usage.
• Processes state.
56
Dashboards and Gadgets
They all offer system related data displayed in a chart, except processes state that displays a
drop-down field. All these charts are empty during the first use of the appliance and as long as
there is no relevant data to display. For more details, refer to the section Statistics in the chapter
Monitoring Tools of this guide.
Adding a Gadget
Existing gadgets can be added either from each dashboard or from the statistics page.
Figure 4.17. Add Gadgets in the upper right corner of any Dashboard
57
Dashboards and Gadgets
Assigning a Gadget
From the gadgets library and my gadgets you can assign one or several gadgets to one or more
dashboards at once. It simply means that you specify on which dashboard you want the gadget
to be displayed.
Any gadget is listed in the gadgets library even if it is not displayed on any dashboard yet.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. Tick the gadget you want to assign to a dashboard. You can tick several gadgets.
3. In the menu Edit, select Assign Gadget(s). The Gadget configuration wizard opens.
4. In the Available list, double-click on the name of the dashboard you want the gadget to be
displayed on. The name is moved to the Configured list. You can select on several dash-
boards if you want.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is now
displayed on the selected dashboard(s).
If you want to display a gadget on another dashboard, meaning it is already displayed on one or
more dashboards, you can assign it to a new dashboard from my gadgets.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. In the menu Edit, select Assign a gadget. The Gadget Configuration wizard opens.
3. Select the Type. Other contains the descriptive gadgets, the Bookmark gadget and the Quick
Wizard gadget.
4. Click on NEXT . The Gadget list displays the available gadgets of the selected type.
5. Select the gadget you want. If there is no gadget of this type yet, the list is empty.
58
Dashboards and Gadgets
Handling a Gadget
On every dashboard you can organize all the gadgets the way you want.
Moving a Gadget
On any dashboard you can drag and drop the gadgets to organize them the way you want.
The pointer changes shape to indicate that you can drag the gadget. When moving the gadget,
the tool allows you to visualize the former position of the gadget and how much space it will take
up in the new spot you are putting it in. Simply let go of the mouse to drop it where it suits you.
To indicate that you are about to expand or collapse the gadget, the pointer changes shape.
Once collapsed, the gadget is displayed as a simple line containing only the gadget name and
the buttons. Even collapsed the gadget can still be dragged and dropped the gadget.
59
Dashboards and Gadgets
To expand again the gadget, click on the button at the end of the drag bar.
Hiding a gadget means that it is no longer visible on a given dashboard but it does not mean that
it has been deleted: it is still listed in the Gadgets Library but no longer in My gadgets.
1. Go to the dashboard of your choice and locate the dashboard you wish to hide.
2. Click on the pushpin button in the gadget drag bar. The Disable Gadget wizard opens.
3. Click on OK to commit your choice. The report wizard opens and closes. The gadget is no
longer visible on the dashboard.
Once you hid a gadget you can display it again through the add gadget button on the dashboard
or through my gadgets (see next part for more details).
Hiding a gadget means that it is no longer visible on a given dashboard but it does not mean that
it has been deleted: it is still listed in the Gadgets Library but no longer in My gadgets.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. Click on Unset Filters to list all the displayed gadgets.
3. In the list, filter the names to find the chosen gadget.
4. Once you found it, click on Visible in the Status column. The Disable Gadget wizard opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked as Hidden and no longer visible on the dashboard.
In the same manner, displaying a gadget can be done from my gadgets list.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. Click on Unset Filters to list all the displayed gadgets.
3. In the list, filter the names to find the chosen gadget.
4. Once you found the correct line, click on Hidden in the Status column. The Enable Gadget
wizard opens.
60
Dashboards and Gadgets
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked as Visible and displayed on the dashboard it was assigned to.
That's why the creation of charts, top lists, quick search, quick wizards and bookmark gadgets
is detailed here below. As for the descriptive gadgets you cannot create new descriptive gadgets
or delete them, you can enable them, disable them and make visible or not to other users.
Creating a Chart
From any list in the appliance you can create a chart. You can display as many charts as you
want on every dashboard in the appliance.
Note
In the Administration tab, only the following pages allow you to create charts: Key
ring ; SOLIDserver centralized management ; Groups ; Users ; Logs visualization
; Statistics (directly through the push pin button on each panel) ; Session tracking
; User tracking ; Alerts ; Custom DB ; Rules (homepage menu: System > Expert >
Rules) ; Registry database (homepage menu: System > Expert > Registry database)
; Netstat (homepage menu: System > Expert > Netstat) ; Localization (Customization
> Language editor).
61
Dashboards and Gadgets
Once a chart is created you cannot modify it. If it turns out that the data you asked for do not
correspond to your needs anymore, you will have to create a new one and delete the old one.
Note
In the administration tab, only the following pages allow you to create top lists: Session
tracking ; User tracking and Alert.These pages are accessible through the Monitoring
section of the Administration tab homepage.
A top list can be edited through the icon in the gadget drag bar.
If you displayed a top list on several dashboards, any modification made (renaming it, changing
the columns displayed, etc.) on one dashboard will be applied to every copy of this gadget on
the other dashboards.
By default, the first part of a Top List name is always “Top X list:”, X being the number of items
you want to display in that list.
The fields available to configure the quick search depend on the list the gadget is set from; anyhow
we recommend that you name your gadget according to the list in which it is going to apply the
search.
62
Dashboards and Gadgets
A quick search gadget can be edited through the icon in the gadget drag bar.
If you displayed a quick search gadget on several dashboards, any modification made (renaming
it, changing the columns displayed, etc.) on one dashboard will be applied to every copy of this
gadget on the other dashboards.
Once you created a quick search you can assign it to any dashboard through my gadgets or
through the button Add Gadgets on any dashboard.
The quick wizard gadget is a sole gadget that can only be displayed once on each dashboard.
It has the default name QuickWizard and offers different edition methods.
When saving a quick wizard you can specify the module dashboard on which you want the
shortcut to be displayed.
1. From any dashboard, click on the Add Gadgets. The Gadget Addition wizard opens.
2. In the field, select Other.
3. Click on NEXT . The Gadget field appears and QuickWizard is listed in the field.
4. Select QuickWizard.
5. Click on OK to commit your choice. The report opens and closes. The Quick Wizard gadget
is now visible and empty on the dashboard.
63
Dashboards and Gadgets
You can also create a quick wizard gadget from any dashboard. This action is only possible if
you already have existing quick wizards, otherwise this type of gadget will not be displayed in
the wizard. To modify the content of the gadget, see the section Editing a Quick wizard Gadget
below.
Once you created a quick wizard gadget you can modify the quick wizard shortcuts it contains.
The easiest way to do so is through the gadget edition button .
To add a quick wizard to the quick wizard gadget from the gadget itself
1. From the Quick Wizard gadget, click on the edition button in the gadget drag bar. The Quick
Wizard Gadget Configuration wizard opens.
2. In the Available list, select a Quick Wizard among the existing ones.
3. Click on . The Quick Wizard is now in the Configured field. Select as many Quick Wizards
as needed.
4. Click on OK to commit your configuration. The report opens and closes. The Quick Wizard
is visible in the Quick Wizard gadget.
In the same manner, you can delete all the quick wizards from the gadget. If you do so, the
message The gadget is empty will be displayed in the gadget. To add one or more quick wizards
to the gadget, refer to the procedure above or click on The gadget is empty, My Quick Wizards
list will open and you simply need to follow the procedure below to fill the gadgets with the needed
quick wizards. For more details regarding My Quick Wizards page, refer to the section Saving a
Wizard of the Understanding SOLIDserver chapter of this guide.
Quick access allows you to access a quick wizard from everywhere within SOLIDserver through
the preferences menu.
1. On the wizard you want to save, click on the icon in the gadget drag bar. The Add a Quick
Wizard wizard opens.
2. In the Name field, name the Quick Wizard.
3. In the Module drop-down list, select Quick Access.
4. In the Description field, you can add a description if you want.
5. Click on OK to commit your creation. The report opens and closes. Quick Access is a now
the first available option in the Preferences menu and lists the Quick Wizard. The Quick
Wizard is listed in My Quick Wizards.
If you did not set a quick wizard as a quick access, you can always do so later on from my quick
wizards list. Any quick wizard can be set as a quick access.
1. From any list, through the menu, select Preferences > My Quick Wizards. My Quick Wizards
page opens.
64
Dashboards and Gadgets
2. Click on the name of a gadget you want to set as a Quick Access. The Edit QuickWizard
wizard opens.
3. In the Available field, select Quick Access. Quick Access is now listed in the Configured
field.
4. Click on OK to commit the creation. The report opens and closes. Quick Access is a now
the first available option in the Preferences menu and lists the Quick Wizard.
The bookmark gadget is named by default Bookmark and cannot be edited from the gadget itself.
As any page can be bookmarked in SOLIDserver, the bookmark gadget is the only gadget that
can be created from everywhere in the appliance through the Bookmark wizard.
1. On any page, click on in the upper-right corner of the page. The Bookmark wizard opens.
2. In the Name field, name the bookmark. By default, the bookmark is named “tab: page” but
you can change it.
3. In the Bookmark Folder field, you can name a folder. If you type in a name and click on
SEARCH the appliance will find the folder with the corresponding existing folder. If you do not
have any folder yet, a new folder will be created it in the Tree View. Naming a folder
“\nameA\nameB” will create a sub folder “nameB” in the folder “nameA”.
4. Tick the Add to the bookmark gadget box. The bookmark gadget will be created and added
to the Gadgets Library.
5. Click on OK to commit your creation. The report opens and closes. The star is now marked
to indicate it is bookmarked. The gadget is not displayed on any dashboard but is now in
the Gadgets Library list. To assign the gadget, see the procedure described in the part As-
signing a gadget.
Once you created a bookmark gadget, you can display it on another dashboard with the add
gadgets button on this dashboard. Otherwise, the Add a gadget wizard will not list it among the
gadgets type.
1. From any dashboard, click on the Add Gadgets. The Gadget Addition wizard opens.
2. In the type field, select Other.
3. Click on NEXT . The Gadget field appears, Bookmark is listed.
4. Select Bookmark.
5. Click on OK to commit your choice. The report opens and closes. The Bookmark gadget is
now visible on the dashboard.
You can edit the content of the bookmark gadget: you can either add then one by one by ticking
the add to the bookmark gadget box when creating a bookmark or follow the procedures below
to add or remove bookmarks buttons.
65
Dashboards and Gadgets
1. From any list, through the menu, select Preferences > My Bookmarks. My Bookmarks page
opens.
2. Click on the name of the bookmark you want to add to the gadget.The Edit Bookmark wizard
opens.
3. Tick the Add to the bookmark gadget box. The bookmark is added to the bookmark gadget.
4. Click on OK to commit your modification. The report opens and closes. The bookmark is
visible in the Bookmark gadget on the dashboard you assigned it to. The bookmarks added
to the gadget named are marked with a yellow star.
Given that the bookmark gadget is a sole gadget, if you add a bookmark button to the gadget it
will be added to every copy of the gadget.
You can at any time remove a bookmark button from the gadget.
1. From any list, through the menu, select Preferences > My Bookmarks. My Bookmarks page
opens.
2. Click on the name of the bookmark you want to remove. The Edit Bookmark wizard opens.
3. Untick the Add to the bookmark gadget box. The bookmark is removed from the bookmark
gadget.
4. Click on OK to commit your modification. The report opens and closes. The bookmark is no
longer visible in the Bookmark gadget on any dashboard.
Editing a Gadget
From the dashboards themselves, you can edit Top List, Quick Search and Quick Wizard gadgets
through the icon on the gadget drag bar.
If you want to edit other types of gadgets, you have to create a new gadget with the needed
features and replace the old one.
66
Dashboards and Gadgets
Do not forget to include the users to the group. Only the super user can grant access to gadget
related options following the procedure below.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Groups icon. The Group page list opens.
3. Filter the name of the group that you want to grant access to the gadgets to.
4. Click on . The group properties page opens.
5. Click on in the upper right corner of the page to open all the panels.
6. In the Administration panel, click on EDIT . The Edit group access wizard opens.
7. In the Unauthorized services, select all the options preceded by Bookmarks and Gadgets.
8. Click on . The option is listed in the Authorized services list. Repeat this action as many
times as needed to include all the gadget related options listed above this procedure.
9. Click on OK to commit the modification. The report opens and closes. The permissions list
is now updated in the panel.
Do not forget to include users to the group. For more details regarding user permissions refer to
the part Rights Management of the guide.
Note
You cannot change the visibility setting of the descriptive gadgets, General information
and System information, they are visible for every user by default.
In the gadget library the column all users is the best way to know if a gadget to visible to every
user or not. Any modification made in this list will have an effect on the gadget and all the dash-
boards it is displayed on.
To make a gadget visible to all the users through the gadgets library
1. From any list, through the menu, select Preferences > My Dashboards > Gadgets Library.
2. Tick the gadget you want to make visible to all the other users. You can tick several items.
3. In the menu Edit, select Visible to all users > Set. The Gadget visibility wizard opens.
67
Dashboards and Gadgets
4. Click on OK . The report opens and closes. In the All Users column, the gadget is marked
Yes.
On the contrary, to unset these parameters, you can use the same procedure as below.
To make a gadget visible only to the creating user through the gadgets library
1. From any list, through the menu, select Preferences > My Dashboards > Gadgets Library.
2. Tick the gadget you want to make visible only to you. You can tick several items.
3. In the menu Edit, select Visible to all users > Unset. The Gadget visibility wizard opens.
4. Click on OK . The report opens and closes. In the All Users column, the gadget is marked
No.
In the same manner, enabling a gadget makes it visible again on all the dashboards it was as-
signed to.
Disabling or enabling a gadget can only be done and undone from the gadgets library. Once a
gadget is disabled, it is marked as such in my gadgets status column and you can no longer
change the value from that list.
Note
You cannot disable the descriptive gadgets, system Information and general Inform-
ation, there are enabled by default.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Once you found the correct line, click on Enable in the Status column. The Disable Gadget
opens.
4. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Disabled and is no longer visible on any of the dashboards it was assigned to.
From the gadgets library, the status column can help you enable any gadget previously disabled.
68
Dashboards and Gadgets
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Once you found the correct line, click on Disable in the Status column. The Enable Gadget
opens.
4. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Enabled and is visible on the dashboards it was assigned to.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Tick the gadget you want to disable.
4. In the menu, select the Edit menu > Status > Disable. The Disable Gadget opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Disabled and is no longer visible on any of the dashboards it was assigned to.
In the gadgets library you can enable one or several previously disabled gadgets through the
edit menu.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Tick all the gadgets you want to enable.
4. In the menu, select the Edit menu > Status > Enable. The Enable Gadget opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Enabled and is visible on the dashboards it was assigned to.
Deleting a Gadget
Gadget deletion is only possible from the gadgets library and applies to the gadget as a whole
no matter on how many dashboards it is displayed.
To delete a gadget
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. Tick the gadget you want to delete. You can tick several gadgets if need be.
3. In the menu, select Edit > Delete Gadget. The Delete Gadget wizard opens.
69
Dashboards and Gadgets
4. Click on OK to commit the deletion.The report opens and closes.The gadget is now removed
from the dashboard(s) it was displayed on and from the Gadgets Library and My Gadgets.
70
Chapter 5. Customizing the GUI
Customizing SOLIDserver Login Page With an Image
SOLIDserver provides the possibility to display an image on the appliance Login page. At any
time, this image can be changed or removed. Only users of the admin group are able to perform
these changes.
The login page image maximum size is 610x250 pixels. If you want upload a smaller image it will
be displayed in the upper left corner of the login banner.
You can upload several images to the Local files listing page, for that you need to follow the first
procedure for as many different images as needed.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens.
3. Under the menu, tick the Custom images bullet. The Custom images list opens.
4. In the menu, select Tools > Upload file. The Import a file wizard opens.You can only upload
one file at a time.
5. Click on BROWSE to look for the chosen image on your computer.
6. Find the folder containing the image you want to upload.
7. Select the image.
8. Click on Open. The window closes and the Import a file wizard is visible again. The selected
image is visible in the File name field.
9. Click on OK . The report wizard opens and closes. The image is listed.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
71
Customizing the GUI
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword logo. The list is filtered and displays
the items www.display.home_page.logo and www.display.login_page.logo.generic.
4. In the Value column of www.display.login_page.logo.generic, click on <empty>. The Registry
database Edit a value wizard opens.
5. In the Value field, type in the full name of the image (name.extension) you want to display
on the login page. If you have not uploaded it yet to the Local Files Listing Custom images
page, refer to the procedure To upload an image to customize the login page.
6. Click on OK to commit your choice. The specified image replaces the default SOLIDserver
logo. To see it open SOLIDserver in a different browser or log out.
If you want to display a different image on the login page, you need to upload it to the Local files
listing, follow the To display an image on the appliance login page procedure again. Instead of
clicking on <empty>, you need to click on the image currently displayed and type in the value
field the name of the new image you want to display.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword logo. The list is filtered and displays
the items www.display.home_page.logo and www.display.login_page.logo.generic.
4. In the Value column of www.display.login_page.logo.generic, click on <image-name>. The
Registry database Edit a value wizard opens.
5. In the Value field, empty the field.
6. Click on OK to commit your choice. The specified image replaces the default SOLIDserver
logo. To see it open SOLIDserver in a different browser or log out.
If you want to display a different image on the login page, you need to upload it to the Local files
listing, follow the To display an image on the appliance login page procedure again. Instead of
clicking on <empty>, you need to click on the image currently displayed and type in the value
field the name of the new image you want to display.
Only users of the admin group can edit the welcome banner.
72
Customizing the GUI
1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. In the Title field, replace the current message with the one of your choice.
4. Click on OK to commit your title edition. The report opens and closes. The homepage re-
freshes, the new message is visible.
1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. Click on BROWSE to look for the chosen image on your computer.
4. Find the folder containing the image you want to upload.
5. Select the image.
6. Click on Open. The window closes and the wizard is visible again. The selected image is
visible in the File name field.
7. Click on OK to commit your image selection. The report opens and closes. The homepage
refreshes, the image is visible on the appliance homepage banner.
If you want to display a different image in the welcome banner, follow the procedure and select
another image. Keep in mind that the selected images are all saved in the Local files listing
Custom images page.
1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. Tick the Remove the image from the banner checkbox.
4. Click on OK to commit your image deletion. The report opens and closes. The homepage
refreshes, the image is no longer visible.
73
Customizing the GUI
1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on .The Hiding the welcome banner wizard
opens.
3. Click on OK to commit your choice. The report opens and closes. The homepage refreshes,
the banner is no longer visible.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword panel.home. The list is filtered and
displays the item panel.home.welcome.delete .
4. Tick panel.home.welcome.delete .
5. In the menu, select Edit > Delete. The confirmation pop up window opens.
6. Click on OK to commit your deletion. The page refreshes, the item is no longer listed.
7. Click on the efficient iP tab to display the Home page. The banner is visible again.
• you cannot edit the title of the Language editor page itself.
• you cannot rename the homepage welcome banner title using this page. For more details,
refer to the Customizing the Appliance Homepage Banner Title section.
Note
The interface label customization applies to the language you chose to manage
SOLIDserver with. The label of the English interface field that you add to Language
editor with a Spanish new name, will not be edited.
74
Customizing the GUI
1. From any page or wizard within SOLIDserver, copy the name of a field, page, column or
menu that you want to replace with your label.
2. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Language editor. The Language editor page opens.
4. In the menu, select Add > Entry. The wizard opens.
5. In the Key field, paste the value you want to replace. We recommend that you copy/paste
the label name because Language editor is case sensitive.
6. If your appliance is displayed in English, in the English field, type in the new label value.
7. Click on OK to commit your creation. The entry is listed. Go back to the page where you
copied the label to see the new name.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Language editor. The Language editor page opens.
3. In the Key column, click on the label name. The wizard opens.
4. Empty all the fields.
5. Click on OK to commit your deletion. The entry is no longer listed. Go to the page the label
is displayed on: it now displays the standard label.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Language editor. The Language editor page opens.
3. In the Key column, click on the label name. The wizard opens.
a. In the Key field, you can edit the label itself. This will edit a different field, column or
page, or nothing at all if it does not corresponds to anything in the GUI.
b. If your appliance is displayed in English, in the English field, you can edit the label.
4. Click on OK to commit your changes. The entry is listed. Go to the page the label is displayed
on: it now displays the edited label in the corresponding language.
75
Part III. System Configuration
Table of Contents
6. Network Configuration ................................................................................................. 78
Setting the Hostname .............................................................................................. 78
Setting the DNS Resolver ........................................................................................ 79
Setting the Firewall .................................................................................................. 79
Setting up the Default Gateway ................................................................................ 82
Setting up Static Routes .......................................................................................... 83
Configuring Basic IP Addressing on an Interface ....................................................... 84
Setting up a VLAN Interface ..................................................................................... 85
Setting up an Ethernet Port Failover ......................................................................... 87
Configuring a VIP .................................................................................................... 89
Setting up a VIF ...................................................................................................... 91
Configuring a Media Interface .................................................................................. 93
7. Services Configuration ................................................................................................. 94
Handling Services ................................................................................................... 94
Configuring the SSH Remote Account ...................................................................... 96
Changing the SSH Remote Access Password ................................................... 96
Changing the SSH Password Level .................................................................. 96
Changing the SFTP/SCP/RSYNC User Account Password ........................................ 97
Managing the TFTP Upload Authorizations ............................................................... 98
Configuring the SMTP Relay .................................................................................... 98
Configuring the NTP Server ..................................................................................... 99
Managing the HTTPS Certificate ............................................................................ 100
Importing an SSL Certificate .......................................................................... 101
Creating an SSL Certificate ............................................................................ 103
Changing the HTTPS Certificate .................................................................... 104
Managing the SNMP Service ................................................................................. 104
Downloading the DNS/DHCP/DHCPv6 Configuration File ........................................ 106
8. Licenses Management ............................................................................................... 108
Requesting a New Activation Key ........................................................................... 108
Activating a New Activation Key .............................................................................. 108
9. Shutting Down and Rebooting .................................................................................... 109
Shutting Down SOLIDserver .................................................................................. 109
Rebooting SOLIDserver ......................................................................................... 109
77
Chapter 6. Network Configuration
In this chapter, you will find the basic settings that are necessary to configure the SOLIDserver,
it includes:
1
• Hostname: is the Full Qualified Domain Name (FQDN) of the SOLIDserver appliance. It is
used to name the local SOLIDserver in the management GUI.
• DNS resolver: is the address of the DNS that SOLIDserver uses to resolve names and addresses
that it manages.
• Firewall: SOLIDserver embedded firewall to reinforce its security by blocking potential dangerous
communications.
• Default gateway: is the gateway address that SOLIDserver uses to reach networks out of its
domain's broadcast.
• Static routes: It enables data to be forwarded through the network with fixed paths.
• Basic configuration Interface : The simplest way to set Interface with IP address.
• VLAN configuration Interface : Ability of SOLIDserver to set physical interface as 801.1Q inter-
2
face .
• Ethernet Port Failover configuration interface: allows aggregation of multiple network interfaces
as one virtual interface in order to provide fault-tolerance and high-speed links.
3
• VIP configuration: Ability to set up IP address that is not connected to a specific computer or
network interface card on a computer. Incoming packets are sent to the VIP address, but all
packets travel through real network interfaces.
4
• VIF configuration: It is a powerful EfficientIP concept allowing to add into a VIF a ready-simple
configuration of physical interface embedding many services (for instance: VLAN, Ethernet
port failover, VIP).
• Media of physical interface: Set the option supported by the physical interface.
With version 5, EfficientIP introduced a new way of managing the High Availability and the Remote
Management that allows to manage others appliances even directly through the Network Config-
uration page. Therefore, right under the menu on this page you will find a drop-down list called
SOLIDserver that displays all the appliances listed on the All SOLIDserver page of the Adminis-
tration. For more details, refer to the High Availability and Remote Management chapters.
Warning
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems. Set the Time & Date through the GUI following the To
change your appliance time zone and/or date format procedure and refer to the
Configuring the NTP Server section.
1
Full Qualified Domain Name (FQDN) is the name of the host concatenated with the domain name.
2
Virtual Local Area Network (VLAN) is a group of hosts with a common set of requirements that communicate as if they were attached
to the same broadcast domain, regardless of their physical location.
3
Virtual IP (VIP).
4
Virtual Interface (VIF).
78
Network Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Hostname link in the network configuration listing.The Edit the hostname wizard
opens.
4. In the hostname field, name your hostname with a valid FQDN. By default, every appliance
is named solid.intranet.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the DNS Resolver link. The Edit DNS resolvers wizard opens.
4. In the DNS server field, type in the IP address of the server(s) of your choice and click on
ADD . The IP address is now listed in the DNS Resolvers list, if you have several resolvers
use the and button to order the list according to your needs.
To update an entry, select a DNS resolver, change the needed data and click on UPDATE .
5
State full Packet Inspection, also known as dynamic packet filtering.
79
Network Configuration
packets comprising a session conversation. It has the matching capabilities to determine if the
session conversation between the originating sender and the destination are following the valid
procedure of bi-directional packet exchange. Any packets that do not properly fit the session
conversation template are automatically rejected. SOLIDserver allows firewall messages filing
making it possible to review after the fact information such as: which packets have been dropped,
from which addresses they came from and where they were going, giving you significant capacity
to track down attackers. SOLIDserver supports Stateful Packet Inspection (SPI) mode that helps
preventing network attacks by tracking more state per session.
Caution
The firewall rule #32 cannot and must not be deleted. It refers to a fragment of an
IP packet. There is a maximum packet size for transport level that depends on the
transport medium (1500 bytes for Ethernet) and so if an IP packet is larger than this,
it needs to be broken up into fragments. These fragments get reassembled at the
destination. Note that the fragments do not necessarily have to arrive in order.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. In the Configuration column, in the Firewall line can be in one of 2 states: Restricted or
Open. Click on the current state to change it to the other one. The Firewall state configuration
wizard opens.
4. Click on OK to commit your modification.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
Before adding or editing firewall rules you need to understand a few concepts:
Precedence
It is a key concept in the firewall rule configuration. It corresponds to a number specified in
the Firewall rule wizard. All the parameters that you configure (action, protocol, from, to, port,
via, log and keep state) in the wizard set up a distinct set of conditions that, if matched, will
be dealt with respecting the order set in the Position field. Therefore it is paramount to under-
stand that if for instance you set two firewall rules regarding the ipv4/ipv6 protocol from a
DNS server A to a DNS server B through the port 53 via em0, and one denies access
whereas the other accepts it, the rule that will prevail is the one set with the smaller position
number of the two in the Position field.
Firewall rules
The firewall being restrictive, as opposed to permissive, the last position (65535) denies access
to any kind of packets no matter what protocol or where it goes or comes from. Which is why
EfficientIP has configured a number of firewall rules, they are all listed on the Firewall rules
page. On this page you can edit a number of exiting rules, and of course the one you will
create : the underlined rules in the Position column can be edited, all the others cannot. For
technical reasons, the positions 1 - 99 are reserved by EfficientIP and users cannot use any
of them when creating rules or editing rules. Obviously the position 65535 cannot be used
either.
80
Network Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the menu, select Add > Rule. The Firewall rule configuration wizard opens, fill in all the
required parameter following the table below:
• allow: packets matching the defined criterion. The rule will exit the
firewall rule processing. The search terminates at this rule.
• deny: packets matching the defined criterion. The packets will be dis-
carded. The search terminates.
Protocol In this drop-down list, choose the protocol used for that rule: CARP, ICMP,
IP, TCP or UDP. These protocols will handle IPv4 and/or IPv6 protocols.
From & To In these fields, define the source and destination parameters. Values are:
Port In this field, you can define the list of ports on which firewall rules are
applied. The port state is represented as a number, use the comma to
separate several port numbers.
Via In this drop-down list, set the interface the packets will go through. The
via parameter causes the interface to always be checked as part of the
match process.
Log In this drop-down list, select Yes or No to save, or not, the log parameter
indicating if a packet matches a rule in the SOLIDserver syslog page (it
is saved with a facility SECURITY name).
Keep-state In this drop-down list, select Yes or No depending on your needs: if you
want the SOLIDserver firewall to create a dynamic rule, upon match,
whose default behavior is to match bidirectional traffic between source
and destination IP/port using the same protocol.
81
Network Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the Position column, click on the underlined number corresponding to the rule you want
to modify. The Firewall rule configuration wizard opens.
5. Edit the parameters according to your needs, following the informations described in To add
a firewall rule procedure above.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. Tick the firewall rule you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
Keep in mind that the default gateway will only be used if a packet is sent from a network address
unknown to SOLIDserver. For some networks, you might want to use route sourcing and set up
a specific route to send the response packet to the sender through the channel is came from
rather than using the default gateway to try and locate the sender. For more details, and depending
on your needs, refer to the procedure in the sections below: Configuring Basic IP Addressing on
82
Network Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Default gateways link in the network configuration listing. The Edit the default
gateways wizard opens.
4. In the IPv4 default gateway field, fill in the IPv4 gateway of your choice.
5. In the IPv6 default gateway field, fill in the IPv6 gateway of your choice.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Static routes link. The Static Routes (IPv4) page of the wizard opens.
Once all the parameters needed are configured, click on ADD . The static route is now listed
in the Static routes list. You can add multiple static routes.
83
Network Configuration
To update entry, select an existing static route, change data and click on UPDATE .
4. Click on NEXT . The Static routes (IPv6) page opens. Follow the step 4 to configure an IPv6
static route.
5. Click on OK to commit your configuration.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
Note
The overlap of IP addresses linked on different physical interfaces is not allowed in
order to avoid asymmetrical routing. Indeed, if a packet is received from a physical
interface it must not be forwarded to another one.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the DEFAULT_INTERFACE link.The Virtual network interface configuration wizard
opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:
84
Network Configuration
Parameters Description
a
Specific route In this field, you can apply a Specific route (Source routing ) if neces-
sary. This root will be dedicated to the IP address.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.
Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, SOLIDserver will be
accessible through all the IP addresses configured on this VIF.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters following
the details in the table below:
Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field. You can add multiple IP addresses, SOLIDserver will
be accessible through all the IP addresses configured on this VIF.
8. Click on OK to commit your configuration.
9. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them.
Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.
Note
To avoid asymmetrical routing, you cannot link overlapped IP addresses to different
physical interfaces. This way, if a packet is received from a physical interface it
cannot be forwarded to another interface.
85
Network Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:
Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, the IP will determine
to which configured VLAN they belong and the tag will provide a more accurate filter.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:
86
Network Configuration
Parameters Description
Specific route In this field, you can apply a Specific route (Source routing) if neces-
sary. This root will be dedicated to the IP address.
802.1q tag number In this field, type in the VLAN number of your choice (between 1 and
4094). This tag can be common to different appliances and will differ-
entiate them from other IP addresses on the VLAN: packet sent to
the VLAN with the same tag will only be received by these appliances.
Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IPv6 addresses list field.You can add multiple IP addresses, the IP will determine
to which configured VLAN they belong and the tag will provide a more accurate filter.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select two or more interfaces one by one and click
on . They are now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:
87
Network Configuration
Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:
Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.
88
Network Configuration
Configuring a VIP
By default, an existing VIF, called DEFAULT_INTERFACE, is already applied in the system, you
can use this one or create a new one. In order to apply a new one, please go to VIF Configuration
section.
SOLIDserver allows you to set up virtual IP addresses (VIP) on supported services. This mech-
anism, known as Common Address Redundancy Protocol (CARP) is a protocol which allows
multiple EfficientIP devices on the same local network to share one single or a set of IP addresses.
Its primary purpose is to provide failover redundancy. For example, if there is a single SOLIDserver
running a DNS service, and it goes down, then either the networks on either side of the DNS
service can no longer communicate with each other, or they communicate without any DNS
service. If, however, there are two EfficientIP devices running a DNS service, running CARP,
then if one fails, the other will take over, and SOLIDserver on either side of the DNS service will
not be aware of the failure, so operation will continue as normal. Note that through a VIP you can
manage DNS smart architectures master/slave and multi-master.
The general idea is to have a single IP address, and several physical servers behind. In the case
of a failure, the next available server will take the lead and provide the relevant services. This
mechanism is available for DNS, NTP, TFTP services and SOLIDserver management.
To configure a VIP
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:
89
Network Configuration
Parameters Description
to the same LAN. Moreover, this virtual IP address only gives you
access to the Master appliance. For more details, see chapter High
Availability Management.
VHID In this field, type in the Virtual Host IDentification if you are setting
up the high availability of the selected service. This VHID must be a
number between 1 and 255 and it has to be the same on the appli-
ances through which you set the service high availability.
Password In this field, type in the password of your choice if you are setting up
the high availability of the selected service. This password has to be
the same on the appliances set in high availability.
Priority In this drop-down list, you can set the appliance priority to Low, Me-
dium or High. In other words, you can decide which appliance is the
Master appliance in the selected service high availability configura-
tion. The highest level configured corresponds to the master, the
lower ones set up backup appliances. So if for instance you set one
appliance to medium and the second to low, the appliance set to
medium is the master in the configuration.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.
Note
Through the Basic Interface Configuration, you can set up the availability of the
DNS, NTP, TFTP or SOLIDserver management services, as long as each appli-
ance is set with the exact same parameters in all the fields that you have or
chose to configure EXCEPT for the Priority drop-down list. Indeed to avoid any
conflict, you must set one level on the first appliance and a different one on the
next.
Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, SOLIDserver will be
accessible through all the IP addresses configured on this VIF.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:
90
Network Configuration
Parameters Description
DNS/NTP/TFTP serv- The IP address is dedicated to the selected service.
er
VHID In this field, type in the Virtual Host IDentification if you are setting
up the high availability of the selected service. This VHID must be a
number between 1 and 255 and it has to be the same on the appli-
ances through which you set the service high availability.
Password In this field, type in the password of your choice if you are setting up
the high availability of the selected service. This password has to be
the same on the appliances set in high availability.
Priority In this drop-down list, you can set the appliance priority to Low, Me-
dium or High. In other words, you can decide which appliance is the
Master appliance in the selected service high availability configura-
tion. The highest level configured corresponds to the master, the
lower ones set up backup appliances. So if for instance you set one
appliance to medium and the second to low, the appliance set to
medium is the master in the configuration.
Note
Through the Basic Interface Configuration, you can set up the availability of the
DNS, NTP or TFTP services, as long as each appliance is set with the exact
same parameters in all the fields that you have or chose to configure EXCEPT
for the Priority drop-down list. Indeed to avoid any conflict, you must set one
level on the first appliance and a different one on the next.
Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field. You can add multiple IP addresses, SOLIDserver will
be accessible through all the IP addresses configured on this VIF.
To update an entry, select a configured IP address, change the needed data and click on
UPDATE .
Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.
Setting up a VIF
VIF (Virtual Interface) is a concept that allows to set a number of configurations in a virtual con-
tainer. Through said container you can simply and efficiently apply or modify a network configur-
ation including embedded services. Keep in mind that while the procedures below will show you
91
Network Configuration
how to create, edit or delete a VIF through the Network configuration page, during each procedure
you will need to make sure that you have at least one operating interface connected to SOLID-
server or you might simply loose you point of access, and therefore be unable to manage the
appliance.
To add a VIF
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. In the menu, select Add > Virtual interface.
4. Configure the Virtual interface according to your needs. For more details, refer to the proced-
ures in the following sections: Basic Interface Configuration, VLAN Interface Configuration,
Ethernet Port Failover Interface Configuration or VIP Interface Configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
To edit a VIF
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to edit (all interfaces are preceded by an orange
dot). The Configure network virtual interface wizard opens.
4. Modify the Virtual interface according to your needs. For more details, refer to the procedures
in the following sections: Basic Interface Configuration, VLAN Interface Configuration, Eth-
ernet Port Failover Interface Configuration or VIP Interface Configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
To delete a VIF
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to delete (all interfaces are preceded by an orange
dot). The Configure network virtual interface wizard opens.
4. In the Physical interfaces field, select the interfaces to be deleted one by one and click on
. The physical interfaces, are now listed in the Available physical interfaces.
5. Click on NEXT . The IPv4 address configuration page opens.
92
Network Configuration
6. In the IP addresses list, select the configured IP address(es) one by one. The configuration
fields appear.
7. Click on DELETE . The IP address is no longer listed in the field.
8. Click on NEXT . The IPv6 addresses configuration page opens. Repeat the steps 6 and 7 on
this page.
9. Click on OK to commit your changes.
10. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of Physical interface of your choice (it is attached to a VIF or located under
the Unused interfaces). The Network interface configuration wizard opens.
4. In the Media drop-down list, select the speed and duplex that will be applied to the physical
interface you clicked on. By default, the autoselect option is selected, it is automatically se-
lected by SOLIDserver according to your network configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
93
Chapter 7. Services Configuration
SOLIDserver provides a simple and efficient interface to manage embedded services.This chapter
is a small presentation of services supported by SOLIDserver, described below:
1
• SSH server: allows to connect from a SSH client to the SOLIDserver.
Caution
That SSH session offers you a shell session directly on the SOLIDserver file system.
Updates directly made on configuration files can disturb the running SOLIDserver.
Only experts must use this configuration mode.
2
• SFTP - SCP - RSYNC : SOLIDserver embeds SFTP, SCP and RSYNC protocol to allow the
xfer account to use them respectively.
3
• TFTP : allows to deliver TFTP services in order to send boot and configuration files to DH-
CP/BOOTP clients (such as IP phones, thin clients, bootless stations).
4
• SMTP relay: is the host relay that SOLIDserver uses to send mails.
5
• NTP server: is the address of the Network Time Protocol (NTP) server that it is used to update
the SOLIDserver timer.
• HTTP web server: allows to handle SOLIDserver Apache certificates.
• DNS server: allows to deliver DNS services on SOLIDserver.
• DHCP server: allows to deliver DHCP services on SOLIDserver.
• SNMP server: allows to monitor SOLIDserver performances and load through the SNMP pro-
tocol.
With version 5, EfficientIP introduced a new way of managing the High Availability and the Remote
Management that allows to manage others appliances even directly through the Services Config-
uration page. Therefore, right under the menu on this page you will find a drop-down list called
SOLIDserver that displays all the appliances listed on the All SOLIDserver page of the Adminis-
tration. For more details, refer to the High Availability and Remote Management chapters.
Warning
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems. Set the Time & Date through the GUI following the To
change your appliance time zone and/or date format procedure and refer to the
Configuring the NTP Server section.
Handling Services
SOLIDserver allows you to completely disable a network service. While a network service is
disabled it cannot run. Once a network service is enabled, it's state is automatically updated after
1
SSH stands for Secure Shell.
2
SFTP stands for Secure File Transfer Protocol also known as SSH File Transfer Protocol. SCP stands for Secure Copy. RSYNC
stands for Remote Synchronization.
3
TFTP stands for Trivial File Transfer Protocol server.
4
SMTP stands for Simple Mail Transfer Protocol.
5
NTP stands for Network Time Protocol.
94
Services Configuration
having applied the configuration. To sum up, a user can easily handle the embedded services:
enabling/disabling and starting/stoping every service provided by SOLIDserver. Keep in mind
that d.
Note
Disabling and stopping a service are two different actions but they are linked: dis-
abling a service will automatically stop it. In the same way, enabling a service
will automatically start it.
To enable a service
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column, click on the Disabled link. The Enable a service wizard opens.
4. Click on OK to commit your changes.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
To disable a service
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column, click on the Enabled link. The Disable a service wizard opens.
4. Click on OK to commit your changes.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
To start a service
Note
Once a service is disabled, it cannot be started.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Running column, click on the Stopped link. The Start a service wizard opens.
4. Click on OK to commit your changes.
95
Services Configuration
To stop a service
Note
Once disabled any service is automatically stopped, so you can only stop an enabled
service.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Running column, click on the Started link. The Stop a service wizard opens.
4. Click on OK to commit your changes.
To enable/disable the SSH remote console access for SOLIDserver administration. Please refer
to the Handling services section above.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name, click on the Account: admin link. The wizard opens.
4. Fill in the password of your choice, in accordance with the level of security you chose, in the
New password and Confirm password fields.
5. Click on OK to commit your changes.
1. Low: the password can contain any character and as few as you want.
2. Medium: the password requires at least 8 characters, it can be any character.
3. High: the password requires at least 8 characters, among which at least 2 have to be special
characters (for example: !, #, @...).
96
Services Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on System > Expert > Registry database.
4. Search for the registry key called module.system.ssh_password and click on the digit link
in the Value field. The Modify a register value wizard opens. By default, the password level
is set to 1.
5. Fill in value of your choice with a valid digit (respectively: 1= low, 2 = medium and 3 = high).
6. Click on OK to commit your changes.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on the Account: xfer link. The wizard opens.
4. In the New password field, type in the password of your choice, in accordance with the level
of security you chose.
5. In the Confirm password field, type in the password again.
6. Click on OK to commit your changes.
The xfer account is not enabled and disabled like the services. Only one wizard allows to enable
and disable the account that will manage the SFTP, SCP and RSYNC protocols.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column of the Account: xfer line, click on Disabled. The Enable/Disable the
xfer Account wizard opens.
4. Click on OK to commit your choice. The account is now marked as Enabled.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
97
Services Configuration
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column of the Account: xfer line, click on Enabled. The Enable/Disable the
xfer Account wizard opens.
4. Click on OK to commit your choice. The account is now marked as Disabled.
From the Services configuration page, you can enable uploads from remote appliances to
SOLIDserver GUI.The uploaded files and files available for download will be listed on a dedicated
page of the Local Files Listing page. For more details, refer to the Local Files Listing chapter of
this guide.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under TFTP server, click on the Upload Authorization: Disabled link.
The TFTP File Upload Authorization wizard opens.
4. Click on OK to commit your changes. The report opens and closes. The TFTP Upload Au-
thorizations status is now Enabled.
Once the uploads are enabled, following the procedure above will disable them.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on SMTP relay. The SMTP Relay Configuration wizard opens.
4. In the Outgoing mail server, fill in the valid FQDN or the IPv4 address of the server.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
You can also change the source email address of the outgoing mails and alerts notifications.
98
Services Configuration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under the Mail - SMTP line, click on Default source mail :
noreply@efficientip.com. The Source mail configuration wizard opens.
4. In the Default mail field, type in the email address of your choice.
5. Click on OK to commit your changes. The new address has now replaced the default address
in the list.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under the Mail - SMTP line, click on Alert source mail : noreply@effi-
cientip.com. The Source mail configuration wizard opens.
4. In the Alert mail field, type in the email address of your choice.
5. Click on OK to commit your changes. The new address has now replaced the default address
in the list.
Note
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on the NTP server link. The NTP Servers Configuration wizard
opens.
4. Fill in the NTP address and Stratum fields. The address can be an IPv4 or IPv6 address.
5. Click on ADD to move the data in the NTP servers list.
99
Services Configuration
To update an entry, select the NTP server of you choice, change data and click on UPDATE .
To delete an entry, select the NTP server of your choice and click on DELETE .
At any time, you might need to force the time and date update of the NTP server (for instance
when managing two appliances in HA).
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Under the NTP server line, click on FORCE UPDATE. The Force NTP update wizard opens.
4. Click on OK to commit your choice.
Note
Updating the NTP server time and date will restart all the services that are im-
pacted by the server. Make sure that at least one NTP server is configured and
reachable in the meantime otherwise you + might not be able to access your appliance
at all.
This default certificate is used to make your connection safe from eavesdroppers, but it is not
trusted by your web browser as it is not signed by a Certificate Authority (CA). For this reason,
warning messages appear to inform you that the certificate is not from a trusted certifying authority,
that the hostname of the certificate is invalid, etc.
When you receive such warnings, you can accept the certificate just for the current session, save
it in the certificate store of your browser or authenticate SOLIDserver and eliminate the certificate
warnings altogether. To do so, you must :
• import a CA signed SSL certificate or create your own certificate through the GUI.
• change the HTTPS certificate.
Which is why, SOLIDserver manages X.509 (official and auto-signed SSL certificates), Private
Key certificates as well as the certificate signing requests (CSR).
100
Services Configuration
1. Create a CSR through the GUI to require certificate respecting the CRT format. For more details
refer to the Creating a CSR through the GUI section below.
2. Once the CA sent you a certificate, you can upload it via a *.ZIP or a *.TAR archive file that
contains:
• The certificate that must respect the CRT format and be named "certificate" without extension.
• Your private key named "private_key" without extension.
3. Once your archive file respects the above requirements, you can upload it to SOLIDserver.
For more details refer to the Importing a Certificate to SOLIDserver section below.
4. Once the archive is uploaded, you can use it as new HTTPS certificate. For more details, refer
to the section Changing the HTTPS Certificate.
You can create the CSR yourself or take advantage of SOLIDserver and the CSR creation ded-
icated wizard.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Add > Certificate. The Create an SSL object wizard opens.
6. In the Object Name field, name your certificate.
7. In the SSL File Type drop-down list, select CSR File.
8. If you want to use an existing private key, follow the steps below. Otherwise, go to step 9.
a. Tick the Use a previously generated private key box. The Use key field appears.
b. In the Use key drop-down list, select the one of your private keys or certificates or even
the default entry Apache SSL Key Base or request_auto_key.
c. Click on NEXT . The next page of the wizard opens.
101
Services Configuration
a. In the Country Code field, type in the two letter code of your country.
b. In the State or Province field, type in the state, province or region name in full letters.
c. In the Locality field, type in the city name.
d. In the Organization Name field, type in your company name.
e. In the Organization Unit Name field, type in the name of the department final user among
the company.
f. In the Common Name field, type in the appliance hostname.
g. In the Email address field, type in your email address.
11. Click on OK to commit your import. The report opens and closes. The Authentication key
ring is visible again and lists your certificate.
Once the CSR is created, you will need to send the certificate to the Certificate Authority.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. At the end of the line of the CSR, click on . The properties page opens.
6. In the Certificate panel, click on DOWNLOAD .
Once the CA sent you back a certificate that respects SOLIDserver requirements, you can upload
it.
The certificate upload has to be done from the Authentication key ring page if it respects the fol-
lowing:
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
102
Services Configuration
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Tools > Import. The Import an SSL certificate wizard opens.
6. In the Object type drop-down list, select Certificate.
7. Click on BROWSE and look for the certificate. Once selected, it will be visible in the File name
field.
8. Click on OK to commit your import. The report opens and closes. The Authentication key
ring is visible again and lists your certificate.
Once the certificate is listed on the Authentication key ring page, you can use it as HTTPS certi-
ficate. For more details, refer to the section Changing the HTTPS Certificate.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Add > Certificate. The Create an SSL object wizard opens.
6. In the Object Name field, name your certificate.
7. In the SSL File Type drop-down list, select X509 certificate.
8. If you want to use an existing private key, follow the steps below. Otherwise, go to step 9.
a. Tick the Use a previously generated private key box. The Use key field appears.
b. In the Use key drop-down list, select the one of your private keys or certificates or even
the default entry Apache SSL Key Base or request_auto_key.
c. In the Certificate Validity (days) field, edit the default number of days, 1825, if need be.
d. In the Digest method drop-down list, select MD5, SHA1 or MD2.
e. Click on NEXT . The last page of the wizard opens.
103
Services Configuration
c. In the Certificate Validity (days) field, edit the default number of days, 1825, if need be.
d. In the Digest method drop-down list, select MD5, SHA1 or MD2.
e. Click on NEXT . The last page of the wizard opens.
a. In the Country Code field, type in the two letter code of your country.
b. In the State or Province field, type in the state, province or region name in full letters.
c. In the Locality field, type in the city name.
d. In the Organization Name field, type in your company name.
e. In the Organization Unit Name field, type in the name of the department final user among
the company.
f. In the Common Name field, type in the appliance hostname.
g. In the Email address field, type in your email address.
11. Click on OK to commit your creation. The report opens and closes. The list is visible again
and lists your certificate.
Once the certificate is created, you can use it to change the HTTPS certificate. For more details,
refer to the Using an HTTPS Certificate section below.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Under the HTTP webserver line, click on the SSL Certificate link. The Change the current
SSL certificate wizard opens.
4. In the SSL Certificate drop-down list, select the certificate of your choice. By default, the
Apache SSL Cert Base is available and selected.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.
104
Services Configuration
• configure SNMP V1, V2 and V3 as well as determine which version will be running or down;
• set up SNMP Traps;
• configure the TCP/UDP ports the server listens on.
If the server is not running on the appliance, you will be informed through an information panel.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Click on the SNMP server link. The SNMP Server Configuration wizard opens.
4. In the UDP port and TCP port fields, type in the port number to communicate with the protocol
of your choice. At least one field has to be filled in. By default, the UDP port number used
is 161, you can also use that port with TCP.
5. Click on NEXT . The next page opens. It allows you to configure the SNMP profile, refer to
the table below for more details.
105
Services Configuration
c
DES: Data Encryption Standard — is a widely-used method of data encryption using a private (secret).
When your configuration is complete, click on ADD , the profile is listed in the SNMP access
list field. You can add as many as you need.
To update an entry, select the SNMP profile of your choice, change the data according to
your needs and click on UPDATE .
To delete an entry, select the SNMP profile of your choice and click on DELETE .
6. Click on NEXT when you are done. The last page of the wizard opens. It allows you to set
the SNMP Trap configuration, refer to the table below for more details.
When your configuration is complete, click on ADD , the profile is listed in the Trap list field.
You can add as many as you need.
To update an entry, select the SNMP trap of your choice, change the data according to your
needs and click on UPDATE .
To delete an entry, select the SNMP trap of your choice and click on DELETE .
106
Services Configuration
file of the appliance of your choice: whether the local one or the configuration of one of the appli-
ances you are managing remotely.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the SOLIDserver drop-down list, under the menu, select the appliance for which you want
to download the configuration file.
4. In the menu, select Tools > Download configuration file. The Download configuration file
wizard opens.
5. In the Configuration file drop-down list, select DNS, DHCP, DHCP V6, NSD or Unbound
according to your needs.
6. Click on OK to commit your choice. The report opens, the configuration file is now stored on
the Local files listing page (Administration tab homepage > Maintenance > Local files listing).
If you do not want to download the file on your computer, go to step 8.
7. Click on DOWNLOAD if you want to open the report and/or save it. A new window opens in
your browser:
• If you choose to open the file, it will be opened and downloaded in the download folder of
your browser;
• If you choose to save the file, it will only be saved in the download folder of your browser.
8. Click on CLOSE . The wizard closes and the Services configuration page is visible again. Note
that the report is generated and stored on the Local Files Listing page. For more details re-
garding reports, refer to the chapter Managing Reports of this guide.
107
Chapter 8. Licenses Management
At any point you might need to renew your license because it expired or change it to manage
more services. Before installing an activation key, check that this activation key is compatible for
the appliance you are upgrading. If you do not have an activation key for your SOLIDserver, you
must make an activation key request to EfficientIP. In order to generate your new activation key,
you have to send EfficientIP the reference token of the current SOLIDserver you installed. The
procedure to request a new activation key is explained below.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Licenses, a new page is displayed.
4. In the menu, select Add > Request license, a new page is displayed.
5. Click on the requestlicense@efficientip.com link to copy and paste the token in your current
email tool, or copy and paste it and send it manually by email to requestlicense@efficien-
tip.com with your contract number. EfficientIP will reply by email to you with your new activ-
ation key.
6. The generated license key is unique for this SOLIDserver installation. It cannot be used for
another system.
7. Click on OK to commit your changes.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Licenses, a new page is displayed.
4. In the menu, select Add > License, a new page is displayed.
5. In the opened Add a license wizard, copy the activation key into the License text box.
6. Click on OK to commit your changes.
108
Chapter 9. Shutting Down and Rebooting
The shutdown and the reboot utilities transfer the SOLIDserver file system cache to disk, stop
all running processes and, respectively, halt or restart the system. SOLIDserver supports the
management of its power supplies; once the SOLIDserver operating system is stopped, the power
supplies are automatically turned off.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Shutdown the system
4. The Shutdown wizard appears.
5. Click on OK to commit your changes.
1. From the front panel of the appliance, press the power button during 3 seconds.
2. The appliance will stop automatically, after synchronizing its buffer on the disk.
Rebooting SOLIDserver
To reboot and shutdown a SOLIDserver, you can use the web console or the CLI as well.
109
Shutting Down and Rebooting
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Reboot the system
4. The Reboot wizard appears.
5. Click on OK to commit your changes.
110
Part IV. Global Policies
Table of Contents
10. Managing Alerts ....................................................................................................... 114
Introduction ........................................................................................................... 114
Alerts Definition ............................................................................................. 114
Alerts ........................................................................................................... 114
Browsing the Alerts Database ................................................................................ 115
Adding Alerts ........................................................................................................ 116
Enabling or Disabling Alerts ................................................................................... 119
Forcing the Check of an Alert Definition .................................................................. 119
Acknowledging or Dismissing an Alert .................................................................... 120
Changing an Alert Status ....................................................................................... 120
Deleting Alerts ...................................................................................................... 120
11. Managing Default Behaviors ..................................................................................... 122
Introduction ........................................................................................................... 122
Browsing Default Behaviors ........................................................................... 122
Configuring and Applying IPAM Default Behaviors ................................................... 123
Space Default Behaviors ................................................................................ 123
Block Default Behaviors ................................................................................. 125
Subnet Default Behaviors .............................................................................. 127
Pool Default Behaviors ................................................................................... 130
Address Default Behaviors ............................................................................. 131
Configuring and Applying DHCP Default Behaviors ................................................. 133
Configuring and Applying DNS Default Behaviors .................................................... 135
Propagating Default Behaviors Parameters ............................................................. 137
Setting Default Behaviors Parameters ..................................................................... 137
12. Importing Data ......................................................................................................... 139
Introduction ........................................................................................................... 139
The Import Wizard ......................................................................................... 140
Importing Data to the IPAM .................................................................................... 141
Where to Import IPAM Data ........................................................................... 141
Importing Spaces .......................................................................................... 143
Importing Blocks ........................................................................................... 144
Importing Subnets ......................................................................................... 148
Importing Pools ............................................................................................. 153
Importing Addresses ..................................................................................... 156
Importing VRFs ............................................................................................. 159
Importing VRF Route Targets ......................................................................... 160
Importing Data to the DHCP .................................................................................. 162
Where to Import DHCP Data .......................................................................... 162
Importing Scopes .......................................................................................... 162
Importing Ranges .......................................................................................... 166
Importing Statics ........................................................................................... 169
Importing Data to the DNS ..................................................................................... 173
Where to Import DNS Data ............................................................................ 173
Importing Zones ............................................................................................ 173
Importing Resource Records .......................................................................... 174
Importing Data to NetChange ................................................................................. 176
Where to Import NetChange Data .................................................................. 176
Importing Network Devices ............................................................................ 177
Importing Data to Device Manager ......................................................................... 178
Where to Import Device Manager Data ........................................................... 178
Importing Devices ......................................................................................... 178
112
Global Policies
113
Chapter 10. Managing Alerts
Introduction
SOLIDserver offers a number of customization options that include the alert configuration from
any page. You can either be notified of the changes of your choice (new value, status, etc.) via
email or via an SNMP trap. The alert configuration is quite simple and all alerts, configured or
raised, can be displayed through two pages of the administration module. In other words, the
alerts provide an extra monitoring system.
Both pages display all the available columns so you cannot configure the listing page display.
Alerts Definition
Alerts Definition is a listing page containing all the alerts configured in SOLIDserver. It displays
the configuration details of each alert through six columns: Alert Name, Condition, Created on,
Scheduling, State and Status.
For more details regarding each alert, go to its properties page (through at the end of the line
of each alert) where you will see the severity, priority, recipients of the email, etc.
The Alerts definitions page gives an overview of all the alerts created. Once triggered, an alert
will be listed on that page as well as on the Alerts page.
Alerts
Alerts is a listing page of all the raised alerts that provides further details regarding the page of
SOLIDserver where the alert was set, when it was raised, etc. This page also provides a shortcut
towards the page where you set it.
114
Managing Alerts
Keep in mind that by default only the raised alerts (that have not been either acknowledged or
have been manually back to non acknowledged) are displayed on that page. To display all the
formerly raised alerts, go the To display all the alerts on the Alerts page procedure.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens. Only the raised alerts
are displayed by default.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Alerts. The Alerts list opens. Only the raised alerts are
displayed by default.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
115
Managing Alerts
3. Under the menu, tick the Display all alerts box. All the alerts are listed, whether they are
raised or already acknowleged/dismissed.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Alerts Definition. The Alerts Definition list opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Click on the name of the alert definition. The Alerts page displays all the raised alerts of that
specific definition.
5. Under the menu, tick the Display all alerts box. All the raised alerts are listed.
Note
If nothing is displayed, it means that the alert has never been raised.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. At the end of the line of the alert of your choice, click on . The properties page opens.
Tip
You can also access the properties page through the Info Bar: put your mouse over
the name of the alert of your choice, once the Info Bar appears, click on .
Adding Alerts
From any page within SOLIDserver you can create alerts from the Preferences menu. The main
advantage of the alerts creation is that you can filter the list and then add the alert, which will
automatically take into account the parameters you chose to trigger the alert. So if you decide to
filter the DNS zones list status column with != OK and then add an alert, the alert will be triggered
116
Managing Alerts
when any zone of the page changes status to any other status than OK and send you an email
and/or an SNMP trap depending on your alert configuration.
To add an alert
In this procedure, we will describe the configuration of an alert on the DNS zones page: if any
zone status changes to anything but OK, an alert will be sent.
1. Go to the page of your choice and filter the list according to your needs.
a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS zones icon. The DNS All zones list opens.
c. In the Server column, click on the name of the server of your choice to display the zones
it contains.
d. In the Status column, double-click in the search engine. The filter constructor appears.
e. In the drop-down list, select != (different from).
f. Among the statuses listed, tick OK. OK is now displayed in the field. A new line appears.
g. Click on APPLY . The list is now filtered and only the zones that have a status different
from OK are displayed.
2. In the menu, select Preferences > Add an Alert. The Create an Alert Definition wizard opens.
3. In the Name field, name the alert. By default, he alert is named after the module and page
from where you configure it, in our example DNS: Zones.
4. In the Description field, you can type in a description if needed.
5. In the Expert mode section, tick the box to display the expert configuration fields.
6. Through the Filter results and Value fields, you can configure the alert execution parameters.
For instance, if you do not want the alert to be triggered for less than 2 zones with a status
different from OK, you will select Greater than in the Filter results drop-down list and 2 in
the Value field.
7. In the Triggered by change section, tick the box if you want your alert to match your filter
only by change. In the case of our example, if you do not tick the box and three zones already
correspond to the filter (they could be in delayed create, timeout...), the alert will be triggered
if, at the next check, the zones are still not set to OK.
8. In the Alert Priority drop-down list, define the alert priority. It can be Low, Normal, High, Urgent
or Immediate.
117
Managing Alerts
9. In the Alert Severity drop-down list, define the alert severity. You can choose among Minor,
Major, Crash and Block.
10. In the Alert Group Owner drop-down list, select a group of users among the ones you created.
11. In the Scheduling section, tick the box to display the schedule related fields.
By default, the check is scheduled every 5 minutes of every hour, day and month.
12. In the Send mail section, tick the box to display the email configuration fields.
13. In the SNMP Trap section, tick the box to display the trap configuration fields.
14. Click on OK to commit the alert creation. It is now listed in the Alerts Definitions page and
marked as Released.
118
Managing Alerts
To disable an alert
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to disable.
5. In the menu, select Edit > Disabled. The Disabled an Alert wizard opens.
6. Click on OK to commit the change. The report opens and closes. The list is visible again,
the alert definition is marked as Disabled.
To enable an alert
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to disable.
5. In the menu, select Edit > Enabled. The Enable an Alert wizard opens.
6. Click on OK to commit the change. The report opens and closes. The list is visible again,
the alert definition is marked as Enabled.
Keep in mind that this option does not check the alert definition configuration itself but only if any
alert that matches your definition should be raised.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to check.
5. In the menu, select Tools > Check for matching alerts. The Force alert trigger wizard opens.
119
Managing Alerts
6. Click on OK to commit the check. The report opens and closes. The list is visible again. To
see if the alert is now raised, go to the Alerts page.
To acknowledge an alert
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. Tick the raised alert(s) that you want to acknowledge.
4. In the menu, select Edit > Acknowledge / Dismiss. The Acknowledge / Dismiss an Alert
wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again, the alert is no longer listed. To see it again, tick the Display all alerts box.
Once you acknowledged an alert it may be marked as ACK or DISMISS. If this status is underlined
(generally the latest raised alert instance is), if you click on this status you will be able to change
it back to not acknowledged, i.e. an alert that you still need to deal with.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. Tick the raised alert(s) that you want to acknowledge.
4. In the menu, select Edit > Non Acknowledge. The Non Acknowledge an Alert wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again, the alert is no longer listed marked as ACK or DISMISS.
Deleting Alerts
At any time, you might want to delete an alert. You can do it from the Alerts Definition page.
To delete an alert
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
120
Managing Alerts
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to delete.
5. In the menu, select Edit > Delete an Alert. The Delete an Alert wizard opens.
6. Click on OK to commit the alert deletion. The report opens and closes. The list is visible
again, the alert is no longer listed.
121
Chapter 11. Managing Default Behaviors
Introduction
SOLIDserver allows the members of the admin group to configure, apply, propagate and set
default classes at different levels of the IPAM, DHCP and DNS modules. These default classes,
called default behaviors, are independent from other classes that can be managed through Class
Studio. For more details on classes, refer to the Class Studio chapter of this guide.
These behaviors modify the existing replication rules behaviors and can enable automatic inter-
actions between these three modules and/or additional options within the modules themselves:
• From the IPAM module, you can update the DNS and reserve a DHCP static for every assigned
IP address, configure a subnet as a DHCP shared network and create pools through the subnet
addition wizards.
• From the DHCP module, you can update the IPAM and DNS with the leases information.
• From the DNS module, you can update the IPAM with the corresponding resource records
information and create a PTR record for any new RR in a smart architecture.
Default behaviors can be configured to display or hide related fields in the addition and edition
wizards.
Default behaviors parameters are based on replication and inheritance. When these parameters
are set during the creation or modification of a container, they are automatically inherited by the
new objects that will be created within this container, but not on those it already contains. For
preexisting structures, please refer to the Setting default behaviors parameters and Propagating
default behaviors parameters sections.
122
Managing Default Behaviors
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Spaces icon. The All spaces list opens.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a space and Edit a space wizards. The table below details
the available behaviors:
123
Managing Default Behaviors
6. Click on OK to commit your configuration. The report opens and closes. The All spaces page
is visible again.
Your configuration is now available in the space addition and edition wizards if you select
Configurable behaviors in the Mode drop-down list. Selecting All behaviors will display all
the available behaviors for this type of object regardless of the current default behaviors
configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Spaces icon. The All spaces list opens.
4. Add or edit a space. For more details refer to the Managing IP spaces chapter. The corres-
ponding wizard opens.
5. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
124
Managing Default Behaviors
6. Click on OK to commit your configuration. The report opens and closes. The All spaces page
is visible again.
The default behaviors parameters will now be inherited by on the new objects created in this
space. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Blocks icon. The All blocks list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a block and Edit a block wizards. The table below details the
available behaviors:
125
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All blocks page
is visible again.
Your configuration is now available in the block addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Blocks icon. The All Blocks list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a block. For more details refer to the Managing IP blocks chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
126
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All blocks page
is visible again.
The default behaviors parameters will now be inherited by the new objects created in this
block. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Subnets icon. The All subnets list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a subnet and Edit a subnet wizards. The table below details
the available behaviors:
127
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again.
Your configuration is now available in the subnet addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Subnets icon. The All Subnets list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP subnets chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
128
Managing Default Behaviors
129
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again.
The default behaviors parameters will now be inherited by the new objects created in this
subnet. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Pools icon. The All pools list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkbox to display the default behavior corresponding field
in the Add a pool and Edit a pool wizards. The table below details the available behaviors:
7. Click on OK to commit your configuration. The report opens and closes. The All pools page
is visible again.
Your configuration is now available in the pool addition and edition wizards, both in IPv4 and
IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All behaviors
will display all the available behaviors for this type of object regardless of the current default
behaviors configuration.
130
Managing Default Behaviors
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Pools icon. The All pools list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP pools chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, you can set the default behavior parameter according to the
table below:
7. Click on OK to commit your configuration. The report opens and closes. The All pools page
is visible again.
The default behaviors parameters will now be inherited by the new objects created in this
pool.To apply these parameters on objects it already contains, refer to the Propagating default
behaviors parameters section.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Addresses icon. The All addresses list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add an address and Edit an address wizards. The table below
details the available behaviors:
131
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All addresses
page is visible again.
Your configuration is now available in the address addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Addresses icon. The All Addresses list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP addresses chapter. The
corresponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
132
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All addresses
page is visible again.
• Update the IPAM module with the IP addresses allocated through dynamic addressing (leases).
• Update the DNS resource records database with the leases information.
Note
The following procedures apply to DHCP servers, groups, scopes and ranges in
IPv4 only.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All groups, All scopes or All ranges page depending on your needs.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the addition and edition wizards of the selected object.The table below
details the available behaviors:
133
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All servers, All
groups, All scopes or All ranges page is visible again.
Your configuration is now available in the addition and edition wizards at the level of your
choice, if you select Configurable behaviors in the Mode drop-down list. Selecting All beha-
viors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All groups, All scopes or All ranges page depending on your needs.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. Add or edit the DHCP object of your choice. For more details refer to the DHCP management
part. The corresponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
134
Managing Default Behaviors
7. Click on OK to commit your configuration. The report opens and closes. The All servers, All
groups, All scopes or All ranges page is visible again.
The default behaviors parameters will now be inherited by the new objects created in the
selected server, group, scope or range. To apply these parameters on objects it already
contains, refer to the Propagating default behaviors parameters section.
• Update the IPAM module with the corresponding DNS resource records information.
• Create a PTR record for any new RR created in the DNS server(s) of a smart architecture.
Note
The following procedures apply to DNS servers, views and zones.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All views, or All zones page depending on your needs.
135
Managing Default Behaviors
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the addition and edition wizards of the selected object.The table below
details the available behaviors:
6. Click on OK to commit your configuration. The report opens and closes. The All servers, All
views, or All zones page is visible again.
Your configuration is now available in the addition and edition wizards at the level of your
choice, if you select Configurable behaviors in the Mode drop-down list. Selecting All beha-
viors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the DNS Servers, Views or Zones icon. The corresponding listing page opens.
4. Add or edit the DNS object of your choice. For more details refer to the DNS management
part. The corresponding wizard opens.
5. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:
6. Click on OK to commit your configuration. The report opens and closes. The All servers, All
views, or All zones page is visible again.
The default behaviors parameters will now be inherited by the new objects created in the
selected server, view, or zone. To apply these parameters on objects it already contains,
refer to the Propagating default behaviors parameters section.
136
Managing Default Behaviors
For instance, if a DNS server has been specified at the space level, propagating the default be-
haviors of said space will only apply to the blocks, subnets, pools and addresses it manages for
which a DNS server has not already been set. To overwrite the value of a default behavior
parameter on one or several objects, refer to the Setting Default Behaviors Parameters section.
• IPAM: spaces, blocks, subnets and pools (both in IPv4 and IPv6).
• DHCP: servers, groups, scopes and ranges (Only in IPv4).
• DNS: servers, views and zones.
Note
The Propagate default behaviors parameters option does not apply to VLAN and
Device Manager default behaviors.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the container of your choice. You will be able to propagate some or all of its default
behaviors parameters.
5. In the menu, select Tools > Expert > Propagate default behaviors parameters. The
Propagate class parameters wizard opens.
6. In the Parameters list, select one by one the parameters you want to propagate and click
on .The parameters are moved to the Selected parameters list.You can remove parameters
from this list using .
7. Click on OK to commit the propagation. The report opens and closes. The list is visible again.
The behaviors have been propagated unless they already had a value: none of the existing
parameters have been overwritten.
The new value set for a parameter can also be propagated to all the objects managed by the
selected containers.
137
Managing Default Behaviors
Note
The Set default behaviors parameters option does not apply to VLAN and Device
Manager default behaviors.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the object(s) for which you want to set default behaviors parameters.
5. In the menu, select Tools > Expert > Set default behaviors parameters. The Update IP ad-
dress parameters wizard opens.
6. In the Parameter drop-down list, select the parameter of your choice.The Value drop-down
list appears.
7. In the Value drop-down list, select the parameter value.
8. Click on OK to commit the changes. The report opens and closes. Any parameter value
previously set for this object has been overwritten.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the object(s) for which you want to set and propagate default behaviors parameters.
5. In the menu, select Tools > Expert > Set default behaviors parameters. The Update IP ad-
dress parameters wizard opens.
6. In the Parameter drop-down list, select the parameter of your choice.The Value drop-down
list appears.
7. In the Value drop-down list, select the value that suits your needs.
8. Tick the Propagate checkbox. If you do not tick this checkbox, the default behavior parameter
will be set only on the selected objects and will not be replicated at the lower levels.
9. Click on OK to commit the changes. The report opens and closes. The list is visible again.
Any parameter value previously set has been overwritten for the selected container(s) and
for all the objects it contains.
Warning
It is possible, but highly inadvisable, to allow members of other groups than the admin
group to set or propagate default behaviors. The Propagate class parameters and
Update IP address parameters permissions can thus be granted through the IPAM
panel located in the properties page of non-admin groups. For more details, refer to
the Defining the Group Permissions section.
138
Chapter 12. Importing Data
Introduction
SOLIDserver provides a simple tool to massively import data from CSV files on any listing page
of the IPAM, DHCP, DNS, NetChange and Device Manager modules. The standard data import
format is CSV. On some pages other formats are required, these specific imports are described
in each module.
There is a set of basic information that need to be taken into account before going through with
the import:
• The user importing the data must have the corresponding administrative rights
For instance, importing subnets into a block implies that the user has administrative rights over
the said block. Other subnets, attached to blocks that are out of the perimeter of user authority,
cannot be imported.
• The object parameters that you can import correspond to the columns of the listing
page
That way, you can import the name of the object container: if you export a list of zones you
can also import the name of the server and view they belong to and easily recreate the whole
hierarchy of objects you exported in the first place.
• An import is generated one page at a time
If you are importing zones from the All zones page in the DNS, you will only import the zones
themselves but not the RRs they contain.
• An import can be done from the object list or from a higher level of the hierarchy
Every module allows to import data from the object listing page itself or from the containing
object page. For that reason, importing a space can only done from the All spaces page but
you can import subnets from the All subnets page or from the All spaces or All blocks page.
• An import is done at a specific time
Importing data is merely importing a list to the corresponding page of SOLIDserver. However,
you can import several lists one after the other.
• An import can overwrite the existing listing page data
The import wizard last step allows to overwrite the existing page data or not.
• An import can take into account or ignore the class parameters saved on the import
CSV file
The import wizard last step allows to import or ignore the class parameters saved in the CSV
file list.
• If the page does not have the Import Option in the Add menu you cannot import data
Within SOLIDserver, almost any listing page allows the import. As for the import of CSV files,
the Add menu will contain Import > CSV <data>. To see the whole list of pages where you can
import data within SOLIDserver, refer to the table in each module-dedicated import section
below.
139
Importing Data
1 In this section, you need to specify the CSV import file details; this will speed up the checking
process. The 6 first fields are displayed on the import wizard, no matter what object you are
importing.
140
Importing Data
2 In this section, you can create an import template. This section is not part of the NetChange
import wizard nor is the Save template field in the Custom data import wizard.
3 In this section are displayed some of the object parameters (columns) that you can import.
Once you click on NEXT , the Class parameters page will open and like the section 3 here above,
you will have a section of drop-down lists available. You will have as many fields as there are
class parameters configured by you or your administrator in the corresponding database. None
of the fields are required, it simply allows to make an import as specific and detailed as possible.
Once you click on NEXT , the CSV import parameters page of the wizard opens.
1 In this drop-down list, you can replace the exiting data with your CSV file data.
2 In this drop-down list, you can keep or overwrite the object class parameters saved on the
database where you are importing the list.
3 The CHECK button performs a data validity check of the content of the CSV file. Therefore
the last pages of the wizard will be couple a report pages: one that validates the data and
another that confirms the import and might indicate why some elements have not been im-
ported.
141
Importing Data
Table 12.2. Pages of the IPAM Where you Can Import CSV Files
IPAM page Objects that can be imported Option name in the Add > Import
menu
All spaces Spaces CSV spaces
Blocks CSV blocks
Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
IPv6 blocks CSV blocks (v6)
IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
RIPE blocks RIPE block
RIPE Inetnums RIPE Inetnums
IPv6 RIPE blocks RIPE Blocks (v6)
IPv6 RIPE Inetnums RIPE Inetnums (v6)
All blocks Blocks CSV blocks
Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
RIPE blocks RIPE blocks
RIPE Inetnums RIPE Inetnums
All blocks (v6) IPv6 blocks CSV blocks (v6)
IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
RIPE IPv6 blocks RIPE block (v6)
RIPE Inetnums (v6) RIPE Inetnums (v6)
All subnets Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
RIPE Inetnums RIPE Inetnums
All subnets (v6) IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
IPv6 RIPE Inetnums RIPE Inetnums (v6)
All pools Pools CSV pools
Addresses CSV addresses
All pools (v6) IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
142
Importing Data
IPAM page Objects that can be imported Option name in the Add > Import
menu
All addresses Addresses CSV addresses
All addresses (v6) IPv6 addresses CSV addresses (v6)
All AS Numbers Autnums CSV Autnums
RIPE Autnums RIPE Autnums
All VRFs VRFs CSV VRFs
VRF Route Targets CSV VRF Route Targets
All VRF Route Targets VRF Route Targets CSV VRF Route Targets
Importing Spaces
When importing one or several spaces, the import wizard will always contain at least 14 drop-
down lists that correspond to columns that you can display on the All spaces listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.
On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: only the Name field is compulsory. The other parameters on this
page and any other parameter that you will find on the next page, Class parameters, are optional
and can be left blank.
Keep in mind that from the All spaces page you can also import IPv4 or IPv6 blocks, subnets,
pools and addresses, refer to the section Where to Import IPAM Data above for more details.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Import > CSV spaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:
143
Importing Data
Parameters Description
Description Select the column corresponding to the space(s) description. This field
is optional.
Parent space Select the column corresponding to the space(s) parent space (VLSM),
if relevant. This field is optional.
Class parameters Select the column corresponding to the space(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Class name Select the column corresponding to the space(s) class name. This field
is optional.
8. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the corresponding columns contained to your CSV file to import the needed data.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All spaces list. Your space list in now updated.
Importing Blocks
When importing one or several blocks, the import wizard will always contain at least 18 drop-
down lists that correspond to columns that you can display on the All blocks listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.
When importing a list from the All blocks list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the First address
field and any field that indicates the block size are compulsory - Last address, Netmask, Prefix
or Size. The other parameters on this page and any other parameter that you will find on the next
page, Class parameters, are optional and can be left blank.
144
Importing Data
Keep in mind that from the All blocks page, either IPv4 or IPv6, you can also import subnets,
pools and addresses, refer to the section Where to Import IPAM Data above for more details.
Note that the procedures below are based on an import made on the All blocks page. However,
you can of course go to the all blocks list of a particular space to import blocks. In this case, the
containing space will not be required during the import. This allows you to import a block from
any space into the space that suits your needs.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks.
4. In the menu, select Add > Import > CSV blocks. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The First address field and any field that indicates the block size
(Last address, Netmask, Prefix or Size) are required. The different fields are detailed in the
table below:
145
Importing Data
Parameters Description
ing spaces are also listed, select the space where you want import the
block(s). This field is compulsory.
9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All blocks list. Your blocks list in now updated.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > CSV blocks (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
146
Importing Data
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The First address, Prefix and Space name fields are required. The
different fields are detailed in the table below:
9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All blocks list. Your blocks list in now updated.
147
Importing Data
Importing Subnets
When importing one or several subnets, the import wizard will always contain at least 26 drop-
down lists that correspond to columns that you can display on the All subnets listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.
When importing a list from the All subnets page, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the Address, Name,
Space name and one of the Prefix, Size or Netmask fields are compulsory. The other parameters
on this page and any other parameter that you will find on the next page, Class parameters, are
optional and can be left blank.
The subnet import configuration wizard offers very useful options and configuration to the user:
Caution
The subnet import wizard displays on the same page the options imbricated
subnet and VLSM space name, however configuring both these options
during an import will trigger error messages as the VLSM space name will
prevail and the imbricated subnets will be ignored. You need to configure these
options separately if you need them both in your network configuration.
148
Importing Data
Keep in mind that if you want to import a subnets hierarchy without ticking this box, they will
be imported in an Orphan subnets container following the order saved in the .csv file: the
first items will be imported, the rest will be considered overlap, trigger an error message and
not be imported at all.
Besides, if you choose to import a subnets hierarchy into a space not containing any
block to welcome it: the first non terminal subnet will become a block.
Finally, if you want to import a subnets hierarchy into a space that already contains a block
matching even partially the range of addresses of the first non terminal subnet:
• If the block is bigger than the first non terminal subnet, the whole hierarchy is created
within the block, but only if there is enough space available. Otherwise, the report displays
an error message and only the subnets that fit in the block are imported.
• If the block and the first non terminal subnet are the same size, the first non terminal
subnet is ignored, the block already matches its ranges of addresses.The subnets contained
in the non terminal subnet are imported in the block if there is enough space for them in
the block. Otherwise, the report displays an error message and only the subnets that fit in
the block available addresses are imported.
Keep in mind that from the All subnets page, either IPv4 or IPv6, you can also import pools and
addresses, refer to the section Where to Import IPAM Data above for more details.
Note that the procedures below are based on an import made on the All subnets list. However,
you can of course go to the all subnets list of a particular space or block to import subnets. In
this case, the containing space will not be required during the import. This allows you to import
a subnet from any space or block into the container that suits your needs.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Address, Name, Space name field and any field that indicates
the subnet size (Netmask, Prefix or Size) are required. The different fields are detailed in
the table below:
149
Importing Data
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
150
Importing Data
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All subnets list. Your blocks list in now updated.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Import > CSV subnets (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The Address, Prefix, Name and Space name fields are required.
The different fields are detailed in the table below:
151
Importing Data
Parameters Description
indicate the subnet size during the import. It is compulsory to choose at
least one of these fields.
Name Select the column corresponding to the subnet(s) name. This field is
compulsory.
Class name Select the column corresponding to the subnet(s) class name. This field
is optional.
Class parameters Select the column corresponding to the subnet(s)-related combination of
parameters, in URL format, if need be. This field is optional.
VLSM space If you set up a Variable Length Subnet Masks (VLSM) organization of
your network spaces, select at the bottom of the list, the sub space that
will use the subnet your are importing as a block. Note that this option
cannot work in association with the imbricated subnet option at the bottom
of the list.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. At the bottom of the list of columns of the
CSV file, the existing spaces are also listed, select the space where you
want import the subnet(s). This field is compulsory.
Imbricated sub- Tick this box if you want to import a hierarchy of non terminal and terminal
nets subnets. You cannot use this option if you are setting up a VLSM import
using the VLSM space name option.
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All subnets list. Your blocks list in now updated.
152
Importing Data
Importing Pools
When import one or several pools, the import wizard will always contain at least 8 drop-down
lists that correspond to columns that you can display on the All pools listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured at this level of the IPAM module.
Note
You cannot import pools in an empty space: to successfully import pools, you need
a subnet that can receive them.
When importing a list from the All pools list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the First ad-
dress, Name and Space name fields and any field that indicates the pool size are compulsory.
The other parameters on this page and any other parameter that you will find on the next page,
Class parameters, are optional and can be left blank.
Keep in mind that from the All pools page, either IPv4 or IPv6, you can also import addresses,
refer to the section Where to Import IPAM Data above for more details.
Note that the procedures below are based on an import made on the All pools list. However, you
can of course go to the all pools list of a particular space, block or subnet to import pools. In this
case, the containing space will not be required during the import. This allows you to import a pool
from any space, block or subnet into the container that suits your needs.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The First address, Name, Space name and one of the two size-
related fields (Last address or Size) are required. The different fields are detailed in the table
below:
153
Importing Data
Parameters Description
Last address Select the column corresponding to the pool(s) last (end) address. If you
do not specify the pool Last address you will need to indicate the Size
(line below).
Size Select the column corresponding to the pool(s) size. If you do not specify
the pool Size you will need to indicate the Last address (line above).
Name Select the column corresponding to the pool(s) name. This field is com-
pulsory.
Read only Select the column corresponding to the pool(s) reservation status. This
field is optional.
Class name Select the column corresponding to the pool(s) class name. This field is
optional.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. If not, see the next line detailing the Use
best space option. This field is compulsory.
Use best space Select this option if you do not have a Space name column in your CSV
[Space name file.
field option]
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All pools list. Your blocks list in now updated.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
154
Importing Data
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The First address, Last address, Name and Space name fields
are required. The different fields are detailed in the table below:
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
155
Importing Data
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All pools list. Your blocks list in now updated.
Importing Addresses
When import one or several addresses, the import wizard will always contain at least 28 drop-
down lists that correspond columns that you can display on the All addresses listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.
When importing a list from the All addresses list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the IP address,
Name and Space name fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.
Note
You can import addresses in an empty space, they will be saved in an Orphan Sub-
nets entity.
Note that the procedures below are based on an import made on the All addresses list. However,
you can of course go to the all addresses list of a particular space, block, subnet or pool to import
addresses. In this case, the containing space will not be required during the import. This allows
you to import an address from any space, block, subnet or pool into the container that suits your
needs.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
156
Importing Data
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The IP address, Name and Space name fields are required.
The different fields are detailed in the table below:
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
157
Importing Data
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All addresses list. Your blocks list in now updated.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 addresses.
4. In the menu, select Add > Import > CSV subnets (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The IP address, Name and Space name fields are required.
The different fields are detailed in the table below:
9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
158
Importing Data
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All addresses list. Your blocks list in now updated.
Importing VRFs
The VRF import requires little information to be effective.
When importing a list from the All VRFs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the VRF name
and VRF RD ID fields are compulsory.
Keep in mind that from the All VRFs page, you can also import VRF Route Targets, refer to the
section Where to Import IPAM Data above for more details.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Add > Import > CSV VRFs. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
159
Importing Data
7. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The VRF name and VRF RD ID fields are required. The different
fields are detailed in the table below:
8. Click on NEXT . If you or your administrator configured classes at the VRF level, the CSV
class parameters page opens. Choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All VRFs list. Your VRF list in now updated.
160
Importing Data
When importing a list from the All VRFs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the Source
RD ID of the VRF Route Targets and Target RD ID of the VRF Route Targets fields are compulsory.
As the VRFs are already in the database, the name will be retrieved and displayed on the listing
page once the Route Targets are imported.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > Import > CSV VRF Route Targets. The Import a CSV file wizard
opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The Source RD ID of the VRF Route Targets and Target RD
ID of the VRF Route Targets fields are required. The different fields are detailed in the table
below:
9. Click on NEXT . If you or your administrator configured classes at the VRF level, the CSV
class parameters page opens. Choose the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
161
Importing Data
Fields Description
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All VRF Route Targets list. Your VRF Route Targets list in
now updated.
Table 12.25. Pages of the DHCP Where you Can Import CSV Files
DHCP page Objects that can be imported Option name in the Add > Import
menu
All scopes Scopes CSV scopes
Ranges CSV ranges
Statics CSV statics
All scopes (v6) IPv6 scopes CSV scopes
IPv6 ranges CSV ranges
IPv6 statics CSV statics
All ranges Ranges CSV ranges
All ranges (v6) IPv6 ranges CSV ranges
All statics Statics CSV statics
All statics (v6) IPv6 statics CSV statics
Importing Scopes
Several scope files can be successively imported into the same DHCP server. It allows you to
merge scopes coming from different DHCP configurations in one unique DHCP server. DHCP
scopes can be imported into one or several DHCP servers. In the following example, we will explain
how to import DHCP scopes from a CSV file into the all scopes list. However, you can also go
to the scopes list of a specific server. If you plan on importing scopes into different servers, make
sure that your CSV file contains a column dedicated to the server name.
162
Importing Data
When importing one or several scopes, the import wizard will always contain a set of drop-down
lists that correspond to columns that you can display on the All scopes listing page. The number
of fields that might be required depends on the class parameters you or your administrator might
have configured at this level of the DHCP module. For instance, the CSV file can contain addi-
tional columns to define DHCP options, such as router (default gateway), domain name, or domain
server. Refer to the Configuring DHCP Options chapter for more details regarding DHCP options.
On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: only the address related field and server name field are compulsory.
The other parameters on this page and any other parameter that you will find on the next page,
Class parameters, are optional and can be left blank.
Keep in mind that from the All scopes page you can import IPv4 or IPv6 scopes as well as ranges
and statics, refer to the section Where to Import DHCP Data above for more details.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > CSV scopes. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Address, any field that indicates the scope size (Prefix, Netmask
or Size) and the DHCP server fields are required. The different fields are detailed in the table
below:
163
Importing Data
Fields Description
Failover Select the column corresponding to the scope(s) failover. This field is
optional.
Class name Select the column corresponding to the scope(s) class name. This field
is optional.
Class parameters Select the column corresponding to the scope(s)-related combination of
parameters, in URL format, if need be. This field is optional.
DHCP server Select the column corresponding to the scope(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the scope(s). This field
is compulsory.
9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.
12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 scopes.
4. In the menu, select Add > Import > CSV scopes. The Import a CSV file wizard opens.
164
Importing Data
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Prefix)
and the DHCP server field are required. The different fields are detailed in the table below:
9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for IPv6 scopes. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.
165
Importing Data
Fields Description
Keep the existing This drop-down list refers to the existing class parameters of the scopes
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.
12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
Importing Ranges
The DHCP ranges can be imported separately from the scope procedure, but a scope must be
created (or imported) first as it will contain the range.
When importing one or several ranges, the import wizard will always contain a set of drop-down
lists that correspond to columns that you can display on the All ranges listing page. The number
of fields that might be required depends on the class parameters you or your administrator might
have configured at this level in DHCP module. For instance, the CSV file can contain additional
columns to define DHCP options for IPv4 ranges, such as router (default gateway), domain name,
or domain server. Refer to the Configuring DHCP Options chapter for more details regarding
DHCP options.
On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: the start address, range size-related and server name fields are
compulsory. The other parameters on this page and any other parameter that you will find on the
next page, Class parameters, are optional and can be left blank.
Keep in mind that from the All ranges page you can also import IPv4 or IPv6 ranges, refer to the
section Where to Import DHCP Data above for more details.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The DHCP All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. In the menu, select Add > Import > CSV ranges. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
166
Importing Data
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Size)
and the DHCP server field are required. The different fields are detailed in the table below:
9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ranges. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.
12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
167
Importing Data
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All ranges list. Your blocks list in now updated.
Note
In IPv6, there are no DHCP options, so the step will obviously be automatically be
skipped in the following procedure.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The DHCP All ranges list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 ranges.
4. In the menu, select Add > Import > CSV ranges. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Size)
and the DHCP6 server field are required. The different fields are detailed in the table below:
168
Importing Data
Fields Description
DHCP6 server Select the column corresponding to the range(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the range(s). This field
is compulsory.
9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for IPv6 ranges. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.
11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All ranges list. Your blocks list in now updated.
Importing Statics
The DHCP statics can be imported in a DHCP server. When importing one or several statics, the
import wizard will always contain a set of drop-down lists that correspond to columns that you
can display on the All statics listing page. The number of fields that might be required depends
on the class parameters you or your administrator might have configured at this level of the DHCP
module. For instance, the CSV file can contain additional columns to define DHCP options, such
as router (default gateway), domain name, or domain server. Refer to the Configuring DHCP
Options chapter for more details regarding DHCP options.
On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: the DHCP static name and server name fields are compulsory in
both versions. The import of IPv4 statics will require the MAC address as well. The other para-
meters on this page and any other parameter that you will find on the next page, Class parameters,
are optional and can be left blank.
Keep in mind that from the All statics page you can also import IPv4 or IPv6 statics, refer to the
section Where to Import DHCP Data above for more details.
169
Importing Data
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The DHCP All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 statics.
4. In the menu, select Add > Import > CSV statics. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DHCP static name field, MAC address and the DHCP server
field are required. The different fields are detailed in the table below:
9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for statics. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.
170
Importing Data
12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All statics list. Your blocks list in now updated.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The DHCP All statics list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 statics.
4. In the menu, select Add > Import > CSV statics. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DHCP static name field, MAC address and the DHCP server
field are required. The different fields are detailed in the table below:
171
Importing Data
Field Description
MAC address | Client Select the column corresponding to the static(s) MAC address or the
DUID static(s) Client DUID. One these two drop-down lists needs to be
filled to identify the static(s) client. It is compulsory to choose at least
one of these fields.
DHCP group Select the column corresponding to the static(s) group. This field is
optional.
DHCP static class Select the column corresponding to the static(s) class name. This
name field is optional.
Class parameters Select the column corresponding to the static(s)-related combination
of parameters, in URL format, if need be. This field is optional.
DHCP6 server Select the column corresponding to the static(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are
also listed, select the server where you want to import the static(s).
This field is compulsory.
9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for statics. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.
12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All statics list. Your blocks list in now updated.
172
Importing Data
Table 12.38. Pages of the DNS Where you Can Import CSV Files
DNS page Objects that can be imported Option name in the Add > Import
menu
All zones Zones CSV zones
All RRs Resource records CSV RRs
Importing Zones
When importing one or several zones, the import wizard will always contain drop-down lists that
correspond to columns that you can display on the All zones listing page. It can contain more
fields that might be required depending on the class parameters you or your administrator might
have configured at this level of the DNS module.
When importing a list from the All zones list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the DNS zone
name, DNS zone type and DNS server name fields are compulsory. The other parameters on
this page and any other parameter that you will find on the next page, Class parameters, are
optional and can be left blank.
Note that the procedures below are based on an import made on the All zones page. However,
you can of course go to the all zones list of a particular server. In this case, the containing server
name will not be required during the import. This allows you to import a zone from any server
into the server that suits your needs.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > Import > CSV zones. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DNS zone name, DNS zone type and DNS server name fields
are required. The different fields are detailed in the table below:
173
Importing Data
8. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
9. Click on NEXT . The CSV import parameters page appears.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
174
Importing Data
When importing a list from the All RRs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the RR name,
Value 1, Zone name and RR type fields are compulsory. The other parameters on this page and
any other parameter that you will find on the next page, Class parameters, are optional and can
be left blank.
Note that the procedures below are based on an import made on the All RRs page. However,
you can of course go to the all RRs list of a particular server or zone. This allows you to import
RRs from any zone or server into the zone that suits your needs.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All RRs list opens.
3. In the menu, select Add > Import > CSV RRs. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The RR name, Value 1 and RR type fields are required. The different
fields are detailed in the table below:
175
Importing Data
Fields Description
Zone name Select the column corresponding to the RR(s) zone name. This field is
compulsory.
DNS view Select the column corresponding to the RR(s) view name. This field is
optional.
DNS server Select the column corresponding to the RR(s) server name. This field is
optional.
RR type Select the column corresponding to the RR(s) type. At the bottom of the
list of columns of the CSV file, the existing RR types are also listed, you
can choose one of them. This field is compulsory.
9. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 11.
10. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
11. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it
go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
13. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
Table 12.43. Pages of NetChange Where you Can Import CSV Files
NetChange page Objects that can be imported Option name in the Add > Import
menu
All network devices Network devices CSV file
176
Importing Data
When importing a list from the All zones list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the Target
space field is compulsory. The other parameters on this page and any other parameter that you
will find on the next page are optional and can be left blank.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Add > Import > CSV file. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line. For
more details, refer to the CSV Fields Association Description table in the Introduction section
of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Target space field is required. The different fields are detailed
in the table below:
177
Importing Data
If you do not select any, NetChange will use the standard v2c.
9. Click on OK to commit the import. The Report opens and work for a while: the import pro-
gression is visible. Once the import is over, the report lists the IP addresses imported as well
as the existing ones. If you want to download that final report, refer to the next step. If you
do not want to download it, go to step 11.
10. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
11. Click on CLOSE to go back to the All network devices list. Your list in now updated.
Table 12.46. Pages of Device Manager Where you Can Import CSV Files
Device Manager page Objects that can be imported Option name in the Add > Import
menu
All devices Devices CSV devices
Ports and/or interfaces CSV interfaces
All ports & interfaces Ports and/or interfaces CSV interfaces
Importing Devices
When importing one or several devices, the import wizard will always contain drop-down lists
that correspond to columns that you can display on the All devices listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.
When importing a list from the All devices list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the device
Name field is compulsory. The other parameters on this page and any other parameter that you
will find on the next page, Class parameters, are optional and can be left blank.
Keep in mind that from the All devices page, you can also import ports and interfaces, refer to
the section Where to Import IPAM Data above for more details.
178
Importing Data
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Import > CSV devices. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name field is required. The different fields are detailed in the
table below:
8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for devices. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
179
Importing Data
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
When importing a list from the All ports & interfaces list, on the CSV fields association page of
the import wizard, you will always find a set of drop-down lists at the bottom of the page: the
Name, Type and Device fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.
Note that the procedure below is based on an import made on the All ports & interfaces page.
However, you can of course go to the all ports & interfaces list of a particular device. In this case,
the containing device will not be required during the import.
This import can be done from the All Devices list or the All ports & interfaces list.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All devices list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name field is required. The different fields are detailed in the
table below:
180
Importing Data
Parameters Description
Type Select the column corresponding to the port(s) and/or interface(s) type.
This field is compulsory.
MAC address Select the column corresponding to the port(s) and/or interface(s) MAC
address. This field is optional.
Class name Select the column corresponding to the port(s) and/or interface(s) class
name. This field is optional.
Class parameters Select the column corresponding to the port(s) and/or interface(s)-related
combination of parameters, in URL format, if need be.This field is optional.
Device Select the column corresponding to the port(s) and/or interface(s) device
name. At the bottom of the list of columns of the CSV file, the existing
devices are also listed, select the device where you want to import the
port(s) and/or interface(s). This field is compulsory.
8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
181
Importing Data
Table 12.51. Pages of VLAN Manager Where you Can Import CSV Files
VLAN Manager page Objects that can be imported Option name in the Add > Import
menu
All domains Domains CSV domains
Ranges CSV ranges
VLANs CSV VLANs
All ranges Ranges CSV ranges
VLANs CSV VLANs
All VLANs VLANs CSV VLANs
When importing a list from the All domains list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the domain Name,
Start ID and End ID fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.
Keep in mind that from the All domains page, you can also import ranges and VLANs, refer to
the section Where to Import VLAN Manager Data above for more details.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the menu, select Add > Import > CSV devices. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name, Start ID and End ID fields are required. The different
fields are detailed in the table below:
182
Importing Data
8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for devices. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
183
Importing Data
When importing a list from the All ranges list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the range Name,
Start ID, End ID and Domain fields are compulsory. The other parameters on this page and any
other parameter that you will find on the next page, Class parameters, are optional and can be
left blank.
Keep in mind that from the All ranges page, you can also import VLANs, refer to the section
Where to Import VLAN Manager Data above for more details.
Note that the procedure below is based on an import made on the All ranges page. However,
you can of course go to the All domains list of a particular device. In this case, the containing
domain will not be required during the import.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name, Start ID, End ID and Domain fields are required.The
different fields are detailed in the table below:
184
Importing Data
8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
Importing VLANs
When importing one or several VLANs, the import wizard will always contain drop-down lists that
correspond to columns that you can display on the All VLANs listing page. It can contain more
fields that might be required depending on the class parameters you or your administrator might
have configured.
When importing a list from the All VLANs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the VLAN ID, Range
and Domain fields are compulsory. The other parameters on this page and any other parameter
that you will find on the next page, Class parameters, are optional and can be left blank.
Note that the procedure below is based on an import made on the All VLANs page. However,
you can of course go to the All domains and All ranges list of a particular device. In this case,
the containing domains and range will not be required during the import.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.
185
Importing Data
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The VLAN ID, Range and Domain field is required. The different
fields are detailed in the table below:
8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
186
Importing Data
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.
Table 12.58. Pages of the Administration Module Where you Can Import CSV Files
Administration page Objects that can be imported Option name in the Add > Import
menu
Groups Groups of users CSV groups
Users Users CSV file
RIPE users RIPE persons
Custom data Custom data CSV custom data
Importing Groups
When importing one or several groups of users, the import wizard will always contain at least 5
drop-down lists that correspond to columns that you can display on the Group listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured.
When importing a list from the Group list, on the CSV fields association page of the import wizard,
you will always find a set of drop-down lists at the bottom of the page: only the device Name field
is compulsory. The other parameters on this page and any other parameter that you will find on
the next page, Class parameters, are optional and can be left blank.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Groups icon. The Groups list opens.
3. In the menu, select Add > Import > CSV groups. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:
187
Importing Data
8. Click on NEXT . The CSV class parameters if you or your administrator created classes for
groups. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the Group list. Your space list in now updated.
Importing Users
When importing one or several users, the import wizard will always contain at least 10 drop-down
lists that correspond to columns that you can display on the Group listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.
188
Importing Data
When importing a list from the User list, on the CSV fields association page of the import wizard,
you will always find a set of drop-down lists at the bottom of the page: only the device Login field
is compulsory. The other parameters on this page and any other parameter that you will find on
the next page, Class parameters, are optional and can be left blank.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users icon. The Users list opens.
3. In the menu, select Add > Import > CSV file. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:
189
Importing Data
8. Click on NEXT . The CSV class parameters if you or your administrator created classes for
users. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the User list. Your space list in now updated.
When importing a list from the Custom data list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: they are all named
Value <number> which corresponds to the default columns name of a custom DB. Only the Value
1 field is compulsory. The other parameters on this page and any other parameter that you will
find on the next page, Class parameters, are optional and can be left blank.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database list opens.
3. In the Name column, click on the name of the custom database of your choice. The Custom
data list of that database opens.
4. In the menu, select Add > Import > CSV custom data. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
190
Importing Data
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.
Configure the import through the Delimiter, Enclosure, Input format, Skip the first line and
Template fields. For more details, refer to the CSV Fields Association Description table in
the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. There are in total 10 fields named Value 1 through to Value 10. The
Value 1 is the only required field.
9. Click on NEXT . The CSV import parameters page opens.
10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the Custom data list. Your space list in now updated.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
191
Importing Data
3. In the panel of your choice, select the Import: <template_name> you want to rename.
4. Click on RENAME . The Rename template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The name changes in
the list.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Import: <template_name> you want to delete.
4. Click on DELETE . The Delete template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The template is no longer
listed.
192
Chapter 13. Exporting Data
Introduction
Within SOLIDserver, you can export data from almost any listing page. Exporting data follows a
set of rules that you need to keep in mind:
• The object parameters that you can export correspond to the columns of the listing
page
That way, on the one hand you can export the name of the object container: if you export a list
of zones you can also export the name of the server and view they belong to. And on the other
hand, you can export the customized parameters that you created through Class Studio and
displayed as columns. These columns will be preceded by the mention Class param: in the
wizard.
• An export is generated one level at a time
If you are exporting zones from the All zones page in the DNS, you will only export the zones
themselves but not the RRs they contain.
• An export can be generated in five different formats
1
You can export lists of objects in .csv, .html, .xml, .xls and .pdf . Only the .csv file format provides
the possibility to reimport the list again in the GUI.
• An export can take into account from 1 to n objects
On any listing page, exporting data will take into account every object listed. However, if you
tick one or more elements, only the parameters of the ones you ticked will be exported.
• An export can be done at a specific time or scheduled to be generated regularly
From the export wizard, you can choose to export the data right away or later on, even on a
regular basis and at the frequency of your choosing.
• An export name provides time and format information
An export is always named after its format and moment of generation, never after what it con-
tains. Each export is named as follows: export_<extension>_<date>_<time>.<extension>.
Where extension refers to the export format; date is displayed as such: YYYYMMDD and time
as such: HHMMSS. For instance, "export_excel_20130301_073042.xls" is an export generated
in EXCEL on March 1st, 2013 at 07:30:42.
• If the page does not have the Report menu you cannot export the data listed
Within SOLIDserver, almost any listing page allows to export data. To see the whole list of
pages where you can export data, refer to the section Pages Where The Export is Possible
below.
All exports are displayed on a single page, however the configuration files of the scheduled exports
are displayed on their own page.
1
Keep in mind when exporting data to a PDF file that the number of columns selected will affect the final display and might generate
a very hard to read file.
193
Exporting Data
Within SOLIDserver, the export of data is available on almost every page. In the GUI, the Report
menu indicates which pages are concerned. The table below lists all these pages.
194
Exporting Data
1 Template is a drop-down list that allows you to save all your configuration as a template for
later exports of the list.
2 When exporting CSV files, you will find two extra fields. First, the Delimiter drop-down list
allows you to select which delimiter you want to use during the data export. Second, the
2
The export might be reimported checkbox can be ticked if you want to reimport the data
in a SOLIDserver appliance: this will basically export the list as raw data that will be easier
(and therefore faster) to reimport.
3 Action is a drop-down list that allows you to export right away your list or schedule the export
it at the frequency of your choice.
4 Columns is a list that allows you to select the listing page columns, i.e. parameters, of your
choice. This list contains all the columns that you can display on the page as well as the
class parameters related to the objects of the list.
5 Selected is a list that sums up all the columns that you selected and which data you are
about to export. It also allows you to order the data according to your needs.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local files listing page opens.
By default it displays the Local list where you will find all your exports.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
Configuring Exports
The export can be of numerous forms as you can choose an export format, to schedule it or not
and finally save your columns configuration in a template and later on use the template as is or
use it as a basis during another export.
2
Exporting data without ticking this box might trigger some errors. Some columns will not be imported at all, for instance the Subnet is
terminal column value cannot be imported if the box remains unticked.
195
Exporting Data
b. Choose to create a template by selecting New template. The Template name field ap-
pears, name your template. The template will save the columns you select as well as
the delimiter if you export the list in a .csv file.
Once the export is generated, you can rename or delete the templates if need be. For more
details refer to the section Managing Export Templates below.
5. If you chose to export a CSV file:
From the Report > Export menu you can also schedule exports. Keep in mind that these exports
are managed differently. Like any export generated at a given time, the generated file is available
in the Local files Listing but scheduling an export creates a configuration that you can manage
on the Scheduled exports page. For more details, refer to the Managing Scheduled Exports
Configuration Files section below.
To schedule an export
a. Choose not to create a template by selecting None and export your data.
b. Choose to create a template by selecting New template. The Template name field ap-
pears, name your template. The template will save the columns you select as well as
the delimiter if you export the list in a .csv file.
3
This option must be ticked if you plan on reimporting some data, for instance the value of the Terminal column.
196
Exporting Data
b. In the The export might be reimported section, check the box to export the list or selected
objects as raw data.
6. In the Action drop-down list, select Schedule the report. The page refreshes.
7. In the Columns list, select one by one the columns that you want to export and click on .
They are moved to the Selected list.
8. In the Selected list, you can order the columns according to your needs using and . To
remove a column from the export, select it and click on . It is moved back to the Columns
list.
9. Click on NEXT . The last page of the wizard opens.
10. Configure the export frequency or date and time (UTC) of the export using the table below.
11. Click on OK to commit the export. The report works and displays the export report. The export
configuration is available on the Scheduled exports page, for more details refer to the pro-
cedure To list the scheduled exports within SOLIDserver GUI. Once generated, the export
is available on the Local files listing page. For more details refer to the procedure To list
the exports within SOLIDserver GUI above.
12. Click on CLOSE to display the objects list again.
197
Exporting Data
Note
We strongly recommend that during the export you tick the The export might be re-
imported box, to make it faster to process.
Keep in mind that in each module and page, you will be able to reimport all the parameters of
your choice but some columns are required, and without them, you cannot go through with the
import. So when exporting, you must select these columns. In the sections below, we will only
detail the pages where you can actually import data.
198
Exporting Data
IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
Name Pool name Name
Space Space name Space name
All addresses (v6) Address IP address IP address
Name IP name Name
Space Space name Space name
All VRFs Name VRF name VRF name
RD ID VRF RD ID VRF RD ID
All VRF Route Targets Source RD ID Source RD ID Source RD ID of the
VRF Route Targets
Target RD ID Target RD ID Target RD ID of the
VRF Route Targets
a
This field can be used to export and reimport the subnet start address and size.
Note
Keep in mind that the Space name field of the import wizard allows you to select the
corresponding column of your CSV file or select one space among the ones in your
database or the option Use best space, with IPv4, that will use the IP address and
size to place the object in the best space, block and/or subnet possible.
Note
It is impossible to import a list on the All servers, All leases and All leases (v6) pages.
199
Exporting Data
DHCP page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All statics (v6) Name DHCP static name DHCP static name
Server Server DHCP6 server
Note
Keep in mind that the DHCP server and DHCP6 server fields of the import wizard
allow you to select the corresponding column of your CSV file or select one server
among the ones in your database.
Table 13.7. Required Columns To Reimport Data on the Device Manager Pages
IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All devices Name Device name Name
All ports & interfaces Name Interface name Name
Type Type Type
200
Exporting Data
IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
Space Device name Device
All the exports are listed under the Local page filter. Each column corresponds to the parameters
configured during the export configuration. You can sort the list through each column, you can
filter it through the columns Name, Type and Owner. You cannot modify the listing layout of this
page or access the exports properties page as all the information is displayed.
201
Exporting Data
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local Files listing page opens.
By default it displays the Local list where you will find all your exports.
3. Click on the name of the export of your choice to download it.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local Files listing page opens.
By default it displays the Local list where you will find all your exports.
3. Tick the export(s) you want to delete.
4. In the menu, select Edit > Delete file(s). The Delete file wizard opens.
5. Click on OK to commit the export file deletion. The report opens and closes. The page re-
freshes, the selected export is no longer listed.
All the configuration files are listed and each column corresponds to the parameters configured
during the scheduled export creation.You can sort and filter the list through each column but you
cannot modify the listing layout of this page or access the scheduled exports configuration
properties page as all the information is displayed.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the file deletion. The report opens and closes. The page refreshes,
the file is no longer listed.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to disable.
4. In the menu, select Edit > Delete. The Delete wizard opens.
202
Exporting Data
5. Click on OK to commit your modification. The report opens and closes. The file is marked
Disabled.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to disable.
4. In the menu, select Edit > Enable. The Activate wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The page refreshes,
the file is marked OK.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Export: <template_name> you want to rename.
4. Click on RENAME . The Rename template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The name changes in
the list.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Export: <template_name> you want to delete.
4. Click on DELETE . The Delete template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The template is no longer
listed.
203
Chapter 14. Managing Reports
Introduction
In addition to the traditional multi-format exports, detailed in the Exporting Data chapter of this
guide, SOLIDserver allows the generation of advanced reports for a specific set of resources of
the IPAM, DHCP, DNS, NetChange and Administration modules.
Reports can be generated to obtain data comparison, summaries and graphs from the Report
menu or the relevant objects properties page. Two formats are available: HTML or PDF.
Like traditional exports, you can generate them immediately or schedule them in advance. The
scheduled report details are available on the Scheduled report page. Once generated, any report
is listed on the Reports page.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
204
Managing Reports
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
Generating a Report
Reports can be generated and downloaded in PDF or HTML format.
To generate a report
1. Go to the page of your choice. To know which page provides the report option, refer to the
table above.
2. If necessary, tick the object(s) you want to generate the report for.
3. In the menu, select Report > <report-of-your-choice>. The corresponding wizard opens.
4. In the Report format list, select an export format, either HTML or PDF. By default, HTML is
selected.
5. Click on NEXT . The next page of the wizard opens.
6. In the Action drop-down list, select Generate new data. If you already have generated a
report for the same object, the drop-down list allows to select and generate it again.
7. Click on OK to generate the report. The report works and displays the final page of the wizard.
8. You can either click on DOWNLOAD to save the report in your browser Downloads folder, this
will automatically close the wizard and display the object page again. Or, you can click on
CANCEL to close the wizard.
Once generated, the report is available on the Administration module Reports page. For more
details, refer to the Browsing the Reports Database section of this guide.
Scheduling a Report
The generation of reports can easily be scheduled for all types of reports through the same wizard
as for immediate generation.
1. Go to the page of your choice. To know which page provides the report option, refer to the
table above.
2. If necessary, tick the object(s) you want to generate the report for.
3. In the menu, select Report > <report-of-your-choice>. The corresponding wizard opens.
4. In the Report format list, select an export format, either HTML or PDF. By default, HTML is
selected.
5. In the Action drop-down list, select Schedule the report. The page refreshes and displays
the scheduling fields..
6. Configure the export frequency or date and time of export using the table below.
205
Managing Reports
7. Click on OK to commit the scheduling. The report opens and closes. The report scheduling
configuration is available on the Scheduled reports listing page. For more details, refer to
the section Managing Scheduled Report Configurations.
Once generated, the report is available on the Administration module Reports page. For more
details, refer to the Browsing the Reports Database section of this guide.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the Format column, filter the list through to display only PDF reports.
4. In the Name column, click on the report of your choice to download it to your computer.
206
Managing Reports
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the Format column, filter the list through to display only PDF reports.
4. In the Name column, click on the report of your choice to download it to your computer.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.
5. Tick the scheduled report you want to disable.
6. In the menu, select Edit > Disable. The Disable wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The scheduled report
configuration is now Disabled.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.
5. Tick the scheduled report you want to enable.
6. In the menu, select Edit > Enable. The Enable wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The scheduled report
configuration is now OK.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.
207
Managing Reports
208
Chapter 15. Managing Smart Folders
Introduction
Smart folders is one the many customization opportunities provided by SOLIDserver. They allow
to organize your items differently than on the listing pages. Smart Folders can be created, deleted,
edited or shared with other users.
Like the gadgets, smart folders can either be personal or shared with other users. See sections
below to learn more about the Smart Folder-related options.
Tree View
The Tree View is the only place within SOLIDserver where you can display the Smart Folders.
A whole section is dedicated to Smart Folders.
The smart folders are listed in the ASCII alphabetic order, so first come the digits, then the upper-
case letters, and finally the lowercase letters. By clicking on the smart folder or level name (that
is to say the columns or class parameters you chose), you display the sub-hierarchy of each
level. Each line is preceded by a folder icon if it contains information, the lowest level of the
hierarchy contains the item you chose to reorganize through the smart folder and is preceded by
the symbol associated with the it. For instance, an orange dot for the IP addresses, an underlined
blue dot for a DHCP static, etc.
Thanks to the indentation, you will visualize at any time where you are in the hierarchy. Plus, the
folder icons will change color to ease the reading and understanding of said hierarchy. Each
containing level displays at the end a number between brackets, this number indicates the
number of items it contains at the lowest level. Note that some level will not appear in the hierarchy
if there is no data. The same way, if you choose parameters as levels in the hierarchy but did
not name them properly, the folder will be named Empty by default.
My Smart Folders
My smart folders is a page listing all the created smart folders located in the administration tab.
You can access this page from anywhere within SOLIDserver through the preferences menu.
From this page you can manage edit, delete or share your smart folders.You cannot create them
from this page considering that for one, they are created directly from a list and depending on
the module, and that the available parameters will depend on the module you are creating them
from.
On my smart folders page, it is impossible to create a listing template as all the columns are
displayed by default. There are five columns in total:
209
Managing Smart Folders
• All users: displays Yes or No depending on whether you shared the smart folder with the other
users or not.
• User: lists the name of the creating user.
• Type: displays the module and lists where the Smart Folder was created as follow: "module:
list".
• Group By: displays the smart folder hierarchy.
Note that smart folders do not have a properties page as all the information is displayed on my
smart folders page.
Once created, the smart folder is listed in the Tree View. If you do not see it use the button.
1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.
210
Managing Smart Folders
2. In the list, put your mouse over the name of the Smart Folder you want to edit. The Info Bar
appears.
3. Click on . The Edit a Smart Folder wizard opens.
4. In the Smart Folder Name field, change the name if need be.
5. In the Group By drop-down lit, add more groups if needed click on . The selected group
is listed in the Select Group By list.
6. In the Select Group By list, modify the groups hierarchy if needed with the buttons and
. The group order will change according to your modifications.
7. In the Select Group By list, remove a group from the hierarchy if needed by selecting it and
clicking on , the groups will be put back in the Group By list.
8. In the Visible to the other users section, tick the box if you want to share your Smart Folder
with the other users or untick it do not.
9. Click on OK to commit your edition. The report opens and closes. The list from where you
created your Smart Folder opens again. Your modifications are visible is the Smart Folder's
details.
Once edited, the smart folder new configuration is visible in the Tree View. Click on to refresh
the display.
To share a smart folder with other user from the smart folder list
1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.
2. In the list, tick the Smart folder you want to share. Filter the Smart Folders if need be.
3. In the menu, select Edit > Global > Set. The Set as global wizard opens.
4. Click on OK to commit your choice. The report opens and closes. My Smart Folders page
is visible again. In the All Users column, the Smart Folder is marked Yes.
The same procedure allows you to make a Smart Folder visible only to you.
To make a smart folders visible only to you from the smart folder list
1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
The Smart Folder page opens.
2. In the list, tick the Smart folder you want to make visible only to you. Filter the Smart Folders
if need be.
3. In the menu, select Edit > Global > Unset. The Unset as global wizard opens.
4. Click on OK to commit your choice. The report opens and closes. My Smart Folders page
is visible again. In the All Users column, the Smart Folder is marked No.
211
Managing Smart Folders
1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.
2. In the list, select the Smart Folder you want to delete. Filter the Smart Folders if need be.
3. In the menu, select Edit > Delete. The Delete wizard opens.
4. Click on OK to commit the deletion. The report opens and closes. My Smart Folders page
is visible again. The selected Smart Folder(s) is no longer listed.
212
Part V. IPAM Management
Table of Contents
16. Introduction ............................................................................................................. 216
17. Managing Networks ................................................................................................. 218
Managing IP Spaces ............................................................................................. 218
Browsing Spaces .......................................................................................... 218
Adding a Space ............................................................................................. 219
Editing a Space ............................................................................................. 220
Deleting a Space ........................................................................................... 221
Defining a Space as a Group Resource .......................................................... 221
Managing IP Blocks ............................................................................................... 222
Browsing Blocks ............................................................................................ 222
Adding a Block .............................................................................................. 223
Editing a Block .............................................................................................. 225
Splitting an IPv4 Block ................................................................................... 225
Moving a Block .............................................................................................. 226
Deleting a Block ............................................................................................ 226
Defining a Block as a Group Resource ........................................................... 227
Managing IP Subnets ............................................................................................ 227
Browsing Subnets ......................................................................................... 227
Adding Subnets ............................................................................................. 229
Editing Subnets ............................................................................................. 236
Managing the IPv4 Block Map Page ............................................................... 238
Moving IPv4 Subnets across Spaces .............................................................. 239
Managing or Unmanaging Subnets ................................................................. 239
Associating Subnets to a VLAN ...................................................................... 240
Deleting a Subnet .......................................................................................... 240
Defining a Subnet as a Group Resource ......................................................... 241
18. Managing Addresses ............................................................................................... 242
Managing IP Pools ................................................................................................ 242
Browsing Pools ............................................................................................. 242
Adding a Pool ................................................................................................ 244
Reserving a Pool ........................................................................................... 247
Resizing a Pool ............................................................................................. 247
Deleting a Pool .............................................................................................. 248
Defining a Pool as a Group Resource ............................................................. 248
Managing IP Addresses ......................................................................................... 249
Browsing IP Addresses .................................................................................. 249
Adding an IP Address .................................................................................... 252
Restoring an IP Address ................................................................................ 257
Editing an IP Address .................................................................................... 258
Configuring IP Address Aliases ...................................................................... 261
Configuring Multiple A Records for an IP Address ............................................ 264
Pinging an IP Address ................................................................................... 266
Deleting an IP Address .................................................................................. 267
Updating Device Manager with IP Addresses .................................................. 267
19. Setting Up a Transition From IPv4 to IPv6 .................................................................. 269
Transition Specificities ........................................................................................... 269
Limitations ............................................................................................................ 269
Configuring the IPv4 to IPv6 Transition .................................................................... 270
Configuring the Transition at Space, Block or Subnet Level .............................. 270
Configuring the Transition at IP Address Level ................................................. 270
Activating the IPv4 to IPv6 Transition ...................................................................... 271
214
IPAM Management
215
Chapter 16. Introduction
The Internet Protocol Address Management (IPAM) is a powerful tool that allows to plan, track,
organize and manage IP addresses into networks. Most of the time, by network users mean
subnets, within SOLIDserver the network is a larger concept that includes subnets of IP addresses.
The IPAM is one of the most important modules as it allows setting the IP addresses management
strategies and creates a link between the DNS and DHCP modules.
This module also allows you to manage your RIPE databases. Thanks to a dedicated licence,
you can configure the connection to the RIPE and manage your blocks content (inetnums,
net6nums, persons and aut-num) from the GUI. For more details, refer to the appendix SPX at
the end of this guide.
The IPAM tab is accessible from anywhere in the interface. From its Homepage you can access
all the main pages of the module, they correspond to the hierarchy we decided to set up to organize
the addressing.
EfficientIP introduced two root concepts to organize subnetting: the IP space and the IP block.
• IP address space: is the essential entry point of the IP address management. It defines the
addressing space in which all the addresses will be unique. If you use several plans(shots) of
addressing you can define several IP spaces.
• IP block: is a container including all subnets. The blocks cannot be overlapped in the same
IP space.
When creating an IP address space, you typically begin by defining IP blocks. After the IP blocks
are defined, you create subnets within the blocks. You can then manage the addresses within
the subnets.
• Space: the space is the highest level of the IPam hierarchy and can contain blocks, subnets,
pools and/or IP addresses. They can contain IPv4 and IPv6 addresses.
• Block: the block is the second level of the IPAM hierarchy and can contain subnets, pools
and/or IP addresses. They can be created to manage IPv4 or IPv6 addresses.
• Subnet: the subnet is the third level of the IPAM hierarchy and can contain pools and/or IP
addresses. They can be created to manage IPv4 or IPv6 addresses.
• Pool: the pool is optional and constitutes the fourth level of the IPAM hierarchy: it can contain
IP addresses. They can be created to manage IPv4 or IPv6 addresses.
• IP addresses: the IP address the lowest level of the IPAM hierarchy, the end goal of the
module is to manage them. They can be created respecting the IPv4 or the IPv6 protocol and
be organized through pools, subnets, blocks and spaces.
216
Introduction
As you can see the subnets are located at the center of the hierarchy, this allows to easily organize
them and their content. Keep in mind that at any time you have the possibility to visualize the
addressing organization through the Tree View:
As networking can be done in version 4 or version 6 of the Internet Protocol, SOLIDserver provides
similar management tools for both versions. Some options are only available in one version or
the other but the overall management of both types of addresses is essentially the same. Among
the differences between IPv4 and IPv6 we can emphasize the creation of templates in IPv4 that
simplifies provisioning and the labeling of IPv6 addresses in the IPAM and DHCP modules. All
the similarities and differences are detailed all through this part of the guide.
The chapters Managing IP Networks and Managing IP Addresses describe everything you can
do on each level of the IPAM hierarchy in IPv4 and IPv6 to the exception of the data import, which
is detailed in the chapter Importing IP Address Data.
SOLIDserver also provides Variable Length Subnet Mask (VLSM) options that will allow you to
delegate and organize on different levels your network whether in IPv4 or IPv6. For more details,
see chapter Using VLSM to Manage Your Network.
Keep in mind that to ease the management of the IPAM, DNS and DHCP there are a number of
behaviors that you can trigger upon creation of IP addresses containers.
• two new pages of management: the All VRFs and All VRF Links page. For more details, refer
to the Managing VRFschapter of this guide.
• a way to link your IPAM subnets to the module VLAN Manager. For more details, refer to the
section Managing IP Subnets of this part.
217
Chapter 17. Managing Networks
The subnet management is a major part of the IP address management. As a network adminis-
trator, you decide how to distribute IP addresses across an organization of subnets. When
managing a network, one of the first things you need to decide is the subnetting organization you
will use.
Subnetting is the process of dividing your network address space into smaller areas called blocks
and subnets, simplifying network administration. These subnets may correspond to different
areas of your organization: offices in other cities or other regions of the country or the world, a
different floor in your building, or a group of employees who share common tasks such as ac-
counting or sales. Following the five levels of the IPAM hierarchy logic, the Server creation comes
first and then the blocks creation within which you organize your subnets and pools.
Managing IP Spaces
The IPAM space is the highest level of organization in the IPAM module. It merely contains all
the IP addresses (in v4 and v6).
Browsing Spaces
The space has an organization related role in the addresses structure: it will contain blocks,
subnets, address pools and addresses.
space
block
subnet
pool
ipr-navspc
address
Spaces allow a hermetic bulk-heading of the resources.The consistency check of the IP resources
and their uniformity is carried out within a space; there cannot be two IP addresses, nor two ad-
dress pools, under identical networks and/or blocks. To manage identical N address plans, it is
sufficient to create N spaces in the IPAM module RFC 1918.
The space creation is unlimited, each space is able to contain an unlimited number of blocks.
The number of subnets, address pools and IP addresses is then determined by the size and the
number of the blocks created. However, you might need to create several spaces. Depending
on your strategy, spaces can differentiate amongst: Organizations, Geographic locations, Company
1
services, Address suppliers, Clients for whom the address structure is delegated , Multiple private
networks following RFC 1918.
By default, the Local space is present in SOLIDserver. This space will receive blocks, subnets,
IP addresses, DHCP servers, scopes, ranges, leases, DNS servers, zones, and RRs that are
not attached to a space.
1
Within VLSM architectures the spaces allow a definition of client and supplier entities.
218
Managing Networks
Spaces are all gathered in the All spaces list. Considering they do not require to be defined by
IP addresses, they allow to create IPv4 and IPv6 blocks.
Here below, you can see the breadcrumb link to browse the spaces database:
Spaces are identified by name. You can navigate through spaces, search for them or list them
by applying search criteria and filters.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. At the end of the line of the space of your choice, click on . The space properties page
opens.
Tip
To open a panel, click on in the right end corner. To close it, click on .
To search for a specific space, use the filtering fields located right under the columns name. You
can type in the name or part of the name of an object to find it. If you want to do a more thorough
search, double-click on in any filtering field to display the filter constructor and enter one by one
the parameters of your search.
SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.
Adding a Space
Space addition is the first step towards managing IP addresses, unless you want to use the
Local space. As spaces can contain IPv4 and IPv6 addresses but are not defined by the addresses
they contain, there is only one procedure to be followed.
219
Managing Networks
To add a space
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Space. The Add a space wizard opens.
4. If you or your administrator created classes at the space level, the Space class page opens.
In the Space class list select the class you want to apply to this block or select None.
Tip
You can also add a space by clicking on the in the upper-right corner of the All
spaces page. The Add a space wizard will open, follow the procedure above to create
it.
Note that you can also use templates if you plan on adding different spaces with similar properties.
See the Managing IPAM Templates chapter of this guide for more details.
Editing a Space
At any time you can edit an existing space. You can either edit it through the properties page,
see procedure below, or through the Info Bar: by putting your mouse over the name of the space
you want to edit, you can then click on the Edit button and open the Edit a space wizard.
220
Managing Networks
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. At the end of the line of the space of your choice, click on . The space properties pages
opens.
4. In the Main properties panel, click on EDIT .
Deleting a Space
The space deletion can be undergone at any time.
Warning
Deleting a space implies deleting all the addresses, pools, subnets and blocks it
contains as well.
Note that any replication made in the DHCP and DNS modules (automated creation of statics,
etc.) will not be deleted in these modules. This is a safety measure, considering that a space
could be deleted by mistake.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Tick the space(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. Selected spaces are no
longer listed.
Allowing access to a space as a resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
221
Managing Networks
Managing IP Blocks
Blocks allow organizing the IPv4 and IPv6 subnets. A block is a set of related IP addresses, and
each block belongs exclusively to one space. The aim of such blocks can be to: manage subnet
provisioning, delegate the management of subnets to administrators, organize the address
structure, structure the network routes, give management rights to a scope of subnets, reserve
large range of IP addresses for specific usage or allocated range of IP addresses to a sub-spaces.
If you want to manage RIPE blocks, refer to the appendix SPX at the end of this guide.
Browsing Blocks
Within the IPAM module, the blocks represent the second level of the hierarchy. They are com-
pulsory and can be created in IPv4 and IPv6 depending on the IP addresses you intend to manage
and organize.
space
block
subnet
pool
address ipr-navblck
Here below, you can see the link to browse the blocks database:
Blocks are identified by name, start IP address and end IP address. You can navigate through
blocks, search for them or list them by applying search criteria and filters whether they manage
IPv4 or IPv6 addresses.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP4 icon
is blue.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP6 icon
is blue.
222
Managing Networks
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space of your choice to list the blocks it contains. The All blocks
list of the space opens.
4. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks of that space.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on All blocks in the breadcrumb. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. At the end of the line of the block of your choice, click on . The block properties pages
opens.
To search for a specific block, use the filtering fields located right under the columns name. You
can type in a name or an IP address in full or partially to find it. If you want to do a more thorough
search, double-click on in any filtering field to display the filter constructor and enter one by one
the parameters of your search.
SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.
Adding a Block
The block addition, whether it manages IPv4 or IPv6, can be undergone from the all blocks list
or within a specific space all blocks list. If you choose to add a block within a space, the creation
process will be slightly shorter than the procedure below as you will not need to specify the space.
The procedure is exactly the same in IPv4 and IPv6 as long as you activate the same default
behavior parameters on the IPv6 All blocks page.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
223
Managing Networks
4. In the menu, select Settings > Modify the default behavior.The Default behavior modification
wizard opens.
5. Tick all the boxes.
6. Click on OK to commit your configuration. The report opens and closes. The All blocks list
is visible again.
From then on, the blocks addition in both versions of the Internet protocol will be created following
the procedure below.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. In the menu, select Add > Block. The Space selection wizard page appears.
5. In the Choose a space list, select the space in which you want to add the block. Click on
NEXT . The next page of the wizard appears.
6. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select None.
13. Click on OK to commit the addition. The report opens and closes. The block is listed.
Note that you can also use templates if you plan on adding different IPv4 blocks with similar
properties. See the Managing IPAM Templates chapter of this guide for more details.
224
Managing Networks
Editing a Block
At any time you can edit an existing block. The IPv4 blocks can be edited as long as their config-
uration is not defined through a template.
You can either edit it through the properties page, see procedure below, or through the Info Bar:
by putting your mouse over the name of the space you want to edit, you can then click on the
Edit button and open the Edit a block wizard.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. At the end of the line of the space of your choice, click on . The block properties pages
opens.
5. In the Main properties panel, click on EDIT . The Edit an IPv4 block or Edit an IPv6 block
wizard opens
6. If you or the administrator created classes, in the Block class list, you can select a different
class or None.
7. Click on NEXT . The next page of the wizard appears.
8. Modify the Block name, Description, DNS properties and DHCP properties fields according
to your needs.
9. Fill in the default behaviors parameters fields according to the table below.
10. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
Considering that handling blocks does not affect the elements they contain (subnets, pools, IP
addresses), if you want to merge or resize blocks the simplest solution would be to delete blocks,
all the data would be saved in an Orphan Subnet and then re-create a bigger block that can
contain the data. For more details regarding deletion, see the section Deleting a Block above.
225
Managing Networks
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 icon to display the IPv4 blocks.
4. Tick the block(s) you want to split.
5. In the menu, select, Tools > Migrate to another space. The Splitting blocks wizard opens.
6. In the drop-down list, select the number of blocks you want to create: 2, 4 or 8. By default,
2 is selected.
7. Click on OK to commit the split. The report opens and closes. The blocks are listed.
Moving a Block
You can move your blocks from one space to the other both in IPv4 and IPv6. Before migrating
blocks, make sure the addresses they manage are not already managed by another block in the
target space.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 depending on your needs.
4. Tick the block(s) you want to migrate.
5. In the menu, select, Edit > Split. The Migrate IPv4 blocks to another space or the Migrate
IPv6 blocks wizard opens.
6. In the Target space drop-down list, select the space where you want the block to be moved.
7. Click on OK to commit the split. The report opens and closes. The blocks are listed.
Deleting a Block
The block deletion can be undergone at any time. In reality, using the Delete option will not erase
the block from the database it if it contains objects (subnets, pools, used IP addresses). The
block(s) in question will be renamed Orphan Subnets and will be used in the next block that has
the same configuration than the one you deleted (i.e. IP addresses, size and DNS/DHCP config-
uration). This is a safety measure, considering that a block could be deleted by mistake, that way
the replication made in the DHCP and DNS modules (automated creation of statics, etc.) will be
saved.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. Tick the block(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. Selected blocks are no
longer listed, they might be replaced by Orphan subnets.
226
Managing Networks
If you really want to delete a block and everything it contains, you we have to start by deleting
all the addresses it contains, and then the pool(s), the subnet(s) and you will finally be able to
delete the block itself. For more details regarding the deletion of all these elements, see the
sections Managing IP Subnets, Managing IP Pools and Managing IP Addresses of this guide.
Allowing access to a block as a Resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
Managing IP Subnets
Subnets were introduced with the RFC 950 in order to provide a solution to the problems that
the Internet community was facing with dual hierarchical address levels.
If you want to manage RIPE inetnums and/or inet6nums, refer to the appendix SPX at the end
of this guide.
Browsing Subnets
Within SOLIDserver, the subnets represent the third level of the IPAM module hierarchy and will
contain pools of addresses and/or IP addresses. There are the core of the organization and can
be manage IPv4 and IPv6 addresses.
space
block
subnet
pool
ipr-navsubn
address
In the IPAM streamline, the IP address management at the subnet level follow three basic rules:
1. all subnets are contained within a block to which they are systematically attached,
2. two subnets cannot overlap each other in the same block,
3. a subnet is defined by a network IP address, a size and a name.
Here below, you can see the breadcrumb link to browse the subnets database:
227
Managing Networks
Subnets are identified by name, start/end IP address and size.You can navigate through subnets,
search for them or list them by applying search criteria and filters whether they manage IPv4 or
IPv6 addresses.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens, next to the Logout button, the IP4
icon is blue.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets (v6) icon. The All subnets list opens, next to the Logout button, the
IP6 icon is blue.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the block of your choice to list the subnets it contains.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Click on the name of the space of your choice. The All blocks list of that space opens.
4. In the breadcrumb, click on All subnets to display all the subnets of that space.
5. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
228
Managing Networks
Tip
If you or your administrator configured IPAM to DHCP default behaviors parameters,
some subnet properties page will contain a DHCP options panel that will allow to
configure DHCP options for the subnet and its corresponding scope. For more details
regarding default behaviors, refer to the Default Behaviors chapter of this guide. For
more details regarding DHCP options, refer to the Setting DHCP Options section of
this guide.
To search for a specific subnet, use the filtering fields located right under the columns name.
You can type in a name or an IP address in full or partially to find it. If you want to do a more
thorough search double-click on in any filtering field to display the filter constructor and enter one
by one the parameters of your search.
SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.
Tip
The Free IP column allows to see from the listing page the total number of free ad-
dresses in each IPv4 subnet.
SOLIDserver uses different statuses with associated icons to show the state and functionality of
the subnets. These status are:
Adding Subnets
The subnet addition can be manual or semi-automated. SOLIDserver provides options to find
subnets and make sure that you are using all the available subnets of a specific network.
229
Managing Networks
The GUI of the All subnets list helps you differentiate the subnets size: every subnet is preceded
by an orange icon once created, unless their prefix is very small: subnets managing 4, 2 or 1
address are preceded by a green icon like in the image below.
This display allows you to quickly spot the smallest subnets in the list. In IPv4, the /30, /31 and
/32 subnets will be preceded by a green icon and so will the IPv6 /126, /127 and /128 subnets.
By default, when creating a large enough subnet, he first and last address of a subnet are in most
cases reserved by the IPAM respectively for the network and broadcast addresses. In the All
addresses listing page, even though these addresses status is Free, they are not underlined and
cannot be edited or assigned. Still, essentially for import purposes, members of the Admin group
may be brought to make these addresses editable through the registry database. For more details,
refer to the first tip in the Adding an IP Address section of this guide. Subnets managing 2 or less
addresses do not use any address.
If you already know that a subnet is available, it is possible to create it directly in a subnets list
in IPv4 and IPv6. When its creation is validated, the IPAM module will check to see whether this
subnet overlaps with another that already exists in the same space.
In the following procedures, we will add a subnet in the All subnets list but you can of course do
it as well within a block or a non terminal subnet directly.
Note
The same name can be used several times for different subnets. The usage of the
same name for several subnets can be useful if you have to extend IP address ca-
pacity for an organization of a particular purpose.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, make sure that the IP4 icon is blue. If it is not, click on IP4 to
display the IPv4 subnets.
4. In the menu, select Add > Subnet > Manual.
5. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.
230
Managing Networks
6. On the Block/subnet list page, the spaces are listed in the Choose a block/subnet list. Click
on the + sign located left of the spaces to display the available blocks and subnets in IPv4.
2
Select one block or subnet and click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list, select the class you want to apply to this block or select None.
9. In the Terminal subnet section, untick the box if you intend to create another subnet within
that subnet.
10. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
11. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.
12. Click on OK to commit your creation. The report opens and closes. The subnet is listed.
Note that you can also use templates if you plan on adding different IPv4 subnets with similar
properties. See the Managing IPAM Templates chapter of this guide for more details.
2
If you used VLSM at the block or subnet level, you will have the possibility to choose among terminal or non terminal blocks and
subnets.
231
Managing Networks
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > Manual.
5. If you or your administrator created classes at the subnet level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.
6. On the Block/subnet list page, the spaces are listed in the Choose a block/subnet list. Click
on the + sign located left of the spaces to display the available blocks and subnets in IPv6.
3
Select one block or subnet and click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None.
8. Click on NEXT . The Add an IPv6 subnet page opens.
9. In the Subnet name field, name the subnet.
10. In the Address field, type in the subnet FQDN IPv6 address of your choice.
11. In the Prefix drop-down list, select a prefix. By default, a list of prefixes corresponding to the
address you chose is available.
12. In the Terminal subnet section, tick the box if you do intend to create another subnet within
that subnet.
13. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
14. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.
15. Click on OK to commit your creation. The report opens and closes. The subnet is listed.
3
If you used VLSM at the block or subnet level, you will have the possibility to choose among terminal or non terminal blocks and
subnets.
232
Managing Networks
Rather than defining yourself the start address of a subnet, you might want to add a subnet of
the size of your choice within a space and let SOLIDserver add it to the first block that can hold
a subnet that size. This is possible through the By search option both in IPv4 and IPv6.
Note that although the creation procedure is assisted, you might get a pop-up error if you want
to create a subnet too big to fit in the specified space. In this case, either change the subnet size
or go back to the space selection step and choose a different space.
Tip
Next to the Logout button, the + button is a shortcut towards the By search subnet
addition wizard.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Subnet > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT .
6. If you or your administrator created classes at the block level, the Block class page appears.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None. Click
on NEXT . The next page of the wizard appears.
8. In the Subnet Size page, select a value among one of the following fields to define the size
of the subnet:
Note
Each one of the value available automatically changes the other two, which is
why you simply need to specify one.
9. Click on NEXT . The Search result page opens. Select an address in the Subnet address list.
The subnet address list displays the available subnets matching your criteria. These results
are displayed in ascending order from the block with the most important fragmentation to
the block with the least fragmentation.The hierarchy is symbolized by stars (three stars denote
a block defragmentation).
10. Click on NEXT . The Add an IPv4 subnet page appears. In the bottom left part of the wizard
are summed up all the criteria you selected so far.
11. In the Subnet name, name the subnet.
233
Managing Networks
12. The Address, Prefix field are displayed in read-only as they correspond to the criteria previ-
ously set.
13. In the Terminal subnet section, you can untick the box if you plan on creating other subnet(s)
within the subnet you are creating.
14. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
15. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.
16. Click on OK to commit your creation. The report opens and closes. The subnet is listed.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The next page
of the wizard appears.
6. If you or your administrator created classes at the block level, the Block class page appears.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT. The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None. Click
on NEXT . The Subnet size page opens.
8. In the Subnet prefix drop-down list, select a size. The size is displayed in bits, the bigger
the value the less addresses the subnet contains.
9. Click on NEXT . The Search result page opens. Select an address in the Subnet address (v6)
list.
The subnet address list displays the available subnets matching the selected size. These
results are displayed in ascending order from the block with the most important fragmentation
to the block with the least fragmentation. The hierarchy is symbolized by stars (three stars
denote a block defragmentation).
10. Click on NEXT . The Add an IPv6 subnet page appears.
234
Managing Networks
16. Click on OK to commit your creation. The report opens and closes. The subnet is listed.
Besides the By search addition of subnets, the IPAM module allows you to discover the available
addresses of selected IPv4 subnets. This option will perform a scan of the subnets of your choice
and add the IP addresses that respond to the ping sent. Due to performances, the network dis-
covery can be set to fast, middle or slow. The slower the discovery, the more likely you are to
properly scan the network. The discovery mechanism sends 32 ICMP echoes at once on the
network.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) you want to discover.
5. In the menu, select Edit > Discover Subnets > Fast / Normal / Slow. The Discover subnets
wizard opens.
235
Managing Networks
6. Click on OK to perform the subnet discovery. The report opens during the discovery. Click
on CLOSE to go back to the list.
Note
The discovered subnets IP addresses will be set to Yes in the Used column, their
name will also be retrieved and displayed in the list if the appliance DNS resolver is
properly configured. For more details regarding the resolvers, refer to the Network
configuration chapter.
Editing Subnets
There are two ways of editing a subnet:
Editing a Subnet
At any point in time, you can modify the parameters of a subnet whether is regards its name,
size or location.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. If you or the administrator created classes, in the Subnet class list, select a different class
or None.
7. Click on NEXT . The Edit an IPv4 subnet or the Edit an IPv6 subnet page appears.
8. Modify the Subnet name field, if need be.
9. Fill in the default behaviors parameters fields according to the table below.
236
Managing Networks
Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
10. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
Terminal subnets in IPv4 can be split in 2, 4 or 8 subnets of equal size. These newly created
subnets reuse all the addresses contained in the original subnet and are named after it. They all
have contiguous addresses to match total number of IP addresses in the original subnet. Each
new subnet is assigned the first available IP address as gateway.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) you want to split.
5. In the menu, select Edit > Split. The Splitting subnets wizard opens.
6. In the Number of subnets to create drop-down list, select a value (2, 4 or 8).
7. Click on OK to commit the split of the subnet(s). The report opens and closes. The subnets
are now listed.
With SOLIDserver, you have the possibility to merge several IPv4 subnets together. Two or more
subnets can be merged respecting several rules:
When several subnets are merged in one subnet, all the existing addresses in the default subnet
will be automatically be integrated to the new one in order not to lose any address. The result
will be a unique subnet named after the very first subnet in the list.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnets you want to merge.
5. In the menu, select Edit > Merge. The Merging subnets wizard opens.
237
Managing Networks
6. Click on OK to commit the merge. The report opens and closes. The new subnet is listed
with the start address of the first subnet and the end address of the last subnet.
Note
If the merge you are trying to apply is impossible, an error message appears on the
report page and only a partial report of some subnets is executed.
Each block is divided into lines of /24 subnets that allow you to get a fast overview of the addresses
used and available in the block.
1 This line corresponds to the first 256 addresses of the block and represents the used and
available addresses divided into blue colored subnets. The sections of the line in dark and
light blue correspond to subnets created, the sections in gray are still available.
2 This blue section represents a /21 subnet. Its start address (1.0.8.0) is displayed at the start
of the first line on the left, and its end address (1.0.15.255) is displayed at the end of the
last line. All the lines are linked by a blue area that highlights that they belong to the same
subnet.
As this subnet is quite big, and in order to avoid representing a line for every chunk of 256
addresses (/24), you can see that two lines are separated by a zigzag line. That line indicates
as well that the range of addresses represented is large.
3 Put your mouse over any blue section to obtain details regarding the subnet represented:
its name, its start and end IP addresses and its size. You can also click on any blue section
to go to the properties page of the subnet in question.
238
Managing Networks
4 This gray section indicates that from the IP addresses 1.3.1.0 to the address 1.255.255.255,
not any address is part a subnet. Here again, the zig zag line indicates that the range of
addresses represented is very large.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP4 icon
is blue.
3. Click on the name of the block of your choice. The All subnets list of the block opens.
4. In the menu, select Display > Block map. The Block map page opens.
5. Click on any blue section to access the properties page of the subnet of your choice.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens, next to the Logout button, the IP4
icon is blue.
3. Tick the subnet(s) you want to migrate.
4. In the menu, select Tools > Expert > Migrate to another space. The Migrate a subnet wizard
opens.
5. In the Target space drop-down list, select one of the existing spaces listed. Make sure the
target space contains a block named after the block from which you are moving the selected
subnet(s).
6. In the Overwrite drop-down list, select Yes or No according to your needs.
7. Click on OK to commit the migration. The report opens and closes. The subnet is now part
of the specified space.
239
Managing Networks
Note that any action (split or merge) undergone on an unmanaged subnet puts it back to being
Managed if the addresses it contains are not already used. Besides, once set to unmanaged,
the assigned addresses, including the gateway, will be placed in an Orphan Addresses container.
By default, all IPv4 and IPv6 subnets are set as Managed through the OK status.
To unmanage a subnet
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display the
IPv6 subnets..
4. Tick the subnet(s) you want to unmanage.
5. In the menu, select Tools > Expert > Unmanage. The Unmanage wizard opens.
6. Click on OKto unmanage selected subnet(s). The report opens and closes. The subnet is
listed as Unmanaged.
To manage a subnet
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display the
IPv6 subnets..
4. Tick the subnet(s) you want to manage.
5. In the menu, select Tools > Expert > Manage. The Manage wizard opens.
6. Click on OK to manage selected subnet(s). The report opens and closes. The subnet is listed
as OK.
Once you VLANs are created, the configuration within the IPAM is enabled through the configur-
ation of default behaviors than you can later on apply when adding or editing your subnets. For
more details, refer to the VLAN Manager part of this guide.
Deleting a Subnet
The subnet is an IP address container. When you delete a subnet, the addresses that were
contained therein are not systematically deleted: if they were all free the subnet is deleted, if
some addresses were assigned, the subnet is replaced by an Orphan Subnets container and
listed in the All subnets list.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
240
Managing Networks
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The subnet is no longer
listed or is now listed as Orphan Addresses.
Allowing access to a subnet as a Resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
241
Chapter 18. Managing Addresses
Ultimately within the IPAM module, what you want to manage are the IP addresses. There is one
last level within the IPAM hierarchy that can help you organize all your addresses: the pools.
Managing IP Pools
The pools are the fourth level of the IPAM module hierarchy and the last addresses container
level. Creating pools is not compulsory. If some pools seem to be missing, it is probably because
you do not have enough rights to see them, in that case you have to ask your administrator to
extend your privileges on these objects.
Browsing Pools
SOLIDserver introduced the concept of pools because it allows reserving IP addresses for restric-
ted usage such as: address provisioning, planning or migrations. Pools can be also used to del-
egate one or several ranges of IP addresses to groups of administrators.
space
block
subnet
pool
ipr-navpool
address
Here below, you can see the breadcrumb link to browse the pools database:
Pools are identified by name and start/end IP address. You can navigate through pools, search
for them or list them by applying search criteria and filters whether they manage IPv4 or IPv6
addresses.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens, next to the Logout button, the IP4 icon is
blue.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
242
Managing Addresses
2. Click on the Pools icon. The All pools list opens, next to the Logout button, the IP6 icon is
blue.
Note
If some pools seems missing for you it is probably because you have not enough
rights to see them, in that case you have to ask your administrator to extend your
privilege on these objects.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice to list the pools it contains. If the subnet
contains other subnets, either click on the name of one of the subnets to see its pools or
click on All pools in the breadcrumb to see the pools of all these imbricated subnets.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. Click on the name of the block of your choice to list the subnets it contains.
5. In the breadcrumb, click on All pools to display the pools of the block.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. In the breadcrumb, click on All pools to display all the pools of that space.
4. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
243
Managing Addresses
3. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
4. Filter the list if need be through the Name column filtering field for instance.
5. At the end of the line of the pool of your choice, click on . The pool properties pages opens.
To search for a specific pool, use the filtering fields located right under the columns name. You
can type in a name or an IP address in full or partially to find a pool or all the pools sharing the
value you entered. If you want to do a more thorough search, double-click on in any filtering field
to display the filter constructor and enter one by one the parameters of your search.
SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.
Adding a Pool
Within any subnet, you can create pools to organize further your IP addresses and gather them
in a pool to define a common set of options for instance.
The addition of pools, unlike blocks and subnets, can only be done manual, mainly because this
level of organization is not mandatory.
You can create pools from the All subnets page, the All pools page, the All pools page of a spe-
cific subnet or even the properties page of a specific subnet.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice. The All addresses list of this subnet opens.
5. In the menu, select Add > Pool or Add > pool (v6).
6. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.
Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
7. Fill in the following fields to configure the pool:
244
Managing Addresses
Fields Description
End address In this field, type in the last address of the pool. This field is compuls-
ory.
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
8. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.
To create an IP address pool from the all pools page of a specific subnet
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice. The All addresses list of this subnet opens.
5. In the breadcrumb, click on All pools. The All pools page of the subnet opens.
6. In the menu, select Add > Pool or Add > pool (v6) depending on the subnet you chose.
7. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.
Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
8. Fill in the following fields to configure the pool:
245
Managing Addresses
Fields Description
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
9. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.
You can obviously also create a pool from the All pools page outside a subnet. In this case, you
need to specify the space, block and subnet in which you want to create it. You might also need
to select classes if you or your administrator created at some levels of the IPAM hierarchy.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Filter the list if need be.
5. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
6. In the IP address pool panel, click on ADD. The wizard opens.
7. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.
Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
8. Fill in the following fields to configure the pool:
246
Managing Addresses
Fields Description
End address In this field, type in the last address of the pool. This field is compuls-
ory.
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
9. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.
Reserving a Pool
You can choose to reserve a pool of addresses for DHCP use, to identify a bunch of printers,
etc. To go through with the reservation, you simply need to tick a box upon creation of the pool
or edit it through its properties page.
1. Go to the properties page of the pool of your choice. For more details, see the procedure
To display a pool properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes at the pool level, the IP pool class opens. In the
IP pool class list, select one of the classes or None. Click on NEXT . The Edit an IPv4 pool
or Edit an IPv6 pool page opens.
4. In the Pool read only, tick the box to reserve the pool.
5. Click on OK to commit your changes. The report opens and closes. The pool is now marked
Yes in the Read only part of the Main properties panel.
Resizing a Pool
IPv4 pools can be edited to manage more or less addresses than they did when you created
them: we call this operation resizing a pool. It will basically shift the start and end addresses of
the pool. Through the wizard you will be able to indicate the number or addresses to include to
or exclude from the selected pool. Resizing a pool will not be possible if if the addresses you in-
clude or exclude are already used or belong to another pool.
247
Managing Addresses
To resize a pool
1. Go to the IPAM tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Pools icon. The All pools page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. Filter the list if need be.
5. Tick the pool(s) you want to resize.
6. In the menu, select Edit > Resize Pools. The Resize IPAM pools wizard opens.
7. In the Start address shift field, type in the positive or negative shift for the pool start address
that suits your needs. If you type in 0 (zero), the address stays the same.
8. In the End address shift field, type in the positive or negative shift for the pool end address
that suits your needs. If you type in 0 (zero), the address stays the same.
9. Click on OK to commit the new size. The report opens and closes. The new pool(s) size is
visible.
Deleting a Pool
The pool deletion can be undergone at any time.
Note
Unlike the blocks and subnets, if you delete a pool you do not delete the addresses
it contains or create an orphan container. You only delete the pool itself and the
parameters that come with it.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools or on IP6 to display IPv6
pools.
4. Tick the pool(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The pool is no longer listed
nor are the addresses present in the All addresses list.
Allowing access to a pool as a Resource will also make every item it contains available. If a user
has limited rights to one pool of a specific subnet, he/she will only see and manage the IP ad-
dresses of this pool and not any other IP addresses of the subnet. For more details, refer to the
section Assigning Objects as Resource in the chapter Managing Groups of administrator of this
guide.
248
Managing Addresses
Managing IP Addresses
Like any page of the IPAM from the blocks down, there is one page dedicated to the IPv4 man-
agement and one for IPv6. From the All addresses pages, you can finalize the organization of
your network addresses. The entire IP addresses database can be displayed as a unique list
from the SOLIDserver user interface.
Browsing IP Addresses
Addresses represent the fifth and last level of the IPAM hierarchy.
space
block
subnet
pool
ipr-navaddr
address
Here below, you can see the breadcrumb link to browse the IP Addresses database:
SOLIDserver allows you to display the entire IP address database as one list. This feature allows
an administrator to seek IP addresses through all spaces, blocks, subnets and pools as well.
SOLIDserver automatically changes the columns' organization: for instance if you directly display
the list of all IP address without filtering by block or by subnet, then SOLIDserver will add the
block and subnet column to allow filtering this information.
It is also possible to list the IP addresses by diving into the database in depth. SOLIDserver allows
you to dive into the database identifying each level as you go down, each time you cross a level,
it will be automatically added as a new filter in the navigation bar.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses (v6) icon. The All addresses list opens, next to the Logout button,
the IP6 icon is blue.
249
Managing Addresses
Caution
The Address column filtering field has some limitations in IPv6. Considering how
long the addresses are in this version of the protocol, you can only type in an IP ad-
dress entirely to look for it.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
4. Click on the name of the pool of your choice to list the IP addresses it contains.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice to list the addresses it contains. If it contains
pools, click on the pool of your choice to display its addresses.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. Click on the name of the block of your choice to list the subnets it contains.
5. In the breadcrumb, click on All addresses to display the addresses of the block.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the breadcrumb, click on All addresses to display all the addresses of that space.
4. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
250
Managing Addresses
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list if need be through the columns filtering field.
5. At the end of the line of the address of your choice, click on . The address properties pages
opens.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Display > Uncompress IPv6 addresses. All the addresses are displayed
entirely.
SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.
Tip
The Aliases column provides a complete overview of your IPv4 addresses configured
aliases.
SOLIDserver uses different types to differentiate IP addresses. These types are listed in the Type
column and explained below:
251
Managing Addresses
Note
In IPv4, upon creation of a subnet, the penultimate address is set as the gateway
address. This address will simply be named Gateway in the Name column. It is not
notified in the Type column.
Each one of the addresses listed can be assigned if available, i.e. free. In the Status column, you
will find the statuses listed below:
Finally, through the Reserved column you will be able to know if an IP address is reserved or
not, that is to say part a of a pool of addresses in read-only:
Therefore, rather than having only one column and a long list of statuses that mix the type, status
and availability of an IP address. You will be able through these columns to know more rapidly
what options you have with the listed addresses. However, you can still display mixed statuses
through the Overall status column:
• The Reserved Free: if an IP address is available but reserved by a pool in order to prevent
a conflict between statically configured devices and dynamically configured devices, it will be
marked as Yes in the Reserved column, Regular in the Type column and Free in the Status
column. It basically means that this unassigned address could be a part of a DHCP range, but
have not yet been assigned to a host yet. In other words, it cannot be assigned by a user op-
eration.
• The Reserved Used: if an IP address is reserved by a pool and used, to prevent address
conflicts between statically configured devices and dynamically configured devices. It will be
marked as Yes in the Reserved column, Regular in the Type column and Used in the Status
column. It basically means that this address could be dynamically assigned through DHCP if
it belong to a DHCP range. Basically, this address cannot be released by a user operation.
To display this column, use the menu Settings > Listing templates. Either edit the default template
display or create a new one and in the Hidden columns select the Overall status and add it to
the Displayed columns. Then click on OK to commit your changes.
Adding an IP Address
At the All addresses level, adding an IP address is in fact assigning it. There are three ways of
assigning IP addresses:
252
Managing Addresses
• Manually: if you already know the IP address you want to assign and are sure that this IP ad-
dress is free.
• By search: you do not know is there is a free IP address that matches your need. You just
know the subnet where you want to assign a new IP address.
• Through selection: from the list of the IP address of a subnet, you can directly click on a free
IP address to assign it.
Once assigned, the IP address will be marked as Used in the Status column whether it is associ-
ated with a specific MAC address or not.
Tip
By default, the Broadcast and Network addresses of all subnets are reserved
and cannot be assigned. However, you can allow their assignation using a re-
gistry database key. This is all the more useful if you manage many small subnets
and need to use all the your addresses. To make both addresses editable in IPv4
and IPv6, go to the Administration tab homepage. In the menu, select System > Expert
> Registry database. Once the Registry database page is displayed, in the Name
column look for the www.display.lock_broadcast_network_addresses key. Click on
its value - by default it is set to 1 to prevent the assignation of both addresses - the
Registry database Edit a value wizard opens. Type in 0 in the Value field and click
on OK to commit your edition.Your changes are visible in the list. Now you can assign
the broadcast and network addresses of all subnets both in IPv4 and IPv6.
From the All addresses list, you can assign addresses manually or by search through the Add
menu. In other words, you can name it and link it to a specific MAC address.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Add > Address > Manual or Add > Address (v6) > Manual. The wizard
opens.
5. On the Space selection page, in the Space list select a space and click on NEXT . The next
page opens.
6. If you or your administrator created classes at block, subnet, pool or address level, the
<object> class page appears before the <object> list page. Select the class of your choice
or No class and click on NEXT to be able to specify a container and continue. If you cannot
select the option None or No class in the class list, it means that all the objects listed are
associated with a class.
7. In the Block name, select the block of your choice.
8. Click on NEXT . The Subnet list page opens.
9. In the Subnet name, select a subnet.
10. Click on NEXT . The Pool list page opens. The pool list page might not appear if you did not
create any.
253
Managing Addresses
Tip
The selected subnet is visible in the bottom-left corner of the wizard. If you
named the IP address but realize that you selected the wrong subnet, click on
PREVIOUS , modify the subnet or block and click on NEXT until you get back to that
step of the creation.
13. In the Add an alias field, name your alias(es). Click on to add it to the Aliases list. For
more details regarding aliases, see the section Configuring IP Address Aliases.
14. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.
The By search tool is a very powerful tool that can save you quite some time figuring out where
you might have some available IP addresses. Note that if selected blocks do not have subnets
created yet, you will not be able to go through with the addition process.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
254
Managing Addresses
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Add > Address > By search or Add > Address (v6) > By search. The
wizard opens.
5. On the Space selection page, in the Space list select a space and click on NEXT . The next
page opens.
6. If you or your administrator created classes at block, subnet, pool or address level, the
<object> class page appears before the <object> list page. Select the class of your choice
or No class and click on NEXT to be able to specify a container and continue. If you cannot
select the option None or No class in the class list, it means that all the objects listed are
associated with a class.
7. In the Block name, select the block of your choice.
8. Click on NEXT . The Subnet list page opens.
9. In the Subnet name, select a subnet.
10. Click on NEXT . The Pool list page opens. The pool list page might not appear if you did not
create any.
11. In the Pool name list, select a pool or No pool.
12. Click on NEXT . The Search result page opens.
13. In the IP address list, all the available addresses of the selected subnet are visible. Select
the IP address of your choice.
14. Click on NEXT . On the Add an IPv4 address or the Add an IPv6 address page, fill in the fol-
lowing fields:
255
Managing Addresses
Tip
The selected subnet is visible in the bottom-left corner of the wizard. If you
named the IP address but realize that you selected the wrong subnet, click on
PREVIOUS , modify the subnet or block and click on NEXT until you get back to that
step of the creation.
15. In the Add an alias field, name your alias(es). Click on to add it to the Aliases list. For
more details regarding aliases see the section Configuring IP Address Aliases.
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.
Once you displayed the addresses of the subnet of your choice, you can click on the IP address
to name it and link it to a specific MAC address if need be.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the subnet name of your choice to display its IP addresses. If need be, filter the list
through the Status column to display only the Free addresses.
5. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
6. Click on OK . The wizard opens.
7. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. Configure the address following the fields below.
256
Managing Addresses
Fields Description
Domain In this drop-down list, you can select one of your DNS zones or None.
The selected zone will be updated by and associated with the IP
address. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
Restoring an IP Address
SOLIDserver provides a powerful option that allows to restore any deleted IP address both in
IPv4 and IPv6. All deleted IP addresses will be listed in the All deleted IP addresses page (one
page is dedicated to IPv4 addresses and the other to IPv6 addresses) from where you will have
the possibility to restore the IP addresses deleted if need be. In other words, from these pages
you can undo the address deletion. Obviously, if no address has been deleted, the All deleted
IP address page, whether in IPv4 or IPv6, will be empty.
To make it easy to use, an icon was added in the user interface on the All addresses pages of
the IPAM.
1 This icon called Deleted IP addresses list in the GUI allows you to access the All Deleted
IP addresses and the All deleted IP addresses (v6) page depending on the version of the
addresses displayed on the page.
Through the Display menu, you can also access the All deleted IP addresses pages. Both pages
contain three columns: Date, Users and Description.
257
Managing Addresses
Column Description
Users In this column is displayed the name of the user who deleted the IP ad-
dress. This name is underlined, if you click on it you will access display
the user properties page in the Administration module.
Description In this field are displayed a number of details regarding the deleted IP
addresses: the IP address itself, its name, its MAC address (if relevant),
the subnet it belongs to and finally the space it belongs to.
Like on any other page, you will be able to export a report of all the IP addresses deleted. From
these pages you can create two gadgets: an alert and/or a chart.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon to display the IPv4 addresses or on the Addresses (v6) icon to
display the IPv6 addresses.
3. Click on the Undo icon. The All deleted IP addresses or the All deleted IP addresses (v6)
opens.
4. Tick the addresses you want to restore to the All addresses list.
5. In the menu, select Edit > Undo IP deletion or Undo IP deletion (v6). The Restoring IP ad-
dresses or Restoring IPv6 addresses wizard opens.
6. Click on OK to commit your modifications. The report opens and closes. The addresses are
no longer listed on the All deleted IP addresses page.
7. Next to the Logout button, click on IP4 or IP6 depending on the addresses you chose to re-
store. The corresponding All addresses list opens, your addresses are listed again.
Editing an IP Address
Editing an IP Address
You can edit any IP address to change its class, rename it, apply or remove a number of default
behaviors or a MAC address.
Note that you can only edit used IP addresses. The available ones can only be assigned.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Put your mouse over the name of the IP address you want to edit. The Info Bar appears,
click on edit button.
Note
You can also edit the IP address through its properties page. In the Main prop-
erties panel, click on EDIT to open the edition wizard and follow the steps below
to go through with the edition.
258
Managing Addresses
5. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
6. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens. Fill in the
following the following fields:
SOLIDserver provides a tool to rename IPv4 addresses massively through three options:
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses.
4. Tick the IP addresses you want to rename.
259
Managing Addresses
5. In the menu, select Edit > Replace > IP address name. The Replace name of IP addresses
wizard opens.
6. In the Exact search field, you can select one of the following options:
To manage the IP addresses as efficiently as possible, SOLIDserver includes tools to move IPv4
addresses through the IPAM database. You can migrate IP addresses to another subnet, move
IP addresses to another space or migrate IP addresses into the lowest VLSM subnet. Basically,
a number of tools allow you to move hosts from a subnet to the other whether they are part of
the same space or not.
SOLIDserver allows to massively move IP addresses from one subnet to the other. This operation
is helpful when you have to relocate hosts to another network. The following command allows to
move selected IP addresses to the first available IP addresses of the destination subnet.
1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another subnet.
3. In the menu, select Edit > Migrate to another subnet. The Addresses migration wizard
opens.
4. In the Target space drop-down list, select a space.
5. In the New subnet IP field, type in the start address of the subnet you want to move the ad-
dress(es) to.
6. Click on OK to commit the modifications. The report opens and closes. The list is visible
again, you can filter it to check the new address assigned to your hosts.
IP addresses can be massively moved from one space to the other and maintain their assignment
after being moved. Obviously, the target space must have a subnet that can receive all the new
260
Managing Addresses
IP addresses. It means that you will not be able to move addresses between spaces if the target
space does contain a subnet with a start address that can receive the selected addresses. In the
same way, if you move more addresses than the number of addresses that the target subnet can
hold, the migration will be impossible. Keep in mind that all the IP addresses that will be moved
must be free in the target subnet. If an IP being moved collides with an existing IP address in the
target space, an error message will alert you in the report and stop the procedure.
1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another space.
3. In the menu, select Edit > Migrate to another space. The Addresses migration wizard opens.
4. In the Target space drop-down list, select a space.
5. Click on OK to commit the modifications. The report opens and closes. The list is visible
again, display the addresses of the target space to see your addresses listed.
If you reorganize the hierarchy and plan on adding sub-spaces, you might need to move subnets
from a top level space to a lower level of the hierarchy. In that case, the IP addresses must be
relocated to said sub-space. This operation could be performed by moving IP addresses from
one space to the other one as it is explained in the Relocating IP Addresses within a Subnet
section. However, you might have a lot of subnets to spread on multiple sub-spaces, and it would
take a long time to repeat the operation for each sub-space. SOLIDserver allows to automate
the IP addresses migration to the lowest subnets across the space hierarchy. Then the IP ad-
dresses will be spread on all the available subnets that can contain these IP addresses. That is
to say, a subnet at the lowest level of the hierarchy which start address can receive selected
addresses.
1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another space.
3. Tick the boxes to the left of the IP addresses which you intend to move IP address.
4. In the menu, select Tools > Expert > Move addresses to VLSM subnet. The Move VLSM IP
addresses wizard opens.
5. Click on OK to commit the migration. The report opens and closes. The addresses are listed
in the list but the space, block and subnet they belong to have changed.
The alias creation can be done from a free IP address or from a used IP address. Your alias can
be named the way you want, its full name concatenates the name of one your existing domains
261
Managing Addresses
to associate it with one your zones. Technically, the IP address alias can create either an A or
AAAA record in the DNS or a CNAME record.
The aliases configuration can be used to point a record toward an IP address within one zone
or toward an IP address saved in a different zone. Within the same zone, the IP address alias is
a CNAME record that follows the DNS standard use and points to an A/AAAA record. Among
two different zones, the name is crucial: the IP address shortname.domain1 creates an A record
of the zone domain1 and a CNAME record in the zone domain2 with the value shortname.domain2.
That way, your alias name links two of your zones.
The most commonly used aliases create CNAME records in the DNS but depending on the DNS
configuration you want to set, you might need to create A records.
To let users follow the procedures below you need to configure the IPAM to DNS default behaviors
so that the alias creation from the IP addresses can actually create records in the DNS. At subnet
level, or higher, you need to choose a DNS server, set a Domains list and tick the Update DNS
checkbox. Obviously, you can also set a default domain. For more details, refer the Default Be-
haviors chapter of this guide. That way, the addresses you configure with aliases all inherit the
behaviors and the records are successfully created in the DNS. Administrators simply need to
display the All behaviors mode and set these options to successfully create records in the DNS.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
5. Click on OK . The wizard opens.
6. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
7. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. In the Shortname field, name the IP address.
9. In the Domain drop-down list, select one of the available zones (the list depends on the
zones selected during the subnet configuration).
10. In the Mode drop-down list, select All behaviors and make sure that the DNS server para-
meter selected is All.
11. Click on NEXT . The Aliases configuration page opens.
12. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
13. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
14. In the Type drop-down list, select CNAME, A or AAAA. By default, CNAME is selected.
15. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many aliases
as you need. In the list, each alias is listed as follows: <full-alias-name> (<record-type>).
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.
262
Managing Addresses
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list to display only the used addresses if need be. For instance, use the Info Bar
button over the Used status.
5. At the end of the line of the IP address of your choice, click on . The properties page opens.
6. Next to the Logout button, click on the expand all icon to open all the panels and have a look
at the Aliases panel.
7. In the Main properties panel, click on EDIT . The wizard opens.
8. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
9. Click on NEXT . The Aliases configuration page opens.
10. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
11. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
12. In the Type drop-down list, select CNAME, A or AAAA. By default, CNAME is selected.
13. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many aliases
as you need. In the list, each alias is listed as follows: <full-alias-name> (<record-type>).
14. Click on OK to commit your creation. The report opens and closes. The Aliases list you just
set is visible in the Aliases panel.
1. Go to the properties page of the IP address of your choice. For more details, see the proced-
ure To display an IP address properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
4. Click on NEXT . The Aliases configuration page opens.
5. In the Aliases list field, select the alias you want to edit. The alias details are displayed in
each of the relevant fields.
6. Make the changes you need.
7. Click on UPDATE . The alias is edited and listed in the Aliases list.
8. Click on OK to commit the alias edition. The report opens and closes. The properties page
is visible again, in the Aliases panel, the aliases list has been edited.
263
Managing Addresses
1. Go to the properties page of the IP address of your choice. For more details, see the proced-
ure To display an IP address properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
4. Click on NEXT . The Aliases configuration page opens.
5. In the Aliases list field, select the alias you want to remove and click on DELETE . The alias
is not longer listed.
6. Click on OK to commit the alias deletion. The report opens and closes. The properties page
is visible again, in the Aliases panel, the alias is no longer listed.
Keep in mind that editing an alias is not possible, you will need to delete the one you want to
modify and create a new one to replace it.
We strongly recommend against configuring your DNS with one IP address associated
with a set of A aliases. Indeed, a proper configuration of your DNS implies that one name zone
is configured with a reverse zone which allows DNS clients to query your domain through its
name on the one hand and its IP address on the other. In this configuration, DNS best practices
advise to create a PTR record in the reverse zone for each A record of the name zone to make
sure the domain or sub-domain is accessible through its name and IP address. If your name zone
contains several A records with the same value, your reverse zone should contain as many PTR
record. These records would all be named after the same IP address (the value of the A records).
In this case, the reverse zone would contain several PTR records with the same name pointing
to different domains. Therefore querying this IP address to get the corresponding domain or sub-
domain is impossible: the server cannot know which hostname to send when answering the DNS
clients query. To make sure that a domain can be accessed through its name and IP address,
there should be one PTR record in the reverse zone for each A record of the name zone. If you
need to provide an alias, you should add a CNAME record pointing to the A record in the master
zone. For more details, refer to the Adding an A record, Adding a AAAA Record, Adding a PTR
Record and the Adding a CNAME Record sections of this guide.
To let users follow the procedures below you need to configure the IPAM to DNS default behaviors
so that the alias creation from the IP addresses can actually create records in the DNS. At subnet
level, or higher, you need to choose a DNS server, set a Domains list and tick the Update DNS
checkbox. Obviously, you can also set a default domain. For more details, refer the Default Be-
haviors chapter of this guide. That way, the addresses you configure with aliases all inherit the
behaviors and the records are successfully created in the DNS. Administrators simply need to
display the All behaviors mode and set these options to successfully create records in the DNS.
Keep in mind that if you configuration is not properly set in the IPAM, the A/AAAA records are
not created in the DNS and no error message is displayed in the DNS.
264
Managing Addresses
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
5. Click on OK . The wizard opens.
6. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
7. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. In the Shortname field, name the IP address.
9. In the Domain drop-down list, select one of the available zones (the list depends on the
zones selected during the subnet configuration).
10. In the Mode drop-down list, select All behaviors and make sure that the DNS server para-
meter selected is All.
11. Click on NEXT . The Aliases configuration page opens.
12. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
13. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
14. In the Type drop-down list, select A or AAAA.
15. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many A record
aliases as you need. In the list, each alias is listed as follows: <full-alias-name> (A) or <full-
alias-name> (AAAA).
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list to display only the used addresses if need be. For instance, use the Info Bar
button over the Used status.
5. At the end of the line of the IP address of your choice, click on . The properties page opens.
6. Next to the Logout button, click on the expand all icon to open all the panels and have a look
at the Aliases panel.
7. In the Main properties panel, click on EDIT . The wizard opens.
8. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
265
Managing Addresses
To edit or remove your A and AAAA record aliases, refer to the procedures To edit an IP address
alias and To remove an alias from an IP address in the Configuring IP Address Aliases section
above.
Pinging an IP Address
From the IPAM module, you can ping IP addresses to check if the host they are associated with
is responding.
The corresponding host did not respond to the ping. It could mean a number of things, the host
is nor running, is an a different network, is configured not to respond to the ping utility...
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the IP Address(es) you want to ping.
5. In the menu, select Tools > Ping. The Pinging IP addresses wizard opens.
6. Click on OK to perform the ping. The report opens and displays the results.
7. In the Export format section, you can click on TEXT , HTML or EXCEL to export the result in the
corresponding format. Even if you do not download the report, it is available in the Reports
window next to the Global search field.
8. Click on CLOSE to close the wizard.
266
Managing Addresses
Deleting an IP Address
At the All addresses level, deleting an address will in fact frees it. Even though it is not listed
anymore, you can assign it again by search or manually. Note that as deleting an address releases
it, it is impossible to delete free addresses.
In the following procedure, the deletion is made from the All addresses list but you can of course
follow the steps in the IP addresses list of a specific pool, subnet, block or space.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the address(es) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. Selected addresses are
no longer listed.
From the All addresses list, you can select assigned addresses and populate Device Manager.
That is to say, create devices and interfaces using your IP addresses. Each device will be created
using the IP address name from anywhere in the IPAM network. These devices will contain a set
of interfaces using each IP address and MAC address.
So, for instance, if you select all the used IP addresses of the All addresses list both in IPv4 and
IPv6 and use the Populate Device Manager option, one device will gather all the gateway ad-
dresses of your network and be named Gateway if you kept the default gateway address name.
This device will contain as many interfaces as there are gateway addresses on your network,
each interface will have an IP address (IPv4 or IPv6) and a MAC address.
For more details, refer to the Automatically Add Devices from the IPAM Module section of the
Managing devices of this guide.
Since version 5.0.2, when adding an IP address you can use the default behaviors to allow users
to:
• create devices,
• associate an IP address with an existing device,
• modify the topology links between devices.
267
Managing Addresses
For more details, refer to the Adding Devices from the IPAM Module section of the Managing
devices of this guide.
268
Chapter 19. Setting Up a Transition From
IPv4 to IPv6
With version 5.0.3 SOLIDserver introduces a semi-automated way to transition from IPv4 to IPv6
when creating IPv4 objects. You can now link the IPv4 blocks, subnets or addresses you create
with existing IPv6 blocks, subnets or addresses as long as they belong to the same space. That
way, the day you stop using IPv4 addressing, your network is already configured with IPv6.
The transition options are managed like the default behaviors: you need to configure and then
activate them.
Transition Specificities
1. The options set and activated at space, block or subnet level are inherited by all the objects
you create within said objects after the configuration is applied.
2. At block level, if the transition options are configured and activated:
- The transition to IPv6 can be set when adding or editing IPv4 blocks.
- The transition can only be set with existing IPv6 blocks: the transition options do not create
blocks in IPv6.
3. At subnet level, if the transition options are configured and activated:
- You must specify an existing block address to set up the transition. Unless your subnet belongs
to a block already configured with the transition, in which case the field displays the IPv6 block
address.
- Adding or editing an IPv4 subnet automatically creates the appropriate IPv6 subnet within
the specified block.
- You can create IPv6 addresses from the IP4 All addresses page only if the transition options
have been configured and applied at subnet level.
- Adding or editing an IPv4 address creates the corresponding IPv6. The IPv6 address is
named after the IPv4 address, has the same MAC address, device and class parameters.
5. If you edit an IPv4 subnet already configured with a VLAN to set the transition to IPv6, the
IPv6 corresponding subnet inherits the IPAM/VLAN interaction settings: both subnets then
belong to the VLAN.
Limitations
• The transition can only be set within one space: you cannot create IPv4 subnets in one space
and expect to link them with IPv6 subnets that belong to another space.
269
Setting Up a Transition From IPv4
to IPv6
• If you set the transition parameters on an existing organization, they are not inherited and have
to be set applied one object at a time.
• The transition options are not default behaviors and therefore cannot be propagated.
• At block level, the transition can only be configured and activated with existing IPv6 blocks.
The transition options do not create blocks in IPv6 but simply link IPv4 blocks with the existing
IPv6 blocks.
• The default behaviors set in IPv4 are not inherited by the corresponding IPv6 objects.
• At pool level, the transition options are not available.
• If your create an object in IPv4 and its corresponding in IPv6 overlaps existing objects, only
the IPv4 object is created.
• Deleting an IPv4 object linked to an IPv6 object does not delete the corresponding IPv6 object.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces, Blocks or Subnets icon. The corresponding list opens.
3. On the All blocks and All subnets page, next to the Logout button, make sure the IP4 button
is blue.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the Display the IPv4 to IPv6 transition fields.
6. Click on OK to commit the configuration. The report opens and closes. The list is visible
again. Your configuration is now available in the addition and edition wizards.
Once the default behavior is configured, you can apply it when adding or editing your spaces,
IPv4 blocks and IPv4 subnets.
1. Offset allows to convert in hexadecimal the last byte of the IPv4 address and use it at the end
of an IPv6 address it corresponds to in the selected IPv6 subnet.
270
Setting Up a Transition From IPv4
to IPv6
2. Injection allows to convert in hexadecimal the whole IPv4 address and use it at the end of an
IPv6 address it corresponds to in the selected IPv6 subnet.
3. First IP address available allows to assign the first available IPv6 address in the selected
subnet.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPv4 addresses transition to IPv6 policy drop-down list, select Offset, Injection or First
IP address available.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the Add/Edit an IPv4 address
wizards.
In the procedures below, the procedures use the inheritance from space to block, block to subnet
and subnet to address. And create them one after the other. But each procedure can be used
when editing the objects as long as you configured the option through the Setting menu.
The configuration details are displayed on the IPv4 and IPv6 objects properties page.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Space. The Add a space wizard opens
4. If you or your administrator created classes at the space level, the Space class page opens.
In the Space class list select the class you want to apply to this block or select None.
271
Setting Up a Transition From IPv4
to IPv6
8. In the IPv6 block field, type in the beginning of the IPv6 block address where the subnets
and addresses of your space are created. The value set in this field must not exceed the 2
first bytes of the existing IPv6 block. You cannot use the semi-colon (:) twice.
9. Click on NEXT . The last page of the wizard appears.
10. Click on OK to commit the configuration. The report opens and closes. The All spaces list
appears. Your configuration is now available in the Add/Edit a Space wizards along with the
Configurable behaviors value in the Mode field.
Once the option is configured, the IPv4 blocks, subnets and addresses you create within your
block inherit this option.You can untick the Activate the IPv4 to IPv6 transition if you do not want
to set a transition for some of your objects.
The space properties page indicates that if the transition is activated or not in the Default beha-
vior properties panel.
To set the transition for existing IPv4 blocks, you need to tick the Activate the IPv4 to IPv6
transition checkbox when you edit them.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space you applied the transition options to. The All blocks list of
the space opens.
4. Next to the Logout button, make sure the IP4 button is blue.
5. In the menu, select Add > Block. The Space selection wizard page appears.
6. In the Choose a space list, select the space in which you want to add the block. Click on
NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select None.
272
Setting Up a Transition From IPv4
to IPv6
13. Click on OK to commit the addition. The report opens and closes. The block is listed. In IPv6,
the block is created as well and shares the same name.
On both blocks properties page you can display the details of the configuration in the Default
behavior properties panel.
When creating a subnet, whether terminal and non-terminal, the settings are displayed and taken
into account automatically. You can untick the Activate the IPv4 to IPv6 transition checkbox if
you do not want to set the transition for a particular subnet.
To set the transition for existing IPv4 subnets, you need to tick the Activate the IPv4 to IPv6
transition checkbox when you edit them.
The procedure below applies the transition options when manually adding a subnet. You can
obviously apply them when using the By search creation option.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The IP4 All blocks list opens.
3. Filter the list if need be.
4. Click on the name of the block you applied the transition options to. The All subnets list of
the block opens.
5. In the menu, select Add > Subnet > Manual.
6. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select No class.
Click on NEXT . The Add an IPv4 subnet page opens.
7. Fill in the subnet settings.
273
Setting Up a Transition From IPv4
to IPv6
8. The Activate the IPv4 to IPv6 transition checkbox is ticked. Untick the checkbox if you do
not want to set the transition.
9. The IPv6 block field displays the block set at space or block level. You can edit it if need be
as long as the bytes entered in the field correspond to an existing IPv6 block.
10. The IPv6 subnet field displays in gray the IPv6 subnet and prefix that is created along with
the IPv4 subnet.
11. For more details regarding an IPv4 subnet configuration, refer to the Adding Subnets section
of this guide.
12. Click on OK to commit your creation. The report opens and closes. The subnet is listed. In
IPv6, the subnet is created as well and shares the same name.
On both subnets properties page you can display the details of the configuration in the Default
behavior properties panel.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The IP4 All subnets list opens.
3. Filter the list if need be.
4. Click on the subnet name you applied the transition options to. The All addresses page of
the subnet appears.
5. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
6. Click on OK . The wizard opens.
7. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None. Click on NEXT . The Add an IPv4 address opens.
8. In the MAC address field, you can type in the MAC address of your choice. The IPv6 address
is also linked to this MAC address.
9. In the Corresponding IPV6 address field, the IPv6 address is displayed in grey. This IP ad-
dress depends on the transition you set in the default behavior configuration wizard. For
more details, refer to the section Configuring the Transition at IP Address Level above.
10. In the Shortname field, name the IP address. The IPv6 address is named the same. The IP
address name field displays the shortname you typed in.
11. For more details regarding an IP address configuration, refer to the Adding an IP Address
section of this guide.
12. Click on NEXT, the last page of the wizard opens.
13. Click on OK to commit your creation. The report opens and closes. The address is listed. In
IPv6, the address is created as well, it has the same name and MAC address.
On both IP addresses properties page you can display the details of the configuration in the Default
behavior properties panel.
274
Chapter 20. Managing IPAM Templates
The IPAM template mode allows to create fully preconfigured IPAM structures that can be asso-
ciated to specific template classes. Such a class can then be used to automatically create the
said structure upon addition of a new IPAM resource.
For instance, you can create a block template containing 3 subnets with 3 pools and associate
it to a template class. Selecting this class when adding a new block will overwrite the block name
and automatically create the related child objects with the corresponding names, sizes and or-
ganization. The IP addresses specified for the block template will not be literally applied on the
new resources, thus allowing to use the same template for different blocks. They are rather used
to organize the subnets and pools and keep the defined offsets between them.
Note
The prefix of a template is not applied to the newly created object, still it must be
small enough to contain the template structure.
You need to create a template class for as many elements as you want to use. Therefore, if you
need two different templates at the blocks level to set up two blocks configuration, you will need
to create two different template classes. The same logic applies for the subnets and for the pools.
If you have many templates, creating sub directories might come in handy. Note that the classes
will be named as follow: sub-directory-name/class-name and be listed in the class list of the IPAM
module as such: sub-directory-name/class-name [template].
1. Create a class.
Tip
Considering that the class will be configured as a template you do not need
to use the word "template" in the Filename field, the fact that this class is
a template will be mentioned.
e. In the Sub directory, you can type in a directory name, it will be created and contain
the class you are adding. You will need to type in the full name of this directory to add
other classes in it.
275
Managing IPAM Templates
You can rename or modify the type of resource for a template class once it has been created as
long as you are not using it already. For more details, refer to the chapter Class Studio.
Considering that the IPAM hierarchy needs to be respected to the letter in Template mode, even
if you only need a template to create subnets, you will need to create a space in which you create
a block, in which you create a subnet associated with a class to be able to use the subnet template
of you choice in Normal mode.
Before going further, let us remind you of some key information regarding the templates:
• You cannot apply templates at the space level. Space template are only here to store the other
templates.
• You cannot apply templates at the addresses level. However, if you assign addresses belonging
to a block template, subnet template or pool template, they will be assigned as well in normal
mode once the template is applied.
• The template of an element created in Template mode not associated with any class cannot
be used in Normal mode.
• You can create a whole hierarchy in template mode but if you only associate one object (e.g.
a subnet) with the appropriate class template: only this template will be available in Normal
mode.
• The start address of a template is overwritten by the address you choose in normal mode: it
is only used to define the general size parameters of the block, subnet or pool template.
• Even in Template mode you cannot overlap addresses even though you might associate only
a few elements with a class to used them as templates in normal mode.
276
Managing IPAM Templates
• A block template associated with an enabled template class will allow you to create a block.
This block will have the same name and properties as the block template, the same subnets,
the same pools and the same assigned addresses.
• A subnet template associated with an enabled template class will allow you to create a subnet.
This subnet will have the same name and properties as the subnet template, the same pools
and the same assigned addresses.
• A pool template associated with an enabled template class will allow you to create a pool. This
pool will have the same name and properties as the pool template and the same assigned
addresses.
Like any space, a space in template mode can have a particular behavior configuration regarding
the DNS and DHCP modules. These behaviors will be inherited by the blocks, subnets and pools
that you create in template mode. Considering that you cannot associate the space templates
with a class template, you will need to set the exact same parameters to your space in normal
mode before using the configured block, subnet or pool templates.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: the
breadcrumb indicates that you are still in the All spaces list, however a red message
under the menu indicates that you are in template mode.
a. In the menu, select Add > Space. The Add a space wizard opens.
b. In the Space name field, name the space.
Caution
You cannot give the same name to a space in normal mode and to a space
in template mode.
277
Managing IPAM Templates
Fields Description
Default behavior wizard at the server level. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options
that can be ticked in the Default behavior wizard. For more details,
refer to the IPAM section of the Default Behaviors chapter of this
guide.
Once your space template is created, you can create the objects it contains. Keep in mind that
in Template mode, you need to follow the IPAM hierarchy: the orphan subnets and orphan ad-
dresses containers do not exist.
If you intend to use a block as template, do not forget to create the corresponding template class
in Class Studio. See the section Creating Template Classes above for more details.
In the following procedures we will explain how to create blocks within a template space; however
you can also create it in the All blocks list in template mode, you will simply need to specify the
space to which the block belongs. Keep in mind that even in template mode, the overlap is not
tolerated. The procedure below details how to create a block in template mode. This block will
not be used as a template in normal mode. In this block you will be however be able to create
subnet and/or pool templates.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.
a. Click on the name of the space template of your choice to display its blocks.
b. In the menu, select Add > Block. The Block class wizard opens.
c. If you want to create a block template, select None and click on NEXT . The Add an IPv4
Block page appears.
d. In the Block Name field, name the block.
278
Managing IPAM Templates
The procedure below explains how to create a block template. Keep in mind that any element
added in the block are going to be part of the block template. So you do not need to associate
any of the them with a class template.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.
a. Click on the name of the space template of your choice to display its blocks.Click on
the name of the space template of your choice to display its blocks.
b. In the menu, select Add > Block. The Block class wizard opens.
c. Select the block related class template of your choice in the list (it will look like your-
template-name [template] or your-sub-directory/your-template-name [template]) and
click on NEXT . The Add an IPv4 Block page appears.
Note
If do not want to create a block template but rather a subnet or pool template,
select None in the Block class list.
279
Managing IPAM Templates
If you intend to use a subnet as template, do not forget to create the corresponding template
class in Class Studio. See the section Creating Template Classes above for more details.
In the following procedure we will explain how to create subnets within a block template using
the By search option; however you can also create it in the All subnets list in template mode, you
will simply need to specify the space, block to which the subnet belongs and start address. The
created subnet(s) through this procedure will be part of the block template. Keep in mind that
even in template mode, the overlap is not tolerated.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.
a. Click on the name of the block template of your choice to display its subnets.
b. In the menu, select Add > Subnet > By search. The Subnet class wizard opens.
c. Select None and click on NEXT . The Subnet size page appears.
d. Select a Subnet search size, a Prefix or a Netmask, the two other fields will be modified
and set according to what you selected in one of these fields.
e. Click on NEXT . The Search result page opens.
f. In the Subnet address list, select the start address of your choice.
g. Click on NEXT . The Add an IPv4 subnet opens.
h. In the Subnet name field, name your subnet.
i. In the Terminal subnet section, you can untick the box if you want your subnet no be
non terminal.
j. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
k. Click on OK to commit your addition. The report opens and closes. The subnet is listed.
At the subnet level, you can create a subnet template. It can belong to a block created in template
mode or to a block template i.e a block created in template and associated with a class template.
280
Managing IPAM Templates
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.
a. Click on the name of the block of your choice to display its subnets.
b. In the menu, select Add > Subnet > By search. The Block subnet wizard opens.
c. If you want a create a subnet template, select the subnet template you created in the
list (it will look like your-template-name [template] or your-sub-directory/your-template-
name [template]) and click on NEXT . The Add an IPv4 Block page appears.
d. Select the subnet related class template of your choice in the list (it will look like your-
template-name [template] or your-sub-directory/your-template-name [template]) and
click on NEXT . The Subnet size page appears.
e. Select a Subnet search size, Prefix or Netmask, the two other fields will be modified
and set according to what you selected in one of these fields.
f. Click on NEXT . The Search result page opens.
g. In the Subnet address list, select the start address of your choice.
h. Click on NEXT . The Add an IPv4 subnet opens.
i. In the Subnet name field, name your subnet.
j. In the Terminal subnet section, you can untick the box if you want your subnet no be
non terminal.
k. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
l. Click on OK to commit your addition. The report opens and closes. The subnet is listed.
If you do not need pools, you can go to the Applying a Template section below.
Do not hesitate to assign addresses within the subnet templates, they will be automatically as-
signed in normal mode when the template is used.
If you intend to use a pool as template, do not forget to create the corresponding template class
in Class Studio. See the section Creating Template Classes above for more details.
In the following procedure we will explain how to create pools within a template subnet however,
you can also create it in the All pools or All addresses list in template mode. You will simply need
to specify the space, block and subnet to which the pool belongs.
281
Managing IPAM Templates
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. Click on the Blocks or Subnets icon. The corresponding list opens.
d. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the same list, however a red message under the menu indic-
ates that you are in template mode.
a. Click on the name of the block template or subnet template of your choice to display its
content. In the breadcrumb, click on All addresses to display the addresses and existing
pools.
b. In the menu, select Add > Pool. The IP pool class page of the wizard opens.
c. Select None and click on NEXT . The Add an IPv4 pool page appears.
d. In the Pool name field, name your pool.
e. In the Pool read only section, tick the box if you want all the addresses the pool contains
to be reserved.
f. In the Start address field, the first address of the selected subnet is automatically pro-
posed. Modify it if need be.
g. In the End address field, the last address of the selected subnet is automatically pro-
posed. Modify it if need be, it will modify the size field. If you modify the Size, the last
address will automatically be modified.
h. In the Size field, enter the number of addresses you want in the pool. If you do not type
in anything, the number will be calculated according to the start and end addresses.
i. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
j. Click on OK to commit your addition. The report opens and closes. The pool is listed in
the Pool column next to the addresses it contains.
At the pool level, you can create pool templates as well, within a subnet template or within a
subnet created in template mode.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list of spaces template opens: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.
282
Managing IPAM Templates
a. Click on the name of the block template or subnet template of your choice to display its
content. In the breadcrumb, click on All addresses to display the addresses and existing
pools.
b. In the menu, select Add > Pool. The IP pool class page of the wizard opens.
c. Select the pool template you created in the list (it will look like your-template-name
[template] or your-sub-directory/your-template-name [template]) and click on NEXT . The
Add an IPv4 pool page appears.
d. In the Pool name field, name your pool.
e. In the Pool read only section, tick the box if you want all the addresses the pool contains
to be reserved.
f. In the Start address field, the first address of the selected subnet is automatically pro-
posed. Modify it if need be.
g. In the End address field, the last address of the selected subnet is automatically pro-
posed. Modify it if need be, it will modify the size field. If you modify the Size, the last
address will automatically be modified.
h. In the Size field, enter the number of addresses you want in the pool. If you do not type
in anything, the number will be calculated according to the start and end addresses.
i. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
j. Click on OK to commit your addition. The report opens and closes. The pool is listed in
the Pool column next to the addresses it contains.
Do not hesitate to assign addresses within the pool templates, they will be automatically assigned
when the template is used.
Once you created all the spaces, blocks, subnets and pools that you need in template mode, you
can use your template(s) in normal mode.
Applying a Template
To apply the templates in normal mode you simply need to select your templates classes when
creating block, subnets and pools.
Considering that these classes cannot be configured at the space level, if you create a block,
subnet or pool template with a specific configuration of behaviors, you will need to create a space
in normal mode with the same configuration than the space containing your template in template
mode. That way, once you add the blocks, subnets or pools using the class template the config-
uration will be created without any problem.
283
Managing IPAM Templates
Example 20.1. Creating a space before using a template with a specific configuration of behaviors
If you created a block template in template mode that automatically creates DHCP statics when
you assign an IP address. You have to make sure that in normal mode, the space this block will
belong to has the DHCP parameters configured. If you created a space with the default behaviors
regarding DNS and DHCP, the specific configuration of your block template will not be applied
to the block you want to add using your template.
In normal mode, as the parameters are inherited by the objects contained, the space will overwrite
the default parameters rather than respect the parameters of your block/subnet/pool templates.
So, for instance, to implement the block template parameters when you create the space that
will contain a block template configured to update the DHCP, make sure that None is selected
in all the DNS properties drop-down lists and that the Update DNS checkbox in unticked. In the
same way, select a failover channel in the DHCP cluster drop-down list and tick the Create DHCP
static checkbox. See figure below.
Figure 20.1. Example of a space configuration that will allow the successful use of a template
Once your space is created respecting your templates needs configuration-wise, using the tem-
plates will be very easy. See the procedure below for more details.
Whatever template you plan on using, you should keep in mind the following:
In normal mode, if you are creating a block named France using the block template france
associated with the block Paris created in template mode, the block you create in normal
mode will contain all the subnets paris contains in template mode but will be named paris
and not France like you wanted to name it in the wizard.
• You cannot rename a block, subnet or pool created using a template.
• When you define an address in the wizard (for a block, subnet or pool), this address is actually
used. The addresses used in template mode are only used to define the size.
• Block and subnet templates have some specificities
• When you are configuring the block or a subnet using a template, simply type in the start
address and make sure that the size proposed automatically is greater than the size of the
284
Managing IPAM Templates
template. In other words, make sure the size proposed could contain the template, the tem-
plate class will do the rest.
For instance, if you are using a subnet template, type in the name and the start address, the
size proposed will go from the start address you typed in and the very last available of the
block that contains the block. If that this represents let say 512 addresses and your subnet
template sets up 128 addresses, do not modify anything as you subnet template size could
be contained in the subnet automatically calculated, only the first 128 addresses you need
will be included in the subnet.
• Pool templates have some specificities
• The pool template used alone is a great way to provision a subnet. All the assigned addresses
are saved and recreated.
• When you use a class template associated with a pool, you actually need in the wizard to
specify the right Size and tick or untick the Pool read only checkbox according to the template
configuration.
To illustrate the steps to follow to use the templates you created, we will go through the procedure
of using a block template. You simply need to select the appropriate class to use the template,
as long as the space in which you created it respects the same behaviors than the template.
Tip
The procedure below describes the use of the block template but you can apply it
for any kind of template. You need to select your class template at the right step of
the addition wizard: in the Block class list to use a block template, in the Subnet class
list to use a subnet template and in the Pool class list to use a pool template.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space of your choice. The All blocks list of this space appears.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. In the menu, select Add > Block. The wizard opens and displays the Block class page.
6. In the Block class list select the class template of your choice. It will look like your-template-
name [template] or your-sub-directory/your-template-name [template]
7. Click on NEXT . The Add an IPv4 Block page appears.
8. In the Block Name field, name the block. Whatever the name you type in the field, it will be
overwritten by the block template name.
9. In the Description field, you can type in a description.
10. In the Block address field, type in the start address.
11. Do not modify the Netmask and Prefix fields. By default, following the address you chose,
the biggest prefix possible is selected. If the size automatically selected can contain the ac-
tual size of your template block, it will automatically be changed and respect your template
configuration.
12. Optional fields could appear depending on the default behavior configured by your adminis-
trator at the space level. Modify the parameters if need be. If the space created fits the
285
Managing IPAM Templates
configuration of the block template, the class will implement every detail you created in
template mode from the number of subnets and pools to the assigned IP addresses.
13. Click on OK to commit the addition. The report opens and closes. The block is listed, click
on its name, all the objects it contains have been created as well.
286
Chapter 21. Using VLSM to Manage Your
Network
Introduction
The Variable Length Subnet Masking (VLSM) is a technique that allows network administrators
to break down the IP address organization on different levels of spaces, blocks, subnets or pools
in IPv4 and IPv6. It can be used as a tool to delegate rights to the users. From the space level
you can use the IPAM hierarchy to modeling the organization of IP resources and increase its
capacity. Spaces allow to maintain several IP address plans that could be overlapped. As spaces
can be combined to map your organization, they can help network administrator (the superuser)
to delegate the IP address management per layer of space.
For instance, big blocks of IP address are defined as root entries at the top level of the space
hierarchy. Blocks of IP address stock can be chopped in several subnets to be allocated to sub
spaces. Then in these sub spaces, IP addresses could be chopped again in smaller subnets,
and so on, on other sub spaces or directly used as IP address unit to register a network device.
VLSM actually sets up an affiliation between two spaces and the objects they contain. The IPAM
hierarchy using VLSM introduces a parent >child dependency relationship between two spaces.
A child space is related to its parent space to which it is attached. We call them affiliated spaces.
space: parent
bloc
Space
filiation
space: child
The resources contained in the parent space can then be allotted to one of its child spaces. Once
these resources are defined in a parent space, they may not be modified from the child space.
When a subnet is added in a parent space, it may then be allocated to a child space. This subnet
will be created in the child space as a block.
space: parent
bloc
Space
filiation
space: child
bloc
287
Using VLSM to Manage Your Net-
work
This block may then be cut out in several subnets to be allocated as blocks with new spaces
"grandchildren ", and so on.
space: parent
bloc
Space
filiation
space: child
bloc
subnet
This hierarchy makes it possible to obtain a coherent space unit where the resource administration
is governed by the dependent relationships created between these spaces. The consistency
check of resources and their uniformity are made between all affiliated spaces. Anything you
create in a parent is created in the child and vice versa. In the same way, anything you delete in
a parent is deleted in the child and vice versa.
We recommend that you set up the affiliations between all spaces before creating blocks,
non-terminal subnets, subnets, etc. Indeed, if you already set up the VLSM between two
spaces up to the subnets and pools but realize that you will need a third space, you will not
be able to add it the organization of affiliated spaces.
In the example above, each country has a separate space affiliated to the continent it belongs
to in order to organize the clients IP database. These spaces were created prior to creating
the blocks, subnets and pools that will shape the rest of the IP addresses organization.
288
Using VLSM to Manage Your Net-
work
Tip
To organize your network, you can combine the use of manual and semi-auto-
mated VLSM. However, it can go only one way: once you set up a manual VLSM
organization, you can use semi automated VLSM at the lowest space level. You
cannot set up a manual VLSM organization of spaces once you used non-terminal
subnets. Considering that the hierarchy of a semi-automated VLSM is actually
hidden to the user in the interface. Once you started organizing your network
with it, it is impossible to affiliate spaces manually.
Customizing your organization through VLSM also provides an easy way to delegate rights to
the users. Even though anything created at a lower level will be created in the parent spaces, it
allows to limit the visibility of the users only to what they need to see and manage.
Remember that both VLSM techniques can be used simultaneously in an organization or even
within a space. As long as they are set up properly: you can implement manual VLSM and then
use semi-automated at the lowest level of spaces; but you cannot use manual VLSM if you already
implemented a deep organization of subnets. In other words, you can use space delegation and
then subnets delegation but you cannot use subnets delegations and then set up a spaces del-
egation.
As for the import of VLSM organizations, you can actually import subnets VLSM organization at
once, for more details the chapter Importing Data in the Global Policies part of this guide.
289
Using VLSM to Manage Your Net-
work
Icons Description
This subnet icon indicates that the subnet is non-terminal i.e. using VLSM. This
icon is used in a space using semi-automated VLSM as well as in a space using
manual VLSM, in this case it is linked to a block of the child space.
This block icon indicates that the block is part of an affiliated space organization
in a level 2 space, or lower. It shows that the block is linked to a non-terminal
subnet in the parent space of your current space, they both share the same name
and size.
Considering that the IPAM parameters configured at the space are inherited by the blocks, subnets,
and pools, you can configure your network using this feature at your advantage. If at the top level
space you decided to update a DNS server, your non-terminal subnets will update it as well.
Meaning that the blocks created in the level 2 space will be configured to update the DNS as
well. Therefore, if your level 2 space is only configured to create DHCP statics, all the blocks that
you create within this child space will inherit these DHCP parameters. Therefore, in one space
you can have blocks that update the DNS and other that are dedicated to DHCP options.
Keep in mind that throughout the VLSM hierarchy the direct affiliation between spaces updates
simultaneously both spaces. Which is why anything you create in the parent space in a non-ter-
minal subnet is created at the blocks or subnets level in the child space. In the same way, anything
newly added element in the child space will also be created at the corresponding level in the
parent space.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. Add a space. For more details, see the procedure To add a space in the Managing IP
Networks chapter of this guide. This space will be the level 1 space (top level) of your
organization, the equivalent of the clients space in the example above.
a. Once your space is listed, add another space: in the first step of the wizard, Name your
space, add a Description if need be, you can set up the same parameters than the
space you just created.
b. Click on NEXT . The second page of the wizard opens.
c. In the list, select the parent space i.e. the top level space you just created.
d. Click on OK to commit the creation of the child space. The report opens and closes.
The space is listed right under the top level space preceded by the dot icon. You can
290
Using VLSM to Manage Your Net-
work
repeat step 2 for as many spaces as you need: all the spaces that can become VLSM
parent spaces are listed, so you can actually select the top space, a level 2 space or
even lower if you want your spaces organization to be deeper.
Once your spaces are affiliated to one another, you can create IPv4 or IPv6 blocks in the top
level space, if need be follow the procedure To add a block in the Managing IP Networks chapter
of this guide. Now you can create subnets in it. Terminal subnets will only belong to the top level
space, the non-terminal subnets will become the blocks of the child space of your choice.
In the procedure below, we will create a non-terminal subnet by search, you can of course create
them manually. Keep in mind that the By search tool will find available subnets depending on the
size you asked for. Therefore, if you only create one block in which you have all the non-terminal
subnets of your entire VLSM hierarchy, the first subnet might not be located where you want it.
1. Click on the name of the top level space. The corresponding All blocks list opens.
2. Depending on the blocks you created, click on IP4 to display the IPv4 blocks.
3. Click on the name of the block of your choice to display its subnets list.
4. In the menu, select Add > Subnet > By search. The wizard Subnet size page opens.
5. Among the Subnet Search size, Prefix and Netmask drop-down list, set the value of your
choice in one of the three, the two other will automatically adjust. Click on NEXT . The Search
result page opens.
6. In the Subnet address list, select a start address. Click on NEXT . The Add an IPv4 subnet
page opens.
7. In the Subnet name field, type in the subnet name.
8. In the section Terminal subnet, untick the checkbox. The wizard updates and displays the
Add an IPv4 subnet page, the pool related section disappears.
9. In the Gateway field, you can modify the address if need be.
10. Click on NEXT . The VLSM space page opens.
Note
If your VLSM hierarchy includes only one child space below the space where
you are creating subnets, you do not need to specify a VLSM space and you
can click on OK directly (step12).
11. In the VLSM space list, select the child space that will receive the non-terminal subnet as a
block.
12. Click on OK to commit the creation. The report opens and closes. The non-terminal subnet
is listed.
13. In the breadcrumb, click on All spaces. The All spaces list opens.
14. Click on the name of the child space of your choice. The All blocks list opens: the non-ter-
minal subnet is listed as a block.
1. Click on the name of the top level space. The corresponding All blocks list opens.
291
Using VLSM to Manage Your Net-
work
2. Depending on the blocks you created, click on IP6 to display the IPv6 blocks.
3. Click on the name of the block of your choice to display its subnets list.
4. In the menu, select Add > Subnet (v6) > By search. The wizard Subnet size page opens.
5. In the Subnet prefix drop-down list, select a size in bits. Click on NEXT . The search result
page opens.
6. In the Subnet address (v6) list, select a start address. Click on NEXT . The Add an IPv6 subnet
page opens.
7. In the Subnet name field, type in the subnet name.
8. In the section Terminal subnet, untick the checkbox. The wizard updates and displays the
Add an IPv6 subnet.
9. Click on NEXT . The VLSM space page opens.
Note
If your VLSM hierarchy includes only one child space below the space where
you are creating subnets, you do not need to specify a VLSM space and you
can click on OK directly (step12).
10. In the VLSM space list, select the child space that will receive the non-terminal subnet as a
block.
11. Click on OK to commit the creation. The report opens and closes. The non-terminal subnet
is listed.
12. In the breadcrumb, click on All spaces . The All spaces list opens.
13. Click on the name of the child space of your choice. The All blocks list opens: the non-ter-
minal subnet is listed as a block.
From now on, anything created within the non-terminal subnet is created in the child space as
well. If you add another non-terminal subnet in the parent space, a new block will be created in
the child space. In the same way, if you create subnets within the child space, they will be created
in the parent space as well. For more details regarding subnets and pools creation see the chapter
Managing IP Networks of this guide, from the section Managing IP Subnets.
For more details regarding how to make IPAM objects a resource for a group of users, see the
section Defining a [Space | Block | Subnet | Pool] as a Group Resource at the end of the corres-
ponding Managing section of the Managing IP Network chapter of this guide.
If you make the different pieces of a space organization resources to specific groups, you can
delegate the management one level at a time and whoever has access to the whole hierarchy
can keep track of the changes. To illustrate this we will reuse the manual VLSM organization.
292
Using VLSM to Manage Your Net-
work
Following the example above, the best way to use the VLSM hierarchy to your advantage would
be to give a group of users access to the space america and to all the blocks, non-terminal subnets,
subnets and pools related to usa. That way, users have in reality access to both america and
usa spaces. Therefore, the superuser or the users with access to the whole hierarchy will be able
to oversee everything that was modified in america and usa.
Note that if you simply give access to the space america and usa at the space level, users will
be able to list the blocks and non-terminal subnets created in america but would not have access
to the content of these subnets, or to the pools and addresses contained in these subnets.
For more details regarding users, groups and delegation within SOLIDserver, see the part Admin-
istration of this guide.
As we saw earlier, once in an independent space (or not a parent space), defining a subnet as
non-terminal sets up a semi-automated VLSM organization of the network. It allows to organize
further the subnets level and delegate rights and access to each and every one them if need be.
The semi-automated VLSM is actually very useful if you simply need your hierarchy to be under-
stood at a glance. All the subnets and blocks can be listed all together, there is no need to go
through different spaces separately to view non-terminal subnets/blocks and the subnets they
contain.
Keep in mind that as semi-automated VLSM organizes subnets, manual VLSM organizes spaces.
Considering that they both organize different levels of the IPAM hierarchy, if you intend on using
them both you need to respect the level to which they apply. It actually follows the IPAM hierarchy
logic: spaces contain blocks that contains subnets that contain pools that contain addresses; so
293
Using VLSM to Manage Your Net-
work
you can set up manual VLSM and then use the semi-automated VLSM at the lowest level of the
organization but not the other way around. That is to say you can organize spaces and then
subnets but not organize subnets before spaces.
You can create non-terminal subnets in the block of your choice in IPv4 and IPv6. You simply
need to untick the Terminal subnet checkbox in the Add an IPv4 subnet or Add an IPv6 subnet
page of the creation wizard. For more details regarding these procedures see the Adding a subnet
section of the Managing IP Networks chapter of this guide.
Figure 21.7. Screen shot of the last step of a non-terminal subnet creation in IPv4
Figure 21.8. Screen shot of the last step of a non-terminal subnet creation in IPv6
Using this checkbox, you can also edit existing subnets and make them non-terminal. Simply
keep in mind that unticking the terminal subnet checkbox limits the number of fields to configure
in IPv4 and IPv6, if the Configurable behavior is selected in the Mode drop-down list and if there
are no DNS or DHCP parameters to configure (inherited from the block).
Note
You cannot edit a non-terminal subnet and make it terminal if it contains one or more
terminal subnets.
You can create as many levels of non-terminal subnets as you need. Just like in the manual
VLSM, the level of the subnet is visible at a glance in the GUI thanks to the dots preceding the
subnet address. See example below for illustration.
294
Using VLSM to Manage Your Net-
work
295
Chapter 22. Managing VRF
The IPAM module provides, in version 5.0.2, Virtual Routing and Forwarding management pages.
A VRF, defined in RFC 4364, allows several instances of a routing table to co-exist within the
same router of an MPLS Virtual Private Network. The routing tables will exchange data through
a level 3 connection: using an IP address. Each routing instance is independent from the other(s),
so you can use one IP address on each one of them without worrying about a potential overlapping.
They provide additional routes in a VPN for routing and forwarding.
On a router, each VRF will basically behave like an independent router with its own interfaces,
IP subnets and routing protocol. Each VRF has separate routing and forwarding tables used only
for the packets that enter said VRF. To ease their management, they can be identified through
their Route Distinguisher (RD), it is specific to each VRF, that allows to differentiate all the routes
configured on the network that potentially use the same IP addresses. That way the RD keeps
the routes globally unique, for instance if New York subnets were used in Singapore as well, the
router would still be able to distinguish whether the traffic was destined for New York or Singapore
thanks to the RD).
Within SOLIDserver, you will find two pages of routing tables that enable the management of
your VRFs: one that displays all the VRFs and the other that displays all the Route Targets that
you set up between the VRFs of your database. On both pages the RD is a key piece of inform-
ation to manage the VRF and their Route Targets.
Once added to your database, the VRF will provide an extra tool to link your subnets. To set up
this interaction, you will need to create and configure classes, for more details, see your admin-
istrator.
Browsing VRFs
With the IPAM module, the All VRFs page is a routing table in essence where you can add or
import all the VRFs that you need.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
296
Managing VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. At the end of the line of the VRF of your choice, click on . The properties page opens.
By default, all the columns are displayed on the page. However, SOLIDserver enables you to
modify the columns display in the list, especially if you add classes.You can add columns, remove
columns or modify the order of columns. For more details, see the Customizing the List Layout
section of the Understanding the SOLIDserver User Interface part of this documentation.
Adding a VRF
You can as many VRF to the All VRFs routing table as you need.
To add a VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Add > VRF. The Add a VRF wizard opens.
4. In the Name field, name your VRF.
5. In the RD ID field, type in the Route Distinguisher IDentifier of your VRF. It must comply with
the following format: <numeric>:<numeric>.
6. In the Comment field, you can add a description. This field is optional.
7. Click on OK to commit the addition. The report opens and closes. The VRF is listed.
Editing a VRF
Once created, you can edit all the information regarding a VRF.
Note
If you edit a VRF name or RD ID, its VRF Route Targets will be updated as well.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Put your mouse over the name of the VRf you want to edit. The Info Bar appears.
4. Click on . The Add a VRF wizard opens.
5. Edit the Name, RD ID and Comment fields according to your needs.
6. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
VRF is listed with the new information.
297
Managing VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. At the end of the line of the VRF of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VRF wizard opens.
5. Edit the Name, RD ID and Comment fields according to your needs.
6. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
VRF is listed with the new information.
Importing a VRF
Like most modules in SOLIDserver, you have the possibility to import VRFs on the All VRFs page
from a CSV file. From then on, you will be able to add the VRF Route Targets to organize them
as you please. For more details, refer to the chapter Importing Data in the Global Policies part
of this guide.
Deleting a VRF
At any point you can delete one or several VRFs. Keep in mind that the related VRF Route Targets
will be deleted as well.
To delete a VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Tick the VRF(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the VRF deletion. The report opens and closes. The VRF is no longer
listed, the VRF Route Targets with that VRF are deleted as well.
298
Managing VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Display > All VRF Route Targets. The All VRF Route Targets page
opens.
The VRF Route Targets do not have a properties page as all the information is displayed on the
page.
If you click on a VRF name, you will be able to display the list of VRF Route Targets that have
this VRF defined as source name. Obviously, if the list is empty it means that the VRF has never
been used as a source.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Click on the name of the VRF of your choice. The All VRF Route Targets page opens.
4. Only the Route Targets with the chosen VRF defined as source are listed.
By default, all the columns are displayed on the page. However, SOLIDserver enables you to
modify the columns display in the list.You can add columns, remove columns or modify the order
of columns. For more details, see the Customizing the List Layout section of the Understanding
the SOLIDserver User Interface part of this documentation.
299
Managing VRF
other one. Which is why it is crucial to decide which VRF will be the source VRFand which one
the destination VRF.
To add a VRF Route Target that allows both VRFs to exchange data
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Import section, tick the checkbox.
8. In the Export section, do not tick the checkbox.
9. Click on OK to commit the addition. The report opens and closes. The VRF is listed.
Note
If you do not tick either the Import or Export checkbox, the data exchange will not
be possible.
To add a VRF Route Target that allows the source VRF to receive data from the
target VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Import section, tick the checkbox.
8. Click on OK to commit the addition. The report opens and closes. The VRF is listed.
To add a VRF Route Target that allows the source VRF to send data to the target
VRF
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
300
Managing VRF
6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Export section, tick the checkbox.
8. Click on OK to commit the addition. The report opens and closes. The VRF is listed.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, the source VRF of your choice.
6. In the Target VRF name field, he target VRF of your choice.
7. In the Import and Export section, you can overwrite the existing Route Target by ticking the
checkbox(es) that now suits your needs.
8. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
configuration changes are visible in the Imported and Exported columns.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. Tick the VRF Route Target(s) you want to delete.
5. In the menu, select Edit > Delete VRF Route Target. The Delete wizard opens.
6. Click on OK to commit the VRF deletion. The report opens and closes. The page refreshes,
the VRF Route Target is no longer listed.
301
Chapter 23. Importing Data into the IPAM
EfficientIP provides within the IPAM module a powerful tool to importing existing data into your
appliance without having to configure manually the network organization that you were using so
far. There are a number of options and features that help you import your IP addresses organiz-
ation whether you want to import raw data or configurations coming from the VitalQIP or Nortel
NetID softwares.
You can import CSV files containing addresses, subnets, etc. into specific blocks or simply
into a space and then organize the data within the module. Note that at the subnet, pool and
address level, there is a tool allowing you to let SOLIDserver find the best space possible, i.e.
the space containing the smallest block possible that can receive the data you are importing
and avoid overlapping.
2. Import external data with the same network organization
If you plan on importing already configured spaces to SOLIDserver, we recommend that you
follow the hierarchy and import one after the other all levels: space, blocks, subnets, pools (if
relevant) and finally addresses. That way, you will be sure not to miss any parameters or lose
any data.
For more details regarding Spaces, Blocks, Subnets, Pools and Addresses, in IPv4 and IPv6
refer to the chapter Importing Data in the Global Policies part of this guide.
To import it into SOLIDserver, the file must be located at the root of a .zip or a .rar file.
Tip
This compressed file does not need to include the *_aud.qef files as they are not
relevant to the import and will make your import take longer.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Import > QIP IPAM. The Import entries from file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders, select the needed file.
5. Click on Open. The window closes and the file is visible in the File name field of the wizard.
302
Importing Data into the IPAM
Note that all the data the space contains will be imported as well (blocks, subnets and ad-
dresses).
8. In the Block class drop-down list, select an existing class to be applied to the blocks you
are importing.
1
9. In the Subnet class drop-down list, select an existing class to be applied to the subnets you
are importing.
10. Click on OK to import the data. The report opens and closes. The data is listed according to
your import configuration.
1
The classes that may be listed in these fields are the classes created through Class Studio (in the Administration tab) and applied to
the IPAM blocks or subnets. For this classes to be visible in the list, they will need to be enabled at the time of the import.
303
Importing Data into the IPAM
304
Chapter 24. Managing IPAM and DHCP
Labels
Introduction
SOLIDserver introduced the labels in version 4.0.2 along with the IPv6 addresses management.
Labels are a visual aid that displays the letters and colors of your choice above part of the IP
address and allows therefore to see at a glance the IP addresses belonging to a common con-
tainer in the IPAM and DHCP modules. Therefore you will be able to create and configure them
in both modules.
In the example above, you can see that the labels are named after the subnets and blocks and
colored to reflect the hierarchy.
• For now, labels are only available in the IPAM and DHCP modules for the IPv6 addresses.
• The label goes above, and therefore hides, the address configured whether it is a full address
or part of an address.
• Once the labels are displayed, you can still uncompress or compress the IPv6 addresses ac-
cording to your needs.
• The label name can be set in lower-case and/or upper-case but must not exceed three letters.
• There are 12 colors to choose from.
• If you have common addresses among several spaces, blocks or subnets, they will all have
the same label (see the Canberra and Management subnets label in the example above).
The label-related options are available on all the pages displaying IPv6 addresses, that is to say:
• In the IPAM module: the All blocks IP6, All subnets IP6, All pools IP6 and All addresses IP6
pages.
• In the DHCP module: the All scopes IP6, All ranges IP6, All leases IP6 and All statics IP6
pages.
Note that these options also are available if you are listing the addresses of a particular subnet,
the leases of a specific server, etc.
305
Managing IPAM and DHCP Labels
Creating Labels
The labels are all managed through the same wizard, accessible through the Settings menu of
the IPAM and DHCP modules on IPv6 pages. You can create as many labels as you need.
To create a label
1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the IPv6 field, type in or paste the address or part of the address to be labeled.
6. In the Label Name field, type in the label name. It should not have more three 3 characters,
that can be letters or numbers except the usual forbidden characters in Windows and Linux.
7. In the Color drop-down list, select the color of your choice.
Tip
In the Preview area at the bottom of the wizard is displayed the label with the
characters and color of your choice.
8. Click on ADD . The label is now listed in the List Label field. Repeat these steps for as many
labels as you need.
9. Click on OK to commit your creation and close the wizard. The list is visible again.
Once created, the labels need to be displayed manually. See the section Displaying or Hiding
Labels for more details.
1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. In the menu, select Display > Use IPv6 labels. The configured labels are now visible.
At any time you can also display the addresses rather than the labels.
306
Managing IPAM and DHCP Labels
1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. In the menu, select Display > Do not use IPv6 labels.The labels are not visible anymore.
Editing Labels
The labels edition has to be undergone in the label configuration wizard.
To edit a label
1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the Settings menu, select Configure IPv6 labels.The Configure IPv6 labels wizard opens.
6. In the List Label field, select the label you want to edit.
7. Modify the data in the IPv6, Label Name and/or Color fields.
8. Click on UPDATE to save the changes. The label is no longer listed in the field. Repeat these
steps for as many labels as you need.
9. Click on OK to commit your edition and close the wizard. The list is visible again.
Deleting Labels
The labels deletion has to be undergone in the label configuration wizard.
To delete a label
1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the Settings menu, select Configure IPv6 labels.The Configure IPv6 labels wizard opens.
6. In the List Label field, select the label you want to delete. You can only delete labels one at
a time.
7. Click on DELETE . The label is no longer listed in the field. Repeat these steps for as many
labels as you need.
307
Managing IPAM and DHCP Labels
8. Click on OK to commit your changes and close the wizard. The list is visible again.
308
Part VI. DHCP Management
Table of Contents
25. Introduction ............................................................................................................. 313
Overview .............................................................................................................. 313
DHCP Structure ............................................................................................ 313
DHCP Servers .............................................................................................. 313
DHCP Failover .............................................................................................. 314
DHCP Management within SOLIDserver ................................................................. 314
26. Deploying DHCP Smart Architectures ....................................................................... 316
Multi-Vendors DHCP Management ......................................................................... 316
DHCP Servers Managing IPv4 addressing ...................................................... 316
DHCP Servers Managing IPv6 addressing ...................................................... 317
Building a Highly Available DHCP Service ............................................................... 317
Understanding the DHCP Safe Failover .................................................................. 317
DHCP Safe Failover Principles ....................................................................... 318
Failover Operational States ............................................................................ 318
Working with DHCP Smart Architectures ................................................................ 320
Implementing Smart Architectures .......................................................................... 320
DHCPv4 Smart Architectures ......................................................................... 321
DHCPv6 Smart Architectures ......................................................................... 323
27. Managing DHCP Smart Architectures ....................................................................... 326
Understanding DHCP Smart Architectures Statuses ................................................ 326
Locked Synchronization Status ...................................................................... 326
Adding a DHCPv4 Smart Architecture .................................................................... 327
One-to-One Smart Architecture ...................................................................... 328
One-to-Many Smart Architecture .................................................................... 330
Split-Scope Smart Architecture ...................................................................... 332
Single-Server Smart Architecture ................................................................... 333
Adding a DHCPv6 Smart Architecture .................................................................... 335
DHCPv6 Single-Server Smart Architecture ..................................................... 335
DHCPv6 Split-Scope Smart Architecture ........................................................ 337
DHCPv6 Stateless Smart Architecture ............................................................ 338
Editing a DHCP Smart Architecture ........................................................................ 340
Adding a DHCP Server into a Smart Architecture ............................................ 340
Removing a DHCP Server from a Smart Architecture ...................................... 341
Changing the DHCP Server Roles within a Smart Architecture ......................... 341
Changing the Type of a DHCP Smart Architecture ........................................... 342
Deleting a DHCP Smart Architecture ...................................................................... 343
Defining a DHCP Smart Architecture as a Group Resource ..................................... 343
28. Managing DHCP Servers ......................................................................................... 345
Browsing DHCP Servers ........................................................................................ 345
Browsing the DHCP Servers Database ........................................................... 345
Customizing the DHCP Servers Display .......................................................... 346
Understanding the DHCP Servers Statuses .................................................... 346
Managing EfficientIP DHCP Servers ....................................................................... 347
Configuring the Listening Network Interfaces ................................................... 347
Adding a SOLIDserver DHCP server .............................................................. 348
Configuring the SNMP ................................................................................... 352
Configuring Server Options ............................................................................ 353
Managing Microsoft DHCP Servers with Agent ........................................................ 354
WinDHCPManager Agent .............................................................................. 354
Adding a Microsoft DHCP server .................................................................... 358
Managing Agentless Microsoft DHCP Servers ......................................................... 360
310
DHCP Management
311
DHCP Management
312
Chapter 25. Introduction
Overview
DHCP Structure
In a continually changing network environment, applying manually the correct settings on each
host to access the Internet can quickly become tedious. The Dynamic Host Configuration Protocol
(DHCP) is a network protocol whose role is to automate the assignment of network parameters
including the IP address, subnet mask, default gateway, DNS name servers and, sometimes,
proxy settings.
This system allows improved management and easier connection for already present and new
devices according to their situation on the network. The administrator can for instance reserve
a pool of addresses for temporary users (dynamic allocation) while listing fixed addresses for the
permanent ones (static allocation).
1. Discovery: the DHCP client (host) broadcasts a DHCPDISCOVER packet on its physical
subnet (usually 255.255.255.255) to discover the available DHCP servers.
2. Offer: the available DHCP servers receiving the request respond with a DHCPOFFER packet
containing their own IP address and valid connection settings according to the type of allocation
configured by the administrator for that host (dynamic or static).
3. Request: the client may receive offers from several DHCP servers, hence the need on part
of the DHCP server to provides its IP address. Once an offer has been accepted, the client
sends a DHCPREQUEST packet to inform the other servers of the acceptance. In the case
of dynamic allocation, the other offered addresses return to the pool of available addresses
of the offering server.
4. Acknowledgment: the final step of the process.The selected server sends all the configuration
data to the client in the DHCPACK packet.
DHCP Servers
The main function of a DHCP server is to provide a host with a valid IP address according to the
client needs. Once the network architecture configured (subnets, subnet masks...), the adminis-
trator declares the DHCP server with an IP address that is part of one of the subnets. That way,
the server can provide clients with addresses. In case of large networks, DHCP servers can rely
on DHCP relays (also called helpers). The whole DHCP configuration is stored in a text file called
dhcpd.conf that describes the part of the network managed by the server.
Within a server, the administrator must define scopes - pools of addresses available for allocation
within each subnet. Scopes allow to perform two different types of allocation:
Dynamic allocation
The administrator defines one or several ranges of IP addresses in a scope. From a range,
the server will randomly allocate one IP address to a host for a limited period of time. This
process is called leasing. When the lease time expires, the address is returned to the pool
of addresses to be allocated to another host.
313
Introduction
Dynamic allocation of addresses is impossible if the server does not contain a scope and a
range of addresses.
Static allocation
To make sure that a client always connects to a subnet with the same IP address, the admin-
istrator can use statics. The static allocation is usually the association of one of the IP ad-
dresses of a scope with the MAC address of a client. The statics are listed in a table and
stored on the server.
Note that the static allocation does not only refer to the IP addresses of a subnet, it can also
refer to the MAC address: you can create statics without IP address in order to configure a
number of options for a particular client. The connection to a subnet will then be handled
dynamically, the client will randomly get the first lease available but always the same DHCP
options.
DHCP statics can be part of a group and share the same DHCP options.
server
scope group
range static
dhcp-navsrv
lease
From the server level downward, the administrator can define DHCP options such as minimum
lease time, maximum lease time, ping check, broadcast address, etc. These options will be inher-
ited by the scopes, ranges, leases, groups and statics managed by the server. However, defining
options at the lower levels of the hierarchy will always prevail. Therefore, if the minimum lease
time is set to 3600 seconds at the server level but one range of addresses has a minimum lease
time set to 1800 seconds, all the leases contained in that range will have a minimum lease time
of 1800 seconds no matter what was set at the scope or server level.
The DHCP protocol allows IP addresses allocation both in IPv4 and IPv6. However, even
though the purpose of the protocol remains the same, the DHCPv6 options are different.
DHCP Failover
Due to the critical role of the DHCP, a failure at the server level would cause hosts to lose their
addresses and the ability to communicate with the rest of the network. The presence of at least
another DHCP backup server ensures the integrity of the database but requires them to continually
communicate. The failover protocol provides a way for two synchronized servers to share and
manage a particular set of IP addresses, thus avoiding possible conflicts in addresses allocation.
DHCP failover also allows disaster recovery.
• Servers: the highest level of the DHCP hierarchy, where are listed the servers that contain
the scopes, ranges, leases, statics and groups. There are 5 different types of servers in IPv4
314
Introduction
that you can create on this page: EfficientIP DHCP, Agentless Microsoft DHCP, Microsoft
DHCP with agent, Cisco DHCP and Nominum DCS. In Ipv6, you can create EfficientIP DHCP
servers.
• Groups: an optional level between the server and the static IP addresses it manages. It allows
administrators to apply specific options to defined groups of static IP addresses.
• Scopes: the second level of the DHCP hierarchy where are listed the scopes created and
managed through the SOLIDserver GUI. Scopes may contain ranges of IP addresses for dy-
namic allocation or individual IP addresses for static allocation.
• Ranges: the third level of the hierarchy for dynamic allocation where are listed the different
ranges of IP addresses available for leasing. At range level, you can define Access Control
Lists (ACLs) to restrict or authorize access to specific users.
• Leases: the lowest level of dynamic allocation where are listed the leases in progress, the IP
addresses currently allocated from a range by the DHCP server.
• Statics: the lowest level of static allocation where are listed the static pairs of IP/MAC addresses
and the statics without IP address.
Servers, groups, scopes, ranges and statics can be added at will and all the changes made in
this module can be automatically updated in the IPAM and the DNS through the default behaviors
configuration..
The DHCP homepage also provides access to the failover channels pages, one for IPv4 and the
other for IPv6, and the leases tracking pages (called lease logs) also available in both versions
of the IP protocol.
At the server level, EfficientIP allows you to manage your servers on their own or through DHCP
smart architectures. The smart architecture technology offers a solution for a global management
of DHCP servers. In IPv4, physical servers can be managed through One-to-One, One-to-Many,
Split-Scope or Single-Server architectures. Besides, some of these architectures can provide
several failover channels configuration between the servers. In Ipv6, physical servers can be
managed through Split-Scope, Single-Server or Stateless architectures. The main advantage
being that the smart architecture configuration will provide a backup of a specific configuration
that will allow you not to loose time or data if a physical server crashes or stops responding. For
more details, refer to the chapters Deploying DHCP Architectures and Managing DHCP Smart
Architectures below.
315
Chapter 26. Deploying DHCP Smart
Architectures
DHCP can quickly become an essential piece of any network data organization. Once set up,
DHCP is usually hardly noticed, silently and faithfully performing its duties day in and day out.
Unfortunately, the hardest thing with DHCP is getting it to that point. The DHCP client needs
must be considered, including which DHCP options are supported by the client's operating system
and which options and their values need to be assigned. In large-scale DHCP implementations,
the topology of the network becomes a very important factor. The network topology dictates
where DHCP servers and/or relay agents must be placed. A final consideration is planning for
fault tolerance. Once DHCP is implemented, it quickly becomes a service that the entire network
is depending on. Steps can be taken to ensure that DHCP will be available at all times.
SOLIDserver provides different options and configurations for DHCPv4 and DHCPv6. They will
be described in each of the following parts to make it clear before actually implementing the ar-
chitectures.
SOLIDserver appliances supports both EfficientIP and other vendor DHCP servers, allowing you
to readily configure and deploy IP services across your distributed network and synchronize
SOLIDserver data updates in real time. SOLIDserver provides a unique user interface that unifies
the management of multi vendor DHCP servers.This allows the management of different vendors
of DHCP servers including:
SOLIDserver supports almost all features delivered by each vendor but does not add additional
features at the service level. Thus, limitations on features delivered by each vendor are those of
each vendor. For instance Microsoft Windows DHCP services do not have failover feature yet,
thus EfficientIP will not deliver failover functionality for Microsoft Windows DHCP services.
The single and consistent SOLIDserver console used to view and manage these multi-vendor
configurations reduces errors, saves time, and eliminates the requirement of having to replace
existing DHCP. SOLIDserver is an abstraction layer which masks the specific processes of each
DHCP vendor to network administrators. DHCP services are not managed server per server any
more but as a global service. It is possible to simultaneously configure Microsoft Windows running
DHCP servers and Linux running ISC DHCP servers, modify VoIP options on all DHCP servers
316
Deploying DHCP Smart Architec-
tures
Each and every one of these servers can be managed by SOLIDserver smart architecture to
ease the management configuration and provide a backup of the chosen configuration. See the
Managing DHCP Smart Architectures part of this documentation for more details.
Two active DHCP servers cannot share an IP address pool since they have no way of knowing
with certainty which IP addresses are being distributed. Hence, two active DHCP servers cannot
perform dynamic DHCP. Therefore, scope splitting is necessary to separate IP address ranges
per server.
With a traditional active/passive pair of DHCP servers, if the active server fails, the network ad-
ministrator is required to manually turn on the passive DHCP server so that it can take over until
the initial active server is restored. DHCP high availability with IP address scope splitting provides
failover but with the risk of meeting downtime as addresses are leased to more than one client
and have potential manual intervention to clean up the lease database.
In order for two DHCP servers to provide DHCP services for the same network segments, the
servers must coordinate their behavior. Each server must either know what the other is doing or
be configured so that it can operate without knowing what the other is doing. In order for each
server to know what the other is doing, the DHCP safe failover protocol can be implemented.
Note
The Split-Scope configuration is available for both DHCPv4 and DHCPv6 services
management. However, the DHCP safe failover protocol is only available when
managing IPv4 addresses. Failover protocol is not available in IPv6.
317
Deploying DHCP Smart Architec-
tures
Note
The failover mechanism is not available when it comes to IPv6 addressing.
The second principle is that DHCP servers can allocate or extend a lease only to a limited amount
of time beyond the lease time known by its peer. This limited time is called the maximum client
lead time (MCLT). The MCLT is configured at one hour by default.
The third principle is that in normal operation, an address that has been assigned to one client
cannot be assigned to another client unless both DHCP servers agree that the first client is no
longer using it.
When in Normal state, each server services and all other DHCP requests other than dhcpre-
quest/renewal or dhcprequest/rebinding from the client set defined by the load balancing algorithm
RFC 3074. Each server services dhcprequest/renewal or dhcpdiscover/rebinding requests from
any client.The partner server then writes the information about lease updates in its lease database.
The lease database in a DHCP server would normally be changed as a result of DHCP protocol
activity with a DHCP client (e.g., granting a lease to a DHCP client through the familiar discov-
er/offer/request/ack cycle or extending a lease due to a renewal from a DHCP client) or possibly
because a lease has expired or undergone another state change that must be recorded in the
DHCP lease database.
Failover Channel
DHCP 1 DHCP 2
local range
local range
16
19
2
1
318
Deploying DHCP Smart Architec-
tures
Failover Channel
DHCP 1 DHCP 2
local range
local range
1 15 allocate new 28
1 allocate new 14 15 respond for 28 respond for 14
address existing addresses existing addresses address
2020 23
16 19
16
55 3
1 2
1
Site A Site B
For a variety of reasons, is it possible that one member of a DHCP failover pair might stop oper-
ating. This could be the result of a planned outage or an unplanned outage. In order to provide
the best possible service when one member of a failover pair is down, the other can be placed
in the Partner-down state. When operating in Partner-down state, a server assumes that its
partner is not currently operating, but does make allowances for the possibility that server was
operating in the past, though possibly out of communications with this server. It responds to all
DHCP client requests in Partner-down state. After a server enters the Partner-down state, it can
reclaim any available IP address that belongs to its peer after the MCLT is passed.
DHCP 1 DHCP 2
local range local range
1 28 1 28
16
19
2
1
319
Deploying DHCP Smart Architec-
tures
Once the peer server is coming up, it will automatically connect its failover channel to change for
operation in Normal state. For the purpose of better controlling the DHCP service, before moving
a server for instance, the administrator can manually switch the backup server of a failover
channel to partner-down, for more details refer to the chapter Managing Failover Channels of
this guide. For One-to-One DHCP smart architectures, the administrator can also set an Automatic
switch to partner-down delay (in minutes) after which a server in Communications-interrupted
state should automatically switch to Partner-down. For more details, refer to the DHCP One-to-
One Smart Architecture section of this guide.
For IPv4, SOLIDserver allows to build 4 types of high available DHCP architectures:
• One-to-One: in this DHCP configuration, two servers share the ranges of dynamic IP addresses.
• One-to-Many: this DHCP configuration is based on a central DHCP server with several peri-
pheral DHCP servers as backup.
• Split-Scope: two DHCP servers are running in active/active mode and distribute the ranges
management. DHCP split scope is the Microsoft's recommended solution to increase the
availability.
• Single-Server: this configuration manages one DHCP server. It provides a backup of the con-
figuration that will be pushed onto a new DHCP server if ever the original server crashed or
stopped responding.
For IPv6, SOLIDserver allows to build 3 types of high available DHCP architectures:
• Single-Server: this configuration manages one DHCP server. It provides a backup of the con-
figuration that will be pushed onto a new DHCP server if ever the original server crashed or
stopped responding.
• Split-Scope: two DHCP servers are running in active/active mode and distribute the ranges
management. DHCP split scope is the Microsoft's recommended solution to increase the
availability.
• Stateless: this configuration provides a number of options to the servers managed through the
architecture. The defined options, and not any other, will be accessible to the DHCP clients.
There is no limitation in the number of DHCP servers managed as this mode only provides
options. Note that the stateless smart architecture also implies that no ranges or statics will be
created. Nor will there be any leases provided.
320
Deploying DHCP Smart Architec-
tures
When it comes to smart architectures, the main difference between DHCPv4 and DHCPv6 ad-
dressing is the failover. Indeed, the failover protocol is not available in IPV6, which explains the
different architectures provided by SOLIDserver. Therefore, the All failover channels page in v6
is merely a list linking DHCPv4 and DHCPv6 servers through the defined ports.
Keep in mind that the IPv6 addressing is only possible from the EfficientIP servers. There is no
compatibility with the numerous vendors providing IP addressing.
The DHCP One-to-One smart architecture allows you to quickly build a peer of two DHCP servers
managing IPV4 addresses with a pre-built high availability mechanism. When you deploy a One-
to-One smart architecture, you drastically reduce the DHCP service downtime if one of your
DHCP servers is out of service.
DHCP DHCP
Master Backup
The One-to-One smart architecture allows two DHCP servers to share a range of common ad-
dresses. Each server will have half of the available addresses in the range for a given period of
time. Should a server stop working, the second server will renew the leases of its peer server
within its half of the range. When the server comes back on line, it detects that it stopped its
service and reclaims the totality of the leases allocated to the other server during the interruption.
Henceforth, the two servers share as they did before.
321
Deploying DHCP Smart Architec-
tures
DHCP
Master
DHCP DHCP
Backup Backup
The DHCP One-to-Many smart architecture is particularly relevant for organizations that have
many sites and need to have a dedicated DHCP service per site. To fit this need, many vendors
provide DHCP clusters enforcing you to deploy double DHCP servers. With DHCP One-to-Many
smart architecture, you deploy one DHCP server per site plus one unique DHCP as a backup
for all others. It looks like a star configuration, where each edge DHCP server share a failover
channel with the central DHCP server of the smart architecture.
This architecture allows you to reduce the number of DHCP servers to deploy, and then save
investment and maintenance operations as well. The EfficientIP's One-to-Many smart architecture
costs N+1 servers, against the common DHCP clustering that costs 2xN servers. The following
table compares a common DHCP cluster with the EfficientIP's One-to-Many architecture for a
15 sites configuration.
SOLIDserver has the ability to update Microsoft Windows DHCP server configuration, providing
an alternative management console that can be used organization wide for DHCPv4 configuration,
the Split-Scope smart architecture. Microsoft configuration of scopes, ranges and reservation
can be defined within SOLIDserver and then updated to the remote Microsoft Windows server.
All active lease information from Microsoft Windows server is displayed in real time within the
SOLIDserver user interface. SOLIDserver can control the policy that governs the way the Microsoft
DHCP server performs the DNS update.
322
Deploying DHCP Smart Architec-
tures
DHCP DHCP
Split-Scope Split-Scope
80% 20%
At a technical level, the Split-Scope configuration sets up two servers as peers and will require
to specify a port on each one of them. This port will be dedicated to the information sharing and
named Failover port on one server and Failover peer port on the other server. Keep it mind that
this configuration has nothing to do with the Safe Failover Protocol, you simply need to indicate
which port on each server will take part in the information sharing in that configuration.
The Single-Server architecture will provide a backup of the management configuration of any of
the available DHCP servers: EfficientIP server, Microsoft DHCP, Cisco DHCP or Nominum DCS.
Therefore, if it were to crash, you could install it again and let SOLIDserver push automatically
the smart architecture configuration back onto your server. Do not forget that if you manage a
DHCP server through the Single-Server configuration it will be very easy to manage the server
through another DHCPv4 smart architecture later on.
DHCP
Single
The Single-Server architecture with DHCPv6 will provide a backup of the management configur-
ation of an Efficient IP DHCP server. Therefore, if it were to crash, you could install it again and
let SOLIDserver push automatically the smart architecture configuration back onto your server.
323
Deploying DHCP Smart Architec-
tures
Do not forget that if you manage a DHCP server through the Single-Server configuration it will
be very easy to manage the server through another DHCPv6 smart architecture later on.
DHCPv6
Single
The Split-Scope smart architecture allows you to share ranges between two EfficientIP DHCP
servers in an active/active configuration. You can actually set up the proportion of IP addresses
managed by each one of the servers. One server is set as a master and the other one as a
backup. The main goal of this architecture is the availability of the services at all times thanks to
the load sharing. There is no failover protocol between the two servers but being a smart archi-
tecture, the Split-Scope provides a backup of the configuration: if anything were to happen to
any of the managed servers, installing them back to SOLIDserver would apply the smart archi-
tecture back onto it.
DHCPv6 DHCPv6
Split-Scope Split-Scope
80% 20%
At a technical level, the Split-Scope configuration sets up two servers as peers and will require
to specify a port on each one of them. This port will be dedicated to the information sharing and
named Failover port on one server and Failover peer port on the other server. Keep it mind that
this configuration has nothing to do with the Safe Failover Protocol, you simply need to indicate
which port on each server will take part in the information sharing in that configuration.
The Stateless smart architecture allows you to set up a number of options to the scopes of the
servers you choose to manage. The clients will then have access to the options defined in the
architecture. Which is why you can add as many servers as you need in this configuration.
324
Deploying DHCP Smart Architec-
tures
Stateless
DHCPv6
There is no master or backup servers per se in this configuration. By default they all are independ-
ent master servers sharing the same configuration options.
Keep in mind that the Stateless smart architecture only has an impact on the options available
to the DHCPv6 clients, therefore its is impossible to add ranges and static through this configur-
ation. In the same way, no leases will be provided or managed.
325
Chapter 27. Managing DHCP Smart
Architectures
Understanding DHCP Smart Architectures Statuses
Within SOLIDserver GUI, the smart architecture status provides useful information regarding the
configuration.
Moreover, the Sync (i.e. synchronization) column provides additional information regarding the
exchanges between the smart architecture and the physical server(s).
If the check is conclusive, the information is sent to the server and the Sync status is Synchronized.
However, if any error is found during that check the verification stops and the Locked Synchron-
ization status appears on the All servers page in the Sync column the next time the page refreshes.
To get a valid synchronization status again, you need to "undo" the latest changes, this will load
a new synchronization and uploads the status accordingly.
Once the server is in Locked synchronization, the corrupted configuration file is automatically
stored locally on the appliance and available for download in the Local files listing. It will be named
<server_name>-dhcpd.conf. We advice that you take a look at this file because after the first
found error, the check stops and returns the Locked synchronization status. So if there are sev-
eral errors, the status will be returned over and over again until the file is conclusive and can be
sent to the physical server.
326
Managing DHCP Smart Architec-
tures
The check for failure in the configuration file can be done though CLI (we recommend it) or through
the GUI.
3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/dhcpd –t –4 -cf /data1/exports/<server_name>-dhcpd.conf
4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.
3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/dhcpd -t -6 -q -cf /data1/exports/<server_name>-dhcpd6.conf
4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.
To look for DHCP errors on the syslog page of the local appliance
1. Go to the Administration page. If the homepage is not displayed click on . The homepage
appears.
2. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
3. In the SOLIDserver drop-down list, verify that the local appliance is selected. Only the host-
name will appear with no IP address.
4. In the Services filed, select dhcpd. The logs appear.
With DHCPv4, there are four different kinds of smart architectures: One-to-One, One-to-Many,
Split-Scope and Single-Server. As for DHCPv6 smart architectures, SOLIDserver proposes the
Single-Server, Split-Scope and Stateless architectures. In the procedures below, we are going
to describe the configuration of the DHCP smart architectures with the DHCP servers they
manage, but you can go through the configuration without adding any server and do it later, see
part Adding DHCP Server into DHCP Smart Architecture for more details.
327
Managing DHCP Smart Architec-
tures
Once the configuration is completed, the DHCP smart architecture appears in the All servers list
as a real server.
Figure 27.1. DHCP Smart Architecture configuration not managing any DHCP server
As you can see, the column Type mentions the kind of smart architecture applied, the DHCP
smart members column is marked N/A and for that reason, the server status is Invalid settings.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:
328
Managing DHCP Smart Architec-
tures
DHCP DHCP
Master Backup
329
Managing DHCP Smart Architec-
tures
Parameters Description
Prefer master If you select this option, the leases are delivered to the clients by the
master server only.
14. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (one-to-one) in the Type column. If your con-
figuration is managing DHCP servers, you can display them in the All servers list by clicking
on in the upper right corner.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:
330
Managing DHCP Smart Architec-
tures
DHCP
Master
DHCP DHCP
Backup Backup
331
Managing DHCP Smart Architec-
tures
Fields Description
Prefer master If you select this option, the leases are delivered to the clients by the
master server only.
Click on UPDATE to commit your configuration. Your first failover channel is configured and
listed in the DHCP peering assignment as such: Peering: <failover_channel_name> on
DHCP (<backup_server_name>).
Repeat this action in order to have a failover channel between the master and each backup
server.
13. Click on OK to commit your smart architecture configuration. The report opens and closes.
The smart architecture is listed as a DHCP server and marked Smart (one-to-many) in the
Type column. If your configuration is managing DHCP servers, you can display them in the
All servers list by clicking on in the upper right corner.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:
332
Managing DHCP Smart Architec-
tures
Parameters Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.
DHCP DHCP
Split-Scope Split-Scope
80% 20%
Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.
333
Managing DHCP Smart Architec-
tures
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:
DHCP
Single
334
Managing DHCP Smart Architec-
tures
8. In the Available DHCP servers list, select the DHCP server that you want to manage through
the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (single-server) in the Type column. If your
configuration is managing a DHCP server, you can display them in the All servers list by
clicking on in the upper right corner.
Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.
With DHCPv6, there are three different kinds of smart architectures: Single-Server, Split-Scope
and Stateless. In the procedures below, we are going to describe the configuration of DHCPv6
smart architectures with DHCP servers but you can go through the configuration without adding
any server and do it later, see part Adding DHCP Server into DHCP Smart Architecture for more
details.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:
335
Managing DHCP Smart Architec-
tures
Parameters Description
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.
DHCPv6
Single
Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.
336
Managing DHCP Smart Architec-
tures
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:
337
Managing DHCP Smart Architec-
tures
DHCPv6 DHCPv6
Split-Scope Split-Scope
80% 20%
Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:
338
Managing DHCP Smart Architec-
tures
Stateless
DHCPv6
339
Managing DHCP Smart Architec-
tures
Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.
Warning
When you add one or more DHCP servers into a smart architecture, the data are
replicated from the smart architecture to the DHCP server added automatically. So
if the smart architecture is empty (first use), the DHCP server added will be totally
overwritten.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. In the DHCP server type list, make sure DHCP smart architecture is selected. Click on NEXT .
The Manage a DHCP server page opens.
6. If need be, modify the smart architecture basic parameters. For more details, refer to DHCP
Smart Architecture Basic Parameters table in this guide. Click on NEXT . The next page of
the wizard appears.
7. In the DHCP smart architecture list, modify the type of your DHCP smart architecture if need
be. Click on NEXT . The next page of the wizard appears.
8. In the Available DHCP servers list, select a server to add in the smart architecture and click
on . The server has been moved to the Selected DHCP servers list. Repeat this action for
as many server as needed. You can remove any of them from the selected servers list by
clicking on .
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, modify the master server if need be.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.
340
Managing DHCP Smart Architec-
tures
12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit your modifications. The report opens and closes. You can display the
added servers in the All servers list by clicking on in the upper right corner. The DHCP
Smart members column of the smart architecture displays the name of the new master
server in brackets next to the name of the other backup servers.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. Click on NEXT . The Manage a DHCP server page opens.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The next page of the wizard appears.
8. The servers managed by the smart architecture are listed in the Selected DHCP servers list.
You can remove any of them by clicking on . The server(s) will be moved to the Available
DHCP servers list.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. If the smart architecture is still managing servers: in the Master DHCP server list, change
the master server if need be. Click on NEXT . The next page of the wizard appears.
11. If the smart architecture is still managing servers: modify the failover ports on each server
and/or the split leases parameters if need be.
12. Click on OK to commit your modifications. The report opens and closes. The servers that
has been removed are listed as DHCP servers of whatever kind in the Type list. If your smart
architecture is still managing DHCP servers, you can display them in the All servers list by
clicking on in the upper right corner.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
341
Managing DHCP Smart Architec-
tures
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. Click on NEXT . The Manage a DHCP server page opens.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The next page of the wizard appears.
8. The servers managed by the smart architecture are listed in the Selected DHCP servers list.
You can remove any of them and add a new one by clicking on or . The server(s) will
be moved accordingly between the Selected DHCP servers and Available DHCP servers
lists.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, select the master server.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.
12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit your modifications. The report opens and closes. If your configuration
is managing DHCP servers, you can display them in the All servers list by clicking on in
the upper right corner. The DHCP Smart members column of the smart architecture displays
the name of the new master server in brackets next to the name of the other backup servers.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. In the DHCP server type list, make sure DHCP smart architecture is selected. Click on NEXT .
The Manage a DHCP server page opens.
6. If need be, modify the smart architecture basic parameters. For more details, refer to DHCP
Smart Architecture Basic Parameters table in this guide. Click on NEXT . The next page of
the wizard appears.
7. In the DHCP smart architecture list, modify the type of your DHCP smart architecture. Click
on NEXT . The next page of the wizard appears.
8. If your smart architecture manages servers, they are listed in the Selected DHCP servers
list. You can remove any of them and add a new one by clicking on or . The server(s)
342
Managing DHCP Smart Architec-
tures
will be moved accordingly between the Selected DHCP servers and Available DHCP servers
lists.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, select the master server.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.
12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit the modifications. The report opens and closes. The All servers listing
page is visible again. The Type column displays the modification you performed on the smart
architecture.
If you want to delete a smart architecture because you want to change the smart architecture,
note that you do not need to delete the smart architecture at all. See the part Changing the Type
of a DHCP Smart Architecture for more details.
Note
You cannot delete a smart architecture if it is still managing DHCP servers.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. If you want to delete a DHCPv6 smart architecture, click on the IP6 icon in the upper right
corner.
4. If the smart architecture is managing DHCP servers, remove them according to the Removing
a DHCP Server from a Smart Architecture section of this guide.
5. Tick the smart architecture you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The smart architecture is
no longer listed in the All servers listing page.
343
Managing DHCP Smart Architec-
tures
Granting access to a smart architecture as a resource will also make every physical server it
contains available. For more details, refer to the section Assigning Objects as Resource in the
chapter Managing Groups of administrator of this guide.
344
Chapter 28. Managing DHCP Servers
Within the DHCP module, the server is the highest level of the hierarchy where you set the basis
of any DHCP configuration. You can either manage servers independently or a within a smart
architecture that will allow you to configure a number of useful parameters to a single server or
even the Failover between a master server and its backup or backups. The smart architectures
also provide a backup of the configuration, which is very useful if your server were to crash. For
more information regarding the available smart architectures for DHCPv4 or DHCPv6 see the
Deploying DHCP Architectures and Managing DHCP Architectures chapters of this documentation.
These servers can be configured to provide IPv4 and IPv6 addresses, obviously the options
available will change from one version to the other as in essence, DHCPv4 and DHCPv6 protocols
can be considered to be two different protocols although they serve the common goal of providing
the addresses to DHCP clients. Both versions of the Dynamic Host configuration Protocol allow
to configure the server and provide either dynamic addressing or fixed addressing : in the figure
below the two branches of the tree symbolize both type of addressing. On the left are represented
the level of hierarchy necessary to set up dynamic addressing and on the right the fixed addressing.
server
scope group
range static
dhcp-navsrv
lease
So basically, the very first step of the DHCP implementation is the creation of the server with a
unique IP address within which you have to create at least one scope that will listen on a partic-
ular part of the network and discover any request from the client and answer them at the best of
its capacity. Afterward, you decide to set up dynamic and/or fixed addressing for the DHCP clients.
To ease the management of the servers, they are all listed on one page. Here below, you can
see the link to browse the DHCP servers database:
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
345
Managing DHCP Servers
2. Click on the DHCP servers icon. The DHCP All servers list opens.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the Protocol column, put your mouse over IPv4. The Info Bar appears.
4. Click on to list only the IPv4 DHCP servers.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the Protocol column, put your mouse over IPv6. The Info Bar appears.
4. Click on to list only the IPv6 DHCP servers.
Tip
To list IPv4 or IPv6 DHCP servers, you can also type in IPv4 or IPv6 in the filtering
field of the Protocol column.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the server of your choice, click on . The corresponding server
properties pages opens.
346
Managing DHCP Servers
Status Description
Timeout The server does not answer anymore due to a scheduled configuration
of the server.
Invalid credentials The SSL credentials are invalid.
Syntax error The server configuration could not be parsed properly.
License The license used in SOLIDserver is not compliant with the added server:
the license is invalid.
Invalid settings There was a setting error during the server declaration. For instance,
some settings were added to a server that does not support them.
Insufficient privileges The account used to add the Agentless DHCP server does not have
sufficient privileges to manage it.
ESC The ESC (Error SNMP Configuration) status indicates there was an
SNMP profile error during the server configuration.
Note that the Sync column will change in accordance with the Status column: while the server
synchronization is not OK yet, the Sync column might be Busy. In this column, you may
also see a physical server marked in Locked Synchronization like a smart architecture. Refer
to the Locked Synchronization Status section of this guide for more details.
Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the server failover. For more details, refer to the Multi-status
Column section of this guide.
Warning
Do not use HA virtual IP address as an address for the DHCP server. The EfficientIP
DHCP server implements the safe DHCP failover protocol. For more information
about this feature, see chapter Deploying DHCP Architectures.
For instance, your DHCP server has 3 network interfaces configured: 192.168.10.3, 192.168.10.5
and 10.0.0.34. To listen on the interface 192.168.10.3, you have to configure a scope with the
network address 192.168.10.0 and the netmask 255.255.255.0. Once the scope is configured,
the server will listen on all network interfaces it can contains, in that case: 192.168.10.3 and
192.168.10.5.
347
Managing DHCP Servers
Throughout the different versions of SOLIDserver, the use of SSL has greatly evolved when it
comes to the IPMserver itself on the one hand and to DHCP on the other hand. The tables below
show these evolutions from version 3.0.1 and prior through to version 5.0.x.
In regards to the management protocols use evolution, managing a SOLIDserver DHCP server
through SSL will imply that the server in question is on an appliance in version 5.0.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP. The Manage a DHCP server wizard
opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
348
Managing DHCP Servers
Once, the box is ticked, the fields Login and Password appear. By default, they are both
filled with admin. You can edit them both.
8. In the Mode drop-down list, you can set up the following parameters:
9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.
As for IPv6 addressing, the SSL management is the only one available, the addition procedure
is otherwise identical to DHCPv4 addressing.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server (v6) > EfficientIP DHCP. The Manage a DHCP server
wizard opens.
349
Managing DHCP Servers
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
6. In the Configure SSL parameters section, you can tick the box if you modified the SSH login
and password: SSL and SSH login and password need to match.
Once, the box is ticked, the fields Login and Password appear. By default, they are both
filled with admin. You can edit them both.
7. In the Mode drop-down list, you can set up the following parameters.
8. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.
350
Managing DHCP Servers
Version 5.0.x of SOLIDserver still provides the DHCP server management with SNMP i.e. the
configuration of legacy servers. This configuration is obviously only available for IPv4 addressing.
To add a SOLIDserver DHCP legacy server (prior to 4.0.x) managed through SNMP
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP. The Manage a DHCP server wizard
opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
351
Managing DHCP Servers
Fields Description
Use TCP transport Tick the box if you want to use the TCP protocol instead of the UDP
when the network link is not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. By default, SOLIDserver configures
three SNMP security profiles with three levels of security (SNMP v1,
v2c and v3).
SNMP retries The number of SNMP retries on timeouts.
SNMP timeout The SNMP timeout in seconds.
8. In the Mode drop-down list, you can set up the following parameters.
9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.
352
Managing DHCP Servers
Fields Description
SNMP retry In this drop-down list, you can select the number of connection at-
tempts when the server is in timeout. You can set it between 0 and
5. By default, it is set to 2 attempts.
SNMP timeout In this drop-down list, you can select the time between each connec-
tion attempt. You can set it between 1s and 5s or set it to 10s (s
stands for seconds). By default, it is set to 5s.
Use Bulk In this Yes or No drop-down list, you can choose to use the compact
SNMP request method, that sends several requests at once. It is
employed to accelerate transfers. By default, it is set to Yes.
Use TCP transport In this Yes or No drop-down list, you can choose to use the TCP
transport protocol or not.
Note
The SNMP profiles you can choose from must be configured on the appliance
you are currently working with. If you created profiles on the appliance which
DHCP server you are managing (the one corresponding to the IP address of
the server in question) they will not be available in the list.
7. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
1. Display the chosen server properties page (for more details, see procedure To display a
DHCP server properties page).
2. In the DHCP Options panel, click on EDIT . The wizard Configure DHCP options wizard opens.
3. For a DHCPv4 server: in the Options category drop-down list, select a category if need be.
The Most used options are displayed by default.
4. For a DHCPv6 server: scroll down the wizard to find the needed option(s).
5. Make your modifications.
6. Click on OK to commit the changes. The report opens and closes. Every item modified is
displayed in the panel.
353
Managing DHCP Servers
Note that the way to manage the ranges within IPMserver (SOLIDserver) and Microsoft DHCP
server are different because you can create as many ranges as you need with IPMserver but
only one with Microsoft DHCP. When IPMserver overwrites the Microsoft DHCP server configur-
ation, what will happen is that this unique range start and end addresses will match the start and
end address of the scope and there will be a number of exclusion ranges that correspond to the
ranges you created with SOLIDserver.
Therefore, even though the way to configure ranges is different between IPMserver and Microsoft
it will end up offering the same services. What you see in SOLIDserver interface will differ from
what you see on the Microsoft DHCP server (through Windows Administrative Tools): the ranges
that you create with SOLIDserver correspond to a unique range with a number of exclusion
ranges.
With IPMserver when you create a scope with the start address 192.168.10.0 and the end address
192.168.10.255, the configuration is pushed onto Microsoft DHCP server exactly the same.
However, the way to deal with the ranges will differ.
First range
192.168.10.5 - 192.168.10.10
Second range
192.168.10.25 - 192.168.10.100
192.168.10.11 - 192.168.10.24
192.168.10.101 - 192.168.10.254
WinDHCPManager Agent
The WinDHCPManager is a software agent used by SOLIDserver to remotely manage Microsoft
DHCP Windows 2000, 2003, 2008 and 2008 R2 servers. This agent is provided as a Microsoft
Windows service, it can be monitored through the service management interface provided by
Microsoft. The WinDHCPManager agent must be deployed on all DHCP servers you plan to
manage from SOLIDserver.
354
Managing DHCP Servers
Prerequisite
• An open TCP port (4000 by default) on the Windows server must be accessible from manage-
ment platform.
• A Windows 2003, or 2008 server with service Microsoft DHCP already configured.
• To be connected to the DHCP server with the Windows administrator rights during the install-
ation of the service.
• The Windows registry branch HKLM\SOFTWARE\Microsoft\DHCPServer must be readable.
• If the Windows DHCP server is a member of an Active Directory domain, the DHCP server
must be authorized for the domain.
Installing WinDHCPManager
To install the WinDHCPManager, you first need to download the files from our website.
1. Go to http://www.efficientip.com/support/downloads/microsoft/WinDHCP/. An Authentication
Required pop up window opens.
2. Fill in your User Name and Password. The Support Downloads page opens.
3. Click on microsoft/. The Microsoft list opens.
4. Click on WinDHCP/. The list of WinDHCP execution files opens.
Once you downloaded the proper file, you can install it following the procedure below.
1. Run the installation file. The Welcome WinDHCP Manager Setup Wizard window opens.
355
Managing DHCP Servers
Caution
If the Microsoft DHCP service does not restart, WinDHCPManager will not be able
to manage it.
The following operations will be done during the installation on Microsoft Windows servers:
356
Managing DHCP Servers
1. Open up the Windows services panel of the Windows server: click on Start > Parameters >
Configuration Panel.
2. In the Configuration Panel window, double click on the WinDHCPManager icon, the
WinDNSManager service opens in a new window.
3. In the IPM Server Address field, fill in the IP address of the management platform.
4. Fill in the port that the management platform will use to connect to the agent. The port
number 4001 is used by default.
5. Tick the Read only mode check box to refuse all changes made from the management
platform.
357
Managing DHCP Servers
6. If you plan on using the secure connection between the management platform and the
WinDHCPManager agent, you must tick the SSL Enabled check box. The Certificate file
field will appear. You have to choose to set the SSL certificate:
7. In the Logging level drop-down list, select the level of detail you wish to have in the log file.
Regardless of the level you chose the active log file is C:\Program Files (x86)\eip\dhcpsvc.txt.
There is also an archive log file, C:\Program Files (x86)\eip\old_dhcpsvc.txt, that gets overwrit-
ten by the content of the active log file each time max log file is reached. The content of
old_dhcpsvc.txt will therefore be modified on a regular basis to match the content of the
active log file that is about to be replaced.
8. Fill in the Max log size, i.e. the maximum size of the log file. Every time this size is reached,
the active log file is replaced and its content overwrites the old_dhcpsvc.txt file.
9. Click on OK to commit the configuration. The window will close automatically once WinDH-
CPManager has restarted.
The WinDHCPManager agent offers a read only option to ensure that it will refuse all updates
coming from the SOLIDserver management. As SOLIDserver will not be allowed to update the
Windows DHCP in read only, the SOLIDserver still allowed to retrieve all DHCP information
available from the WinDHCPManager agent. These DHCP informations are pushed to the
SOLIDserver DHCP and IPAM management tab.
358
Managing DHCP Servers
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > Microsoft DHCP (with agent). The Manage a DHCP
server wizard opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
6. In the TCP port field, fill in the same port number as the one indicated when setting up the
WinDHCPManager. By default, the port is 4000.
7. In the Use SSL drop-down list, select Yes or No depending on what you configured through
WinDHCPManager. By default, No is selected.
8. In the Mode drop-down list, you can set up the following parameters.
359
Managing DHCP Servers
Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.
9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.
Through MSRPC, the client first calls a procedure to send a data packet to the server. Upon re-
ception of the packet, the server calls a dispatch routine to perform the requested service, and
then sends back a reply. Finally, the procedure call returns to the client. That's how EfficientIP
offers a new way of managing your Microsoft DHCP server and no longer requires the installation
of an agent. This simplifies drastically the Windows server management.
Note that if your Microsoft DHCP server is integrated to an AD with several forests, you can use
the Expert mode to display the AD domain field under the credentials fields and type the domain
of the AD that you want to manage through SOLIDserver:
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > Microsoft DHCP (agentless). The Manage a DHCP
server wizard opens.
360
Managing DHCP Servers
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice or None. Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
6. In the Login field, type in the name of user with sufficient managing privileges over the
Windows DHCP server.
7. In the Password field, type in the corresponding password.
8. In the AD domain field, type in the domain name.
9. In the Mode drop-down list, you can set up the following parameters.
10. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.
361
Managing DHCP Servers
If your Microsoft DHCP server is integrated to an AD with several forests, you can use the Expert
mode to display the AD domain field under the credentials fields and type the domain of the AD
that you want to manage through SOLIDserver:
Windows Limitations
Windows Server Limitations
• You need to create or define a user on your Windows server that will have administrator rights
on the MS DHCP server before managing it through SOLIDserver.
• You need to create or define a user on your Windows server that will have reading rights on
the MS DHCP server if you want that user to be able to view the server in SOLIDserver.
• With MS DHCP servers, there is no failover. Nor is there failover between an MS server and
any other kind of server (EfficientIP DHCP server, Cisco DHCP server...). To reproduce the
Windows cluster configuration, you need to manage the MS servers with a smart architecture.
• Any modification of the MS DHCP made on the Windows server directly are not automatically
transferred to SOLIDserver. The server synchronization is manual on the All servers page (edit
> synchronize).
Note
The Synchronization of an Ms DHCP server within SOLIDserver does not work if
the server is managed through a smart architecture: the smart configuration will
overwrite the new data.
Leases Limitations
• The start date of a lease is unknown. SOLIDserver displays an arbitrary start date that corres-
ponds to the moment when the lease is detected.
• DHCP configurations involving a very large number of leases trigger refresh problems. By de-
fault, leases are refreshed every 10 seconds, it overloads the service and creates a loop when
there are a lot of leases. You need to reduce the refresh time to avoid that problem.
362
Managing DHCP Servers
Installing a DHCP package allows you to use the DHCP module of SOLIDserver at the best of
its potential on Linux/Unix: it allows you to manage an ISC server through an EfficientIP DHCP
server and benefit from all the options that come with it (DHCP statistics, etc.).
The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.
Note
The results of the commands can be different according to the platform characteristics.
The parameters setting of IPManager software are carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching the service. If the IP address
of the IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.
363
Managing DHCP Servers
#/usr/local/nessy2/script/configure/configure_ipmdhcp.sh
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/sbin/chown
+ checking for ness-dhcp.conf... not found
+ checking for hostname... /bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... i386
+ checking for processor architecture... i386
+ checking for operating system name... FreeBSD
+ checking for operating system release... 4.9-STABLE
+ checking for hostname... dell.intranet
==================================================
Configuration requests
==================================================
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done
+ create /var/net-snmp/ness-dhcp.conf... done
+ delete tempory files... done
The Debian init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdhcp be-
cause it is standard and easy to use with Debian.
The Debian init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represents the six default runlevels configured by default under Debian. The
launch and halt scripts are located in these directories.
To launch ipmdhcp
• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start
To halt ipmdhcp
• Under root login, run the ipmdhcp script with the stop parameter:
# /etc/init.d/ipmdhcp stop
364
Managing DHCP Servers
Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.
The IPMDHCP package contains all programs, libraries, and configuration scripts to deploy Efficient
IP DHCP service.
Note
The results of the commands can be different according to the platform characteristics.
The IPManager software setting parameters are carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching of service. If the IP address
of IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.
365
Managing DHCP Servers
The FreeBSD init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdhcp because it is standard and easy to use with FreeBSD.
The FreeBSD init files are located in the /usr/local/etc/rc.d/ et /usr/local/etc/init.d directories. Each
of the numbered directories /usr/local/etc/rc.d represents the six default runlevels configured by
default under FreeBSD. The launch and halt scripts are located in these directories.
To launch ipmdhcp
• Under root login, run the ipmdhcp script with the start parameter:
# /usr/local/etc/init.d/ipmdhcp.sh start
To halt ipmdhcp
• Under root login, run the ipmdhcp script with the stop parameter:
# /usr/local/etc/init.d/ipmdhcp.sh stop
Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.
The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.
Note
The results of the commands can be different according to the platform characteristics.
The parameters setting of IPManager software is carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching of service. If the IP address
of IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.
366
Managing DHCP Servers
The RedHat /Suse init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdhcp because it is standard and easy to use with RedHat.
The RedHat/Suse init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the
numbered directories /etc/rc.d represents the six default runlevels configured by default under
RedHat/Suse. The launch and halt scripts are located in these directories.
To launch ipmdhcp
• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start
To halt ipmdhcp
• Under root login, run the ipmdhcp script with the stop parameter:
367
Managing DHCP Servers
# /etc/init.d/ipmdhcp stop
Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.
The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.
Note
The results of the commands may be different according to the platform characterist-
ics.
368
Managing DHCP Servers
The IPManager software sets its parameters by a configuration script provided in the package.
This script may be executed after the installation, if necessary. The IPMDHCP server configuration
must be executed before launching the service. If the IP address of the IPManager server changes,
or if the IP address (or name) of the server hosting the DHCP service changes, a re-execution
the configuration script is recommended.
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/bin/chown
+ checking for ness-dhcp.conf... /usr/local/share/snmp/ness-dhcp.conf
+ checking for hostname... /usr/bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... sun4u
+ checking for processor architecture... sparc
+ checking for operating system name... SunOS
+ checking for operating system release... 5.9
+ checking for hostname... e250
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done
369
Managing DHCP Servers
The Solaris init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdhcp be-
cause it is standard and easy to use with Solaris.
The Solaris init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represents the six default runlevels configured by default under Solaris. The
launch and halt scripts are located in these directories.
To launch ipmdhcp
• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start
To halt ipmdhcp
• Under root login, run the ipmdhcp script with the stop parameter:
# /etc/init.d/ipmdhcp stop
Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.
Prerequisites
370
Managing DHCP Servers
• You must make sure that SOLIDserver and Debian/Ubuntu are set to the same time and date,
• You must make sure that HTTPS (port 443), the DHCP service (port 67) and the failover ports
(647-667 and 847-867) are not blocked by a network filtering process (firewall).
Note
If your Apache configuration already uses the port 443, you have to create an ad-
ditional IP-based VirtualHost dedicated to the DNS management.
You can install the EfficientIP DHCP Package on both Debian and Ubuntu Linux.
If you have not installed the DNS packages yet, you need to:
1. follow the procedure To install the EfficientIP DHCP Package on Debian and Ubuntu.
2. follow the procedure To complete the DHCP package installation on Debian/Ubuntu if the DNS
package is not installed.
If you already installed the DNS packages, you only need to follow the procedure To install
the EfficientIP DHCP Package on Debian and Ubuntu below.
In the installation procedure below, we will include the commands that make the webservices
configurable.
3. Install the dependency packages, ONLY if you have not installed the EfficientIP DNS package,
using the following commands:
# apt-get install php5
# apt-get install sudo
# apt-get install snmpd
# apt-get install sqlite
# apt-get install php5-sqlite
4. If you are using Ubuntu, install the package on Ubuntu, using the following command (only
if you have not installed the DNS package yet):
# aptitude install libssl0.9.8
6. Make the webservices configurable: in the directory /etc/sudoers.d , create the file ipmdhcp
containing the line below.
www-data ALL = NOPASSWD: /usr/local/nessy2/script/install_dhcpd_conf.sh, \
/usr/local/nessy2/script/install_dhcpd6_conf.sh
371
Managing DHCP Servers
Note
You can change the webservice admin password using the command below:
# htpasswd /usr/local/nessy2/www/php/cmd/dhcp/.htpasswd admin
If you have not installed the DNS package or are not planning on installing it, you must
follow the procedure below. Otherwise, you can add your ISC servers to the management following
the Adding a SOLIDserver DHCP server managed through SSL procedure.
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
372
Managing DHCP Servers
php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>
8. Disable the default site in Debian Apache configuration using the following commands:
# cd /etc/apache2/sites-enabled
# unlink 000-default
10. Make sure that the ipmdhcp package is running using the following command line:
# service ipmdhcp status
Once the configuration is complete, you can add EfficientIP DHCP servers to manage your ISC
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the Adding a SOLIDserver DHCP server managed through SSL procedure.
Prerequisites
• The DHCP package file, ipmdhcpxx-5.x.x-redhatx.x86_64.rpm, whose name provides you with
a number of information separated by hyphens or a point: the type of package (ipmdhcpxx: a
DHCP package with a DHCP in version xx where xx is x dot x), the version of SOLIDserver
(5.x.x); the version of RedHat (redhatx) and finally the Debian architecture (x86_64). In the
procedure below, this file will be referred to as ipmdhcp*;
• The EfficientIP ISC package platform must have at least 20 Mo of free disk space;
• The EfficientIP ISC package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that SOLIDserver and RedHat/CentOS are set to the same time and date,
• You must make sure that HTTPS (port 443), the DHCP service (port 67) and the failover ports
(647-667 and 847-867) are not blocked by a network filtering process (firewall).
You can install the EfficientIP DHCP Package on both RedHat and CentOS Linux.
If you have not installed the DNS packages yet, you need to:
1. follow the procedure To install the EfficientIP DHCP Package on RedHat and CentOS.
2. follow the procedure To complete the DHCP package installation on RedHat/CentOS if the
DNS package is not installed.
373
Managing DHCP Servers
If you already installed the DNS packages, you only need to follow the procedure To install
the EfficientIP DHCP Package on RedHat and CentOS below.
In the installation procedure below, we will include the commands that make the webservices
configurable.
• On CentOS:
# service dhcpd stop
# chkconfig dhcpd stop
3. Install the dependency packages, ONLY if you have not installed the EfficientIP DNS package,
using the following commands:
# yum install net-snmp php mod_ssl sudo sqlite php-pdo
5. Make the webservices configurable: in the directory /etc/sudoers.d , create the file ipmdhcp
containing the line below.
apache ALL = NOPASSWD: /usr/local/nessy2/script/install_dhcpd_conf.sh, \
/usr/local/nessy2/script/install_dhcpd6_conf.sh
Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dhcp/.htpasswd admin
If you have not installed the DNS package or are not planning on installing it, you must
follow the procedure below. Otherwise, you can add your ISC servers to the management following
the Adding a SOLIDserver DHCP server managed through SSL procedure.
374
Managing DHCP Servers
3. If Apache did not start automatically, start it using the following command:
# chkconfig httpd on
4. Disable selinux. In the file /etc/selinux/config, modify the line SELINUX=enforcing to match
the following one:
SELINUX=disabled
6. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440
9. Configure the webservices. In the file /etc/httpd/conf.d/ssl.conf, replace the FULL VirtualHost
section with the configuration below:
<VirtualHost *:443>
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000
SSLEngine on
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>
375
Managing DHCP Servers
11. Make sure that the ipmdhcp package is running using the following command line:
# service ipmdhcp status
Once the configuration is complete, you can add EfficientIP DHCP servers to manage your ISC
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the Adding a SOLIDserver DHCP server managed through SSL procedure.
Note
The addition of an Efficient IP DHCP package is only available in DHCPv4
After installing a Linux package v4, you will need to configure the DHCP with the SNMP protocol.
Adding a DHCP server this way implies that the server is in version 4.0.x or prior. Follow the
procedure below to add the server through the GUI.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP Package. The Manage a DHCP server
wizard opens.
4. In the DHCP server class list, select the DHCP server class of your choice for this server.
Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
376
Managing DHCP Servers
Fields Description
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.
8. In the Mode drop-down list, you can set up the following parameters.
377
Managing DHCP Servers
9. Click on OK to save the server configuration. The report opens and closes. The server is
listed.
For the addition of an ISC DHCP server after installing a Linux package v5, the DHCP configur-
ation will be done through SSL. Follow the procedure below to add the server through the GUI.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, depending on the type of addressing (IPv4or IPv6), select Add > Server > Effi-
cientIP DHCP Package. The Manage a DHCP server wizard opens.
4. In the DHCP server class list, select the DHCP server class of your choice for this server.
Click on NEXT . The next page of the wizard appears.
Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.
378
Managing DHCP Servers
10. Click on OK to save the server configuration. The report opens and closes. The server is
listed.
If you want to add, edit or delete DHCP options, please refer to the Configuring DHCP Options
chapter of this guide.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. Filter the list if need be.
4. At the end of the line of the server of your choice, click on . The properties page opens.
5. Open all the panels using .
6. In the panel of your choice, click on EDIT . The corresponding wizard opens.
7. Make the changes you need. Click on NEXT if need be to get to last page of the wizard.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and refreshes.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. Filter the list if need be.
4. Tick the server(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
379
Managing DHCP Servers
6. Click on OK to commit the deletion. The report opens and closes. The server might be marked
Delayed delete until it is no longer listed.
Allowing access to a server as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
380
Chapter 29. Managing DHCP Scopes
SOLIDserver scopes constitute a level in the DHCP module and are used to determine the topology
of the network, apply DHCP options for a routable domain, describe network clients, and indicate
the addresses that will be allocated to certain clients. In order to use the DHCP service, each
subnet to be served must have a DHCP scope that matches with its IP address and its netmask
(size). When a DHCP server serves clients which are local to its physical network, the scope is
easily assimilated to its broadcast domain. A scope belongs to a DHCP server, and can contain
several DHCP ranges.
Browsing Scopes
server
scope group
range static
dhcp-navscp
lease
Here below, you can see the link to browse the DHCP scopes database:
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
Note
When you use display the All scopes list, you can see that SOLIDserver automatically
adds the Server column into the table. This column allows you to apply specific
server filtering to refine your selection of scopes.
381
Managing DHCP Scopes
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice to list the scopes contained in it.
To find a scope
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens and display all the scopes regardless
of which server they belong to.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Use one of the following tips to filter the scopes database through the Name or Address
column:
5. Click on SEARCH to display the results list. Only the scopes matching what you filled in are
displayed.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The corresponding scope
properties pages opens.
382
Managing DHCP Scopes
Status Description
Delayed create The creation or update is delayed due to a scheduled configuration of
the server. The creation will be automatically done after maximum of 1
minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.
You can add a scope to the all scopes list or within the scopes list of a specific server. If you do
so, the creation process will be slightly shorter than the procedure below as you will not need to
specify a server.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. In the menu, select Add > DHCP scope or Add > DHCP scope (v6). The Add a DHCP scope
wizard opens.
5. In the Select a DHCP server list, select the DHCP server in which you want to create the
scope.
6. Click on NEXT . The next page of the wizard appears.
7. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
8. Click on NEXT . The next page of the wizard appears.
9. Fill in the following fields to configure the scope parameters:
383
Managing DHCP Scopes
Field Description
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.
10. Click on OK to commit the creation. The report opens and closes. The scope is listed.
1. Go to the scope of your choice properties page (for more details, see the procedure To display
a DHCP scope properties page).
2. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
3. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
4. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
5. You can modify the Name, Shared network, DHCP scope space name and Mode.
6. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
1. Go to the properties page of the DHCPv4 scope of your choice (for more details, see To
display a DHCP scope properties page).
2. In the upper right corner, click on .
3. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
4. In the Option category drop-down list, select the category of your choice. The corresponding
fields are displayed.
5. Modify the parameters and options according to your needs.
6. Click on OK to commit the modification. The report and closes. The modifications are listed
in the panel.
384
Managing DHCP Scopes
1. Go to the properties page of the DHCPv6 scope of your choice (for more details, see To
display a DHCP scope properties page).
2. In the upper right corner, click on .
3. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
4. Modify the parameters and options according to your needs.
5. Click on OK to commit the modification. The report and closes. The modifications are listed
in the panel.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Add. The Add DHCP scope options wizard opens.
7. In the Option Name drop-down list, select an option.
8. In the Value field, type in the relevant value.
9. Click on OK to commit your option addition.The report opens and closes, the page refreshes.
If you open the scope properties page DHCP options panel, you will see all the DHCP options
and their value.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Replace. The Delete DHCP scope options wizard opens.
7. In the Option Name drop-down list, select the option which value you want to replace.
8. In the Replace field, type in the value to be replaced (i.e. the value you set when adding the
option).
9. In the By field, type in the new value.
385
Managing DHCP Scopes
10. Click on OK to commit your changes. The report opens and closes, the page refreshes. If
you open the scope properties page DHCP options panel, you will see the DHCP option
new value.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Delete. The Delete DHCP scope options wizard opens.
7. In the Option Name drop-down list, select an option.
8. In the Option value filter field, type in the option value.
9. Click on OK to commit your option deletion. The report opens and closes. If you open the
scope properties page DHCP options panel, you will see that the DHCP option is no longer
listed.
By default, a scope is automatically attached to the DHCP server's space. Defining a specific
space at the scope level allows to apply policy rules from the IPAM module to several addresses.
In particular, setting such rules avoids any overlapping of ranges and spreads of reserved ad-
dresses.
1. Go to the properties page of the DHCP scope of your choice (for more details, see To display
a DHCP scope properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
3. In the DHCP scope space name list, select the space that you want to associated with the
scope.
4. Click on OK to commit your modifications. The report opens and closes. The modifications
are listed in the panel.
The scope space can be massively modified in IPv4 from the list of the scopes page. A set of
scopes can be first filtered and then have their space relation modified in one time, you can of
course also tick only one scope.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
386
Managing DHCP Scopes
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to modify.
5. In the menu, select Edit > Set > Space. The Edit the scope space wizard opens.
6. In the Space drop-down list, select the space you want your scopes to be associated with.
7. Click on OK to commit the change. The report opens and closes. The new space is listed in
the Scope space column.
Tip
If you select None in the Space drop-down list, you can remove the scope relation
with any IPAM space.
Because the network administrator defines scopes and assigns them to network segments, a
client scope cannot be determined just by its network connection. The client is connected to a
network segment on which any number of IP scopes may be configured. Thus, when a request
arrives from a client, the DHCP server first determines from which network segment the message
was sent. If the client is requesting an existing address, the DHCP server can check the requested
address to determine whether it is from any of the IP scopes assigned to the client network seg-
ment. If it is, and if the address is available for the client, the server can assign that address to
the client.
If dynamic DHCP ranges appear within scopes using the same shared network, all address
ranges are offered independently. Once the first range is full, the ranges that are declared within
the same shared network will be used one after the other until all addresses are used.
1. Go to the properties page of the DHCP scope of your choice (for more details, see To display
a DHCP scope properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
3. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
4. Click on NEXT . The last page of the wizard appears.
5. In the Share network drop-down list, select the scope you want to associate with the one
you are editing.
6. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
387
Managing DHCP Scopes
Migrating a scope also migrates the DHCP ranges and statics with IP address it contains. As for
the statics without IP migration, refer to the section Copying a DHCPv4 Static Without IP of this
guide.
Keep in mind that if your physical server is managed through a smart, only the scope created on
the smart can be duplicated or moved.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to duplicate.
5. In the menu, select Edit > Migrate. The Copying/Moving scopes wizard opens.
6. In the Method drop-down list, select Copy.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the scope duplication. The report opens and closes. The All scopes
list is visible again, both scopes are listed: they share the same name, start address and
end address. The duplicate scope is in Delayed create in the target server.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to duplicate.
5. In the menu, select Edit > Migrate. The Copying/Moving scopes wizard opens.
6. In the Method drop-down list, select Move.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the RR migration. The report opens and closes. The All scopes list
is visible again, the scope is no longer listed as part of the first server. It now belongs to the
selected target server.
The generic rule number (098) Create a DHCP scope (from the IPAM module, listed under the
event Add a subnet) is enabled by default and automatically adds a new DHCP scope each time
a new subnet is created. If you ever want to disable it, follow the procedure below.
388
Managing DHCP Scopes
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the Rule # column filtering field, type in 098. The rule (098) (generic) Create a DHCP
scope is listed.
4. Tick the rule.
5. In the menu, select Edit > Disable. The Disable wizard opens.
6. Click on OK to commit your modification. The report opens and closes. The rule is marked
Disable in the Status column.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) you want to delete (for more details, see To find a scope).
5. Tick the box left of the scope(s) to be deleted.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The scope is no longer
listed.
The DHCP relay is a mechanism that allows the transfer of DHCP/BOOTP messages between
clients and servers of different subnets. The routers used to interconnect these subnets possess
for the most part the functionality of TCP/IP relay agents. To conform to the RFC 1542 norm and
deal with the relay agent, each router must be capable of recognizing BOOTP and DHCP mes-
sages and relaying them in an appropriate manner. A router equipped with the capacities of a
BOOTP relay agent generally relays DHCP packets, as well as all BOOTP packets transmitted
on the network. SOLIDserver supports DHCP relay transparently. If a scope has the same network
address as one of the interfaces of the DHCP server, then it is a local scope. This means that it
belongs to the same broadcast domain than the DHCP server. Otherwise, it is a relay scope.
389
Managing DHCP Scopes
In this following example, one DHCP server is on the network 191.24.1.0 and the other one is
on network 110.44.0.0. By setting this configuration, the IP broadcast from all hosts will be for-
warded in unicast toward the two servers.
interface ethernet1
ip helper-address 191.24.1.45
ip helper-address 110.44.0.125
In this following example, one DHCP server is in VLAN 20 with the 20.20.20.2 IP address, the
client PC is in VLAN 10, the Juniper switch is configured as DHCP relay and performs inter VLAN
routing between VLANs 10 and 20.
set vlans vlan10 vlan-id 10
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10
set vlans vlan10 l3-interface vlan.10
set interfaces vlan unit 10 family inet address 10.10.10.1/24
In this following example, the DHCP server have the 10.10.20.3 IP address, the client PC is in
VLAN 40.
vlan 40
ip helper-address 10.10.20.3
Allowing access to a scope as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
390
Chapter 30. Managing Fixed
Reservations
Managing DHCP Statics
A DHCP static reservation is a permanent lease that is used to ensure a specified client always
uses the same IP address on a subnet. For clients who require a constant IP address, you can
manually configure a static IP address or assign a DHCP static reservation. DHCP static reser-
vations differ from statically configured IP addresses in one significant manner: if DHCP options
are modified on the DHCP server, the device configured with the DHCP static reservation para-
meters are updated when the device requests the static lease renewal. A DHCP static reservation
provides information about a particular DHCP client. Every DHCP static declaration must have
a unique name. Usually the name of the DHCP static reservation is just used to identify it, but in
particular contexts, it can be used to enforce the client's hostname. DHCP static reservations
match DHCP, PXE or BOOTP clients based on either client's MAC address or DHCP-client-
identifier option.
When it comes to statics, there is a main difference between DHCP managing IPv4 and IPv6
addresses. DHCPv6 introduces a new piece of informations, the DHCP Unique Identifier (DUID).
It should not exceed 128 bits in total and allows to identify a client rather than an equipment. It
contains the MAC address, therefore this address is not a unique independent set of numbers
anymore, it corresponds to the last 48 to 64 bits of the DUID depending on its type.
DUID-LLT
DUID type Hardware Time Stamp MAC Address
DUID-EN
DUID type Enterprise Vendor Vendor Identifier
DUID-LL
DUID type Hardware MAC Address
bits
Keep in mind that to ease the static creation in DHCPv6, you will be able to fill in either the whole
DUID or only the MAC address.
391
Managing Fixed Reservations
scope group
range static
dhcp-navstat
lease
Here below, you can see the link to browse the DHCP statics database:
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice. The scopes of this server are listed.
4. In the breadcrumb, click on All statics. The All statics page opens.
5. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.
1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. At the end of the line of the static of your choice, click on . The properties page opens.
On the statics properties page you will find the following information in separate panels:
• Main properties: sums up all the information filled in during the static creation (DHCP server,
scope and group, its name, IP address, client DUID or MAC address, class).
• Audit: displays sum up of all the changes carried out at the same level (the statics level) after
the creation of the item you are about to modify. You cannot edit this information.
• DHCP options: displays all the DHCP options you can define. None of the default options are
listed except for the type of DHCP server. See the chapter DHCP options of this guide for more
details.
392
Managing Fixed Reservations
SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.
The status of DHCP static provides a report on the static operations. Statics statuses are displayed
at the end of each range line next to the properties shortcut button. The table below explains all
statuses value:
SOLIDserver allows you to choose the MAC address type upon creation of statics, this type will
modify the addresses display on the page. For more details regarding the supported MAC ad-
dresses types, refer to the MAC Address Types References appendix of this guide.
With DHCPv4, the process is quite simple, to set up a static, you will need an IP address and a
user identifier: the equipment MAC address.
1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. Next to the Logout button, click on IP4 to display the DHCPv4 statics.
3. In the menu, select Add > DHCP Static. The Add a DHCP static wizard opens.
4. In the DHCP server drop-down list, select the DHCP server of your choice.
5. Click on NEXT . The next page opens.
6. In the DHCP scope drop-down list, select the scope of your choice. You can select None if
you wish to simply configure DHCP options and not assign it an IP address.
7. Click on NEXT . The next page opens.
8. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
9. Configure the static using the table below:
393
Managing Fixed Reservations
10. Click on OK to commit the static creation. The report opens and closes. The static is listed.
With DHCPv6, the process is similar, to set up a static you will need an IP address and a user
identifier: the client DUID. Considering that the DUID can be quite long - see introduction [391]
for more details - you have the possibility to either put it in full in the DUID field or put only the
DHCPv4 equivalent of the MAC address, that is to say the last 48 to 64 bits, so it will look like xx
: xx : xx : xx : xx : xx or xx : xx : xx : xx : xx : xx : xx.
1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. Next to the Logout button, click on IP6 to display the DHCPv6 statics.
3. In the menu, select Add > DHCP Static (v6). The Add a DHCP static wizard opens.
4. In the DHCP server drop-down list, select the DHCP server of your choice.
5. Click on NEXT . The next page opens.
6. In the DHCP scope drop-down list, select the scope of your choice. You can select None if
you wish to simply configure DHCP options and not assign it an IP address.
7. Click on NEXT . The last page the wizard opens.
8. Configure the static using the table below:
394
Managing Fixed Reservations
Fields Description
Client DUID In this field, type in the equipment DUID. If you do not fill in the Client
DUID field, you need to fill in the MAC address field.
MAC address In this field, type in the MAC address, that is to say the six sets of
hexadecimal digits of the equipment DUID. If you do not fill in the
MAC address field, you need to fill in the Client DUID field.
MAC address type In this drop-down list, select the protocol associated with the MAC
address. The protocol reference will be displayed before the MAC
address in the default MAC address column. Ethernet is selected by
default. This field is required.
Group name In this drop-down list, select the DHCP group the static belongs to.
There will be no group in this list if you have not created any group
yet.
9. Click on OK to commit the static creation. The report opens and closes. The static is listed.
1. Display the list of DHCPv4 statics. For more details, see To list the statics (all servers taken
together).
2. Filter the list if need be.
3. At the end of the line of the static you chose, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP static wizard opens.
5. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
Warning
Changing an object class may generate important repercussions on its properties,
starting with more required fields to fill in. For more information, see your admin-
istrator.
6. Modify the information of your choice in the IP address, MAC address, MAC address type
and/or Group name fields. Note that you cannot edit the static name.
7. Click on OK to commit your edition. The report open and closes. The modifications are visible
in the panel.
In addition to the nature of the information that differs when you make a static reservation in
DHCPv6, you can actually modify the static name through the properties page once the static
has been created.
395
Managing Fixed Reservations
1. Display the list of DHCPv6 statics. For more details, see To list the statics (all servers taken
together).
2. Filter the list if need be.
3. At the end of the line of the static you chose, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP static wizard opens.
5. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
Warning
Changing an object class may generate important repercussions on its properties,
starting with more required fields to fill in. For more information, see your admin-
istrator.
6. Modify the information of your choice in the Name, IP address, Client DUID, MAC address,
MAC address type and/or Group name fields.
7. Click on OK to commit your edition. The report open and closes. The modifications are visible
in the panel.
If you have created DHCPv4 statics before creating groups, you can create a group and then put
the static in the group of your choice.
1. Go to the list of IPv4 statics of your the server of your choice. For more details, see To list
the statics of a DHCP server.
2. Filter the list if need be.
3. Tick the static(s) you want to put in a different group.
4. In the menu, select Edit > Modify > Group. The Modify the DHCP group of a static wizard
opens.
5. In the DHCP group drop-down list, select the group of your choice.
6. click on OK to commit the modification. The report opens and closes. The group is listed in
the Group column of the static.
1. Go to the static of your choice properties page. For more details, see To display the static
properties.
2. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
3. Modify the fields of your choice. Note that, in DHCPv4, the Options category drop-down list
helps you filter the type of options.
396
Managing Fixed Reservations
4. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the DHCP options panel.
Keep in mind that you can modify the options to statics one by one or you can gather them in a
group and configure these options at once by editing the DHCP options of the Group itself. In
some cases, it can save you some time. For more details, see the DHCP Groups part further
down in this guide.
Keep in mind that if your physical server is managed through a smart, only the static created on
the smart can be duplicated.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 statics.
4. Filter the list of need be.
5. Tick the static(s) without IP you want to duplicate.
6. In the menu, select Edit > Migrate. The Copying statics wizard opens.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the scope duplication. The report opens and closes. The All statics
list is visible again, the static is display twice, in two different servers.
1. Display the list of DHCP statics (for more details,see the Browsing the statics database
section).
2. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.
3. Filter the list to find the static(s) you want to delete.
4. Tick the static(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The static is no longer
listed.
397
Managing Fixed Reservations
You can automate the static creation for each IP address addition in DHCPv4 and DHCPv6. Two
generic rules automate this process:
This rule is triggered by the IPAM module when you Add an IP address.
This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
• The Create a DHCP IPv6 Static (rule 232 for DHCPv6)
This rule is triggered by the IPAM module when you Add an IPv6 address.
This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
You can automate the static deletion for each IP address deleted in DHCPv4 and DHCPv6. Two
generic rules automate this process:
This rule is triggered by the IPAM module when there is a Deletion of an IP address.
This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
• The Delete a DHCP IPv6 Static (rule 233 for DHCPv6)
This rule is triggered by the IPAM module when you Delete an IPv6 address.
This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
The rule Check DHCP static duplicate hostnames (rule 022) allows to automatically check that
two different statics do not have the same name on one DHCP server.
This rule is only available for DHCPv4 and is triggered from the DHCP module itself when you
are about to add a new static, it will Check before adding a DHCP static that the chosen name
is unique.
398
Managing Fixed Reservations
You can add as many groups as you want but you cannot edit them. You can delete them and
replace them with new ones.
Note
DHCP group feature is only available on EfficientIP DHCP servers. The groups level
will not be visible in the breadcrumb when you work with a Microsoft or a Cisco DHCP
server.
scope group
range static
dhcp-navgrp
lease
Here below, you can see the link to browse the DHCP groups database:
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on Groups icon. The All groups list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 groups or IP6 to display the
DHCPv6 groups.
399
Managing Fixed Reservations
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Put your mouse over the name of the server of your choice. The Info Bar appears.
4. Click on . The server properties page opens.
5. In the breadcrumb, click on All groups. The All groups list of that server opens.
1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. At the end of the line of the group of your choice, click on . The properties page opens.
SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.
The status of DHCP group provides a report on the group operations. Groups status are displayed
next to the right column of the list of the groups. The table below explains all status values:
Keep in mind that you cannot edit a group, you have to delete it.
With both DHCPv4 and DHCPv6, you can add a group to the All groups list.
1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP4 to display the DHCPv4 groups.
3. In the menu, select Add > DHCP group. The Add a DHCP group wizard opens.
4. In the DHCP server list, select the DHCP server in which you want to add a group.
400
Managing Fixed Reservations
8. Click on OK to commit the addition. The report opens and closes. The group is listed.
1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP6 to display the DHCPv6 groups.
3. In the menu, select Add > DHCP group (v6). The Add a DHCP group wizard opens.
4. In the DHCP server list, select the DHCP server in which you want to add a group.
5. Click on NEXT . The last page of the wizard appears.
6. On the DHCP group configuration, fill in the group name.
7. Click on OK to commit the addition. The report opens and closes. The group is listed.
You can of course add a group to the All groups list of a particular server.
1. Go to the All groups list of the server of your choice. For more details, see To list the groups
of a DHCP server.
2. In the menu, select Add > DHCP group or DHCP group (v6) depending on the server you
chose. The Add a DHCP group wizard opens.
3. In the DHCP group name, type in the name of the new group.
4. Click on OK to commit the creation. The report opens and closes. The group is listed.
401
Managing Fixed Reservations
1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP4 to display the DHCPv4 groups or on IP6 to display
the DHCPv6 groups.
3. Filter the list to display the group you want to delete.
4. Tick the group(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The selected group is no
longer listed.
1. Go to the properties page of the group of your choice. For more details, see To display a
DHCP group properties page.
2. In the DHCP options panel click on EDIT . The Configure DHCP options wizard opens.
3. Modify the fields of your choice.
4. Click on OK to commit your changes. The report opens and closes. The modifications are
listed in the DHCP options panel.
402
Chapter 31. Managing Dynamic
Addressing
Managing DHCP Ranges
Ranges must be declared in SOLIDserver for dynamic addressing. A DHCP range is a contiguous
suit of valid IP addresses which are available for lease to client computers on a particular scope.
A range belongs to just one DHCP scope, and contains the leases of the dynamic addresses.
Several ranges can be defined in the same scope if they do not overlap each other.
In the All ranges list, you will find two icons next to the Logout button: IP4 and IP6. They allow
you to display the DHCPv4 ranges on the one hand and the DHCPv6 ranges on the other hand.
Obviously, these buttons are not useful when you are listing the ranges of a particular scope or
server, if you click on the IP6 icon when listing leases of a DHCPv4 scope, you will list all the IP6
ranges regardless of the servers or scopes they are a part of.
scope group
range static
dhcp-navrng
lease
Here below, you can see the link to browse the DHCP ranges database:
To list the DHCP ranges (all servers and scopes taken together)
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice.
403
Managing Dynamic Addressing
4. In the breadcrumb, click on All ranges to display the chosen server's ranges.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the scope of your choice to visualize the ranges it contains.
1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
4. In the filter field at the top of the Ranges column, you can look for a particular range by:
5. Click on SEARCH to display the results list. Only the ranges matching what you filled in are
displayed.
1. Search for the range of your choice (for more details, see To find a DHCP range).
2. A the end of the line of the range of your choice, click on . The properties page opens.
SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.
The status of the DHCP ranges provides a report on the range operations.The table below explains
the Status column possible values:
404
Managing Dynamic Addressing
Note
The IPv4 range addition wizard provides by default an Access Control List (ACL)
configuration page. Keep in mind that the order of the elements listed in the DHCP
range ACL field is important as each restriction or permission will be reviewed follow-
ing the order you set in the list.
1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens, the IP4 button is blue.
3. In the menu, select Add > DHCP Range. The Add a DHCP range wizard opens.
4. In the DHCP Server list, select a server.
5. Click on NEXT . The scope selection page opens.
6. In the DHCP Scope list, select a scope.
7. Click on NEXT . The next page opens.
8. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
9. Configure the DHCP range parameters following the fields below:
10. Click on NEXT . The ACLs configuration page opens if you are editing an EfficientIP DHCP
server, depending on the classes configured by your administrator.
11. In the Specific ACL field, configure ACLs using the table below.
405
Managing Dynamic Addressing
12. In the General ACL field, configure ACLs using the table below.
13. Click on OK to commit the creation. The report opens and closes. The ACLs are listed in the
ACL panel of the range properties page.
1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges (v6) icon. The All ranges page opens, the IP6 button is blue.
3. In the menu, select Add > DHCP range (v6). The Add a DHCP range wizard opens.
4. In the DHCP Server list, select a server.
5. Click on NEXT . The next page opens.
6. In the DHCP Scope list, select a scope.
7. Click on NEXT . The last page opens.
8. Configure the DHCPv6 range following the table below:
406
Managing Dynamic Addressing
9. Click on OK to commit the creation. The report opens and closes. The range is listed.
With DHCPv4, you can edit a range mode and the ACLs once created from its properties page.
Note
With DHCPv6, you cannot edit a range. The properties page will simply display all
the information available.
1. Go to the range of your choice properties page (for more details, see To display a DHCP
range properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP range wizard opens and displays
the range Start address, End address and Size, you cannot modify them.
3. In the Mode drop-down list, you can configure the following options:
4. Click on NEXT . The ACL configuration page opens. See the Restricting Access part for more
details regarding ACLs.
5. Thanks to the fields and boxes explained below you can configure ACLs:
407
Managing Dynamic Addressing
6. Click on OK to commit the edition. The report opens and closes. The modifications are visible
in the Main properties and/or the ACLs panels.
With DHCPv4, you can resize ranges. Basically, you will edit the range start and/or end address
so that it includes more or less addresses. Through the wizard you will be able to indicate the
number or addresses to include to or exclude from the range using the minus sign. This shift of
addresses will be done as long as the addresses included or excluded are not already used or
part of another range.
1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. Filter the list if need be. For more details, see To find a DHCP range.
5. Tick the range(s) you want to resize.
6. In the menu, select Edit > Resize DHCP ranges. The Resize ranges wizard opens.
7. In the Start address shift field, type in the positive or negative shift for the range start address
that suits your needs. If you type in 0 (zero), the address stays the same.
8. In the End address shift field, type in the positive or negative shift for the range end address
that suits your needs. If you type in 0 (zero), the address stays the same.
9. Click on OK to commit the new size. The report opens and closes. The new range(s) size is
visible.
408
Managing Dynamic Addressing
Before deleting an existing range, remember to create a new one using a different range of ad-
dresses.
1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
4. Filter the list if need be. For more details, see To find a DHCP range.
5. Tick the range you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The range is no longer
listed.
To automatically check the IP overlapping, you must enable the Checking IP overlapping rule.
409
Managing Dynamic Addressing
By default, the rule 088 regarding the addition of ranges for every newly added IPv4 pool is en-
abled. It is named (generic) Create a DHCP range for each IP pool created and is listed under
the event Add a pool of the IPAM module.
By default, the rule 230 regarding the addition of ranges for every newly added IPv6 pool is en-
abled. It is named, (generic) Add a DHCP IPv6 range and is listed under the event Add an IPv6
pool of the IPAM module.
If you want to disable one these rules, tick them and in the menu select Edit > Disable.
By default, the rule 097 regarding the deletion of ranges for every IPv4 pool deletion is enabled.
It is named (generic) Delete a DHCP range for each IP pool deleted and is listed under the event
Delete a pool of the IPAM module.
By default, the rule 231 regarding the deletion of ranges for every IPv6 pool deletion is enabled.
It is named, (generic) Delete a DHCP IPv6 range and is listed under the event Delete an IPv6
pool of the IPAM module.
If you want to disable one these rules, tick them and in the menu select Edit > Disable.
Warning
Microsoft DHCP servers does not allow the options configuration on DHCP ranges.
Note
The DHCP options can be edited at the range level only in DHCPv4.
1. Display the chosen range properties page (for more details, see procedure To display a
DHCP range properties page).
2. In the DHCP Options panel, click on EDIT . The wizard Configure DHCP options wizard opens.
3. In the Options category drop-down list, select a category if need be. The Most used options
are displayed by default.
4. Make your modifications.
5. Click on OK to commit the changes. The report opens and closes. Every item modified is
displayed in the panel.
410
Managing Dynamic Addressing
With SOLIDserver in DHCPv4, the maximum lease time is 24 hours (86400 seconds). By default,
the lease time is of 12 hours (43200 seconds). You can obviously change these parameters
either one a particular lease individually or at the range, scope or server level. As for DHCPv6,
you can configure the leases only at the server or scope level.
In the All leases list, you will find two icons next to the Logout button: IP4 and IP6. They allow
you to display the DHCPv4 leases on the one hand and the DHCPv6 leases on the other hand.
Obviously, these buttons are not useful when you are listing the leases of a particular scope or
server, if you click on the IP6 icon when listing leases of a DHCPv4 scope, you will list all the IP6
leases regardless of the servers, scopes and ranges they belong to.
Caution
If SOLIDserver is not on time, you will not be able to retrieve any leases. To configure
the NTP server, see the Services configuration chapter of this guide.
The All leases page, provides all kind of information regarding the leases. For instance their
current Status (for more details refer to the section Understanding the DHCP Leases Statuses),
IP address, MAC address, Start and End time and date, etc. In addition, the OS name column
(DHCP client OS version) provides extra information to identify the IPv4 leases DHCP client.
scope group
range static
dhcp-navleas
lease
Here below, you can see the link to browse the DHCP leases database:
To list all the DHCP leases (all servers, scopes and ranges taken together)
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
411
Managing Dynamic Addressing
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice.
4. In the breadcrumb, click on All leases to display the chosen server's ranges.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the scope of your choice to visualize the ranges it contains.
5. In the breadcrumb, click on All leases to see all the leases of that scope.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the range of your choice to visualize the leases it contains.
1. Search for the range of your choice. For more details, see To find a DHCP lease.
2. At the end of the line of the lease of your choice, click on . The properties page opens.
412
Managing Dynamic Addressing
SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.
The status of the DHCP leases provides information regarding each lease. The Status column
possible values are:
EfficientIP DHCP server allows administrators to specify a default lease duration, a minimum
lease duration, and a maximum lease duration as defined below:
• default-lease-time specifies the duration of the lease that the DHCP server assigns if the client
requesting the lease does not ask for a specific expiration time.
• minimum-lease-time duration is used to force the DHCP client to take a longer lease than
the lease duration that it requests.
• maximum lease-time duration is used to define the longest lease that the DHCP server can
allocate. If a DHCP client asks for a longer lease than the maximum lease duration, then the
server limits the lease to the maximum lease duration.
Note
Maximum lease times do not apply to dynamic BOOTP leases. These leases are
not specified by the client and can exceed the maximum lease time configured.
DHCP lease duration is a topic of discussion among network administrators. Some use a lease
time of 6 months, some use lease time of 5 minutes. The right lease duration depends on each
network's context. Default lease duration on EfficientIP DHCP server is 12 hours.You can change
this default according to your requirements and set leases time at different levels, based on dif-
413
Managing Dynamic Addressing
ferent factors. You can set a default lease time at the server, scope, range, group, DHCP class,
or static level of the EfficientIP DHCP organization.
1. Go to the DHCP listing page of your choice: you can set up the lease duration at server,
scope, range, group or static level. You can also configure a DHCP class to set the lease
duration.
2. Filter the list if need be.
3. At the end of the line of the object of your choice, click on . The properties page opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. In the Option category drop-down list, make sure Most used options is selected.
6. In the Default lease time field, you can set a default lease time in seconds. The lease time
will be respected unless the client specifies another one when requesting a lease.
7. In the Max lease time field, you can set the maximum lease time in seconds.
8. In the Min lease time field, you can set the minimum lease time in seconds.
9. Click on OK to commit your configuration.The report opens and closes.The edited information
is now listed in the panel.
With IPv6 addressing, the procedure is the same except that you can only set it up from the two
highest levels in DHCP that is to say the servers themselves or the scopes.
1. Go to the All servers list or the All scopes list to set up the lease duration.
2. Filter the list if need be.
3. At the end of the line of the object of your choice, click on . The properties page opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. In the Default lease time field, you can set a default lease time in seconds. The lease time
will be respected unless the client specifies another one when requesting a lease.
6. In the Max lease time field, you can set the maximum lease time in seconds.
7. In the Min lease time field, you can set the minimum lease time in seconds.
8. Click on OK to commit your configuration.The report opens and closes.The edited information
is now listed in the panel.
Releasing Leases
In case of ranges overloading, the lease release feature can be helpful in order to punctually free
a critical case. This operation asks the DHCP server to simulate a DHCP release.
Caution
This operation should not be used on a daily basis to resolve a lack of free space in
a range, the best way is to extend the range capacity as soon as possible.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
414
Managing Dynamic Addressing
Warning
A lease deletion can create IP addresses overlapping. Before proceeding with the
lease deletion make sure that the impacted DHCP client will not connect to the net-
work where the addresses were deleted.
Note
It is for now impossible to convert an IPv6 lease into a static. However, you can
create IPv6 statics.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 leases.
4. Filter the list to find the lease(s) you want to convert.
5. Tick the lease(s) to be converted.
6. In the menu, select Edit > Convert to static > Without IP address or With IP address.
415
Managing Dynamic Addressing
If you select the Without IP address option, the Convert lease to static without IP address
wizard opens.
If you select the With IP address option, the Convert DHCP lease to DHCP static wizard
opens.
7. Click on OK to commit the conversion. The report opens and closes. The converted IP ad-
dresses are not listed anymore, you will find them in the All statics lists (in the menu select
Display > All statics).
Blacklisting Leases
Once delivered, you can blacklist a lease at any time. This will convert the lease into a static
without IP. From that point on, the client MAC address cannot access to the DHCP server or its
failover channel. The client MAC address is even saved on the DHCP server configuration file
as blacklist-<MAC_address> to ensure that any lease request is denied.
Blacklisting a lease can be easily done from the All leases page through an option in the menu.
Once a lease is blacklisted, the corresponding static without IP is immediately created. This
static is automatically configured with a set of ACL restrictions that prevent the connection to the
server and its failover. In the meantime, the lease remains valid until it expires, the next client
request for renewal will be denied. Once the lease duration is up, the client MAC address is dis-
connected and unable to connect again.
To blacklist a lease
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. Tick the lease(s) you want to blacklist.
4. In the menu, select Edit > Blacklist lease. The report opens and closes. The lease is still
visible on the All leases page and disappears once it has expired. On the All statics page,
you will be able to find every blacklisted MAC address if you filter the Name column using
blacklist.
Tracking Leases
SOLIDserver keeps track of the leases delivered by all the DHCP servers you manage. The lease
logs are available on the Leases tracking page that provides information on the lease duration
and status, the server that delivered the lease, the host name, its IP and MAC addresses, the
client identifier, and the remote and circuit IDs.
To track leases
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases tracking icon for IPv4 leases or Leases tracking (v6) icon for IPv6 leases.
The All leases page opens and displays the corresponding leases logs.
In IPv4, the lease logs are automatically erased 60 days after the leases have expired, as set in
rule 012. You can change this rule configuration following the procedure below.
416
Managing Dynamic Addressing
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the Rule # column search field, type in 012. The Purge history of DHCP leases rule is listed.
4. In the Instance column, click on auto_purge_histo_dhcplease. The rule properties page
opens.
5. In the Main properties panel, click on EDIT . The Edit a rule wizard opens.
6. Click on NEXT . The Rule filters page appears.
7. If you chose to schedule the purge, configure the fields according to the table below:
You can at any time disable this rule. Tick it in the list and, in the menu, select Edit > Disable.
• The Circuit ID field generally contains information describing the port location that the DHCP
request is coming in from. It may contain additional information that helps describe which IP
address should be assigned out, such as the VLAN ID, a wireless modem or an ATM virtual
circuit. This value must be unique for a particular switch or router that is providing the Relay
Agent function. The value must also stay the same if modules are installed or removed in the
Switch or Router that implements the Relay Agent. Therefore, having subfields representing
the Module, Slot and Port is highly recommended.
417
Managing Dynamic Addressing
• The Remote ID field is intended to carry information describing the device at the remote end
of the link. However, in Ethernet systems, this is typically the MAC address of the Relay Agent.
This is not particularly useful since the MAC address would change if the Relay Agent was
ever replaced. Building a DHCP server database using the MAC address of the Relay Agent
would require that the table be rebuilt every time one of the Relay Agents was replaced. Some
vendors have modified this field to use the IP address of the Relay Agent or some other string
describing the Relay Agent. This field must be unique to the entire network.
• The GIADDR (or Gateway Address) field is part of the normal DHCP message. It contains the
IP address of the Relay Agent. Since IP addresses must be unique, this field is unique for the
entire network.
By combining the GiAddr and the Circuit ID, a network wide unique string can be created. This
string can be used for table lookup in the DHCP server. We called this string a pseudo MAC ad-
dress, since most DHCP servers do a MAC to IP mapping in their databases.
In its default configuration, the DHCP Relay Agent Information Option passes along port and
agent information to SOLIDserver DHCP server. It is useful in statistical analysis, as well as, in-
dicating where an assigned IP address physically connects to the network. It may also be used
to make DHCP decisions based on where the request is coming from or even which user is
making the request, for more information on how to implement it, please refer to the DHCP Options
chapter.
The following procedure explains how to add the Circuit ID column in the listing of the leases.
This information is only available on the EfficientIP's SOLIDserver DHCP and is not available
with the other DHCP server vendors.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. In the menu, select Settings > Configure listing template. The template selection wizard
opens.
4. In the Action drop-down list, select Edit: Default to edit the default template. Or select New
Template and in the name it.
5. Click on NEXT . The DHCP lease list configuration page opens.
6. In the Hidden columns list, double-click on DHCP lease circuit ID. The column is moved to
the Displayed columns list. Use the and to place the column where you want. If you
configured classes, follow the next step. If you did not create any class, go straight to step
8.
7. Click on NEXT . The next page of the wizard appears.
8. In the Filter class type drop-down list, select None or one of your classes according to your
needs.
9. Click on OK to validate. The Circuit ID will appear in the DHCP lease listing where you placed
it if you modified the default template. Note that if you created a template, you have to display
it to visualize the added column (in the menu, select Display > Listing template > your tem-
plate).
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
418
Managing Dynamic Addressing
With DHCPv6, the client ID, circuit ID and remote ID are not supported. It is impossible therefore
to retrieve these pieces of information separately, much less display them in a listing template
on the leases page. This information might be delivered by the agent in DHCPv6 but the appliance
will not retrieve it at the server level.
The equivalent of the option 82 relay agent would be the DHCPv6 option 9 (relay message option)
and the option 47 (relay data option).
Restricting Access
When a DHCP client requests an IP address, SOLIDserver offers an address from a range asso-
ciated with the network segment for that client. In addition to identifying DHCP clients and alloc-
ating addresses to them, you might want to identify clients for other reasons.
For instance, you can control access to leases that the SOLIDserver supplies or restrict allocation
of IP addresses to DHCP clients the network administrators do not know. Some network areas
might want to group clients in some way or you might have to allocate dynamic IP addresses for
known clients on a particular network segment and for unknown clients on the same network
segment but on a different subnet.
Therefore, SOLIDserver provides you with several ways to restrict the access to DHCP clients.
Warning
This configuration is not available on Microsoft Windows servers. Access control is
only available on EfficientIP SOLIDserver appliances and on ISC DHCP delivered
in EfficientIP's packages for Linux, Solaris and FreeBSD.
419
Managing Dynamic Addressing
Note
DHCPv6 does not support ACLs configuration.
1. Go to the properties page of the range of your choice. For more details, see To display a
DHCP range properties page.
2. In the ACLs panel, click on EDIT . The Edit a DHCP range wizard opens.
3. Click on NEXT to skip the range main information. The next page of the wizard appears.
4. In the Specific ACL section, do not modify anything.
5. In the General ACL section, in the drop-down list select known clients.
6. In the Allow section, tick the box. The ACL field displays allow known clients.
7. Click on . allow known clients is now listed in the DHCP range ACL.
8. Click on OK to commit your changes. The report opens and closes. The modification is visible
in the ACLs panel.
• The All ACLs page is accessible through the Display menu on the DHCP homepage and from
the All servers, scopes, ranges and leases pages.
• The ACL Entries page that is only accessible through the breadcrumb on the All ACLs page.
From the All ACLs page you can add ACLs that grant or deny access to the DHCPv4 servers of
your choice. The ACL is a succession of checks that ultimately make sure that all the parameters
you want or refuse from your DHCPv4 clients towards the DHCP server of your choice are re-
spected. There are a number of predefined ACLs available upon creation if you want to apply
specific behaviors or simply reuse the syntax and configure a custom made ACL. Among them,
only the MAC address checks a list of data rather than parameters.
420
Managing Dynamic Addressing
To add an ACL
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the menu, select Add > ACL. The DHCP server selection page of the wizard opens.
4. In the DHCP server list, select one of your DHCPv4 servers.
5. Click on NEXT . The DHCP ACL parameters page opens.
6. In ACL name field, type in the name of the ACL to be created.
7. In the Predefined ACL drop-down list, you can select one of the available ACLs. The ACL
syntax is displayed in the ACL rule field and can be modified. By default, None is selected
and nothing is displayed in the ACL rule field.
8. In the ACL rule field, type in or modify the syntax if need be.
9. Click on OK to commit your configuration. The report opens and closes. The ACL is listed.
Once added, the ACL can be configured to be even more efficient. For instance, if you used the
MAC address ACL or an ACL comparing a list of information, you can define an ACL Entry to
set up the corresponding parameters, and make sure, for example, that the access list will be
granted or denied only to the MAC address of your choice.
To edit an ACL
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. Filter the list if need be.
4. Put your mouse over the ACL you want to edit. The Info Bar appears.
5. Click on . The ACL properties page opens.
6. In the Main properties panel, click on EDIT . The DHCP ACL parameters wizard opens.
7. Edit the ACL name, Predefined ACL and ACL rule fields according to your needs.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.
At any time, you can copy an ACl from one server to the other. This ACL duplication copies the
ACL entries as well. However, once copied, you still to assign each new ACL in the target server
to use it.
Keep in mind that if your physical server is managed through a smart, only the ACL created on
the smart can be duplicated.
To copy an ACL
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. Filter the list if need be.
4. Put your mouse over the ACL you want to edit. The Info Bar appears.
5. Click on . The ACL properties page opens.
6. In the Main properties panel, click on EDIT . The DHCP ACL parameters wizard opens.
421
Managing Dynamic Addressing
7. Edit the ACL name, Predefined ACL and ACL rule fields according to your needs.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.
If you migrate an ACL to a smart architecture that manages physical servers, the ACL is copied
to the smart and then pushed to the physical server: it stays in Delayed create until it is successfully
pushed.
Once you added an ACL, you can add ACL entries to the ACL to define the rule that governs the
ACL you are adding. Note that you can only add or delete ACL Entries, you cannot edit them
even from their properties page.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the breadcrumb, click on ACL Entries. The ACL Entries page opens.
4. In the menu, select Add > ACL Entry. The Add an ACL data wizard opens.
5. In the DHCP server list, select one of your DHCPv4 servers.
6. Click on NEXT . The next page opens.
7. In the DHCP ACL list, select the ACL of your choice.
8. Click on NEXT . The last page opens.
9. In the ACL Entry field, type in your condition following the a MAC format of two hexadecimal
characters separated by a semi-colon. If your ACL is a matching MAC address, type in the
matching MAC address.
10. Click on OK to commit your addition. The report opens and closes. The ACL Entry is listed,
it named after the server it belongs to and its value matches what you typed into the ACL
Entry field.
The client, wishing to remotely boot an operating system image, broadcasts a DHCPDISCOVER
packet as per the DHCP protocol. This packet is transmitted to acquire an IP address. The client
also sends PXE protocol specific DHCP option 60 (Vendor Class Identifier) along with this
packet. The DHCP server responds to the above DHCPDISCOVER packet by sending a DH-
CPOFFER packet that contains the IP Address allocated to the client. In a PXE remote boot, the
DHCP server also sends:
• a special tag (option 60, with the value set to the string "PXEClient") to identify that it is capable
of configuring a PXE client.
422
Managing Dynamic Addressing
• the next server to specify the server host address from which the initial boot file is to be loaded.
• the filename to specify the name of the initial boot file to be loaded by a DHCP client.
The client downloads the executable file using either standard TFTP (port69) or MTFTP (port
assigned in Boot Server Ack packet). The file downloaded and the placement of the downloaded
code in memory is dependent on the client's CPU architecture. After it downloads the boot file,
the client reboots and sends a new DHCPDISCOVER.
You can set a different lease time for PXE boot requests to manage your dynamic ranges better.
The DHCP server can allocate an IP address with a shorter lease time to hosts that send PXE
boot requests in order to release IP addresses faster.
Note
There is no Preboot eXecutable Environment boot standard for IPv6 yet.
• Next-server (BOOTP parameter) specifies the host address of the server from which the initial
boot file (specified in the filename statement) is to be loaded. The value of this option should
be a numeric IP address. If no next-server parameter applies to a given client, the DHCP
server IP address is used.
• TFTP-server-name (DHCP option #66) is used to identify a TFTP server when the Next-
server (BOOTP parameter) field in the DHCP header has been used for DHCP options.
• Filename (BOOTP parameter) specifies the name of the initial boot file to be loaded by a
DHCP client. The value of this option should be the name of a file that is recognizable to
whatever file transfer protocol the client is expected to use to load the file. Some clients might
prefer to receive this information in the bootfile-name option.
• Bootfile (DHCP option #67) specifies the name of the boot file to be used when the file field
is used to carry options.
These options can be configured at multiple levels: server, scope, static reservation, DHCP group
or dynamic range.
1. Go to the properties page of the server, scope, range, group or static of your choice.
2. In the DHCP options panel, click on the EDIT . The Configure DHCP options wizard opens.
3. In the Option category drop-down list, select the BootP Compatible option. The two options:
next-server and filename are listed among the options.
4. In the next-server field, type in the IP address of the server which the initial boot file will be
loaded.
5. In the filename field, type in the name of the initial boot file to be loaded by the DHCP client.
6. Click on OK to commit your configuration. The report opens and closes. The modifications
are listed in the DHCP options panel.
423
Managing Dynamic Addressing
Note
The PXE parameters configuration only applies to DHCPv4. For now, it is impossible
to set them with IPv6 addressing.
To avoid this issue, SOLIDserver manages leases by setting a different lease time for PXE boot
request. SOLIDserver allows you to allocate an IP address with a shorter lease time to hosts that
send PXE boot requests, so IP addresses are not leased longer than necessary. By default the
lease duration for PXE client is set to 5 minutes (300 seconds). It can be changed by following
the next procedure.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the Name column search engine, type in PXE. The PXE clients ACLs are listed.
4. At the end of the line of the ACL of your choice. Click on . The properties page opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. In the Option category drop-down list, select Most used options.
7. In the Default lease time field and in the Max lease time, type in the durations of your choice.
These value are in seconds, by default they are set to 300 seconds (5 minutes)
8. Click on OK to commit the configuration. The report opens and closes. The modifications
are listed in the DHCP options panel.
When the DHCP server is considering dynamically allocating an IP address to a client, it first
sends an ICMP echo request (a ping) to the address being assigned. It waits for a second, and
if no ICMP echo response has been heard, it assigns the address. If a response is heard, the
lease is abandoned, and the server selects another free IP address and sends it a ping. The
DHCP server continues this process until it finds an IP address that does not respond to the ping.
The DHCP server then sends a DHCPOFFER message with the unused IP address to the DHCP
client.
424
Managing Dynamic Addressing
Note
If the DHCP server determines that it should send an ICMP echo request (a
ping) because the ping-check statement is true, ping-timeout allows you to
configure how many seconds the DHCP server should wait for an ICMP Echo
response to be heard, if no ICMP Echo response has been received before the
timeout expires, it assigns the address. If a response is heard, the lease is
abandoned, and the server does not respond to the client. If no value is set, the
ping-timeout is of 1 second by default.
6. Click on OK to commit the update. The report opens and closes. The modifications are listed
in the DHCP options panel.
With DHCPv6, the procedure is similar. Only a few wizard-related steps change.
Note
If the DHCP server determines that it should send an ICMP echo request (a
ping) because the ping-check statement is true, ping-timeout allows you to
configure how many seconds the DHCP server should wait for an ICMP Echo
response to be heard, if no ICMP Echo response has been received before the
timeout expires, it assigns the address. If a response is heard, the lease is
abandoned, and the server does not respond to the client. If no value is set, the
ping-timeout is of 1 second by default.
5. Click on OK to commit the update. The report opens and closes. The modifications are listed
in the DHCP options panel.
425
Chapter 32. Managing Failover Channels
SOLIDserver allows you to display all the failover channels for the DHCP smart architectures it
manages.
In contrast with One-to-One and One-to-Many smart architectures that include as many failover
channels as physical secondary servers, the failover channel of a Single-Server or a Split-Scope
architectures are virtual. It links the managed server(s) to the smart architecture that act as a
configuration backup for the dhcpd.conf file. For more details, refer to the Understanding the
DHCP Safe Failover section of this guide.
The All failover channels page provides you with detailed information on all the failover channels
of the smart architectures you manage.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels icon. The All failover channels page opens.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All failover channels. The All failover channels page opens.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels (v6) icon. The All failover channels page opens.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All failover channels (v6). The All failover channels page
opens.
Note
The concept of failover channels is not very widespread in IPv6. Still, awaiting for its
implementation, SOLIDserver already proposes a listing page for the virtual failover
channels that provides a backup of the smart architectures configuration. For more
details refer to the DHCPv6 Smart Architectures section of this guide.
426
Managing Failover Channels
Note
The Split-Scope and Single-Server smart architecture will provide few inform-
ation on this page as their failover is virtual and therefore cannot be edited. For
both architectures, you will find no data or N/A displayed in every column except the
Name, Smart DHCP and Status columns.
The failover state column is one of the most useful columns as it indicates the operational state.
There are 10 different states in the GUI to provide as much detail as possible.
427
Managing Failover Channels
428
Managing Failover Channels
Column Description
Status Displays the failover channel status: either OK, Delayed create or
Delayed delete.
Multi-status Displays emergency, warning, critical, error or informational messages
regarding the failover channel, if relevant. For more details, refer to the
Multi-status Column section of this guide.
Note
The Split-Scope and Single-Server smart architecture will provide few inform-
ation on this page. For both architectures, you will find N/A displayed in the port
related columns.
You can automate the switch for servers managed via One-to-One smart architectures, the ad-
ministrator can also set an Automatic switch to partner-down delay (in minutes) after which a
server in Communications-interrupted state should automatically switch to Partner-down. For
more details, refer to the DHCP One-to-One Smart Architecture section of this guide.
To manually switch a server to partner-down, you can simply break the failover channel following
the procedure below, SOLIDserver will automatically switch the right server to Partner-down. For
more details refer to the Failover Operational States.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels icon. The All failover channels page opens.
3. Click on the icon in the upper right corner to display the DHCP server(s) managed by the
smart architecture(s).
4. Tick the failover channel(s) you want to break.
5. In the menu, select Edit > Switch to partner-down. The Switch to partner-down wizard
opens.
6. Click onOK to commit your modifications. The report opens and closes. The All failover
channels page is visible again. In the Failover state column the failover channel has switched
to Primary in Partner-down or Secondary in Partner-down.
429
Chapter 33. Configuring DHCP Options
The DHCP dynamically distributes addresses, but also offers the possibility of providing config-
uration information and other specific controls to the servers clients. These pieces of information
are called DHCP options.
Most standard DHCP options are currently detailed in the RFC 2132 recommendation, "DHCP
Options and BOOTP Vendor Extensions". Even if most DHCP servers offer several options, the
vast majority of DHCP clients are generally conceived to request and take charge of just a sub-
part of the ensemble of standard RFC options.
• Internal options of the DHCP server: these options allow to configure the global behavior of
the DHCP server when it processes DHCP requests. These options do not have DHCP option
code number and they are only available on the EfficientIP's DHCP engine provided with
SOLIDserver appliances or ISC DHCP software. These options are not sent to the DHCP client.
For more information on internal server options, see the Server parameters section of the ap-
pendix regarding DHCP options.
• Client side options: these options are sent from the DHCP client to the DHCP server to
achieve predefined series of actions, for instance vendor-class or hostname options. If these
options can be processed by the server, their content cannot be configured from the server
side.
• Predefined server side options: these options are predefined and they cannot be modified.
Most of these options are common and include options like: routers, domain-name, name-
server. These options sent from the server to the client describe network configuration settings
and various services available on the network.
• Custom server side options: these option can be added and/or modified according to the
DHCP clients requirements. These options sent from the server to the client describe network
configuration settings and various services available on the network.
SOLIDserver provides a user-friendly interface from which you can apply, modify or delete DHCP
options. EfficientIP's DHCP organization allows you to apply DHCP options on three hierarchical
levels: the server, the scope and the range.
Warning
Microsoft DHCP servers do not allow options configuration on DHCP ranges.
server
scope group
range static
dhcp-navsrv
lease
In the above configuration plan, the DHCP server options and maximum lease time have been
defined to the DHCP server globally; these two options will be propagated to the scope and the
range.
430
Configuring DHCP Options
You will also observe that the default router has been configured both in the DHCP scope and
range. Only in this case shall the default router defined by the range be taken into account.
When it comes to DHCPv6, the options configuration of EfficientIP DHCP servers is roughly the
same, you can configure options at the server and scopes level that will propagate to the lower
levels. You can also set options at the groups level or directly on a specific static reservation.
However, it is not possible to set DHCP options to a range or a lease.
The options setting will apply to a DHCP client according to a defined precedence. Options are
arranged into a hierarchy in order to respect the following ranking:
But the application of options on this hierarchy depends of technical constraints with your devices
on your network. >>>> However, there are some technical constraints, the devices/clients con-
nected to the network can have an impact on the configuration efficiency.
Basically, the options should be configured by starting from the top of the DHCP tree hierarchy
(server) in order not to configure the same options over and over again on each object. Usually
options specified at the server level are global or applied for a default setup. Everything that was
set at the server level will be propagated onto the lower objects, therefore you can configure a
common set of options and then add other options to the other objects to match clients needs.
If you do not configure repeatedly the same options to several objects, your DHCP configuration
will be simpler to manage.
The vendors' DHCP servers that SOLIDserver can manage do not share the same internal archi-
tecture and cannot be managed in the same way. For instance, contrary to EfficientIP DHCP
server, Microsoft DHCP server does not support the configuration of options at the range level.
Warning
Only the options identified by a number are supported by the Microsoft DHCP service.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
431
Configuring DHCP Options
3. At the end of the line of the server of your choice, click on . The server properties page
opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. Modify the fields of your choice. For more details regarding options parameters, see the
Customizing DHCP Options part below.
6. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
432
Configuring DHCP Options
6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All options definitions. The list All options definitions opens,
i.e. the list of all the options defined at the DHCPv4 servers level.
4. In the menu, select Add > Option definition. The DHCP server configuration wizard opens.
5. In the DHCP server list, select the server on which you want to specify the custom option..
6. Click on NEXT . The next page of the wizard appears.
7. In the Option name field, name the custom option. The option will be named option yourop-
tionname in the Name column.
8. In the Option space field, you can fill in the option space parameter that will be used to build
encapsulated options. If the space name you chose does not exist it will be created.
9. In the Option code field, enter an option code. This code is a number between 1 to 255.
Note
If you are creating a code within the dhcp space, you must define a code
greater than 128. The option codes included between 1 and 128 are usually
reserved: using a code included in that range of numbers would overwrite existing
options.
10. In the Parameter counter drop-down list, select the number of parameters you want to set
for that option. You can select up to 6 parameters, the corresponding number of fields will
appear.
11. In the Parameter <number> drop-down list, you have to choose one of the parameters below:
433
Configuring DHCP Options
Keep in mind that the encapsulated options' type is binary but equivalent to the text format.
Its value is set in hexadecimal and looks as follows: \x01\xA2\x45\x12.
If you selected more than one Parameter counter, you need to repeat this step for each one
them.
12. In the Type is array section, tick the box if you want to specify an array of the parameters
you configured.
Note
The Type fields, sums up the selected parameters. Each letter that appears in
this field corresponds to a parameter. For instance, if you specify an array of IP
addresses the type will be IA, if you specify an array of repeated addresses plus
a boolean the type will be IfA.
13. Click on OK to commit your changes. The report opens and closes. The option is listed.
With DHCPv6, you also have the possibility to add custom options, however there are less
parameters available.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All Options Definitions (v6). The list All options definitions
opens, i.e. the list of all the options defined at the DHCPv6 servers level.
4. In the menu, select Add > Option definition. The DHCP server configuration wizard opens.
5. In the DHCP server list, select the server on which you want to specify the custom option..
6. Click on NEXT . The next page of the wizard appears.
7. In the Option name field, name the custom option. The option will be named "option
youroptionname" in the Name column.
8. In the Option space field, you can fill in the option space parameter that will be used to build
encapsulated options.
434
Configuring DHCP Options
9. In the Option code field, enter an option code. This is a number from 1 to 255.
Note
If you are creating a code within the dhcp space, you must define a code
greater than 128. The option codes included between 1 and 128 are usually
reserved: using a code included in that range of numbers would overwrite existing
options.
10. In the Parameter counter drop-down list, select the number of parameters you want to set
for that option. You can select up to 6 parameters, the corresponding number of fields will
appear. In each drop-down list, you will have to choose one of the parameters below:
11. In the Type is array section, tick the box if you want to specify an array of the parameters
you configured.
Note
The Type fields, sums up the selected parameters. Each letter that appears in
this field corresponds to a parameter. For instance, if you specify an array of IP
addresses the type will be IA, if you specify an array of repeated addresses plus
a boolean the type will be IfA.
12. Click on OK to commit your changes. The report opens and closes. The option is listed.
435
Configuring DHCP Options
hardware configuration. Servers not equipped to interpret the class-specific information sent by
a client must ignore it (although it may be reported). On the contrary, the servers that respond
should only use option 43 to return the vendor-specific information to the client.
With DHCPv6, the RFC 3315 defines the Vendor-specific Information Option. SOLIDserver
provides it through the option dhcp6.vendor-opts (option 17) in the All options definitions list.
• The circuit ID field generally contains information describing the port location that the DHCP
request is coming in from. It may contain additional information that helps describe which IP
address should be assigned out, such as the VLAN ID, a wireless modem or an ATM virtual
circuit. This value must be unique for a particular switch or router that is providing the Relay
Agent function. The value must also stay the same if modules are installed or removed in the
Switch or Router that implements the Relay Agent. Therefore, having subfields representing
the Module, Slot and Port is highly recommended.
• The remote ID field is intended to carry information describing the device at the remote end of
the link. However, in Ethernet systems, this is typically the MAC address of the Relay Agent.
This is not particularly useful since the MAC address would change if the Relay Agent was
ever replaced. Building a DHCP server database using the MAC address of the Relay Agent
would require that the table be rebuilt every time one of the relay agents was replaced. Some
vendors have modified this field to use the IP address of the Relay Agent or some other string
describing the relay agent. This field must be unique to the entire network.
• The GIADDR (or Gateway Address) field is part of the normal DHCP message. It contains the
IP address of the Relay Agent. Since IP addresses must be unique, this field is unique for the
entire network.
By combining the GIADDR and the circuit ID, a network wide unique string can be created. This
string can be used for table lookup in the DHCP server. We called this string a pseudo MAC ad-
dress, since most DHCP servers do a MAC to IP mapping in their databases.
In its default configuration, the DHCP Relay Agent Information option passes along port and
agent information to SOLIDserver DHCP server. It is useful in statistical analysis, as well as, in-
dicating where an assigned IP address physically connects to the network. It may also be used
to make DHCP decisions based on where the request is coming from or even which user is
making the request.
The following actions should be performed by the SOLIDserver DHCP when receiving a DHCP-
DISCOVER or DHCPREQUEST message with Option 82 set:
1. Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-
originated DHCP packets to a DHCP server.
2. Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-
originated DHCP packets to a DHCP server.
3. Servers recognizing the Relay Agent Information option may use the information to select the
IP address or other parameter assignment policies through the SOLIDserver ACL.
436
Configuring DHCP Options
4. Switch or Router (as the DHCP relay agent) intercepting the DHCP requests, appends the
circuit ID with remote ID into the option 82 fields and forwards the request message to
SOLIDserver DHCP server.
The following procedure explains how to create an ACL rule allowing to restrict the IPv4 address
range to select or to send specific DHCP options according to the option 82 sent to the SOLID-
server DHCP server.
To create an ACL based on the option 82: Circuit ID within the leases user interface
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the DHCPv4 server of your choice. The All scopes list of that server
opens.
4. In the menu, select Display > All ACLs. The All ACLs list of that server opens.
5. In the menu, select Add > ACL. The DHCP ACL parameters wizard opens.
6. In the ACL name field, name your ACL.
7. In the Predefined ACL drop-down list, select None.
8. In the ACL rule field, type in the command below highlighted in gray. It sets up an ACL that
filters the DHCP option 82 as long as the client remote id first letters match the keyword of
your choice, in the example "dslam1".
In that example all DHCP clients that pass the option 82 including the "dslam1" keyword in
the remote-id will trigger this ACL.
match if (substring(option agent.remote-id,0,6) = "dslam1");
9. Click on OK to commit the ACL addition. The report opens and closes. The ACL is listed.
Once the ACL is created, you can apply it to a DHCPv4 range to allow or restrict the access to
all clients that match this ACL rule. ACL can also be used to send specific DHCP options to the
clients that match this ACL rule. Edit the properties of the ACL to setup its DHCP option policies.
The equivalent of the option 82 relay agent would be the DHCPv6 option 9 (relay message option)
and the option 47 (relay data option).
437
Configuring DHCP Options
Within SOLIDserver, the vendor-specific information is stored in an ACL. Any client matching the
vendor information is attributed a set of options that you can configure through option definitions.
To properly setup option 43 on a DHCPv4 server in the GUI you need to:
Once the configuration is complete, the clients matching the vendor-class identifier are automat-
ically attributed the option definitions specified.
438
Configuring DHCP Options
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACLs list opens.
3. In the menu, select Add > ACL. The DHCP server selection wizard opens.
4. In the DHCP server list, select the DHCPv4 server of your choice.
5. Click on NEXT . The DHCP ACL parameters wizard opens.
6. In the ACL name field, name your ACL.
7. In the Predefined ACL drop-down list, select None.
8. In the ACL rule field, type in the command below.
match if option vendor-class-identifier = "<%found-value>";
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All option definitions. The All option definitions list of that
server opens.
3. In the menu, select Add > Option definition. The DHCP server selection wizard opens.
4. In the DHCP server list, select the DHCPv4 server for which you configured the ACL.
5. Click on NEXT . The DHCP option definition wizard opens.
6. Configure the option. The accepted code, parameter counter, and type should be mentioned
in your device documentation.
7. Click on OK to commit the creation. The report opens and closes. The option is listed as
follows: <option-space-name>.<option-name>.
Repeat this procedure for as many option definitions as needed: each definition creates a field
in the DHCP options configuration wizard which value you can set in the procedure below.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All ACLs. The All ACLs list of that server opens.
4. Filter the list of need be.
439
Configuring DHCP Options
5. At the end of the line of the ACL you created, click on . The ACL properties page opens.
6. Click on to expand all the panels.
7. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
8. Configure the vendor-specific identifier match:
a. In the Option category drop-down list, select Basic. The wizard refreshes.
b. In the Vendor option space drop-down list, select your option, it is listed as follows
Vendor <your-option-name>.
a. In the Option category drop-down list, select Vendor <your-option-name>. The wizard
refreshes.
b. Fill in all the option definition fields you created. They are all displayed as follows: <your-
option-defintion-name> (<your-option-code>). The value expected in each field depends
on what settings your configured when creating the option definition.
10. Click on OK to commit the changes. The report opens and closes. The option is listed in the
panel.
• In the Main properties panel, the Rule field contains the value of your ACL: the vendor-
specific identifier match conditions.
• In the DHCP options panel, you can see:
• the Vendor option space field that displays your option name.
• a field for each of your option definitions named as follows: <your-option-name>.<your-
option-defintion-name> followed by the value your just set in the DHCP option config-
uration wizard.
440
Chapter 34. Reporting and Monitoring
the DHCP
SOLIDserver provides a number of rules and options that allow to have an overview of the DHCP
usage or to be notified if a DHCP server is in timeout. Note that for own, all the procedures de-
scribed in this chapter only apply to DHCP objects managing IPv4 addressing.
For more details regarding the reports generation possibilities, refer to the chapter Managing
Reports.
Description: Compares one by one all the DHCP options configured on the selected servers.
For more details regarding DHCP options, refer to the chapter DHCP Options.
Description: Contains lease and queries dedicated charts providing an overview of a server
usage evolution. The chart results are based on server usage a daily, monthly, semestrial and
yearly basis.
Description: Compares one by one all the DHCP options configured on the selected scopes.
For more details regarding DHCP options, refer to the chapter DHCP Options.
Scopes summary
441
Reporting and Monitoring the DHCP
Description: Provides detailed tables of the DHCP options activity and origin of the selected
scope(s). For instance, it indicates if the option was set at scope level or inherited from the
managing server.
To monitor DHCP events, make sure the server is responding and so forth, you can set an alert
This alert can for instance send an SNMP trap to let you know if the DHCP server is still working
or if the server is in time out. For more details, refer to the chapter Managing Alerts of this guide.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select DHCP.
5. In the Event drop-down list, select Execution of a scheduled rule.
6. In the Rule list, select (105) Check DHCP scope/range usage.
7. In the Rule name, name the rule. That name will be listed in the Instance column.
8. In the Comment field, you can type in a comment if you want.
9. Click on NEXT . The Rule filters page opens.
442
Reporting and Monitoring the DHCP
1. In the menu, select Add > Rule. The Add a rule wizard opens.
2. In the Module drop-down list, select DHCP.
3. In the Event drop-down list, select Event.
4. In the Rule list, select (082) Send an alert if a DHCP scope is full.
5. In the Rule name, name the rule. That name will be listed in the Instance column.
6. In the Comment field, you can type in a comment if you want.
7. Click on NEXT . The Rule filters page opens.
8. Click on NEXT . The Rule parameters page opens.
9. Fill in at least one of the rule parameters fields:
• In the IP address of the SNMP trap field, type in the IP address of the appliance that will
receive the SNMP trap. Needless to say another appliance than the one you are currently
working with.
• In the Send a mail to field, type in the email address that will receive the notification.
10. Click on OK to commit your rule addition. The report opens and closes. The rule is listed.
Thanks to these two rules, if scopes from your DHCP servers exceeds the percentage of usage
applied in the first configured rule, you will automatically receive an e-mail and a TRAP sent from
SOLIDserver to your monitoring software. Besides, you can display rule 105 history (Check DHCP
scope/range usage), through the scope properties page in the State log panel: click on to
display the content of the panel.
443
Chapter 35. Importing DHCP Data
SOLIDserver provides wizards to import data from legacy DHCP to all other DHCP servers
managed through SOLIDserver: these wizards are all the more useful during a migration. The
import wizards allow you to load configurations from:
The supported DHCP objects for the import are: DHCP scopes, DHCP ranges and DHCP statics
as well. There is no particular columns organization to import data and no data treatment is ne-
cessary before importing the file. During the import, the columns in your files will be selected and
associated with the appropriate DHCP objects.
For more details regarding IPv4 and IPv6 DHCP import, refer to the chapter Importing Data in
the Global Policies part of this guide.
• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.
444
Importing DHCP Data
• DHCP options restriction: only standard options are supported during the import. If the
server was configured using non standard DHCP options, they will be imported only if they
were previously defined either in the configuration file or within the SOLIDserver appliance.
However, you can configure conditional options afterward using the DHCP ACLs.
The ISC DHCP loads its configuration from the file named dhcpd.conf. This file contains the whole
configuration of the DHCP server. SOLIDserver allows to import this file directly from its graphical
user interface at the scope level of the DHCP organization.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > ISC DHCP. The Import an ISC dhcpd.conf file wizard
opens.
5. Click on BROWSE to find the ISC dhcpd.conf file. Once you clicked on Open, the file is visible
in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes. The file is listed.
This procedure also works within the scopes list of the server for which you want to import the
ISC configuration: at the servers level click on the name of the server concerned, once in the
scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.
Several ISC configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.
445
Importing DHCP Data
• Static reservations.
• Static reservations options.
• DHCP options definitions.
The VitalQIP DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the VitalQIP DHCP server. SOLIDserver allows to import this file directly
from its graphical user interface at the scope level of the DHCP organization.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > QIP DHCP. The Import a QIP DHCP configuration file
wizard opens.
5. Click on BROWSE to find the VitalQIP dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.
Several VitalQIP configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.
Microsoft netsh commands for DHCP offer a command-line tool that helps administrating the
DHCP servers and provides an equivalent alternative to console-based management. You can
run these commands from the Windows Server command prompt or from the command prompt
for the netsh DHCP context. For these commands to work at the Windows Server command
prompt, you must type netsh dhcp before typing commands and parameters as they appear in
the syntax below.
This command, generated from your Microsoft DHCP server, allows to import its whole configur-
ation including:
446
Importing DHCP Data
Because several Microsoft DHCP configuration files can be imported into the same EfficientIP
DHCP server, DHCP options are not imported at the server level. They must be manually con-
figured.
Microsoft allows creating only one range per subnet (i.e. scope) and then excludes the ranges
of IP addresses you do not need. Unlike Microsoft, EfficientIP makes it possible to configure
several ranges in one scope. In the All ranges list, the result of an imported Microsoft DHCP
range will not translate the Microsoft range configuration and display the ranges defined through
that configuration rather than display exclusion ranges. See the example DHCP configuration:
IPMserver vs. Microsoft DHCP server in the chapter Managing DHCP servers for more details.
In the same way, when a Microsoft DHCP range contains a reservation, EfficientIP imports a
reservation wrapped around two DHCP ranges.
Caution
Keep in mind that with Win2008R2 it is impossible to create a static that is not in a
range.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Microsoft DHCP. The Import a Microsoft DHCP server
dump wizard opens.
5. Click on BROWSE to find the Microsoft dump file. Once you clicked on Open, the file is visible
in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. In the Import global options section, tick the box if you want to apply options configured in
the Microsoft DHCP dump to the destination server.
8. Click on OK to commit the import the file. The report opens and closes.
Note
For large configurations, SOLIDserver runs the import process in background.
As it can take a while, the result will not be displayed immediately.
447
Importing DHCP Data
Several Microsoft configuration files can be imported one after the other on the same target
DHCP server. It allows to merge different DHCP configurations on one unique DHCP server.
Through all the imports, no data is deleted: all differences will be added of course the configurations
conflict with each other. In the same way, if two configuration files have a scope in common but
named differently, the first scope name imported will be overwritten by the new scope name.
• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.
• DHCP options restriction: only standard options are imported. If the server was configured
using non standard DHCP options, they will be imported only if they were previously defined
either in the configuration file or within the SOLIDserver appliance.
• Failover restriction: Failover channels are not imported.
• Infoblox options restriction: all Infoblox options are ignored (these options usually include
"infoblox" in their name).
The Infoblox DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the DHCP server. SOLIDserver allows to import this file directly from its
graphical user interface at the scope level of the DHCP organization.
Note
When it comes to importing Infoblox DHCP configurations into a DHCP smart archi-
tecture, it must be a One-to-One, a One-to-Many or a Single-Server smart architec-
ture. It is impossible to import this configuration in a Split-Scope or a Stateless archi-
tecture.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Infoblox DHCP. The Import an Infoblox dhcpd.conf file
wizard opens.
5. Click on BROWSE to find the Infoblox dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.
This procedure also works within the scopes list of the server for which you want to import the
ISC configuration: at the servers level click on the name of the server concerned, once in the
448
Importing DHCP Data
scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.
Several Infoblox configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.
• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.
• DHCP options restriction: only standard options are imported. If the server was configured
using non standardDHCP options, they will be imported only if they were previously defined
either in the configuration file or within the SOLIDserver appliance.
The Meta IP DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the DHCP server. SOLIDserver allows to import this file directly from its
graphical user interface at the scope level of the DHCP organization.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Meta IP DHCP. The Import a Meta IP dhcpd.conf file
wizard opens.
5. Click on BROWSE to find the Meta IP dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.
This procedure also works within the scopes list of the server for which you want to import the
Meta IP configuration: at the servers level click on the name of the server concerned, once in the
scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.
Several Meta IP configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
449
Importing DHCP Data
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.
• Scopes.
• Scope options.
• Ranges.
• Range options.
• Reservations.
• Reservations options.
The NetID DHCP loads its configuration from the file named dhcpcfg.cur. This file contains the
whole configuration of the NetID DHCP server. SOLIDserver allows importing this file directly
from its graphical user interface at the scope level of the DHCP organization.
1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > NetID DHCP. The Import a NetID DHCP dump file wizard
opens.
5. Click on BROWSE to find the NetID dump file. Once you clicked on Open, the file is visible in
the wizard File name field.
6. Click on NEXT . The Select DHCP server preferences page opens.
7. In the DHCP server drop-down list, select the target server.
8. Select the DHCP configuration you want to import from the configuration file:
450
Importing DHCP Data
Several NetID configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.
451
Part VII. DNS Management
Table of Contents
36. Introduction ............................................................................................................. 458
Overview .............................................................................................................. 458
DNS Structure ............................................................................................... 458
DNS Servers ................................................................................................. 459
DNS Zones and Resource Records ................................................................ 460
DNSSEC ...................................................................................................... 460
DNS Management within SOLIDserver ................................................................... 461
37. Deploying DNS Smart Architectures .......................................................................... 462
Master/Slave Smart Architecture ............................................................................ 463
Multi-Master Smart Architecture ............................................................................. 463
Stealth Smart Architecture ..................................................................................... 464
Single-Server Smart Architecture ........................................................................... 464
Farm Smart Architecture ........................................................................................ 465
38. Managing DNS Smart Architectures .......................................................................... 466
Understanding DNS Smart Architectures Statuses .................................................. 466
Locked Synchronization Status ...................................................................... 466
Adding a DNS Smart Architecture .......................................................................... 467
Master/Slave Smart Architecture .................................................................... 468
Multi-Master Smart Architecture ..................................................................... 470
Stealth Smart Architecture ............................................................................. 472
Single-Server Smart Architecture ................................................................... 474
Farm Smart Architecture ................................................................................ 476
Editing a DNS Smart Architecture .......................................................................... 479
Adding a DNS Server into a Smart Architecture .............................................. 479
Removing a DNS Server from a Smart Architecture ......................................... 480
Changing the DNS Servers Role within a Smart Architecture ........................... 480
Changing the Type of DNS Smart Architecture ................................................ 481
Deleting a DNS Smart Architecture ........................................................................ 482
Defining a DNS Smart Architecture as a Group Resource ........................................ 483
39. Managing DNS Servers ............................................................................................ 484
Browsing DNS Servers .......................................................................................... 484
Browsing the DNS Servers Database ............................................................. 484
Customizing the DNS servers Display ............................................................. 485
Understanding the DNS Servers Statuses ....................................................... 485
Managing an EfficientIP DNS Server ...................................................................... 485
Adding a SOLIDserver DNS Server ................................................................ 485
Editing the SNMP Configuration of a SOLIDserver DNS Server ........................ 487
Managing a Microsoft DNS Server .......................................................................... 488
Managing an Agentless Microsoft DNS Server ................................................ 489
Managing a Microsoft DNS Server via Active Directory .................................... 492
Managing a Microsoft DNS Server with Agent ................................................. 495
Managing a BIND DNS Server ............................................................................... 497
Managing EfficientIP BIND Linux Packages v4 ................................................ 498
Managing EfficientIP BIND Linux Packages v5 ................................................ 505
Adding a BIND DNS Server ........................................................................... 511
Managing a Generic DNS ...................................................................................... 517
Adding a Generic DNS Server ........................................................................ 517
Managing a Nominum ANS .................................................................................... 519
Adding a Nominum ANS Server ..................................................................... 519
Adding Zones to a Nominum ANS Server ....................................................... 520
Synchronizing a DNS Server .................................................................................. 521
453
DNS Management
454
DNS Management
455
DNS Management
456
DNS Management
457
Chapter 36. Introduction
Overview
DNS Structure
The Domain Name System is a hierarchical distributed naming system whose main function is
to resolve host queries, in other words, to convert a requested IP address - whether in IPv4 or
IPv6 - into an intelligible domain name. The DNS resolution can be configured either to find a
domain name using an IP address (name resolution) or vice versa, with an IP address to find a
domain name (reverse resolution).
This protocol offers many benefits since the domain names are easier to remember and remain
the same while IP addresses may change over time. When a host wishes to access a particular
domain, a website for instance, a query is sent to a DNS server that processes the resolution
and gives access to the website. Therefore, the name server takes on critical importance in a
network architecture as a failure would cause the unavailability of any domain resource, for in-
stance a web page. Hence the need for several name servers and for a clear organization of
these servers.
The hierarchical structure of the DNS namespace can be seen as a reversed tree of domains,
and each one of them is associated with at least one DNS server. The root of the structure is
represented by a silent dot ( . ) and is followed in order by the Top-Level Domains (TLD) and the
Second-Level Domains (SLD). The TLD is a key piece of information split into the generic TLD
(gTLD) such as .com, .org or .net and the country code TLD (ccTLD) such as .us, .ca, .fr or .uk.
The whole access path to a domain reads from right to left: SLD.TLD. To illustrate this structure,
let us take the example of the web site www.efficientip.com in which efficientip.com is a domain
name composed of the top-level domain com and of the second-level domain efficientip. In this
particular example, www is the domain hostname. However, any data put left of the domain name
might as well indicate a sub-domain like in support.efficientip.com: the label support is a sub-
domain of efficientip.com.
Nowadays, at the top of the reverse tree are 13 named (DNS) authorities listed alphabetically
from A to M spread out worldwide. They all delegate names and IP addresses and gather the
same information regarding the TLDs. These servers are going to be queried only on a few occa-
sions by a host: on the one hand during the first connection to the Internet, the information retrieved
458
Introduction
is then saved not to have to query the server over and over again during Internet connections
and on the other hand when a TLD lifespan expires, to retrieve updated information.
Note
Considering that the worldwide organization depends on the root servers, it is on
very rare occasions that their IP address is modified. The first change occurred in
2007 when the L root server, operated by the ICANN, changed its IPv4 address to
199.7.83.42. In 2013, this change occurs again but this time it concerns the D root-
server, operated by the University of Maryland. On January 3rd of 2013, the D.ROOT-
SERVERS.NET will have a new IPv4 address: 199.7.91.13. For more details, refer
to http://d.root-servers.org/renumber.html or to http://www.root-servers.org/.
DNS Servers
The DNS server is here to resolve host queries and access specific areas of a network, like a
web site or web page. There are in three kinds of actions performed by servers:
• Authoritative: A server that has authority over a number of domain names and can delegate
them. See the following section DNS Zones and Resource Records for more details.
• Recursive: A server that might contain information, if not it directs the querying host toward
the relevant DNS server to solve the query.
• Cache: A server that retrieves information (query results) and keeps it saved in order not to
have to query the save information over and over again.
Keep in mind that a server can be set to be only authoritative, recursive or cache but they usually
combine the several functionalities. In theory, each time a host (e.g. a DNS client) wants to access
a domain name, it follows the steps below:
1. The DNS client host resolver sends a sequence of queries through a resolver (the host endpoint
of the DNS communication) to a recursive DNS server;
2. The recursive server contacts the authoritative servers of the root domain. One of them will
return the IP address (an NS record in reality) of the authoritative server over the concerned
TLD;
3. The recursive server uses the IP address to connect to the TLD authoritative server and obtain
the IP address of the authoritative server over the zone;
4. The recursive server uses the IP address to connect to the zone authoritative server and obtain
the queried results;
5. The recursive server sends the results back to the DNS client.
459
Introduction
.
Root Iterative
Server
.com
TLD Iterative
1 Server
3
5
.efficientip.com
Domain Iterative
Server
Obviously, such a mechanism would saturate the root zone, therefore recursive servers are
usually also cache servers and store DNS query results for a determined period of time (time-to-
live or TTL).
A DNS server can have authority over several zones and several zones can belong to one domain,
for instance mail.google.com and maps.google.com both belong to the domain google.com. A
non-contiguous namespace cannot be a DNS zone. A zone is described through the zone file,
it contains Resource Records (RRs) that translate the domain name into operational entities
(hosts, services, mail servers...) for use by the DNS software. Zone files are stocked, distributed
and can be replicated towards DNS servers.
There are a lot of different RRs, like the Start of Authority (SOA) describing the zone authority,
the Address (A in ipv4 or AAAA in IPv6) listing all the hosts contained in the zones, the Name
Server (NS) describing the DNS servers authoritative for the domain (or subdomain in case of
delegation), etc. All the RRs of a zone are listed in the zone file (e.g. MX, CNAME, PTR...) as
well as directives (e.g. TTL), all this information defines the configuration particularities of a zone.
DNSSEC
The Domain Name System Security Extensions, DNSSEC, defines a cryptographic process
whereby a name server is configured to verify the authenticity and integrity of a query result from
a signed zone. Signing a zone with DNSSEC keys adds a specific set of RRs such as Resource
Records Signature (RRSIGs), DNSKEY and Next Secure (NSEC) that enables to authenticate
the origin zone of the data, verify its integrity and, in case of a negative response to a query,
460
Introduction
provide a reliable answer regarding the existence of a record. The process is based on a chain
of trust that implies that every zone supports DNSSEC from the authoritative zone source (Master
and Slave) to the receiving DNS server. For more details, refer to the chapter DNSSEC of this
guide.
• Server: the highest level of the DNS hierarchy, where are listed the servers that contain the
zones and RRs, they can also contain views. There are 6 different types of servers that you
can create on this page: Efficient IP DNS, Microsoft DNS via AD, Microsoft DNS with agent,
Microsoft DNS Agentless, Generic DNS and Nominum ANS.
• View: an optional level between the DNS server and the DNS zones. It allows administrators
to limit users access through authorizations and restrictions, to differentiate external client vs
employee, administrator vs ordinary users... That way, a set of specific users has access to
all the data while the others receive different responses to the same DNS query.
• Zone: the second level of the DNS hierarchy where are listed the zones created and managed
through the SOLIDserver GUI. There are 6 different types of zones (Master, Slave, Forward,
Stub, Hint and Delegation-Only zones) that can be set to use the name or reverse resolution.
Creating a zone automatically adds three RRs: an SOA, an A in ipv4 or AAAA in IPv6 and an
NS.
• RR: the lowest level of the hierarchy that lists the database itself: the RRs of each or all zones
that define their characteristics.
Servers, zones and views can be added at will and all the changes made in this module can be
automatically updated in the IPAM.
At the server level, EfficientIP allows you to manage your servers on your own or through DNS
smart architectures. The smart architecture technology offers a solution for a global management
of DNS servers. You can configure them either in Master/Slave, Multi-Master, Stealth or Single
Server architectures. The main advantage being that the smart architecture configuration will
provide a backup of a specific configuration that will allow you not to loose time or data if a
physical server crashes or stops responding. For more details, refer to the following chapters
Deploying DNS Smart Architectures and Managing DNS Smart Architectures.
461
Chapter 37. Deploying DNS Smart
Architectures
The current approach of DNS service management is mainly limited at the single server manage-
ment level, restricting service configuration and management with a server per server approach
even if it is done from a centralized platform. This approach is insufficient to ensure service reli-
ability, security and easiness of management. It could weaken your DNS architecture because:
Indeed, even if the configuration has been simplified with the GUI, it is still complex, expensive
and requires experts to deploy and configure all servers in coherent architectures of DNS-DHCP
services. The smart architecture is a new approach to DNS services management to drastically
simplify deployment and administration of your network service.Thanks to the smart architecture,
SOLIDserver offers the capability of managing your DNS services not only at the server level but
at the architecture level.
The smart architecture offers a library of DNS architectures that are ready to apply on a set of
servers. The DNS smart architecture library includes:
• Master/Slave.
• Multi-Master.
• Stealth.
• Single server.
• Farm.
Note
Since version 5.0.2, all the DNS smart architectures designed for more than one
server can contain several Master servers. This sets up an even more secure
environment: if one Master server crashes or stops responding, the other one takes
over and ensures service availability.
Smart architecture supports EfficientIP SOLIDserver servers and legacy DNS servers such as:
Smart architecture allows managing other DNS servers supporting DDNS (RFC2136) with the
single ability of updating the domains and not the server configuration or the zone configuration.
In that way, the server configuration and the zone configuration must be done locally on the
server. This configuration is useful when you are only allowed to update zones on a DNS partner.
462
Deploying DNS Smart Architectures
DNS
Master
DNS DNS
Slave Slave
DNS
Master
DNS DNS
Master Master
With the smart architecture, updating a DNS server can be done from the management console,
from a DHCP allocation or from Microsoft DNS clients that update themselves their names by
using the Dynamic DNS (DDNS) mechanism:
• When a multi-master smart architecture is updated from the management console, then all
configuration will be automatically pushed toward all DNS servers belonging to the smart archi-
tecture.
463
Deploying DNS Smart Architectures
• When a DNS server receives a dynamic update from a DNS client, the multi-master smart ar-
chitecture will replicate the update to all DNS server it belongs. This replication is automatic
and need any manual operations.
• When a DHCP server offers a new IP address, the SOLIDserver IPAM appliance updates the
multi-master smart architecture to update all DNS server it contains.
A primary DNS server is eliminated as a single point of failure. Traditional DNS replication is
single-master; it relies on a primary DNS server to update all the secondary servers. Unlike tra-
ditional DNS replication, Directory Server Replication is multi-master. Changes made to a zone
can be replicated to one or more Directory Servers. (Note: Refer to the vendor specific information
regarding the Directory Server that you will be using, and its replication capabilities.)
DNS Hidden
Master
The visible secondary DNS server contains only slave zones, then it is less exposed to DNS at-
tacks because the real authoritative primary server is hidden. Zone transfers can be allowed from
the secondary servers as required but they do not transfer or accept transfers from the stealth
server.
One of the main advantage of this architecture is that the primary server can be offline for main-
tenance without causing any interruption to DNS service within the expiration duration (30 days)
set for the validity of its zone data.
464
Deploying DNS Smart Architectures
DNS
Single
This architecture is therefore a backup in itself. Moreover, managing a physical server through
a Single server architecture will ease up any migration of change of architecture. If after a few
weeks, for instance, you want to set up a Master/Slave architecture, you will simply edit the smart
architecture, change it to Master/Slave, add another physical server and define which one acts
as a master and which one as a slave.
DNS
Master
DNS
Slaves
465
Chapter 38. Managing DNS Smart
Architectures
Understanding DNS Smart Architectures Statuses
Within the SOLIDserver GUI, the smart architecture status provides useful information regarding
the configuration.
Moreover, the Sync (i.e. synchronization) column provides additional information regarding the
exchanges between the smart architecture and the physical server(s).
If the check is conclusive, the information is sent to the server and the Sync status is Synchronized.
However, if any error is found during that check the verification stops and the Locked Synchron-
ization status appears on the All servers page in the Sync column the next time the page refreshes.
To get a valid synchronization status again, you need to "undo" the latest changes, this will load
a new synchronization and uploads the status accordingly.
Once the server is in Locked synchronization, the corrupted configuration file is automatically
stored locally on the appliance and available for download in the Local Files Listing. It will be
named <server_name>-named.conf. We advice that you take a look at this file because after the
first found error, the check stops and returns the Locked synchronization status. So if there are
several errors, the status will be returned over and over again until the file is conclusive and can
be sent to the physical server.
The check for failure in the configuration file can be done though CLI (we recommend it) or through
the GUI.
466
Managing DNS Smart Architectures
3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/named-checkconf /data1/exports/<server_name>-named.conf
4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.
To look for DNS errors on the syslog page of the local appliance
1. Go to the Administration page. If the homepage is not displayed click on . The homepage
appears.
2. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
3. In the SOLIDserver drop-down list, verify that the local appliance is selected. Only the host-
name will appear with no IP address.
4. In the Services drop-down list, select named. The logs appear.
There are five different kinds of smart architectures: Master/Slave, Multi Master, Stealth, Farm
and Single-Server. Keep in mind that every DNS smart architecture sets up an active/active
configuration. In the procedures below, we are going to describe the configuration of the DNS
smart architectures with the DNS servers they manage, but you can go through the configuration
without adding any server and do it later, see part Adding a DNS Server into a Smart Architecture
for more details.
Note
Since version 5.0.2, the Farm, Master/Slave, Multi-Master and Stealth smart ar-
chitectures can manage several Master servers.This sets up an even more secure
environment: if one Master server crashes or stops responding, the other one takes
over and ensures service availability.
Once the configuration is completed, the DNS smart architecture appears in the All servers list
as a real server.
Figure 38.1. DNS Smart Architecture configuration not managing any DNS server
467
Managing DNS Smart Architectures
As you can see, the column Type indicates the kind of smart architecture applied, the DNS smart
members column is marked N/A and for that reason, the server status is Invalid settings.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:
468
Managing DNS Smart Architectures
DNS
Master
DNS DNS
Slave Slave
7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:
a. In the Available DNS servers drop-down list, select the master server and click on +
MASTER . The server is moved to the Master DNS servers list. You can add several
master servers if you want, in which case if one crashes the other takes over. To remove
a server from the list, select it and click on .
b. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .
If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.
Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.
To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (master/slave) in the Type column. If your
469
Managing DNS Smart Architectures
configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.
Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:
470
Managing DNS Smart Architectures
Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard.For more details, refer
to the chapter Default Behaviors of this guide.
DNS
Master
DNS DNS
Master Master
7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:
• In the Available DNS servers drop-down list, select a server and click on + MASTER . The
server is moved to the Master DNS servers list. You can add several master servers if
you want, in which case if one crashes the other takes over. To remove a server from
the list, select it and click on .
If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.
Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.
To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
471
Managing DNS Smart Architectures
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (multi-master) in the Type column. If your
configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.
Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:
472
Managing DNS Smart Architectures
Fields Description
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.
DNS Hidden
Master
a. In the Available DNS servers drop-down list, select the master server and click on +
HIDDEN-MASTER . The server is moved to the Hidden-master DNS server(s) list. Repeat
this action for as many master servers as needed. To remove a server from the list,
select it and click on .
b. In the Available DNS servers drop-down list, select the slave server you want to use as
pseudo master and click on + PSEUDO-MASTER . The server is moved to the Pseudo-master
DNS server (slave server used as decoy) field. To remove the server from the field,
click on .
c. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .
If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.
473
Managing DNS Smart Architectures
b. In the NS record field, type in the name server of your choice. It can also be the hostname
of an external load balancer.
c. Click on ADD . The name server is moved to the Published name servers list. Repeat
these actions for as many NS records as needed.
Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.
To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (stealth) in the Type column. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner.
Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:
474
Managing DNS Smart Architectures
Fields Description
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. For more details, please refer
to the DNSSEC chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.
DNS
Single
• In the Available DNS servers drop-down list, select the server and click on + MASTER .
The server is moved to the Master DNS servers list.You can add several master servers
if you want, in which case if one crashes the other takes over. To remove a server from
the list, click on .
If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.
475
Managing DNS Smart Architectures
Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.
To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (single-server) in the Type column. If your
configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.
Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:
476
Managing DNS Smart Architectures
Fields Description
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. For more details, please refer
to the DNSSEC chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.
DNS
Master
DNS
Slaves
7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:
a. In the Available DNS servers drop-down list, select the master server and click on +
MASTER . The server is moved to the Master DNS servers list. You can add several
master servers if you want, in which case if one crashes the other takes over. To remove
a server from the list, select it and click on .
477
Managing DNS Smart Architectures
b. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .
a. In the NS record field, type in the hostname of your external load balancer if need be.
It can also be a name server.
b. Click on ADD . The name is moved to the Published name servers list. Repeat these
actions for as many load balancers or NS records as needed. The DNS clients will from
then on send their request to the specified load balancer(s) that will redirect the requests
to the least used server. Keep in mind that each NS record will be saved in each zone
and displayed on the All RRs list of the physical servers managed by the smart architec-
ture.
Note
To run properly, your load balancer must be configured to list all the DNS
servers managed by the smart architecture and should be manually updated
if you change the list of physical servers managed by the architecture.
To perform changes in the Published name servers list, select a record and click on
UPDATE or DELETE depending on your needs. When updating, you can discard any
changes using CANCEL .
11. If you want to display the Hybrid dedicated fields, tick the Export mode checkbox.
12. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (farm) in the Type column. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner.
Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.
478
Managing DNS Smart Architectures
Warning
When you add one or more DNS servers into a smart architecture, the data is replic-
ated from the smart architecture to the chosen DNS server(s). So if the smart archi-
tecture is empty (first use), the selected DNS server configuration will be totally
overwritten with nothing.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. In the DNS server type list, make sure DNS smart architecture is selected. Click on NEXT .
The next page of the wizard appears.
6. If need be, modify the smart architecture basic parameters. For more details, refer to the
table DNS Smart Architecture Basic Parameters in this guide. Click on NEXT . The next page
of the wizard appears.
7. In the DNS smart architecture list, modify the type of DNS smart architecture if need be.
Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. In the Available DNS servers drop-down list, select the DNS server of your choice.
9. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding Hidden-master, Pseudo-master, Master or Slave DNS servers list.You can remove
the server from the list using . Repeat these actions for as many servers as needed.
10. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
11. Click on OK to commit your changes. The report opens and closes. You can display the
smart architecture physical servers on the All servers list using the button in the upper
right corner.
479
Managing DNS Smart Architectures
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT . The next page of the wizard opens.
6. Click on NEXT . The next page of the wizard opens.
7. Click on NEXT . The next page of the wizard opens.
8. Select the server to remove and click on next to the corresponding list. The server has
been moved back to the Available DNS servers drop-down list. Repeat this action for the
other servers you want to remove.
9. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
10. Click on OK to commit your modifications. The report opens and closes. If your configuration
is still managing DNS servers, you can display them in the All servers list using the button
in the upper right corner.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT . The next page of the wizard appears.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. Select the server you want to modify and click on next to the corresponding list. The
server is moved back to the Available DNS servers drop-down list. Repeat this action for
any server whose role you want to change.
480
Managing DNS Smart Architectures
9. In the Available DNS servers drop-down list, select the DNS server of your choice.
10. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding list. Repeat these actions for the other servers.
11. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
12. Click on OK to commit your modifications. The report opens and closes. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner. The Role column displays the server(s) new role.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. In the DNS server type list, make sure DNS smart architecture is selected. Click on NEXT .
The next page of the wizard appears.
6. If need be, modify the smart architecture basic parameters. For more details, refer to the
table DNS Smart Architecture Basic Parameters of this guide. Click on NEXT . The next page
of the wizard appears.
7. In the DNS smart architecture list, modify the type of your DNS smart architecture. Click on
NEXT . The DNS servers role configuration page of the wizard appears.
8. Select the server you want to modify and click on next to the corresponding list. The
server is moved back to the Available DNS servers drop-down list. Repeat this action for
any server whose role you want to change.
9. In the Available DNS servers drop-down list, select the DNS server of your choice.
10. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding list. Repeat these actions for the other servers.
a. In the NS record field, type in the hostname of your external load balancer if need be.
It can also be a name server.
481
Managing DNS Smart Architectures
b. Click on ADD . The name is moved to the Published name servers list. Repeat these
actions for as many load balancers or NS records as needed. The DNS clients will from
then on send their request to the specified load balancer(s) that will redirect the requests
to the least used server. Keep in mind that each NS record will be saved in each zone
and displayed on the All RRs list of the physical servers managed by the smart architec-
ture.
Note
To run properly, your load balancer must be configured to list all the DNS
servers managed by the smart architecture and should be manually updated
if you change the list of physical servers managed by the architecture.
To perform changes in the Published name servers list, select a record and click on
UPDATE or DELETE depending on your needs. When updating, you can discard any
changes using CANCEL .
12. Click on OK to commit your changes. The report opens and closes. The All servers listing
page is visible again. The Type column displays your changes.
If you want to delete a smart architecture because you want to change the smart architecture,
note that you do not need to delete the smart architecture at all. See the part Changing the Type
of DNS Smart Architecture for more details.
Note
You cannot delete a smart architecture if it is still managing DNS servers.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. If the smart architecture is managing DNS servers, remove them according to the section
Removing a DNS Server from a Smart Architecture of this guide.
4. Tick the smart architecture you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The smart architecture is
no longer listed. All the servers that used to be managed are listed as DNS servers of
whatever kind in the Type list.
482
Managing DNS Smart Architectures
Granting access to a smart architecture as a resource will also make every physical server it
contains available. For more details, refer to the section Assigning Objects as Resource in the
chapter Managing Groups of administrator of this guide.
483
Chapter 39. Managing DNS Servers
Within the DNS module, the server is the highest level of the hierarchy where you set the basis
of any DNS configuration. You can either manage servers independently or a within a smart ar-
chitecture that will allow you to configure a number of useful parameters. The smart architectures
also provide a backup of the configuration, which is very useful if your server were to crash. For
more information regarding the available smart architectures for DNS see the Deploying DNS
Smart Architectures and Deploying DNS Smart Architectures chapters of this documentation.
view
zone
dns-navsrv
RR
SOLIDserver displays the DNS servers it manages from a list.You can display the list of the DNS
servers by clicking on DNS servers navigation bar from the DNS tab.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The server properties pages
opens.
On the properties page of a physical server, the DNS server statistics panel displays all queries
statistics in a set of graphs.
484
Managing DNS Servers
Note that the Sync column will change in accordance with the Status column: while the server
synchronization is not OK yet, the Sync column might be Busy. In the same way, a physical
server can be in Locked Synchronization like a smart architecture. Refer to the Locked Synchron-
ization Status section of this guide for more details.
Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the server compatibility with Hybrid. For more details, refer
to the Multi-status Column section or the chapter Hybrid DNS Service of this guide.
485
Managing DNS Servers
Warning
Before managing a new DNS server, make sure that the DNS service is correctly
started on the remote SOLIDserver, please refer to the Services Configuration chapter
of the SOLIDserver guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS. The Add a DNS server wizard opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the following fields to set up the basic server configuration:
6. In the Management Protocol drop-down list, select SSL (the default value) or SNMP. De-
pending on your selection, the Configure SSL parameters or the Configure SNMP parameters
section is visible.
a. If you selected SSL, tick the box if you modified the SSH login and password: SSL and
SSH login and password need to match. Once, the box is ticked, the fields Login and
Password appear. By default, they are both filled with admin. You can edit them both.
b. If you selected SNMP, type in the SNMP protocol related parameters that were used to
configure the remote DNS server (by default set to Hide):
486
Managing DNS Servers
Fields Description
Use TCP transport Use the TCP protocol instead the UDP when the network link is
not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. By default, SOLIDserver con-
figures three SNMP security profiles with three levels of security
(SNMP v1, v2c and v3).
SNMP retries The number of SNMP retries on timeouts.
Timeout The SNMP timeout in seconds.
7. In the Mode drop-down list, you can set up the following parameters:
8. Click on OK to commit your creation. The report opens and closes. The server is listed. The
server might appear Busy in the status column. It will change to OK after a while.
Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.
5. In the SNMP version drop-down list, select the SNMP version you wish to use.
6. In the SNMP Port field, fill in the SNMP service port number to be used.
487
Managing DNS Servers
Note
By default, SOLIDserver defined the port number 1161 as the SNMP port used
for the DNS. Under certain configurations, when a server is already using this
port, you may modify its value.
9. Click on OK to commit your changes or CANCEL to discard your changes. The properties
page is visible again.
• Agentless Microsoft DNS Server: SOLIDserver provides a way of managing your Microsoft
DNS server from the GUI. This method does not require the installation of a WinDNS agent
like it used to. For more details, refer to the section Managing an Agentless Microsoft DNS
Server below.
• Microsoft DNS Server via Active Directory: even if your server is integrated to Active Directory
you can manage it from SOLIDserver interface. For more details, refer to the section Managing
a Microsoft DNS Server via Active Directory below.
• Microsoft DNS Server with Agent: EfficientIP provides a dedicated agent to manage your
Microsoft DNS servers. This agent allows to remotely control Microsoft DNS servers, this way
you can configure DNS zones, DNS options, and resource records. This agent is provided as
a Microsoft Windows service, it can be monitored through the service management interface
provided by Microsoft. For more details, refer to the section Managing a Microsoft DNS Server
with Agent below.
1
This page is accessible from the Administration tab homepage, select in the menu System > SNMP profiles configuration.
488
Managing DNS Servers
The remote management of Microsoft DNS servers still relies on Microsoft Management Console
(MMC). When you make changes directly from the MMC, SOLIDserver automatically detects it
and loads it in its database to make them available right away in the GUI.
The Agentless Microsoft DNS server management through SOLIDserver is based on the Microsoft
Remote Procedure Calls (MSRPC). This inter-process communication technique provides an
efficient method to extend the notion of conventional, or local procedure calling, in such a way
that there is no need to have the called procedure and the calling procedure in the same space
of addresses anymore. The two processes can either be on the same system or on different
systems as long as they have a network connecting them. That way, programmers of distributed
applications avoid the details of the interface with the network. Plus, the transport independence
of RPC isolates the application from the physical and logical elements of the data communications
mechanism and allows the application to use a variety of transports.
Through MSRPC, the client first calls a procedure to send a data packet to the server. Upon re-
ception of the packet, the server calls a dispatch routine to perform the requested service, and
then sends back a reply. Finally, the procedure call returns to the client. That's how EfficientIP
offers a new way of managing your Microsoft DNS server and no longer requires the installation
of an agent. This simplifies drastically the Windows server management.
The procedure to add an Agentless Microsoft DNS Server is fairly similar to the other Microsoft
DNS servers. Keep in mind that before proceeding you will need the credentials of a user with
sufficient privileges to manage the server.
Note that if your Microsoft DNS server is integrated to an AD with several forests, you can use
the Expert mode to display the AD domain field under the credentials fields and type the domain
of the AD that you want to manage through SOLIDserver:
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Microsoft DNS (agentless). The Add a DNS server wizard
opens.
4. If you or your administrator created classes at the all servers level, you can select one or
None. Click on NEXT . The next page of the wizard appears.
5. In the DNS server name field, name your server or type in an FQDN containing the Microsoft
DNS server followed by the domain as follows: servername.domain.
489
Managing DNS Servers
6. In the Management IP address field, type in the IPv4 address of the Microsoft DNS server
you want to manage.
Tip
With the proper network configuration (Administration tab), if you enter the name
of your DNS server in this field and click on SEARCH , the IP address will be re-
trieved through the DNS and displayed.
7. In the Isolated section, tick the box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as it will prevent the server
from pushing any data to the DHCP. Keep in mind that the server will still receive data if your
network configuration allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure that the configuration
you set suits your needs before you untick the box.
8. In the Description field, you can type in a description if you want.
9. In the Mode drop-down list, you can set up the following parameters:
Warning
When configuring the MS Agentless DNS server, the zones allow-transfer ACL must
contain the management IP address.
The management of Microsoft DNS servers within SOLIDserver has some limitations closely
linked to the MS limitations themselves. For more details regarding the MS servers limitations
refer to the documentation provided by Microsoft.
490
Managing DNS Servers
Server Limitations
ACL Limitations
Zone Limitations
RR Limitations
The Agentless MS DNS server management supports the following resource records: SOA, A,
NS, PTR, MX, CNAME, SRV, TXT and AAAA.
491
Managing DNS Servers
SOLIDserver supports the management of Microsoft domains integrated in Active Directory even
with with zones stored on Domain Controllers (DC). To control Microsoft DNS servers, SOLID-
server uses the DDNS (RFC2136) protocol. In addition, it relies on the GSS-TSIG algorithm to
secure users authentication as it provides a modified form of TSIG authentication that uses the
Kerberos v5 authentication system (RFC3645). SOLIDserver connects directly on the Active
Directory to retrieve the Microsoft domains you already configured.
This management method does not need a remote agent to manage DNS domains integrated
within Active Directory. An account must be created for SOLIDserver to allow it to connect to the
Active Directory server and to the DNS server that authenticate on its local Domain Controller
(DC). The creation of this account and its configuration is detailed in the following sections. The
management capabilities of these servers are more restricted than others DNS servers like Effi-
cientIP ones. As long as Microsoft DNS servers run through Active Directory, the content of their
Master Zones is manageable by SOLIDserver.
Prerequisites
Caution
The Microsoft DNS Agentless cannot create DNS zone.
A user account with DNS administrator rights must be created in the Active Directory base to allow
SOLIDserver to perform updates on the Microsoft domains.
1. On the Microsoft Active Directory server, launch the Active Directory user configuration
tool.
2. Create a new user account for SOLIDserver, validate it by clicking on OK.
3. Edit the new user account properties and make it a member of DnsAdmins group.
4. Close the tool, by clicking on OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
492
Managing DNS Servers
3. In the menu, select Add > Server > Microsoft DNS (via AD). The Add a DNS server wizard
opens.
4. If you or your administrator created classes at the all servers level, you can select one or
None. Click on NEXT . The next page of the wizard appears.
5. Fill in the following fields to set up the basic server configuration:
6. In the Mode drop-down list, you can set up the following parameters:
493
Managing DNS Servers
Caution
The Microsoft Server and SOLIDserver must be configured with the same time. In
addition, the zones that we want to handle must be configured to allow transfers.
The DNS resolver of SOLIDserver must be able to solve the name of the Microsoft
DNS server.
For more details regarding AD domains through the GUI, refer to the section Hosting Active dir-
ectory Domain Zones of this guide.
1. Display the properties page of the DNS server. For more details, see To display the properties
of a DNS Server
2. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
3. If the DNS Server type field, change the type if need be.
4. Click on NEXT . The last page of the wizard opens.
5. Fill the requested fields:
6. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the server(s) you want to delete and in the menu select Edit > Delete. The Delete wizard
opens.
4. Click on OK to commit your choice. The report opens and closes. The server(s) is no longer
listed.
494
Managing DNS Servers
Prerequisites
• An open TCP port (4001 by default) on the Windows server must be accessible from manage-
ment platform.
• A Windows 2000, 2003, or 2008 server with Microsoft DNS service already configured.
• The IP address of the EfficientIP management platform must be added in the allow-transfer
access list of each DNS servers to manage.
• To be connected on DNS server with the Windows administrator rights during the installation
of the service.
Modification, update or removal of the WinDNS Manager service requires stopping the DNS
service on the Windows server during this procedure. The WinDNS Manager installation needs
the Windows DNS server to restart. It is not recommended to use the WinDNS Manager service
competition with a non Microsoft DNS system control.
Installing WinDNSManager
495
Managing DNS Servers
3. After Ready to Install page, click on Next to install. The next page of the wizard appears.
4. In the Completing the WinDNSManager Setup Wizard page, click on Finish to finish the in-
stallation.
The following operations will be done during the installation on Microsoft Windows 2000 server:
The following operations will be done during the installation on Microsoft Windows 2000 server:
1. Open the configuration panel of the Windows server, from the Start > Parameters > Config-
uration Panel.
2. In the Configuration Panel window, double click on the WinDNSManager icon, the
WinDNSManager service open a new window.
496
Managing DNS Servers
3. In the IPMServer Address field, enter the IP address of the SOLIDserver platform.
4. Enter the port that the management platform will use to connect to the agent. The port
number 4001 is used by default.
5. Tick the Read only mode checkbox to refuse all changes made from the management plat-
form.
6. If you plan on using secure the connection between the management platform and the
WinDNSManager agent, you must tick the SSL Enabled checkbox.
Once you have selected the SSL mode, the Certificate file field appears. You have the
choice to set the SSL certificate:
7. From the Logging level list, select the level of debugging you would display. This setting is
used to specify the type of severity is logging the message in the file C:\Program
Files\eip\windns.log.
8. Enter in the Max log size the maximum size of the log file.
9. Click on OK to apply the configuration.
10. The window will automatically close once WinDNS Manager has restarted.
Installing the DNS package allows you to use the DNS module of SOLIDserver at the best of its
potential on Linux, Unix, FreeBSD and Solaris: it allows you to manage your BIND server through
an EfficientIP DNS server, which incidentally provides all the options that come with it (DNS
statistics, etc.).
497
Managing DNS Servers
• The EfficientIP BIND package platform must have at least 8Mo of free memory space;
• EfficientIP BIND package may need certain libraries of your operating system, you must have
a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must have the media (CDROM) or access the operating system distribution of your server
by the network;
• You must install the native SNMP library of your Linux system;
• You must be sure not to interfere with an existing SNMP service on your server;
• You must make sure that SNMP ports (161, 162) are not blocked by a network filtering process
(firewall).
The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.
Note
The results of the commands can be different according to the platform characteristics.
The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the management SOLIDserver changes or if the IP address (or name) of server
hosting the DNS service, it is recommended to re-execute the configuration script.
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
498
Managing DNS Servers
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done
The Debian init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdns because
it is standard and easy to use with Debian.
The Debian init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represent the six default runlevels configured by default under Debian. The
launch and halt scripts are located in these directories.
To launch ipmdns
• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start
To halt ipmdns
• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop
Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.
499
Managing DNS Servers
The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.
Note
The results of the commands can be different according to the platform characteristics.
The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.
The FreeBSD init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdns because it is standard and easy to use with FreeBSD.
500
Managing DNS Servers
The FreeBSD init files are located in the /usr/local/etc/rc.d/ et /usr/local/etc/init.d directories. Each
of the numbered directories /usr/local/etc/rc.d represent the six default runlevels configured by
default under FreeBSD. The launch and halt scripts are located in these directories.
To launch ipmdns
• Execute under root login the ipmdns script with the start parameter:
# /usr/local/etc/init.d/ipmdns.sh start
To halt ipmdns
• Execute under root login the ipmdns script with the stop parameter:
# /usr/local/etc/init.d/ipmdns.sh stop
Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.
The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.
Note
The results of the commands can be different according to the platform characteristics.
The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.
501
Managing DNS Servers
#/usr/local/nessy2/script/configure/configure_ipmdns.sh
==================================================
Checking
==================================================
+ checking for awk... /bin/awk+ checking for chown... /bin/chown
+ checking for ness-dns.conf... /usr/local/share/snmp/ness-dns.conf
+ checking for hostname... /bin/hostname+ checking for sed... /bin/sed
+ checking for hardware architecture...i686
+ checking for processor architecture...unknown
+ checking for operating system name...Linux
+ checking for operating system release...2.4.20-28.7
+ checking for hostname...rh73.intranet
==================================================
Configuration requests
==================================================
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done
The RedHat/Suse init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdns because it is standard and easy to use with RedHat.
The RedHat/Suse init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the
numbered directories /etc/rc.d represent the six default runlevels configured by default under
RedHat/SUse. The launch and halt scripts are located in these directories.
To launch ipmdns
• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start
To halt ipmdns
• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop
Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.
502
Managing DNS Servers
The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.
Note
The results of the commands can be different according to the platform characteristics.
503
Managing DNS Servers
/etc/rc1.d/K15ipmdns
/etc/rc2.d/K15ipmdns
/etc/rc3.d/S51ipmdns
/etc/rcS.d/K15ipmdns
/usr/local/nessy2/bin/named
/usr/local/nessy2/bin/rndc
/usr/local/nessy2/script/configure/configure_ipmdns.sh
/usr/local/nessy2/share/named/named.conf.sample
/usr/local/nessy2/share/named/named.root.sample
/usr/local/nessy2/share/snmp/ness-dns.conf.sample
[ verifying class <none> ]
## Executing postinstall script.
To configure iPmDns: /usr/local/nessy2/script/configure/configure_ipmdns.sh
To start iPmDns: /etc/init.d/ipmdns startInstallation of <ipmdns> was successful.
The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.
The Solaria init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdns because
it is standard and easy to use with Solaris.
The Solaris init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represent the six default runlevels configured by default under Solaris. The
launch and halt scripts are located in these directories.
504
Managing DNS Servers
To launch ipmdns
• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start
To halt ipmdns
• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop
Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.
Prerequisites
• The DNS package file, ipmdns-5.x.x-debianxx-amd64.deb, whose name provides you with a
number of information separated by hyphens: the type of package (ipmdns, so a DNS package),
the version of SOLIDserver (5.x.x); the version of Debian (debianxx where xx is x dot x) and
finally the Debian architecture (amd64). In the procedure below, this file will be referred to as
ipmdns*;
• The EfficientIP BIND package platform must have at least 20 Mo of free disk space;
• The EfficientIP BIND package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that Apache server is up-to-date and running.
• You must make sure that SOLIDserver and Debian/Ubuntu are set to the same time and date,
• You must make sure that HTTPS (port 443) and the DNS service (port 53) are not blocked by
a network filtering process (firewall).
Note
If your Apache configuration already uses the port 443, you have to create an ad-
ditional IP-based VirtualHost dedicated to the DNS management.
505
Managing DNS Servers
You can install the EfficientIP DNS Package on both Debian and Ubuntu Linux.
If you have not installed the DHCP packages yet, you need to:
1. follow the procedure To install the EfficientIP DNS Package on Debian and Ubuntu.
2. follow the procedure To complete the DNS package installation on Debian/Ubuntu if the DHCP
package is not installed.
If you already installed the DHCP packages, you only need to follow the procedure To install
the EfficientIP DNS Package on Debian and Ubuntu below.
The procedure below includes the commands that make the webservices configurable.
3. Install the dependency packages, ONLY if you have not installed the EfficientIP DHCP
package, using the following commands:
# apt-get install php5
# apt-get install sudo
# apt-get install snmpd
4. If you are using Ubuntu, install the package on Ubuntu using the following command (only
if you have not installed the DHCP package yet):
# aptitude install libssl0.9.8
6. Make the webservices configurable: in the directory /etc/sudoers.d, create the file ipmdns
containing the line below.
www-data ALL = NOPASSWD: /usr/local/nessy2/script/install_named_conf.sh, \
/usr/local/nessy2/script/push_default_zone_params.sh, \
/usr/local/nessy2/script/push_dnssec_keys_zones.sh, \
/usr/local/nessy2/script/move_dnszone_file.sh, \
/usr/local/nessy2/script/restore_named_conf.sh, \
/usr/local/nessy2/script/delete_zone_file.sh, \
/usr/local/nessy2/script/restore_zone_file.sh, \
/usr/local/nessy2/bin/rndc
Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dns/.htpasswd admin
506
Managing DNS Servers
If you have not installed the DHCP package or are not planning on installing it, you must
follow the procedure below. Otherwise, if you already completed the basic configuration of the
DNS package on Debian or Ubuntu, you can add your BIND server following the package v5
dedicated procedure in the Adding a BIND DNS Server section of this guide.
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000
SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>
8. Disable the default site in Debian Apache configuration using the following commands:
507
Managing DNS Servers
# cd /etc/apache2/sites-enabled
# unlink 000-default
10. Make sure that the ipmdns package is running using the following command line:
# service ipmdns status
Once the configuration is complete, you can add and manage EfficientIP DNS servers, provided
that they also have the package installed, through SOLIDserver GUI. Refer to the package v5
dedicated procedure in the Adding a BIND DNS Server section.
Prerequisites
• The DNS package file, ipmdns-5.x.x-redhatx.x86_64.rpm, whose name provides you with a
number of information separated by hyphens or a point: the type of package (ipmdns, so a
DNS package), the version of SOLIDserver (5.x.x); the version of RedHat (redhatx) and finally
the Debian architecture (x86_64).
• The EfficientIP BIND package platform must have at least 20 Mo of free disk space;
• The EfficientIP BIND package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that SOLIDserver and RedHat/CentOS are set to the same time and date,
• You must make sure that HTTPS (port 443) and the DNS service (port 53) are not blocked by
a network filtering process (firewall).
You can install the EfficientIP DNS Package on both RedHat and CentOS Linux.
If you have not installed the DHCP packages yet, you need to:
1. follow the procedure To install the EfficientIP DNS Package on RedHat and CentOS.
2. follow the procedure To complete the DNS package installation on RedHat/CentOS if the
DHCP package is not installed.
If you already installed the DHCP packages, you only need to follow the procedure To install
the EfficientIP DNS Package on RedHat and CentOS below.
In the installation procedure below, we will also include the commands that make the webservices
configurable.
508
Managing DNS Servers
3. If you already installed a DNS package on your system, remove it using the following com-
mand:
# yum remove bind
4. Install the dependency packages, ONLY if you have not installed the EfficientIP DHCP
package, using the following commands:
# yum install net-snmp php mod_ssl sudo php-pdo
6. If you do not have the /etc/sudoers.d/ directory on your system yet, create it using the following
command:
# mkdir /etc/sudoers.d/
7. Make sure that the etc/sudoers file contains the lines below:
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dns/.htpasswd admin
If you have not installed the DHCP package or are not planning on installing it, you must
follow the procedure below. Otherwise, if you already completed the basic configuration of the
DNS package on RedHat and CentOS, you can add your BIND server following the package v5
dedicated procedure in the Adding a BIND DNS Server section of this guide.
509
Managing DNS Servers
a. To disable the firewall on the current session, use the following command:
# iptables -F
3. If Apache did not start automatically, start it using the following command:
# chkconfig httpd on
4. Disable selinux. In the file /etc/selinux/config, modify the line SELINUX=enforcing to match
the following one:
SELINUX=disabled
Note
Changing the selinux policy requires you to restart the system.
6. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440
9. Configure the webservices. In the file /etc/httpd/conf.d/ssl.conf, replace the FULL VirtualHost
section with the configuration below:
<VirtualHost *:443>
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000
SSLEngine on
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
510
Managing DNS Servers
php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
<Directory /usr/local/nessy2/www/php>
AllowOverride All
</Directory>
</VirtualHost>
10. Check the apache configuration syntax using the following command:
[root@redhat5-64 conf.d]# apachectl configtest
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName
Syntax OK
12. Make sure that the ipmdns package is running using the following command line:
# service ipmdns status
Once the configuration is complete, you can add EfficientIp DNS servers to manage your BIND
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the package v5 dedicated procedure in the Adding a BIND DNS Server section.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS Package. The Add a DNS server wizard
opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the following fields to set up the basic server configuration:
511
Managing DNS Servers
7. In the Mode drop-down list, you can set up the following parameters.
512
Managing DNS Servers
Fields Description
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.
8. Click on OK to commit the creation. The report opens and closes. The list is visible again.
The server appears in the list with status Busy. It will change to OK after a while.
Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.
Once the EfficientIP server is added, you will need to configure the SNMP and TSIG Keys in order
to manage your BIND server through the GUI.
With EfficientIP BIND Linux packages v4, you will need to configure the Simple Network Manage-
ment Protocol (SNMP) to control every aspect of the BIND server management.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.
5. In the SNMP version drop-down list, select the SNMP version you wish to use.
6. In the SNMP Port field, fill in the SNMP service port number to be used.
Note
By default, SOLIDserver defined the port number 1161 as the SNMP port used
for the DNS. Under certain configurations, when a server is already using this
port, you may modify its value. In this case, do not forget to modify it in the
system configuration of the remote server.
7. In the four remaining drop-down lists, select the needed values in accordance with the in-
formation below:
513
Managing DNS Servers
10. Click on OK to commit your changes. The properties page is visible again.
With EfficientIP BIND Linux packages v4, SOLIDserver uses Remote Name Daemon Control
(RNDC) to manage BIND servers. To establish the communication with the BIND server, you
need to configure specific TSIG (Transition SIGnatures) keys. These keys can also be used to
configure dynamic updates (DDNS).
Note
With EfficientIP BIND Linux packages v5, the RNDC configuration is useless as the
SSL will systematically over-write the changes made manually. To configure RNDC,
you will need to do so at server level on the smart architecture properties page.
BIND mainly uses TSIG keys to establish a server to server communication including zones
transfer, recursive notification request messages. In SOLIDserver, TSIG can also be used for
dynamic updates (DDNS). A master server for a dynamic zone should use an access control for
commands updates. The IP-based access control is not sufficient, it is preferable to use TSIG
for dynamic updates as it uses the HMAC-MD5 keys to secure authentications.
HMAC is a secret-key authentication algorithm. The data integrity and data authentication used
with HMAC depend on range of secret-key distribution. If only source and destination know the
HMAC key, then the coding provides integrity of data and data authentication between both parts.
See RFC 2403.
2
This page is accessible from the Administration tab homepage, select in the menu System > SNMP profiles configuration.
514
Managing DNS Servers
1. Execute under root login, the dnssec-keygen command provided in the IPMDNS package.
# /usr/local/nessy2/bin/dnssec-keygen -a hmac-md5 -b 256 -n user rndc
Krndc.+157+07659
4. Paste the same key in the /etc/rndc.conf in the secret parameter of the key text block as
below.
key rndc {
algorithm "hmac-md5";
secret "Izq+POdZPRLqcCXoW6yBQWux4mDuQCvGuAw5jJXgN5E=";
};
options {
default-server localhost;
default-key rndc;
};
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS Package. The Add a DNS server wizard
opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
515
Managing DNS Servers
10. Click on OK to commit the creation. The report opens and closes. The list is visible again.
The server appears in the list with status Busy. It will change to OK after a while.
Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.
516
Managing DNS Servers
Once the EfficientIP server is added, you can mange your BIND server in Linux v5 through the
GUI.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Generic DNS. The Add a DNS server wizard appears.
4. Fill in the fields below:
5. Click on OK to commit the addition. The server is listed in the All servers page.
If you plan on using a TSIG key to authenticate the management console with the remote
SOLIDserver DNS, you need to edit the generic DNS server once added.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the generic server of your choice, click on . The server properties
page opens.
517
Managing DNS Servers
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. If you or your administrator configured classes at the DNS server level, the DNS server class
list is visible. You can select a class if need be or None.
6. Click on NEXT . The DNS server type list is visible.
7. Click on NEXT . The last page of the wizard.
8. Tick the Configure TSIG parameters checkbox. The TSIG fields appear.
9. Fill in the fields according to the table below.
10. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the Generic server. The All zones list opens.
4. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None.
6. Click on NEXT . The next page opens.
7. In the DNS zone type list, select Master.
8. In the DNS zone resolution list, select Name.
9. Click on NEXT , the next page opens.
10. Fill in the fields according to the table below:
518
Managing DNS Servers
13. Click on OK to commit the creation. The report opens and closes. The report opens and
closes. The zone is listed and will be marked Delayed create before being marked OK.
To fully configure and manage a Nominum DNS server, you first need to prepare the ANS security
key, or password, related to said server and follow the procedures below in order to:
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Nominum ANS. The Add a DNS server wizard appears.
519
Managing DNS Servers
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the fields below:
7. Click on OK to commit the addition. The server is listed on the All servers page.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the Nominum ANS server. The All zones list opens.
4. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. In the DNS zone type list, select Master.
7. In the DNS zone resolution list, select Name.
8. Click on NEXT . The next page of the wizard opens.
520
Managing DNS Servers
12. Click on OK to commit the creation. The report opens and closes. The report opens and
closes. The zone is listed and will be marked Delayed create before being marked OK.
521
Managing DNS Servers
Some data, like the Sources panel of physical servers, is only visible once the server has been
successfully synchronized at least once.
To synchronize servers
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the zone(s) you want to synchronize.
4. In the menu, select Edit > Synchronize. The Synchronization wizard opens.
5. Click on OK to commit the synchronization. The report opens and closes. The page reloads.
For more details regarding all the server configuration possibilities (forwarding, recursion, transfer,
blackhole, sortlist, etc.), please refer to the Configuring DNS Servers chapter of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Filter the list if need be.
4. At the end of the line of the server of your choice, click on . The properties page opens.
5. Open all the panels using .
6. In the panel of your choice, click on EDIT . The corresponding wizard opens. The panels that
do not contain the EDIT button cannot be edited.
7. Make the changes you need. Click on NEXT if need be until you get to the last page of the
wizard.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and refreshes.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Filter the list if need be.
4. Tick the server(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
522
Managing DNS Servers
6. Click on OK to commit the deletion. The report opens and closes. The server might be marked
Delayed delete until it is no longer listed.
Granting access to a server as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
523
Chapter 40. Configuring DNS Servers
This chapter contains a set of procedures regarding the DNS servers possible configurations
from the forwarding, recursion, zone transfer to the restrictions and permissions for networks or
clients to query a server or its cache. Keep in mind that any configuration will be inherited by
every view, and zone managed through the server. However, most of these configurations can
be done at the view or zone level directly and will in this case override whatever parameters you
may set at the server level.
Considering these configurations are to be set from a DNS server properties page, whether
physical or not, the order of the sections will respect the order of the panel on the properties
page.
Note
At the DNS servers level, most options provide ACL configuration fields. Keep in
mind that the order of the elements listed in the ACL values field is important as each
restriction or permission will be reviewed following the order you set in the list.
Without having a specific DNS server designated as a forwarder, all DNS servers can send
queries outside of a network using their root hints. As a result, a lot of internal, and possibly crit-
ical, DNS information can be exposed on the Internet. In addition to this security and privacy issue,
this method of resolution can result in a large volume of external traffic that is costly and inefficient
for a network with a slow Internet connection or a company with high Internet service costs.
The forwarding facility can be used to create a large site-wide cache on a few servers, reducing
traffic over links to external name servers. Forwarding is used only for queries for which the
server is not authoritative and does not have the answer in its cache.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice (smart or physical), click on . The prop-
erties pages opens.
4. Open the Forwarding panel using .
5. Click on EDIT . The Forwarding configuration wizard opens.
524
Configuring DNS Servers
6. In the Add a forwarder field, type in the address of a forwarder or its name and click on
SEARCH to retrieve its IP address.
7. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
8. In the Forward mode field, select the mode of your choice according to the table below.
9. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.
SOLIDserver selects the best forwarder from the list of forwarders and sends the query to the
forwarder with the lowest round trip time (RTT). RTT is a measurement of how long a remote
name server takes to respond to queries. Each time a SOLIDserver sends a query to a forwarder,
it starts an internal clock. When it receives a response, it stops the clock and stores of how long
that the forwarder took to respond. When the SOLIDserver must choose which forwarder to query,
it simply chooses the one with the lowest RTT.
The forwarding configuration set on a smart is automatically inherited by the physical servers it
manages, now you can choose to edit the type of forward option on a physical server. This option
is in turn inherited by the views, zones and records of the physical server and allows you to
customize the forwarding on your network.
Keep in mind that once the Forward option is set on a smart you cannot set it to none on the
physical servers it manages, but your can choose a different forward mode.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
5. Open the Forwarding panel using . The forward mode and forwarders list displayed the
smart architecture settings that were pushed to the physical server.
6. Click on EDIT . The Forwarding configuration wizard opens.
525
Configuring DNS Servers
7. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
8. Set your forwarders list:
a. In the Add a forwarder field, type in the address of a forwarder or its name and click on
SEARCH to retrieve its IP address.
b. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forward-
ers as needed.
9. In the Forward mode field, select the mode of your choice: First or Only. You cannot set the
forwarding to None once it has been set on the smart. The page refreshes. For more details
regarding these modes, refer to the Forward mode options table in the previous section.
10. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.
At any time you can reverse you changes and use the configuration set on the smart architec-
ture: edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click on
OK to commit your changes.
A recursive query requires the DNS server to return requested DNS data, or locate the data
through queries to remote DNS servers. When a DNS server receives a query for DNS data it
does not have, it first sends a query to any specified forwarders. If a forwarder does not respond
with any return, it resends the same query to the next configured forwarder until it receives an
answer. If it receives no answer or a negative answer, then it sends a non-recursive query to
specified internal root servers. If no internal root servers are configured, the DNS server sends
a non-recursive query to the Internet root servers.
The DNS properties page displays a Recursion panel that offers different DNS recursion config-
urations.
526
Configuring DNS Servers
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using . If the Recursion is set to No, click on EDIT .The Recursion
configuration wizard opens.
5. In the drop-down list, select Yes.
6. Click on NEXT . The Allow recursion page opens. For more details regarding the recursion
configuration, refer to the Limiting the Recursion at Server Level section below.
7. Click on OK to commit the recursion enabling.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using . If the Recursion is set to Yes, click on EDIT . The Recur-
sion configuration wizard opens.
5. In the drop-down list, select No.
6. Click on NEXT . The Allow recursion page opens.
7. Click on OK to terminate the recursion disabling.
Note
By default, the recursion is enabled on the DNS.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using and click on EDIT . The Recursion configuration wizard
opens.
5. Click on NEXT to skip the first step of the wizard. The Allow recursion page opens. You can
grant or deny access through the Restriction field to networks, IP addresses, ACLs, and
527
Configuring DNS Servers
keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:
Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :
1
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
2
In this paragraph, to simplify the explanation, we work the assumption that one server, the master server, will contain only master
zones and another, the secondary one, will contain only slave zones. It is evidently not accurate: usually a server will manage both
master and slave zones. However, it is customary to configure corresponding slave and master zones that are managed by a different
server.
528
Configuring DNS Servers
Caution
Any configuration of the Notify panel at view or zone level will override the configur-
ation set at server level.
Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Notify panel using and click on EDIT . The Notifying configuration wizard opens.
5. In the Notify drop-down list, set the server notification type following the table below.
6. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:
a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.
You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .
7. Click on NEXT . The Allow notify page opens. It allows to specify if the server slave zones
can receive master zones notification messages. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
529
Configuring DNS Servers
Note
The allow query property may also be specified for a view or zone configuration. In
case of configuration at the zone level it overrides the allow query defined at the
server level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. On the Allow query page, set up the authorization. You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restric-
530
Configuring DNS Servers
tions as you need using the three fields. The table below details the available options of the
Type field:
If the recursion is set to no, the cache cannot be queried, so it is useless to set an allow-
query-cache match list.
If the recursion is set to yes and the allow-recursion statement is not defined, by default the
localhost and localnets will be permitted to query the server cache.
If the recursion is set to yes and the allow-recursion statement is defined with a specific match
list, the local cache access will be granted to all the entries of the allow-recursion match list.
The match list defined will control recursive behavior as recursive queries would be useless
without access to the local cache. Typically, if a host is in the allow-recursion match list, it could
access the server the first time and get query result. However, if it is not part of the allow-query-
cache match list then it would not be able to make the same query a second time as it would be
saved on the cache to which it does not have access. On the contrary, if a host is in the allow-
query-cache match list but not in the allow-recursion match list, it would only get results for
3
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
531
Configuring DNS Servers
queries already sent by another host with the proper access rights. Hence the need to configure
carefully both these statements to avoid conflicts and absurd access configurations.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT to skip the Allow-query page.
7. On the Allow query cache page, set up the authorizations and restrictions match list. You
can grant or deny access through the Restriction field to networks, IP addresses, ACLs,
and keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:
4
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
532
Configuring DNS Servers
Note
The allow transfer property may also be specified in a zone configuration, in which
case it overrides the allow transfer property defined at the server level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT twice to skip the Allow-query and the Allow query cache pages.
7. On the Allow-transfer page, setup the authorizations.You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
Configuring a Blackhole
SOLIDserver allows to set a list of the IP addresses and network addresses you consider as
spam. The blackhole properties can be configured for an entire server including all the zones it
5
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
533
Configuring DNS Servers
contains. By default, queries are allowed from the local host and the local networks: all the ad-
dresses listed in the list will not receive any response from the server or zones. The queries will
remain unanswered, in other words ignored.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT to skip the Allow-query, the Allow query cache and Allow-transfer pages.
7. On the Blackhole page, set up the restrictions. You can deny access to network and IP ad-
dresses, they will all be listed in the ACL values list. The table below details the available
options of the Type field:
lame-ttl
This option defines the amount of time a client will keep in its cache the information sent bay
a lame server that has been queried directly. It allows to limit the time the information is kept
as, coming form a lame server, it might not be up-to-date and therefore potentially erroneous.
max-cache-size
This option limits the size of the cache memory of a server or view. When the cache memory
size reaches this threshold, the server will cause records to expire prematurely. The value
0 can be set to purge the cache only when the records TTL expires.
6
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
534
Configuring DNS Servers
These options can be set at server or view level. For more details regarding the configuration on
views, refer to the Configuring Client Resolver Cache Options at View Level section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Lame-ttl field, type in the value of your choice. This value is in seconds can be set
between 30 and 1800. The default value is 600, the maximum value is 1800 seconds.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Max-cache-size field, type in the value of your choice to set the cache memory size.
This value is in bytes. The default value is 100m.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
Within SOLIDserver, two options can be configured at the server and view level on EfficientIP
DNS server using the SSL protocol:
edns-udp-size
This option will set the EDNS UDP buffer size advertised by the server when querying a remote
server. It is set in bytes and allows to specify the size of the packets that you receive.
Typically, you would set this option to enable UDP answers to pass through broken firewalls
that block fragmented packets and/or packets greater than 512 bytes. The value set for this
option is a preference.
max-udp-size
This option will set the maximum EDNS UDP message size sent by the server. It is set in
bytes and allows to specify the maximum size of the packets that you send to a remote
server. Typically, this option would be set to enable UDP answers to pass through broken
firewalls that block fragmented packets and/or packets greater than 512 bytes.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
535
Configuring DNS Servers
5. In the Edns-udp-size field, type in the size of received packets of your choice. This value is
in bytes, and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Max-udp-size field, type in the maximum size of the packets you send. This value is
in bytes and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
The way to set the statement in the GUI is closely linked to its syntax in the zone file. The example
below will illustrate this syntax.
536
Configuring DNS Servers
In a zone file, the statement would look as follows for the zone many.example.com
// zone file example.com
$ORIGIN example.com.
many IN A 192.168.3.6
IN A 192.168.4.5
IN A 192.168.5.5
IN A 10.2.4.5
IN A 172.17.4.5
};
As you can see after the client IP, the response preferences are defined one after the other and
separated by a semi-colon.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Client address field, type in the client IP address/subnet. It must be composed of an
IPv4 address containing 1 to 4 bytes followed by the prefix: <IP address>/<prefix>.
6. In the Sort address field, type in a list of IP addresses or subnets followed by a semi-colon.
These addresses correspond to the value of an A record of the RRset for which you create
the sortlist. The statement respects the order in which you typed in the addresses. The value
must respect the format <IP address>/<prefix>; even if you only type in one sort address.
7. Once both fields are filled, click on ADD to move the client and sort addresses to the Sortlist
field. Both values are displayed as follows: {<client-IP-address>/<prefix> {<sort-IP-ad-
dress>/<prefix>;};};.By default, this field is empty.
8. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays your sortlist as follows: {<client_address_field_value>;
{<first_sort_address>;<second_sort_address;<etc>};}; .There is one sortlist per client address
defined.
537
Configuring DNS Servers
Through the Sources and Sources V6 panels, you can configure physical interfaces, through
their IP address, that will be used for the server transfer and notify options. These panels only
appear after the first synchronization of the physical server. When editing these panels, you will
be able to define the following statements:
transfer-source
This statement allows to determine the IPv4 address of the physical interface that will be
used to execute the zones transfer on the server. You can also specify a port for this state-
ment. It is only valid for slave zones and its configuration will therefore be displayed on the
physical server, views and slave zones properties page.
transfer-source-v6
This statement allows to determine the IPv6 address of the physical interface that will be
used to execute the zones transfer on the server. You can also specify a port for this state-
ment. It is only valid for slave zones and its configuration will therefore be displayed on the
physical server, views and slave zones properties page.
use-alt-transfer-source
This statement allows to set the use of an alternate interface IP address for the transfer if
the transfer-source or the transfer-source-v6 were to fail. This statement configuration will
be displayed on the physical server, view and slave zones properties page.
This statement definition is only configurable from the Sources panel but applies to interfaces
whether they were identified through an IPv4 or an IPv6 address.
Its default value is no if the server contains views and yes if the server does not contain any
view.
alt-transfer-source
This statement allows to determine the alternate IPv4 address of the interface that will be
used to execute the zones transfer on the server if the transfer-source fails and if the use-
alt-transfer-source is enabled.You can also specify a port for this statement. Its configuration
will be displayed on the physical server, views and slave zones properties page.
alt-transfer-source-v6
This statement allows to determine the alternate IPv6 address of the interface that will be
used to execute the zones transfer on the server if the transfer-source-v6 failed and if the
use-alt-transfer-source is enabled. You can also specify a port for this statement. Its config-
uration will be displayed on the physical server, views and slave zones properties page.
notify-source
This statement allows to define the IPv4 address of the physical interface that will be used
for all the server outgoing notify operations. You can also specify a port for this statement.
It is used by master zones and its configuration will therefore be displayed on the physical
server, views and master zones properties page.
notify-source-v6
This statement allows to define the IPv6 address of the physical interface that will be used
all the server outgoing notify operations. You can also specify a port for this statement. It is
538
Configuring DNS Servers
used by master zones and its configuration will therefore be displayed on the physical server,
views and master zones properties page.
Warning
If you indicate the IP address of an interface that is not declared on SOLIDserver,
all the server notify and transfer operations will fail.
In the procedures below we will configure the transfer and notify statements separately but you
cans et them both at once: they use the same wizard.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
4. Open the Sources panel using and click on EDIT . The Configuration: Sources wizard
opens.
5. Configure the transfer statements.
a. In the Transfer-source address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the zones transfer operations.
b. In the Transfer-source port field, you can type in which port on the interface will be
used.
c. In the Use-alt-transfer-source drop-down list, set the use of an alternate interface if
need be.
d. If you enabled the use of an alternate interface, in the Alt-transfer-source address field,
type in the IPv4 address of the alternate interface. It must also be configured on the
appliance.
e. If you enabled the use of an alternate interface, in the Alt-transfer-source port field,
you can type in which port on the interface will be used.
539
Configuring DNS Servers
a. In the Notify-source address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the outgoing notify operations.
b. In the Notify-source port field, you can type in which port on the interface will be used.
7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the values you defined.
Note
The use-alt-transfer-source statement applies to the alternate interfaces de-
clared through IPv4 and IPv6 addresses. Therefore editing the Sources V6 does
not allow to change this statement: you need to define or edit it through the Sources
panel edition wizard.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
4. Open the Sources panel using and click on EDIT . The Configuration: Sources wizard
opens.
5. Configure the transfer statements.
a. In the Transfer-source-v6 address field, type in the IPv4 address of an interface that
you already configured on the appliance. It will be used for the zones transfer operations.
b. In the Transfer-source-v6 port field, you can type in which port on the interface will be
used.
c. If you enabled the use-alt-transfer-source in the Sources panel, in the Alt-transfer-
source-v6 address field, type in the IPv4 address of the alternate interface. It must also
be configured on the appliance.
d. If you enabled the use-alt-transfer-source in the Sources panel, in the Alt-transfer-
source-v6 port field, you can type in which port on the interface will be used.
a. In the Notify-source-v6 address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the outgoing notify operations.
b. In the Notify-source-v6 port field, you can type in which port on the interface will be
used.
7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the values you defined.
540
Configuring DNS Servers
When set at server level, creating an ACL constitutes a powerful tool as it will allow you not to
set the same forwarding, recursion, notify... configurations for each view, or zone. You will create
one ACL that specifies which part of the network is denied access or the IP address of the server
that should always receive the notification messages, etc. Once created, you can reuse the
ACL when configuring the allow-recursion, allow-notify, allow-query, allow-query-cache,
allow-transfer, blackhole at any of the relevant levels of the DNS hierarchy.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the server or view of your choice, click on . The properties pages
opens.
4. Open the ACL panel using and click on ADD . The ACL configuration wizard opens.
5. In the ACL name field, name your ACL.
6. Using the Type and Restriction fields, constitute the content of your ACL. Following the table
below, you can grant or deny access through the Restriction field to as many networks, IP
addresses, ACLs, and keys as you need. The table below details the available options of
the Type field:
Warning
Once created, an ACL includes permissions and restrictions that you strictly apply
when allowing access to the ACL. On the contrary if you deny access to an ACL,
any value denied in the ACL will be granted access and any value granted in the
ACL will be denied access.
7
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
541
Configuring DNS Servers
You can add as many ACL as you want for a server, they will be listed among the ACL type of
restriction for any configuration that uses access control list at server level, at view level and zone
level: for any of the views and zones managed by the server.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and click on ADD . The Add a DNS key wizard opens.
5. In the Key name field, name the key.
6. Click on NEXT . The TSIG Key configuration wizard opens.
7. A valid HMAC-MD5 key is automatically set in TSIG Key value field. If necessary, change it
to set your one valid HMAC-MD5 key.
8. Click on OK to commit the creation of the key. The report opens and closes. The properties
page is visible again.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and select the key you want to edit.
5. Click on the EDIT . The TSIG Key configuration wizard opens.
6. In the TSIG Key value field, modify the data as needed.
7. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
542
Configuring DNS Servers
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and select the key you want to delete.
5. Click on DELETE . The Delete wizard opens.
6. Click on OK to commit the key deletion. The report opens and closes. The properties page
is visible again.
If you have to use several update keys, or you decide to put in place more complex updating
systems, use ACLs.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT until you get to the configuration page that displays the Configure TSIG para-
meters checkbox.
6. Tick the box if it not already the case.
8
7. In the TSIG key name and TSIG key method fields, select the values needed. If you are not
using an access key for this server, select None.
8. In the TSIG key value, change the value if needed.
9. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.
8
The standardized protocol for key codes is HMAC-MD5.
543
Configuring DNS Servers
Anycast is supported by OSPF routing protocols and other dynamic protocols like BGP and RIP.
It can be implemented on recursive and authoritative DNS servers.
SOLIDserver relies on a host-based routing software, a Quagga package, already stored on the
appliance. A set of procedures must be followed to successfully use anycast on your network:
1. Configuring the appliance for anycast to make sure it uses the Quagga package that enables
anycast.
2. Configuring the Quagga package and OSPF routing to set the configuration that suits your
needs.
Prerequisites
To implement anycast a set conditions have to be met:
With this type of topology, the anycast IP address is advertised from multiple locations and the
router ends up choosing the best path to that IP address, according to the metric in use by the
routing protocol. Once you finished the configuration detailed in the sections below, the DNS
servers managed via SOLIDserver use anycast.
Specificities
• Once anycast is implemented, the routers are able to redirect clients to the nearest server if
need be.
• The Quagga configuration is automatically saved in the appliance backup file.
544
Configuring DNS Servers
1. Edit the rc.conf file to make sure it takes into account the package.
2. Reboot the appliance. This action empties the directory /tmp that contains /tmp/run-
ning_conf.cf and /tmp/previous_conf.cf. After the reboot, both files are created
again and take into account the changes.
d. Add the following line to the file to specify the anycast dedicated IP address:
ifconfig_lo0_alias0="192.168.55.2 netmask 255.255.255.255"
a. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
b. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
c. In the menu, select Maintenance > Reboot the system. The Reboot the system wizard
opens.
d. Click on OK to commit the appliance reboot.The report opens and closes.The appliance
closes and is unreachable until the operation is complete.
1. Making sure that the firewall rule 36 using the OSPF protocol is enabled. Basically, this ensures
that anycast management traffic and inbound messages are allowed.
2. Creating the Quagga and OSPF dedicated configuration files.
3. Restarting Quagga.
4. Checking the logs.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
545
Configuring DNS Servers
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the Protocol column, type in ospf. Only the anycast rule is listed.
5. In the Action column, make sure it is marked allow.
interface bge1
ip address 192.168.53.2/24
interface lo0
ip address 192.168.55.2/32
4. In this directory, create the OSPF configuration file using the following commands:
# emacs ospfd.conf
It should contain the appliance hostname, authentication details, response time, interfaces
dedicated to OSPF, access list and log file location like in the example below.
## more /data1/etc/quagga/ospfd.conf | grep -v \!
hostname solidserver1
interface bge1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 toto
ip ospf priority 0
ip ospf hello-interval 1
ip ospf dead-interval 5
router ospf
log-adjacency-changes
ospf router-id 192.168.53.2
area 20 authentication message-digest
area 20 nssa
network 192.168.53.0/24 area 20
redistribute connected metric-type 1
distribute-list ANYCAST out connected
!
access-list ANYCAST permit 192.168.55.2/32
To restart quagga
546
Configuring DNS Servers
For instance, on Cisco router you can use the command show ip route to list all the IP ad-
dresses configured and to make sure the ones used during the anycast configuration are part of
the routes. Like on the image below.
547
Chapter 41. Managing DNS Views
SOLIDserver allows the administration of views available on some DNS servers. DNS views
provide the ability to serve one version of a zone to one set of clients and a different version of
a zone to another set of clients. Views provide a different answer to the same DNS query, de-
pending on the IP source of the query or the IP where the client packet is received. You can
create multiple views of a given zone, with a different set of records in each of them. Same re-
source records can also exist in multiple zones in order to serve common records.
server
view
zone
dns-navvw
RR
Here below, you can see the link to browse the DNS views database:
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The list of All zones of the server is displayed.
4. In the breadcrumb, click on All views. The list of views of the chosen server opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
548
Managing DNS Views
3. Click on the name of the server of your choice. The list of All zones of the server is displayed.
4. In the menu, select Display > All views. The list of views of the chosen server opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the compatibility with Hybrid. For more details, refer to the
Multi-status Column section or the chapter Hybrid DNS Service of this guide.
• A match clients list that indicates which clients can access or not the view. It sets up a filter
based on the source IP address, i.e. the IP address of the client requesting a specific resource.
That way you can decide which particular IP address, or network can access the zone(s) you
are managing through a view.
549
Managing DNS Views
Intranet View
interface 10.0.0.0
10.0.0.1 => pc1.mycomp
10.0.0.2 => pc8.mycomp
filtering on
10.0.0.0
Extranet View
interface 192.168.0.0
192.168.0.24 => pc1.mycomp
192.168.0.45 => sv8.mycomp
192.168.0.81 => pc8.mycomp
Intranet View
space
subnet 10.0.0.0
filtering on
192.168.0.0
Extranet View
space
subnet 192.168.0.0
• A match destinations list that indicates toward which view is directed a client according to the
interface used to request the DNS request server. Obviously, this criteria is only useful if you
have several interfaces configured for one appliance.
Intranet View
interface 10.0.0.0
filtering on 10.0.0.1 => pc1.mycomp
interface 10.0.0.2 => pc8.mycomp
10.0.0.0
Extranet View
interface 192.168.0.0
192.168.0.24 => pc1.mycomp
192.168.0.45 => sv8.mycomp
192.168.0.81 => pc8.mycomp
Extranet VLAN
Keep in mind that if you create views after creating zones, all the zones will be put in that
view. If you need several views, you have to create a new view and then move the zones of your
choice into this new view. For more details regarding zones migration, refer to the Managing
Zones Duplication and Migration section of this guide.You cannot manage a set of zones through
the views and others zones without the created views.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. In the menu, select Add > DNS view. The DNS server selection wizard opens.
4. In the DNS server field, select the server on which you are adding a view.
5. Click on NEXT . The Add a DNS view page appears.
6. In the DNS view name field, type in an explicit name. This name cannot contain special
characters. It can contain letters and numbers, for instance external, internal1 and internal2
are correct view names.
7. In the Mode drop-down list, you can set up the following parameters:
550
Managing DNS Views
If you want to create a view and configure it later, click on NEXT until to get to the last page
of the wizard and then on OK to commit the creation. Refer to the step 11 of this procedure
for more details regarding the default configuration.
8. Click on NEXT . The Match clients page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
The order of the elements listed in the match-clients list is important as each restriction or
permission will be reviewed following the order you set in the list. Once a restriction/permission
is configured as needed, click on ADD . The configuration is visible in the ACL values list, you
can organize the list using and . In this list, denied hosts appear preceded by an exclam-
ation mark (!). If you want to remove an ACL from the list, select it and click on DELETE .
9. Click on NEXT . The Match destinations page appears. Once again, you can grant or deny
access through the Restriction field to networks, IP addresses, ACLs, and keys. Configure
as many restrictions as you need using the three fields. The table below details the available
options of the Type field:
551
Managing DNS Views
Type Restriction
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
list: any, none, localhost and localnets. The ACL list will also include
specific ACL created at server level, for more details refer to the Config-
uring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
The order of the elements listed in the match-destination list is important as each restriction
or permission will be reviewed following the order you set in the list. Once a restriction/per-
mission is configured as needed, click on ADD . The configuration is visible in the ACL values
list, you can organize the list using and . In this list, denied hosts appear preceded by
an exclamation mark (!). If you want to remove an ACL from the list, select it and click on
DELETE .
By default, if you do not configure anything on the Match clients list a key named key view-
name is listed in the corresponding column. The key of any other view, existing or to be
created, is automatically denied access and listed for each view as follows: ! key otherview-
name. Besides, the Match destinations default value is always the any ACL. If you do not
edit or delete it, it grants access to anyone and is therefore listed in the corresponding column.
The views addition automatically edits the Match-clients column of the existing view(s) to ensure
that they deny access to each other and manage separate zones and RRs. Any time you add a
new view, all the views change status from OK to Delayed create during the Match-clients criteria
modification. Once it is done, they all change back to OK.
Once you added a view, any extra view is put at the bottom of the DNS views order list, unless
you change their order yourself.
Note
Considering that he match-clients and match-destinations lists are access control
lists in essence. The order of the elements listed in the both lists is important as each
restriction or permission will be reviewed following the order you set in the list.
552
Managing DNS Views
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. In the Main properties panel, click on EDIT . The Add a DNS view wizard opens.
5. The DNS view name field is gray to indicate that it cannot be edited.
6. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
7. Click on NEXT . The Match clients page appears.
8. To edit an ACL value in the list.
a. In the ACL Value list, select the restriction / permission you want to edit.
b. Make the changes you need. For more details, refer to the To add a DNS view procedure.
c. Click on UPDATE to commit your changes or on CANCEL to discard them. The value is
modified accordingly in the list.
a. In the ACL Value list, select one by one the restriction / permission you want to move.
b. Click on or according to your needs. The order displayed in the final order.
a. In the ACL Value list, select the restriction / permission you want to delete.
b. Click on DELETE to commit the value deletion or on CANCEL to discard them. The value
is not listed in the list once deleted.
553
Managing DNS Views
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. In the Main properties panel, click on EDIT . The Add a DNS view wizard opens.
5. The DNS view name field is gray to indicate that it cannot be edited.
6. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
7. Click on NEXT . The Match clients page appears.
8. Click on NEXT . The Match destinations page appears.
9. To edit an ACL value in the list.
a. In the ACL Value list, select the restriction / permission you want to edit.
b. Make the changes you need. For more details, refer to the To add a DNS view procedure.
c. Click on UPDATE to commit your changes or on CANCEL to discard them. The value is
modified accordingly in the list.
a. In the ACL Value list, select one by one the restriction / permission you want to move.
b. Click on or according to your needs. The order displayed in the final order.
a. In the ACL Value list, select the restriction / permission you want to delete.
b. Click on DELETE to commit the value deletion or on CANCEL to discard them. The value
is not listed in the list once deleted.
Ordering views on a server allows to specify in which order the match client and match destination
configurations of each view (ACL, networks, etc.) are reviewed. This in turn impacts the DNS
client queries responses. The order of the views you set is followed strictly: once a match is
found, the rest of the restrictions and permissions are ignored. The first view reviewed is 0, the
second on is 1, and so forth. This order is saved in the DNS configuration file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
554
Managing DNS Views
2. Click on the DNS views icon. The All views list opens.
3. Click on the name of the smart server of your choice. Only the views of the selected server
are displayed.
4. Put your mouse over the name of any view, the Info Bar appears.
5. Click on . The Add a DNS view wizard opens.
6. The DNS view name field is gray to indicate that it cannot be edited.
7. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
8. Click on NEXT . The Match clients page appears.
9. Click on NEXT . The Match destinations page opens.
10. Click on NEXT . The DNS views order page opens.
11. In the DNS views order field, order the views according to your needs using and .
12. Click on OK to commit the views order changes. The report opens and closes. The page
refreshes. The new order set is visible in the Order column.
If you want get rid of all the views and manage zones via the DNS server itself, refer to the Going
Back to Managing Zones Without Views section.
To delete a view
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. Filter the list if need be.
4. Tick the view you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the view deletion. The report opens and closes. The view is Delayed
delete before it is no longer listed. In the meantime, the zones and RRs it managed are deleted
as well if you had several created views.
555
Managing DNS Views
Granting access to a view as a resource will also make every item it contains available. For more
details, refer to the section Assigning Objects as Resource in the chapter Managing Groups of
administrator of this guide.
With that in mind, we recommend that you follow the steps below to successfully get rid of the
views when you no longer need them.
To Successfully Remove All Views
556
Chapter 42. Configuring DNS Views
Like servers, views can be configured individually to set a series of behaviors for the zones they
contain. Any configuration set at view level overwrites what was set at server level (whether
physical or smart).
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the smart architecture of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the smart architecture opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Forwarding panel using and click on EDIT . The wizard opens.
7. Click on NEXT until the Forwarding configuration page appears.
8. In the Add a forwarder field, type in the address of a forwarder.
9. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
10. In the Forward mode field, select the mode of your choice according to the table below.
11. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.
557
Configuring DNS Views
Just like for servers, the forwarding configuration set on a smart view is automatically inherited
by the views of the physical servers managed through that smart, but you can edit the type of
forward option for a view directly on the physical server. This option is in turn inherited by the
zones and records of the view and allows you to customize the forwarding on your network.
Keep in mind that once the Forward option is set on a smart you cannot unset it on the views of
the physical servers it manages. Setting the option to None means at view level that the view
inherits the server configuration.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. Click on the name of the physical server of your choice. The All zones page of the physical
server opens.
5. In the breadcrumb, click on All views. The All views page of the physical server opens.
6. At the end of the line of the view of your choice, click on . The properties pages opens.
7. Open the Forwarding panel using . The forward mode and forwarders list displayed settings
inherited from the server.
8. Click on EDIT . The wizard opens.
9. Click on NEXT until the Edit a DNS view page appears.
10. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
11. Set your forwarders list:
12. In the Forward mode field, select the mode of your choice: First or Only. You cannot set the
forwarding to None once it has been set on the smart. The page refreshes. For more details
regarding these modes, refer to the Forward mode options table in the previous section.
13. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.
At any time you can reverse you changes and use the configuration set at server level (smart of
physical): edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click
on OK to commit your changes.
558
Configuring DNS Views
Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :
Caution
Any configuration of the Notify panel at view level will override the configuration set
at server level. Any configuration set at zone level will however override the config-
uration set at view level.
Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Notify panel using and click on EDIT . The wizard opens.
5. If you or your administrator created classes, the DNS view class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Do not edit the default behaviors configuration and click on NEXT . The Notify page opens.
7. In the Notify drop-down list, set the view notification type following the table below.
8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:
559
Configuring DNS Views
a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.
You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .
9. Click on NEXT . The Allow notify page opens. It allows to specify if the view slave zones can
receive master zones notification messages. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
560
Configuring DNS Views
From the view properties page, you can edit its recursive behavior through the Recursion panel.
By default, its content is inherited from the server.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using .
7. Click on NEXT until you get to the Recursion configuration page.
8. Open the Recursion panel using . If the Recursion is set to no, click on EDIT . The wizard
opens.
9. Click on NEXT until you get to the Recursion configuration page.
10. In the drop-down list, select yes.
11. Click on NEXT . The Allow recursion page opens. For more details regarding the recursion
configuration, refer to the Limiting the Recursion at View Level section below.
12. Click on OK to commit the recursion enabling.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using . If the Recursion is set to yes, click on EDIT . The wizard
opens.
7. Click on NEXT until you get to the Recursion configuration page.
8. In the drop-down list, select no.
9. Click on OK to commit your changes. The report opens and closes. The page refreshes, in
the panel the recursion is disabled.
561
Configuring DNS Views
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using and click on EDIT . The wizard opens.
7. Click on NEXT until you get to the Recursion configuration page.
8. Grant or deny access through the Restriction field to networks, IP addresses, ACLs, and
keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:
Allow Query
SOLIDserver allows to specify which hosts are allowed to issue DNS queries. The allow query
properties can be configured at view level and applies to all the zones it contains.
1
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
562
Configuring DNS Views
Note
At the view level, the allow-query configuration overrides the allow query defined at
the server level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.
7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
563
Configuring DNS Views
Note
At the view level, the allow query cache configuration overrides the allow query cache
defined at the server level.
If the recursion is set to no, the cache cannot be queried, so it is useless to set an allow-
query-cache match list.
If the recursion is set to yes and the allow-recursion statement is not defined, by default the
localhost and localnets will be permitted to query the server cache.
If the recursion is set to yes and the allow-recursion statement is defined with a specific match
list, the local cache access will be granted to all the entries of the allow-recursion match list.
The match list defined will control recursive behavior as recursive queries would be useless
without access to the local view cache. Typically, if a host is in the allow-recursion match list, it
could access the view the first time and get query result. However, if it is not part of the allow-
query-cache match list then it would not be able to make the same query a second time as it
would be saved on the cache to which it does not have access. On the contrary, if a host is in
the allow-query-cache match list but not in the allow-recursion match list, it would only get results
for queries already sent by another host with the proper access rights. Hence the need to configure
carefully both these statements to avoid conflicts and absurd access configurations.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.
7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens.
9. Click on NEXT . The Allow query cache page opens. You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
564
Configuring DNS Views
The allow-transfer option configuration basically creates an ACL dedicated to controlling transfers
so keep in mind that the order of the elements listed in the ACL values field is important as
each restriction or permission will be reviewed following the order you set in the list.
Note
The allow-transfer property may also be specified in a zone configuration, in which
case it overrides the allow transfer property defined at the views level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.
565
Configuring DNS Views
7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens.
9. Click on NEXT . The Allow query cache page opens.
10. Click on NEXT . The Allow-transfer page opens. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
For more details regarding these two options, refer to the Configuring Client Resolver Cache
Options at Server Level section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
566
Configuring DNS Views
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Lame-ttl field, type in the value of your choice. This value is in seconds can be set
between 30 and 1800. The default value is 600, the maximum value is 1800 seconds.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Max-cache-size field, type in the value of your choice to set the cache memory size.
This value is in bytes. The default value is 100m.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
For more details regarding these options, refer to the Configuring EDNS Options at Server Level
section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Edns-udp-size field, type in the size of received packets of your choice. This value is
in bytes, and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
567
Configuring DNS Views
5. In the Max-udp-size field, type in the maximum size of the packets you send. This value is
in bytes and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.
For more details regarding the sortlist statement, refer to the Configuring a Sortlist at Server Level
section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.
5. In the Client address field, type in the client IP address/subnet. It must be composed of an
IPv4 address containing 1 to 4 bytes followed by the prefix: <IP address>/<prefix>.
6. In the Sort address field, type in a list of IP addresses or subnets followed by a semi-colon.
These addresses correspond to the value of an A record of the RRset for which you create
the sortlist. The statement will respect the order in which you typed in the addresses. The
value must respect the format <IP address>/<prefix>; even if you only type in one sort ad-
dress.
7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays your sortlist as follows: {<client_address_field_value>;
{<first_sort_address>;<second_sort_address;<etc>};}; .There is one sortlist per client address
defined.
568
Chapter 43. Managing DNS Zones
When deploying a name server, it is important to understand the difference between a zone and
a domain. A zone is a delegated point within a DNS structure, and is made up of adjoining elements
of the domain structure, which are governed by a name server.
SOLIDserver allows you to create and manage 6 types of zones : Master, Slave, Forward, Stub,
Hint and Delegation-Only. Each type of zone provides a set of configurations that you can apply
among creation or edition.
server
view
zone
dns-navzn
RR
Here below, you can see the link to browse the DNS zones database:
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
From the DNS homepage, you can access directly name (direct), reverse, master, slave, forward
and stub zones by clicking on their corresponding icons.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
569
Managing DNS Zones
3. Click on the icon that suits your needs. The DNS All zones page opens automatically filtered
according to the chosen icon.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the Server column, click on the name of the server of your choice to display the zones it
contains.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. In the View column, click on the name of the view of your choice to display the zones it
contains.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
On the DNS zone properties page of a physical server you will find the following information in
separate panels:
• Main properties: sums up the main information regarding the zone. In the case of our zone:
the zone name, type, resolution, server, view, IPAM space it is linked to, responsible user email
address, refresh frequency, lifespan, etc. In other words, everything there is to know about the
zone apart from specific configurations that are all displayed in dedicated panels.
• Default Behavior properties: displays the default behaviors set at the zone level (in the zones
listing page). You cannot edit them from this panel, to make any changes use the Main prop-
erties panel EDIT button and change them on the second page of the wizard.
• Name servers: displays the server(s) that have authority over the zone or over the domain sub-
zone(s).
• Forwarding: displays the servers toward which are redirected the DNS queries for that zone.
• Groups access: displays the groups that have the zone listed as a resource and the rights and
delegations the users have over it.
• Ticket: displays the users that issued a ticket through the Workflow module to modify or delete
the zone. This panel cannot be edited from the properties page.
• Notify: displays the IP addresses of the servers that will be notified of any change made on
the master zone. These servers contain slave zone(s) named after the current master zone.
• Access control: displays the allow-query, allow-transfer and allow-update access permissions
and restrictions to query the master zone, transfer the zone data or update the zone.
• Sources: displays the IPv4 interface(s) used to send the zone notifications.
• Sources V6: displays the IPv6 interface(s) used to send the zone notifications.
570
Managing DNS Zones
• State log: displays the server status evolution log; OK or KO (i.e. Timeout) and at what time it
changed status. This panel cannot be edited, it simply provides information.
• Audit: displays every changes made on the zone, by whom and when. This panel cannot be
edited, it simply provides information.
Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the compatibility with Hybrid. For more details, refer to the
Multi-status Column section or the chapter Hybrid DNS Service of this guide.
571
Managing DNS Zones
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Master.
8. In the DNS zone resolution list, select Name (configuration in step 9) or Reverse (configur-
ation in step 10) and click on NEXT . The next page of the wizard appears.
9. Configure the name zone, using the fields listed in the table below and go to step 11.
10. Configure the reverse zone, using the fields listed in the table below and go to step 11.
572
Managing DNS Zones
Fields Description
E164 arpa You can select this field to configure telephone number mapping for
the zone, it will use the phone numbers dedicated reverse mapping
domain suffix (e164.arpa).
IPv6 int You can select this field to configure IPv6 reverse-mapping. Note
that this extension is deprecated, so unless your IPv6 configuration
is older than 2001 we recommend that you use the IPv6 arpa exten-
s i o n . Fo r more details r e fe r to RFC 4159
[http://tools.ietf.org/html/rfc4159].
Ipv6 arpa You can select this field to configure IPv6 reverse-mapping.
View In this drop-down list, select the view in which the zone will be cre-
ated. If there are no views in the selected server, the list is empty.
Space In this drop-down list, select one of the IPAM spaces that will be tied
to that zone or None. The selected space will be updated by the DNS
zone your are creating.
11. If you are managing an Agentless MS DNS server through a smart architecture, you might
want to configure the Expert Mode parameters following the table below. If not, go to step
12.
Note
This mode is not available if you added a Microsoft DNS (via AD). If you created
a Microsoft DNS (with agent), you will be able to tick the AD replication box but
not configure it in details.
12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable and you will have the following choices:
573
Managing DNS Zones
15. Click on OK to commit the creation. The report opens and closes. The zone is listed and will
be marked Delayed create before being marked OK.
574
Managing DNS Zones
Warning
During the first Master zone addition, the allow-update option is by default configured
with the ACL admin. Within SOLIDserver admin corresponds to any, so you might
want to change the ACL and restrict the option use. For more details, refer to the
Modifying DNS Update Authorizations chapter of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zone procedure.
7. Click on NEXT . The last page of the wizard appears.
8. Modify the advanced parameters if need be, refer to the DNS Zone Advanced Parameters
table in the To add a master name zone procedure.
9. Click on OK to commit the modifications. The report opens and closes. The changes are
visible in the Main properties panel.
DNS Dynamic (DDNS) updating of a zone enables the configuration of delegation resource records
from an application using the protocol defined in RFC 2136 [http://tools.ietf.org/html/rfc2136].
EfficientIP zone management uses this mechanism to update the content of master zones. By
default for security reason, the SOLIDserver DNS service does not accept dynamic update, to
allow dynamic update refer to the Modifying DNS Update Authorizations section of this chapter.
575
Managing DNS Zones
architecture. For more details refer to the DNS Multi-Master Smart Architecture section of this
guide. As for the configuration procedure, refer to the Multi-Master Smart Architecture of the
Adding a DNS Smart Architecture section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Slave.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the slave zone basic parameters.
For a name zone, refer to the table DNS Name Zone Basic Parameters.
For a reverse zone, refer to the table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
12. Click on NEXT . The last page of the wizard appears.
13. Set up the list of master servers for the zone using the table below:
576
Managing DNS Zones
Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
14. Click on OK to commit the slave zone creation. The report opens and closes. The zone is
listed and will be marked Delayed create before being marked OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9, 10
and 12 of the To add a master zones procedure.
7. Click on NEXT . The last page of the wizard appears.
8. If you want to add another master server refer to the step 14 of the To add a slave zone
procedure.
9. If you want to edit a server, select it in the Masters list, the parameters configured appear
in the Master IP address, Port and TSIG key fields: modify the content of any field according
to your needs and click on UPDATE . The server is modified in the list.
10. If you want to delete a server, select it in the Masters list and click on DELETE . The server is
no longer listed in the list.
11. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties panel.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
577
Managing DNS Zones
For a name zone, see table DNS Name Zone Basic Parameters.
For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. If you are managing an Agentless MS DNS server or a Microsoft DNS (with agent) through
a smart architecture, you might want to configure the Expert Mode parameters. Refer to the
table DNS Expert Mode Parameters.
12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
13. Click on NEXT . The last page of the wizard appears.
14. Configure the Forwarders list for the zone using the parameters, in order, described in the
table below:
Once the server IP address and the forward mode are configured, click on . The configur-
ation is listed in the Forwarders list. Repeat these actions for as many servers as needed.
The order of the servers in the list is not important. If you want to delete a server from the
list, select it and click on .
15. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and will be marked Delayed create before being marked OK.
578
Managing DNS Zones
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Forwarding panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zones procedure.
6. Click on NEXT . The last page of the wizard appears.
7. If you want to add another forwarding master server refer to the step 14 of the To add a
forward zone procedure.
8. In the Add a forwarder (IP) and Forward Mode fields, fill in the address of the master server
and select if the zone will forward Only or send a query First.
9. If you want to delete a server, select it in the Forwarders list list and click on . The server
is no longer listed in the list.
10. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties and in the Forwarding panels.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Stub.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:
For a name zone, see table DNS Name Zone Basic Parameters.
For a reverse zone, see table DNS Reverse Zone Basic Parameters.
579
Managing DNS Zones
11. If you are managing an Agentless MS DNS server or a Microsoft DNS (with agent) through
a smart architecture, you might want to configure the Expert Mode parameters. Refer to the
table DNS Expert Mode Parameters.
12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
13. Click on NEXT . The last page of the wizard appears.
14. Set up the list of master servers for the zone using the table below:
Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
15. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and will be marked Delayed create before being marked OK. A stub zone will only
contain an SOA and NS RRs.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zones procedure.
7. Click on NEXT . The last page of the wizard appears.
8. If you want to add another master server refer to the step 14 of the To add a stub zone pro-
cedure.
9. If you want to edit a server, select it in the Masters list, the parameters configured appear
in the Master IP address, Port and TSIG key fields: modify the content of any field according
to your needs and click on UPDATE . The server is modified in the list.
10. If you want to delete a server, select it in the Masters list and click on DELETE . The server is
no longer listed in the list.
580
Managing DNS Zones
11. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties panel.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server on which you are adding a zone.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Hint.
8. In the DNS zone resolution list, select Name or Reverse.
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:
For a name zone, see table DNS Name Zone Basic Parameters.
For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
12. Click on OK to commit the zone creation. The report opens and closes. The zone is listed,
named and marked OK.
581
Managing DNS Zones
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
7. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Default Behavior properties panel.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server on which you are adding a zone.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Delegation-Only.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:
For a name zone, see table DNS Name Zone Basic Parameters.
For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
582
Managing DNS Zones
12. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and marked OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Mode fields if need be, refer to steps 9, 10 and 12 of the To add a master
zone procedure.
7. Click on OK to commit the changes. The report opens and closes, the properties page re-
freshes. The changes are visible in the Main properties and Default Behavior properties
panels.
Dynamic DNS (DDNS) is the system through which updates to address assignments through
DHCP are reflected in the DNS records for the hosts. DDNS enables a DNS server to accept
updates regarding the IP addresses DHCP clients. The DNS server receives an update every
time a dynamic client changes its IP addresses. The DNS server then associates the IP address
with a DNS name for the client. Dynamic data for an address is maintained if the DDNS Updates
option is deployed in the DHCP range containing the address. Any records that are generated
dynamically are clearly marked as such when looking at the records for the zone. Dynamic updates
are always deployed immediately to the managed server where they were generated.
It is common for DNS on the internal side to allow dynamic updates to the DNS server. Dynamic
DNS eliminates the need for an administrator to manually enter large numbers of records. Rather
than using dynamic updates, authorized users, or DHCP servers themselves, can add, delete,
and change records on the fly. However, making use of DDNS does have the potential to open
your network up to certain vulnerabilities. In the wrong hands, dynamic updates can allow a user
to dynamically update some or many of the records on a DNS server organization with bogus
information. As such, dynamic updates should be restricted as much as possible. Generally,
SOLIDserver only uses DHCP servers for DDNS, as all of these transactions are automatically
TSIG protected.
Tip
SOLIDserver can reproduce the Microsoft's multi-master behavior by deploying Multi-
master smart architecture. The Multi-Master smart architecture supports Microsoft
583
Managing DNS Zones
DNS server, SOLIDserver DNS, BIND server (on Linux, Solaris and FreeBSD) and
Nominum's ANS server as well.
Synchronizing Zones
This operation makes it possible to refresh the content of one or more zones in the management
database. Basically, this synchronization is done automatically after a while defined by the refresh
parameter of the zone (SOA). But the administrator can force a synchronization in order to speed
up the update.
To synchronize zones
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone(s) you want to synchronize.
4. In the menu, select Edit > Status > Synchronize. The Synchronization wizard opens.
5. Click on OK to commit the synchronization. The report opens and closes when the synchron-
ization is over. The page reloads.
Deleting Zones
The deletion procedure is the same for every type of zones. Deleting a zone will also delete all
the resource records of that zone.
To delete a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Filter the list if need be.
4. Tick the zone(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The zone is marked
Delayed delete until it is no longer listed.
To disable a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zones you want do disable.
4. In the menu, select Edit > Status > Disable. The Disable wizard opens.
584
Managing DNS Zones
5. Click on OK to commit the zone deactivation. The report opens and closes. The zone status
changes to Unmanaged.
To enable a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone(s) you want to enable.
4. In the menu, select Edit > Status > Enable. The Activate wizard opens.
5. Click on OK to commit the zone activation. The report opens and closes. The zone status
changes to OK.
To copy a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone (s) you want to copy on another server or view.
4. In the menu, select Edit > Migrate. The Copy/Move a zone wizard opens.
5. In the Method drop-down list, select Copy.
6. In the Target server drop-down list, select the DNS server where you want to copy the se-
lected zone. The wizard refreshes.
7. If the selected server has views, the Target view drop-down list appears, select the view of
your choice. The wizard refreshes.
8. Click on OK to commit the zone duplication. The report opens and closes. The All zones list
is visible again and displays the duplicated zone. If you selected a view, the zone is also
listed in the All zones list of said view.
To move a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone (s) you want to copy on another server or view.
4. In the menu, select Edit > Migrate. The Copy/Move a zone wizard opens.
5. In the Method drop-down list, select Move.
6. In the Target server drop-down list, select the DNS server where you want to move the se-
lected zone. The wizard refreshes.
7. If the selected server has views, the Target view drop-down list appears, select the view of
your choice. The wizard refreshes.
585
Managing DNS Zones
8. Click on OK to commit the zone migration. The report opens and closes. The All zones list
is visible again and displays the migrated zone. If you selected a view, the zone is also listed
in the All zones list of said view.
586
Chapter 44. Configuring DNS Zones
Like servers and views, zones can be configured individually to set a series of behaviors for the
records they contain. Any configuration set at zone level overwrites what was set at server
(whether physical or smart) and view level.
• A need to delegate management of part of your DNS namespace to another location or depart-
ment within your organization.
• A need to divide one large zone into smaller zones for distributing traffic loads among multiple
servers, improve DNS name resolution performance, or create a more fault-tolerant DNS en-
vironment.
• A need to extend the namespace by adding numerous subdomains at once, such as to accom-
modate the opening of a new branch or site.
If, for any of these reasons, you could benefit from delegating zones, it might make sense to re-
structure your namespace by adding additional zones. When choosing how to structure zones,
you should use a plan that reflects the structure of your organization. When delegating zones
within your namespace, be aware that for each new zone you create, you will need delegation
records (NS) in other zones that point to the authoritative DNS servers for the new zone. This is
necessary both to transfer authority and to provide correct referral to other DNS servers and clients
of the new servers being made authoritative for the new zone.
To make a server known to others outside of the new delegated zone, two RRs are needed in
the parent zone to complete delegation to the new zone. These RRs include:
• An NS RR to effect the delegation. This RR is used to advertise that the server named is an
authoritative server for the delegated subdomain.
• An A RR (also known as a glue record) is needed to resolve the name of the server specified
in the NS RR to its IP address. The process of resolving the host name in this RR to the deleg-
ated DNS server in the NS RR is sometimes referred to as glue chasing. In reality, the A record
is not compulsory when it comes to configuring zones delegation; however, if you add it, you
will save the DNS client some time as you will give in one query the authoritative server of the
child zone and IP address. That way, there is no need to query twice to first get the server and
then its IP address.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
587
Configuring DNS Zones
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. in the Name Servers panel, click on EDIT . The Authoritative DNS servers wizard opens.
5. In the DNS server field, type in the name of the server of your choice. Repeat these actions
for as many servers as needed.
6. Click on . The server is listed in the Authoritative DNS servers list.
7. Click on NEXT . The Delegated data page opens.
8. In the Delegation field, type in the name of the RR and the server you want to delegate it
following the syntax: rrname > dnsserver.name.
9. Click on . The delegation is listed in the Delegated data list. Repeat these actions for as
many RRs and servers as needed.
10. Click on OK to commit the configuration. The report opens and closes. The configuration
parameters are visible in the panel.
Configuring delegation will only create the NS record. For more details regarding the A record
addition, refer to the section Configuring the Delegation At RR Level of this guide.
The rule 87 Create NS RR delegation will automatically create the name server record in the
parent zone of the child zone you create. So you simply need to add it to the Rules list in the
Administration tab before adding your child zones.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. From the Module list, select DNS.
5. From the Event list, select Add: DNS zones.
6. From the Rule list, select (087) Create NS RR delegation (Create NS RR delegation for each
zone created)
7. In the Rule name field, type in the name of your choice, it will be listed in the Instance column.
8. Click on NEXT . The Rule filters page appears.
9. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.
The rule 152 Delete NS RR delegation will automatically delete the name server record in the
parent zone of the child zone you delete. So you simply need to add it to the Rules list in the
Administration tab before deleting your child zones.
588
Configuring DNS Zones
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. From the Module list, select DNS.
5. From the Event list, select DNS zone deletion.
6. From the Rule list, select (152) Delete NS RR delegation (Delete NS RR delegation for each
zone deleted)
7. In the Rule name field, type in the name of your choice, it will be listed in the Instance column.
8. Click on NEXT . The Rule filters page appears.
9. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.
In the parent master reverse zone, the classless in-addr.arpa delegation creates CNAME resource
records for each address you want to delegate. It also creates an NS RR for each delegated
server. For the reverse lookup to function properly, the delegated server(s) should contain the
PTR records associated to each address.
Note
The NS RR for each delegated server can be created in a domain different from in-
addr.arpa using a suffix for the CNAME RRs value.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Reverse zones icon. The DNS All zones list opens and displays all the reverse
zones.
3. In the Name column, click on the master reverse zone you want to delegate a part of. It
should be composed of a maximum of three bytes (xxx.xxx.xxx.in-addr.arpa). The All RRs
page opens and displays the RRs of the zone.
4. In the menu, select Add > Classless in-addr.arpa delegation. The Add a classless in-ad-
dr.arpa delegation wizard opens.
5. In the Start address field, type in the first address of the range you want to delegate. By
default, the first available address of the zone id displayed in this field.
6. In the Delegation range size field, type in the number of addresses you want to delegate.
7. In the Delegated NS field, type in the name of the DNS server) that will be authoritative over
the range of addresses. Use to add this server name the Delegated NS list.Repeat these
actions for as many servers as needed. Use to remove a server name from the list.
589
Configuring DNS Zones
8. In the Delegated zone format drop-down list, select the concatenation format ([start]-
[end].c.b.a.in-addr.arpa, [start]-[size].c.b.a.in-addr.arpa, [start]-[prefix].c.b.a.in-addr.arpa) for
NS RR name.
9. Tick the Add a specific suffix checkbox if you want the NS RR to be created in a domain
different from in-addr.arpa. The Specific suffix field appears.
10. In the Specific suffix field, type in the suffix of your choice. This suffix corresponds to the
domain in which you want to create the NS RR. This suffix will be added at the end of each
of the CNAME RR you are creating.
11. Click on OK to commit the delegation configuration. The report opens and closes. The All
RRs page is visible again. There are as many CNAME RRs as delegated addresses and as
many a NS records as delegated servers. In the Value column, each address is listed accord-
ing to the format you chose, if you added a suffix, it is visible in that column as well.
You can edit the forwarding on master, slave, forward and stub zones.
Keep in mind that at zone level, unlike for the views, you can disable the forward.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the smart architecture of your choice. The All zones page opens.
4. At the end of the line of the zone of your choice, click on . The properties pages opens.
5. Open the Forwarding panel using and click on EDIT . The Edit a DNS zone wizard opens.
6. Click on NEXT until the Forwarding configuration page appears.
7. In the Add a forwarder field, type in the address of a forwarder.
8. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
9. In the Forward mode field, select the mode of your choice according to the table below.
590
Configuring DNS Zones
Options Description
First The server sends the queries to the forwarder you just set and, if not
answered, attempts to find an answer.
Only The server only forwards queries to the forwarder you just set.
10. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.
Just like for servers and views, the forwarding configuration set on a smart zone is automatically
replicated on the physical servers managed through that smart, but you can edit the type of forward
option for a zone directly on the physical server. This option applies in turn to the records of the
zone and allows you to customize the forwarding on your network.
Keep in mind that once the Forward option is set at server or view level, you can disable it on a
zone. To inherit the option from the server or view, you can set the Forward mode to Default.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. Click on the name of the physical server of your choice. The All zones page of the physical
server opens.
5. At the end of the line of the zone of your choice, click on . The properties pages opens.
6. Open the Forwarding panel using . The forward mode and forwarders list displayed settings
inherited from the server or view.
7. Click on EDIT . The Edit a DNS zone page appears.
8. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
9. If you want to set the forwarding for the zone:
10. If you want to disable the forward for the zone: in the Forward mode field, select None. The
page refreshes.
591
Configuring DNS Zones
11. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.
At any time you can reverse you changes and use the configuration set at server or view level:
edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click on OK to
commit your changes.
Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :
Caution
Any configuration of the Notify panel at zone level will override the configuration set
at server and view level.
Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page of the server opens.
4. At the end of the line of the master zone of your choice, click on . The properties pages
opens.
5. Open the Notify panel using and click on EDIT . The wizard opens.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the Notify drop-down list, set the zone notification type following the table below.
592
Configuring DNS Zones
Fields Description
No With this option no notify message will be sent when changes are
performed in the master zones.
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.
8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:
a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.
You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .
9. Click on OK to commit the configuration. The report opens and closes. The properties page
is visible again. Your notify and also-notify settings are displayed in the Notify panel.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page of the server opens.
4. At the end of the line of the slave zone of your choice, click on . The properties pages
opens.
5. Open the Notify panel using and click on EDIT . The wizard opens.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the Notify drop-down list, set the zone notification type following the table below.
593
Configuring DNS Zones
Fields Description
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.
8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:
a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.
You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .
9. Click on NEXT . The Allow notify page opens. It allows to specify if the slave zone can receive
master zones notification messages. You can grant or deny access through the Restriction
field to networks, IP addresses, ACLs, and keys. Configure as many restrictions as you need
using the three fields. The table below details the available options of the Type field:
594
Configuring DNS Zones
Caution
Allowing updates based on the requestor IP address is insecure, we strongly recom-
mend using the TSIG key protocol filtering rather than filtering based on IP address.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears.
6. Click on NEXT . The Allow-transfer page appears.
7. Click on NEXT . The Allow-update page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
595
Configuring DNS Zones
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on OK to commit the configuration. The report opens and closes. The parameters are
visible in the Access control panel Allow-update list.
Note
The allow transfer property may also be specified at the server level or at the view
level. In case of the allow transfer is configured at the zone level it overrides the allow
transfer property defined at the server level or at the view level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears.
6. Click on NEXT . The Allow-transfer page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
596
Configuring DNS Zones
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
7. Click on NEXT . The Allow-update page appears.
8. Click on OK to commit the configuration. The report opens and closes. The parameters are
visible in the Access control panel Allow-transfer list.
Note
The allow query property may also be specified at the server level or at the view
level. In case of the allow query is configured at the zone level it overrides the allow
transfer property defined at the server level or at the view level.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:
597
Configuring DNS Zones
598
Chapter 45. Managing DNS Resource
Records
The resource record (RR) is the lowest level of the DNS hierarchy. RRs are contained in the
master zones and can be replicated to slave zones if need be. RRs are all manageable through
SOLIDserver GUI on the All RRs page.
If you created an RPZ zone, its RRs will be listed on the all RPZ rules page and not the All RRs
page. For more details, refer to the DNS Firewall (RPZ) chapter of this guide.
view
zone
dns-navrr
RR
Here below, you can see the link to browse the DNS records database:
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All RRs. The DNS All RRs list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
599
Managing DNS Resource Records
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Server column, click on the name of the server of you choice to display the RRs it
contains.
As for the resource records name display itself, it allows you to know if you can edit it or not.
1 Most resource records names are listed underlined in black. It means that you can edit them
from the listing itself: clicking on the name will open the Edit a DNS RR wizard.
2 The resource record name of the SOA RR is always listed in black and not underlined be-
cause you cannot edit them from the listing itself.
3 The resource record name of an SOA can be listed in gray. It means that you cannot edit it
at all because it belongs to a physical server managed through a smart architecture. It will
therefore possible to edit it through the smart server but not the physical one. It is listed as
a reminder if you click on on the All RRs list.
600
Managing DNS Resource Records
601
Managing DNS Resource Records
When you create a master zone, it automatically contains an SOA record and an NS record. This
NS is not generated until the server is synchronized.
The addition of records must be carried out from the All RRs list of a master zone. Each record
will have a specific set of fields to fill in. The Add a DNS RR wizard will allow you to create all the
supported records to the relevant zone. Naming the record will only be required when creating
a CNAME record. Not naming an RR will create a record that has the same name than the zone
it belongs to.
Depending on the type of zone, name or reverse, the most common RRs are directly accessible
from the Add > RR menu:
Adding an NS Record
The Name Server (NS) record is used to list all the DNS name servers that have authority over
a zone. NS records must be declared both in the parent and the child zones. In the parent zone,
they indicate the zone authoritative server, in the child zone where they constitute the point of
delegation.
The requirement is that at least two name servers are defined for each public domain, so there
will be at least two NS records in each zone. The first NS record, named after the zone is created
automatically when you create zones through the GUI to indicate the authoritative server; all
other NS records must be added manually following the procedure below.
We strongly recommend that you create an A record for each NS server to provide detailed in-
formation to the domain name query. This process is called creating a glue record, that way once
your domain is queried, it will return its authoritative servers name and IP address.
1
RFC 2181 stipulates that the NS record can point to other records but never to a CNAME record
as the query answer will not return an address with the NS record and in some cases might make
the query fail altogether.
1
This information is provided in section 10.3 MX and NS records of the RFC 2181, available on the IETF website: ht-
tp://tools.ietf.org/html/rfc2181
602
Managing DNS Resource Records
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Name Server. The Add a DNS RR wizard opens.
5. In the RR type field, NS is displayed.
6. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the DNS server field, type in the DNS server hostname.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
Adding an MX Record
The Mail Exchanger (MX) record allows to set the name and relative preference of your mail ex-
changers, in other words mail servers, for the zone.
Note
If the mail server stated in one of the MX records lies in the zone, you should
add an A record. This A record name will be the mail server and its value will be its
IP address.
2
Keep in mind that an MX record should not point to a CNAME record . Therefore if you have a
CNAME called mail for the zone example.com (its complete name would be mail.example.com),
if one of your mail exchangers name is mail.example.com, you will need to remove the alias from
the zone to be able to declare the mail exchanger name in the MX record. To make the answer
for the MX more efficient, you should also add an A or AAAA record pointing to the IP address
of the mail server.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Mail route. The Add a DNS RR wizard opens.
5. In the RR type field, MX is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
2
This information is provided in section 10.3 MX and NS records of the RFC 2181, available on the IETF website: ht-
tp://tools.ietf.org/html/rfc2181
603
Managing DNS Resource Records
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Preference field, type a number between 0 and 65535. It will define which server will
have priority if there are several MX records in the zone. The lowest the value has the priority
over the other server(s), it can be 0.
9. In the Mail server filed, type in the mail server hostname.
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
You can add as many MX records as you need in your master zones, it all depends on the
number of mail exchangers you want to declare.
Adding an A Record
The IPv4 Address (A) record is used to forward map a host name to an IPv4 address. It can be
added to any Master zone all RRs list. A single host can be mapped toward several A records,
or IP addresses, that create an RRset. In this case, the DNS server will respond to queries with
all the addresses defined but the order will depend on the rrset-order statement of the server
configuration file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Host address v4. The Add a DNS RR wizard opens.
5. In the RR type field, A is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IP address field, type in the IPv4 Address of the host.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK. The RR name column displays its Complete name, the Value column
displays the host IP address you specified.
If you do not name an A record, it will have the same name as the zone it belongs to, this allow
DNS clients to find the IPv4 address of your host using only its domain name. This way, querying
the zone name example.com would be resolved immediately and provide access to your host
through its IP address.
604
Managing DNS Resource Records
will respond to queries with all the addresses defined but the order will depend on the rrset-order
statement of the server configuration file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Host address v4. The Add a DNS RR wizard opens.
5. In the RR type field, A is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IPv6 address field, type in the IPv6 Address of the host.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK. The RR name column displays its Complete name, the Value column
displays the host IP address you specified.
If you do not name a AAAA record, it will have the same name as the zone it belongs to, this will
allow DNS clients to find the IPv6 address of your host using only its domain name. This way,
querying the zone name example.com would be resolved immediately and provide access to
your host through its IPv6 address.
The PTR name will always be displayed in the RR name column in reverse with the syntax
B4.B3.B2.B1.in-addr.arpa but it will be treated like a name. Which is why it is possible to set IP
addresses final section (B4) with a value that does not respect the IP protocol: a value greater
than 255 in IPv4 and greater than ffff in IPv6. This lack of limitation in the interface will provide
a additional tool for specific configurations.
The PTR being used for reverse host name look ups, it does not make sense to name multiple
PTR records with the same name, i.e. same IP address. However, to provide reverse round robin
configuration, you can set several IP addresses with different values. For more details, refer to
the Load Balancing with Round Robin section below.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master reverse zone of your choice to display
the RRs it contains.
605
Managing DNS Resource Records
4. In the menu Add > RR > Address resolution. The Add a DNS RR wizard opens.
5. In the RR type field, PTR is displayed.
6. Set the IP address in reverse through the RR name field or the IP address field. You must
fill in one of the two fields:
a. If you want to use the RR name field, you can type a number corresponding to the re-
maining section of the IP address of your choice. Filling in this field will empty the IP
address field as only one of the two required. The Complete name field auto-completes
and displays the RR full name as follows: RRname.reversezonename .
b. If you want to use the IP address field, the first sections of the IP address that you set
for the reverse zone is displayed. It is not displayed in reverse to ease the configuration.
Type in the missing dot and final section of the IP address. The Complete name field
auto-completes and displays the RR full name as follows: RRname.reversezonename
.
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Localization field, type in the hostname that will be returned when the IP address you
stated above is queried.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
All the addresses used to name your PTR records will provide as many entries toward the host
names of your choice in your reverse master zones.
Keep in mind that each CNAME RR name is unique: you cannot have several records named
www in the same zone. Their complete name would be www.example.com and as the CNAME
is an alias, it should provide a link toward a canonical name that has not been declared in the
zone yet.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Alias. The Add a DNS RR wizard opens.
606
Managing DNS Resource Records
There will be as many hostname aliases as there are CNAME records in your zone.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Text. The Add a DNS RR wizard opens.
5. In the RR type field, TXT is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Text field, type in the text of your choice. This field text can contain a maximum of 255
characters, including spaces.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
This record only allows one piece of information per field, so if for instance you want to configure
a set of ports for one service, you can create several SRV records each with the same information
in all fields except the port, priority and weight.
607
Managing DNS Resource Records
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Service Localization. The Add a DNS RR wizard opens.
5. In the RR type field, SRV is displayed.
6. In the RR type drop-down list, select the RR type need be.
7. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
8. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
9. In the Priority field, type a number, between 0 and 65535, that will define which server will
have priority if there are several SVR RRs in the zone. The lowest the value has the priority
over the other server(s).
10. In the Weight field, type a number, between 0 and 65535, that will define the server weight.
If two SRV RRs have the same priority, the weight will define which server will be more used.
The greater the value is, the more the server is solicited. Basically, it gives priority to the
SRV RR with the greatest weight value. If you type in 0, there is no weighting.
11. In the Port field, type in the port number that delivers the service to the target.
12. In the Target field, type in the hostname of the server delivering the service.
13. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
Keep in mind that if you name an HINFO record like an A or AAAA record, they will be linked to-
gether in the zone file and provide additional information when the domain name they share (an
identical Complete name in the GUI) is queried.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select HINFO.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
608
Managing DNS Resource Records
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the CPU section, select in the drop-down list the CPU description. If yours is not listed,
type it in the field and let the default value in the list (Other).
9. In the OS section, select in the drop-down list the OS. If yours is not listed, type it in the field
and let the default value in the list (Other).
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
The HINFO can also be used as a specific TXT record and contain other information.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select MINFO.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Responsible email field, type in the email address of the administrator of the mail list.
9. In the Error email field, type in the email address that will receive the error messages regard-
ing the mail list.
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
Keep in mind that a DNAME record rewrites the subdomain suffix and applies to all its subdomains.
A DNAME record rewriting a query for support.company.com to support.company.corp also applies
to queries for fr.support.company.com or es.support.company.com . The DNAME configuration
applies to any label located left of the specified domain name.
609
Managing DNS Resource Records
A zone configured with a DNAME has records that send back the proper information to DNS clients.
If the value of the DNAME is support.company.corp, there should be an A record, for instance,
named support.company.corp providing an IP address clients can reach.
Keep in mind that unlike a CNAME, the DNAME points a name and not to a record within the
zone.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DNAME.
6. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Domain field, type in the domain name of a subdomain of the zone.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select AFSDB.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Preference field, type the version of AFS service used: 1 (AFS version 3.0) or 2 (OSF
DCE/NCA version).
9. In the AFS server field, type in the AFS hostname.
610
Managing DNS Resource Records
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > NAPTR. The Add a DNS RR wizard opens.
5. In the RR type field, NAPTR is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Order field, type a number between 0 and 65535 that will define which RR will have
priority if there are several NAPTR records in the zone. The lowest value has the priority
over the other record(s).
9. In the Preference field, type a number between 0 and 65535 that will define which RR will
have priority if several NAPTR records have the same Order in the zone. The lowest value
has the priority over the other record(s).
10. In the Flags field, type in the string that corresponds to the action you want your client applic-
ation to perform.
11. In the Service field, type in the services parameters needed according to your client applic-
ation syntax.
12. In the Regex field, type in the string that contains a substitution expression that will be applied
to the original string specified in the Flags field.
13. In the Replace field, type in the FQDN domain name that will be queried when looking for
the potential data specified in the Flags field.
14. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
3
The NAPTR RR is described in the RFC 3403, available on the IETF website: http://tools.ietf.org/html/rfc3403
4
The NSAP RR is described in the RFC 1706, available on the IETF website: http://tools.ietf.org/html/rfc1706
611
Managing DNS Resource Records
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select NSAP.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Name field, type in the NSAP address of the end system. It should start with 0x and
not exceed 255 hexadecimal characters separated by dots.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
Adding a DS Record
The Delegation Signer (DS) record is a DNSSEC that creates the chain of trust or authority from
a signed parent to a child zone. It will be use to verify the validity of the ZSK of a subdomain. It
is composed of the parent zone key tag, key algorithm, digest type and digest itself.
For more details, refer to the DS Resource Record section of this guide. For the DS addition
procedure, refer to the Using the Delegation to Include Subdomains to Your Zone Chain of Trust
section.
If you manage through the GUI an external DNS server containing zone(s) already signed with
DNSSEC, you can add a DNSKEY record to the concerned zone(s). As the signature was not
performed using the appliance, SOLIDserver cannot push the DNSSEC keys to the server, so:
the DNSKEY record will merely be listed among the RRs; the zone keys will not be listed in the
Key Ring and the zone will not be displayed as DNSSEC compliant even though it is. The pos-
sibility to add a DNSKEY record is therefore simply available to ease up the zones management.
For more details, refer to the DNSSEC chapter of this guide.
To be able to successfully add a DNSKEY record through the GUI, you will need the DNSKEY
flags, protocol, algorithm and key; all of which are available in txt file generated after the zone
signature.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
612
Managing DNS Resource Records
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DNSKEY.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Flags field, type in or paste the zone key flag.
9. In the Protocol field, type in or paste the protocol value.
10. In the Algorithm field, type in or paste the public key's cryptographic algorithm.
11. In the Key field, type in or paste the public key material.
12. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
Its use is DEPRECATED, the SRV record can provide the same information.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Well Known Services. The Add a DNS RR wizard opens.
5. In the RR type field, WKS is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IP address field, type in the IPv4 Address of the host that contains the services listed
in the Services field.
9. In the Protocol drop-down list, select the protocol that suits your needs.
10. In the Service drop-down list, select the service that suits your needs.
11. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
613
Managing DNS Resource Records
Editing records
In the RRs list of a specific zone, you can edit records one by one by clicking on their name.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the records it
contains.
4. In the RR name column, click on the name of the RR of your choice. The Edit a DNS RR
wizard opens.
5. Modify, if need be, the values and TTL of the record following the table appropriate procedure
in the Adding a Resource Record section above. The default TTL for an RR is 1 hour.
6. Click on OK to commit your changes. The report opens and closes. The change is visible
on the page.
Note
If several RRs in a zone share the same name, modifying the TTL on one will modify
it as well on the RRs sharing that name.
If you want to edit several records at once, you can either edit their TTL at once or perform replace
the value or part of the value of several records at once (for instance a domain name stated in
all of them).
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) for which you want to replace the TTL.
5. In the menu, select Edit > Replace > The TTL of an RR. The Replace the TTL of an RR wizard
opens.
6. In the TTL field, indicate the expiration time of the record in seconds or use the predefined
values from the drop-down list. The default TTL for an RR is 1 hour.
7. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
new TTL is visible.
614
Managing DNS Resource Records
The replacement of a value of a record is a very powerful tool that can be configured in two dif-
ferent ways: either replace the specified value as a whole or as part of a longer set of characters.
Note that the wizard will return an error if you specify a value that does not exist or if you select
a replacement as a whole of part of an RR.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) for which you want to replace a value.
5. In the menu, select Edit > Replace > The value of an RR. The Replace the value of an RR
wizard opens.
6. In the Replace field, type in the value you want to replace.
7. In the By field, type in the new value that will replace the content of the Replace field.
8. In the Exact search drop-down list, you can either select Yes or No, refer to the table below.
9. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
changes as visible in the list.
The SOA contains the zone serial number, administrator email and configuration information
(renewal or expiry of the zone), as well as the DNS server that has authority over the zone (primary
server). In other words, modifying it can have heavy consequences on a zone management. It
is automatically generated by SOLIDserver at the creation of a master of zone and have the
same name than the zone itself, you cannot edit that name.
Keep in mind that from the All RRs list zone, you can access the zone properties page through
the breadcrumb: left of All RRs you will find Zones: <zone.name>. Click on the <zone.name>,
the properties page opens.
To modify an SOA RR
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
615
Managing DNS Resource Records
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The zone properties page opens.
4. In the Main properties panel, click on EDIT. The Edit a DNS zone wizard opens.
5. Click on NEXT until you get to the last page of the wizard.
6. Modify the SOA parameters fields, according to your needs, for more details refer to table
DNS Zone Advanced Parameters in the Managing DNS zones chapter.
7. Click on OK to commit your changes. The wizard closes. The page refreshes, the changes
are listed.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to validate the deletion. The RR is marked Delayed delete and is then no
longer listed.
Keep in mind that the NS record deletion in a parent zone can be automated upon child zone
deletion through the rule 152. For more details refer to the Automated NS Record Deletion Rule
section of this guide.
Note
The primary NS record of a zone is generated once the server is synchronized and
indicates the authoritative server of the zone.
Delegating a sub-domain simply consists of adding both NS and an A (or AAAA) RR in the parent
zone pointing to the sub-domain:
• The NS record indicates which servers are authoritative for the zone. You can also create ad-
ditional NS records to delegate authority for the zone to other DNS servers.
• The A / AAAA record indicates the IP address of the server that has authority over the sub-
domain and therefore needs to be added in the RRs list of the parent zone.
616
Managing DNS Resource Records
Let's consider the zones efficientip.com and support.efficientip.com for the purpose of illustrating
the delegation configuration. The parent zone, efficientip.com, is managed through the server
ns1.efficientip.com and the child zone, support.efficientip.com, is managed through ns2.efficien-
tip.com . You will need to add the relevant records in the parent zone. On the one hand, you will
add the NS record, name it support (it will then be listed as support.efficientip.com as the RR
name auto-completes with the domain name at the end) and indicate the server that has authority
over it in the adequate field, in our case ns2.efficientip.com. On the other hand, you will add the
A record named ns2 (once again its name will auto-complete with the zone name and obtain the
server actual name) and indicate its IP address. That way, you will have two new records in the
parent zone: an NS RR, support.efficientip.com, pointing toward the delegated child zone and a
glue A record, ns2.efficientip.com.
Keep in mind that the NS record addition in the parent zone can be automated when adding a
child zone through the rule 87. For more details refer to the Automated NS Record Addition Rule
section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Name column, click on the name of the server containing the parent zone. The server
All zones list opens.
4. In the Name column, click on the name of the parent zone. The All RRs of the zone opens.
5. In the menu Add > RR > Name Server. The Add a DNS RR wizard opens.
6. In the RR type field, NS is displayed.
7. In the RR name field, name your RR after the sub-domain. Note that the Complete name
field auto-completes and displays the RR full name as follows: RRname.zonename .
8. In the DNS server field, type in the name of the server that has authority over the sub-domain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Name column, click on the name of the server containing the parent zone. The server
All zones list opens.
4. In the Name column, click on the name of the parent zone. The All RRs of the zone opens.
5. In the menu Add > RR > Host address (v4). The Add a DNS RR wizard opens.
6. In the RR type field, A is displayed.
7. In the RR name field, name your RR after the server that has authority over the sub-domain
(the same one than the DNS server specified when adding the NS record). Note that the
Complete name field auto-completes and displays the RR full name as follows:
RRname.zonename and should match the server name.
8. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
617
Managing DNS Resource Records
To copy an RR
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. Tick the record(s) you want to duplicate.
4. In the menu, select Edit > Migrate. The Copy/Move RRs wizard opens.
5. In the Method drop-down list, select Copy.
6. In the Target server drop-down list, select the server of your choice. The Target zone drop-
down list appears.
7. In the Target zone drop-down list, select the zone of your choice. If you created views in
your server, the zone will be named zone (view).
8. In the Existing records drop-down list, choose if you want to overwrite RRs with the same
name. The wizard refreshes.
9. Click on OK to commit the RR duplication. The report opens and closes. The All RRs list is
visible again and displays the migrated record. Note that the complete name of the RR(s)
in the RR name column is now RRname.newzonename.
To move an RR
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. Tick the record(s) you want to move.
4. In the menu, select Edit > Migrate. The Copy/Move RRs wizard opens.
5. In the Method drop-down list, select Move.
6. In the Target server drop-down list, select the server of your choice. The Target zone drop-
down list appears.
7. In the Target zone drop-down list, select the zone of your choice. If you created views in
your server, the zone will be named zone (view).
8. In the Existing records drop-down list, choose if you want to overwrite RRs with the same
name.
9. Click on OK to commit the RR migration. The report opens and closes. The All RRs list is
visible again and displays the migrated record. Note that the complete name of the RR(s)
in the RR name column is now RRname.newzonename.
618
Managing DNS Resource Records
(^([*][.])?[-_a-z0-9\u00c0-\uffff]+([.][-_a-z0-9\u00c0-\uffff]+)*$)|(^[*]$)|(^$)
You can change this regular expression from SOLIDserver registry database following the pro-
cedure below:
Note
The hostname naming convention stated in the RFC1034 only allows alphanumeric
characters and hyphens. It does not include other special characters, such as under-
score ("_"). Therefore, dynamic updates from Microsoft Active Directory controllers
might not be accepted.
1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword rr_name. The list is filtered and
displays the item www.display.checktype.regex.js.rr_name.
4. In the Value column of www.display.checktype.regex.js.rr_name, click on the <regular_ex-
pression> listed. The Registry database Edit a value wizard opens.
5. In the Value field, type in the regular expression that suits your needs. Rather than replacing
the default regex with your own, you can always edit it.
6. Click on OK to commit your choice. The report opens and closes. The Registry database is
visible again.
For example, if you have three WWW servers with network addresses of 10.0.0.1, 10.0.0.2 and
10.0.0.3, a set of A resource records means that clients will connect to each machine one third
of the time. When a resolver queries for these records, BIND will rotate them and respond to the
query with the records in a different order. In the example above, clients will randomly receive
records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Once the query is answered a first time with 1,
the next client querying the same name receives a different answer: 2; and so forth. There is no
619
Managing DNS Resource Records
configuration needed, the balancing will automatically be activated if three different servers resolve
to the same domain name (to follow the example: www.yourdomain.com).
SPF Record
Sender Policy Framework (SPF) is an email validation system designed to prevent email spam
by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows
administrators to specify which hosts are, and are not authorized to send mail from a given domain
by creating a specific TXT record. Mail exchangers use the DNS to check that mail from a given
domain is being sent by a host sanctioned by that domain's administrators. The SPF record is a
single string of text found in the value of a single DNS TXT resource record.
Note
In 2003, when SPF was first being developed, the requirements for assignment of
a new DNS RR type were considerably more stringent than they are now. Additionally,
support for easy deployment of new DNS RR types was not widely deployed in DNS
servers and provisioning systems. As a result, developers of SPF found it easier and
more practical to use the TXT RR type for SPF records. In its review of the RFC4408,
the IETF SPFbis working group concluded that its dual RR type transition model was
fundamentally flawed since it contained no common RR type that implementers were
required to serve and required to check.
The Simple Mail Transfer Protocol permits any computer to send email claiming to be from any
source address. This is exploited by spammers who often use forged email addresses, making
it more difficult to trace a message back to its sender, and easy for spammers to hide their
identity in order to avoid responsibility. It is also used in phishing techniques, where users can
be duped into disclosing private information in response to an email purportedly sent by an or-
ganization such as a bank. SPF allows the owner of an Internet domain to specify which computers
are authorized to send mail with sender addresses in that domain. Receivers verifying the SPF
records may reject messages from unauthorized sources before receiving the body of the message.
The sender address is transmitted at the beginning of the SMTP dialog. If the server rejects the
sender, the unauthorized client should receive a rejection message, and if that client was a relaying
message transfer agent (MTA), a bounce message to the original sending address may be gen-
erated. If the server accepts the sender, and subsequently also accepts the recipients and the
body of the message, it should insert a Return-Path field in the message header in order to save
the sender address.While the address in the Return-Path often matches other originator addresses
in the mail header such as From or Sender, this is not necessarily the case, and SPF does not
prevent forgery of these other addresses.
620
Chapter 46. DNSSEC
Introduction
Domain Name System Security Extensions (DNSSEC) is used to strengthen DNS protocol security.
It is compatible with the existing DNS system and protects it against spoofing attacks among
other threats. DNSSEC provides origin authentication and integrity protection of DNS information
by protecting the data contained in specified zones rather than whole servers. DNSSEC allows
the recipient to validate the integrity of a DNS answer. A dependable DNS infrastructure is import-
ant for all Internet users. Two examples of use case scenarios where DNSSEC will come in
useful are Internet banking on the one hand and communicating new passwords over email on
the other hand.
1. DNS data in each zone is cryptographically signed with a couple of public and private Zone
Signing Keys (ZSK) that validate the integrity of the data of each zone. As a result, every RR
of said zone is assigned a new RRSIG record that includes its own signature. The public key
is then provided to the resolver or application that validates the integrity of the received RR.
The integrity is provided by a chain of trust starting with the public key of a trust anchor.
2. NSESC3 records are generated for each RR, thus creating an organized chain of all the RRs
of the zone that provides an authenticated denial of existence: if the data is supposed to be
located in an area of the zone where another RR is located, it means that it does not exist.
3. Delegated zones are part of a chain of trust that ensures that every zone is recognized as le-
gitimate by its parent zone. To implement the security of that relation, each delegated zone
ZSK is signed at the parent zone level thanks to a couple of cryptographic Key Signing Keys
(KSK).
DNSSEC introduces 5 new RRs that are all part of the DNSSEC chain of trust:
• DNSKEY: the public cryptographic key (KSK or ZSK) used to validate signatures.
• RRSIG: the cryptographic signature associated with each set of RR of a zone.
• NSEC3: the Next SECure is located behind each RR and points to the next valid host name
in the zone.
• NSEC3PARAM: the Next Secure 3 Parameter is an implementation record that determines
the information needed by authoritative servers in DNSSEC requests.
• DS: the Delegation Signer used to verify the validity of the ZSK of a subdomain.
All the RRs are automatically generated and will have to be signed to be DNSSEC-compliant.
Once signed, the zone file will order them automatically.
SOLIDserver can only manage DNSSEC on EfficientIP DNS server. It is not possible to manage
DNSSEC on DNS vendors features other than DNS resolvers and DNS servers using SSL protocol.
621
DNSSEC
By definition the DNSKEY record is part of the Zone Signing Key (ZSK) and of the Key Signing
Key (KSK), the public cryptographic keys, as they are both composed of a pair of public and
private keys and part of the RRs generated when signing a zone.
The ZSK private key is used to sign all the RRs of the zone, whereas the KSK is here to sign the
ZSK(s).The DNSSEC client must have access to these public keys in order to perform the required
security validation.
The difference between the ZSK and the KSK is therefore one of usage not definition. It is
therefore a matter of operational choice whether a single DNSKEY resource record is used as
both the ZSK and the KSK or whether separate DNSKEY RRs are used as the ZSK and KSK.
SOLIDserver implements the use of separate ZSK and KSK keys (RFC 4641) for security reasons.
Generating several ZSKs makes it faster to secure the zone and replace a compromised key.
Plus it makes the key rollover easier as both keys have a limited lifetime and must be changed
on a regular basis. A ZSK will be changed every few months, whereas the KSK will be renewed
once a year.
That's why RRSIG records are a very useful verification material when securing DNS operations.
The verification process is quite simple: for starters, a private key is used to encrypt a hash of
an RRset and stored in an RRSIG record. Thanks to a public key stored in a DNSKEY-record
RRSIG a resolver can decrypt the RRSIG, compare the result with the hash of the corresponding
RRset and verify the RRset has not been changed.
It is important to understand that RRSIG records sign a set of RRs and not individual RRs. Indeed,
signing an RRSIG RR would add no value and would create an infinite loop in the signing process.
It is however possible to associate several RRSIG with one RRset.
There must be an RRSIG for each RRset using at least one DNSKEY of each algorithm in the
zone apex DNSKEY RRset. The apex DNSKEY RRset itself must be signed by each algorithm
appearing in the DS RRset located at the delegating parent (if any). The RRSIG and the RRset
it covers share the same name and the same class (the RRSIG being class independent). The
RRSIG RR type is 46.
Authoritative RRsets signing involves at least one RRSIG meeting the requirement listed below:
622
DNSSEC
However, the main side-effect of NSEC RRs is that they can help enumerate the content of a
zone. That's why the NSEC3 record was designed, it is officially called DNSSEC Hashed Authen-
ticated Denial of Existence record. It is used as a proof of non-existence and uses a specific salt
to cryptographically hash each label to prevent enumeration. The NSEC3 record lists the RR
types present at the original owner name (before they were hashed) and includes the next hashed
owner name in the hash order of the zone.
The owner name for the NSEC3 RR is the base32 encoding of the hashed owner name prepended
as a single label to the name of the zone. The type value for the NSEC3 RR is 50. And like the
RRSIG, it is class independent so its class must be the same as the class of the original owner
name. Their TTL should have the same value as the SOA minimum TTL field. Only
NSEC3RSASHA1, RSASHA256 and RSASHA512 algorithms are NSEC3 capable.
To assist the requests, NSEC3PARAM was introduced. It contains the NSEC3 parameters needed
by authoritative servers to calculate hashed owner names. These parameters help choose which
set of NSEC3 records are included in the negative responses.
Thus, the zone file of a signed zone is significantly extended by the NSEC3 and the NSEC3PARAM
records. Note that the NSEC3 is automatically generated and located behind the RRs and the
RRSIG to point to the next record and signature of that record.
DS Resource Record
The Delegation Signer resource record is used to secure delegations. Indeed, a DS RR points
to a DNSKEY RR as it stores the key tag, algorithm number, and a digest of the DNSKEY RR.
With all this information, a resolver can authenticate the DNSKEY RR to which the DS record
points.
The DS RR and its corresponding DNSKEY RR have the same owner name, but they are stored
in different locations. The DS RR appears only on the parental side of a delegation and is author-
itative data in the parent zone, whereas the DNSKEY RR is stored in the child zone.
The type number for the DS record is 43. As the RRSIG and the NSEC RRs it is class independent.
Note that the DS RR has no special TTL requirements.
The starting point of this chain is the trust anchor configured with the validating resolver. The
trust anchor is a DNSKEY or DS record and should be securely retrieved from a trusted source
(not using DNS). This way, any single island of security can be joined to another secure (i.e.
623
DNSSEC
signed) domain through its delegation point and can be authenticated using the final RR in the
DNSSEC set (remember that all the names in the zone have corresponding NSEC records listed
in order and that they create a chain of all the signed record sets).
To set up a proper chain of trust, a sub domain has to be secured and linked to the secured zone
it is a delegated from, this child zone is then linked to its secure parent zone. The trusted anchor
of the parent zone will then cover the secured zones and domains that are delegated from it.
This process is sometimes set up all the way up to the TLD.
KSK
.com zone
security point of entry
domain.com zone
support.domain.com zone
Maintaining a valid chain of trust is paramount because broken chains of trust will result in data
being marked as Bogus, which may cause entire (sub)domains to become invisible to verifying
clients. The administrators of secured zones have to realize that their zone is, to verifying clients,
part of a chain of trust.
The DNSSEC resolution will be activated through the server parameters edition.These parameters
generate a trust anchor to set up a chain of trust.
Note
When the DNSSEC Resolver receives a response from an unsigned zone that has
a signed parent, it must confirm with the parent that the zone was intentionally left
unsigned. This is done by verifying, via signed and validated NSEC/NSEC3 records,
that the parent zone contains no DS records for the child. If the DNSSEC resolver
can prove that the zone is secure, then the response is accepted. However if it cannot,
it must assume the response is insecure and probably a forgery; it rejects the re-
sponse and logs an error.
624
DNSSEC
To check the compatibility of your existing servers with DNSSEC, go to the DNS tab, then on the
breadcrumb click on All servers and look in the DNSSEC column to see if the DNS server is
DNSSEC enabled or not.
To enable DNSSEC
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the DNSSEC panel, click on EDIT . The Edit DNSSEC properties wizard opens.
5. Tick the box Use DNS as DNSSEC resolver.
6. Make sure a trust anchor is listed among the Configured Trust Anchor list.
If not, or if you want to add a different trust anchor, select one among the Available Trust
Anchor and click on . The selected trust anchor is moved to the Configured Trust Anchors
list.
To remove a trust anchor, select it in the Configured Trust Anchors list and click on .
7. Click on OK to commit the configuration. The wizard closes. In the DNSSEC panel the
DNSSEC resolution is now Enabled and the the Trust Anchors list contains the chosen trust
anchor(s).
The Use DNS as DNSSEC resolver and the Trust Anchor fields are also available in the DNS
server addition and edition wizards.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key Ring page opens. The trust anchor
is listed.
3. Go to the trust anchor properties page through the properties button at the end of the line.
The trust anchor properties display the DNSSEC Keys, the Trust Anchor key and the DNS
servers using this Trust Anchor.
If you want to apply one trust anchor to several servers, see the procedure below.
625
DNSSEC
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens. The trust anchor
is listed.
3. At the end of the line of the trust anchor, click on . The properties page opens.
4. In the DNS servers using this Trust Anchor panel, click on EDIT . The wizard opens.
5. In the DNS server list, select the servers one by one and click on . The servers are now
in the Selected list.
6. Click on OK to commit your changes. The servers are now listed in the DNS servers using
this Trust Anchor panel.
Caution
A trust anchor can only be deleted if it's no longer associated with any server.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens. The trust anchor
is listed.
3. Tick the trust anchor you want to delete.
4. In the Menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The trust anchor is no longer listed on the key ring page.
By signing zones you make them DNSSEC-compliant. You will be able to verify that they are
properly signed in the All zones list: go to the DNS tab > All zones in the breadcrumb and look
in the DNSSEC column for the red key.
Signing a Zone
Once you created a DNS server, you can make some or all of its zones DNSSEC-compliant. It
will automatically generate one KSK and two ZSKs. Only master zones can be signed. During
zone signing, you will be given the possibility to set up two types of alerts to help you with for the
key rollover. We strongly recommend that you set at least one type of alert considering that any
problem within a zone can invalidate a whole server.
To sign a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
626
DNSSEC
Caution
If you set up an e-mail alert, make sure that you configured an e-mail address
for the users of the group you choose to send the alert to.
7. In the Additional Mail field, type in the email address that will receive the alert. Click on ADD .
The address is visible in the Additional Mail List field. You can add as many addresses as
you want, they will all receive the alert at the same time no matter in what order you list them.
To update an entry, select an e-mail address, change the needed data and click on UPDATE .
8. Tick the SNMP Trap box. The SNMP related fields appear. All the fields are compulsory.
9. Click on OK to commit the signature configuration for the zone(s). The report wizard opens
and closes. The zone(s) is marked Yes in the DNSSEC column.
Regenerating Keys
Regenerating your keys is compulsory to ensure the security of your DNSSEC system, it is part
of what is called the key rollover. In order to properly secure a zone, the ZSK needs to be regen-
erated approximately once a month and the KSK once a year.
627
DNSSEC
KSK
ZSK t KSK t+1
ZSK t+1
ZSK t+2
ZSK t+3
ZSK t+4
ZSK t+5
ZSK t+6
ZSK t+7
ZSK t+8
ZSK t+9
ZSK t+10
ZSK t+11
ZSK t+n
1 2 3 4 5 6 7 8 9 10 11 12 13 14
months
ZSK Regeneration
The ZSK regeneration is automatic. The whole set of active keys is checked daily at noon. When
ZSKs are about to expire, new keys with the same parameters are generated. These keys will
then be enabled and added to the DNS and visible in the Key Ring listing page of the Administra-
tion tab if and only if the zone has only one active ZSK that has reached a third of its lifetime.
Expired ZSKs will automatically be deleted eventually.
Considering that you might need to enforce a key regeneration, it is possible to manually regen-
erate ZSKs in the Key Ring. However, keep in mind that forcing a refresh only works if a regen-
eration is necessary for the zone.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. In the menu, select Expert > Force refresh DNSSEC keys. The report opens and closes.
The refresh operates only if necessary.
KSK Regeneration
KSK regeneration is manual as the parameters of this key entirely depend on what was assigned
by the Registrar or your parent zone. Some time before the scheduled end of the KSK lifetime,
you will receive an email alert or an SNMP trap (depending on the kind of alert you set up when
signing the zone).
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server you want to generate a new KSK for. The All zones page
of the server opens.
4. Tick the zone for which you have to generate a new KSK.
5. In the menu, select Tools > Generate new KSK. The DNSSEC - Generate a new KSK wizard
opens.
628
DNSSEC
6. Modify the Algorithm, Encryption and Validity parameters according to your needs.
7. Click on OK to commit the generation. The report wizard opens and closes.
After the KSK regeneration you have to transmit the new key-related information to your parent
zone to make sure the validation chain is still efficient. To get this information you have to access
the key properties.
a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS zones icon. The DNS All zones list opens.
c. At the end of the line of the zone you just signed, click on . The properties page opens.
d. Open the DS Keys panel, in the DS list a new DS has been generated along with the
new KSK.
KSK
.com zone
Security point of entry
domain.com zone
support.domain.com zone
629
DNSSEC
If you are using a DLV, you will need to transmit the DS of each zone to your parent zone. To
this purpose, you can access the DS details through the zone properties page and copy/paste it
in order to send it.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the DS Keys panel, copy the information in the DS list field.
5. Paste it in the document of your choice in order to send it.
Note that the DS Keys panel is also available on the properties page of the zone KSK.
If your are managing a domain and its subdomains, you might want to include them to your zone
Chain of Trust rather than create a Trust anchor for each subdomain. In this case, you need to
retrieve the DS information (see procedure To display the DS information above) and then add
it to your subdomains zones RRs list.
630
DNSSEC
Example 46.1. Where to Find The DS Information Needed When Adding a DS To A Child Zone
To successfully integrate a subdomain into your parent zone Chain of Trust you will need four
different pieces of information: the key tag, the algorithm key, the digest type and the digest.
To illustrate the way to decompose the DS information into the four pieces of information, repres-
ented by fields in the DS RR addition wizard, let's imagine that we created the zone domain.com
and signed it. Now, we need to add the DS RR to our zone sub.domain.com. For starters, we
need to retrieve the domain.com DS List (found in the DS Keys panel).
The only information you need is the underlined set of numbers in the example above: everything
on the first line located right after "DS". Now you simply need to have a look at the space between
each set of numbers and letters to divide the needed data into the four fields of the wizard. In the
list below you will find the content of each field for the zone domain.com:
To add a DS to a zone
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Click on the name of the zone where you want to add your DS. The All RRs list of the zone
appears.
4. In the menu, select Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DS.
6. In the RR name field, type in the DS name that will be displayed on the RR name column as
follows: dsname.zonename .
7. In the TTL field and drop-down list, you can edit the default value. Changing one field will
automatically edit the other. By default, the TTL is of 3600 seconds (1 hour).
8. In the Key Tag field, paste the parent zone key tag. For more details, see the example above.
9. In the Key Algorithm field, paste the parent zone algorithm key. For more details, see the
example above.
10. In the Digest Type field, paste the parent zone digest type. For more details, see the example
above.
11. In the Digest field, paste the parent zone digest. For more details, see the example above.
631
DNSSEC
12. Click on OK to commit the DS RR creation. The report opens and closes. The RR is listed
on the All RRs page, its value corresponds to the content of the fields Key Tag, Algorithm
Key, Digest Type and Digest separated by a comma.
Disabling DNSSEC
DNSSEC keys are manageable from the key ring (accessible through the Administration tab):
you can enable, disable or invalidate KSKs. As for their deletion, you can only delete used
DNSSEC Keys (KSKs and ZSKs).
Disabling a key is not recommended at all as it is a very risky operation if not handled properly.
Disabling the wrong key could affect the zone and all it subdomains, it could make it a dark zone
for instance.
Keep in mind that disabling a key does not delete it. If you disable an active key, it is marked as
Delayed Delete in the Status column of the All RRs list (DNS tab > All RRs in the breadcrumb)
but still marked as Enabled in the key ring (Administration tab > Key ring).
Enabling a Key
Enabling a key is a simple procedure that you can undo at any time.
To Enable a Key
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick the disabled ZSK or KSK you want to enable.
4. In the menu, select Expert > Enable. The Enable / Disable DNSSEC keys wizard opens.
5. Click on OK to commit your changes. The selected keys will be marked as Enabled in the
Status column.
Disabling a Key
Disabling a key is very easy to do. However, disabling a valid key will delete the corresponding
DNSKEY RR and therefore make the validation impossible as the zone would be unavailable for
query.
To Disable a Key
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick the ZSK or KSK you want to disable.
4. In the menu, select Expert > Disable. The Enable / Disable DNSSEC Keys wizard opens.
632
DNSSEC
5. Click on OK to commit your choice. The selected keys will be marked as Disabled in the
Status column.
Note
If you disable one or several active keys, the corresponding zone will appear as
Broken in the DNS tab zones list.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick all the keys you wish to unsign.
4. Make sure that the trust anchor is not selected as you cannot disable or unsign a trust anchor.
5. In the menu, select Expert > Disable. The Enable / Disable DNSSEC keys wizard opens.
6. Click on OK to commit your changes. The keys are marked Disabled in the Status column
in the key ring and, as it is no longer DNSSEC-compliant, the zone is marked No in the
DNSSEC column of the All zones list (DNS tab).
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone you wish to purge.
4. In the menu, select Tools > Expert > Purge DNSSEC Records. The Purge zones from
DNSSEC records wizard opens.
5. Click on OK to commit the purge. The key ring is now key-less and the DNSSEC keys have
also been removed from the All RRs list.
633
DNSSEC
Note
Invalidating the KSK protects your zone from attacks and allows you to replace safely
this key.
Once you invalidated a KSK, do not forget to transmit the DS or Public Key of the old KSK and
new KSK. There are four main steps to follow to properly invalidate your zone:
1. Generating a new KSK to make sure that you do not invalidate the whole zone once you inval-
idated the compromised one.
2. Invalidating the compromised KSK to replace it with the new one.
3. Disabling the compromised KSK to update its RRs. This will change its value in the zone list.
Then you have to enable it again to ensure that the compromised key cannot be used again
by anyone.
4. Notifying the changes. Once you invalidated your KSK, you have to transmit a copy of the in-
validated DS set to your DLV or a copy of the Public Key to your Registrar.
1. To generate a KSK
a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS servers icon. The DNS All servers list opens.
c. Click on the name of the server you want to generate a new KSK for. The list of its zones
opens.
d. Tick the zone for which you have to generate the KSK.
e. In the menu, select Tools > Generate new KSK. The DNSSEC - Regenerate key wizard
opens.
f. Change the Algorithm, Encryption and Validity options according to your needs.
g. Click on OK to commit the generation. The report wizard opens and closes.
Note
The new KSK is automatically Enabled and visible in the key ring (Administration
tab > Key Ring).
2. To invalidate a KSK
634
DNSSEC
a. At the end of the line of the invalidated key, click on . The properties page opens.
b. Copy the content of the DS and Public Key fields.
c. Paste it in the file of your choice and send it.
However, you might want to remove the unused keys to clean up the system. That's why,
SOLIDserver provides you with an option that will manually execute the automatic check rule.
Before following this procedure, make sure you unsigned the zones properly.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. In the menu, select Expert > Remove unused DNSSEC keys. The Remove unused DNSSEC
keys wizard opens.
4. Click on OK to commit the unused keys deletion. The report opens and closes. The relevant
keys are deleted.
635
Chapter 47. HSM
The Hardware Security Module (HSM) is a secure crypto processor, usually a device or an appli-
ance, dedicated to generating and managing encryption keys. Typically, it provides strong authen-
tication through accelerated cryptographic operations (involving these keys) and even multiple
levels of security.
The HSM relies on a Remote File System (RFS) and the Security World that will hold all the
critical information. Basically, the RFS will hold the encryption keys and the Security World, that
actually describes the cryptographic environment. The communication between the HSM and
any server depends on both elements. Indeed, to ensure a secure communication between the
HSM and a server, the first step will be to create a Security World on the HSM, then create an
RFS that will retrieve a copy of the Security World and therefore be recognized by the HSM.
From then, every key will be generated on the RFS, sent to the HSM to be encrypted, once en-
crypted it is sent back to the RFS for storage. Any time the server needs a key, the encrypted
key is sent by the RFS to the HSM to be decrypted and sent straight to the server. The commu-
nication between any server and the HSM being completely secure, this key will be invisible on
the network to anyone but the HSM and the server. Obviously, the RFS storage being remote in
essence, you need to choose a server that offers enough data security to store the RFS outside
of the HSM.
The HSM encryption can be purely based on a software or on chip cards (one or several). It is
recommended to use an encryption on chip cards to enhance the security.
The encrypted communication between a server and an HSM implies that for each server that
needs encrypted data communication you need a unique RFS. Each RFS needs to store the
keys needed by each server. Consequently, one HSM can be used to secure the communication
with several servers, provided that there are as many servers as there are remote file systems.
The HSM will synchronize the RFS on each server separately.
EfficientIP makes it possible to store the Security World either on a SOLIDserver appliance or
any other server.
The goal of this chapter is to detail the basics of the interaction between a Thales nShield 500
HSM and the DNSSEC signing process. In other words, the procedures toward signing zones
with a SOLIDserver used as a manager, a DNS server and a host for the RFS. All the limitations
of the HSM use with SOLIDserver are all listed at the end of this chapter.
The All HSM Servers page always displays the Hardserver embedded in SOLIDserver. By default,
the HSM is not configured and its status is ! Hardserver is not running.
636
HSM
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
3. At the end of the line of the Hardserver, click on . The properties page opens.
• Main properties: sums up the main information regarding the server: its Name and IP address,
localhost daemon as it is embedded in SOLIDserver appliance.
• Status: displays the server statuses. On the one hand the Configuration status, and on the
hand the Hardserver, or operational status, that can be Not running or Running, once the service
is enabled.
• Module: contains information regarding the server. This panel appears once the service is
running. It displays the Module Number, Version, Version Information, Product Name, Mode
and Remote port. The Module number will always be set to #0 on that page.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
• Main properties: sums up the main information regarding the server: its Name and IP address,
localhost daemon as it is embedded in SOLIDserver appliance.
• Status: displays the server statuses. On the one hand the Configuration status, and on the
hand the Hardserver, or operational status, that can be Not running or Running, once the service
is enabled.
• Module: contains information regarding the server. This panel appears once the HSM has
been detected by the Hardserver. It lists the Module Number, Serial number, Connection
Status, Version, Version Information, Product Name, and Mode.The Module number will always
637
HSM
be set to #<number> that corresponds to the order in which the server has been detected by
the Hardserver: the first detected is #1, the second is #2, etc.
Prerequisites
Before using the HSM with SOLIDserver, your appliance and HSM module must comply with a
set of prerequisites without which the HSM cannot run properly:
• Your HSM module must be supported by SOLIDserver. Nowadays, only the Thales nCypher
HSM module is supported.
• Your license must be valid and include the DNS module.
• The communication with the HSM is only authenticated by a smart card.
• Only an administrator with the proper ACS rights over the smart card can manage the
HSM module through SOLIDserver.
By default, the use of an HSM is not enabled on SOLIDserver, so you have to create a new Re-
gistry key to make the DNS server (HSM) and nFast Hardserver services appear on the Services
configuration listing page.
638
HSM
1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
4. In the Name field, type in module.dns.hsm_enabled .
5. In the Value field, type in 1 .
6. Click on OK to commit the addition. The report opens and closes. The Registry database
page is visible again.
Note
If you use a different slot than the default one (492971158) to communicate with
your HSM appliance, create another Registry item, named module.dns.hsm_slot
with the value of your own slot. All the commands called to create new DNSSEC
keys will use this value instead of the default one.
The registry key(s) was added to allow the management of two new services to the Services
Configuration page. Now, under the DNS server line, you will find the DNS server (HSM) and
nFast Hardserver services.
To properly integrate the HSM to SOLIDserver management, you need to enable the nFast
Hardserver service before configuring the HSM.
1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the System section, click on the Services icon. The Services configuration page opens.
3. In the Name column, locate the nFast Hardserver service.
4. In the Enabled column, click on Disabled. The Enable a service wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.
6. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The page refreshes, the
nFast Hardserver service is marked Enabled.
Once the service is running, the Hardserver status will be OK on the All HSM servers page.
You can now configure the HSM, i.e. add the HSM server(s) to secure your authentication pro-
cesses.
639
HSM
In both cases, the procedure is automated. However, an error might occur and the result you
hoped for might be let, in this case, you will need to complete the configuration manually as detailed
in the Completing the Configuration Manually If an Error Occurred section.
If you already have a Security world, you simply need to generate it and import through SOLID-
server GUI.
1. Add your SOLIDserver to the authorized clients list on your HSM appliance.
2. You can edit your RFS if you want to declare SOLIDserver as your RFS.
3. Generate your Security World archive file:
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. In the menu, select Tools > Import Security World. The HSM Security World Import wizard
opens.
5. Click on BROWSE to select the .tar file to import.
6. Double-click on the name of the needed .tar file.
7. In the File name field, the file is displayed once selected.
8. Click on OK to commit your import. The report opens and closes. The All HSM Servers listing
page is visible again.
If you do not have a Security World, you can declare SOLIDserver as your RFS. It will therefore
contain the Security World needed to authenticate your data exchanges.
1. Add your SOLIDserver to the authorized clients list on your HSM appliance.
2. Declare SOLIDserver as your RFS on your appliance.
640
HSM
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. In the menu, select Add > Add HSM Server. The Add an HSM server wizard opens.
5. In the Name field, type a name for your HSM server.
6. In the IP address field, type in the IP address of your HSM server.
7. In the Description field, you can type in a description for the server.
8. You can set a number of RFS and Enrollment related parameters upon addition: tick the
Override default parameters checkbox. The HSM RFS and HSM Enrollment sections appear.
a. If you want to force the cleanup of the RFS repository (remove old entries sharing the
same ESN value): in the HSM RFS section, tick the Force box.
b. If you want to force the reconfiguration of already known HSM appliances RFS when
enrolling a new HSM appliance: in the HSM Enrollment section, tick the Force box.
c. If you want to force the Hardserver to request a privileged connection to the HSM: in
the HSM Enrollmentsection, tick the Privilege box. By default, this box is unticked.
9. Click on OK to commit your addition. The report opens and closes. The All HSM Servers
listing page is visible again.
On the All HSM Servers listing page, the HSM modules status should be OK. Besides, the
Hardserver properties page will now display the Module panel.
If the Status is not OK, refer to the section Completing the Configuration Manually If an Error
Occurred below.
If the HSM servers status is not OK, you may have to manually identify your HSM, create the
RFS or trigger the enrollment manually depending on the status. For more details, refer to the
HSM Servers Statuses table above.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for you want to identify.
5. In the menu, select Tools > Identify. The Identify the HSM wizard opens.
6. Click on OK to commit your identification. The report opens and closes. The server is visible
in the All HSM Servers listing page.
641
HSM
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for which you want to create the RFS.
5. In the menu, select Tools > Create the RFS. The Create the RFS wizard opens.
6. Tick the Force checkbox to remove old entries sharing the same ESN value from the HSM
RFS.
7. Click on OK to commit your creation. The report opens and closes. The server is visible in
the All HSM Servers listing page.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for you want to enroll.
5. In the menu, select Tools > Enroll. The Enroll the HSM with SOLIDserver wizard opens.
6. Tick the Force checkbox to force the reconfiguration of already known HSM appliances RFS.
7. Tick the Privilege checkbox to force the Hardserver to request a privileged connection to
the HSM. By default, this box is unticked.
8. Click on OK to commit your enrollment. The report opens and closes. The server is visible
in the All HSM Servers listing page.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
3. In the System section, click on the Services icon. The Services configuration page opens.
4. In the Name column, locate the DNS server service.
5. In the Enabled column, click on Enabled. The Disable a service wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.
642
HSM
7. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
8. Click on OK to commit your choice. The report opens and closes. The service is marked
Disabled.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
3. In the System section, click on the Services icon. The Services configuration page opens.
4. In the Name column, locate the DNS server (HSM) service.
5. In the Enabled column, click on Disabled. The Enable a service wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.
7. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
8. Click on OK to commit your choice. The report opens and closes. The service is marked
Enabled.
Note
If you enable the DNS server (HSM) service before adding any HSM server, the
service Status will be ! No HSM found. In which case you will need to add the
HSM server and restart the HSM DNS service. For more details regarding how
to start and stop a service refer to the section Handling Services of this guide.
Keep in mind that using the HSM DNS implies a specific configuration of your servers that
uses the Enable HSM box, for more details refer to the Using the HSM Service With DNS Servers
below.. Once the service is running, you will be able to sign your zones using the HSM.
The addiction of the registry database entry also adds a dedicated checkbox that you need to
tick, otherwise SOLIDserver does not query the HSM when generating DNSSEC keys for this
server. The procedure below simply emphasizes the HSM configuration of the server, for more
details regarding the configuration of a DNS server refer to the procedure To add an EfficentIP
DNS server of this guide.
643
HSM
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the DNS servers icon. The DNS All servers list opens.
4. In the menu, select Add > Server > EfficientIP DNS. The Add a DNS server wizard opens.
5. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
6. Fill in the DNS server name, Management IP address to set up the basic server configuration.
7. In the Management Protocol drop-down list, select SSL or SNMP and configure the protocol
according to your needs.
8. Click on NEXT . The last page of the wizard opens.
9. Tick the Enable HSM box.
10. In the Mode drop-down list, you can set up the parameters of your choice.
11. Click on OK to commit your creation. The report opens and closes. The server is listed and
using HSM to authenticate DNSSEC keys.
Note
You can tick or untick the Enable HSM box upon edition of an EfficientIP server
as well.
For more details regarding DNSSEC zone signing, refer to the chapter DNSSEC of this guide.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
644
HSM
1. Connected to SOLIDserver yet, log in using a superuser account login and password.
2. Delete all HSM appliances from the list. For more details, refer to the Deleting an HSM Appli-
ance section above.
3. Disable the nFast Hardserver service. For more details, refer to the Handling Services section
this guide.
4. Disable the DNS server (HSM) service. For more details, refer to the Handling Services section
this guide.
5. Remove the HSM dedicated registry key following the procedure below.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Registry database. The Registry database page
opens.
4. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
5. In the Name field, filter the list to find the module.dns.hsm_enabled .
6. Tick the key.
7. In the menu, select Edit > Delete. A pop up window opens.
8. Click on OK to commit your deletion. The page refreshes. The key is no longer listed.
To use an HSM appliance again follow the sections of this chapter again to integrate, configure
and manage the appliance.
HSM Limitations
There are a number of limitations to the HSM use with SOLIDserver:
• The HSM slot is common to all the HSM queries; you cannot set it per DNS server.
• Keys deletion does not trigger a deletion of the corresponding key on the HSM RFS.
• You cannot use several chip cards with your HSM.
• The chip card needs to be inserted in the HSM for the encryption to work.
645
HSM
• You can neither use a pin code nor a K/N quorum (only 1/N supported).
• There is no automated replication of the Security World for DNS servers managed remotely.
646
Chapter 48. DNS Firewall (RPZ)
Recursive DNS server Response Policy Zone (RPZ) is based on domain data feeds provided by
an external service, manually created by network administrators... Using this information,
SOLIDserver allows to set up a granular approach for RPZ zone management. Instead of
blocking an entire domain, you can set exceptions for subdomains and even configure individual
response policies for each subdomain. In this sense, the RPZ is basically a DNS firewall option
that you can configure on the server to set up a filter for recursive queries of domain names or
IP addresses through the resource records of a zone and provide an alternate response to this
query. This mechanism is similar to an email anti-spam blacklist. In other words, it allows you to
prevent DNS clients from accessing certain websites.
Syslog
server
Malware Data
Feed
DNS Firewall
Multi-vendor
Dynamic policy
update
Alert Forbidden
request
Botnet attack
Malwares
Viruses
Management
Appliance
From the zone level, you can decide which requests are redirected and where, as well as set a
NODATA or even an NXDOMAIN response. The main benefit of such mechanism is that you
can set up a filter using either a domain name or an IP address using the CNAME, A and AAAA
records of the RPZ zone.
647
DNS Firewall (RPZ)
1 This orange rectangle allows to differentiate regular DNS zones and records from RPZ DNS
zones. Clicking on an RPZ zone name will opens the All RPZ rules page and displays the
records it contains.
2 The All RPZ rules page is dedicated to all the records of an RPZ DNS zone. To ease up
records management, even the SOA and NS records of an RPZ zone are gathered on this
page.
Through the GUI, the RPZ configuration of a zone is quite simple. Once you added your BIND
server to the DNS All servers list, you simply need to add RPZ zones from the All zones page
and add your RPZ rules through the addition of CNAME, A and AAAA records on the All RPZ
rules page.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens, the RPZ zones are preceded
by an orange rectangle.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens, the RPZ zones are
preceded by an orange rectangle.
The RPZ zone statuses are identical to regular zones. For more details, refer to the Understanding
the DNS Zones Statuses section of this guide.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All RPZ rules. The All RPZ rules list opens.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens, the RPZ zones are preceded
by an orange rectangle.
3. click on the name of the RPZ zone of your choice. The All RPZ rules page opens. By default,
it lists at least the SOA and NS record of the zone. Any additional records will be listed and
preceded by the same orange rectangle than the zone.
648
DNS Firewall (RPZ)
1. Add a BIND server to the DNS All servers list. For more details, refer to the Managing a BIND
DNS Server section of this guide.
2. Add an RPZ Zone, see the Adding RPZ Zones section below.
3. Add your policies through records addition, see the Managing RPZ Policies section below.
• Name zones. The RPZ configuration does not work on reverse zones.
• Master or Slave zone. Any other type of zone is irrelevant to the RPZ configuration.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the menu, select Add > RPZ zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select a BIND server and click on NEXT . The next page of the wizard
appears.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. In the DNS zone type list, select Master.
7. Click on NEXT . The last page of the wizard appears.
8. In the Name field, name your zone following the syntax given in RFC1034
[http://tools.ietf.org/html/rfc1034] (page 7).
9. In the View drop-down list, select a view if you created any. If there are no views in the se-
lected server, the list is empty.
10. The DNS firewall (RPZ) checkbox is automatically ticked and displayed in gray.
11. Click on OK to commit the creation. The report opens and closes. The RPZ zone is listed,
preceded by an orange rectangle and marked Delayed create before being marked
OK.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the menu, select Add > RPZ zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select a BIND server and click on NEXT . The next page of the wizard
appears.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
649
DNS Firewall (RPZ)
Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
13. Click on OK to commit the creation. The report opens and closes. The RPZ zone is listed,
preceded by an orange rectangle and marked Delayed create before being marked
OK.
Once you added the needed zones, you can configure their policies through records addition in
the All RPZ rules page.
• you can edit its content and add as many RPZ records as you please. For more details, refer
to the Managing RPZ Records section below.
• you can edit some panels from an RPZ zone properties page:
• From the Main properties panel, you can edit the zone applied class. At any time, you can
decide to apply a class, no class or a different class to your RPZ zone. For more details,
refer to the Class Studio chapter of this guide.
• From the Name servers panel, you can edit the Authoritative DNS servers. For more details,
refer to the Configuring Delegation at the Zone level section of this guide.
650
DNS Firewall (RPZ)
• From the Forwarding panel, you can edit the zone forwarding parameters. For more details
regrading the available parameters, refer to the Configuring DNS Forwarding section of this
guide.
• From the Notify panel, you can edit IP addresses that will be notified of any changes on the
master zone.
• From the Access control panel, you can set or edit allow-query, allow-transfer and allow-
update options on your zones. For more details, refer to the Managing DNS Security section
of this guide.
• From the Groups access panel, the members of the admin group, can set and edit which
groups will have or not the RPZ zone in their resources list.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Filter the list if need be.
4. Tick the RPZ zone(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The zone is marked
Delayed delete until it is no longer listed.
SOLIDserver provides the configuration of four different policies that you can configure using
requested domain names (QNAME) or IP addresses:
• Redirection is set through the creation of an RPZ: REDIRECT record on the All RPZ rules
page. It allows to define which domain or IP address will be redirected toward which domain
or IP address:
Domain name > domain name redirection
This redirection creates a CNAME record which name and value depend on the domain
names stated during configuration.
Domain name > IP address redirection
This redirection creates an A record if you redirect the domain name toward an IPv4 address
or a AAAA record if you redirect the domain name toward an IPv6 address. This IP address
can be the IP address of any equipment or even an entire subnet start address. Its name
and value depend on the domain name and IP address stated during configuration.
IP address > domain name redirection
This redirection creates a CNAME record which name and value depend on the IP address
and domain name stated during configuration.
651
DNS Firewall (RPZ)
Keep in mind that you can also set an NODATA policy using a Name Server Domain Name
(NSDNAME) or Name Server IP address (NSIP).
• NXDOMAIN is set through the creation of an RPZ: NXDOMAIN record on the All RPZ rules
page. It allows to set an denial of existence response to any requested domain name or IP
address. It basically creates CNAME record named after the domain name or IP address trig-
gering this response.
Keep in mind that you can also set an NXDOMAIN policy using a Name Server Domain Name
(NSDNAME) or Name Server IP address (NSIP).
• PASSTHRU is set through the creation of an RPZ: PASSTHRU record on the All RPZ rules
page. It allows to set an exception for the redirection or NODATA or NXDOMAIN response
you set. It creates a CNAME record that will, for instance, redirect domain.com towards you
company website but still grant access to the page www.domain.com.
Each policy is created with a TTL of 3600 seconds. Once applied, the policy TTL automatically
drops to 5 seconds, following BIND behavior.
At server level, adding a policy to a zone will add the response-policy option in the named.conf
file. SOLIDserver will simply state in this option the RPZ zones managed by the server. In each
of the RPZ zone zone file, the records will be listed as CNAME, A and AAAA records respecting
the RPZ syntax.
When adding RPZ policies, you must keep in mind that the triggers or records that encode the
triggers (the policies) of a given DNS query or DNS response will follow a specific order that allow
you to set various RPZ rules for a single RPZ zone. The queries are compared to all RPZ policies
in following the order below:
Policies encoded in the first response-policy defined zone in the server configuration are
matched first. In other words, the first policies created are the first used to provide alternate
responses to user queries.
2. Within a single RPZ zone, policies respect a specific precedence
QNAME policies (i.e. domain name based polices) are preferred over IP based policies; IP
policies are preferred over NSDNAME policies; NSDNAME policies are preferred over NSIP
policies.
3. Within a single RPZ zone, name based policies follow a specific order
652
DNS Firewall (RPZ)
Among applicable QNAME or NSDNAME policies, the policy with the smallest name is preferred.
4. Within a single RPZ zone, IP based policies follow a specific order
a. Among applicable IP or NSIP policies, the policy with the longest prefix length is preferred.
b. Among IP or NSIP policies with the same prefix, the smallest IP address is preferred.
The RPZ redirection policy can be configured using domain names. There are as many domain
redirections as there are RPZ: REDIRECT records configured. You can either use a full domain
name or specify some parts as variable, to include all the subdomains of a particular domain for
instance.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.
Table 48.2. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain is redirected
towards a domain name (refer to step 8) or towards an IP
address (refer to step 9).
a
*.domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain is redirected towards a domain name (refer to
step 8) or towards an IP address (refer to step 9).
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name is
redirected towards a domain name (refer to step 8) or to-
wards an IP address (refer to step 9).
a
The * (asterisk) is called the wildcard when used in front of a domain name.
7. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 8) or towards an IP address (refer to step 9).
8. Set the redirection towards the domain name of your choice:
653
DNS Firewall (RPZ)
10. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source domain name,
its Value is the target domain name or IP address depending on your configuration.
You can configure a NODATA response policy for clients requesting certain domain names.
There is a NODATA response for as many domains as there are RPZ: NO DATA records con-
figured.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.
Table 48.3. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets a nodata
response.
*.domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain gets a nodata response.
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
a nodata response.
654
DNS Firewall (RPZ)
You can configure an NXDOMAIN response policy for clients requesting certain domain names.
There is an NXDOMAIN response for as many domains as there are RPZ: NXDOMAIN records
configured.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.
Table 48.4. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets an
nxdomain response.
*.domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain gets an nxdomain response.
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
an nxdomain response.
Once you configured redirection and specific request responses, you can always configure a
PASSTHRU exception for a particular domain name, subdomain, etc. There are as many domain
name exceptions as there are RPZ: PASSTHRU records configured.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
655
DNS Firewall (RPZ)
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details. Keep in mind that you cannot use the wildcard * when
configuring a passthru from a domain name.
Table 48.5. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets a regular
response.
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
a regular response.
The RPZ follows a specific syntax similar to the reverse mapping (in-addr.arpa) in the zone file:
Note
In the context of reverse IPv6 address notation, you might see ".zz." in the Partial
RR name column once the RPZ records are created. It corresponds to "::" and allows
you not to type in full the omitted 0000: groups of the address.
The RPZ redirection policy can configured using a specific IPv4 or IPv6 address or range of ad-
dresses. There are as many IP addresses redirections as there RPZ: REDIRECT records con-
figured.
Keep in mind that even though you can redirect a single address or a range of IP addresses (a
subnet address for instance), the redirection target can only be one IP address.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
656
DNS Firewall (RPZ)
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 9) or towards an IP address (refer to step 10).
9. Set the redirection towards the domain name of your choice:
10. Set the redirection towards the domain name of your choice:
11. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source IPaddress and
prefix displayed in reverse, its Value is the target domain name or IP address depending on
your configuration.
The RPZ NODATA policy can configured using a specific IPv4 or IPv6 address or range of ad-
dresses.There are as many IP addresses redirections as there RPZ: NODATA records configured.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Nodata.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the source IP address and
prefix displayed in reverse, its Value is * following the BIND RPZ syntax in the zone file.
657
DNS Firewall (RPZ)
The RPZ NXDOMAIN policy can configured using a specific IPv4 or IPv6 address or range of
addresses. There are as many IP addresses redirections as there RPZ: NODATA records con-
figured.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Nxdomain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source IP address and
prefix displayed in reverse, its Value is . following the BIND RPZ syntax in the zone file.
Once you configured the redirection and responses policies of your choice, the RPZ allows you
to configure PASSTHRU exceptions for the IPv4 and IPv6 addresses or ranges of addresses of
your choice. There are as many IP addresses exceptions as there are RPZ: PASSTHRU records.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Passthru.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: PASSTHRU named after the source IP address and
prefix displayed in reverse, its Value is rpz-passthru following the BIND RPZ syntax in the
zone file.
658
DNS Firewall (RPZ)
Keep in mind that any of the zone managed by that authoritative Name Server are returned a
NODATA or NXDOMAIN response if queried EXCEPT if you set a passthru exception for a par-
ticular zone or IP address managed by said Name Server. Indeed, as the NSDNAME and NSIP
based policies are looked at last, if you set up a passthru based on a domain name (QNAME)
or IP address, the passthru match will be found before the name server domain name or IP address
NODATA or NXDOMAIN policy. For more details, refer to the Understanding the RPZ Policies
Order section.
A name server domain name can be used to set a NODATA or NXDOMAIN response to any
query made to the zones it manages. This server name is usually embedded in the NS value of
a domain name, once you retrieved it you simply need to add specify it as a Source Domain in
the Add an RPZ Rule wizard.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 8) or towards an IP address (refer to step 9).
8. Set the redirection towards the domain name of your choice:
659
DNS Firewall (RPZ)
10. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the name server domain
name followed by the suffix rpz-nsdname, its Value is the target domain name or IP address
depending on your configuration.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Nodata.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the name server domain
name followed by the suffix rpz-nsdname, its Value is * following the BIND RPZ syntax in
the zone file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Nxdomain.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named named after the name server
domain name followed by the suffix rpz-nsdname, its Value is . following the BIND RPZ
syntax in the zone file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Passthru.
660
DNS Firewall (RPZ)
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source domain name
followed by the suffix rpz-nsdname, its Value is rpz-passthru following the BIND RPZ syntax
in the zone file.
The IP address of a name server can also be used to set a NODATA or NXDOMAIN response
to any query made to the zones it manages. This server name IP address is usually embedded
in the A glue record of the domain name NS record, once you retrieved it you simply need to add
specify it as the Source Address with the prefix /32 in IPv4 and /128 in IPv6 in the Add an RPZ
Rule wizard.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 9) or towards an IP address (refer to step 10).
9. Set the redirection towards the domain name of your choice:
10. Set the redirection towards the domain name of your choice:
11. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source IPaddress and
prefix in reverse followed by the suffix rpz-ip, its Value is the target domain name or IP address
depending on your configuration.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
661
DNS Firewall (RPZ)
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Nodata.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is * following the BIND RPZ
syntax in the zone file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Nxdomain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is . following the BIND RPZ
syntax in the zone file.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Passthru.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: PASSTHRU named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is rpz-passthru following
the BIND RPZ syntax in the zone file.
662
DNS Firewall (RPZ)
For these sources, the available policies are the same: redirection, Nodata, Nxdomain or Passthru.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Other.
6. In the Value field, type in the source identification following the RPZ syntax (with the appro-
priate values and suffixes).
7. In the Policy drop-down list, select the policy that suits your needs. If you select Redirection,
you will need to specify a domain name or an IP address.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: <policy> named after the content of the Value field
in the wizard, its Value will depend on your configuration.
Deleting Policies
At any time, you can delete a policy. In other words, you can delete an RPZ record. In the pro-
cedure below, the deletion is done from a specific zone All RPZ rules page but you can also delete
records from the global All RPZ rules.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. Filter the list if need be.
5. Tick the RPZ record(s) you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The record is marked
Delayed delete until it is no longer listed.
663
Chapter 49. Hybrid DNS Service
SOLIDserver version 5.0.3 introduces a Hybrid DNS service to reduce risks of corruption of BIND
DNS engines. Hybrid DNS incorporates an alternative DNS engine based on NLnetLabs Unbound
and NSD that provides an automated switch from the regular BIND service to a service that as-
sociates BIND and one of the two NLNetLabs engines depending on your configuration.
Once the switch is complete, the DNS engine footprint is more complex to analyze and less prone
to malicious attacks as it does not take on BIND security flaws: it avoids them altogether as the
DNS mechanism is different. Therefore, in the event of an attack or important security issue, the
switch to Hybrid ensures data security and avoids its potential corruption.
From SOLIDserver GUI you can switch BIND engines to a Hybrid engine if their configuration
compatible with Unbound or NSD. However, you cannot decide to switch to NSD or Unbound,
SOLIDserver automatically decides which engine is relevant based on your DNS configuration:
authoritative engines switch to BIND/NSD hybrid and recursive engines switch to
BIND/Unbound hybrid.
Keep in mind that Hybrid engines have some limitations compared to BIND engines. For more
details refer to the Hybrid DNS Engines Limitations section below.
Before switching, you need to understand that you cannot decide if your physical server switches
to BIND/NSD or BIND/Unbound. As a general rule, if your server is compatible with Hybrid, the
following switch will occur:
• If the smart server recursion is set to yes, a Hybrid compliant server can switch to
BIND/Unbound.
• If the smart server recursion is set to no, a Hybrid compliant server can switch to BIND/NSD.
• You can only convert servers to Hybrid from SOLIDserver hardware or software appliance.
• The servers you want to switch must be EfficientIP DNS servers.
• The servers you want to switch must be managed through a smart architecture. The changes
are pushed to the physical server.
• The smart architecture cannot be compatible with Hybrid if it does not manage only BIND
servers.
• The physical server status must be OK, you cannot switch a server in Timeout.
664
Hybrid DNS Service
On the DNS All servers list, the Hybrid DNS compatibility and Forced Hybrid DNS compatib-
ility columns allow you to to see if you can switch your BIND physical servers.
In addition, the Multi-status column at server, view, zone and RR level provides you with all the
potential incompatibilities with Hybrid. For more details, refer to the Multi-status Column section
of this guide. For more details regarding how to change a page listing template, refer to the
Customizing the List Layout section of this guide.
This information is also provided on the smart architecture edition wizard: the Compatible with a
Hybrid DNS Engine field indicates the Hybrid compatibility of the physical servers managed.
• The DNS server type is different from a SOLIDserver Hardware or Virtual Appliance EfficientIP
DNS server (for instance a server using packages, an agentless server, a generic server, etc.).
• The server contains views.
• The server contains zones other than master, slave, forward or stub.
• the server contains master and/or slave zones as well as forward and/or stub zones. With
Hybrid, the server is either only authoritative or only recursive.
• One or more server zones are RPZ compliant.
• One or more server zones are signed with DNSSEC.
• The server configuration combines authoritative and recursive zones:
• If the DNS recursion set to yes and the server contains master and/or slave zones, the
server cannot switch to Hybrid.
• If the DNS recursion set to no and the server contains forward and stub zones, the server
cannot switch to Hybrid.
• If the DNS recursion set to yes with TSIG keys.
You must change your configuration to match Hybrid requirements if you want to switch to Hybrid.
During the switch, SOLIDserver checks once more all the parameters to make sure that your
server is compatible once more.
If you want to to have a complete list of all the parameters and options that need to be edited,
refer to the Generating the Hybrid Incompatibilities Report section below.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the smart server managing the physical server you intend to switch to Hybrid.
665
Hybrid DNS Service
4. In the menu, select Report > Hybrid DNS Engine incompatibilities. The Hybrid incompatib-
ilities report wizard opens.
5. In the Report format list, select HTML or PDF.
6. Click on NEXT . The last page of the report opens.
7. In the Action drop-down list, select the kind of report to want to generate.
8. If you chose to Schedule the report, configure the reports using these fields.
9. Click on OK to validate the generation. The report opens, click on DOWNLOAD to visualize the
report or CANCEL to close the wizard.
Once you generated the report, all the parameters that are not compatible with Hybrid are listed
and you need to correct them all until your smart server is marked compatible. You can generate
as many reports as you want, every report is available on the Reports page of the Administration
module.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
666
Hybrid DNS Service
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the list, the Hybrid DNS incompatibilities report are listed.
Once the physical server is Hybrid compliant, the All servers page Hybrid DNS compatibility
column is marked Yes and the smart architecture edition wizard Compatible with a Hybrid DNS
Engine field is also marked Yes.
The architecture can contain one or several BIND servers that you can all switch. Keep in mind
that if you only switch one server, the other servers will share the same limitations that the Hybrid
servers. So, before switching to Hybrid you should probably make sure that none of its limitations
prevent you from using your server with all the parameters you usually need. For more details,
refer to the Hybrid DNS Engines Limitations section.
In some rare cases, you might have a Hybrid server listed among your servers outside a smart
architecture. As you cannot manage a Hybrid server outside a smart architecture, you need to
switch it to BIND, add it to your smart architecture and then switch it again to Hybrid. For more
details refer to the To switch a physical server from Hybrid to BIND DNS and To switch a physical
server from BIND to Hybrid DNS procedures.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Make sure the server status is OK.
5. Tick the physical server you want to switch.
6. In the menu, select Tools > Expert > Switch DNS Engine > To NSD / Unbound. The
Switching the DNS Engine wizard opens.
7. Click on OK to commit the switch to Hybrid. The report opens and works until the relevant
DNS service restarts.The physical server Status is OK and its Version indicates the engine
name it switched to.
Your server configuration switches to Unbound or NSD on its own, based on its configuration.
Once the switch is complete, the compatibility with Hybrid is forced: this implies that a set of
configurations can no longer be set. For more details regarding NSD or Unbound specificities
667
Hybrid DNS Service
and limitations, refer to the The Server Switched to NSD and The Server Switched to Unbound
sections below. As for the Hybrid limitations in general, refer to the Hybrid DNS Engines Limitations
section.
To display the Hybrid engine the server switched to from the All servers page
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Version column, the engine and version are displayed.
Like any other server, you can check on a Hybrid server through the Status and Sync columns.
For instance, make sure that the server smart architecture can push your configuration on the
physical server, if not the smart server is marked Locked synchronization. For more details re-
garding this status, refer to the Locked Synchronization Status section of this guide.
To display the Hybrid engine the server switched to in the Administration module
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Services icon. The DNS Services configuration list opens.
3. The DNS server indicates between brackets the engine currently running.
From the Services configuration page, you can enable, disable, stop and start the Hybrid DNS
server. For more details, refer to the Handling Services section of this guide.
In the same way, from this page you can download the NSD or Unbound configuration file de-
pending on which one is running. For more details refer to the Downloading the DNS/DHCP/DH-
CPv6 Configuration File section of this guide.
However, you should be aware of a set of NSD engines specificities and limitations that shape
the configuration that you can or cannot set through the GUI.
• NSD servers are exclusively authoritative: only master and slave zones are supported.
• Every night at 3 a.m. a scheduled rule ensures the maintenance of NSD files. SOLIDserver
keeps the zones database up to date using one of NSD checks every night. To take into account
all the changes performed: merge zone transfer are changed back to zone files, the NSD and
IXFR databases are read and any changes found overwrite the current zone text files.
• All records handled by BIND are handled by NSD, except DNSSEC records.
• Each change made to the server or zones creates a new NSD configuration or zone file, copies
the former files and pushes the new configurations on the physical server.
• Every change made to the records database rebuilds the NSD database and creates a new
zone to ensure that the changes are pushed to the physical server as soon as possible.
668
Hybrid DNS Service
• You cannot create forward, stub, hint or delegation-only zones on an NSD server.
• Not all ACLs are supported:
• none, any, localhost and all the access control lists based on IP or network addresses are
supported.
• The localnets ACL is ignored.
• The allow-transfer and allow-notify clauses set on your BIND server are converted as follows
after a switch to NSD:
• If the allow-transfer clause is not specified at server or zone level, a default configuration is
pushed on the NSD server to allow any user to transfer master and slave zones via AXFR.
• If the allow-notify clause is not specified at server or zone level, the clause value on the NSD
server is set to respect BIND default behavior and allow proper synchronization of the master
and slave zones.
• Unbound servers are exclusively recursive: only forward and stub zones are supported.
• BIND statements are interpreted as follows:
• If the allow-recursion is specified on BIND, its value is used to set the allow-query statement
on Unbound.
• If the allow-recursion is not specified on BIND, the localhost is set on Unbound.
• ACLs are only supported to configure the allow-recursion statement only at server level. For
more details regarding ACLs, refer to the Unbound engines limitations below.
• On forward zones, the forward parameter can only be set to first.
• If the BIND server is configured with the forward parameter (set to any value but none) and
forwarders, the switch to Hybrid DNS creates a forward zone named "." that emulates all spe-
cified parameters. Keep in mind that if a "." forward zone already exists, the list of forwarders
of both zones are merged into one. Other parameters of the existing "." forward zone are ignored.
• You cannot create master, slaver, hint or delegation-only zones on an Unbound server.
• Not all ACLs are supported:
• none, any, localhost and all the access control lists based on IP or network addresses are
supported.
• The localnets ACL and TSIG keys are not supported.
• Stub zones cannot be configured with:
• forward and forwarders parameters.
• stub-first and stub-prime parameters: they do not have any equivalent in BIND.
669
Hybrid DNS Service
• Forward zones cannot be configured with the forward parameter set to only.
• Unbound handles the edns-udp-size option in a unique way:
• If the option was set before switching, the specified value is set on the Unbound ipv4-edns-
size and ipv6-edns-size options. Keep in mind that in this case, ipv4-edns-size has precedence
over ipv6-edns-size.
670
Hybrid DNS Service
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Put your mouse over the name of the smart architecture that manages this server. The Info
Bar appears.
5. Click on . The Edit a DNS server wizard opens.
6. If you are editing a Master/Slave, Stealth, Multi-Master or Single-Server architecture follow
the steps below:
a. Click on NEXT until you get to the DNS servers role configuration page of the wizard.
b. Tick the Expert mode checkbox.
c. Click on NEXT . The Advanced settings page opens.
d. Tick the Force Hybrid DNS compatibility checkbox.
a. Click on NEXT until you get to the Advanced settings page of the wizard.
b. Tick the Force Hybrid DNS compatibility checkbox.
8. Click on OK to commit your changes. The report opens and closes. The smart architecture
is marked Yes in the Forced Hybrid DNS compatibility.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Make sure the server status is OK.
5. Tick the physical server you want to switch.
6. In the menu, select Tools > Expert > Switch DNS Engine > To BIND. The Switching the
DNS Engine wizard opens.
7. Click on OK to commit the switch to BIND. The report opens and works until the relevant
DNS service restarts. The physical server Status is OK and its Version indicates it switched
to BIND.
671
Hybrid DNS Service
Once you switched a Hybrid server engine to BIND, the Force Hybrid DNS compatibility options
is still set to Yes. To be able to configure the BIND server without the Hybrid limitations, you need
to untick the checkbox on the smart architecture edition wizard.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure that the smart architecture you want edit does not manage any Hybrid server.
4. Put your mouse over the smart architecture name. The Info Bar appears.
5. Click on . The Edit a DNS server wizard opens.
6. If you are editing a Master/Slave, Stealth, Multi-Master or Single-Server architecture follow
the steps below:
a. Click on NEXT until you get to the DNS servers role configuration page of the wizard.
b. Tick the Expert mode checkbox.
c. Click on NEXT . The Advanced settings page opens.
d. Untick the Force Hybrid DNS compatibility checkbox.
a. Click on NEXT until you get to the Advanced settings page of the wizard.
b. Untick the Force Hybrid DNS compatibility checkbox.
8. Click on OK to commit your changes. The report opens and closes. The smart architecture
is marked No in the Forced Hybrid DNS compatibility.
672
Chapter 50. Reporting and Monitoring
the DNS
Generating DNS Reports
EfficientIP provides dedicated DNS reports at server and zone level.The reports on inconsistencies
or misconfiguration details might be empty if the server or zone configuration is correct.
For more details regarding the reports generation possibilities, refer to the chapter Managing
Reports.
Description: Contains the replication inconsistencies from DNS to IPAM and vice versa. The
concerned DNS records and the IP addresses are divided into 6 tables: A record without IP ad-
dress, CNAME record without A record, CNAME record with A record without IP address, CNAME
record with A record with IP address without IP alias, PTR record without A record and PTR record
with A record without IP address. In each table, only the objects with inconsistent configurations
are listed.
Servers configuration
Description: Contains all the server configuration details divided into 4 tables: Settings (all the
options), ACLs (all the access control lists), Keys (all the DNS keys configured) and Groups (all
the group of users that have access to the server).
Description: Contains the list of all the options and configuration that make the server incompatible
with Hybrid. For more details, refer to the section Generating the Hybrid Incompatibilities Report
of this guide.
Description: Contains tables that allow to compare the selected servers configurations: DNS
server parameters, DNS server ACLs and DNS server keys.
673
Reporting and Monitoring the DNS
Description: Contains usage evolution charts for the selected server: queries over the past week,
last 6 months, last month and past year at the time of the generation of the report.
Description: Contains the list of all the misconfigured records within the selected zones divided
into 5 tables: PTR without A, A without PTR, CNAME without A, NS without A and MX without
A.
Description: Contains tables detailing the allow-transfer, allow-update, forward, masters and
notify parameters configuration for the selected zone(s). Each parameter value is listed with the
zone name it is configured for and the server it belongs to.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.
4. Open the State log using . The lists it contains will indicate the server logs: OK or KO and
the corresponding time.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.
674
Reporting and Monitoring the DNS
4. Open the Audit using . The panel displays the latest changes in the database: the date
and time, service used, the user and the server basic information (name, type and architec-
ture). Typically, if you display the panel after adding a physical server, the latest change will
be the server addition.
As for physical servers, except Hybrid ones, their properties page will contain a statistics panel
that displays query dedicated graphs.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.
4. Open the DNS Server statistics <physical-server-name> using .The graphs are displayed,
you can zoom in and out on any graph using your mouse or the icons.
With that command you will be able to have an overview of all the DNS queries in IPv4 and IPv6.
Each log will contain the IP address and port number of the requesting client, the name queried,
the type of the name queried, the class, the RR type requested (+ is recursive, - is iterative), and
some more detailed information: whether it is EDNS0 (E), whether TCP was used (T), whether
DNSSEC OK (DO bit) set = query validated (D), whether Checking Disabled (CD bit) set (C), or
whether it is signed (S).
a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS servers icon. The DNS All servers list opens.
c. Tick the server of your choice.
d. In the menu, select Edit > Command > Querylog. The Toggle the querylog command
wizard opens.
e. Click on OK to send the command. The report opens and closes. The All servers list is
visible again and the server is marked Enabled in the Querylog column.
675
Reporting and Monitoring the DNS
Keep in mind that all the logs will be displayed in the Syslog page of the Administration module
in real time. They can slow this page down consistently as the querylog command can generate
a substantial volume of data very quickly. To stop sending the querylog command, see the pro-
cedure below.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the server of your choice. It will be marked Enabled in the Querylog column.
4. In the menu, select Edit > Command > Querylog.The Toggle the querylog command wizard
opens.
5. Click on OK to send the command. The report opens and closes. The All servers list is visible
again and the server is marked Disabled in the Querylog column.
676
Chapter 51. Importing DNS Data
EfficientIP offers several ways of importing zones and RRs from legacy DNS servers to EfficientIP
DNS servers. The DNS data can be downloaded or transferred from the GUI without having to
install any tools on the remote system. The import wizards allow you to load configurations from:
Tip
When you import both forward and reverse mapping zone data, the IP addresses
are automatically created if a rule has been configured to synchronize it in that way.
You can then modify the IP address objects to add MAC addresses. In any case if
you had not configured the rule to apply the synchronization with the IP addresses
database, you could make it later by initializing the rule. The IP address object pre-
vents costly errors because you only maintain a single object for multiple DNS records
and a DHCP fixed address. Therefore, it is advantageous to use host records instead
of separate A, PTR, and CNAME records.
For more details regarding DNS import, refer to the chapter Importing Data in the Global Policies
part of this guide.
Note
You cannot use the characters "_", "@" and ":" when importing a BIND file.
Make sure you did not use any of these characters in zone names, RR names... as
it would trigger either parsing errors (and not import the file) or import everything but
the line containing the character. For more details, refer to the RFC 1034 Domain
Names - Concepts and Facilities.
677
Importing DNS Data
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server in which you want to import the BIND archive file. It must be
an EfficientIP DNS server.
4. In the menu, select Add > Import > BIND archive file. The Importing a named.conf and zone
files wizard opens.
5. Click on BROWSE to select the BIND archive file to import.
6. In the File name field, the file is displayed once selected.
7. In the DNS Server drop-down list, select the server that will receive the configuration. The
server you click on is automatically selected.
8. In the Action drop-down list, you can either Import data or Check file.
9. In the Import global configuration section, tick the box to import the global configuration
settings that apply to all the zones.
10. Click on OK commit your import configuration. The report opens and works for a while before
displaying the import result and potential errors.
11. Through the Export format section, you can download the import result report in TEXT , HTML
or EXCEL .
12. Click on CLOSE to go back to the All servers list.
1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Import > QIP backup. The Importing a QIP file wizard opens.
4. Click on BROWSE to select the QIP archive file to import.
5. In the File name field, the file is displayed once selected.
6. Click on NEXT . The last page of the wizard opens.
7. In the DNS Server drop-down list, select the server that will receive the configuration.
8. Click on OK to commit your choice. The report opens and works for a while before displaying
the import result and potential errors.
9. Through the Export format section, you can download the import result report in TEXT , HTML
or EXCEL .
10. Click on CLOSE to go back to the All servers list.
678
Part VIII. NetChange
Table of Contents
52. Introduction ............................................................................................................. 682
Objectives of NetChange ....................................................................................... 682
Optimizing the Discovery Efficiency ........................................................................ 683
Configuring CDP (Cisco devices) ................................................................... 683
Configuring Auto-topology NDP (Nortel devices) ............................................. 683
Listing Network Devices ................................................................................. 683
Configuring the SNMP ........................................................................................... 684
Increasing the SNMP Performance ................................................................. 684
NetChange Licenses ............................................................................................. 684
53. Managing Network Devices ...................................................................................... 685
Browsing Network Devices ..................................................................................... 685
Browsing the Network Devices Database ........................................................ 685
Customizing the Network Devices Display ....................................................... 686
Adding Network Devices ........................................................................................ 687
Importing Network Devices .................................................................................... 687
Importing Network Devices Using a CSV File .................................................. 687
Importing Network Devices Using Discovery Protocols .................................... 688
Enabling or Disabling the 802.1X Authentication Protocol ......................................... 689
Refreshing the Network Devices Database ............................................................. 690
Refreshing a Device Manually ........................................................................ 690
Scheduling a Refresh .................................................................................... 691
Connecting to a Network Device Via a Console ....................................................... 692
Making a Network Device Snapshot ....................................................................... 692
Creating Network Devices in Device Manager ......................................................... 693
Deleting Network Devices ...................................................................................... 693
Defining a Network Device as a Group Resource .................................................... 694
54. Managing Routes ..................................................................................................... 695
Browsing the Routes Database .............................................................................. 695
Customizing the Routes Display ............................................................................. 695
55. Managing VLANs ..................................................................................................... 696
Browsing VLANs ................................................................................................... 696
Browsing the VLANs Database ....................................................................... 696
Customizing the VLANs Display ..................................................................... 697
Adding a VLAN ..................................................................................................... 697
Editing a VLAN ...................................................................................................... 698
Deleting a VLAN .................................................................................................... 698
56. Managing Ports ....................................................................................................... 699
Browsing Ports ...................................................................................................... 699
Browsing the Ports Database ......................................................................... 700
Customizing the Ports Display ........................................................................ 700
Enabling or Disabling a Port ................................................................................... 701
Editing a Port Interconnection ................................................................................ 701
Editing a Port Speed and Duplex Mode ................................................................... 702
Updating a Port Description ................................................................................... 703
Managing the 802.1X Authentication on a Port ........................................................ 703
Restricting Access to a Port Using Port-security Protocol ......................................... 704
Configuring VLAN Tagging on a Port ....................................................................... 706
Configuring the Tagging Mode ........................................................................ 706
Associating a Port With a VLAN ...................................................................... 707
Refreshing the Ports Database ............................................................................... 708
57. Managing Discovered Items ...................................................................................... 709
680
NetChange
681
Chapter 52. Introduction
Since version 5.0.3, IPLocator has been renamed. It is now called NetChange. Along with this
new module name comes a new licence that goes beyond the regular use of former IPLocator
and offers, among other options, the possibility to add VLANs on your network devices and asso-
ciate your physical ports with these VLANs provided that the SNMP agent of the devices support
the port edition. For more details regarding the two NetChange licences, refer to the NetChange
Licenses section of this guide.
Objectives of NetChange
Usual network discovery products only offer a logical level 3 representation of the network. Today,
we can't rely on the hypothesis that all contiguous addresses of a subnet are on the same phys-
ical segment of the network. In fact, the concept of VLAN and level 3 routing in the switches have
completely transformed the network architectures and opened new possibilities of network seg-
mentation at level 2. Consequently, IP addresses belonging to the same subnet can be physically
connected to two physical networks hundreds of kilometers apart, and the IP address is not only
linked to a network segment, it is also subject to specific security constraints or even performance.
Local
discoveries
Remote
discoveries
Local
Data Center discoveries Small Office
Head Quarter
NetChange uses the SNMP protocol to query the devices and gather information. The quantity
and the quality of the collected information depends on the implementation in every network
device of specific SNMP MIBs and on how NetChange supports these MIBs. The experience
showed that the specific information of each device manufacturer requires a good knowledge of
the devices configuration to find them in the SNMP MIBs. That's why NetChange has been de-
signed on a modular internal architecture to provide a unique tool of administration, whatever the
device manufacturer.
NetChange can either allow to retrieve information regarding the network devices on your network
or configure them partially. For more details, refer to the NetChange Licenses section.
682
Introduction
The discovery products generally have a bad reputation on the bandwidth consumption, and on
the load of the network devices. EfficientIP have developed discrete algorithms to reduce to the
maximum the queries on the network devices. Different parameters can also lead to an optimiz-
ation of the discovery process.
NetChange also uses the CDP protocol to detect the interconnections between the Cisco devices
quicker. The activation of CDP on the Cisco devices will significantly increase the efficiency of
NetChange discoveries. By default, the CDP protocol is activated on Cisco devices. To get more
information on this protocol, refer to the Cisco documentation.
NetChange also uses the Nortel protocol to detect the interconnections between the Nortel devices
quicker. The activation of AutoTopology on the Nortel devices will significantly increase the effi-
ciency of NetChange discoveries. To get more information on AutoTopology, refer to the Nortel
documentation;
To have an overview of all the network devices supported by SOLIDserver, please refer to Effi-
cientIP Knowledge Base: https://kb.efficientip.com/index.php/Main_Page. Access the NetChange
Category to display the pages dedicated to the module. You will find a list of all the network
devices supported for each version of SOLIDserver, each list is named NetChange <version_num-
ber> Supported Devices.
683
Introduction
NetChange Licenses
There are two NetChange licenses available:
1. NetChange-IPL is a light version that provides basic management options of your network
devices.
2. NetChange is the full license that allows advanced management of your network devices as
it provides configuration options for VLANs and ports properties, 802.1X authentication...
684
Chapter 53. Managing Network Devices
NetChange uses the SNMP protocol to query network devices and centralize all collected inform-
ation in its database.You can add, import and delete network devices from the All network devices
list. There are several ways to integrate new network devices in NetChange database :
To use NetChange at the maximum of its potential, we strongly suggest that you add at least
once device using its IP address and then use the discovery protocols to add all your network
devices to the All network devices list.
Here below, you can see the breadcrumb link to browse the network devices database:
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.
685
Managing Network Devices
The properties page of a network device describes all the configured data in a set of panels:
In the Main properties panel, some information is very specific. The available properties depend
on the device supported MIBs. For more details, see the table below, the emphasized properties
are specific to certain models.
Some columns provide vendor information regarding the devices listed: Complete description
retrieves all available the vendor information (SysDescr) and Version provides the device OS
version only for Cisco equipment.
686
Managing Network Devices
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Add > Network device. The Add network devices wizard opens.
4. In the IP address field, type in either the IP address of the device of your choice or the start
address of a range of addresses that contains several or all of your network devices.
5. In the Ending IP address field, you can type in the last address of the range containing net-
work devices.
6. Choose the version of the SNMP profile to retrieve the network device(s) information if you
know it.
If you do not know it, NetChange will automatically detect it, so refer to see step 7.
7. In the Target space drop-down list, select the IPAM space that will list the IP address of the
discovered items of the network device(s).
8. Click on OK to add the network device(s). The report opens and works for a while before
closing. The list is updated.
Once you added one device, you can retrieve all the devices it is directly connected (plugged)
to using the discovery protocols option. For more details, refer to the Importing Network Devices
Using discovery Protocols section below.
Keep in mind that the discovery protocols help you extend the list of network devices with the
devices connected to the ones you imported through CSV. For more details, refer to the Importing
Network Devices Using discovery Protocols section below.
687
Managing Network Devices
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the device(s) for which you want to discover neighbors.
4. In the menu, select Add > Import > Using CDP/NDP/LLDP. The Add network devices wizard
opens.
5. In the Target space drop-down list, select the IPAM space that will list the IP addresses of
the discovered device(s).
6. Click on OK to execute the discovery. The report opens and works for a while before closing.
The devices found are listed.
The LLDP being the only vendor-neutral protocol, you will need to enable it on your devices, es-
pecially if the devices connected are from different vendors or i you connected a Nortel or Cisco
device with a device from a different vendor.
LLDP is enabled by default on HP Procure switches and routers. There is nothing to do. If you
want to see LLDP neighbors from your HP switch, use the following command.
show lldp info remote-device
Nortel switch 425 and 55x0 series support LLDP with a 5.x firmware.This is not enabled by default.
Here is the set of command to enable LLDP:
5510-24T(config)#interface FastEthernet ALL
5510-24T(config-if)#lldp tx-tlv port ALL port-desc
688
Managing Network Devices
Depending on your firmware version, some options may be unrecognized. For VLAN, unfortunately,
you need to issue the command each time you add a VLAN. When using MT, EAST or SMELT,
you may want to disable ingress filtering:
vlan ports ALL filter-unregistered-frames disable
For Nortel RES 8600, there is no support for LLDP. For Nortel Switch for IBM Blade canter (Nortel
Layer 2-3 and 2-7), you need version 5.1 or more recent.
ExtremeOS and ExtremeWare supports LLDP with recent firmware's. You need to enabled it
with:
enable lldp ports all
configure lldp ports all avertise management-address
configure lldp ports all avertise port-description
configure lldp ports all avertise system-capabilities
configure lldp ports all avertise system-description
configure lldp ports all avertise system-name
configure lldp ports all avertise vendor-specific dot1 vlan-name
configure lldp ports all avertise vendor-specific dot3 link-aggregation
configure lldp ports all avertise vendor-specific dot3 mac-phy
Starting from IS 12.2(33)SCH, LLDP is supported. Use the following command to enable it:
lldp run
Numerous platforms from Juniper support LLDP and LLDP-MED.The Juniper supported platforms
are: EX, MX, M, J and SEX. Use the following command to enable it:
set protocols lldp
On capable and configured devices, you can see LLDP information with:
show lldp <detail>
Keep in mind that even if the authentication is enabled for the device, you can choose to disable
it on the ports individually. For more details, refer to the Enabling or Disabling the 802.1X Authen-
tication on a Port section of this guide.
689
Managing Network Devices
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the device you want to edit. The Info Bar appears.
5. Click on . The Edit a network device wizard opens.
6. In the 802.1x authentication drop-down list, select Enable.
7. Click on OK to commit your changes. The report opens and closes. The device is marked
Enabled in the 802.1X column.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the device you want to edit. The Info Bar appears.
5. Click on . The Edit a network device wizard opens.
6. In the 802.1x authentication drop-down list, select Enable.
7. Click on OK to commit your changes. The report opens and closes. The device is marked
Disabled in the 802.1X column.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) you want to refresh.
4. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
5. Click on OK to refresh the device(s). The report opens and works for a while.
690
Managing Network Devices
When the refreshment is over, a report might appear and list the created IP addresses (Notice)
and existing ones (Error). This list regards only the device addition or import selected Target
space. You can download this report in the format of your choice: TEXT , HTML or EXCEL .
6. Click on CLOSE to go back to the All network devices page. The page refreshes.
Scheduling a Refresh
The scheduled refresh allows to plan ahead the update of the NetChange database. You can
specify different schedules depending on the devices. Typically, edge switches are queried more
often than backbone routers.
The device refresh frequency can be common to several devices or specific to a device. Do not
hesitate to tick one or several devices before setting up a refresh schedule.
To schedule a refresh
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) for which you want to schedule the refresh.
4. In the menu, select Edit > Scheduling > Configure refresh. The Set refresh parameters
wizard opens.
5. Configure the refresh frequency using the table below.
6. Click on OK to commit the refresh configuration. The report opens and closes. The list is
visible again.
Any scheduled refresh can be disabled for one or several devices at once.
691
Managing Network Devices
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) for which you want to disable the scheduled refresh.
4. In the menu, select Edit > Scheduling > Disable. The Disable Schedule wizard opens.
5. Click on OK to commit the refresh configuration. The report opens and closes. The list is
visible again.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.
4. In the menu, select Tools > Connect > Via telnet.
5. The telnet console connected to your device opens.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.
4. In the menu, select Tools > Connect > Via web.
5. A new tab connecting to your device opens.
EfficientIP support team might ask for a device snapshot in case of missing or distorted information
on an equipment you want to add to NetChange. The snapshot will be generated in .pcap format
and stored in the Local files listing.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
692
Managing Network Devices
2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Tools > Make a snapshot. The Configure a network device snapshot
wizard opens.
4. In the Interface drop-down list, select the network interface through which you want to make
the snapshot.
5. In the SNMP profile drop-down list, select the SNMP protocol version of the snapshot gen-
eration. By default, standard v1 is selected.
6. If you are generating a Cisco device snapshot, tick the Cisco device checkbox.
7. In the IP address field, type in the device IP address.
8. Click on OK to commit the creation. The report opens and works for a while before closing.
The All network devices list is visible again.The snapshot (<chosen_interface>_<chosen_SN-
MP_profile>_snapshot.pcap file) is available on the Local files listing page. To download
this file, refer to the procedure below.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. In the Name column, the snapshot is listed and named following the following format:
<chosen_interface>_<chosen_SNMP_profile>_snapshot.pcac.
4. Filter the list if need be. Once you found the snapshot, click on its name to download it.
For more details, refer to the Adding Network Devices in Device Manager section of this guide.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network devices you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the device deletion. The report opens and closes. The devices is no
longer listed.
693
Managing Network Devices
Granting access to a network device as a resource will also make every item it contains available.
For more details, refer to the section Assigning Objects as Resource in the chapter Groups of
this guide
694
Chapter 54. Managing Routes
Both NetChange licenses provide the All routes page. It is dedicated to the network devices
routing tables. The page displays the existing routes on the layer 3 network devices you manage
using the module. All the information displayed is retrieved using the SNMP protocol. Each route
correspond to subnet and has a unique IP address and prefix. The prefix can be any number
between /8 to /32. You cannot edit, add or delete these routes.
Here below, you can see the breadcrumb link to browse the VLANs:
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Routes icon. The All routes list opens.
In the list, the routes are color coded according to their prefix. The routes with a prefix located
between /8 and /24 all have a green icon. The /30 routes are represented with a red icon, /31
with an orange icon and finally the /32 routes with a blue icon.
695
Chapter 55. Managing VLANs
The All VLANs page simply provides an overview of the amount of existing of Virtual Local Area
Networks of each network device and there ID if you purchased the license NetChange-IPL. If
you have the NetChange license, it also allows add, edit and delete VLANs on your devices. For
more details regarding the two available NetChange licenses, refer to the NetChange Licenses
section.
Browsing VLANs
The VLANs are, along with the discovered items, the third level of the organization of the
NetChange module.
Here below, you can see the breadcrumb link to browse the VLANs:
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. At the end of the line of the VLAN of your choice, click on . The VLAN properties page
opens.
696
Managing VLANs
With version 5.0.3, the Port list column was added to the All VLANs page. It contains the number
of all the ports associated with each VLAN.You can edit this list if you purchased the NetChange
license, otherwise this list is merely informative.
Adding a VLAN
With the NetChange license you can add VLANs to the All VLANs page and then associate them
with existing ports. Using 802.1q VLAN Trunking protocol, a VLAN can cover a network area on
multiple switches.
You can also add a VLAN from the All VLANs list of a specific device, in this case the Network
device drop-down list will not appear.
In addition, you can use existing VLANs ID and name and add them to another device. That way,
you only need to specify a device and the VLAN name and ID are used automatically upon cre-
ation. Obviously, the ports configuration of the selected VLAN is not created in the target network
device.
To add a VLAN from the All VLANs page using an existing name and ID
697
Managing VLANs
Editing a VLAN
Editing a NetChange VLAN means renaming it. However, with the NetChange license you can
decide to use it with one or several of your network ports. For more details regarding the port
and VLAN interaction, refer to the Associating a Port With a VLAN section.
To rename a VLAN
Deleting a VLAN
With the NetChange license you can delete any VLAN from any network device as long as it is
not used on any port.
To delete a VLAN
698
Chapter 56. Managing Ports
The ports are physical interfaces of the network devices. NetChange discovers the network
devices ports using a discovery algorithm that automatically analyzes each port and displays the
ports type and status. It also allows to know which MAC or IP addresses will be looked for and
the devices connection on the network. Typically the listed ports can be:
• Edge or terminal ports: used to connect the terminal network devices of the network (servers,
workstations, printers, ...);
• Interconnection ports: used to link the network devices between them (the backbone).
Depending on your network devices, some ports can actually be both. Some columns on the
page provide all this information:
• Interco (for interconnection) is purely informative even if you can manually force its value to
Yes, No or Autodetect in the GUI
• Trunking/Tagging mode provides the actual port type, edge ports are marked Access and
interconnection ports are marked Trunk or Tagged.
NetChange module allows to edit a port and associate it with existing VLANs on your device
(existing by default or that your added). To be able to edit a port, you must meet the following
prerequisites:
1. The SNMP community used with network device must be a read/write community.
2. You have the NetChange licence. NetChange-IPL does not provide ports edition options.
3. The network device on which you edit the port supports MIBs that allows ports edition.
Once these prerequisites are met, you can edit your ports This allows to associate them with any
VLAN on your network or even use them in a tagged or untagged mode and influence their be-
havior on the network. As a general rule, when choosing to tag or not a port you should take into
account the following:
• The untagged mode (called Access on Cisco devices) uses the ID of the tagged VLAN the port
is associated with when sending and receiving data. That way packages are identified
throughout the transfer on the network from the sending port to the receiving one. Once the
package is received, the tag number is dismissed, in other words untagged. This transfer mode
is based on terminal, or edge, ports as packages always reach their destination thanks to their
tag once sent.
• The tagged mode (called Trunk on Cisco devices) uses the ID of the VLANs associated with
the port only when sending packages. The tag identifies the target port. Once the package is
received, the tag number is kept. This transfer mode is based on interconnection ports as it
allows to send out data all over the network.
Browsing Ports
The ports are the second level of organization in NetChange. Here below, you can see the
breadcrumb link to browse the ports database:
699
Managing Ports
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Click on the name of the network device of your choice. The All ports list opens and displays
only the ports of the selected device.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. At the end of the line of the port of your choice, click on . The network port properties page
opens.
With version 5.0.3 comes a set of new columns that provide a more complete overview of the
ports configuration: Trunking/Tagging mode, Configured speed, Configured duplex, VLAN
name list...
The columns Speed and Duplex are now called Operating speed and Operating duplex.
700
Managing Ports
Caution
You should never disable interconnection ports as you take the risk to loose access
to your network device. It is possible that this function will be impossible in the future.
To disable a port
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the status.
4. In the menu, select Edit > Port status > Disable.The Change the status of a port wizard
opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again.
To enable a port
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the status.
4. In the menu, select Edit > Port status > Enable. The Change the status of a port wizard
opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again.
Note
On some devices, especially Cisco Catalyst, the configuration is not written after the
modification has been done, so if no write configuration command is made through
CLI, modifications will be lost in case of reload of the switch.
701
Managing Ports
The value of the Interco column is merely a way of filtering the ports in the list. If you force the
interconnection to Yes, the port is not dedicated to interconnection and vice versa.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) you want to use as an interconnection.
4. In the menu, select Edit > Interconnection > Force to yes. The Manually force ports inter-
connection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will switch to Yes (forced) on selected ports.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) you want to stop using as interconnection.
4. In the menu, select Edit > Interconnection > Force to no. The Manually force ports inter-
connection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will switch to No (forced) on selected ports.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which to automatically discover the interconnections on the network.
4. In the menu, select Edit > Interconnection > Autodetect. The Ports interconnection auto-
detection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will be updated after the next refresh of the device.
Keep in mind that you can only see the speed and duplex changes of active ports. If you edit the
port and speed of an inactive port, the changes are never visible in the GUI.
702
Managing Ports
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Speed and duplex mode drop-down list, select the port <speed> <duplex> of your
choice.
7. Click on OK to commit your changes. The report opens and closes. The ports list is visible
again.
Once you edited the port speed and duplex, you need to refresh the port to see your changes in
the Configured speed and Configured duplex columns. For more details, refer to the Refreshing
the Ports Information section below.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the description.
4. In the menu, select Edit > Update port description.The Update port description wizard
opens.
5. In the Port name field, type in the description of this port.
6. Tick the Refresh NetChange checkbox if you want to refresh the ports list immediately after
your modification.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again
and displays the new value in the Description column.
1. the network device the port belongs to a device that supports the 802.1X authentication;
2. the 802.1X authentication has been enabled on the network device the port belongs to;
3. the requirements and limitations listed below have been taken into account or met.
703
Managing Ports
Keep in mind that the 802.1X configuration has to be done on each port individually.
Display the 802.1X column on the All network devices and All ports page. For more details regard-
ing the page listing templates, refer to the Customizing the List Layout section.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device marked Active in the 802.1X column. The All ports of the
device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, untick the 802.1X checkbox. The page refreshes. If
the device supports Port-security, you can now enable it. For more details refer to the Con-
figuring the Port-security Option section.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Disabled in the 802.1X column.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device marked Active in the 802.1X column. The All ports of the
device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the 802.1X checkbox. The page refreshes. If the
Port-security checkbox was ticked, it no longer is.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Enabled in the 802.1X column.
704
Managing Ports
protocol is enabled on the devices that support it and you can enable or disable it individually on
each port. To configure the protocol on your ports, you need to meet the requirements and be
aware of the limitations listed below:
When editing a port, you can enable or disable the option as well as set the maximum number
of MAC addresses to be secured on the interface, thus limiting access to it. We recommend that
you display the two columns of the All ports page that provide an overview of the Port-security
option configuration: Port-security and MAC number limit. For more details regarding the columns
display, refer to the Customizing the List Layout section of this guide.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, untick the Port-security checkbox. The page refreshes.
If the device supports 802.1X authentication, you can now enable it. For more details refer
to the Managing the 802.1X Authentication on the Ports section.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Disabled in the Port-security column. In the MAC number limit column, the number of secured
MAC addresses is set back to the default value 1.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the Port-security checkbox. The page refreshes.
If the 802.1X checkbox was ticked, it no longer is.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Enabled in the Port-security column.
705
Managing Ports
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the Port-security checkbox. The page refreshes.
If the 802.1X checkbox was ticked, it no longer is.
7. In the Maximum number of secured MAC addresses field, type in the number of MAC ad-
dresses that can access the port. This number depends on your device. By default, Port-
security is configured with 1 MAC address.
8. Click on OK to commit your changes. The report opens and closes. The number of MAC
addresses is edited in the MAC number limit column.
There are different tagging modes available depending on the network device vendor: Cisco or
others.
Keep in mind, that you can only edit a device Trunking/Tagging mode if the SNMP configuration
set at device level allows to retrieve the MIBs.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
706
Managing Ports
6. In the Trunking/Tagging mode drop-down list, select the mode of your choice: Tagged or
Mixed.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again.
Once you edited the port tagging mode, you need to refresh the port to see your changes in the
Trunking/Tagging mode column. For more details, refer to the Refreshing the Ports Information
section below.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Trunking/Tagging mode drop-down list, select the mode of your choice: Trunk, Access
or Auto.
If you set the trunking/tagging mode to auto, the 802.1X authentication must be inactive.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again.
Once you edited the port tagging mode, you need to refresh the port to see your changes in the
Trunking/Tagging mode column. For more details, refer to the Refreshing the Ports Information
section below.
We recommend that you display the VLAN # list and VLAN name list columns to rapidly see your
port/VLAN association.
To associate a port with an untagged VLAN, its mode must be Access or Auto (on Cisco devices)
or Mixed (on any other device vendor). To edit the port tagging mode, refer to the Configuring
the Tagging Mode section above.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
707
Managing Ports
6. In the VLAN addition section, the Access/Untagged VLAN drop-down list displays the un-
tagged VLAN associated with your port. Select the VLAN of your choice. By default, the 1 -
default VLAN is selected.
If you port mode is Mixed or Auto, the previously selected VLAN is moved to the Available
VLANs list.
7. Click on OK to commit your changes. The report opens and closes. The untagged VLAN
associated with the port is followed by a * in the VLAN # list and VLAN name list columns.
To associate a port with tagged VLANs, its mode must be Trunk or Auto (on Cisco devices) or
Tagged or Mixed (on any other device vendor). To edit the port tagging mode, refer to the Con-
figuring the Tagging Mode section above.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the VLAN addition section, the Trunk/Tagged VLAN list field displays all the tagged VLANs
associated with your port. You can add or remove VLANs from the list using the and
buttons. Any VLAN removed is listed in the Available VLANs list.
7. Click on OK to commit your changes. The report opens and closes. The VLAN associated
with the port are displayed in the VLAN # list and VLAN name list columns.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list through the Network device column if need be.
4. Tick the port(s) you want to refresh.
5. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
6. Click on OK to commit the refresh. The report opens and closes. The list is visible again.
708
Chapter 57. Managing Discovered Items
The discovered items are devices connected to the network devices, and usually edge devices
(workstations, servers, printers, ...). These devices are inserted in the database automatically
after each discovery, and put in the history. This allows the administrator to know where a device
(IP or MAC address) has been connected at a specific time and on which port of which device,
in which VLAN...
Here below, you can see the breadcrumb link to browse the discovered items:
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. At the end of the line of the item of your choice, click on . The item properties page opens.
709
Managing Discovered Items
The localization of an edge device can be very fastidious on a network with a large number of
network devices and ports. NetChange search engine allows to access very quickly all the inform-
ation collected. You can look for a workstation using its IP address, MAC address, port or date
and time. Whatever the chosen criteria is, filters will be applied using the columns search engines.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. In the IP Address column search engine, type the IP address you are looking for and hit
Enter to only display the discovered items matching this IP address on the network.
Note
By clicking on the Last seen column name, it is possible to sort the results in a
chronological order, from more recent to the oldest record. You can click on it
again to change the sorting order.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to refresh.
4. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
5. Click on OK to commit the refresh. The report opens and closes. The list is visible again.
For more details, refer to the Adding Discovered Items in Device Manager section of this guide.
710
Managing Discovered Items
Note
For the address creation to work properly, make sure that a subnet is available for
the address(es) in the space specified upon addition of the device. For more details
refer to the Adding Network Devices section of this guide.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to create in Device Manager.
4. In the menu, select Tools > Create IP address in the IPAM. The Create IP addresses in the
IPAM wizard opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The IP address is listed in the All addresses page in the IPAM.
To display the discovered items history view of all the network devices
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. In the menu, select Display > History view.
4. Type in the MAC address or the IP address of the device you are tracking, in the appropriate
search engine and press Enter to display the history of discoveries for this MAC or IP address
on the whole network..
To narrow your search, you can also display the History view from the All discovered items of a
specific device, port or VLAN.
711
Chapter 58. Managing Statistics
NetChange can provide a set of specific statistics. These statistics are all displayed as pie and
bar charts that can present vendors, speed, usage, etc.
1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, tick the gadget(s) of your choice: Number of NetChange ports per device,
NetChange network devices vendor, NetChange active ports speed (bps) and/or NetChange
ports status.
3. In the menu, select Edit > Assign Gadget(s). The gadget configuration wizard opens.
4. In the Available list, select a module and click on .
5. The module name is moved to the Configured list. The gadget(s) will be displayed on the
selected module dashboard.
6. Click on OK to commit your choice. The report opens and closes. The gadgets are displayed
on the selected modules homepage and the Dashboard column is updated with the selected
module(s).
In addition to these holistic charts, NetChange provides specific charts on the network devices
and port properties pages.
712
Managing Statistics
The charts contain In and Out parameters. To better understand them, refer to the table below.
713
Chapter 59. Monitoring, Configuring and
Tuning
Generating NetChange Reports
EfficientIP provides NetChange dedicated reports at devices level. The reports on inconsistencies
might be empty if the devices configuration is correct.
For more details regarding the reports generation, refer to the chapter Managing Reports.
Description: Contains basic information regarding the selected device(s): the Device name,
Device type, Ports usage (%) and Ports used.
Prerequisite: No need to select any device. The report automatically takes into account all the
devices.
Description: Contains inconsistencies between the network devices managed via NetChange
and their use across the modules. All the found inconsistencies are listed in 5 tables: NetChange
devices not listed in the IPAM / DHCP ranges, IP addresses associated with a different MAC
address in the IPAM, MAC addresses associated with a different IP address in the IPAM, IP ad-
dresses with a different MAC address in the DHCP leases list and MAC addresses with a different
IP address in the DHCP leases list. In each table, the objects concerned are detailed through
the columns IP address, MAC address, DNS name, IPAM MAC address and/or Device/Slot/port.
Prerequisite: No need to select any device. The report automatically takes into account all the
devices.
Description: Contains information regarding all the network devices you manage through
SOLIDserver divided into four sections: Summary that contains all the network devices dedicated
pie charts available by default on NetChange home page, Network devices model by vendor that
contains charts displaying your devices vendors and models, Top 50 most used network devices
that contains a table listing the most used devices with the percent of port usage and the total
number of used ports and finally Top 50 most unused network devices that contains a table listing
the least used devices with the percent of port usage and the total number of used ports.
714
Monitoring, Configuring and Tuning
the history to speed up the processes and have only the relevant information when looking for a
specific IP or MAC address. The choice of periodicity depends completely on your environment
and what you intend to do with NetChange: you may need to have a history of all movements
(so you might need to purge the database every month or trimester), or you may need only the
most relevant data when looking for a host (so you might want to purge every week). To configure
the purge frequency of the data listed in the All discovered items, follow the procedure below.
10. Click on OK to commit your configuration. The properties page is visible again. By default,
the rule is not enabled. Follow the procedure below to enable it.
Once the rule is configured, you have to enable It. Before following the procedure below, check
in the Status column if the rule is marked Disabled or OK. Note that if you enable it before config-
uring the rule, no action will be performed for lack of specifications (as there are no Numbers of
days to keep defined by default the list of discovered items cannot be purged).
715
Monitoring, Configuring and Tuning
Once the rule is configured, you have to enable It. Before going following the procedure below,
check in the Status column if the rule is marked Disable (i.e It is disabled) or OK (i.e. It is enabled).
Note that if you enable the rule before configuring It, no action will be performed for lack of spe-
cifications (without a path towards a CSV file the options were configured with no file to perform
them on).
716
Monitoring, Configuring and Tuning
3. In the Name column, type in the rule name Synchronize the network devices of NetChange
with a CSV file.
4. Tick the rule.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The Rule page is visible
is visible again and the rule is marked OK in the Status column.
717
Part IX. Workflow
Table of Contents
60. Introduction ............................................................................................................. 720
Workflow Pages .................................................................................................... 720
Workflow Requests ............................................................................................... 720
Workflow Management Best Practices .................................................................... 720
61. Granting Access to Workflow Classes ....................................................................... 722
62. Managing Outgoing Requests ................................................................................... 724
Browsing Outgoing Requests ................................................................................. 724
Browsing the Outgoing Requests Database .................................................... 724
Customizing the Outgoing Requests Display ................................................... 725
Adding Requests for Creation ................................................................................ 725
Adding Requests for Edition ................................................................................... 726
Adding Requests for Deletion ................................................................................. 727
Editing Requests ................................................................................................... 729
Editing a Request Details ............................................................................... 729
Adding Information to a Request .................................................................... 729
Cancelling Requests .............................................................................................. 730
63. Managing Incoming Requests ................................................................................... 732
Browsing Incoming Requests ................................................................................. 732
Browsing the Incoming Requests Database .................................................... 732
Customizing the Incoming Requests Display ................................................... 733
Managing the Requests Content ............................................................................ 733
Administrating Requests Using the Default Statuses and Options ............................. 733
Handling Requests ........................................................................................ 734
Accepting Requests ...................................................................................... 735
Rejecting Requests ....................................................................................... 735
Finishing Requests ........................................................................................ 735
Archiving Requests ....................................................................................... 736
Administrating Requests Using Your Own Settings ................................................... 736
64. Executing Requests ................................................................................................. 737
Executing Requests Using the Execute Option ........................................................ 737
Executing Requests Using Classes ........................................................................ 738
Configuring a Workflow Request association Class .......................................... 739
Applying a Workflow Request Association Class .............................................. 740
65. Customizing the Requests Administration .................................................................. 742
Editing the Workflow Statuses ................................................................................ 743
Editing the Email Notifications Details ..................................................................... 745
Adding a Workflow Status ...................................................................................... 746
Customized Statuses Best Practices ...................................................................... 747
Status Addition Best Practices ....................................................................... 747
Status Edition Best Practices ......................................................................... 748
Status Deletion Best Practices ....................................................................... 748
719
Chapter 60. Introduction
The Workflow is a requests-based module that allows standard users to ask for changes in the
IPAM and DNS database.The administrator can configure classes that shape the requests addition
wizard or use the available default classes if they already suit their needs.
Workflow Pages
Outgoing requests: from this page users - requestors - can create requests. For more details,
refer to the chapter Managing Outgoing Requests.
Incoming requests: from this page request managers and administrators can deal with the user
requests. For more details, refer to the chapter Managing Incoming Requests.
Both pages contain the same requests, only their status varies until they are archived. Users that
were only granted requesting rights can see their requests on the Outgoing page.
Workflow Requests
Not all SOLIDserver resources can be subject to a request, you can add requests regarding:
1. Grant sufficient rights to requestors and request managers: the group they belong to
needs to be granted the appropriate IPAM and DNS or Workflow rights. For more details, refer
to the Managing the Permissions of a Group section of the Rights Management part of this
guide.
2. Grant users access to request classes, existing ones or classes you created. For more
details, refer to the chapter Granting Access to Workflow Classes.
3. Customize the Incoming requests page if need be. For more details, refer to the chapter
Customizing the Requests Administration.
4. Grant relevant users access to the Workflow pages, that way they can create or deal with
the requests.
5. Executing the action required in the requests if they are accepted.
Once the Workflow is configured according to your needs, there are several ways of executing
the accepted requests:
720
Introduction
• You can use the Execute option if you plan on using the Workflow default classes.
• You can use a class object to associate pending requests with the addition, edition and deletion
operations you are performing in the IPAM and DNS modules.
For more details regarding the requests execution possibilities, refer to the chapter Executing
Requests.
721
Chapter 61. Granting Access to Workflow
Classes
As every request is based on a specific Workflow class, users need to be granted access to the
relevant ones. That way, they can select a class when adding a request and fill in the fields
defined through the class.
There are five classes dedicated to Workflow requests. They define all the fields required when
asking for the addition, edition or deletion of the object they are named after:
The users that do not have access to Workflow request classes are not able to properly complete
the request addition wizard: the request addition wizard is still available, but it is impossible to
define the needed containers or resources to apply the requested changes to.
Obviously, you can add your own Workflow request classes. These classes must be dedicated
to the Module Workflow and the Type Request. For more details, refer to the Class Studio section
of the Administration part of this guide.
Keep in mind that in this case, the Execute option is not available in the Incoming requests page.
For more details, refer to the section Executing Requests Using the Execute Option.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
1
4. Click on the name of the group of your choice . The Resources page opens.
5. In the menu, select Add > Resources > Classes.The Administration: Classes wizard opens.
6. In the Type column search engine, type in request to filter the list.
7. Tick the class(es) you want to grant the group access to. Keep in mind that the default
Workflow classes are request_dns_zone, request_ip_block, request_ip_subnet, re-
quest_ip_pool and request_ip_address.
8. Click on ADD to grant access to the users of your group to the selected classes. A confirmation
pop-up window opens.
9. Click on OK . In the wizard, the selected classes are no longer listed.
10. Click on OK to close the wizard. The report opens and closes. The page refreshes, the list
of resources now includes the selected class(es).
1
Any group EXCEPT the admin group as, by default, it has authority over all the resources of SOLIDserver database.
722
Granting Access to Workflow
Classes
Once the classes of your choice are part of the resources of a group, its users can choose from
one of them when requesting the addition, edition or deletion of objects in the DNS or IPAM
database.
723
Chapter 62. Managing Outgoing
Requests
From the Outgoing requests page, users with sufficient Workflow rights can:
The requests management respects the groups hierarchy by default. Therefore, once created if
the user belongs to a group that has a parent group, then by default the request can be dealt
with by all the users of the parent group as well as the users of the admin group. If the users
want the request to be dealt with by specific users, they can set a managing group when creating
or editing the request.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Outgoing requests icon. The Outgoing requests list opens.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. To display a request properties page you can:
a. Click on the name of the request of your choice. The properties page opens.
b. At the end of the line of the incoming request of your choice, click on . The properties
page opens.
724
Managing Outgoing Requests
Reminder
To add a DNS zone creation request, the group of the user must have at least be granted
the following rights:
• In the Workflow panel, all the rights that suit your needs
• In the DNS panel, the right Display: DNS servers list.
To add a DNS zone creation request, the group of the user must include among its resources:
• At least one server, this will grant access to all the objects it contains.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_dns_zone .
5. Click on NEXT . The Requesting: Zone page appears.
6. In the Action requested drop-down list, select New (Create). The page refreshes.
7. In the DNS Server drop-down list, select the server of your choice.
8. If your server contains views, in the DNS view drop-down list, select the view of your choice.
9. In the DNS zone field, name your zone.
10. In the Zone type drop-down list, you can select either master, slave, stub or forward. By
default, master is selected.
11. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the zone addition request.
12. Click on NEXT . The last page of the wizard opens.
13. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.
725
Managing Outgoing Requests
14. Click on OK to commit the request creation. The report opens and closes. The request is
listed and marked as New in the Status column.
On the request properties page, the Main properties and Request parameters sum up the request
details.
The edition request only applies to the values that you can edit on the object management page
which why:
• you cannot ask for the edition of anything configured for DNS zones.
• you can only ask for the edition of the name of the blocks, subnets, pools and addresses.
In the procedure below we will use the default request_ip_address class as an example.
Reminder
To add an IPv4 address edition request, the group of the user must have at least be granted
the following rights:
• In the Workflow panel, all the rights that suit your needs
• In the IPAM panel, the right Display: spaces list.
To add an IPv4 address edition request, the group of the user must include among its re-
sources:
• At least one space, this will grant access to all the objects it contains.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
726
Managing Outgoing Requests
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_ip_address .
5. Click on NEXT . The Requesting: IP address page appears.
6. In the Action requested drop-down list, select Modify. The page refreshes.
7. Click on NEXT . The next page opens.
8. In the Choose a subnet list, select the subnet containing the IP address you want to edit.
Once selected, the subnet line is highlighted in blue.
9. Click on NEXT . The next page of the wizard opens.
10. In the IP address name field, type in the first letter(s) of the IP name. The auto-completion
provides a list of addresses matching these letters, select the one you want to edit.
11. In the IP address name field, type in the new name that you want for the address.
12. In the IP address grey field, the IP address is displayed as a reminder.
13. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the IP address edition request.
14. Click on NEXT . The last page of the wizard opens.
15. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.
16. Click on OK to commit the request creation. The report opens and closes. The request is
listed. It is marked New in the Status column and Modified in th Action column.
On the request properties page, the Main properties and Request parameters sum up the request
details.
727
Managing Outgoing Requests
In the procedure below we will use the default request_ip_subnet class as an example.
Note that to ask for the deletion of a non-terminal subnet you can use the request_ip_block class.
Reminder
To add a subnet deletion request, the group of the user must have at least be granted the
following rights:
• In the Workflow panel, all the rights that suit your needs
• In the IPAM panel, the right Display: spaces list.
To edit an IP address related request, the group of the user must include among its resources:
• At least one space, this will grant access to all the blocks it contains.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_ip_subnet .
5. Click on NEXT . The Requesting: Subnet page appears.
6. In the Action requested drop-down list, select Delete. The page refreshes.
7. Click on NEXT . The next page opens.
8. In the Choose a subnet list, select the subnet you want to delete. Once selected, the subnet
line is highlighted in blue.
9. Click on NEXT . The next page of the wizard opens.
10. The Subnet name, Subnet address, Netmask, Prefix and Comments fields display the se-
lected subnet information as a reminder.
11. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the subnet deletion request.
12. Click on NEXT . The last page of the wizard opens.
13. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.
728
Managing Outgoing Requests
14. Click on OK to commit the request creation. The report opens and closes. The request is
listed. It is marked New in the Status column and Delete in th Action column.
On the request properties page, the Main properties and Request parameters sum up the request
details.
Editing Requests
Once you created a request, you can edit its details or provide additional information via a note
and/or file upload.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The wizard opens.
5. Edit the fields as needed. Only the fields with a white background can be edited.
6. Once you get to the last page of the wizard, click on OK to commit the request edition. The
report opens and closes.The changes are visible on the properties page Request parameters
panel.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. Edit the fields as needed. Only the fields with a white background can be edited.
7. Once you get to the last page of the wizard, click on OK to commit the request edition. The
report opens and closes. The changes are visible in the Request parameters panel.
Uploading a File
Requestors can add up to 10 files to their request. They cannot upload more than 5mo of files.
729
Managing Outgoing Requests
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Upload file panel, click on EDIT . The Upload file wizard opens.
6. Click on BROWSE to select the file of your choice on your local computer.
7. Once selected, it is displayed in the File name and Final value field.
8. Click on to add the file to the Attached files list. Repeat these actions for as many files
as you want.
9. Click on OK to commit the file(s) upload. The report opens and closes. The Upload file
panel contains the file(s).
Adding a note
Requestors can add notes to their request in addition to the Motivation expressed when creating
the request.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Note panel, click on EDIT . The Enter a note wizard opens.
6. Click on ADD . In the List field, the line new_<number> appears.
7. In the Note field, type in your note. The note must not include special characters or exceed
3993 characters.
8. Click on ADD to save it. The note is saved. In the List field, the note is now displayed as fol-
lows: <date> <time> <beginning-of-note> [author]. Repeat these actions for as many notes
as needed.
9. Click on OK to save all the notes. The report opens and closes. The Note panel displays the
note(s).
Cancelling Requests
At any time, you can cancel a request you created. By default, this action is only possible is the
request status is New. Once it is handled or accepted, you can no longer cancel it.
Once cancelled, you no longer see it on the page, only request managers can still see it.
To cancel a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
730
Managing Outgoing Requests
731
Chapter 63. Managing Incoming
Requests
From the Incoming requests page, administrators or request managers can:
1. deal with pending requests using the default Edit menu options: handle, edit, execute, reject,
finish and finally delete the requests.
2. deal with pending requests using custom options. The available options would then depend
on the administrator configuration and intern use of the module.
Keep in mind that by request managers, we mean users belonging to a group with sufficient rights
and resources. Make sure they belong to a group configured with:
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Incoming requests icon. The Incoming requests list opens.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Incoming requests icon. The Incoming requests list opens.
3. To display a request properties page you can:
a. Click on the name of the request of your choice. The properties page opens.
732
Managing Incoming Requests
b. At the end of the line of the incoming request of your choice, click on . The properties
page opens.
On the request properties page are displayed all the request details as well as the requestor
notes and uploaded files. In the Request history are listed all the administrators and request
managers notes added when editing the request status.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. Click on to expand all the panels.
6. In the Upload file panel, click on the name of the file you want to download.
To display notes
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Note panel, all the notes are displayed under the Date and User. You can scroll down
if there are several notes.
The administrators and request managers can also add notes and upload files. For more details,
refer to the section Adding information to a Request.
733
Managing Incoming Requests
Every time a request status is edited, it sends an email to the user who requested it to inform
them of the request evolution. Therefore, make sure your requesting users profile is set up
properly. For more details, refer to the chapter Managing Users of this guide.
Only the Archive option does not correspond to any status as it basically deletes the request from
the page and stores it on the Local Files Listing page.
By default, the requests managers can set these statuses as long as they respect the following:
Using the default options and statuses is useful as it allows to use the Execute option. This option
allows to execute a request from the Incoming requests directly. For more details, refer to the
section Executing Requests Using the Execute Option.
Handling Requests
The request managers and administrators can at any point handle New requests.
To handle a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
734
Managing Incoming Requests
Accepting Requests
The request managers and administrators can at any point accept New and Handled requests.
To accept a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to accept.
4. In the menu, select Edit > Accept. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.
Rejecting Requests
The request managers and administrators can at any point reject New and Handled requests.
To handle a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to reject.
4. In the menu, select Edit > Reject. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.
Finishing Requests
Once the request has been dealt with, when the object has been added, edited or deleted, the
request managers and administrators can set the requests Finished. It will
735
Managing Incoming Requests
To finish a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to finish.
4. In the menu, select Edit > Finish. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.
Archiving Requests
Archiving a request actually means moving it to the Local Files Listing. This means that it is no
longer listed on the Incoming requests and Outgoing request pages.
Archiving a request is useful for requests that have been dealt with, have been cancelled or that
were rejected. In any of these cases, once the requesting user has been informed, it is probably
useless to keep the request in the list.
The request managers and administrators can archive Cancelled, Rejected and Finished requests.
To handle a request
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to remove from the list.
4. In the menu, select Edit > Reject. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.
Once you customized these entries, the restrictions detailed in the section Administrating Requests
Using the Default Statuses and Options might not apply anymore. However, requests managers
and administrators may still rely on the procedures detailed in said section to administer the re-
quests from the Incoming requests page.
736
Chapter 64. Executing Requests
There are different ways of executing requests:
1. Use the Execute option from the Incoming requests page if you are using the Workflow default
classes. For more details regarding this option, refer to the section Executing Requests Using
the Execute Option.
2. Use classes to integrate the requests to the addition, edition or deletion wizard. This method
can be used if you use the default Workflow classes or if you use customized ones. For more
details, refer to the section Executing Requests Using Classes.
3. Go to the IPAM or DNS module and add, edit or delete the requested objects and change the
status to Finished once the request was executed.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. In the Action column, filter the list to display only requests for addition using the key word
new.
4. At the end of the line of the request for addition you want to execute, click on Execute. The
wizard opens.
5. Depending on the classes configured you might have class dedicated pages. Select a class
or none and click on NEXT .
6. On the object addition page, the object name and details are in a grey field as a reminder.
7. If need be, you can fill in the optional object details fields and configure default parameters.
Click on NEXT . The Workflow dedicated page opens.
8. In the Ticket drop-down list, the request you are executing is selected by default. The list
can also contain other request numbers if other requests for addition of a similar resource
were created.
9. Under this field, the Requested <object> name and Requestor motivation fields contain the
request original details as a reminder.
10. The requests for IP address addition have an extra page: the Aliases configuration page.
You can add aliases if need be. Then click on NEXT to display the last page of the wizard.
11. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now created.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
737
Executing Requests
3. In the Action column, filter the list to display only requests for edition using the key word
modify.
4. At the end of the line of the request for edition you want to execute, click on Execute. The
wizard opens.
5. Depending on the classes configured you might have class dedicated pages. Select a class
or none and click on NEXT .
6. On the object edition page, the object name and details are in a grey field as a reminder.
7. If need be, you can fill in the optional object details fields and configure default parameters.
Click on NEXT . The Workflow dedicated page opens.
8. In the Ticket drop-down list, the request you are executing is selected by default. The list
can also contain other request numbers if other requests for edition of a similar resource
were created.
9. Under this field, the Requested <object> name and Requestor motivation fields contain the
request original details as a reminder.
10. The requests for IP address edition have an extra page: the Aliases configuration page. You
can add aliases if need be. Then click on NEXT to display the last page of the wizard.
11. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now edited.
1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. In the Action column, filter the list to display only requests for deletion using the key word
delete.
4. At the end of the line of the request for edition you want to execute, click on Execute. The
Delete wizard opens.
5. The object Name, Address, Space name and/or DNS server name fields contain the objects
details as a reminder.
6. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now deleted.
Once the request is executed, the requestor receives a notification email. The administrator or
request manager can archive the request. For more details, refer to the section Archiving Requests.
On the request properties pages Attached objects panels are listed all the object configuration
details if the request concerned an addition or an edition. For instance, if a specific class or default
parameters were set by the administrator or request manager.
738
Executing Requests
If you do not already use a class for which you would like to add the Pre-defined variable, create
a class. Otherwise, directly follow the procedure To add a Workflow request association pre-
defined variable.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the menu, select Add > Class. The Add a new class wizard opens.
4. In the Filename field, name your class. The name cannot contain any special characters.
This field is compulsory.
5. In the Sub directory field, you can fill in the directory where you want to save your class. If
it does not exist, it will be created. On the wizards class selection page, classes placed in a
directory will be displayed as such: <directory>/<class>. This field is optional.
6. In the Module drop-down list, select the DNS or IPAM.
7. In the Type drop-down list, select the resource of your choice: DNS zone, Block, Subnet,
Pool or Address.
8. In the Enable class section, tick the checkbox.
9. Click on OK to commit your creation. The report opens and closes. The class is listed.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Pre-defined variable . The Pre-defined variable wizard opens.
6. In the Name drop-down list, select the variable that suits yours needs:
739
Executing Requests
7. In the Value field, type in the value 1 (one) to enable the variable.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
Once the class is configured, you can apply it from the DNS and/or IPAM module to automate
the addition or edition of objects.
740
Executing Requests
7. Edit the object according to your needs and click on NEXT until you get to the Workflow related
page.
8. In the Ticket drop-down list, select an existing request for addition of the chosen object.
9. If your are editing an IP address, the Aliases configuration page opens.You can add aliases
if need be. Then click on NEXT to display the last page of the wizard.
10. Click on OK to commit your creation. The report opens and closes. The object is listed. On
the Workflow pages, the selected request is now Finished.
Once the request is executed, the requestor receives a notification email. The administrator or
request manager can archive the request. For more details, refer to the section Archiving Requests.
741
Chapter 65. Customizing the Requests
Administration
Depending on your needs, you can entirely customize the Edit menu of the Incoming requests
page as well as the restrictions associated with the status edition. As detailed in the section Ad-
ministrating Requests Using the Default Statuses and Options, you cannot set all the statuses
to the requests as you please. As you can see in the figure below.
1 New
2 Handle
Request
3 Accept execution 4 Reject 5 Cancel
6 Finish
Archive
These default status edition restrictions are all set in the registry database. The default configur-
ation of the Workflow in the registry database is the following.
742
Customizing the Requests Adminis-
tration
You can edit default statuses, remove default statuses from the GUI and add new statuses.
Whatever the customization you have in mind, we recommend that you take into consideration
the section Customized Statuses Best Practices.
Whether you decide to edit an existing status or hide it from the GUI, to make sure the request
cycle is complete, we recommend that you follow, the sections Status Edition Best Practices and
Status Deletion Best Practices.
The Workflow configuration entries are all named module.workflow.state<detail>. There are
seven entries dedicated to the default statuses.
1. module.workflow.state.accept
2. module.workflow.state.archive
3. module.workflow.state.cancel
4. module.workflow.state.finish
743
Customizing the Requests Adminis-
tration
5. module.workflow.state.handle
6. module.workflow.state.new
7. module.workflow.state.reject
Each entry is important as it sets the permissions and restrictions related to the status edition.The
status key value is a string in which the order matters. They must be separated by a coma as
follows: <page> , <icon> , <visibility> , <callback> , <attribute_1 , attrribute_2, ..., attribute_n> .
In this example, the Accept status is displayed (t) on the page Incoming requests (incoming) and
is preceded by the green icon. Any user with sufficient rights can accept New requests (new-
target) and only the request manager who Handled or Rejected the the request can accept it
(accept-operator, reject-operator).
Each element of the string has a set of acceptable values that define the request status logic and
organization that suits your needs:
Page
incoming specifies that the status is available on the Incoming requests page.
outgoing specifies that the status is available on the Outgoing requests page.
Icon
wf-accept allows to display the icon 3, before the status name.
wf-archive does not display any icon as archiving means removing the request from the list.
744
Customizing the Requests Adminis-
tration
f stands for false and indicates that the status is not displayed in the Edit menu of the specified
<page>.
Callback parameters
This parameter is obsolete. You can find in the keys the values: callback, nocallback,
archive_callback and cancel_callback. Do not edit them, they are part of the string.
Attributes
This last part of the string sets which user can set the status described in the string. This
permission depends on who set the previous status: the user who set the status listed can
now set the status described in the string.
The permissions structure follows the format: <action>-<user> in which action can be: accept,
archive, cancel, finish, handle, new and reject, each one corresponds to the default
statuses.
Therefore, only the users specified in the Value field of the status entry can set the status
described and only if the previously set one of the statuses associated with their <user>
name.
By default, it is configured to send an email to the requestors whenever the status request they
created is edited, that's why by default is contains new,handle,accept,reject,finish .
The requestors only receive an email if their User profile was set properly. For more details, refer
to the chapter Managing Users, in the section Adding Users or Editing Users.
745
Customizing the Requests Adminis-
tration
f. Click on OK to save your changes. The report opens and closes. The Registry database
list is visible again.
1. Adding the registry database entry following the Workflow entries format.
2. Translating the related menu option and status in the listing page.
3. Follow the Status Addition Best Practices.
746
Customizing the Requests Adminis-
tration
c. Click on OK to commit your choice. The report opens and works for a while. A notification
pop-up appears in the lower right corner of the GUI when the operation is over.
Once the entry is created and registered, the new status is visible in the Edit menu of the selected
page as followed: rq_<your-status-name>. Once you attributed the status to a request, the request
Status is rq_in_<your-status-name>. You can translate both using the page Language editor.
1. From any page or wizard within SOLIDserver, copy the name of a field, page, column or
menu that you want to replace with your label.
2. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Language editor. The Language editor page opens.
4. In the menu, select Add > Entry. The wizard opens.
5. In the Key field, paste the status name. We recommend that you copy/paste the label name
because Language editor is case sensitive.
6. If your appliance is displayed in English, in the English field, type in the new label value.
7. Click on OK to commit your creation. The entry is listed. Go back to the page where you
copied the label to see the new name.
• Edit the attributes list in the entries describing the statuses you do use. For instance, if you
want to add a Postpone status that can be set after a request is accepted, you should add the
postpone-<user> attribute in the value of the finish entry as well as the accept-<user> in the
1
value of the postpone entry . For more details, refer to the Description of the Workflow Status
Entries String below.
• Edit all the statuses icons to make sure that the GUI respects your new request cycle.
• Add the status in the email notification entry. For more details refer to the section Editing the
Email Notifications Details.
• The new status cannot be executed using the Execute option as it only applies to New, Handled
and Accepted requests. For more details, refer to the section Executing Requests Using the
Execute Option.
• The restrictions detailed in the Administrating Requests Using Default statuses and Options
no longer apply to your request status cycle.
• The request execution automation using the pre-defined variables class object can still be
configured. For more details, refer to the section Executing Requests Using Classes.
1
This example is only valid if you still use the default statuses cycle.
747
Customizing the Requests Adminis-
tration
• Once you edited the registry database entries the Execute option still only applies to New,
Handled and Accepted requests. For more details, refer to the section Executing Requests
Using the Execute Option.
• The restrictions detailed in the Administrating Requests Using Default statuses and Options
no longer apply to your request status cycle.
• The request execution automation using the pre-defined variables class object can still be
configured. For more details, refer to the section Executing Requests Using Classes.
• Edit the attributes list in the entries describing the statuses you do use. For instance, if you
want to remove the Handle status from the request management steps, you should remove
all the handle-<user> attributes from the other statuses value field. For more details, refer to
the Description of the Workflow Status Entries String below.
• Edit all the statuses icons to make sure that the GUI respects your new request cycle.
• Remove the status from the email notification entry. For more details refer to the section
Editing the Email Notifications Details.
• Keep in mind that if the status was already set before you remove it from the menu, it is still
displayed in the list.
748
Part X. Device Manager
Table of Contents
66. Introduction ............................................................................................................. 751
Objectives of Device Manager ................................................................................ 751
Devices ................................................................................................................ 752
Ports and Interfaces .............................................................................................. 752
67. Managing Devices ................................................................................................... 754
Browsing Devices .................................................................................................. 754
Browsing the Devices Database ..................................................................... 754
Customizing the Devices Display .................................................................... 755
Managing the Devices Visibility ...................................................................... 755
Adding Devices ..................................................................................................... 756
Adding Devices Automatically ........................................................................ 756
Adding Devices Manually ............................................................................... 759
Duplicating Devices ............................................................................................... 760
Merging Devices ................................................................................................... 761
Deleting Devices ................................................................................................... 761
Importing Devices ................................................................................................. 762
68. Managing Ports and Interfaces ................................................................................. 763
Browsing Ports and Interfaces ................................................................................ 763
Browsing the Devices Database ..................................................................... 763
Customizing the Devices Display .................................................................... 764
Managing the Ports and Interfaces Visibility .................................................... 764
Adding Ports and Interfaces ................................................................................... 765
Adding Ports and Interfaces Automatically ...................................................... 765
Adding Ports and Interfaces Manually ............................................................. 766
Editing Ports and Interfaces Properties ................................................................... 770
Changing a Port or Interface Name ................................................................. 770
Editing a Port ................................................................................................ 771
Editing an Interface ....................................................................................... 772
Tracking Changes in the All ports & interfaces List ................................................... 774
The Reconciliation Column ............................................................................ 774
The Reconciliation Option .............................................................................. 774
Deleting Ports and Interfaces ................................................................................. 775
Importing Ports and Interfaces ............................................................................... 775
69. Managing the Interaction with the IPAM ..................................................................... 776
Assigning IP Addresses to an Interface Using their MAC Address ............................. 776
Assigning IPv4 Addresses to an Interface ....................................................... 777
Assigning IPv6 Addresses to an Interface ....................................................... 778
Managing the IP Addresses/Interfaces Link from the IPAM Module ........................... 779
Using Default Behaviors to Associate IP Addresses with Interfaces .................. 780
Using the Menu to Manage the IP Addresses/Interfaces Link ........................... 781
Editing the Devices Topology from the IPAM Module ................................................ 783
70. Rules Impacting Device Manager .............................................................................. 785
Other Modules Rules Impacting Device Manager .................................................... 785
DHCP Rules ................................................................................................. 785
NetChange Rules .......................................................................................... 785
Adding Device Manager Rules ............................................................................... 785
Enabling or Disabling Device Manager Rules .......................................................... 786
750
Chapter 66. Introduction
Objectives of Device Manager
Device Manager module provides an overview of the stock of equipment and enhances its
management using all the information recorded in SOLIDserver. It allows you to better understand
the interaction between the equipment (routers, network switches, etc.), interfaces and ports.
Relying on both manual and automatic management options, it minimizes any error or distortion
between what is really connected to the network and what is listed in the all devices list and the
all ports & interfaces list.
To ease up the management, Device Manager offers a options that piece together the information
registered in other modules like NetChange, the IPAM or the DHCP. These options allow you to
retrieve automatically the whole NetChange database or pick the IPAM addresses that you want
to manage as interfaces.
Hostname: local.computer
MAC address: a0:12:34:56:78:90
NetChange DHCP
Obviously, all the data managed in the module can be manually added and modified. Note that
automatic options allow you to double-check the consistency between what you added in the
lists and the actually configuration of your network. This action is called the reconciliation. It is
available through an option and visible thanks to a column that tracks and reports any changes
regarding the links between devices in the all ports & interfaces list.
There is a number of device-related options in Device Manager that make it a powerful provisioning
tool. For instance, if you know that a new network switch will be added to the network, you can
duplicate a similar existing device. It will save you quite some time, you will simply need to
manually change the number of ports and interfaces if needed and link them to the correct
device(s). Once NetChange has discovered the new equipment, it updates the information in
Device Manager and you have the possibility to compare the data you filled in with what was
found automatically. In addition, a number of rules can be enabled to ease the management of
751
Introduction
newly added data. This way, any changes made in NetChange or even the DHCP modules can
automatically create devices and interfaces.
Finally, note that all data saved within the module is not deleted unless you delete it yourself.
Therefore, you can save a lot of information regarding users or pieces of equipment through the
MAC address or IP address that will not be impacted by any changes made in the IPAM module,
the DHCP module or even NetChange unlike what could happen once a user disconnects in say
the DHCP module due to the lease deletion parameters.
Device Manager is a thorough management tool for devices, ports and interfaces that puts together
information retrieved from four different modules, organizes them and tracks any changes made
especially if the data saved in other modules was as detailed as possible. Besides, it offers a
unique Manage/Unmanage options that will only display the items you want in both lists.
Note
The items are listed in device Manager's lists following the ASCII code, therefore the
first the digits will be listed, then the uppercase letters, and finally the lowercase let-
ters.
Devices
The device is the highest level of hierarchy in Device Manager. It is a container that allows you
to manage ports and/or interfaces. It is named after existing equipment when retrieved automat-
ically but can also be created. Devices can be added ( i.e. created), duplicated, merged, edited,
hidden from the list and deleted (with the data they contain) in that list. Note that devices cannot
be renamed.
Device Manager offers a unique option that allows to choose the devices you want to display
and work with: the Manage option described in the section Managing Devices Visibility.
Finally, Devices can also be exported in a CSV, HTML, XML or EXCEL file, for more details refer
to the chapter Exporting Data of the Global Policies part of this guide.
Both ports and interfaces can be added ( i.e. created), edited, hidden from the list and deleted
(with the data they contain) in that list. Note that unlike devices, ports and interfaces can be re-
named. The All ports & interface list also provides the reconciliation column to track any distortion
between what was automatically found and which devices were manually connected to the network
through the listed ports and interfaces.
The main particularity of this list in comparison with most lists in the appliance is that you can
display both IPv4 and IPv6 addresses.They can of course either be used on one interface together
or simply listed one after the other and be used on separate interfaces. You have the possibility
to assign the IP addresses to the interfaces through their MAC address through the IPAM for
IPv6 addresses or automatically for IPv4 addresses: adding them to the IPAM module creates
752
Introduction
devices containing interfaces using these newly added addresses. If you want to assign them to
interfaces, simply edit the IP addresses in the IPAM module.
Moreover, and just like for devices, Device Manager offers a unique option that allows to choose
the ports and/or interfaces you want to display and work with: the Manage option described in
the section Managing Ports and Interface Visibility.
Finally, Ports and interfaces can be exported in a CSV, HTML, XML or EXCEL file. For more
details refer to the chapter Exporting Data of the Global Policies part of this guide.
753
Chapter 67. Managing Devices
The devices are composed of interfaces and/or ports so you have the possibility to configure the
structure of each device when manually adding them. However you also have the possibility to
automatically fill in the devices list. In this case, most of the time you are going to add devices
containing only interfaces or only ports corresponding to discovered MAC and IP addresses.
Very often these devices contain only one port or interface.
Note that once you added devices, you will not be able to rename them. Editing them will only
involve modifying their content (ports and interfaces) and their class parameters. However, you
can merge devices, duplicate or delete them.
Browsing Devices
Within Device Manager module, the devices are the highest level of the hierarchy. It is compulsory
to create devices to manage ports and interfaces. Here below, you can see the link to browse
the devices database:
Here below, you can see the link to browse the devices database:
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All devices. The All devices list opens.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the Name column, click on the name of the device of your choice. The All ports & interfaces
list opens and displays the ports and interfaces of the chosen device.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
754
Managing Devices
With the version 5.0.2, a new set of columns was introduced to provide a clear of the devices
content, with three column types for interfaces and ports:
• Interfaces usage and Ports usage: the total portion, in percent of used interfaces/ports on a
device, along with a progression bar,
• Number of Interfaces and Number of Ports: the total number of interfaces/ports on the device,
• Free Interfaces and Free Ports: the number of available interfaces/ports on the device.
To make the management of the devices easier, you can use these columns to sort or filter the
list.
Therefore you can use the Status column to filter only the Managed items. As there are three
statuses, to display the imported and managed devices, filter the column with the value != Un-
managed (different from Unmanaged).
To manage a device
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device you want to display. You can tick more than one.
4. In the menu, select Edit > Manage > Yes. The Items management wizard opens, with the
message "Do you really want to manage the selected item(s) ?".
5. Click on OK to commit your choice. The report opens and closes. The device is marked
Managed in the Status column.
On the contrary, if you want to hide one or several devices from the list, keeping in mind that the
Status column must be filtered accordingly, the procedure is the following.
To unmanage a device
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device you want to hide. You can tick more than one.
755
Managing Devices
4. In the menu, select Edit > Manage > No. The Items management wizard opens, with the
message "Do you really want to unmanage the selected item(s) ?".
5. Click on OK to commit your choice. The report opens and closes. The device is marked
Unmanaged in the Status column.
Note
You cannot unmanage a device associated with an IP address of the IPAM.
Adding Devices
You can automate the whole process of devices addition or do it manually. Keep in mind that
you can automatically look for existing devices in SOLIDserver after manually adding devices or
the other way around.
Besides, you have the possibility to add devices from Device Manager and the IPAM modules.
Note
Keep in mind that the automatic retrieval of items often uses MAC address. Only the
MAC addresses that have been assigned a DNS name and an IP address will be
managed via Device Manager interfaces.
Any device added to Device Manager will be marked as Imported. To Manage the devices of
your choice, refer to the Managing the Device Visibility section of this guide.
From the All devices page, you can use the Automatic discovery option to retrieve perform a
sweep of the other modules database and use the relevant data to create devices, ports and in-
terfaces and name them following the steps below:
1. The information retrieval starts in NetChange, Device Manager identifies all the network devices,
then the ports and how they link the network devices and finally all the discovered items to
provide a clear overview of the devices organization of your network.
2. Device Manager will use NetChange MAC addresses to obtain information within the IPAM
module, both in IPv4 and IPv6, and save each MAC address and corresponding IP address
as an interface.
3. Device Manager gathers the name of each item through NetChange All discovered items list
using the DNS name column. If it is empty, Device Manager will search within the IPAM via
the MAC address or within NetChange through the IP addresses DNS A RR. If no name is
found, the devices will be named generic_#, vw_# or wm_ware_# depending on their type.
To ensure the consistency of the data, we recommend that you configure Device Manager. This
will compare data based on the way you linked it to Device Manager. That is to say, check if the
data has been linked to the other modules manually or automatically and then overwrite the
756
Managing Devices
content of the Manually linked to column with the content of the Automatically linked to column,
if the Manually linked to column was empty.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Tools > Configure Device Manager. The Configure Device Manager
wizard opens.
3. Tick the box.
4. Click on OK to commit the automation. The wizard closes. The devices, as well as the ports
and interfaces attached to them, will be automatically retrieved.
This option has to be ticked once. Afterwards, the data checking will be done each time an interface
is added or edited. As for the automatic addition of devices, interfaces and ports, it requires the
automatic discovery option.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery.The Device Manager: Automatic Discovery
wizard opens.
4. Click on OK to commit the automatic retrieval of data. The report opens and closes. The
devices are all listed and named after their DNS name, IP address name or NetChange
name and contain interfaces and/or ports depending on the module they are retrieved from.
In the Status column, they are marked as Imported.
Once you have all the NetChange items saved in devices, ports and interfaces, you can manually
manage them as you want and expand each device, or edit interface or port information as
needed.
From the All network devices and the All discovered items pages of NetChange you can tick
items to create the devices of your choice as well as the ports and interfaces they contain.
With a simple automated manipulation you can create the network devices of your choice in
Device Manager. These devices will contain all the ports listed in the All ports page of NetChange
and only the interfaces from the All discovered items that have a DNS name and an IP address.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) you want to create in Device Manager.
757
Managing Devices
4. In the menu, select Tools > Create in Device Manager. The Create NetChange devices in
Device Manager wizard opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The devices are listed in the All devices page of Device manager tab. In the Status column,
they are marked as Imported.
From the All discovered items page, you can populate Device Manager with a selection of dis-
covered items of your choice.
1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to create in Device Manager.
4. In the menu, select Tools > Populate Device Manager. The Populate device manager wizard
opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The discovered item is listed in the All devices page of Device manager. In the Status
column, they are marked as Imported.
From the All addresses list of the IPAM you can also automatically add devices composed of the
used IP addresses of your choice. The device will be named after the IP address or following
Device Manager naming logic explained in the introduction of this section.
The selected IPv4 and IPv6 addresses will create interfaces in one or several devices. Each
device will be named after the address populating Device Manager and associated with the rel-
evant space. The interfaces will be named generic_# and associated with the relevant MAC ad-
dress.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the Used IP addresses for which you want to create devices and interfaces.
5. In the menu, select Tools > Populate Device Manager. The Populate Device Manager wizard
opens.
6. Click on OK to commit your choice. The report opens and works for a while. Once the report
closes, the list is visible again. On Device Manager All devices list, the devices are named
after the IP address and marked as Imported in the Status column. On the All port & in-
terfaces list, the interfaces are listed as well, you can find interfaces through their MAC ad-
dress.
758
Managing Devices
The manual addition of devices can be done from the All devices list or the All ports & interfaces
list. In the following procedure, we will assume you do it from the devices list.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. In the Description field, you can add a description.
6. Click on OK to commit the addition. The report opens and closes. The device is listed.
Note that as devices are composed of interfaces and/or ports, you will have the possibility to
configure the composing items of each device when adding a device. In this case, check the Add
port(s)/interface(s) box and refer to the Adding Ports and Interfaces Manually section below.
Even if you choose to manually add devices, you can use the Configure device manager option
to check the consistency of the data you add.
With version 5.0.2, from the All addresses list you assign an IP address and can create a device
and the interface associated with it at the same time.
First, you need to configure the corresponding behavior in the Default behavior wizard. Then,
you will be able to add new devices upon creation or edition of any IP address. The two procedures
below detail the steps to follow.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to create devices from
the IPAM.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.
759
Managing Devices
Once you ticked the default behavior box, the Create a device box is available on the address
edition and addition wizards both in IPv4 and IPv6. When you tick the latter box, two fields appear:
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit an IP address to display the Device Manager dedicated fields. For more details
regarding the first steps of addition or edition, refer to the Managing IP Addresses chapter.
The corresponding wizard opens.
5. On the Add/Edit IP address page, configure the device addition dedicated fields:
a. Tick the Create a device box, the Device name and Interface name fields appear. They
are both compulsory.
b. In the Device name field, type in the name of your new device.
c. In the Interface name field, type in the name of your new interface.
Once added from the IPAM module, you can edit the device and interface from Device Manager
module. You can create as many devices as you want from the IPAM All addresses page.
Duplicating Devices
The device duplication option allows you to copy the content and class parameters of a whole
device. It basically saves a considerable amount of time if you are managing a several servers
that are similar or adding a new switch identical to the ones you are already working with. The
duplication can only be done one device at a time.
Note that you will still have to update the MAC address of your interfaces and link your ports to
existing devices.
To duplicate a device
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
760
Managing Devices
Once you duplicated the selected device you will have to update the MAC address of the interfaces
it contains as well as the links between ports and devices. For more details, refer to the Editing
Ports and Interfaces properties section of this guide.
Merging Devices
Merging devices is especially useful when it comes to manually correct what was automatically
found on the network. Say you retrieved all the information found in NetChange discovered items
and you now have a long list of ports and interfaces, many of which are separately saved in
devices. If it turns out that you have a port and an interface that both belong to one laptop, say
an Ethernet connection and a wifi port, you can merge both devices under one device: the device
that corresponds to the laptop in question.
To say it in other words, it allows you to reorganize yourself the automatically retrieved information
to then manage it on your own terms.
To merge devices
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the devices you want to merge.
4. In the menu, select Edit > Merge. The Merge device wizard opens.
5. In the Name drop-down list, select the device that will include all the ports and interfaces.
The other device(s) will be emptied and deleted.
6. Click on OK to commit your choice. The report opens and closes. The device is listed, the
other devices are no longer listed.
Deleting Devices
Like for most items in SOLIDserver, the deletion of an item is non-reversible. There is only one
way to delete devices.
Deleting a device will delete the ports and interfaces it contains as well.
To delete a device
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device(s) you want to delete.
761
Managing Devices
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The device and the ports
and interfaces it contains are no longer listed.
Importing Devices
Like most modules in SOLIDserver, Device Manager provides the possibility to import devices
on the All devices page from a CSV file. From then on, you will be able to add or import the ports
and interfaces it contains and organize your network as you please. For more details, refer to
the chapter Importing Data in the Global Policies part of this guide.
762
Chapter 68. Managing Ports and
Interfaces
The ports and interfaces always belong to a device. You can either add them manually to a
specific device or add them along when creating a new device. Just like with the devices, you
have the possibility to automatically retrieve them from the other modules, they will be added to
the devices they are linked to in these modules. Therefore there is a great chance that most in-
terfaces or ports individually belong to one device, most of the devices will only contain one port
or interface.
Like in any other list within SOLIDserver, you can order and filter the items through the relevant
columns. However, there is an exception in the All ports & interfaces list: the data listed in the IP
Address column cannot be filtered. Indeed, this column is merely here as a side note to help you
manage interfaces, you will be able to order the items through that column but will not be able
to filter its data.
Here below, you can see the link to browse the ports and interfaces database:
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All ports & interfaces. The All ports & interfaces list opens.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the Name column, click on the name of the device of your choice to display the ports and
interfaces it contains.
763
Managing Ports and Interfaces
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the Type column to display only the ports.
4. At the end of the line of the port of your choice, click on . The properties page opens.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the Type column to display only the interfaces.
4. At the end of the line of the interface of your choice, click on . The properties page opens.
With the version 5.0.2, a new column was introduced to the All ports & interfaces list, to ease up
the management: the Addition date column now provides extra information regarding the devices
content. You can use this column to sort or filter the list.
Therefore you can use the Status column to filter only the Managed items. As there are three
statuses, to only display the imported and managed devices, filter the column with the value !=
Unmanaged (different from Unmanaged).
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the port and/or interface you want to display. You can tick more than one of each.
4. In the menu, select Edit > Manage > Yes. The Items management wizard opens, with the
message Do you really want to manage the selected item(s) ?.
5. Click on to commit your choice. The report opens and closes. The port/interface is marked
OK
Managed in the Status column.
On the contrary if you want to hide one or several ports and interfaces from the list, set the Status
column filter to Managed or different from Unmanaged and follow the procedure below.
764
Managing Ports and Interfaces
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the port and/or interface you want to hide. You can tick more than one of each.
4. In the menu, select Edit > Manage > No. The Items management wizard opens, with the
message Do you really want to unmanage the selected item(s) ?.
5. Click on OK to commit your choice. The report opens and closes. The port/interface is marked
Unmanaged in the Status column and therefore no longer visible in the list as it is filtered by
Managed in the column.
The Automatic discovery option described in the Managing Devices section above, also retrieves
the ports and interfaces for each created device.
Simply remember that this automatic addition of ports and interfaces follows a specific logic that
will in term help you differentiate the ports location and the interfaces role:
1. The automatic sweep of the ports relies on the information recorded in the NetChange module:
if the ports are not listed in NetChange, they are not retrieved. All found ports will be named
after their original NetChange name and gathered into the corresponding NetChange devices.
These devices keep the same name than in Device Manager but you can manage them in
Device Manager.
2. The automatic sweep of the interfaces relies on the information found in the IPAM, DNS and
DHCP modules. For every MAC address found, an interface is created into a new device. The
interface name depends on the name of the port it is linked to; therefore you will find a number
of interfaces named "eth#", "wifi#" and "vw_interface_#", # being a number to differentiate
them. If no data is found regarding the port-interface link, the interface is named generic_#.
For these reasons, it is fairly easy to understand which kind of ports and interfaces you will be
dealing with after an automatic addition of items. To ensure the consistency of the data, we re-
commend that you configure Device Manager. This will compare data based on the way you
linked it to Device Manager. That is to say, check if the data has been linked to the other modules
manually or automatically and then overwrite the content of the Manually linked to column with
the content of the Automatically linked to column if the Manually linked to column is empty.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
765
Managing Ports and Interfaces
2. In the menu, select Tools > Configure Device Manager. The Configure Device Manager
wizard opens.
3. Tick the box.
4. Click on OK to commit the automation. The wizard closes. The devices, as well as the ports
and interfaces attached to them, will be automatically retrieved.
This option has to be ticked once. Afterwards, the data checking will be done each time an interface
is added or edited. As for the automatic addition of devices, interfaces and port it involves the
automatic discovery option.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery.The Device Manager: Automatic Discovery
wizard opens.
4. Click on OK to commit the automatic retrieval of data. The report opens and closes. The
devices are all listed and named after their DNS name, IP address name or NetChange
name. The All ports & interfaces page lists all the interfaces and/or ports retrieved. In the
Status column, they are marked as Imported.
One of the main advantages of Device Manager is therefore to retrieve automatically a great
number of items based on what other modules contain. However, once you have all the NetChange
items saved in devices, ports and interfaces, you can manually manage them as you want and
expand each device, or edit interface or port information as needed.
From the All addresses list of the IPAM you can also automatically add interfaces. They will be
added to the devices created after the used IP addresses you selected. No ports will be added
as the interfaces will be created using the MAC address of the selected IP addresses. Each in-
terface will therefore have a specific MAC address and a name assigned following Device Manager
naming logic explained in the section above.
For more details regarding the automated addition procedure from the IPAM, refer to the Auto-
matically Add Devices from the IPAM Module section of this guide.
The MAC address being the main difference between ports and interfaces when it comes to
adding (i.e. creating) them, we will describe separately the different ways to add them.
The manual addition of ports is possible from the All devices list and the All ports & interfaces
list. As ports are part of devices, you can create a device and add a number of ports to it. Adding
a device and ports at the same time actually allows to add as many ports as you want at once.
766
Managing Ports and Interfaces
All these ports will have the same name and be numbered. If you add ports to a specific device,
you will have to add them one by one.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. Tick the Add port(s)/interface(s) box. The ports and interfaces section opens.
6. In the Type drop-down list, select Port. The port related fields open.
7. Configure the port(s) addition:
8. Click onADD . The port is listed as such: port: <number of ports> <port name> in the Inter-
faces/Ports list. If you want to add more ports to the device. Repeat these actions for as
many ports as needed.
9. In the Interfaces/Ports list, you can set in which order the ports and interfaces will be displayed
selecting the items name and using the and buttons.
This field also allows to update the ports and interfaces parameters: select the item, modify
the data in the fields and click on UPDATE . Note that if you want to add a new set of ports
while your are interfering with the newly added once, click on CANCEL to display again the
empty creation fields. You can also select any item and click on DELETE .
10. Click on OK to commit the creation. The report opens and closes. The device is listed and
contains all the ports, filter the list to find the device name if needed. Both the device and
the ports are marked Managed in the Status column.
The procedure below details the port addition on the all ports & interfaces page, however you
can obviously add ports on the All ports & interfaces list of a specific device.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. In the menu, select Add > Port/Interface. The Add port/interface wizard opens.
4. In the Device drop-down list, select one of your existing devices.
767
Managing Ports and Interfaces
9. Click on OK to commit your configuration. The report opens and closes. The port is listed
and marked marked Managed, filter the list to see it if needed.
The manual addition of interfaces is also possible from the All devices list and the All ports & in-
terfaces list. As interfaces are part of devices, you can create a device and add all the interfaces
you want to it at once. Like for the ports, adding interfaces from the All ports & interface list of a
device implies that you add them one by one.
Tip
You can add interfaces from the IPAM module when adding and editing IP addresses.
For more details, refer to the To add a device when creating an IP address procedure.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. Tick the Add port(s)/interface(s) box. The ports and interfaces section opens.
6. In the Type drop-down list, select Interface.
7. In the Name field, type in the interface name.
8. You can link the interface with an IP address. This step is optional.
768
Managing Ports and Interfaces
Fields Description
IP Address In this field, type in an IP address known to the IPAM module, the
corresponding MAC address will be deduced and entered in the MAC
a
Address field .
a
If the MAC address is already listed within the All ports & interfaces list, this interface addition will be impossible.
9. Click on ADD . In the Interfaces/Ports list, the interface is listed as such: interface: <interface
name> <MAC address> <IP Address>. Repeat these actions for as many interfaces as you
need.
10. In the Interfaces/Ports list, you can set in which order the ports and interfaces will be displayed
selecting the items name and using the and buttons.
This field also allows to update the ports and interfaces parameters: select the item, modify
the data in the fields and click on UPDATE . Note that if you want to add a new set of ports
while your are interfering with the newly added once, click on CANCEL to display again the
empty creation fields. You can also select any item and click on DELETE .
11. Click on OK . The report opens and closes. The device is listed and contains all the interfaces,
filter the list to find the device name if needed. Both the device and the ports are marked
Managed in the Status column.
The procedure below details the interface addition on the all ports & interfaces page, however
you can obviously add interfaces on the All ports & interfaces list of a specific device.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. In the menu, select Add > Port/Interface. The Add port/interface wizard opens.
4. In the Device drop-down list, select one of your existing devices. You can use your keyboard
to find the device you are looking for.
5. Click on NEXT . The next page, regarding port and interfaces, opens.
6. In the Name field, name the interface.
7. In the Type drop-down list, select Interface. The interface related fields open.
8. You can link the interface with an IP address. This step is optional.
9. In the Space drop-down list, you can select one of the existing IPAM spaces. It is not com-
pulsory.
769
Managing Ports and Interfaces
10. You can link the interface you are creating with another device port or interface. This is not
compulsory, if you do not want to link your port go to step 10.
11. Click on OK to commit your configuration. The report opens and closes. The interface is listed,
filter the list to see it if needed.
The edition is particularly useful if you are about to add new devices that have a similar structure
to the devices you already manage within Device Manager. Say you are about to add a new
network device in NetChange, you duplicate one of devices with a similar structure, name it like
the coming network device and add or delete the ports and interfaces as needed. Then you
manually link them to the needed device before performing an automatic discovery to automatically
retrieve all the data and be able to check it.
There are a couple of information that you can edit on a port: its name and its link to another
device port or interface. As for the interface, you can change its name, MAC address and its link
to another device interface.
You can change a name through the Info Bar in the list.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the list if needed.
4. Put your mouse over the port/interface you want to edit. The Info Bar appears.
5. Click on . The Edit a port or interface wizard opens.
6. In the Name field, type in the new name of the port/interface.
770
Managing Ports and Interfaces
7. Click on OK to commit your edition. The report opens and closes. Your modified port name
is listed, its former name is no longer visible.
You can also change the name from the properties page of a port or interface.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the list if needed.
4. Click on the name of the port/interface you want to edit. The properties page opens.
5. In the Main properties panel, click on the EDIT button. The Edit a port or interface wizard
opens.
6. In the Name field, rename the item.
7. Click on OK to commit your edition. The report opens and closes. In the Main properties
panel, the name is modified.
Note
Any port can be renamed. As NetChange ports had a name before you chose
to manage them through Device Manager, once you renamed them both names
will be displayed on the port properties page. The Name field will display your
name, the NetChange port name will display the original name of the port.
Editing a Port
The ports links towards devices can be modified. There is one situation when you will need to
do so: the device duplication. Once a device is duplicated, the newly created device ports are
not linked to any other device. In this case, you have to create the link between the ports and the
needed device port of interface.
Therefore, after a device duplication we recommend that you first link the ports to another device
manually and then check the truthfulness of the manual link with an automatic discover once the
new device is added in NetChange.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the names to display the port name if needed.
4. Click on the name of the port you want to link to another device interface. The port properties
page opens.
5. In the Main properties panel, click on EDIT . The Edit a port or interface wizard opens.
6. Specify the other device port or interface.
771
Managing Ports and Interfaces
7. Click on OK to commit the edition. The report opens and closes. The device you selected is
visible in the Main properties panel in the Manually linked to line, the selected interface is
between brackets. If you go back to the All ports & interfaces list, you will have the same
information in the Manually linked to column.
Once you linked the ports to another device interface and added the device in NetChange, run
the automatic discovery as follows. If you also have interfaces in that device, modify their links
as well (see the section Modifying an interface below for more detail) before running the automatic
discovery.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery. The report opens and closes. The notify
pop up window host_auto_discover.php appears. The devices are all listed and contain one
or more ports and interfaces depending on the links between network devices and ports
found in NetChange or through the MAC address.
You can now go back to the duplicated device list of ports & interfaces and compare the Manually
linked to and Automatically linked to column to make sure there is no drift in the reconciliation
column (see the section Tracking changes in the All ports & interfaces list for more details about
the reconciliation).
Editing an Interface
Like the ports, the interfaces can be linked to other devices interfaces. However they also
have a MAC address.Therefore, if you duplicated a device you will need to add a new link towards
the newly created device interfaces and update its MAC address.
Therefore, after a device duplication we recommend that you first link the interfaces to another
device manually, then update the MAC address and finally check the truthfulness of the manual
link with an automatic discover once the new device is added in NetChange.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the names to display the interface name if needed.
772
Managing Ports and Interfaces
4. Click on the name of the interface you want to link to another device interface. The port
properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a port or interface wizard opens.
6. Specify the other device port or interface.
7. Click on OK to commit the edition. The report opens and closes. The device you selected is
visible in the Main properties panel in the Manually linked to line, the selected interface is
between brackets. If you go back to the All ports & interfaces list, you will have the same
information in the Manually linked to column.
Once you linked the interfaces to another device interface, update its MAC address.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the interface which MAC address you want to update. Filter the data if needed.
4. In the menu, select Edit > Update MAC. The Update mac address wizard opens.
5. In the MAC address field, type in the new MAC address.
6. Click on OK to commit the edition. The report opens and closes. The interface is listed with
the new MAC address. The MAC address is also updated within the IPAM module.
Note
Once you updated a MAC address, the former MAC address is deleted and the
IP address(es) it is linked to are saved whether it is an IPv4 or an IPv6 address.
Now that the links are saved and the MAC address is added, if you have added the new device
in NetChange you can run the automatic discovery. If you also have ports in that device, modify
their links as well (see the section Modifying a Port for more details) before running the automatic
discovery.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
773
Managing Ports and Interfaces
3. In the menu, select Tools > Automatic Discovery. The report opens and closes. The notify
pop up window host_auto_discover.php appears. The devices are all listed and contain one
or more ports and interfaces depending on the links between network devices and ports
found in NetChange or through the MAC address.
You can now go back to the duplicated device's list of ports & interfaces and compare the
Manually linked to and Automatically linked to column to make there is no "drift" in the reconciliation
column (see part #### for more details about the reconciliation).
There are three different values displayed in this column: OK, N/A and Drift.
OK is displayed when there is similar data in both Automatically linked to and Manually linked
to columns.
! Drift is displayed when there is a different between the two columns. This value is interesting
when you automatically retrieved the list of devices, interfaces and ports from the NetChange.
This column works in close relation with the reconciliation option. Note that the data retrieved
automatically always has the upper hand in Device Manager so do not use the reconciliation
option if you know that what you entered manually does not correspond to the way you want to
manage your items.
Note
Editing the devices topology from the IPAM will change the content of the Manually
linked to column. For more details refer to the Editing the Devices Topology from the
IPAM Module section of this guide.
With version 5.0.3, a new default Top List tracks the Reconciliation column Drift status: Alert on
ports/interfaces reconciliation drift. For more details, refer to the section The Default Gadgets.
774
Managing Ports and Interfaces
However, if you decided to enter some data manually, you can reconcile both link related columns
with the Reconciliation option. That is to say, the content of the Manually linked to column will
overwrite the content of the Automatically linked to column.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All Ports & interfaces list opens.
3. Filter data if needed. For instance through Drift in the Reconciliation column.
4. Tick the port(s) and/or interface(s) you want to reconcile.
5. In the menu, select Edit > Reconcile. The Reconciliation wizard opens.
6. Click on OK to commit the reconciliation. The report opens ans closes. The items disappear
from the list if the Reconciliation column was filtered by Drift as the value of the selected
items is now OK.
1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the port(s) and/or interface(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The selected item(s) is/are
no longer listed.
Note
If you delete interfaces linked with the IPAM, the link between the IP addresses and
the device will be broken.
775
Chapter 69. Managing the Interaction
with the IPAM
Device Manager offers the possibility to display IPv4 and IPv6 addresses on the same list. Like
the IPAM and the DHCP modules, it uses the Dual Stack protocol. Which is why you have the
possibility to assign IP addresses in both versions of the Internet Protocol to one interface.
The automatic discovery option provides an automated assignment and display of both IPv4 and
IPv6 addresses. It requires the IP address and interface MAC address to be associated in the
IPAM module prior to running the option. Note that the MAC address in question should be part
of NetChange discovered items list. Once you made changes in either module, you can run the
option again following the To automatically add devices procedure.
From version 5.0.2, the interaction between the IPAM and Device Manager as been enhanced
drastically providing the possibility to edit Device Manager from from the IPAM module. Now you
can:
• add devices from the All addresses page when assigning an IP (refer to the Adding Devices
from the IPAM Module section for more details),
• associate IP addresses to existing interface or remove that link (see Managing the IP
Addresses/Interfaces Link from the IPAM Module section below),
• edit from the All addresses page the link between devices (see the Editing the Devices
Topology From the IPAM Module section below).
Obviously, you can still assign IP addresses to existing interfaces using their MAC address, like
detailed in the section below.
Tip
Two columns were added to All addresses list listing template to display the device
and interface linked to the IP addresses: Device manager name, that displays the
device name, and Device manager interface, that displays the interface name. For
more details regarding columns display, see the Customizing the List Layout section
of this guide.
Note
Adding, removing or editing an IP address MAC address might change or remove
an existing IP address/interface link.
776
Managing the Interaction with the
IPAM
a. Go to the Device Manager tab. If the homepage is not displayed, click on . The
homepage opens.
b. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
c. Order the list by MAC address. The interfaces are listed first.
d. Put your mouse over the name of the interface of your choice. The Info Bar appears.
e. Click on . The interface properties page opens.
f. In the Main properties panel, copy the MAC address.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Addresses icon. The All addresses list opens. The IP4 button in the upper
right corner is blue.
c. Click on an available address. The pop up message This address is free, do you want
to assign it? opens.
d. Click on OK . The Add an IPv4 address wizard opens.
e. If you or your administrator created classes, the IP address class list is visible. Select
a class or None and click on NEXT . The next page of the wizard opens.
f. The IP address name field is gray and empty.
g. The IP address field displays the IP address.
h. In the MAC address field, paste your MAC address.
i. In the Shortname field, name your IP address: it is automatically displayed in the IP
address name field.
j. In the Mode drop-down list, make sure Configurable behaviors is selected.
k. Click on NEXT . The Aliases configuration page opens. There is nothing to set up in this
page when simply assigning an IP address to an interface, see section Configuring IP
Aliases for more details.
l. Click on OK to commit your assignment. The IPv4 addresses list opens again and the
IP address is listed as used, named and has a MAC address.
Note
If the report page displays the Warning message MAC address already
used. (Space: ..., Address: ....), on as many lines as IP address(es) used
on the interface, click on OK to commit the addition of the extra IP address
on the interface. To cancel the assignment, click on CLOSE. To modify the
MAC address, click on PREVIOUS. The Aliases configuration page opens
777
Managing the Interaction with the
IPAM
first, click on PREVIOUS again to open the Add an IPv4 address page
where you can make the needed changes.
a. Go to the Device Manager tab. If the homepage is not displayed, click on . The
homepage opens.
b. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
c. Order the list by MAC address. The interfaces are listed first.
d. Put your mouse over the name of the interface of your choice. The Info Bar appears.
e. Click on . The interface properties page opens.
f. In the Main properties panel, copy the MAC address.
2. Within NetChange
a. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
b. Click on Discovered items. The All discovered items list opens.
c. Click on Unset Filters to remove the Interco column default filter.
d. Paste your address in the MAC Address column to make sure that it is part of NetChange
items.
e. On your keyboard, hit Enter. If the MAC address is listed follow the procedure. If it not
listed, go back to step 1 and find an interface that is part of the All discovered items list.
a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on Addresses (v6). The All addresses list opens. The IP6 button in the upper right
corner is blue.
c. Click on an available address. The pop up message This address is free, do you want
to assign it? opens.
d. Click on OK . The Add an IPv6 address wizard opens.
e. If you or your administrator created classes, the IP address class list is visible. Select
a class or None and click on NEXT . The next page of the wizard opens.
f. The IP address name field is gray and empty.
g. The IP address field displays the IP address.
778
Managing the Interaction with the
IPAM
Note
If the report page displays the Warning message MAC address already
used. (Space: ..., Address: ....), on as many lines as IP address used on
the interface, click on OK to commit the addition of the extra IP address on
the interface. To cancel the assignment, click on CLOSE. To modify the
MAC address, click on PREVIOUS. The Aliases configuration page opens
first, click on PREVIOUS again to opens the Add an IPv6 address page
where you can make the needed changes.
a. Go back to the Device Manager tab. The interface properties page opens.
b. Click on EDIT . The Edit a port/interface wizard opens.
c. Click on OK to update the information. The report opens and closes. In the Interface
attachments panel, the IPAM section regarding v6 addresses is updated and display
the new IP address information. The address is visible in the All Ports & interfaces list.
Obviously, you can use the procedure above for as many IP addresses as needed for one inter-
face. Beyond one IPv6 address, the addition wizard will display a report step listing the IP ad-
dresses already used on this interface to make sure that you actually want to use an extra IP
address.
Note
Any ports and interfaces changes made from the IPAM will change the content their
Manually linked to column. For more details, refer to the Tracking Changes in the
All ports & interfaces List section of this guide.
779
Managing the Interaction with the
IPAM
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to link IP addresses with
existing devices.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.
Once you ticked the default behavior box, two fields are available on the address edition and
addition wizards both in IPv4 and IPv6:
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit an IP address to display the Device Manager dedicated fields. For more details
regarding the first steps of addition or edition, refer to the Managing IP Addresses chapter.
The corresponding wizard opens.
5. On the Add/Edit IP address page, configure the device addition dedicated fields:
a. In the Device name field, type in the name or part of the name of an existing device.
The auto-completion will retrieve a list of device matching this name that you can choose
from.
b. In the Interface name field, type in the name or part of the name of an exiting interface.
The auto-completion will retrieve a list of interfaces matching this name that you can
choose from. Once you selected an interface, its name will be displayed as follows:
<interface name> (<device name> - <number of IP addresses associated with the inter-
face>).
If you do not specify an interface, the IP address is only associated with the device and
displayed on the address properties page.
780
Managing the Interaction with the
IPAM
Once you assigned IP addresses, you can link them to the existing device and interface of your
choice through the menu. The wizard also allows you to edit, i.e. overwrite, an existing link
between the IP address and an interface.
Note
The auto-completion provided in the device name and interface name will only list
the device and interfaces marked as Managed and Imported. The Unmanaged items
will not be listed.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Tick the IP address(es) of your choice.
5. In the menu, select Edit > Link IP addresses to Device Manager interfaces. The Link IP
addresses to Device Manager interfaces wizard opens.
6. Set the link following the table below.
7. Click on OK to commit the link configuration. The report opens and closes. The All addresses
list is visible again. The changes are visible in the dedicated columns, the IP address prop-
erties page and in Device Manager.
781
Managing the Interaction with the
IPAM
Once you set a link between an IP address and an interface, you can remove it using the menu
provided that no MAC address was used when assigning the IP address.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Tick the IP address(es) of your choice.
5. In the menu, select Edit > Remove the IP addresses/Device Manager interfaces link. The
Link IP addresses to Device Manager interfaces wizard opens.
6. Set the link following the table below.
7. Click on OK to commit the link configuration. The report opens and closes. The All addresses
list is visible again. The changes are visible in the dedicated columns, the IP address prop-
erties page and in Device Manager.
If your IP address was assigned a MAC address, you need to edit the IP address, remove the
MAC address and then follow the procedure above to remove the link with the interface. For more
details regarding IP address edition refer to the Editing an IP Address section of this guide.
Once you set up a link between an IP address and an interface, you can edit it to link the IP ad-
dress with a different interface.
First, as we detailed in the Linking IP addresses with Interfaces section above, you can simply
specify a device and interface and tick the Overwrite box.
Second, if the IP address was assigned a MAC address, you can simply edit the MAC address
to link the IP address with another interface. For more details regarding IP address edition refer
to the Editing an IP Address section of this guide.
782
Managing the Interaction with the
IPAM
First, you need to configure the corresponding behavior in the Default behavior wizard. Then, if
your IP address is already linked to an interface, you will be able to link it with another existing
interface upon edition of any IP address. The two procedures below detail the steps to follow:
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to link IP addresses with
existing devices.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.
Once you ticked the default behavior box, two fields are available on the address edition and
addition wizards both in IPv4 and IPv6:
Tip
If only tick this behavior, the related fields will be displayed upon edition of an IP
address only if the IP address is already associated with a device and an inter-
face. As for the IP address addition, you will need to tick the device addition or asso-
ciation behavior to allow users to first set the link between the IP address and the
interface and then see the Link with device and Link with interface fields.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Edit an IP address already associated with an interface to display the Device Manager
dedicated fields. For more details regarding the first steps of IP address edition, refer to the
Managing IP Addresses chapter. The edition wizard opens.
783
Managing the Interaction with the
IPAM
5. On the Edit IP address page, configure the devices topology dedicated fields:
a. In the Link with device field, type in the name of an existing device. The auto-completion
will retrieve a list of device matching this name.
b. In the Link with port field, type in the name of an exiting port. The auto-completion will
retrieve a list of ports matching this name. Once you selected an interface, its name is
displayed in the field along with the device.
Note
Editing the devices topology from the IPAM will change the content of the Manually
linked to column. To reconcile the content of the Automatically linked to and Manually
linked to columns, refer to the Tracking Changes in the All ports & interfaces List
section of this guide.
784
Chapter 70. Rules Impacting Device
Manager
There are a number of Device Manager related rules that you can manage through the adminis-
tration tab. The organization of the rules is very particular as they are ordered per module, module
referring here to where the whole behavior is triggered and does not refer to the module where
the behavior is implemented.
DHCP Rules
Within the DHCP module, two events can trigger changes in Device Manager: adding statics and
adding leases.
Rule 221
If you enable this rule, every time you add a static in the DHCP module, a new interface is
created. It is named after the static and belongs to a device also named after the static. To
add this rule, select the DHCP module and the Add: DHCP statics event when you follow
the To add a rule procedure.
Rule 225
If you enable this rule, every time a lease is generated in the DHCP module, a new device
is created. It is named after the host name associated with the lease in DHCP and contains
an interface with a generic_# name. To add this rule, select the DHCP module and the Add:
DHCP leases event when you follow the To add a rule procedure.
NetChange Rules
Within the NetChange module, refreshing NetChange can trigger Device Manager to refresh al-
together if you enable the right rule.
Rule 227
If you enable this rule, every time NetChange is refreshed, Device Manager will consequently
be refreshed and updated. To add this rule, select the NetChange module and the NetChange
refresh event when you follow the To add a rule procedure.
785
Rules Impacting Device Manager
To add a rule
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select the module that triggers the needed behavior.
5. In the Event drop-down list, select the action in the selected module that triggers the beha-
vior.
6. In the Rule list, select the rule of your choice. Each rule is listed as follows: (<rule-number>)
<rule-name>.
7. In the Rule name, name the rule. This name will be displayed in the Instance column and
help you filter the list without using the rule number.
8. In the Comment field, you can type in a comment.
9. Click on NEXT . The last page of the wizard opens.
10. Click on OK to commit the rule addition. The report opens and closes. The rule is listed and
marked OK in the status column.
To disable a rule
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. Filter the list through the Rule # column: type in the rule number.
4. Tick the rule you want to disable.
5. In the menu, select Edit > Disable. The Are you sure, you want to disable this entry? wizard
opens.
6. Click on OK . The report opens and closes. In the Status column, the rule is marked Dis-
abled.
To enable a rule
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. Filter the list through the Rule # column: type in the rule number.
4. Tick the rule you want to enable.
786
Rules Impacting Device Manager
5. In the menu, select Edit > Enable. The Are you sure, you want to enable this entry? wizard
opens.
6. Click on OK . The report opens and closes. In the Status column, the rule is marked OK .
787
Part XI. VLAN Manager
Table of Contents
71. Introduction ............................................................................................................. 790
Objectives of VLAN Manager ................................................................................. 790
VLAN Domains ..................................................................................................... 790
VLAN Ranges ....................................................................................................... 791
72. Managing VLAN Domains ......................................................................................... 792
Browsing VLAN Domains ....................................................................................... 792
Browsing the VLAN Domains Database .......................................................... 792
Customizing the VLAN Domains Display ......................................................... 793
Adding VLAN Domains .......................................................................................... 793
Editing VLAN Domains .......................................................................................... 793
Deleting VLAN Domains ........................................................................................ 794
Importing VLAN Domains ....................................................................................... 794
Defining a VLAN Domain as a Group Resource ....................................................... 794
Creating Classes at VLAN Domain Level ................................................................ 795
73. Managing VLAN Ranges .......................................................................................... 796
Browsing VLAN Ranges ......................................................................................... 796
Browsing the VLAN Ranges Database ............................................................ 796
Customizing the VLAN Ranges Display ........................................................... 797
Adding VLAN Ranges ............................................................................................ 797
Editing VLAN Ranges ............................................................................................ 798
Changing a Range Properties ........................................................................ 798
Changing a Range Size ................................................................................. 798
Deleting VLAN Ranges .......................................................................................... 799
Importing Ranges .................................................................................................. 799
Defining a VLAN Range as a Group Resource ........................................................ 800
Creating Classes ................................................................................................... 800
74. Managing VLANs ..................................................................................................... 801
Browsing VLANs ................................................................................................... 801
Browsing the VLANs Database ....................................................................... 801
Customizing the VLANs Display ..................................................................... 802
Understanding the VLANs Statuses ................................................................ 802
Adding VLANs ....................................................................................................... 802
Editing VLANs ....................................................................................................... 803
Deleting VLANs ..................................................................................................... 803
Importing VLANs ................................................................................................... 804
75. Managing the IPAM / VLAN Interaction ...................................................................... 805
Configuring the IPAM / VLAN Interaction ................................................................. 805
Applying the IPAM / VLAN Interaction ..................................................................... 806
789
Chapter 71. Introduction
Objectives of VLAN Manager
With version 5.0.2, EfficientIP introduces a new module: VLAN Manager. This module allows you
to create and handle Virtual Local Area Networks (VLANs) through the GUI. The virtual networks
will enable a level 2 data exchange between networks and devices: communication through their
MAC address. Therefore, whatever the devices and networks IP address, they can be connected
through VLAN Manager.This module will allow you to connect through the GUI the virtual networks
of your choice and organize your subnets according to your needs between spaces and blocks.
This way, you can control and set up the interaction between all the subnets of your network or-
ganization.
There are three levels of hierarchy within the module: the domains, ranges and VLANs themselves.
You can either add manually or import existing VLANs. In each domain, or range, the management
of your VLANs is simplified through the use of the VLAN Identifier (ID) to differentiate each VLANs.
Once created, you can assign a name to each VLAN to set up the interaction between VLAN
and your IPAM subnets more easily.
Keep in mind that the VLANs that you create and configure within VLAN Manager are completely
different from the VLAN interfaces that you can set up on the network configuration page of
SOLIDserver. VLAN interfaces will simply use a VIF to provide several IP addresses to connect
to SOLIDserver but not connect your IPAM subnets together through the GUI. For more details
regarding VLAN interfaces, refer to the section Setting up a VLAN interfaces in the Network
configuration chapter of this guide.
VLAN Domains
To manage your VLANs, you will need to create at least one domain. It can contain from one to
4096 virtual networks. Each VLAN will be given an ID that corresponds to the range of VLAN IDs
that you will have specified. From then on, each VLAN is created in the domains and you can
then organize them among ranges if need be or simply assign it an name to set up an interaction
between the subnets of your choice. Once created, a domain can be deleted as long as it does
not contains any range or used VLANs (i.e. VLANs that were assigned a name and therefore
790
Introduction
potentially connecting subnets). Like many other objects within SOLIDserver, you can import
domains. For more details, refer to the Importing Data chapter of this guide.
VLAN Ranges
Through VLAN Manager, the range level is optional. It simply provides an extra level or organiz-
ation for your VLANs that will only manage IDs that have already been specified in the domain
they belong to. Once created, a range can be deleted as long as it does not contain used VLANs.
Like the VLAN domains, ranges can be imported. For more details, refer to the Importing Data
chapter of this guide.
791
Chapter 72. Managing VLAN Domains
Within VLAN Manager, the domains constitute the highest level of the hierarchy. They can be
composed of VLAN ranges and VLANs or exclusively of VLANs depending on your organizational
needs.
To organize your VLANs you need at least one domain but you can add as many as you want.
A domain can contain between 1 and 4094 VLANs, this number corresponds to the VLAN ID.
Each domain then contains a set of VLANs listed through their identifier.
Every time you add a domain, you can set the same set of IDs. They will be duplicated in the All
VLANs list, even if you have let's say 10 VLANs with the ID 1, they are different as they do not
belong to the same domain or range and finally might be assigned different names.
domain
range
vlan-navdomain
VLAN
Here below, you can see the breadcrumb link to browse the domains database:
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All domains. The All domains list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
792
Managing VLAN Domains
3. At the end of the line of the domain of your choice, click on . The properties page opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the menu, select Add > Domain. The Add a VLAN domain wizard opens.
4. In the Domain field, name your VLAN domain.
5. In the Description field, you can add a description. This field is optional.
6. In the Start VLAN ID field, type in a the number of your choice (between 1 and 4094) that
will set the ID of the first VLAN managed through the domain. By default, 1 is displayed in
the field.
7. In the End VLAN ID field, type in a the number of your choice (between 1 and 4094) that will
set the ID of the last VLAN managed through the domain. This will also define the number
of VLANs in the domain, depending on the Start VLAN ID you just chose. By default, 4094
is displayed in the field.
8. Click on OK to commit the addition. The report opens and closes. The domain is listed, in
the Start ID and End ID fields you can see the ID of first and last VLANs of the domain.
Once created, you cannot change its start and end ID, if it does not match your needs anymore.
In this case, create a new one, assign the same name to the VLANs it contains if need be, and
finally delete the obsolete domain; or export the VLANs and reimport them in the new domain.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. Put your mouse over the name of the domain you want to edit. The Info bar appears.
4. Click on . The Add a VLAN domain wizard opens.
5. Edit the Domain and/or Description field according to your needs.
793
Managing VLAN Domains
6. Click on OK to commit the changes. The report opens and closes. The domain is listed with
the changes you just made.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. At the end of the line of the domain of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VLAN domain wizard opens.
5. Edit the Domain and/or Description field according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The domain is listed with
the changes you just made.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. Tick the domain(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the domain(s) deletion. The report opens and closes. The domain is
no longer listed, the VLANs it contained are deleted as well.
Allowing access to a domain as a resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
794
Managing VLAN Domains
795
Chapter 73. Managing VLAN Ranges
Within VLAN Manager, the ranges constitute the second level of the hierarchy. They are optional.
Contrary to the domains, the ranges start and end ID can be modified.
You can add ranges in your VLAN domains to polish your VLANs organization. A VLAN range
can contain as many VLANs as the domain it belongs to, as long as the VLAN IDs match. A
range contains a number of the VLANs of a specific domain, these VLANs will be identified
through their ID. Therefore, you cannot create a range with the start and end ID 5-10 if your domain
start and end IDs are 6-10.
Within a domain, you can create as many ranges as you want.The first range created will manage
VLANs of the domain. You can add extra ranges managing the same VLAN IDs: the VLANs will
be different as they belong to different ranges.
domain
range
vlan-navrange
VLAN
Here below, you can see the breadcrumb link to browse the ranges database:
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All ranges. The All ranges list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
796
Managing VLAN Ranges
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. At the end of the line of the range of your choice, click on . The properties page opens.
If you want to create range with unique sets of VLAN ID, you can use the prevent the No ID
overlapping checkbox when adding the range. Keep in mind that the overlap restriction applies
whether it was set on existing ranges or ranges you are trying to create. Therefore, if a range
manages the VLAN IDs 1-512 already exists and you try to create the range 512-550: an error
message appears on the wizard Report page whether the checkbox was ticked on the existing
range or on the new range creation wizard.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the menu, select Add > Range. The Add a VLAN range wizard opens.
4. In the Domain list, select the domain of your choice.
5. Click on NEXT . The last page of the wizard opens.
6. In the Range field, name your VLAN range.
7. In the Description field, you can add a description. This field is optional.
8. In the Start VLAN ID field, type in a the number of your choice (between 1 and 4094) that
will set the ID of the first VLAN managed through the domain. By default, 1 is displayed in
the field.
9. In the End VLAN ID field, type in a the number of your choice (between 1 and 4094) that will
set the ID of the last VLAN managed through the domain. This will also define the number
797
Managing VLAN Ranges
of VLANs in the domain, depending on the Start VLAN ID you just chose. By default, 4094
is displayed in the field.
10. The No ID overlapping checkbox is ticked by default, you can untick it if you want to create
the same VLAN ID in several ranges.
11. Click on OK to commit the addition. The report opens and closes. The range is listed, in the
Start ID and End ID columns you can see the ID of first and last VLANs of the range.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Put your mouse over the name of the range you want to edit. The Info bar appears.
4. Click on . The Add a VLAN range wizard opens.
5. Edit the Domain, Description and/or No ID overlapping fields according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The range is listed with
the changes you just made.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. At the end of the line of the range of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VLAN range wizard opens.
5. Edit the Domain, Description and/or No ID overlapping fields according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The range is listed with
the changes you just made.
1. You cannot reduce the size of a range if it contains Used VLANs (i.e. VLAN that were assigned
a name and might therefore be linked to a subnet in the IPAM)
798
Managing VLAN Ranges
2. You can extend the size of a range as much as you want provided that:
• the new range size is not greater than the domain it belongs to.
If you want a range to manage the IDs 10-20, instead of the 10-15 it is currently managing,
this will not work if the domain manages the 1-15. You would be asking to manage IDs that
do not exist in the domain.
• the shift in ID that you set does not include Used VLAN belonging to another range: the
overlap is impossible.
In case of overlap, you can either delete the used VLAN and recreate it in the new range or export
it and reimport it in the new range.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Tick the range(s) that you want to resize.
4. In the menu, select Edit > Resize ranges. The Resize ranges wizard opens.
5. In the Start ID shift, type in the shift value. Any number typed in will be added to the current
range Start ID. If you want to extend the number of IDs managed, type in - before the number.
If you do not want to change the Start ID, type in 0.
6. In the End ID shift, type in the shift value. Any number typed in will be added to the current
range Start ID. If you want to reduce the number of IDs managed, type in - before the number.
If you do not want to change the End ID, type in 0.
7. Click on OK to commit the changes. The report opens and closes. The range is listed with
the new start and end ID.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Tick the range(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the domain(s) deletion. The report opens and closes. The range is
no longer listed, the VLANs it contained are deleted as well.
Importing Ranges
Like most modules in SOLIDserver, VLAN Manager provides the possibility to import ranges on
the All domains or All ranges page from a CSV file. From then on, you will be able to add or import
799
Managing VLAN Ranges
the VLANs it contains and organize your network as you please. For more details, refer to the
chapter Importing Data in the Global Policies part of this guide.
Allowing access to a range as a resource will also make every VLAN it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.
Creating Classes
Like many other objects within SOLIDserver, you can add classes for the VLAN domains. From
the All domains page, you can modify the VLAN ranges user fields (Settings > Customize user
fields). In the same way, from the Administration tab Class Studio page, you can create the
classes of your choice and apply them to the VLAN ranges.
800
Chapter 74. Managing VLANs
Within VLAN Manager, once you created one or several domains or even a set of ranges, the
VLANs are the lowest level of the hierarchy. They are identified through their ID and can be as-
signed a name. This name will be used to interact with the IPAM module at subnets level to set
up a channel of communication between several subnets or devices. Which is why, once they
have a name, the range and/or domain they belong to cannot be deleted.
Managing VLANs implies assigning them a name that will be used in the IPAM module to help
you organize the interaction between several networks or devices within a network.
Browsing VLANs
domain
range
vlan-navvlan
VLAN
Here below, you can see the breadcrumb link to browse the VLANs database:
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All VLANs. The All VLANs list opens.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the Name column, click on the name of the domain of your choice to display the VLANs
it contains.
801
Managing VLANs
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the Name column, click on the name of the range of your choice to display the VLANs it
manages.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. At the end of the line of the VLAN of your choice, click on . The properties page opens.
Adding VLANs
Considering that the list of VLANs of a specific domain are added at the same time as the domain
itself, and that the ranges will only manage VLANs within that domain, the Add option on the All
VLANs page is not an addition per se. It allows to set as Used the VLAN and assign it a name if
need be.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. In the menu, select Add > VLAN. The Add a VLAN wizard opens.
4. In the Domain list, select the domain of your choice.
5. Click on NEXT . The next page of the wizard opens.
6. In the Range list, select the range of your choice or none.
7. Click on NEXT . The last page of the wizard opens.
802
Managing VLANs
8. In the VLAN name field, name the VLAN. This field is optional.
9. In the VLAN ID column, type in the VLAN ID of the VLAN to which you want to assign this
name.
10. Click on OK to commit the name assignation. The report opens and closes. The page re-
freshes and the VLAN is now listed and marked as Used. If you gave it a name, it is dis-
played in the Name column.
If you are assigning a VLAN within a domain or a range, this procedure will obviously be shorter
as the Domain and/or Range list will not be displayed.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Filter the list if need be.
4. In the VLAN ID column, click on the VLAN of your choice. The Add a VLAN wizard opens.
5. In the VLAN name field, name the VLAN. This field is optional.
6. In the VLAN ID field, the VLAN ID of the VLAN you chose is displayed in grey.
7. Click on OK to commit the changes.The report opens and closes.The VLAN is listed, marked
as Used and has a name in the Name column if you gave it one.
Editing VLANs
You can change a VLAN name from its properties pages. Keep in mind that changing the VLAN
name breaks the IPAM / VLAN interaction.
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Filter the list if need be.
4. Click on the name of the Used VLAN you want to edit. The properties page opens.
5. In the Main properties panel, click on EDIT . The Add a VLAN wizard opens.
6. In the VLAN name field, rename the VLAN.
7. Click on OK to commit the changes. The report opens and closes. The new VLAN name is
displayed in the panel.
Deleting VLANs
Considering that the VLAN are merely listed on the All VLANs page, you cannot delete them in-
dividually. Deleting the range and/or domain they belong to will remove them from the list.
However, once created and marked as Used in the status column, you can delete their status
and name.
803
Managing VLANs
1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Tick the VLAN(s) which assigned name you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the VLAN assigned name deletion. The report opens and closes. The
VLAN is listed but no longer has a name in the Name column and its status is now Free.
Importing VLANs
Like most modules in SOLIDserver, VLAN Manager provides the possibility to import VLANs on
the All domains, All ranges or All VLANs page from a CSV file. For more details, refer to the
chapter Importing Data in the Global Policies part of this guide.
804
Chapter 75. Managing the IPAM / VLAN
Interaction
The purpose of VLAN Manager is to create and control the interaction between virtual local area
networks and your IPAM subnets. Within the IPAM module, this interaction is managed at subnet
level through the default behaviors and can be set both from IPv4 and IPv6 networks.
Like any default behavior, you need select them from the Default behaviors configuration wizard
to make them available on the addition and edition wizards and configure them upon creation
and modifications of your subnets (v4 and v6).
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / VLAN interaction section, tick the Display the VLAN association fields box.
The Display the field "Create a VLAN" checkbox appears.
6. Tick the Display the field "Create a VLAN" checkbox.
7. Click on OK to commit the configuration. The report opens and closes. The All subnets list
appears. Your configuration is now available in the Add/Edit a Subnet wizards along with
the Configurable behaviors value in the Mode field.
Note
To tick the Display the field "Create a VLAN" behavior, you need to tick it only will
be displayed on the wizards if you ticked the Display the VLAN association fields
as well.
If you want to set it up for IPv4 and IPv6 terminal subnets, you will need to follow the procedure
on both pages. Once you ticked both boxes, you will have a set of drop-down list and fields
available on the subnet edition and addition wizards both in IPv4 and IPv6:
805
Managing the IPAM / VLAN Interac-
tion
Note
If a non terminal subnet contains terminal subnets, linking it to a VLAN will not link
the subnets it contains to the VLAN.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit a subnet, whether it is terminal or not. For more details regarding the first steps
of addition or edition, refer to the Managing IP subnets chapter. The corresponding wizard
opens.
5. On the last page of the wizard, in the IPAM / VLAN interaction section, set the behaviors to
link your subnet to a VLAN:
a. In the VLAN domain drop-down list, select the VLAN domain containing the VLAN you
want to associate with your subnet.
b. In the VLAN range drop-down list, select the option that suits you needs. They are de-
tailed in the table below:
c. In the Create vlan section, do not tick the checkbox. For more details regarding this
section, refer to the procedure To create and link a VLAN to a subnet below.
d. In the VLAN ID field, type in the first digit(s) of the ID of the VLAN you are looking for.
This field auto-completes and displays the matching VLAN in the field or provides a list
806
Managing the IPAM / VLAN Interac-
tion
of the matching VLAN IDs (partially or entirely). The VLAN will be displayed as follows:
<VLAN_ID> (<VLAN_name> - <range_name>). Where <range_name> can be replaced
by #, if there is no range.
6. Click on OK to commit your changes/configuration. The report opens and closes. The VLAN
configuration is visible on the subnet properties page Default Behaviors properties panel.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit a subnet. For more details refer to the Managing IP Subnets chapter. The corres-
ponding wizard opens.
5. On the last page of the wizard, in the IPAM / VLAN interaction section, set the behaviors to
link your subnet to a VLAN:
a. In the VLAN domain drop-down list, select the VLAN domain of your choice.
b. In the VLAN range drop-down list, select a VLAN range; none if there is no range in the
domain; or all if you don't want to pick a range.
c. In the Create a VLAN section, tick the checkbox. The VLAN name field appears.
d. In the VLAN ID field, type in the ID of the VLAN you want to create or type in the first
digit of the ID: the field auto-completes and provides you with the list of all the available
IDs in the domain or range you selected. The VLAN ID will be displayed as follows:
<VLAN_ID> (<range_name>). Where <range_name> can be replaced by #, if the VLAN
is not managed through a range.
e. In the VLAN name field, you can name the VLAN.
6. Click on OK to commit your changes/configuration. The report opens and closes. The VLAN
configuration is visible on the subnet properties page Default Behaviors properties panel.
Once the association is set, you can display it in the All subnets page in IPv4 and IPv6 using the
Listing template wizard: the columns VLAN Domain, VLAN Range, VLAN name and VLAN ID
can be displayed in any listing template. For more details, refer to the Customizing the List Layout
section of this guide.
807
Part XII. Rights Management
Table of Contents
76. Introduction ............................................................................................................. 810
77. Managing Groups .................................................................................................... 811
Browsing Groups of Users ..................................................................................... 811
Browsing the Groups Database ...................................................................... 811
Customizing the Groups Display ..................................................................... 812
Adding Groups of Users ......................................................................................... 812
Editing Groups of Users ......................................................................................... 813
Managing the Resources of a Group of Users ......................................................... 813
Understanding Resources .............................................................................. 813
Assigning Resources to a Group .................................................................... 817
Removing Resources from a Group ................................................................ 819
Managing the Permissions of a Group of Users ....................................................... 819
Configuring the Groups Permissions ............................................................... 821
Editing a Group of Users Permissions ............................................................. 821
Managing the Users of a Group of Users ................................................................ 822
Adding a User to a Group .............................................................................. 822
Removing a User from a Group ...................................................................... 822
Disabling or Enabling Groups of Users .................................................................... 823
Deleting Groups of Users ....................................................................................... 824
Importing Groups of Users from a CSV File ............................................................ 824
78. Managing Users ...................................................................................................... 825
Browsing Users ..................................................................................................... 825
Browsing the Users Database ........................................................................ 825
Customizing the Groups Display ..................................................................... 826
Adding Users ........................................................................................................ 826
Editing Users ........................................................................................................ 827
Editing the User Details ................................................................................. 827
Editing the User Group .................................................................................. 828
Changing the User Password ......................................................................... 828
Configuring User Sessions ..................................................................................... 829
Configuring Users Login Session Time ........................................................... 829
Redirecting Users After They Log Out or Their Session Expires ........................ 829
Disabling or Enabling User ..................................................................................... 830
Deleting Users ...................................................................................................... 830
Importing Local Users from a CSV File ................................................................... 831
79. Managing Authentication Rules ................................................................................. 832
Browsing Authentication Rules ............................................................................... 832
Browsing the Authentication Rules Database .................................................. 833
Adding Authentication Rules .................................................................................. 833
Relying on Active Directory Authentication ...................................................... 833
Relying on LDAP Authentication ..................................................................... 836
Relying on Radius Authentication ................................................................... 837
Editing an Authentication Rule ................................................................................ 839
Enabling or Disabling an Authentication Rule .......................................................... 839
Deleting an Authentication Rule ............................................................................. 840
809
Chapter 76. Introduction
Managing users rights and their authentication process is an essential part of network management
as it enhances security. Within SOLIDserver, three pages are dedicated to rights management,
all of which are accessible through the Administration modules homepage Users, Groups &
Rights button.
Figure 76.1. The Users, Groups & Rights button is dedicated to Right Management
Groups
This page lists all the groups of users created and allows to manage each group resources.
Among these resources are listed the users. At groups level you can manage the users access
and rights over modules, pages and objects.
Users
This page lists and details the users that can access SOLIDserver. Once created, you can
set them as resource of a group to manage their access rights and restrictions.
Authentication rules
This page allows to add rules related to users specific authentication: AD, Radius and LDAP.
Adding these rules will allow SOLIDserver to retrieve user credentials stored in the corres-
ponding remote directory and provide secure remote authentications.
810
Chapter 77. Managing Groups
The groups of users define users profiles. Once a set of rights are granted to a group, the users
belonging to that group will be able to perform tasks on the resources of the group (subnets,
address blocks, DNS zones, DNS servers...) and nothing else. In other words, the group of users
delegate administrative rights to users. Typically, you would create a group, add resources to
the group and grant it a set of services, also called rights or permissions. These steps would
create a profile that will apply to the users you manage through the group.
The number of groups is unlimited. You can therefore create as many groups as user profiles as
you want. For more details regarding users addition, refer to the Users chapter.
From the Groups page you can have full control over the groups of users (users, resources and
rights) except to the admin group as it has access to everything by default and cannot be edited.
The groups can manage remote users which authentication is based Radius, Microsoft Active
Directory or LDAP directory. For more details regarding users secure authentication, refer to the
Authentication rules chapter.
Here below, you can see the link to browse the groups database:
By default, the admin group is listed on the page. It manages ipmadmin, also called a superuser
or super-admin as it has all the rights over all the resource available to management in SOLID-
server.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page opens.
811
Managing Groups
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The group properties page
opens.
We strongly suggest that you configure your group of users profiles before enabling the remote
authentication rules. Once the authentication rules are enabled, the corresponding users can log
in SOLIDserver. This goes especially for AD authentication: once the rule is enabled, any AD
user can log in the appliance. If you created a group of users named after the AD group the users
belong to, SOLIDserver will automatically create a user in the GUI and put it in the corresponding
group of users. For more details, refer the Authentication Rules chapter of this guide.
To add a group
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. In the menu, select Add > Group. The Add a group wizard opens.
5. If you or your administrator created classes, the Group class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Name field, name the group. If you want users to be authenticated via AD, do not
hesitate to name it after an existing AD group.
7. In the Description field, you can type in a description of the group that will be displayed in
the corresponding column.
8. In the Copy rights from group drop-down list, you can select any other group, except admin.
The rights of the selected group will be granted to the group you are creating.
9. Click on NEXT . The last page of the wizard opens.
10. In the Parent group list, select the parent group of your choice or None. The selected parent
group will be able to add users to the group you are creating.
11. Click on OK to commit your creation. The reports opens and closes. The group is listed.
812
Managing Groups
Note
The Copy rights from group option can be used as a template of standard rights and
permissions for regular end users that you can simply use when creating a group
and then adapt to each new group (adding or removing rights).
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group you want to edit, click on . The properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a group wizard opens.
6. If you or your administrator created classes, the Group class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
7. Edit the fields according to your needs. For more details, refer to the procedure in the Adding
Groups of Users section above.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and includes the changes in the panel.
Following each module internal hierarchy, once an object is set as a resource the whole path in
the internal hierarchy of the module is available for display. For instance, if you set an IPv4 block
as resource for a group, once a user of that group connects to SOLIDserver the space containing
the block will be listed, clicking on the space name will display the block set as resource and only
that one no matter how many blocks the space contains. Going down in the hierarchy, the user
will be able to display all the subnets of the block as well as all the pools and all the addresses
it contains. From that point on, and to continue with the example above, the group can be given
a set of rights on IPv4 blocks that will allow its users to edit, delete or add new blocks. The users
will be able to add edit or delete the block they have in their list of resources as well as the ones
they added but not any other block. Hence the importance of checking in detail the resources of
a group and the rights they are granted.
Understanding Resources
As explained above, setting an object as resource will grant access to its container and the objects
it contains in read-only. This provides a clear overview of the object within the network.
813
Managing Groups
Here below you will find for each object set as group resource the resources that come with it,
following the internal hierarchy of each module. Keep in mind that the complete path toward
the object is also available in read-only: if you set a subnet as resource, you will see its con-
taining block and containing space as well. However, if the space contains ten block you will only
see the block that contains the subnet.
IPAM Resources
The resources of the IPAM module can be applied to a group in order to design a delegation right
according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a block among its resource, its
users will be able to display the objects it contains: subnets, pools, addresses.
For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.
DNS Resources
The resources of the DNS module can be applied to a group in order to design a delegation of
right according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a zone among its resources, it
gives its users access the objects it contains: resource records.
814
Managing Groups
For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.
DHCP Resources
The resources of the DHCP module can be applied to a group in order to design a delegation of
right according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a block among its resources, it
gives its users access the objects it contains: subnets, pools, addresses.
For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.
815
Managing Groups
NetChange Resources
The resources of the NetChange module can be applied to a group in order to design a delegation
of right according to an organizational scheme. The hierarchy of the resource allows to simplify
the configuration of the delegation. For instance, if a group contains a network device among its
resources, it gives its users access the objects it contains: ports, VLANs and discovered items.
For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.
The resources of the VLAN Manager module can be applied to a group in order to design a del-
egation of rights according to an organizational scheme. The hierarchy of the resource allows to
simplify the configuration of the delegation. For instance, if a group contains a domain among its
resources, it gives its users access the objects it contains: ranges and VLANs.
For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.
816
Managing Groups
Administration Resources
In the Administration module, Class Studio classes can be set as resources for the users of the
admin group. Once assigned, the classes objects will be available for display to the users of the
group.
Once an object is set as a resource, keep in mind that its properties page Groups access panel
will display all the other groups that list it among their resources. In the same way, each group
Resources list will list the users and resources of the group.
Keep in mind that even through objects and classes are listed among the resources of a group,
if the corresponding management rights (or permissions) are not granted to the group, its users
will be able to see them at most and not be able to edit, delete them or even add similar objects.
For more details, refer to the Configuring the Groups Permissions section of this guide.
You can assign objects as resource of a group from the Administration tab Resources page, the
All <object> listing page or the properties page of an object.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
1
4. Click on the name of the group of your choice . The Resources page opens.
5. In the menu, select Add > Resources > resource of your choice. The object wizard opens.
6. Tick the resources you want to attribute to the group and click on ADD . A confirmation pop-
up window opens.
7. Click on OK to commit the resource(s) addition. The selected resources are no longer listed
in the wizard.
8. Click on CLOSE to get back to the Resources page. The selected resources are listed on the
page.
1
Any group EXCEPT the admin group as, by default, it has authority over all the resources of SOLIDserver database.
817
Managing Groups
1. From the listing page of your choice, tick the object(s) you want to set as a resource to a
group.
2. In the menu, select Edit > Rights > Add as group(s) resource(s).The Resources Management
wizard opens.
3. In the Available group(s) list, select a group and click on to add the selected resources
to its Resource list. The group is moved to the Add to the resources of the group(s) list.
Repeat these actions for as many groups as needed.
4. In the Add to the resources of the group(s) list, the groups that have the selected objects
are resource are listed. You can remove one (or several) group from that list if you do not
want it to have the selected objects as a resource anymore: select the group and click on
. The group is listed back in the Available group(s) list.
5. Click on OK to commit your resource addition. The report opens and closes. The listing page
refreshes.
1. From the listing page of your choice, display the object of your choice properties page using
.
2. In the Group access panel, you can see all the groups that have the object among their re-
sources and the actions what actions they can perform over it. Click on EDIT to add a group
to the list. The Groups wizard opens.
3. In the Available group(s) field, select a group and click on to move it to the Selected
group(s) list. Repeat this action for as many groups as needed. All the existing groups of
users are listed except admin as all the objects of the database are a resource of the group
by default.
4. In the Selected group(s) field are listed the groups that have the object as a resource.
5. Click on OK to commit the resource(s) addition. The repoty opens and closes. The page re-
freshes and the panel is updated. If you add a group that was already listed, the panel content
stays the same.
Contrary to other objects, the classes can only be added from the group Resources page.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page appears.
5. In the menu, select Add > Resources > Classes. The wizard opens.
6. Select the class(es) to apply to this group and click on ADD . A pop-up window opens.
7. Click on OK to commit the class(es) addition. The selected classes are no longer listed in
the wizard.
818
Managing Groups
8. Click on CLOSE to get back to the Resources page. The selected classes are listed on the
page.
For instance, if your Local space contains a local-subnet, and you decide that you no longer want
your users to have the Local space as resource, removing it from the list will not prevent users
from accessing it in read-only as the local-subnet is still listed. Therefore the complete path from
the space level to the subnet level will obviously include Local, local-block, local-subnet and
everything it contains.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group for which you want to remove resources. The Resources
page opens.
5. Tick the box of the resource(s) you want to delete.
6. In the menu, select Edit > Delete. The Delete resources wizard opens.
7. Click on OK to commit the resource(s) deletion. The report opens and closes. The selected
resources are no longer listed.
On the group properties page of every group you will find the following panels:
819
Managing Groups
In each panel you will an EDIT button that will allow you to set the permission one module at a
time. All the services (also called rights or permissions) listed that you can delegate to groups of
users as follows: <action-granted>: <object-concerned>. You will therefore find a set of verbs
corresponding to the action in the menu or wizard preceding the object it applies to.
Among the permissions you will also find other actions as: Remove, Copy, Copy/Move, Convert,
Split, Migrate, Find, Perform, etc. As well as a set of very specific actions, notably for HSM or
RIPE dedicated operations.
In the Rights & delegation and Administration panels, the verb is preceded by the module or page
concerned as both panels gather rights from everywhere in the appliance.
Permission Particularities
Within the admin group:
• Only ipmadmin has all the existing permissions and rights granted by default. It is the only
superuser.
• Other users from the group cannot perform all the advanced administrating tasks even if
they are granted all the rights and permissions.
820
Managing Groups
Keep in mind that if you set rights but do not assign actual resources to the group, its users will
not be able to benefit from their rights. For instance, if you grant a group the right to edit subnets
but did not assign them any subnets, they will have access to the All subnets page and Edit menu
but will not see any subnet listed. Hence the need to grant right AND assign resource. For more
details regarding resources assignation, refer to the Assigning Resources to a Group section
above.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The properties page opens.
5. In the panel of your choice, click on EDIT . The Edit group access wizard opens.
Note
When resources are assigned to a group, users of this group have, by default,
read-only access to the resources. Access control is only carried out on the "Add
" or "Delete" rights (read-only access was preserved on certain, specific rights,
such as those relating to the admin group).
6. In the Unauthorized services list are displayed the services that are not granted to the group.
Select one by one the services you want to grant and click on . The service is moved to
the Authorized services list.
7. In the Authorized services list are displayed the services that the group has access to. Select
one by one the services you want to deny to a group and click on . The service is moved
to the Unauthorized services list.
8. Once all the services you wanted to grant are listed in the Authorized services, click on OK .
This will commit your configuration. The report opens and closes. The page refreshes. In
the panel, the Permissions list displays the services granted.
821
Managing Groups
Just like for the configuration, make sure that the services you add or remove correspond to a
resource in the group Resource list, otherwise granting the service might be useless.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The properties page opens.
5. Open the panel you want to edit.
6. Click on EDIT . The Edit group access wizard opens.
7. Edit the rights to fit your needs.
8. Click on OK to commit your changes. The report opens and closes. The Permissions list
displays the module granted services.
For more details regarding user creation, refer to the Users chapter of this guide.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page of that group opens.
5. In the menu, select Add > Users. The Rights & delegation: Users wizard opens.
6. Tick the user(s) you want to add to the group and click on ADD . A pop-up window opens.
7. Click on OK to confirm the addition. The user is no longer listed in the wizard.
8. Click on CLOSE . The wizard closes and the page refreshes. The user is listed among the re-
sources of the group.
822
Managing Groups
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page of that group opens.
5. Filter the list if need be.
6. Tick the user(s) you want to remove from the group.
7. In the menu, select Edit > Delete. The Delete wizard opens.
8. Click on OK to commit the resource deletion. The report opens and closes. The user(s) is
no longer listed in the resources so can no longer benefit from the group permissions. The
user is still listed on the Users page.
Note
If you disable a group, the users its contain will still be able to connect to SOLIDserver
but will not have access to any module or resource.
To disable a group
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to disable.
5. In the menu, select Edit > Status > Disable. The Disable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The group(s) is marked
Disabled in the Status column.
To enable a group
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to disable.
5. In the menu, select Edit > Status > Enable. The Enable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The group(s) is marked
OK in the Status column.
823
Managing Groups
Note
If you delete a group, the users its contain will still be able to connect to SOLIDserver
but will not have access to any module or resource.
To delete a group
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The group is no longer
listed.
824
Chapter 78. Managing Users
The notion of a user allows the definition of administrator accounts vs. standard user accounts.
This allows you to set up different profiles and levels of management.
If you want to manage RIPE persons, refer to the appendix SPX at the end of this guide.
By default, users authentication will be performed using the local database. If you want to use
local authentication only, you must configure a group and add local user accounts in it. If you
plan on authenticating users remotely using LDAP, Active Directory and RADIUS directory in
addition to local authentication, then you must configure those services on SOLIDserver. A local
user and a remote user cannot share the same login account. It means that if a user is already
declared in the local database, an external authentication will never be performed for him.
SOLIDserver comes with an authentication subsystem that manages authentications to securely
log in to its WEB user interface. For more details, refer to the Authentication Rules chapter of
this guide.
Warning
If you are using remote authentication, you must always have at least one local admin
user in a local group to ensure connectivity to SOLIDserver in case of the remote
directory becoming unreachable.
By default, SOLIDserver authenticates users against its local database. Therefore, if you want
to use local authentication, you must configure a group and manually add this local user
into the group. Once added to a group, a user is considered as a resource of the group, for
more details refer to the Managing the Users of a Group of Users in the Groups chapter.
As for the authentication of remote users via LDAP, Radius or AD, refer to the Authentication
Rules chapter of this guide.
Browsing Users
As far as the right management is concerned, the users constitute, along with the objects, the
second level of the rights delegation management. Users are merely created and configured to
be managed by one or several groups that will set their profile and permissions.
Here below, you can see the link to browse the users database:
By default, the ipmadmin super user is listed on the page. It belong to the admin group and has
all the rights over all the resource available to management in SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
825
Managing Users
2. Click on the Users, Groups & Rights icon. The Users list opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. At the end of the line of the user of your choice, click on . The user properties page opens.
Adding Users
In the section, we describe the addition of local users, that is to say users to the Users page, or
local SOLIDserver database.
You can add as many users as you want. Their profile depend on the group(s) they belong to.
Keep in mind that the user permissions are closely liked to the resources available in the group.
If a group has edition rights over a scope but no scope assigned as a resource, this permission
is useless.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > User. The Add a user wizard opens.
4. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
5. You can either only configure credentials for a user (step 6) or configure completely a user
1
(step 7) .
6. Configure the new user credential following the steps below.
a. In the Login field, type in the user login. This login cannot be an email address.
b. In the Password field, type in the user password.
c. In the Confirm password field, type in the user password again.
7. Configure the new user credential and details following the steps below.
1
If the user is of Unix type and the password is not printable, the system password is used.
826
Managing Users
d. In the Pseudonym field, the user last and first name are automatically displayed. You
can replace them by a shortname or shorter name if you want.
e. In the Login field, type in the user login.
f. In the Password field, type in the user password.
g. In the Confirm password field, type in the user password again.
h. In the Email field, type in the user email address.
i. In the Login URL field, type in the URL to which the user will be directed after being
authenticated.
j. In the Maintainer group drop-down list, select the group of users that will be able to edit
the user information (names, credentials, email...) and classes.
8. Click on OK to commit the creation. The report opens and closes. The user is listed among
the users with its Login, Official name and Origin in the corresponding columns.
Connected users can edit their session time and date or listing page display, interface language
or password. For more details, refer to the section Connected User Account Configuration of this
guide.
Editing Users
At any time an administrator can edit a user details, group or password.
Note
If users do not belong to any group, they can connect to SOLIDserver will not see
the modules or be able to perform any action as no permissions are granted to indi-
vidual users.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the Login column, click on the user name. The user properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The Edit a user page opens.
6. Edit the user information according to your needs. For more details, refer to the procedure
To add a local user.
827
Managing Users
Note
If you type in a different password than the original one, you will overwrite the
user former password. Said user could be logged out after your changes or not
be able to log in anymore.
7. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again and includes the changes in the panel.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the Login column, click on the user name. The user properties page opens.
4. In the Groups access panel, click on EDIT . The Groups wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Available group(s) list, you can select a group and click on . The group is moved to
the Selected group(s).
7. In the Selected group(s) list are displayed the group(s) the user belongs to. In other words,
the user profiles. You can remove a group from the list clicking on , the group is moved to
the Available group(s) list.
8. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again and includes the changes in the panel.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. In the Login column, click on the user name. The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Password field, type in the new password.
7. In the Confirm password field, type the password again.
828
Managing Users
8. Click on OK to validate modifications. The report opens and closes. The properties page is
visible again.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in session.
4. Click on SEARCH . The www.login.session_timeout key is listed.
5. In the Value column, you can see the session time in seconds. By default, it is set to 0.
6. Click on the value of the key. The Registry database Edit a value wizard opens.
7. In the Value field, replace the current value with the value of your choice. This value can be
0 or anything above 60.
8. Click on OK to commit your change. The report opens and closes. The new value is visible
in the list and now the user is automatically logged out if no actions are performed above
the number of seconds you just set.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in logout.
4. Click on SEARCH . The logout.session.redirect.url key is listed.
5. In the Value column, click on the value of the key. The Registry database Edit a value wizard
opens.
829
Managing Users
6. In the Value field, time in the URL of your choice following the format http://<website-of-your-
choice>.
7. Click on OK to commit your change. The report opens and closes. The new value is visible
in the list and now all users are automatically redirected to the website specified as value
once they log out.
To disable a user
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. Tick the user(s) you intend to disable.
4. In the menu, select Edit > Status > Disable. The Disable wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The user(s) is marked
Disabled in the Status column.
To enable a user
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. Tick the user(s) you intend to disable.
4. In the menu, select Edit > Status > Enable. The Enable wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The user(s) is marked OK
in the Status column.
Deleting Users
Deleting local users prevents them from connecting to SOLIDserver. As for users connecting
remotely, AD users for instance, deleting users will not prevent them from connecting to the ap-
pliance, once the rule is enabled, users are created locally upon connection and placed in an
existing group of users if it name matches th name of the group they belong to in the Active Dir-
ectory.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
830
Managing Users
5. Click on OK to commit the user deletion. The report opens and closes. The user(s) is no
longer listed.
831
Chapter 79. Managing Authentication
Rules
The authentication rules page is dedicated to adding and managing users authentication rules.
Once added, these rules provide secure remote authentication of users. In reality, these rules
will also be created on the Rules page of the Administration page.
SOLIDserver comes with a subsystem that manages remote authentications to securely log in
to the GUI. The appliance supports three methods of remote authentication:
Once you added the rules that suit your needs, the remote authentication is enabled: SOLIDserver
can retrieve user credentials stored on Microsoft Active Directory, LDAP and Radius. You can
use any combination of these authentication methods to manage users connections. If the sev-
eral remote authentications are configured, SOLIDserver will challenge all remote authentications
when a user connects with a login and a password: the first authentication rule will be used to
authenticate the user. If the authentication fails, SOLIDserver tries the next authentication rule.
Each configured authentication rule is tried and used, whether it relies on AD, LDAP or Radius,
until it is successful or all rules fail. If all rules fail, then SOLIDserver denies access to the GUI.
If the authentication succeeds, SOLIDserver defines the rights of the users based on the group
the user belongs to in the remote directory. It tries to match the local appliance database group
names to any groups received from the remote directory. If matching group names are found,
SOLIDserver applies the privileges of all matching group to the user and allows their rights. If no
default group matches, SOLIDserver denies the connection.
You can add remote authentication rules, delete, disable or enable them again. The Authentication
rules only displays the Active Directory, LDAP and Radius dedicated authentication rules once
added. These rules are actually added to the Rules page that gathers all SOLIDserver rules.
After adding the rules you will be able to edit their configuration from the Authentication rules
page, however to disable/enable the authentication rules or delete them you will need to go the
Rules page.
Here below, you can see the link to browse the authentication rules database:
832
Managing Authentication Rules
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. At the end of the line of the rule of your choice, click on . The rule properties page opens.
Keep in mind that thanks to this systematic check of all the remote authentication possible con-
figurations, you can add as many rules as you want. They will be all checked against the user
credentials. This will allow you to set different configuration for LDAP, RADIUS or AD authentic-
ation of the remote users.
In order to use the AD authentication successfully the following prerequisites must met:
1. At least one group exists both on the AD server and in SOLIDserver database. They must
have exactly the same name and this name is case sensitive: so the name of the group in
SOLIDserver must respect the AD group name.
2. The user you will use for testing the authentication has to be part of the group mentioned
above.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
833
Managing Authentication Rules
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:
11. Configure the advanced AD authentication parameters following the steps below:
834
Managing Authentication Rules
Fields Description
Use secure LDAP Tick this box to use secure LDAP during the authentication chal-
lenge. SOLIDserver will use LDAP and SSL to connect to the AD
server.
If you select Yes, the Expert mode box appears. You can tick it to configure specific syn-
chronization parameters. These parameters are described in the table below.
14. Click on OK to commit your configuration. The report opens and closes. The rule is listed.
In the Instance column, the Rule name you chose is displayed.
Once the rule is added, AD users can connect to SOLIDserver. This connection automatically
creates the user and puts in the corresponding group if you chose to synchronize the groups.
If some users connections fail, here below are some useful guidelines to follow.
835
Managing Authentication Rules
1. Log out of the system then try to logging in again. It should work, if not:
2. Check the Syslog page and look for any AD related information. Most of the time, the
problem is coming from:
a. The AD connection is not possible: you will see messages telling you the ldap_bind
was not possible.
b. The AD user credentials are not recognized as a member of any group SOLIDserver
knows.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:
836
Managing Authentication Rules
Fields Description
Group attribute In the field, type in the name of the attribute in LDAP that matches
one or several groups in SOLIDserver. The names must be
separated by a comma. This fields is optional.
LDAP admin group name In the field, type in the name of the LDAP administrating group.
This fields is optional.
Login In the field, type in the login of an account that has sufficient
privileges to retrieve user attributes during the authentication. If
your LDAP standard users cannot browse their attributes, they
will not be able to connect to SOLIDserver on their own. This
fields is optional.
Password In the field, type in the password of the account specified in the
Login field above. This fields is optional.
a
Use LDAP v3 Tick the box to use LDAP in version 3 . This fields is optional.
Use secure LDAP Tick this box to use secure LDAP during the authentication
challenge. SOLIDserver will use LDAP and SSL to connect to
the LDAP directory.
a
Not ticking this box means using LDAP in version 2.
11. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.
In the Instance column, the Rule name you chose is displayed.
Note that if the user is not granted access to Radius cannot access SOLIDserver either.
Once the server has accepted Radius users, it sends the name of the group of administrators
the user belongs to. Thanks to that piece of information SOLIDserver will allocate these users
the corresponding administrators rights. The group name sent by Radius has to be exactly the
same than the one configured in SOLIDserver, note that the case has to be identical and that
accents are taken into account as well. Radius return value can hold multiple values, i.e. several
groups, separated by a comma.
By default, Radius is not enabled on SOLIDserver, you have to add a rule to use it (see procedure
below). During the rule addition, a number configuration parameters will be required including a
number of IP addresses. They correspond to the appliances (or radius clients) that will connect
through the Radius server.
837
Managing Authentication Rules
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:
838
Managing Authentication Rules
11. Click on OK to commit the addition. The report opens and closes. The rule is now listed. In
the Instance column, the Rule name you chose is displayed.
For more details regarding the configuration of FreeRadius and the Cisco Radius, refer to the
corresponding sections of the Configuring Radius appendix.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Filter the list if need be.
5. Put your over the Name or the Instance of the rule you want to edit. The infobar appears,
click on . The Edit a rule wizard opens.
6. Edit the Rule name, Comment fields and any other fields and configurations according to
your needs. For more details, refer to each authentication rule addition procedure in the
Adding Authentication Rules section above.
7. Click on OK to commit your configuration. The report opens and closes. The rule is listed.
In the Instance column, the Rule name you chose is displayed.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Disable. The Disable wizard opens.
6. Click on OK to commit your changes. The report opens and closes. The rule is listed and
marked Disabled in the Status column.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
839
Managing Authentication Rules
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OKto commit your changes. The report opens and closes. The rule is listed and
marked OK in the Status column.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit your deletion. The report opens and closes. The rule is no longer listed.
840
Part XIII. Administration
Table of Contents
80. High Availability Management ................................................................................... 845
Introduction ........................................................................................................... 845
Definition ...................................................................................................... 845
HA Management Concepts ............................................................................ 845
The All SOLIDserver Page ............................................................................. 847
Configuring SOLIDserver for HA Management ........................................................ 849
Configuring your Master Appliance Locally ...................................................... 849
Adding an Appliance to the All SOLIDserver List ............................................. 850
Configuring HA Management ......................................................................... 850
Upgrading Appliances in High Availability ................................................................ 852
Automatically Upgrading both Appliances ....................................................... 852
Upgrading One Appliance at a Time ............................................................... 853
Switching the HA Configuration .............................................................................. 854
Monitoring the HA Logs ......................................................................................... 855
Disabling the HA Configuration ............................................................................... 855
Disabling HA by Modifying the Appliances Role ............................................... 855
Disabling HA by Deleting an Appliance from the All SOLIDserver List ............... 856
High Availability Advanced Options and Troubleshooting Solutions ........................... 857
If the Network is Unreliable ............................................................................ 857
In the Event of a Network Disruption ............................................................... 859
In the Event of a Split-brain ............................................................................ 860
If an Appliance Needs to be Replaced ............................................................ 861
High Availability Limitations .................................................................................... 862
81. Remote Management of Other Appliances ................................................................ 863
Introduction ........................................................................................................... 863
Configuring SOLIDserver to Remotely Manage Other Appliances ............................. 863
Configuring the Management Appliance ......................................................... 863
Configuring the Remote Management ............................................................ 864
Managing Other Appliances Remotely .................................................................... 864
Managing Remote Appliances Network Configuration ...................................... 865
Managing Remote Appliances Services Configuration ..................................... 865
Upgrading Remote Appliances through the All SOLIDserver list ....................... 865
Removing Remote Appliances from the All SOLIDserver list ............................ 866
Remote Management Advanced Options ................................................................ 866
If an Appliance Needs to be Replaced ............................................................ 866
82. Monitoring Tools ....................................................................................................... 867
Logs ..................................................................................................................... 867
Logs Visualization ......................................................................................... 867
Configuration of Network Logs ....................................................................... 868
Statistics ............................................................................................................... 869
Session Tracking ................................................................................................... 870
Last User Connected ..................................................................................... 870
All Users Connections ................................................................................... 871
User Tracking ........................................................................................................ 871
Tracking Users Through the Filters ................................................................. 871
Tracking Users Through the Columns ............................................................. 872
Allowing Users to Display All the Operations Performed ................................... 873
Using the Extended User Tracking Display ...................................................... 874
Netstat .................................................................................................................. 875
Database Tables Size ............................................................................................ 875
Vacuum The Database .................................................................................. 876
842
Administration
843
Administration
844
Chapter 80. High Availability
Management
Introduction
High availability (HA) is a system network design that ensures that your network continues to
work even if one or more of its components fail. This architecture provides integrated disaster
recovery management features for transparent and efficient service continuity. It also prevents
you from losing any data if anything were to happen to your managing platform.
Note
The HA management can only be configured from and with appliances using an IPv4
address.
Definition
With SOLIDserver, high availability implies that you connect together two appliances in a unique
management topology in which you set up one appliance as a Master and the other one as a
Hot Standby appliance, basically a read-only backup server that replicates the content of the
Master's database.
Hot Standby
Master
The HA has to be configured and managed from the SOLIDserver centralized management page
of the administration tab and lists all the SOLIDserver appliances used on the network. This list
can help you know with certainty what is on your network at all times of even help you remotely
manage other appliances. For more details, see the chapter Remote Management of Other Ap-
pliances.
HA Management Concepts
The new HA architecture in SOLIDserver comes with three role-related key concepts. The appli-
ance can now be a Standalone, a Master or a Hot Standby. The Standalone is the default role.
Once you configured the local appliance IP address it is set as a Standalone that is configured
to run on its own and has no backup. However it can become a Master or a Hot Standby when
configured for HA.
The Master and Hot Standby appliances work together to make sure that if the Master
crashes or encounters any problem, the Hot Standby can replace it immediately. The Hot
Standby would then become a Master and vice versa. Which is why the Hot Standby must replicate
the Master database as often as possible. If the Hot Standby has not replicated the Master
database in the last 60 seconds, it will check the Master status three times in a row, every 4
seconds. If there is no response (timeout, etc), the Hot Standby switches to Master.
845
High Availability Management
Figure 80.2. If the Replication Stops the Hot Standby Becomes the Master
To set up an efficient HA configuration, both appliances should be set at the same time
to ensure there is no shortage of data in the Hot Standby appliance in case it needs to become
a Master. We strongly recommend that you configure their time and date through the NTP server.
See chapter Services configuration for more details.
Keep in mind that as the Hot Standby is a replication of the Master appliance database, you
cannot modify its database. However, a few actions can be undergone from the Hot Standby
and/or the Master:
• The All SOLIDserver page of the Hot Standby appliance allows to switch the Master and Hot
Standby appliances roles. See section Switching the configuration for more details.
• The All SOLIDserver page contains an option that breaks up the high availability between the
two appliances: if you switch an appliance to Standalone, you erase its database entirely
whether it is a Master or a Hot Standby. See section Disabling the HA configuration for more
details.
• The Network configuration page is independent from the database and can therefore be con-
figured differently on the Master and Hot Standby appliances. See chapters Remote Manage-
ment of other Appliances and Network Configuration for more details.
• The System configuration page is independent from the database and can therefore be con-
figured differently on the Master and Hot Standby appliances. See chapters Remote Manage-
ment of other Appliances and Services Configuration for more details.
846
High Availability Management
Warning
Even though you can save a backup of any appliance while it is configured in high
availability, you cannot restore a backup of an appliance in high availability. You
need to disable the high availability, restore the backup and then configure the
high availability again.
847
High Availability Management
Columns Description
• Hot Standby: an appliance replicating the content of the Master
appliance database it is associated with. It has the same HA
UID as its master.
• Hot Standby (init): a Hot Standby appliance is being enrolled
again with the same Master in case of replication failure.
• Standalone: an appliance configured and running on its own,
with no HA configuration.
• Standalone (hot standby init): an appliance becoming the Hot
Standby of a Master appliance. It will not be accessible for a
few minutes, until the replication of the entire database is
complete. During this time, the Hot Standby database will be
erased and replaced with the replication of the Master appliance
database.
• Master (recovered): A Hot Standby appliance set as a Master
will be marked as such during the role switch, it is immediately
operational.
HA UID This column displays the key that identifies the machine when HA
is configured.
Last write period This column displays the last time the Hot Standby replicated the
Master database.
Time drift This column displays the difference in seconds between the
Master NTP and the Hot Standby NTP. It is important that the
difference is minimal, if the difference is greater than a minute (60
[seconds] in the column), it could have consequences on the
DHCP failover replication.
Replication offset This column displays the difference in kilobytes between the
Master database and the Hot Standby database. As the replication
is almost in real time, the difference should be minimal. A great
value in this column could indicate a network disruption. If the
Replication offset in Unknown, the remote SOLIDserver is in
Timeout.
Status This columns indicates if the appliance is running properly. You
will find the following statuses:
848
High Availability Management
Columns Description
• Managed (remote): this status is displayed when an appliance
is being managed remotely, i.e. listed on another appliance All
SOLIDserver page.
• Timeout: this status is displayed when the appliance is not re-
sponding.
• Split-brain: this status is displayed when two appliances are in
Restricted mode due to a split-brain. For more details refer to
the In the Event of a Split-brain section.
In addition to these 13 columns, if you were to modify the display of the columns listed on the All
SOLIDserver page, you will find 3 others columns:
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens. In the Local column, your appliance is marked Yes; in the
Status column, it is marked as Not configured. It does not have an IP address yet.
3. In the menu, select Tools > Configure local SOLIDserver. The Configure local SOLIDserver
wizard opens.
4. In the SOLIDserver IP address drop-down list, select the IP address of the appliance.
849
High Availability Management
5. Click on OK to commit the configuration. The report opens and closes. The All SOLIDserver
page opens again. The local appliance details are now completed with the Name (the host-
name), serial number, version, IP address, Role (Standalone) and Status (OK).
You can add as many appliances as you need on the All SOLIDserver page, only two of them
will be configurable in HA, the rest of them will be listed for remote management purposes. Once
you added all the appliances you need, they are listed in the Services and Network configuration
SOLIDserver drop-down list to ease the remote management from the Master appliance. For
more details regarding remote management of other appliances, refer to the Remote Management
chapter. Otherwise, the list can simply provide an overview of all the SOLIDserver appliances
used on your network (their name, type, status, etc.).
Note
You can display as many remote appliances as you want on the All SOLIDserver
page, however you can only display one HA configuration. You cannot display
several high availability configuration pairs on the All SOLIDserver page.
Configuring HA Management
The HA configuration is quite simple, it has to be undergone from the future Master appliance,
you cannot configure HA management from the Hot Standby appliance. Once you configured
the local SOLIDserver and added the Hot Standby appliance to the Master appliance All
SOLIDserver list, you can configure the HA settings.
Keep in mind that for the configuration to be viable and effective, the two appliances must:
850
High Availability Management
That way, in the event of a switch, the former Hot Standby has retrieved all the database inform-
ation and can actually provide the same performance and efficiency as the original Master.
After the HA configuration, the content of the All SOLIDserver page columns will be modified.
Note that the Hot Standby appliance will replicate the content of the Master appliance database,
that is to say provide an efficient backup that will become the Master if anything were to happen
to the current Master appliance. From this point on you will need to take special attention to the
Time drift and Replication offset columns in the Master All SOLIDserver list, to make sure that
the Hot Standby appliance properly replicates the database. The Master appliance information
stays the same and is also listed on the local Hot Standby appliance All SOLIDserver page.
The Hot Standby appliance is now in read-only mode. Every modification made on the Master
appliance will be copied in the Hot Standby database almost in real-time. You will therefore not
be able to modify the remote appliance data, to the exception of the Master/Hot Standby config-
uration that you will be able to switch in the All SOLIDserver list. See part Switching the configur-
ation for more details.
Tip
If at some point the replication stops, you can enroll again the Hot Standby appliance.
Simply follow the To configure high availability between two appliances procedure.
Layer 2 configuration
If the appliances are configured on layer 2, they belong to the same LAN. Therefore you can
set up a VIP interface that would allow you to access the current Master appliance of the
851
High Availability Management
configuration through the IP address you set (the original master if it is acting as a master,
or the Hot Standby if the configuration was switched). For more details, refer the Network
Configuration chapter, in the section Configuring a VIP Interface.
Layer 3 configuration
If the appliances are configured on layer 3, they do not belong to the same LAN. The HA is
still configurable and running perfectly through the routers that connect them but it is impossible
to set a VIP to access the Master appliance.
For more details, regarding the customization of the communication between the Master and the
Hot Standby, please refer to the High Availability Advanced Options and troubleshooting Solutions
section.
You can still first upgrade the Hot Standby and then the Master if you want to.
As the upgrade requires to stop and restart an appliance that would imply switching the appli-
ances role, if the Hot Standby is upgrade first, the Master appliance database is still available
and no switch is required.
2. the Master appliance is upgraded once the Hot Standby upgrade is complete.
Once the Hot Standby is upgraded, the Master appliance can be stopped and restarted and
no switch is performed.
The upgrade process of appliances in HA always follows this order because upgrading an appli-
ance stops and restarts it. This ensures that the appliances do not switch roles and that the
database is available even during the upgrade.
Therefore, from the Master appliance you can safely upgrade both appliances as detailed in the
procedure below.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
4. Click on BROWSE to select the file containing the SOLIDserver image in the version of your
choice.
852
High Availability Management
1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
Before stopping the Master appliance, the Hot Standby is stopped, upgraded and restarted.
3. The Master is upgraded once the Hot Standby upgrade is complete. The last step of the
Master upgrade is Upgrade finished. Rebooting SOLIDserver.
7. Click on CLOSE to go back to the Administration homepage. The appliance reboots. Once
done, you can access it again.
The Master appliance keeps its Master role unless you or your administrator changed the advanced
configuration registry database entries and set a quicker response time. For more details, refer
to the advanced options section If the Network is Unreliable below.
The Hot standby must be upgraded first to make sure the Master database is available.
2. locally upgrade the Master appliance.
Once the Hot Standby appliance upgrade is complete, you can upgrade the Master. This
avoids a switch end ensures the database is available.
a. Using the browser of your choice, type in the IP address of your Hot Standby appliance
in the address bar to access it.
b. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
c. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
d. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
e. Click on BROWSE to select the file containing the SOLIDserver image in the version of
your choice.
f. in the File name field, the file is displayed once retrieved.
g. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a
progression bar that informs you of the tasks being performed. The last step is Upgrade
finished. Rebooting SOLIDserver.
1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
The last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.
853
High Availability Management
a. Using the browser of your choice, type in the IP address of your Master appliance in
the address bar to access it.
b. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
c. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
d. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
e. Click on BROWSE to select the file containing the SOLIDserver image in the version of
your choice.
f. in the File name field, the file is displayed once retrieved.
g. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a
progression bar that informs you of the tasks being performed. The last step is Upgrade
finished. Rebooting SOLIDserver.
1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
The last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.
1. Using the browser of your choice, type in the IP address of your Hot Standby appliance in
the address bar to access it.
2. Type in the login and password and click on
OK to enter. The message This SOLIDserver
is a Hot Standby: Database is in READ-ONLY mode is present on every page.
3. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
4. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
5. In the menu, select Tools > Manually switch local SOLIDserver to master. The report opens.
854
High Availability Management
6. Click on CLOSE to commit the modification. The All SOLIDserver list opens again.
7. Click on the SEARCH button to refresh the page. The former Hot Standby appliance Role is
marked Master (recovered). The former Master appliance is marked Master (Hot Standby
init). Refer to the table in the section Configuring HA Management for more details. The Hot
Standby appliance is unavailable for a few instants, the time it takes to replicate the Master
database.
Note
If you upgrade the Master appliance, the HA configuration would automatically switch
the two appliances role and make the Hot Standby the Master so that the database
is available at all times even during the upgrade. You will then have to switch back
the configuration manually.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
4. In the SOLIDserver drop-down list, select the appliance for which you want to display the
HA related logs.
5. In the Services, select impserver.
6. Filter the list using the Log column. You can:
The list is filtered. All the HA related logs respect the format HA <event>.
855
High Availability Management
Note
It is impossible to switch a Master appliance to Standalone if it is configured
with a Hot Standby.You need to switch the Hot Standby to Standalone first or delete
it from the All SOLIDserver list before going further. For more details, see the section
Disabling HA by Deleting an Appliance from the All SOLIDserver list.
Keep in mind that this modification has to be done locally. If you want an appliance to become
a Standalone, you have to make the modification from the All SOLIDserver list connecting to the
appliance through the browser of your choice using its IP address.
Note
Deleting a Hot Standby appliance from the All SOLIDserver page will change the HA
UID of the Master appliance.
856
High Availability Management
1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the Hot Standby appliance.
4. In the menu, select Edit > Delete. The Delete wizard opens and displays a warning message.
5. Click on OK to commit the deletion. The report opens and works for a while, saving a backup
of the database before deleting the content of the Hot Standby, and finally closes. The Hot
Standby is not listed anymore, it will not be accessible for a few minutes and will basically
be reset. The former Master appliance keeps its Master role.
This operation can take some time as the Hot Standby will wipe out the database content when
you revoke its role in the HA configuration and delete it from the list. The former Master appliance
keeps its Master role as well as its HA UID for two reasons:
1. to prevent any other appliance from managing it as it would delete its database;
2. because the HA UID will be used again during the next HA configuration with this appliance
as a Master.
If you access the former Hot Standby appliance, you will see the following changes:
857
High Availability Management
Besides, there are some keys in SOLIDserver registry database that you can modify to have a
better control over the HA appliances switch. By default, if the Hot Standby has not replicated
the Master database in the last 60 seconds and the Master is not responding, it automatically
switches to Master. You can control the automatic switch parameters if and only if the Master is
not responding.
These advanced configurations of the replication are all the more useful if your network is unreli-
able: it will avoid flapping and ensure that the switch occurs only if the there is a problem on the
Master side.
• A key allows to control the maximum time a switch should take whether you are enrolling
an appliance or switching roles.
You can set the value of this key between -1 and 2^31. Setting it to 0 or -1 will prevent the
automatic switch.
• A key allows to control the number of retries before automatically switching the appliances
role.
Note
The retries check frequency is defined by the module.sys-
tem.hot_standby_switch_sleep key. By default, it is set to 4 seconds: if the Hot
Standby does not get an answer from the Master, it will try every 4 seconds n times
(depending on the number of retries you set). The use of this key is now deprec-
ated. We strongly recommend that you configure the module.sys-
tem.hot_standby_replication_lag instead.
• A key allows to control the lack of database replication period before automatically
switching the appliances role..
So if you want to prevent the automatic switch, you should set very high replication lag value and
a very low automatic switch value (time_skew) for instance -1 or 0. If a high replication lag is not
enough, you can always set a higher retry value but keep in mind that a large number of retries
might overload the network.
858
High Availability Management
To add the registry key that controls the switch based on time drift
To add the registry key that controls the switch based on data replication
859
High Availability Management
To prevent any lose of data, if you plan on disrupting the network, we suggest that you disable
the HA following the procedure in the section Disabling HA by Deleting an Appliance from the
All SOLIDserver list. When the network is back on, you simply need to configure the HA again.
To help you in the prevention of the Split-brain, SOLIDserver follows a simple set of checks, when
the two appliances communicate once again, to detect it right away:
1. SOLIDserver starts up in restricted mode and will run in normal mode if and only if no HA
conflicts were detected.
2. SOLIDserver checks if both appliances share the same version. If not, a message will be dis-
played under the menu on every page of the appliance with the latest version.
3. SOLIDserver checks if both appliances share the same role.
If it turns out that both appliances are Master, there is set of resolutions that SOLIDserver will try
and execute on its own to avoid staying in restricted mode.
Automated Detection
In HA, the moment one Master realizes that the other appliance is also a Master, SOLIDserver
will have the following options to avoid a case of split-brain:
In this case, the last appliance that switched to Master remains Master and enrolls the other
appliance in Hot Standby.
2. One appliance has been edited since the last synchronization
In this case, the last appliance that was modified becomes Master and enrolls the other appli-
ance in Hot Standby.
3. Both appliances have been edited since the last synchronization
In this case, SOLIDserver puts them in Restricted mode with the status Split-brain and the
split-brain red message displayed right under the menu on every page of both appliances. To
configure the HA again, you will have to execute a Manual resolution as detailed in the section
below.
Manual Resolution
The manual resolution is only needed when the appliances in HA are in a case of split-brain that
puts them in Restricted mode. This mode implies two behaviors:
860
High Availability Management
• The synchronization between the appliances stops, so basically it is like having two Standalone
SOLIDserver appliances that have the same HA UID.
• Through the GUI, you can still edit the database from both appliances but no changes will ac-
tually be pushed on the physical server(s).
1. Disable the High Availability configuration as described in the procedure in the section Disabling
HA by Modifying the Appliances Role.
2. Force the configuration and choose which appliance becomes the Master as described in the
procedure in the section Switching the HA Configuration.
Note
To prevent any loss of data, the appliance in Hot Standby is the one that will be re-
placed.
There are two scenarios possible: you replace one appliance for which you have a backup or
you replace one appliance and no backup is available.
If you generated a backup of the appliance you need to replace, you must follow the steps below.
1. Put the appliance that needs to be replaced in Hot Standby role, if is currently the Master.
For more details, refer to the procedure in the section Switching the HA Configuration.
2. Disable the High Availability configuration by deleting the Hot Standby from the All
SOLIDserver list. For more details, refer to the procedure in the section Disabling HA by
Deleting an Appliance from the All SOLIDserver list.
3. Restore the backup of the future Hot standby appliance. For more details, refer to the
procedure To restore a backup configuration in the Restoring a configuration section.
4. On the future Hot standby appliance, go the All SOLIDserver page and delete all the
remote appliances if there is any. For more details, refer to the procedure To remove an
appliance from the all SOLIDserver list in the Removing Appliances section of this guide.
5. Add the new appliance to the All SOLIDserver list of the Master appliance and enroll it:
• First, you need to add the new appliance to the Master appliance All SOLIDserver list. For
more details, refer to the procedure in the section Adding an Appliance to the All SOLIDserver
List.
• Second, you need to enroll the new appliance as Hot Standby. For more details, refer to
the procedure To configure high availability between two appliances in the section Configuring
HA Management.
6. Manually switch the configuration if the new appliance is supposed to be the Master in
the configuration. For more details, refer to the procedure in the section Switching the HA
Configuration.
861
High Availability Management
The replacement of appliance in HA with no backup must follow the steps below:
1. Put the appliance that needs to be replaced in Hot Standby role, if is currently the Master.
For more details, refer to the procedure in the section Switching the HA Configuration.
2. Disable the High Availability configuration by deleting the Hot Standby from the All
SOLIDserver list. For more details, refer to the procedure in the section Disabling HA by
Deleting an Appliance from the All SOLIDserver list.
3. Set the network and services configuration of the future Hot Standby appliance according
to your needs. For more details, refer to the sections Network configuration and Service
Configuration of this guide.
We strongly recommend that you use an NTP server to set both appliances at the time.
4. Add the new appliance to the All SOLIDserver list of the Master appliance and enroll it:
• First, you need to add the new appliance to the Master appliance All SOLIDserver list. For
more details, refer to the procedure in the section Adding an Appliance to the All SOLIDserver
List.
• Second, you need to enroll the new appliance as Hot Standby. For more details, refer to
the procedure To configure high availability between two appliances in the section Configuring
HA Management.
5. Manually switch the configuration if the new appliance is supposed to be the Master in
the configuration. For more details, refer to the procedure in the section Switching the HA
Configuration.
862
Chapter 81. Remote Management of
Other Appliances
Introduction
With a SOLIDserver appliance you can manage other SOLIDserver appliances remotely. The
configuration offers many advantages when it comes to dealing with a large number of appliances.
For instance, you can enable or disable DNS or DHCP servers on other appliances.
Thanks to the all SOLIDserver list, you have the possibility to configure high availability of an
appliance (see part High Availability Management above for more details) or manage other appli-
ances remotely. From one SOLIDserver, you can add other appliances and manage them from
that list.
The remote management includes the management of all the options available on the Network
configuration and Services configuration pages, that is to say all the services or network specificit-
ies of the appliances added via the All SOLIDserver list.
Note
The remote management of other appliances can only be configured from and with
appliances using an IPv4 address.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens. Your appliance is listed and marked Yes in the Local column.
It does not have an IP address.
3. In the menu, select Tools > Configure local SOLIDserver. The Configure local SOLIDserver
wizard opens.
4. In the SOLIDserver IP address drop-down list, select the IP address of the appliance you
are currently configuring.
5. Click on OK to commit the configuration. The report opens and closes. The All SOLIDserver
page opens again. The local appliance details are now completed with the Name (the host-
name), serial number, version, IP address, Role (Standalone) and Status (OK).
863
Remote Management of Other Appli-
ances
From then on you simply need to add other appliances and remotely manage them from the All
SOLIDserver list and the Network configuration and Services configuration pages.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. In the menu, select Add > Remote SOLIDserver. The Add/modify remote SOLIDserver
wizard opens.
4. In the SOLIDserver IP address field, fill in the IP address of the appliance you want to add
to the list.
5. In the 'admin' user password field, type in the default SSH password (admin) if it is not
already filled in.
6. Click on OK to commit the addition. The new appliance is listed and marked Standalone in
the Role column and Remote (managed) in the Status column.
You can add as many appliances as you need. Once you added them, they are listed in the All
SOLIDserver page as well as in the Services and Network configuration drop-down list to ease
the remote management of both lists from the central management appliance.
Note
If you were to locally access the All SOLIDserver page of an appliance managed
remotely, the status of the local appliance would not be OK but Invalid credentials.
Theses credentials refer to the 'admin' user password of the managing appliance.
As it remotely manages, i.e. takes over the control, of the appliance with a single
administrative password. If you configure again the remote appliance locally, the In-
valid credentials status will appear in the All SOLIDserver page of the managing
appliance: the last appliance that modifies a service or the list takes over the control.
Note
You can remotely modify all the services to the exception of one: the source email
address of the alert. The noreply@efficientip.com address that sends you the alert
notifications has to be modified locally.
864
Remote Management of Other Appli-
ances
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Network icon. The Network configuration page opens.
3. In the SOLIDserver drop-down list located under the menu, select one of your remote appli-
ances. The page refreshes.
4. Click on any of the listed settings to modify the network configuration. See the Network
configuration chapter for more details regarding these settings.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Services icon. The Services configuration page opens.
3. In the SOLIDserver drop-down list located under the menu, select one of your remote appli-
ances. The page refreshes.
4. Click on any of the listed servers to modify their service configuration. See the Service con-
figuration chapter for more details regarding these settings.
1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the appliance(s) you want to upgrade.
4. In the menu, select Edit > Upgrade remote SOLIDserver. The Upgrade selected remote
appliances wizard opens.
5. Click on OK to commit the upgrade. The report opens and works for a while, upgrading the
appliance(s) version to match the managing appliance's version, and finally closes. The ap-
pliance(s) are not accessible for a few minutes.
865
Remote Management of Other Appli-
ances
1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the appliance you want to stop managing and delete from the list. You can tick as many
as needed.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The appliance is not listed
anymore.
1. Remove the appliance from the ALL SOLIDserver list of the managing appliance
For more details, refer to the procedure in the section Removing Appliances.
2. Add the new appliance to the All SOLIDserver list of the managing appliance
• First, you need to configure locally the new appliance. For more details, refer to the procedure
in the section Configuring your Local Server.
• Second, you need to add the new appliance to the managing appliance All SOLIDserver
list. For more details, refer to the procedure in the section Configuring the Remote Manage-
ment.
866
Chapter 82. Monitoring Tools
SOLIDserver provides a set of pages in the Administration module dedicated to monitoring the
operations performed at different levels.
Logs
The Administration allows to monitor and manage logs from two different pages.
Logs Visualization
In the Administration module you will find the Syslog page that provides a list of the logs of all
the services embedded into SOLIDserver.You can locate a specific action using the filters located
under the menu. This page provides the list of the logs separated per services. You can display
logs from the DHCP module, the DNS module, the internal transactional engine and all the other
logs separately.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Logs visualization button. The Syslog page opens.
4. Under the menu, you will find two drop-down list filters and a checkbox:
867
Monitoring Tools
At any time, you can change the Automatic refresh frequency through the registry database.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name filter, type in the syslog.refresh. The list is filtered and the registry key
www.system.syslog.refresh is listed.
4. In the Value column of that key, click on the value listed. The default value is 10. The Registry
database Edit a value wizard opens.
5. In the Value field, replace the current value with the value of your choice (in seconds).
6. Click on OK to commit your modification. The report opens and closes. The list is visible
again and now the automatic refresh will happen at the frequency you just configured.
868
Monitoring Tools
Selecting a log level automatically includes logs with a higher severity (i.e. with a smaller code
number). For instance, if you select Warning, the logs from levels 4 to 0 will be redirected; leaving
aside the Debug, Information and Notice logs.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Configuration of Network Logs. The Configuration of
Network Logs page opens.
3. In the menu, select Add > Syslog configuration. The Syslog configuration wizard opens.
4. In the Services drop-down list, select the service (ipmserver, named or dhcpd) for which you
want to redirect the logs.
5. In the Priority drop-down list, set the redirection threshold through the logs severity levels.
For instance, if you select Warning, the logs from levels 4 to 0 will be redirected; leaving
aside the Debug, Informational and Notice logs.
6. In the Type drop down-list, the Network value is selected by default.
7. In the Target server field, type in the IP address and port (e.g. 10.0.0.45:4432) of the Syslog
server you want the logs to be redirected to.
8. Click onOK to commit your logs redirection. The report opens and closes. The Configuration
of Network Logs page is visible again and displays the list of logs redirections.
Statistics
SOLIDserver provides a powerful tool to visualise each service and SOLIDserver's state in a
simple windows. Thanks to this tool, user can be informed about traffic from embedded services
and visualise them easily with explicits charts. The system stores data during a year.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Statistics icon. The Statistics page opens.
The Statistics page displays all the charts available within SOLIDserver.To understand the purpose
of each chart, please refer to the table below:
869
Monitoring Tools
Keep in mind that every chart is a gadget in essence and can be displayed on any dashboard.
For more details, see the chapter Dashboards and gadgets of this guide. In addition, you can
export all these charts. For more details, refer to the chapter Managing Reports.
Session Tracking
The session tracking page allows to display the list of the users currently connected to SOLID-
server. The user connection is checked every 300 seconds.
870
Monitoring Tools
3. In the Monitoring section, click on the Session tracking icon. The Session tracking page
opens.
4. You can filter columns in order to display more specific information if needed.
User Tracking
The User tracking provides a list of all the operations carried out by every user. It allows to track
operations from what was performed to who performed it through:
• two filters that help narrow down the search for operations:
• Rule filter allows to include or exclude the operations carried out by rules
• Services filter allows to search specific operations related to DHCP, IPAM, DNS, Rule,
Group, User, System or Class.
• four columns that help look for specific operations:
• Date to look for operations using their date and time.
• Service to look for operations: an object addition, edition, deletion, etc.
• User to look for the login of the user who performed the operation.
• Description to look for an operation details. For instance, if you edited a subnet name, this
column includes the subnet start and end IP address, its former and new name and all its
containers up the space level.
There are therefore two search methods: through the filters or through the columns. You can
obviously combine them/
In addition, keep in mind that you can grant full access to your groups of users. For more details,
refer to the section Allowing Users to Display All the Operations Performed.
Finally, with version 5.0.3, a new registry database entry provides an Extended User Tracking
version of the page that includes in the Description columns the objects class parameters name
and value. For more details, refer to the section Using the Extended User Tracking Display.
871
Monitoring Tools
Rule Filter
You can carry out searches through the rules. You can either include them to or remove them
from the search result or even only the rule related operations according to your needs.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on User tracking. The User tracking page opens.
3. Under the menu, in the Rule filters drop-down list select the filter that suits your needs:
• No rules: the result excludes the executed rules. This filter is selected by default.
• All: the result includes the rules related operations.
• Only rules: the result includes only the rules related operations.
Once you used this filter, you can use the Service filter to narrow down you search or sort and
filter the columns directly.
Services Filter
You can carry out searches regarding specific services in addition to the Rule filter or separately.
Select the service you want to display in the Services drop-down list and click on SEARCH .
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on User tracking. The User tracking page opens.
3. Under the menu, in the Services drop-down list select the service of your choice. For more
details, refer to the appendix User Tracking Services Filter.
4. Click on SEARCH to execute the search.
The User column provides a search engine and filter constructor to find users.
1. Go to the Administration tab homepage. In the Monitoring section, click on User tracking.
The User tracking page opens.
2. In the User column search engine, type in the name of the user(s) you want to track. You
can also double-click in the field to open the filter constructor and set a filter for several users
at once.
3. Click on SEARCH to display the corresponding user(s).
872
Monitoring Tools
The Date column provides a search engine and filter constructor to find specific dates and periods
of time.
1. Go to the Administration tab homepage. In the Monitoring section, click on User tracking.
The User tracking page opens.
2. In the Date column search engine, type in the date or period of time that suites your need.
For more details regarding the possible combinations in this field, refer to the table Available
Commands on Date Related Columns.
3. Click on SEARCH to display the corresponding user(s).
The Description column provides a search engine that allows you to type in any data. If the said
piece of information has been added, edited or deleted, the filter returns the matching results.
For instance, you can look for a specific IP address as detailed in the procedure below.
1. Go to the Administration tab. In the Monitoring section, click on User tracking. The User
tracking page opens.
2. In the Description column filtering field, type in the IP address needed.
3. Click on SEARCH to execute the search.
The Service column provides a search engine that allows you to type in any service name if you
do not want to use the Services drop-down list filter.
1. Go to the Administration tab. In the Monitoring section, click on User tracking. The User
tracking page opens.
2. In the Service column filtering field, type in the service of your choice.
3. Click on SEARCH to execute the search.
If you want a user to see the changes performed by all the users, including ipmadmin, you can
grant their group of users the permission User Tracking Display: changes from all the users.
To grant access to all the changes performed on the appliance to a group of users
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
873
Monitoring Tools
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
4. In the breadcrumb, click on Groups. The Groups page opens.
5. At the end of the line of the group of your choice, click on . The properties page opens.
6. In the Administration panel of your choice, click on EDIT . The Edit group access wizard
opens.
7. In the Unauthorized services list are displayed the services that are not granted to the group.
Select User Tracking Display: changes from all the users and click on . The service is
moved to the Authorized services list.
8. Click on OK to commit the group permission addition. The report opens and closes. The
page refreshes. In the panel, the Permissions list displays the service.
Once this permission is granted to a group of users, all the users of the group can see the changes
performed by anyone who logged in SOLIDserver and performed operations.
1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in usertracking.show to filter the list. Only the key usertrack-
ing.show.class.parameters is listed.
4. In the Value column, click on 0. The Registry database Edit a value wizard opens.
5. In the Name field, the key name is displayed in a read-only gray field.
6. In the Value field, delete the 0 and replace it with a 1. This value means the key is enabled.
7. Click on OK to commit your changes. The report opens and closes. In the Value column, a
1 is displayed.
To display the class parameters details configured for the object you can:
• put your mouse over Class Parameters, an information pop up windows displays all the class
parameters details.
• click on Class Parameters, all the class parameters and their value is displayed on the descrip-
tion field along with all the other object details.
874
Monitoring Tools
Netstat
SOLIDserver provides a page listing Netstat data. This tool allows to display the open TCP and
UDP ports to monitor active connections on the management appliance. This page displays
several columns:
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on System > Expert > Netstat. The Netstat listing page opens.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
875
Monitoring Tools
3. In the menu, click on System > Expert > Database tables size. The Database tables size
listing page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select Administration.
5. In the Event drop-down list, select Execution of a scheduled rule.
6. In the Rule list, select (180) Defragmentation DB.
7. In the Rule name, name the rule. That name will be listed in the Instance column.
8. In the Comment field, you can type in a comment if you want.
9. Click on NEXT . The Rule filters page opens.
Reports
Within the Administration module, two pages provide the possibility to export a report. For more
details regarding the reports generation, refer to the chapter Managing Reports.
876
Monitoring Tools
Statistics Reports
From the Statistics page you can generate a report that includes all the charts on this page. For
more details regarding the available charts, refer to the section Statistics.
Statistics chart
Prerequisite: N/A.
Description: Contains all the charts available on the Statistics page. Their content depends on
the time of the generation.
User Reports
From the Users page you can generate a permissions dedicated report. For more details regarding
the Users page, refer to the chapter Managing Users in the part Rights Management of this guide.
Prerequisite: N/A.
Description: Contains table displaying all the permissions granted to the selected user(s) through
four columns: the user name, the group(s) of user they belongs to, the objects they have access
to and the actions they can perform on the objects listed.
877
Chapter 83. Managing SNMP Profiles
SNMP profiles are used to collect SNMP data from hosts or other devices running an SNMP or
proxy SNMP agent. SNMP profiles allows you to manage remotely DHCP and DNS services
through the SNMP protocols. For more details, refer to the Managing SNMP services section of
this guide.
By default, SOLIDserver already contains 3 SNMP profiles (standard v1, standard v2c and
standard v3). To edit these profiles, refer to the Edit an SNMP profile section.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, click on ADD . The Add an SNMP profile wizard opens.
5. In the SNMP profile name field, name the profile.
6. In the Description field, you can type in a description.
7. In the SNMP version drop-down list, select the SNMP version you want to use.
8. Click on NEXT . The next page opens.
9. If you selected the v1 or v2c version of SNMP:
a. In the Read community field, type in the read-only community string that would act as
a password for this profile reading requests. For the preexisting profiles standard v1
and standard v2, the default value is public.
b. In the Write community field, you can type in a write community string that would act
as a password for this profile reading and writing requests. For the preexisting profiles
standard v1 and standard v2, the default value is private.
10. If you selected the v3 version of SNMP, fill in the Read access parameters and Write access
parameters fields according to the table below:
878
Managing SNMP Profiles
Parameters Description
Authentication In this field, select the cryptographic hash function used for authentic-
ation: either MD5, SHA or None. This field is compulsory for read ac-
cess parameters. For the preexisting profile standard v3, the default
value is MD5.
Privacy key In this field, if need be, type in the encryption key to prevent snooping
from unauthorized sources.
Privacy In this field, if need be, select the encryption type: either DES or None.
For the preexisting profile standard v3, the default value is DES.
11. Click on OK to commit your creation. The SNMP profiles configuration page is visible again,
your profile is listed in the panel.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, select the SNMP profile configuration you want to edit.
5. Click on EDIT . The Edit an SNMP profile wizard opens.
6. In the Description field, you can type in a description.
7. In the SNMP version drop-down list, select the SNMP version you want to use.
8. Click on NEXT . The next page opens.
9. If you are editing a profile in SNMP v1 or v2c: edit the Read community and/or Write com-
munity fields as needed.
10. If you are editing a profile in SNMP v3, edit the Read access parameters and Write access
parameters as needed.
11. Click on OK to commit your changes. The SNMP profiles configuration page is visible again.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, select the SNMP profile configuration you want to delete.
879
Managing SNMP Profiles
5. Click on DELETE . A "Do you really want to delete this profile?" message box appears.
6. Click on OK to commit your deletion. The SNMP profiles configuration page is visible again.
The profile has been removed from the SNMP profiles configuration list..
880
Chapter 84. Maintenance Tools
As any other product, SOLIDserver needs to be correctly maintained over time to run smoothly
and reach its maximum performance. Therefore, members of the admin group can use different
advanced tools for precise maintenance purposes. They can for instance, enable or disable the
Maintenance mode to work without interferences on their infrastructures, and they may have to
implement internal changes to the code itself.
Note
Enabling the maintenance mode does not interrupt network services.
Keep in mind that once enabled, the users that are not part of the admin group will not able to
log in and that a red banner message will be displayed above the menu of every page of
SOLIDserver. Only one wizard allows you to enable or disable the mode.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Maintenance Mode. The Enabled/Disabled mainten-
ance mode wizard opens.
4. Click on OK to enable or disable the Maintenance mode. The report opens and closes. The
Administration tab homepage is visible again.
If you just enable the mode, an alert message appears in red under the menu bar. All the
users that are not members of the admin group have been disconnected.
If you just disabled the mode, the alert message disappears and standard users can connect
to SOLIDserver again.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
881
Maintenance Tools
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Register new macros/rules. The Register all the
latest macros and rules wizard opens.
4. Click on OK to commit the update. The report opens and closes. The Administration tab
homepage is visible again.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Clear SOLIDserver cache. The Clear SOLIDserver
cache wizard opens.
4. Click on OK to commit the clearing of the cache. The report opens and closes. The Admin-
istration tab homepage is visible again. Any internal modification of the code has been taken
into account.
882
Chapter 85. Local Files Listing
The Local Files Listing page is a powerful tool that displays all types of files uploaded or simply
stored locally on the appliance. All the files are separated among 6 categories: Local, TFTP,
Logs, Config files, Custom images and Custom WSDL. This diaplay allows to ease up their
management.
From each of these pages, you can upload, download and delete local files. For more details,
refer to the Managing Local Files Listing Files section below.
Local Page
This list displays all the files stored locally in the appliance. It includes:
• the files exported from the Export > Report menu. Their extension will depend on the chosen
export file: .csv, .html, .xml, .xls or .pdf. For more details, refer to the Exporting Data chapter
of this guide.
• the reports generated from the GUI. Their extension will depend on the chosen file format:
either .html or .pdf.
• the sysaudit.log file that stores in real time all the appliance system information (memory use,
partition, netstats, etc). To download this file, refer to the Downloading Files section below.
• the network devices captures. The captures extension is .pcap. For more details, refer to
the Making a Network Device Snapshot section of this guide.
• the corrupted configuration files that triggered a Locked synchronization. For more details,
refer to the DNS Locked Synchronization Status section of this guide or to the DHCP Locked
Synchronization Status section of this guide.
883
Local Files Listing
• the troubleshooting dump files generated from the Administration homepage. The dump
extension is .tar, for more details refer to the Troubleshooting Dump section of this guide.
TFTP Page
This list displays all the files uploaded locally, available for download, and the files uploaded re-
motely via TFTP. For more details, refer to the Managing the TFTP Upload Authorizations section
of this guide.
Logs Page
This list displays all the appliance log files in alphabetical order. To browse their content, go to
the Logs visualization page. For more details, refer to the Logs Visualization section of this guide.
Uploading Files
From any page of the Local files Listing you can upload files. This upload is updating the appliance
local database from the GUI.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. In the menu, select Tools > Upload file. The Import a file wizard opens.
5. Click on BROWSE to select the file to upload from your local file system.
884
Local Files Listing
6. Click on OK to commit the import. The report opens and closes. The file has been imported
to the Local files listing.
Downloading Files
Any file listed on the Local Files Listing can be downloaded to your local computer from the GUI.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. In the Name column, filter the list if need be.
1
5. Click on the name of the file of your choice to download it .
Deleting Files
From any page of the Local files Listing you can delete files from the appliance local database.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. Filter the list if need be.
5. Tick the file(s) you want to delete.
6. In the menu, select Edit > Delete file(s). The Delete file wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The file is no longer listed.
1
Depending on your browser, you might download the file right away or be offered the possibility to open the file or save it.
885
Chapter 86. Troubleshooting
Troubleshooting is a logical and systematic search for the source of a problem. It is needed to
develop and maintain complex systems where symptoms can have many possible causes.
Before Troubleshooting
There is set of simple checks that might help you avoid a troubleshooting. These checks are often
overlooked in times of functional problems when they should be an administrator reflex.
1. Make sure that the appliance and the objects its manages are at the time, if not set the
appliance time through the interface.
Typically, if your appliances and the servers it manage are not the same time, you will encounter
management problems: the DHCP will be the first impacted with the leases, the DNS will in
time be impacted as well especially if you set time check keys for the zones. We recommend
that you set the Time & Date through the interface Preferences menu or through the NTP
server. We strongly advice against setting the time through CLI because it might make
SOLIDserver crash, disrupt your services, trigger errors in the logs... If you do it anyway, restart
SOLIDserver to make sure that all the services impacted by the time change are restarted and
all at the same time.
2. Make sure there is no Multi-Managemenet of your DNS and DHCP physical servers.
Through the smart architectures, you can manage the servers of your choice so make sure
you did not add and manage twice the same server in two different smart architectures. Every
minute the smart architecture will check that its configuration is pushed to the physical server,
if not it pushes it again. So if one physical server is managed through two different architectures
every minute a configuration is pushed and then overwritten by the other smart architecture.
Troubleshooting Guidelines
Determining what might be the causes of a dysfunction is often a process of elimination.
Troubleshooting also requires confirmation that the solution restores the system to its working
state.
The following guidelines give a generic overview of troubleshooting, and since each case is dif-
ferent, you might need to vary your approach to the problem.
1. Confirm the presence of a backup in case of service interruption. You might need the
backup file to restore the previous stable version of your system. However, restoration will
overwrite the changes made between the time of the backup and the time of the crash, so
this would be the very last resort. For more details, refer to the Backup and restoration
chapter.
2. Isolate the malfunctioning behavior to pinpoint what services or components are affected.
3. Inspect the status indicators that can highlight a dysfunction.
4. Inspect connections to any attached devices and check their power sources.
5. Review the network and services configuration. For more details, refer to the System
configuration part.
886
Troubleshooting
6. Check if the issue is not due to the customer background, i.e the customer's use of the
services, operating system, network topology components and levels of software that were
running when the incident occurred.
7. Check the product logs. Do not hesitate to check the DNS logs, DHCP logs, PostgreSQL
logs, the management logs as well as the system logs. For more details, refer to the Logs
visualization section.
8. Check the system logs. Do not hesitate to check the sysaudit.log file, available on the
Local Files Listing page. For more details, refer to the Local Files Listing chapter of this
guide.
9. Use the troubleshooting tools described in the section below.
10. Check for any improvement until complete restoration of the system after every step
in the troubleshooting process.
If the problem remains, do not hesitate to contact the support team with all the information you
will have collected. The set of files that will be needed include: the network capture file, the
troubleshooting dump file and the last system backup.
Troubleshooting Tools
SOLIDserver provides members of the admin group with two ways of analyzing the system in
case of a crash. The troubleshooting dump tool allows to retrieve DNS, DHCP and system debug
information while making a network capture that indicates the DHCP or DNS traffic on a given
duration. Both methods are complementary.
Network Capture
The network capture tool allows to capture packets on a given duration, i.e the actions made
through the appliance interface(s), to analyze DHCP and DNS traffic. When you run this utility,
the archive file containing all the traffic information will be available in the directory listing module
in the .pcap format.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, click on Tools > Network capture. The Perform a network capture wizard
opens.
3. In the Predefined drop-down list, you can select one of three options described in the table
below:
887
Troubleshooting
4. In the Interface drop-down list, select the interface for which you want to capture packets.
It can either be DEFAULT_INTERFACE or the DHCP_INTERFACE.
5. In the Port field, you can specify the port for which you want to capture packets.
6. In the IP address field, you can specify the IP address for which you want to capture packets.
7. In the Protocol drop-down list, you can specify the protocol, either udp, tcp or both (Any).
8. In the Duration drop-down list, you can specify the duration of the capture, either 10s, 30s,
1mn, 2mn or 5mn.
9. Click on OK to perform the network capture you just configured. The report opens and closes.
The Administration homepage is visible again.
The .pcap file containing all the traffic information is available on the Local files listing page ac-
cessible through the menu Maintenance > Local files listing on the Administration homepage.
Troubleshooting Dump
The troubleshooting dump tool allows to retrieve DNS, DHCP and system debug data. When you
run this utility, the archive file containing all the debug information will be available in the directory
listing module in the .tar format.
Only members of the admin group have access to the troubleshooting dump tool.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on Tools > Troubleshooting dump. The Troubleshooting dump wizard
opens.
4. Tick the checkbox(es) of your choice: Retrieve DNS information, Retrieve DHCP information
or Retrieve system information to copy the corresponding debug information in the
troubleshooting dump file.
5. Click on OK to commit your file configuration. The report opens and closes. The Administra-
tion homepage is visible again.
The archive containing the debug data is available on the Local files listing page accessible
through the menu Maintenance > Local files listing on the Administration homepage.
888
Chapter 87. Backup and Restoration
EfficientIP recommends that you regularly backup SOLIDserver. In order to help you perform
this maintenance operation, SOLIDserver includes automatic backup and version management
mechanism. The backup process can either be scheduled or triggered on demand.
The backup files will be stored on the appliance itself, but you can also decide to store the backup
files on a remote FTP server. For ease of use and to prevent confusion, binaries, system and
log files are not included in the backup stored on the appliance. Still, they can be restored separ-
ately either when you reinstall SOLIDserver or when you update the system.
DNS, DHCP and System logs can be included in the backup created on the remote archive.
Note
SOLIDserver automatically generates a new backup before each upgrade thus allow-
ing you to revert back its data and configuration.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
• FTP server: displays the address or hostname of the remote FTP server storing the backup
files.
• FTP directory: displays the remote FTP server directory where the backup files are stored.
• FTP login: displays the login used to connect to the remote FTP server.
• Mode: displays the mode used to connect to the remote FTP server, either Active or Passive.
• Log DNS: indicates if the DNS logs are included in the remote backup. The value can be either
yes or no.
• Log DHCP: indicates if the DHCP logs are included in the remote backup. The value can be
either yes or no.
889
Backup and Restoration
• System Log: indicates if the System logs are included in the remote backup. The value can
be either yes or no.
• Retention duration : displays the number of days beyond which a backup is automatically
deleted.
Caution
Creating an instant backup during the enrollment of a Hot Standby appliance in High
Availability may trigger an error.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the menu, select Tools > Create instant backup.The Create instant backup wizard opens.
5. Tick the Exclude all the reports box if you only want to save the configuration and certification
files.
6. Click on OK to commit the backup generation. The report opens and works for a while. Once
the backup is generated, it is listed in the Local backup file panel and named solid-<host-
name>-<year><month><day>- <hour><minutes>.gz.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the Local backup file panel, select the backup file of your choice.
5. Click on DOWNLOAD . Depending on your browser, you might have an instant download of the
backup file (in the Download folder of your browser) or a window might open to allow you to
choose the target folder.
890
Backup and Restoration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon. The Backup parameters page opens.
4. In the menu, select Edit > Local backup files or in the Local backup files panel, click on
EDIT . The Archive backup parameters wizard opens.
5. In the Hour of backup drop-down list, select the hour when you want to generate the daily
backup.
6. In the Retention drop-down list, select the number of days beyond which a backup should
be automatically deleted.
7. Click on OK to commit your changes.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon, a new page is displayed.
4. In the menu, select Edit > Remote archive or in the Remote archive panel, click on EDIT .
The Archive server parameters wizard opens.
5. Configure the remote FTP archive using the table below:
891
Backup and Restoration
Fields Description
Mode Defines if the FTP works in Active or Passive mode.
DNS/DHCP/System Tick the related box if you want to save the DNS, DHCP and/or
System logs on the FTP server.
Retention In this drop-down list, select the number of days beyond which a
backup should be automatically deleted from the FTP server.
6. Click on OK to commit your changes. The report opens and closes. The Backup parameters
refreshes and displays the FTP server you just configured.
Restoring a Configuration
You can restore a backed up configuration through SOLIDserver GUI. Before going further, you
need to know the name of the backup file and its version number. That's why each new backup
generates an increment number that concatenates the date and hour as follows: solid-<hostname>-
<year><month><day>- <hour><minutes>.gz.
1
Keep in mind that a backup file contains both the appliance data and the appliance system con-
2
figuration . You can choose to restore only the data if you want.
Warning
You cannot restore a backup on an appliance set in high availability. You need to
disable the high availability, restore the backup on a Standalone appliance and then
configure the high availability again.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the Local backup files panel, select the backup file you want to restore.
5. Click on RESTORE . The Restore a backup file wizard opens.
6. If you want to restore the backup system configuration, tick the Restore the system config-
3
uration box . If you do not tick this box, the backup data will be restored but the current
system configuration of the appliance will be kept.
7. Click on OK to commit your restoration.
In order to restore a backup configuration from a backup configuration file located outside
SOLIDserver, you have to upload it first on the local SOLIDserver file system, and then restore
it.
1
This data includes all the rules: they are collected during the backup generation.
2
The system configuration includes your network configuration (hostname, DNS resolver, firewall configuration, default gateways, de-
fault/static route configuration) and services configuration (services status, xfer account settings, SNMP communities) at the time of
the backup generation.
3
Tick the box if you are restoring a backup using an NSD or Unbound Hybrid server.
892
Backup and Restoration
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon,. The Backup parameters page opens.
4. In the menu, select Tools > Upload a backup file. The Upload SOLIDserver backup wizard
opens.
5. Click on BROWSE to select the image to upload from your local file system.
6. Click on OK to commit your upload. The backup file is now listed in the Local backup files
panel.
893
Chapter 88. Upgrading
You can manually perform software upgrades for your SOLIDserver appliance. To get the latest
upgrades you need a network access to Internet and an account to the EfficientIP download
portal: http:\\downloads.efficientip.com. Before upgrading your SOLIDserver, check that your li-
cense key allows you to run the new version of the upgrade you are applying. The current version
of a SOLIDserver is displayed on the Licenses page. To open it, go the Administration homepage
and in the menu, select System > Licenses.
Note
SOLIDserver automatically generates a new backup before going through with any
upgrade. For more information on backup, please refer to the Backup and Restore
chapter below.
Upgrading a SOLIDserver
The upgrade can take a while as it performs the following:
If you are upgrading an appliance in High availability, refer to the section Upgrading Appliances
in High availability of this guide.
If you are upgrading a remotely managed appliance, refer to the section Upgrading Remote
Appliances through the All SOLIDserver list of this guide.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
4. Click on BROWSE to select the file containing the SOLIDserver image in the version of your
choice.
5. in the File name field, the file is displayed once retrieved.
6. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a pro-
gression bar that informs you of the tasks being performed. The last step is Upgrade finished.
Rebooting SOLIDserver.
1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed. The
last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.
894
Upgrading
7. Click on CLOSE to go back to the Administration homepage. The appliance reboots. Once
done, you can access it again.
To ensure a clean migration, the macro should be run until no error is found. Each error will have
to be corrected by the administrator.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Post-Migration. The Migration - Update DB entries wizard
opens.
4. Click on OK to run the macro. The report opens and displays any error found in the database
entries.
5. Click on CLOSE to go back to the Administration homepage.
Correct each error, and rerun the post-migration procedure until no error remains, as many time
as needed.
895
Chapter 89. Custom DB
CustomDB is a tool of the Administration module that allows members of the admin group to
create as many custom databases as you want. They are directly embedded in SOLIDserver
and will contain a maximum of 10 pieces of information named Label in the GUI.
Keep in mind that the Custom databases can come in very handy when it comes to configuring
in a number of classes through the addition of select, multiple select or Autocompletion class
objects for instance. For more details, refer to the chapter Class Studio.
Browsing Custom DB
Custom DB is divided into two pages: one displaying the databases themselves and the other
displaying the data of each custom database.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Custom DB. The Custom database page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. At the end of the line of the custom database of your choice, click on . The properties page
opens.
On the properties page, the Main properties panel displays the Custom database name, Type,
Description and labels it contains.
896
Custom DB
Note
The default Vendor custom database is the only database in Read only. It cannot
be edited at all.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. In the breadcrumb, click on Custom data. The Custom data page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. In the Name column, click on the name of the custom database of your choice to display the
data it contains.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. At the end of the line of the entry of the custom data of your choice, click on .The properties
page opens.
On the properties page, the Main properties panel displays the name of the Custom database
it contains along with the defined labels and their value.
Adding a Custom DB
To add a custom db
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the menu, select Add > Custom database. The Create a custom DB wizard opens.
5. Fill in each field as describe below:
897
Custom DB
Editing a Custom DB
Warning
Do not edit a database name if it is already used.
To edit a custom db
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the Name column, put your mouse over the name of the database you want to edit. Click
on . The Edit custom database wizard opens.
5. Edit each field according to your needs following the table below:
6. Click on OK to commit your changes. The wizard refreshes and closes. The changes are
displayed in the list.
Deleting a Custom DB
To delete a custom db
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.
898
Custom DB
3. In the list, tick the custom database that you want to delete.
4. In the menu, select Edit > Delete. The wizard opens.
5. Click on OK to remove the selected custom db.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.
3. In the list, click on the name of the custom database in which you want to add data. A new
list appears.
4. In the menu, select Add > Custom data. The Add custom data wizard opens.
5. Fill the Value field there are 9 other fields, all optional.
6. Click on OK to add the new entry to the current custom data list.
Warning
Do not edit a database name if it is already used.
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the Name column, click on the name of the custom database of your choice to display the
data it contains.
5. In the Name column, put your mouse over the data you want to edit. Click on . The Edit
custom data wizard opens.
6. Edit the value of the labels you already set if need be.
7. Click on OK to commit your changes. The wizard refreshes and closes. The changes are
displayed in the list.
899
Custom DB
1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.
3. In the list, click on the name of the custom database in which you want to delete data. A new
list appears.
4. In the list, tick the entries that you want to remove from the custom database.
5. In the menu, select Edit > Delete. The wizard opens.
6. Click on OK to remove the selected entries.
900
Chapter 90. Class Studio
Class Studio is a powerful customization tool of the Administration module that allows members
of the admin group to create classes that will tailor SOLIDserver to their needs when it comes to
provisioning their network.
In SOLIDserver, every type of resource (IPAM pools, VLAN domains, DHCP ranges...) is associ-
ated with a default and a global class. Default classes can neither be deleted nor edited, while
global classes can be edited but not deleted.
In addition to these preexisting classes, members of the admin group can also add customized
classes. Just as global classes, they allow tailoring the Add/Edit wizards but also offer more
management possibilities. For instance, several customized classes can be created for a same
type of resource. They can also be renamed, duplicated and moved from a directory to another,
or most notably, from a resource to another.
Every class listed contains its own database: a set of objects that define its behavior.
901
Class Studio
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
By default, Class Studio displays as many global and default classes as there are resources
within SOLIDserver. The page columns are described in the table below:
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. At the end of the line of the class of your choice, click on . The class properties pages
opens.
902
Class Studio
This pop-up window, named Class Editor, opens when clicking on any of the class name listed
on Class Studio listing page. It is divided vertically to display: on the left a creation panel and
on the right the list of class objects. You can sort these objects using the drop-down list.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the name of the class you want to edit. Class Editor pop-up
window opens: it is named Class Editor (<hostname>/<user>). The class name is displayed
at the end of the URL field as such: <class_name>.class
Accessing Class Editor through Class Studio listing page allows you to edit any customized or
global class. You can also load the global class of a specific resource straight from its All <re-
sources> listing page.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the icon of the resource of your choice. The related listing page opens.
3. In the menu, select Settings > Customize user fields. Class Editor opens and displays the
chosen resource global class objects.
A class can be seen as a profile for the Add/Edit wizards of SOLIDserver resources (IPAM subnets,
DNS zones, DHCP servers, etc...). Once a class is applied to a resource or type of resource, the
related wizards will include new fields that can be used to specify additional information. For ex-
ample, members of the admin group can add a field called "City", that can be prefilled or not, to
some or all the Add/Edit a subnet wizards. In the example below, the class data of the
"Headquarter" subnet refers to the user defined field "City" and the object value "Chicago".
903
Class Studio
Besides simple input fields, Class Studio offers various options to customize managed resources.
Class Editor includes a large library of class objects (formerly WDOM objects) ranging from
checkboxes to multi-entries drop-down lists and hidden data, which values can be manually set
or automatically retrieved.
Classes can even be combined using the Include class object, for more details refer to the Con-
figuring Classes with Class Objects section of this chapter.
Finally, members of the admin group can add columns to any listing page in order to display
which classes or class parameters are applied on certain resources. For more details refer to the
Customizing the List Layout section of this guide.
Caution
To edit classes, your browser must allow pop-up windows.
Understanding Classes
Classes are of three kinds, default, global and customized classes and can be applied to any
resource or type of resource provisioned in SOLIDserver. These do not include non-editable re-
sources such as VRF Route Targets, RRs, VLANs or discovered items.
• Default classes are associated with every type of resource by default and correspond to default
behaviors. They are always running and cannot be edited nor deleted. For more details, refer
to the Default behaviors chapter of this guide.
• Global classes are by default associated with each type of resources as well. Class objects
defined for a global class are automatically integrated to all the items of the resource it is set
for. For instance, user defined fields configured for the global class of subnets will automatically
appear in the Add/Edit wizards of every subnet. Unlike the other classes, the global classes
does not need to be selected manually at the beginning of the addition and edition wizards of
a resource: this class configuration is automatically displayed.
• Customized classes refer to all the classes created by members of the admin group. Once
set and enabled, you will need to select the classes you want to apply to a type of resource.
Indeed, a class dedicated page will appear in the addition and edition wizards and allow you
to select manually and individually in the <resource> class list, the class of your choice. Of
course, applying a class to a resource is not compulsory and you can always select None.
904
Class Studio
Figure 90.4. Example: "Subnet Class" Page From the Add a Subnet Wizard
Note
Object values set for a resource are automatically inherited by the objects it contains.
For instance, if the value "Chicago" is set for a block through an input field "city", it
is automatically inherited by the subnets it contains if said subnet also possess an
input field named "city".
For each class, Class Editor gathers class objects in groups that correspond to their level of use.
These groups can be selected one by one through the drop-down list, each group is briefly de-
scribed in the tables below. Keep in mind that each object fields described in these tables is
displayed in the addition and edition wizard of the resource of your choice only and only if they
were configured in an enabled class that has been selected on the class dedicated page of said
wizard.
Most used objects refers to the most frequently used objects that are embedded into classes by
members of the admin group, independently of the module they are used in.
905
Class Studio
Fields Description
Horizontal separator Displays a colored line, either red, green or blue, that allows to separate
and organize the class fields according to your needs.
Jump to page Splits the wizard in several pages, it therefore adds a NEXT button at
the bottom of the page.
Classes and class objects can be applied to any resource, but some objects might prove more
useful in certain modules. For instance, some objects are more specific to the IPAM resources
and gathered in the IP address management group, they are listed in the table below:
Like the IPAM, the DHCP comes with a set of DHCP management objects that allows to associate
DHCP resources between them and set more advanced options:
DNS management objects also aim at customizing the DNS resources wizards, especially asso-
ciate them with other resources whether they come from the same module or not:
906
Class Studio
Class Editor provides members of the admin group with other useful class objects. Selecting All
Objects in the drop-down list displays all the objects described in the tables above plus the fol-
lowing ones:
For more details on a class object, refer to the Adding Class Objects procedure that suits your
needs.
Adding Classes
Given that editing a global class automatically affects all the objects the class is set for, members
of the admin group can create specific customized classes that will be applied individually and
manually to any set of resources through the addition and edition wizards.
To add a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
907
Class Studio
3. In the menu, select Add > Class. The Add a new class wizard opens.
4. Fill in the following fields:
5. Click on OK to commit your creation. The report opens and closes. The class is listed.
Once a class is configured for a resource, it must be enabled to function properly. For global
classes, this results in their class objects automatically integrated to the resources they are set
for. For customized classes, enabling a class makes it available in the class selection page of
the resource addition and edition wizards. For more details, refer to the Using classes section of
this chapter.
A class is empty by default, whether it is a global or a customized one. Once created, members
of the admin group can click on a class name to add and configure class objects for these classes
through Class Editor . For more details, refer to the Configuring Classes section of this chapter.
Caution
To edit classes, your browser must allow pop-up windows.
Editing Classes
Classes can be duplicated, renamed or moved from a type of resource to another or from a dir-
ectory to another.
Duplicating Classes
SOLIDserver allows to duplicate customized classes. These duplicates can then be edited and
renamed to manage them more easily, for instance you might need to apply them to other types
of resource or even move them.
Duplicating classes can be useful since object values set for a resource are automatically inherited
by the resources it contains. For instance, if the value "Chicago" is set for a block through an input
field "city", it is automatically inherited by the subnets it contains if said subnet also possesses
an input field named "city".
908
Class Studio
To duplicate a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to duplicate.
4. In the menu, select Edit > Duplicate. The Duplicate class wizard appears.
5. Click on OK to commit your configuration. The duplicated class is listed and named as such:
copy_<original class name>.
Renaming Classes
A customized class can be renamed at any time from its properties page. Renaming a class does
not affect the class objects it contains. Once a class has been renamed, it will be updated on the
properties page of the concerned resources.
To rename a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. At the end of the line of the class of your choice, click on . The class properties page opens.
4. In the menu, select Edit > Rename. The Rename class wizard appears.
5. In the Old field, the current class name is displayed.
6. In the New Name field, type in the new name for the class.
7. Click on OK to commit your changes. The class new name is displayed in the panel and
modified in the list.
Moving Classes
In contrast with the default and global classes, that are hard linked to the resources they are set
for, customized classes can be moved from a directory to another or even from a type of resource
to another. For instance, a class created for DNS servers can be moved and made available for
a completely different type of resource, like the DHCP ranges.
To move a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to move.
4. In the menu, select Edit > Move. The Move class wizard opens.
5. In the Sub-directory field, type in a directory if need be. It can be a new directory for the
class or an existing one.
909
Class Studio
6. In the Module drop-down list, select a module for the class. It can be the same one or a new
one.
7. In the Type drop-down list, select a resource to which the class will be applied. It can be the
same one or a new one.
8. Click on OK to commit your changes. The report opens and closes. The data is updated in
the list.
As classes must not be used at all in SOLIDserver to be deleted, the following procedure might
come in handy. Keep in mind that the listing page columns layout can help you find the resources
using a class. For more details, refer to the Customizing the List Layout section of this guide.
1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the icon of the resource of your choice. The related listing page opens.
3. At the end of the line of the object of your choice, click on . The resource properties page
opens.
4. In the Main properties panel, click on EDIT . The related edition wizard opens.
5. Click on NEXT until you reach the <Resource> class page of the wizard.
6. In the <Resource> class list, select None or a class different from the one you intend to delete.
7. Click on NEXT until you reach the last page of the wizard.
8. Click on OK to commit your changes. The report opens and closes. The class has been
dissociated from the resource.
Using Classes
Upon addition, a customized class can either be enabled straight away or left disabled. Once
enabled, a <resource> class selection page appears in the Add/Edit wizards of the resources it
was set for. This page allows to select manually a customized class but it is not mandatory and
the choice can be left to None.
Since deleting classes may result in unwanted complications, disabling classes allows to store
them, rather than deleting them, for future use.
Note
Default and global classes cannot be disabled and are automatically applied on the
resources they are set for.
To enable a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
910
Class Studio
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to enable.
4. In the menu, select Edit > Enable class. The Enable class wizard opens.
5. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The class is marked as Enabled in the Status column.
To disable a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to disable.
4. In the menu, select Edit > Disable class. The Disable class wizard opens.
5. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The class is marked as Disabled in the Status column.
Deleting Classes
Only customized classes can be deleted. Keep in mind that they can be deleted only and only if
they are not used by any SOLIDserver resource. Therefore, you might need to stop using the
class before deleting it. For more details, refer to the Changing or Stop Using Classes section.
Warning
Deleting a class will delete the class objects it contained and displayed on the re-
sources properties page.You might simply want to disable a class and enable it later
to use it again.
To delete a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to delete.
4. In the menu, select Edit > Delete. The Delete class wizard opens.
5. Click on OK to commit your deletion.The report opens and closes.The class has been deleted
is no longer listed.
911
Class Studio
Caution
To edit classes, your browser must allow pop-up windows.
Configuration parameters differ from one object to the other: some are compulsory (marked by
an asterisk *), others only available in Expert mode. The table below describes the most frequent
parameters when adding and editing class objects:
912
Class Studio
Parameter Description
the Show if... condition only if it has been saved in the wizard, either by
class inheritance or using the Jump to page class object.
Input
An input field allows the association of a simple, yet highly customizable, data string to a resource
when provisioning SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Input . The Input wizard opens.
5. Configure it using the key parameters described in the Class Objects Key Parameters table
above.
6. In the Input field maximum length field, type in the maximum number of characters, spaces
included, that users can type in the field. By default, the maximum field length is 64.
7. If you selected the Expert mode, in the Predefined format drop-down list, you can select a
format for the Name to be valid. It can either be an IP address (v4), IP address (v6), Text,
Unsigned integer, Signed Integer, Domain name, FQDN Host, MAC address or Email address.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Select
The Select class object allows to create drop-down lists that users can choose from. These drop-
down lists can be set from fixed values, added to the list directly from the wizard, or automatically
retrieved values. For instance, they can be imported to the list from a CSV file, a service list or
a custom DB. All the services and related parameters can be found in the SOAP reference guide
a va i l a b l e on the suppor t page of the Efficient IP website
[http://www.efficientip.com/support/support]. As for SOLIDserver Custom DB, for more details
refer to the Custom DB chapter of this guide.
Note
To configure a Select we strongly recommend using the Custom DB feature rather
than to retrieve data from a CSV file.
The Select class object should not be mistaken with the Multiple select. For more details, refer
to the Multiple select section below.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
913
Class Studio
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Fixed values. The wizard refreshes.
10. Click on NEXT . The next page of the wizard appears.
11. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password... The La-
bel/Key field autopopulates.
12. In the Label field, type in the word string, corresponding to the key, as it will be displayed in
the list. The Label/Key field autopopulates following the format <Label>#<Key>.
13. Next to the Label/Key field, click on . The value is listed in the Options list.
14. Repeat these actions for as many values as needed. You can use to remove one by one
values from the list, or and to reorganize them.
15. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select CSV values. The wizard refreshes.
914
Class Studio
10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the CSV file field, type in the complete path of the file stored in the appliance.
12. In the Value column field, type in the number of the column in the CSV file containing the
values to retrieve.
13. In the Label column field, type in the number of the column in the CSV file containing the
labels corresponding to the values to retrieve.
14. In the Filter column field, type in the number of the column used to match certain rows.
15. Next to the Filter column field, click on . The value of the filter column field is moved to
the Filter list. You can use to remove one by one values from the list, or and to reor-
ganize them.
16. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Service list values or Manual. The wizard refreshes.
10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the Services field, start typing in the name of service to call, the matching services will be
listed. Select the one that suits your needs. All the services and related parameters can be
found in the SOAP reference guide available on the support page of the Efficient IP website
[http://www.efficientip.com/support/support].
12. In the Key field, type in the name of the input parameter corresponding to the values to re-
trieve.
13. In the Label field, type in the name of the input parameter corresponding to the labels asso-
ciated to these values.
14. In the Where field, type in an SQL condition to filter the retrieved values if need be.
15. In the Order by field, type in an SQL condition to sort the results if need be.
16. In the Limit field, type in the maximum number of results to display.
915
Class Studio
17. In the Tags field, type in an SQL conditions to filter the retrieved class parameters if need
be. You might need assistance from Efficient IP support team to fill in this field.
18. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Custom DB. The wizard refreshes.
10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the Custom DB name field, type in the name of the Custom DB of your choice. For more
details on SOLIDserver Custom DB, refer to the Custom DB chapter of this guide. The field
autocompletes.
12. In the Key column drop-down list, select the column from the Custom DB containing the
objects names as they will be saved in SOLIDserver database (string of characters: _a-z0-
9 only). To prevent GUI conflicts, avoid names that are already used in the code such as:
site, mac-addr, gateway, vlan, domain, user, port, password...
13. In the Label column drop-down list, select the column from the Custom DB containing the
values as they will be displayed in the list.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Comment
Just like the Horizontal separator, Jump to page, Icon and Counter class objects, a Comment is
not a user defined field and does not allow users to associate class data to a resource. Comments
allow members of the admin group to display information, a notice or a warning in the Add/Edit
wizards.
916
Class Studio
To add a comment
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Comment . The Comment wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Comment text area, type in the comment you want to display in the wizard.
7. In the Style drop-down list, select the type of comment. It can either be the content of the
Comment field in a gray area (None), a Notice or a Warning.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel. The selected comment style is displayed in the panel.
You can close Class Editor or keep adding other class objects to the same class.
Text Area
Classes allow users associate complete chunks of text to specific resources using the Text area
object. Text area are input fields that can contain until 3900 characters.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Text area . The Text area wizard opens.
5. If you set the Expert mode to Yes, fill the Rows if you want the text area to display a certain
number of rows.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Full width checkbox if you want the text area to be large, centered and placed under
the label. Leave it unticked to have a smaller text area, placed right of the label.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Horizontal Separator
Just like the Comment, Jump to page, Icon and Counter class objects, a Horizontal separator is
not a user defined field and does not allow users to associate class data to a resource. A hori-
zontal separator is a red, green or blue line that allows structuring Add/Edit wizards through which
the class data is set.
917
Class Studio
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Horizontal separator . The Horizontal separator wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Line style drop-down list, select a color for the separator. It can be either Red, Green
or Blue.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Jump to Page
Just like the Comment, Horizontal separator, Icon and Counter class objects, a Jump to page is
not a user defined field and does not allow users to associate class data to a resource. The Jump
to page class object appears in the creation panel in the form of a dotted line and allows to divide
wizards into several pages, it adds a NEXT button at the bottom of the wizard page.
Adding a page can be useful to validate and save values to display conditional class objects. In-
deed, an object value can only be checked by a Show if... condition if it has been saved by said
wizard.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Jump to page . The Jump to page wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Title field, you can name the page of the wizard you are adding.
7. In the Comment text area, you can type in a comment that will appear in the lower left-hand
corner of the wizard, beneath the title.
8. Click on NEXT . The last page of the wizard appears.
9. In the Image drop-down list, you can select a predefined image to place on the new page.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
918
Class Studio
Hide IP Alias
When set on container, the Hide IP alias variable allows to skip the alias request page when as-
signing an IP address. For more details, refer to the Configuring IP Address Aliases section of
this guide.
This object can also be set as the Predefined variable, it corresponds to HIDE_IP_ALIAS.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Hide IP alias . The Hide IP alias wizard opens.
6. In the Name field, the class object name is displayed: HIDE_IP_ALIAS.
7. In the Value field, the class object is enabled: it is true.
8. If you set the Expert mode to Yes, fill in the Show if... field if need be according to the Class
Objects Key Parameters table of this section.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Subnet Gateway
The Subnet gateway object allows to specify an offset for the gateway of all subnets. It overwrites
the offset computed by the subnets default behavior, for more details refer to the Subnet Default
Behaviors section of this guide.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Subnet gateway . The Subnet gateway wizard opens.
6. In the Name field, type in the name of the user defined field you want to add. By default, it
is gateway.
7. In the Label field, type in the label of the user defined field you want to add. By default, it is
Gateway.
919
Class Studio
8. In the Offset gateway field, type in the positive or negative offset to automatically configure
the gateway from the subnet IP address. By default, SOLIDserver sets the default gateway
offset to -1.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Force Prefix
Force prefix allows to force a specific prefix on a subnet and can be applied on the subnet itself
or on the block or space it is belongs to.
Note
Forcing a prefix on a preexisting subnet may cause an error.
This object can also be set as the Predefined variable, it corresponds to FORCE_SUBNET_PRE-
FIX.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Force prefix . The Force prefix wizard opens.
6. In the Value field, type in the prefix you want to force for the resource. By default, it is 24.
7. If you set the Expert mode to Yes, fill in the Show if... field if need be according to the Class
Objects Key Parameters table of this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
The Select DHCP server class object is a Select drop-down list that retrieves and displays all the
DHCP servers managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
920
Class Studio
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP server . The Select DHCP server wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
The Select DHCP scope class object is a Select drop-down list that retrieves and displays all the
DHCP scopes managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP scope . The Select DHCP scope wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
The Select DHCP range class object is a Select drop-down list that retrieves and displays all the
DHCP ranges managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP range . The Select DHCP range wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
921
Class Studio
You can close Class Editor or keep adding other class objects to the same class.
The Select DHCP static class object is a Select drop-down list that retrieves and displays all the
DHCP statics managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP static . The Select DHCP static wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
DHCP Options
You can configure a wide range of additional DHCP options at the server, group, scope, range
and statics level. For more details, refer to the DHCP Options appendix of this guide.
Applying such options through a class avoids wasting time in editing each DHCP resource from
their respective properties page.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on DHCP options . The DHCP options wizard opens.
6. In the Expert mode drop-down list, select Yes.
7. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
922
Class Studio
The Select DNS server class object is a Select drop-down list that retrieves and displays all the
DNS servers managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS server . The Select DNS server wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
The Select DNS server class object is a Select drop-down list that retrieves and displays all the
DNS zones managed by SOLIDserver.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS zone . The Select DNS zone wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
The Select DNS server class object is a Select drop-down list that retrieves and displays all the
domains, or DNS Master Name zones, managed by SOLIDserver.
923
Class Studio
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS zone . The Select DNS zone wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Order by fields, type in a value to filter the selected domain by a key. This key must
respect the format : dz.{your_value}.
8. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
9. Tick the Reload on change checkbox if you want the wizard page to reload once a domain
is selected.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Autocompletion
An Autocompletion field is an input field that autopopulates when typing the first symbols of a
value and clicking on the related SEARCH button. A drop-down list then appears to present values
retrieved from a service list or a custom DB.
Keep in mind that all the services and related parameters can be found in the SOAP reference
guide available on the suppor t page of the Efficient IP website
[http://www.efficientip.com/support/support]. For more details on SOLIDserver Custom DB, refer
to the Custom DB chapter of this guide.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Autocompletion . The Autocompletion wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Select type drop-down list, select Manual.
8. Click on NEXT . The next page of the wizard appears.
924
Class Studio
9. In the Service name field, type in the name of the listing service to call, for example ip_sub-
net_list.
10. In the Parameter name field, type in the name of the input parameter that will be used to
pass the searched value. By default, it is WHERE.
11. In the Search condition field, type in a search condition, i.e. a variable, to display in the
Autocompletion drop-down list followed by like '%#%' . In our example, you can type in
subnet_name like '%#%' to format the display of all the IPv4 subnets name. You can also
filter the list by replacing the hash symbol (#) by a specific matching value.
12. In the Parameter name for reverse search field, type in the input parameter name, used to
do reverse searches. Indeed, if a user chose a subnet name for instance, the system will
only have its ID. With this parameter you can pass the ID of the object instead of a string-
like parameter. By default, the parameter name is WHERE.
13. In the Reverse search condition field, type in a second variable, a reverse search condition,
to associated with the one to display in the drop-down list, in our example subnet_id='#' .You
can also filter the list by replacing the hash symbol (#) by a specific matching value.
14. In the Key field, type in the key of the second variable, in our example subnet_id .
15. In the Display format field, type in the value that corresponds to the final display of the data
in the autocompletion drop-down list. You can format this value with as many variables
(preceded by $) or literal symbols as needed. For instance, the $subnet_name (in
$block_name > $site_name) - id = $subnet_id value will display the selected subnets in the
following format: subnet_name (in block_name > site_name) - id = subnet_id.
16. Tick the Allow non-matching values checkbox if you want to allow the input field to accept
values that are not part of the database.
17. Tick the Automatic accept checkbox if you want the field to provide a list of matching Custom
DB entries when the user types in values.
18. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Autocompletion . The Autocompletion wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Select type drop-down list, select Custom DB.
8. Click on NEXT . The next page of the wizard appears.
9. In the Custom DB name field, type in the name of the Custom DB from which you want to
retrieve the data to display. The wizard refreshes.
10. In the Key column drop-down list, select the column containing the values to display.
925
Class Studio
11. In the Label column drop-down list, select the column containing the labels associated to
the values to display.
12. Tick the Allow non-matching values checkbox if you want to allow the input field to accept
values that are not part of the database.
13. Tick the Automatic accept checkbox if you want the field to provide a list of matching Custom
DB entries when the user types in values.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Checkbox
The principle of a Checkbox is quite simple as it allows only two choices that can be associated
to any value, TRUE when it is ticked and FALSE when it is left unticked. Chechboxes can either
be used alone or in combination with other class objects and parameters to validate complex
regular expression.
To add a checkbox
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Checkbox . The Checkbox wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the "TRUE" value field, type in the value you want to set for checkbox when it is ticked
(value yes or 1).
8. In the "FALSE" value field, type in the value you want to set for checkbox when it is not
ticked (value no or 0).
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Counter
SOLIDserver offers the possibility to place a Counter on any page of the wizards the class can
be applied to. A counter increments its value every time said page is accessed, but not necessarily
modified. Returning on a page without closing the wizard, using the PREVIOUS and NEXT buttons,
will not cause the counter to increment.
To add a counter
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
926
Class Studio
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Counter . The Counter wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Padding checkbox if you want to display all the digits of the counter, zeros included.
8. In the Number of digits field, type in the number of digits for your counter.
9. In the Min value field, type in the counter start value. It will displayed when the page is ac-
cessed for the first time.
10. In the Max value field, type in the maximum value you want to set for your counter.
11. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Force class
This class object allows to force classes on any lower level resources. For instance, a Force
class can be configured on a class dedicated to DHCP servers in order to force certain classes
applying to the DHCP scopes, ranges or statics the server contains and will contain.
Classes forced on resources should be configured and enabled for the resources in Class Studio.
In other words, to force a class on a scope, the class meant to set the behavior of this scope
must be configured and enabled.
Note
You can force several classes on the same resource, in which case, beware of
conflicting object names.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit, provided that this class was not set
for the lowest level of any module hierarchy. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Force class . The Force class wizard opens.
6. In the Type drop-down list, select one of the lower levels of objects displayed according to
your needs. The wizard refreshes.
7. In the Class list, double-click on the class you want to force. The class is moved to the
Classes list.
927
Class Studio
8. If you set the Expert mode to Yes, you can set the value of the Required and Show if... fields
according to the Class Objects Key Parameters table of this section.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Force VLSM
The Force VLSM object is used to force a value for the Terminal subnet checkbox in the subnets
addition wizard. When applied on a space or a block, this value is set by default for all the subnets
that they will contain. In this case, the checkbox will not appear anymore in the subnet addition
wizard. Forcing a subnet to be non-terminal enables the VLSM since it allows to create it to
contain other subnets, for more details on VLSM, refer to the Using VLSM to Manage Your Network
chapter of this guide.
This object can also be set as the Predefined variable, it corresponds to NO_VLSM_SUBNET.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Force VLSM . The Force VLSM wizard opens.
6. Tick the Force non terminal subnets creation checkbox if you want the class to force subnets
to be non-terminal upon creation and edition. In other words, the class will automatically
untick the Terminal subnet checkbox when adding/editing subnets as well as it will not tick
or display the field at all if set at the spaces or blocks level.
7. If you set the Expert mode to Yes, you can set the value of the Required and Show if... fields
according to the Class Objects Key Parameters table of this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Hidden data
Allows to associate a resource to a customizable data, not displayed in the wizard. This data
string can be for example be used as a hidden signature for a class.
It can also be used to populate other fields when associated to the constructor class object
parameter (see the Class Objects Key Parameters table) and regular expressions (see the
Managing Class Studio Syntax section in this chapter). A default value can be set for this data,
which can be used when the related field to fill is empty, as well as another value that can be
forced to overwrite the preexisting content.
928
Class Studio
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Hidden data . The Hidden data wizard opens.
6. In the Name field, type the name of another class object. Once the Hidden data is fully con-
figured, the class object will no longer be displayed in the wizard.
7. If you set the Expert mode to Yes, you can set the value of the Constructor and Show if...
fields according to the Class Objects Key Parameters table of this section.
8. In the Default value field, type in the value you want to set for a related field using this hidden
data when empty.
9. In the Force value field, type in a value if you want to overwrite the content of a related field
using this hidden data.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Icon
The Icon object allows to associate an image with a new device in Device Manager.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Icon . The Icon wizard opens.
6. In the Icon path field, type in the complete path of the icon on the local appliance.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Include class
Include class allows to embed another class and the objects it contains. For example, a class X
including a class Y, which already includes a class Z, will include the objects of the three classes.
929
Class Studio
To include a class
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Include class . The Include class wizard opens.
6. In the Module drop-down list, select the module associated to the class you want to include.
7. In the Type drop-down list, select the type of resources associated to the class you want to
include.
8. In the Class name drop-down list, select the class you want to include.
9. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Multiple input
The Multiple input object allows to store several values defined through a preexisting Input field
placed above it. It must be placed right under an Input class object in the class creation panel.
For more details regarding the classes object order, refer to the Organizing Class Objects section
of this chapter.
The Multiple input will actually appear as a list on the addition/edition wizard of the selected re-
source.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. Make sure an Input field is available, it will associated with the Multiple Input you are creating.
For more details, refer to the Add an input field procedure of this section.
6. In the class objects list, click on Multiple input . The Multiple input wizard opens.
7. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
8. In the Input object name field, type in the name of the Input class object used to populate
the multiple input list.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
930
Class Studio
Once the Multiple input class object is configured, a button will appear next to the Input field
placed above it in class creation panel, it allows to add the values typed in the Input field to the
Multiple input list.
You can close Class Editor or keep adding other class objects to the same class.
Multiple select
Multiple select drop-down lists allow to select and store multiple values at the same time. These
can be fixed values, added to the list directly from the wizard, or automatically retrieved values.
For instance, they can be imported to the list from a CSV file or a service list. All the services
and related parameters can be found in the SOAP reference guide available on the support page
of the Efficient IP website [http://www.efficientip.com/support/support].
Once the Multiple select class object is configured, two lists are available on the wizard: the first
one comes with a button next to it, to select the needed values and the second list displays
the values selected in first list.
Note
Like the Select class object, you can use the content of a Custom DB in the Multiple
select. However, to properly implement this feature you need advanced knowledge
as it requires using custom database services (through the Service type Service list
values). In this case, the Where field can help narrow down the list of values available
in the multiple select drop-down list.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select Fixed values. The wizard refreshes.
10. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password... The La-
bel/Key field autopopulates.
11. In the Label field, type in the word string, corresponding to the key, as it will be displayed in
the list. The Label/Key field autopopulates following the format <Key>#<Label>.
12. On the right of the Label/Key field, click on . The value is listed in the Options list.
931
Class Studio
13. Repeat these actions for as many values as needed. You can use to remove one by one
values from the list, or and to reorganize them.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select CSV values. The wizard refreshes.
10. In the CSV file field, type in the complete path of the file stored in the appliance.
11. In the Value column field, type in the number of the column in the CSV file containing the
values to retrieve.
12. In the Label column field, type in the number of the column in the CSV file containing the
labels corresponding to the values to retrieve.
13. In the Filter column field, type in the number of the column used to match certain rows.
14. Next to the Filter column field, click on . The value of the filter column field is moved to
the Filter list. You can use to remove one by one values from the list, or and to reor-
ganize them.
15. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.
932
Class Studio
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select Service list values. The wizard refreshes.
10. In the Services field, start typing in the name of service to call, the matching services will be
listed. Select the one that suits your needs. All the services and related parameters can be
found in the SOAP reference guide available on the support page of the Efficient IP website
[http://www.efficientip.com/support/support].
11. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password...
12. In the Label field, type in the name of the input parameter corresponding to the labels asso-
ciated to these values.
13. In the Where field, type in an SQL condition to filter the retrieved values if need be.
14. In the Order by field, type in an SQL condition to sort the results if need be.
15. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.
16. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Objectname
Objectname allows to build an automatic naming rule for a resource, such as %v{city}-%v{store
code} where city and store code are the names of objects belonging to the same class. By con-
vention, an Objectname and the class objects used to build it should be placed in the first page
of the wizard.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Objectname . The Objectname wizard opens.
6. Configure the Not editable checkbox according to your needs. For more details, refer to the
Class Objects Key Parameters table of this section.
7. In the Constructor field, use the name of class objects to set the Objectname format. For
more details, refer to the Class Objects Key Parameters table of this section.
8. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.
933
Class Studio
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Members of the admin group can also add a drop-down list that retrieves and displays all the
scopes that can be used as shared networks.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on DHCP shared network . The DHCP shared network wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Pre-defined variable
Predefined variables can be seen as fully fledged class objects with only one value and purpose.
To set up a pre-defined variable, refer to the appendix Class Studio Pre-defined Variables to
understand the purpose of each variable and use the Value field appropriately.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Pre-defined variable . The Pre-defined variable wizard opens.
6. Configure the variable, following the details in the appendix Class Studio Predefined Variables.
934
Class Studio
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Upload file
In addition to the fields, checkboxes and drop-down lists, Class Studio also allows the integration
of an upload tool to the addition and edition wizards. Once added to the class, the related wizards
is added a File name field and a BROWSE button. Clicking on the latter opens a window that allows
to upload any file to SOLIDserver database.
Note
Uploaded files cannot excess 300 MB.
Uploaded files are stored temporarily in the /tmp folder of the appliance and deleted shortly after.
The upload tool can therefore be used to import CSV files or other types of files to be processed
straight away by other class objects.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Upload file . The Upload file wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.
You can close Class Editor or keep adding other class objects to the same class.
Warning
Renaming an object already used by a resource will delete all the class data it is
associated with. It can only be retrieved by renaming the object back, before filling
any new class data through the newly edited object..
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
935
Class Studio
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the creation panel, click on the gray box displaying the name of the class object to edit.
The corresponding object class wizard opens.
5. Edit the class object according to your needs following the Adding Class Objects correspond-
ing procedure.
6. Click on OK to commit your configuration. The object is updated in the creation panel.
Note
A Multiple select can only be effective if placed underneath an Input object.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to organize. Class Editor opens.
4. In the creation panel, drag and drop the class objects to change their display order once the
the class is use don a resource.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to delete. Class Editor opens.
4. In the creation panel, right of the class object to delete, click on the garbage icon. The wizard
opens.
5. Click on OK to commit your deletion. The object is no longer listed in the creation panel.
936
Class Studio
[a-zA-Z] means "match lower case and upper case letters a-z"
{1,25} means "match the previous item (the letters which format was explained in the previous
line) 1 to 25 times"
937
Class Studio
938
Chapter 91. Packager
From the Administration module, Packager allows to import a set of customized functionalities
via an archive file directly from the GUI. Once uploaded, installing packages can affect interfaces,
databases, system files, etc. depending on what they contain. These functionalities can take the
form of classes, services (also called macros), reports or rules.
Packager is composed of two pages: All Packages and All package files. From the All Packages
page you can import or create, install, uninstall and delete your packages. The All package files
page simply provides the content of the packages.
Packager reuses the principle of the module of the same name in 3.0.1 however it uses different
services. Therefore, packages created or used in previous versions of SOLIDserver cannot be
used with the current version.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
The All packages page contains seven columns: Name, Description, Version, Vendor, Creation
time, Install time and Status. The columns allow to filter and sort the packages database. You
cannot edit the page listing template. To display all this information in one panel, you can go to
the package properties page.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. At the end of the line of the package of your choice, click on . The server properties pages
opens.
As for the packages content, it is listed on the All package files page.
939
Packager
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the breadcrumb, click on All package files. The All package files page opens.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Click on the name of the package of your choice. The All package files page of the selected
package opens.
The All package files page contains five columns: filename, Directory, Type, Package version
and Version. You cannot edit the page listing template.
Uploading Packages
From the All packages page you can upload your own packages in a .tar archive file.
• uploading a package simply stores it locally on the appliance. Once uploaded, you need to install
it to push the files it contains. For more details, refer to the section Installing Packages.
• each package has a unique name, version and content, so you cannot upload a package if it
is already listed on the page unless the version or name differs. If at least one of the files it
contains is already installed, you will not be able to install your package.
• packages from previous versions of SOLIDserver are not compatible and therefore not suppor-
ted.
To upload a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the menu, select Add > Upload package. The Upload a package wizard opens.
4. Click on BROWSE to search for the .tar file to import. A window opens to help you browse
through folders.
5. Double-click on the needed file. The window closes and the file is visible in the File name
field of the wizard.
6. Click on OK to commit the upload. The report opens and closes. The All Packages opens
again, the package is listed but it is not installed yet.
Creating Packages
If you want you can create your own packages from the All packages page. In this case, you can
configure it with existing rules, services, reports and classes.
940
Packager
• creating a package does not install it. Once created, you need to install it to push the files it
contains. For more details, refer to the section Installing Packages.
• each package has a unique name, version and content, so you cannot upload a package if it
is already listed on the page unless the version or name differs. If at least one of the files it
contains is already installed, you will not be able to install your package.
• you cannot include system files to your package. If you include any of SOLIDserver system
files during the creation, you will not be able to install the package.
To create a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the menu, select Tools > Expert > Create a package. The Create a package wizard opens.
4. In the Package name field, name the package.
5. In the Version field, type in a version for your package following the format <number>.<num-
ber> .
6. In the Description field, you can describe the package.
7. In the Vendor field, you can type in a vendor name.
8. Click on NEXT . The Package files selection page opens.
9. Configure the content of your package.
Once you selected the class that suits your needs, click on ADD . The class is moved to
the Selected files list. You can add as many classes as needed.
To remove a class, select it the Selected files list and click on DELETE .
941
Packager
Once you selected the class that suits your needs, click on ADD . The service is moved
to the Selected files list. You can add as many services as needed.
To remove a class, select it the Selected files list and click on DELETE .
Once you selected the class that suits your needs, click on ADD . The report is moved
to the Selected files list. You can add as many services as needed.
To remove a class, select it the Selected files list and click on DELETE .
Once you selected the class that suits your needs, click on ADD . The rule is moved to
the Selected files list. You can add as many services as needed.
To remove a class, select it the Selected files list and click on DELETE .
10. Click on OK to commit the package creation with all the files listed in the Selected files field.
The report opens and closes. The All Packages opens again, the package is listed but it is
not installed yet.
Editing Packages
You cannot edit a package. If one of your packages contains files than you no longer require
or if it misses files, you need to replace it.
942
Packager
Installing Packages
Installing a package pushes its files to the relevant parts of the appliances. When uploading or
creating a package, it is simply listed in the GUI. If you do not install it, the files it contains are
simply stored locally but not used.
To install a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to install.
4. In the menu, select Edit > Install. The Install a package wizard opens.
5. Click on OK to commit the package installation. The report opens and works until all the files
are pushed. The All Packages opens again, in the Status column the package is marked
installed.
Uninstalling Packages
Uninstalling a package allows to revert all the changes that the files it contains were performing.
It also allows to delete a package: you cannot delete a package if it is installed, that is to say
used.
To uninstall a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to uninstall.
4. In the menu, select Edit > Uninstall. The Uninstall a package wizard opens.
5. Click on OK to commit your changes. The report opens and closes. The All Packages opens
again, in the Status column the package is marked uninstalled.
943
Packager
Downloading Packages
At any time you can download a package, whether it is installed or not.
Keep in mind that you can only download one package at a time.
To download a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package you want to download.
4. In the menu, select Edit > Download . The Downloading a package wizard opens.
5. Click on OK to commit your choice. The report opens, the package is now stored in an archive
.tar file on the Local files listing page (Administration tab homepage > Maintenance > Local
files listing). If you do not want to download the file on your computer, go to step 7.
6. Click on DOWNLOAD to save the package locally or open and save it depending on your
browser.
7. Click on CLOSE . The wizard closes and the All packages page is visible again.
Deleting Packages
Once you no longer need a package you can delete it as long as it is no longer used. This means
that if the package you want to delete is currently installed, you need to uninstall it before following
the procedure below. For more details, refer to the section Uninstalling Packages.
To delete a package
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to delete.
4. In the menu, select Edit > Delete . The Delete wizard opens.
5. Click on OK to commit the package deletion. The report opens and closes. The package is
no longer listed.
944
Appendix A. DHCP Options
Table of Contents
Basic Options ................................................................................................................ 945
Server Parameters ........................................................................................................ 946
Lease Information Options ............................................................................................. 947
WINS/NetBIOS Options ................................................................................................. 947
Host IP Options ............................................................................................................. 947
Interface Options ........................................................................................................... 948
Servers Options ............................................................................................................ 949
BOOTP Compatibility Options ........................................................................................ 951
DHCP Packet Fields Options .......................................................................................... 952
Microsoft DHCP Client Options ...................................................................................... 953
NetWare Client Options ................................................................................................. 954
NIS/NISplus Options ...................................................................................................... 954
Miscellaneous ............................................................................................................... 955
Vendor MSFT Options ................................................................................................... 955
Vendor Nwip Options ..................................................................................................... 955
This appendix describes all the DHCP options that you can configure through the Configure
DHCP options wizard at server, group, scope range and statics level (from the object properties
page through the DHCP options panel EDIT button). You will find sets of options that follow each
of the available categories in the wizard.
Basic Options
Table A.1. The Basic DHCP Options
Name Code Value type Description
broadcast address 28 IP address specifies the broadcast address for the inter-
face's subnet.
domain name 15 text (name) domain name which client will use when
resolving name via DNS.
domain-name-servers 6 list of IP addresses list of Domain Name Servers (DNS) available
for this client These servers are listed by order
of preference.
host name 12 text (name) client host name.
routers 3 list of IP addresses list of routers for client subnet. These servers
are listed by order of preference.
Authoritative N/A boolean allocation and checking of IP addresses ac-
cording to network segment where the DHCP
client is connected.
Default lease time N/A duration (in default lease duration.
seconds)
Max lease time N/A duration (in maximum lease duration (unavailable for
seconds) BOOTP lease).
945
DHCP Options
Server Parameters
These options concern the technical parameters on the server side.
946
DHCP Options
WINS/NetBIOS Options
Table A.4. The WINS/NetBIOS Options
Name Code Value type Description
netbios-name-servers 44 list of IP addresses list of WINS servers or of Net-BIOS name
servers (NBMS) defined by RFC1001 and
a
RFC1002. These servers are sorted by order
of preference.
netbios-dd-server 45 list of IP addresses list of NetBIOS datagram distribution servers
(NBDD), defined by RFC1001 and RFC1002.
These servers are sorted by order of prefer-
ence.
netbios-node-type 46 number type of NetBIOS knot described in RFC1001
and RFC1002. The value is represented by
a numerical code: 1 for B-node, 2 for P-node,
4 for M-node, 8 for H-node.
netbios-scope 47 text (name) netbios-scope name value of NetBIOS scope
specified in RFC1001 and RFC1002.
a
For more details, refer to the IETF website: RFC1001 is at http://tools.ietf.org/html/rfc1001 and RFC1002 at ht-
tp://tools.ietf.org/html/rfc1002.
Host IP Options
Table A.5. The Host IP Options
Name Code Value type Description
Default-ip-ttl 23 duration (in default lifetime that the client must use to send
seconds) a datagram on the network. Valid values
between 1 and 255.
Ip-forwarding 19 boolean this option specifies whether the client should
configure its IP layer for packet forwarding
a
(RFC1533) .
Max-dgram-reas- 22 number maximum size of datagram which the client
sembly must prepare to assemble.
non-local-source-rout- 20 boolean allow the source-routing forwarding if the next-
ing hop is on a different physical interface from
b
that crossed by the datagram RFC1122 .
947
DHCP Options
Interface Options
Table A.6. The Interface Options
Name Code Value type Description
All-subnets-local 27 boolean specifies if the IP interface must demand that
all subnets with which it communicates use
the same MTU as that used by the physical
interface.
Arp-cache-timeout 35 duration (in this option specifies the timeout in seconds
seconds) for ARP cache entries.
Auto configure 116 boolean this option code is used to ask whether, and
be notified if, auto-configuration should be
disabled on the local subnet.
Broadcast-adress 28 IP address specifies the broadcast address for the inter-
face's subnet.
Classeless static route 121 list of IP addresses this option allows to use the routers used by
the IP protocol to set up a packet transmission
path between two IP hosts (one source and
one destination host) through the router IP
address, listed in the routing table. This option
obsoletes the Static Route option (option 33),
a
refer to RFC3442 for more details .
Default-tcp-ttl 37 duration (in this option specifies the default TTL that the
seconds) client should use when sending TCP seg-
ments.
Ieee802-3-encapsula- 36 boolean specifies if the client must use Ethernet Ver-
tion sion 2 encapsulation or IEEE 802.3 on its in-
terface if it is ethernet.
948
DHCP Options
Servers Options
Table A.7. The Server Options
Name Code Value type Description
a
Cookie-servers 8 list of IP addresses Lists the cookie servers (RFC865) available
for this client. These servers are listed by or-
der of preference.
Finger-servers 73 list of IP addresses List of Finger servers. These servers are
sorted by order of preference.
Font-servers 48 list of IP addresses Lists the system-X Windows font servers
available for this client. These servers are
sorted by order of preference.
949
DHCP Options
950
DHCP Options
951
DHCP Options
952
DHCP Options
953
DHCP Options
NIS/NISplus Options
Table A.12. The NIS/NISplus Options
Name Code Value type Description
Nis-domain 40 name Specifies the name of the client's NIS domain.
The domain is formatted as a character string
consisting of characters from the NVT ASCII
character set.
Nis-servers 41 list of IP addresses Lists the IP of NIS servers available for the
client. The servers can be sorted by order of
preference.
Nis-plus-domain 64 name Specifies the name of the client's NIS+ do-
main. The domain is formatted as a character
string consisting of characters from the NVT
ASCII character set.
Nis-plus-servers 65 list of IP addresses Specifies a list of IP addresses indicating
NIS+ servers available to the client. Servers
should be listed in order of preference.
Autoretries 8 provided by the This option specifies a list of Quote of the Day
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Autoretry secs 9 provided by the This option specifies a list of LPR servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Nearest nwip server 7 provided by the This option specifies a list of MIT-LCS UDP
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
954
DHCP Options
Miscellaneous
Table A.13. Other DHCP Options
Name Code Value type Description
Domain search 119 list of domains DNS domain search list.
Name service search 117 Name Service Search.
955
DHCP Options
956
Appendix B. MAC Address Types
References
This appendix lists all the MAC address types used in SOLIDserver that you can display on the
DHCP All statics page both in IPv4 and IPv6. There is a set of 31 different types of MAC addresses
that you can specify when adding or editing DHCP statics. Each type corresponds to a protocol
that has been assigned a reference number defined in the IANA Address Resolution Protocol
(ARP). In the GUI, this reference will add an extra byte at the beginning of the MAC addresses
listed in the default MAC address column of the All statics page. Typically, the MAC addresses
listed in this column will look as follows: <1_byte_MAC_type_reference>:<6_bytes_MAC_address>.
The different types of MAC addresses can be listed separately from the MAC address itself using
the DHCP static MAC type column. This column will display two columns: the MAC type column
that will display the MAC type code (except for Ethernet that will be listed in full letters) and the
MAC address column that will display the MAC address in its traditional format.
Note
Every reference is listed in hexadecimal form in the wizard. Therefore, the ARP
parameter 10 (for Autonet) is listed as 0a and so forth.
957
MAC Address Types References
958
Appendix C. DNS Resource Records
Related Fields
This appendix simply provides a table listing, record per record, the different fields to configure
when adding a resource record to a zone. For more details regarding each record specificities
and addition procedure, refer to the Adding a Resource Record section of this guide.
959
DNS Resource Records Related
Fields
960
Appendix D. User Tracking Services
Filter
This appendix provides a list of the available filters in the Services drop-down list of the page
User Tracking. For more details regarding this page, refer to the section User Tracking.
961
User Tracking Services Filter
Services Description
Add: IPv4 blocks All the IPv4 block additions and editions
Add: IPv6 blocks All the IPv6 block additions and editions
Delete: IPv4 blocks All the IPv4 block deletions
Delete: IPv6 blocks All the IPv6 block deletions
Subnet All the subnet related operations
Add: IPv4 subnets All the IPv4 subnet additions and editions
Add: IPv6 subnets All the IPv6 subnet additions and editions
Delete: IPv4 subnets All the IPv4 subnet deletions
Delete: IPv6 subnets All the IPv6 subnet deletions
Pool All the pool related operations
Add: IPv4 pools All the IPv4 pool additions and editions
Add: IPv6 pools All the IPv6 pool additions and editions
Delete: IPv4 pools All the IPv4 pool deletions
Delete: IPv6 pools All the IPv6 pool deletions
Address All the IP address related operations
Add: IPv4 addresses All the IPv4 address additions and editions
Add: IPv6 addresses All the IPv6 address additions and editions
Delete: IPv4 addresses All the IPv4 address deletions
Delete: IPv6 addresses All the IPv6 address deletions
Alias All the aliases related operations
Add: aliases to IPv4 addresses All the IPv4 alias additions and editions
Add: aliases to IPv6 addresses All the IPv6 alias additions and editions
Delete: Pv4 addresses aliases All the IPv4 alias deletions
Delete: IPv6 addresses aliases All the IPv6 alias deletions
DNS All the DNS services
DNS server All the DNS server related operations
Add: DNS servers All the DNS server additions and editions
Delete: DNS servers All the DNS server deletions
DNS zone All the DNS zone related operations
Add: DNS zones All the DNS zone additions and editions
Delete: DNS zones All the DNS zone deletions
DNS RR All the DNS record related operations
Add: DNS RRs All the DNS record additions and editions
Delete: DNS RRs All the DNS record deletions
Rule All the rule related operations
Add: rules All the rule additions and editions
Delete: rules All the rule deletions
Group All the group of users related operations
962
User Tracking Services Filter
Services Description
Add: groups All the group of users additions and editions
Delete: groups All the group deletions
Users Add: user as group resource All the additions of users as resource of a group
Users Remove: user from group re- All the deletions of users from the resources of a group
source
User All the users related operations
Users Add: users All the user additions and editions
Users Delete: users All the user deletions
System All the system related operations
Install: Packages All the operations related to package installation
Uninstall: Packages All the operations related to package uninstallation
Class All the Class Studio related operations
Add: classes All the class additions and editions
Delete: classes All the class deletions
963
Appendix E. Class Studio Pre-defined
Variables
This appendix provides a list of the available Class Studio pre-defined variables. For more details
regarding the addition details, refer to the section Pre-defined variable of the chapter Class Studio.
To properly configure the pre-defined variables value and understand the purpose of each one
of them, follow the description below.
USER_SOURCE_TYPE
This variable allows to specify the user source.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
964
Class Studio Pre-defined Variables
IP_MANDATORY_MAC_ADDR
This variable allows to make the MAC address field mandatory in the IPv4 and IPv6 address
addition and edition wizards.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
IP_NOT_EDITABLE_MAC_ADDR
This variable allows to prevent users from editing the MAC address field in the IPv4 and IPv6
address addition and edition wizards.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
DHCP_STATIC_NOT_EDITABLE_MAC_ADDR
This variable allows to prevent users from editing the MAC address field in the DHCP static
addition and edition wizards.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_ACTION
This variable allows to hide the Action requested field in the Workflow outgoing requests
addition wizard.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_ATTACH_TO
This variable allows to hide the Attach to drop-down list in the Workflow outgoing requests
addition wizard.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_SOURCE
This variable allows to hide the Requesting user field in the Workflow outgoing requests ad-
dition wizard.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_SPACE
This variable allows to associate a Workflow request with a space directly from the addition/edi-
tion wizard in the IPAM.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_BLOCK
This variable allows to associate a Workflow request with a block directly from the addition/edi-
tion wizard in the IPAM.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_SUBNET
This variable allows to associate a Workflow ticket with a subnet directly from the addition/edi-
tion wizard in the IPAM.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_POOL
This variable allows to associate a Workflow ticket with a pool directly from the addition/edition
wizard in the IPAM.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
965
Class Studio Pre-defined Variables
WORKFLOW_ADD_TICKET_ADDRESS
This variable allows to associate a Workflow ticket with an IP address directly from the addi-
tion/edition wizard in the IPAM.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_DNSZONE
This variable allows to associate a Workflow ticket with a zone directly from the addition/edition
wizard in the DNS.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
FORCE_SUBNET_PREFIX
This variable allows to force the value of a subnet prefix in the addition wizard. For more
details, refer to the Force prefix section of this guide.
Value: the prefix of your choice following the format <number>. Leave the field empty to
disable the variable.
HIDE_IP_ALIAS
This variable allows to hide the Aliases configuration page in the IP address addition wizard.
For more details, refer to the Configuring IP Address Aliases section of this guide.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
HOSTDEV_IS_SWITCH
This variable allows to specify that a device is a switch in the module Device manager.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
NO_SPACE_FATHER_VLSM
This variable allows to prevent a space from being affiliated with a parent space in the space
addition wizard.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
NO_VLSM_SUBNET
This variable allows to prevent users from setting a subnet as non-terminal in the subnet
addition wizard. The Terminal subnet checkbox is hidden.
Value: 1 (one) to enable the variable. Leave the field empty to disable it.
BLOCK_TYPE
This variable allows to set manually the start and end address of a block, like you are able
to when creating DHCP ranges or IPAM pools.
Value: range to enable the variable. Leave the field empty to disable it.
966
Appendix F. Matrices of Network Flows
Table of Contents
IPAM Network Flows ...................................................................................................... 968
DHCP Network Flows .................................................................................................... 969
SOLIDserver DHCP .............................................................................................. 969
Windows 2000, 2003, 2008 DHCP Agent ................................................................ 970
Windows 2000, 2003, 2008 DHCP Agentless .......................................................... 971
DNS Network Flows ...................................................................................................... 972
SOLIDserver DNS ................................................................................................. 972
Windows 2000, 2003, 2008 DNS ............................................................................ 973
Windows 2000, 2003, 2008 DNS Agentless ............................................................ 974
NetChange Network Flows ............................................................................................ 975
High Availability Management Network Flows .................................................................. 976
967
Table F.1. List of Network Flows for SOLIDserver IPAM
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
web Client web any SOLIDserver 80 TCP HTTP Graphic User Interface (WEB)
IPAM
web Client web any SOLIDserver 443 TCP HTTPS Graphic User Interface (WEB)
IPAM
DNS SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM Network Flows
IPAM
DNS SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management
NTP client SOLIDserver any NTP server 123 UDP NTP Required for ActiveDirectory
968
IPAM
TFTP Client any SOLIDserver 69 UDP TFTP Required for client for the file transfer
NTP server Client any SOLIDserver 123 UDP NTP Optional service
LDAP server SOLIDserver any LDAP 380 TCP LDAP Accounting
Matrices of Network Flows
IPAM
GSS - TSIG SOLIDserver any LDAP 389 TCP LDAP Authentication for MS DNS Update
IPAM
Table F.2. List of Network Flows for SOLIDserver DHCP
Component Address src Port Address dst Port UDP Protocol Notes
src dst TCP
SOLIDserver SOLIDserver any DHCP 1162 UDP SNMP SNMP v1, v2c, v3
IPAM IPAM
SOLIDserver DHCP
DHCP eip DHCP master any DHCP slave 647 TCP Failover Failover and load sharing
SOLIDserver DHCP any DNS 162 UDP SNMP Send a trap on event
IPAM TRAP
DHCP Network Flows
DHCP DHCP slave any DHCP master 847 TCP Failover DHCP failover channel
NTP client DHCP any NTP server 123 UDP NTP Required to synchronize DHCP failover
NTP server Client any SOLIDserver 123 UDP NTP Optional service
SYSLOG DHCP any SYSLOG 514 UDP SYSLOG Syslog network redirection on SOLIDserver
TFTP Client any SOLIDserver 69 UDP TFTP Required for client for the file transfer
969
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management
DHCP DHCP - Client DHCP - ICMP PING/ECHO Ping direct
DHCP Client DHCP - DHCP - ICMP Reply Ping direct
Matrices of Network Flows
DHCP Client DHCP 68 DHCP 67 UDP DHCP Required for DHCP service
DHCP DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
DHCPv6 Client DHCP 546 DHCP 547 UDP DHCP Required for DHCPv6 service
DHCPv6 DHCP 547 Client DHCP 546 UDP DHCP Required for DHCPv6 service
Table F.3. List of Network Flows for Microsoft DHCP with the EfficientIP DHCP Agent
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any WinDHCP 4000 TCP WINDHCP Required for DHCP management
IPAM IPAM
DHCP Client DHCP 68 MS DHCP 67 UDP DHCP Required for DHCP service
DHCP MS DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
Windows 2000, 2003, 2008 DHCP Agent
970
Matrices of Network Flows
Table F.4. List of Network Flows for Microsoft Agentless DHCP
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
DHCP Client DHCP 68 DHCP 67 UDP DHCP Required for DHCP service
DHCP DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
SOLIDserver SOLIDserver any MS DHCP 135 TCP MSRPC Microsoft Remote Procedure Calls (MSRPC)
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 136 UDP/TCP profile PROFILE Naming System
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 137 UDP/TCP netbios-ns NETBIOS Name Service
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 138 UDP/TCP netbios-dgm NETBIOS Datagram Service
IPAM IPAM
971
Windows 2000, 2003, 2008 DHCP Agentless
Matrices of Network Flows
Table F.5. List of Network Flows for SOLIDserver DNS
Component Address src Port Address dst Port UDP Protocol Notes
src dst TCP
SOLIDserver SOLIDserver any DNS 53 UDP/TCP DNS DNS resolution and DDNS update
SOLIDserver DNS
IPAM IPAM
NTP client DNS any NTP server 123 UDP NTP Required to synchronize DNS clock
NTP server Client any SOLIDserver 123 UDP NTP Optional service
SYSLOG DNS any SYSLOG 514 UDP SYSLOG Syslog network redirection on SOLIDserver
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management
972
DNS DNS any DNS 53 UDP/TCP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
a
DNS DNS 53 DNS 2053 UDP DNS DNS notify
Matrices of Network Flows
DNS DNS any SOLIDserver 162 UDP TRAP Send a trap on event
HSM HSM any SOLIDserver 9004 UDP/TCP nCipher Required for DNSSEC signing with HSM
HSM HSM any SOLIDserver 9004 UDP/TCP nCipher Required for DNSSEC signing with HSM
a
The port number 2053 is used to send notify from the DNS server to the management plateform. This notify can be configured to speed up the RR upload on DNS
zone change.
Table F.6. List of Network Flows for Microsoft DNS
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM IPAM
SOLIDserver SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM IPAM
DNS DNS any DNS 53 UDP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
SOLIDserver SOLIDserver any WinDNS 4001 TCP WinDNS Required for MS DNS management
Windows 2000, 2003, 2008 DNS
IPAM IPAM
GSS - TSIG SOLIDserver any LDAP 389 TCP LDAP Authentication for MS DNS Update
IPAM
973
Matrices of Network Flows
Table F.7. List of Network Flows for Microsoft Agentless DNS
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM IPAM
SOLIDserver SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM IPAM
DNS DNS any DNS 53 UDP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
SOLIDserver SOLIDserver any MS DNS 135 TCP MSRPC Microsoft Remote Procedure Calls (MSRPC)
IPAM IPAM
SOLIDserver SOLIDserver any MS DNS 136 UDP/TCP profile PROFILE Naming System
IPAM IPAM
974
SOLIDserver SOLIDserver any MS DNS 137 UDP/TCP netbios-ns NETBIOS Name Service
Windows 2000, 2003, 2008 DNS Agentless
IPAM IPAM
SOLIDserver SOLIDserver any MS DNS 138 UDP/TCP netbios-dgm NETBIOS Datagram Service
IPAM IPAM
Matrices of Network Flows
Table F.8. List of Network Flows for SOLIDserver NetChange
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
Network device SOLIDserver any Network 161 UDP SNMP SNMP v1, v2c, v3
IPAM
DNS Server SOLIDserver any DNS 53 UDP DNS DNS resolution
IPAM
NetChange Network Flows
975
Matrices of Network Flows
Table F.9. List of Network Flows for SOLIDserver High Availability
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
The Hot Standby checks every 10 seconds if
SOLIDserver SOLIDserver the Master is still running (what is called the
Web service any 443 TCP HTTPS
Hot Standby Master Heartbeat) and if not is ready to switch to
Master.
The Master answers to the Hot standby and
SOLIDserver SOLIDserver
Web service any 443 TCP HTTPS let it know if it is still running or has to become
Master Hot Standby
the Hot Standby.
Database replica- SOLIDserver SOLIDserver The Hot Standby replicates the Master data-
any 5432 TCP PostgreSQL
tion Hot Standby Master base in real time.
The Master sends any new data to the Hot
Standby database in real time. This way, in
Database replica- SOLIDserver SOLIDserver
976
any 5432 TCP PostgreSQL case of a switch, the new Master does not
tion Master Hot Standby
contain less data than the former master appli-
ance.
Matrices of Network Flows
Configuring FreeRadius
Configuring the Radius Server
The Radius server must be configured with the addresses of the SOLIDserver (the Radius 'clients')
that will connect to it. The Efficientip vendor number is 2440.
The efficientip dictionary must be configured to send back the following attributes:
dictionary.efficientip
#Dictionnary for efficientip
BEGIN-VENDOR efficientip
977
Configuring Radius
END-VENDOR efficientip
clients.conf
client 192.168.1.5 {
secret = mysecretpassword
shortname = solideserver
}
huntgroups
eip NAS-IP-Address == 192.168.1.5
users
DEFAULT Huntgroup-Name == eip, LDAP1-Ldap-Group == "cn=MLM.ACCES.ECRITURE.SWITCH,ou=securitygroups,
o=myorganization", Auth-Type := LDAP1
efficientip-groups = "admin-rw",
Fall-Through = no
In the following example, you define a RADIUS vendor/VSA import file that has EfficientIP as a
vendor and 2440 as IETF number:
978
Configuring Radius
[efficientip-version]
Type=INTEGER
Profile=OUT
[efficientip-service-class]
Type=INTEGER
Profile=OUT
[efficientip-identity-type]
Type=INTEGER
Profile=OUT
[efficientip-first-name]
Type=STRING
Profile=OUT
[efficientip-last-name]
Type=STRING
Profile=OUT
[efficientip-pseudonym]
Type=STRING
Profile=OUT
[efficientip-ip-host]
Type=STRING
Profile=OUT
[efficientip-email]
Type=STRING
Profile=OUT
[efficientip-first-login-path]
Type=STRING
Profile=OUT
[efficientip-maintainer-group]
Type=STRING
Profile=OUT
[efficientip-groups]
Type=STRING
Profile=MULTI OUT
[efficientip-admin-group]
Type=STRING
Profile=OUT
[efficientip-extra-blob]
Type=STRING
Profile=OUT
979
Configuring Radius
3. Once you are in the right directory, execute the command below:
CSUtil.exe -addUDV 5 efficientip.ini
In this command, the number 5 is an unused ACS RADIUS vendor slot number and efficien-
tip.ini is the name of the EfficientIP’s RADIUS vendor/VSA import file you created earlier.
4. Press Enter. A CSUtil.exe confirmation prompt appears.
5. Confirm that you want to add the RADIUS vendor and halt all ACS services during the pro-
cess, type Y and press Enter. CSUtil.exe halts ACS services, parses the vendor/VSA input
file, and adds the new RADIUS vendor and VSAs to ACS. This process may take a few
minutes. After it is complete, CSUtil.exe restarts ACS services.
980
Appendix H. SPX
Table of Contents
Prerequisites ................................................................................................................. 981
Enabling the SPX Classes ............................................................................................. 982
Enabling the SPX Rules ................................................................................................. 982
Managing your RIPE Network With SOLIDserver ............................................................. 982
Configuring the Connection to the RIPE .................................................................. 983
Importing Your Network Objects ............................................................................. 986
Adding RIPE Objects From the GUI ........................................................................ 989
Editing RIPE Objects From the GUI ........................................................................ 995
Deleting RIPE Objects From the GUI ...................................................................... 998
Making Sure the RIPE Received Your Changes ..................................................... 1000
Validating a New Assignment Window ................................................................... 1000
Editing the Connection to the RIPE ....................................................................... 1001
The Service Provider eXtension (SPX) is a module that can be integrated to the IPAM through
a dedicated licence option. It can assist Local Internet Registry (LIR) declarations as it allows to
manage the complete life cycle of the IP address networks allocated to you by a Regional Internet
Registry (RIR) member.
From SOLIDserver GUI, you can manage your networks whether they were allocated to you by
the RIPE (Réseaux IP Européens).
Prerequisites
To properly use the SPX module you must:
To make sure you do have this licence option, the administrator can go to the Administration
homepage and in the menu select System > Licences. In the Activation keys panel, all the li-
cence options are listed: SPX must be listed.
2. Configure SOLIDserver to match your network organization:
a. Enabling the dedicated classes.
b. Enabling the dedicated rules.
c. Providing your RIR network details to SOLIDserver and then add or import the relevant
data (users, ranges of IP addresses...).
3. Edit the subnets in the GUI: the licence automatically sends your information to the relevant
RIR member.
No matter what RIR you depend on, there is only one wizard to configure SOLIDserver. Once
SPX is properly set and matches your network, only subnets can be added and edited: their
containers are managed by the RIR itself. Whenever you add or edit subnets through the GUI,
an email is sent to your RIR.
981
SPX
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Directory column filtering field, type in SPX. Only the default SPX classes are listed.
4. Next to the Name column tick the checkbox, all the classes of the directory are selected.
5. In the menu, select Edit > Enable class. The Enable class wizard opens.
6. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The classes are marked as Enabled in the Status column.
These rules are designed to automate the communication with the RIPE: send your changes and
receive the RIPE answers.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the Module column filtering field, type in RIPE. The SPX rules are listed.
4. Next to the Name column tick the checkbox, all the classes of the module are selected.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The rules are marked as OK in the Status column.
1. Configure SOLIDserver to retrieve RIPE organization details and send out the changes per-
formed in the GUI.
2. Import your network details (blocks, inetnums, users) to have a complete overview from the
GUI.
3. Manage your network from the GUI: edit, create and delete persons, inetnums, inet6nums,
aut-nums...
982
SPX
1
SOLIDserver supports Provider Aggregatable and Provider Independent addresses . You can
import or add them using dedicated classes available for blocks and inetnums.
The procedures of this section describe the fields configured in the default RIPE classes. If your
administrator configured specific RIPE classes, there might be extra fields that are not detailed
in this guide.
It allows you provide your RIPE organization details and set up management preferences using
SOLIDserver classes. These classes apply to IPv4 and IPv6 blocks, IPv4 and IPv6 subnets (in-
etnums), autnums and finally users. So before you start the configuration make sure that:
• you have all your RIPE network details: maintainer, organization, registry identifier, administrator
contact (admin-c) and user contact (person).
• your RIPE classes and rules are enabled. If you did not enable the RIPE classes, you cannot
finish the configuration.
Keep in mind that this configuration wizard allows to configure your RIPE database as well as
your TEST database, if you have one.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. Configure your RIPE settings:
1
For more details, refer to the page http://www.ripe.net/lir-services/member-support/info/faqs/isp-related-questions/pa-pi.
983
SPX
j. In the AW validation (email) field, type in the email of the person notified if you exceed
the number of IP addresses of your Assigned Window. This person has to be able to
perform the appropriate procedures if your new inetnums exceed the allocated range
of addresses.
k. In the AW size field, type in the number of IP addresses allocated to you by the RIPE
via the Assigned Window .
l. In the Update method drop-down list, select POST or EMAIL. POST is selected by default
and is a service based method to notify the RIPE of any changes . If you select EMAIL,
three fields appear. They allow you to configure an email based changes notification
process:
i. In the Update pop3 mailbox field, type in the pop3 address of your mail server.
ii. In the Update mailbox login field, type in the login of the specified mail server.
iii. In the Update mailbox password field, type in the password of the specified mail
server.
m. If you selected the POST update method, the Expert mode drop-down list allows you
to set up a proxy server to communicate changes to the RIPE. By default, No is selected.
i. In the Whois RIR host field, type in the full name of the proxy server.
ii. In the Whois port field, type in the number of the Whois RIR host port used to
transmit information to the RIPE. Port 80 is generally used.
iii. In the RIR Update host field, type in the name of the RIPE server receiving your
updates.
iv. In the RIR update URL field, type in the URL of the RIPE server receiving your up-
dates.
v. In the Email used for the update field, type in the email address used as source
when notifying the RIPE of any updates.
4. Once all the fields are filled, click on ADD . The details are moved to the Maintainer list and
displayed as follows: Source: <selected-source> - Maintainer : <maintainer-name> .
5. Repeat these steps for as many maintainers as needed.
6. On the RIPE Block class configuration page, configure the class(es) for your RIPE blocks:
a. In the Block class drop-down list, select one of your classes or the default class
2
SPX/RIPE_Block .
b. In the Block PI class drop-down list, select one of your classes or the default class
SPX/RIPE_PI_block.
c. Click on the NEXT . The next page opens.
7. On the Ripe subnet class configuration page, configure the class(es) for your RIPE inetnums:
2
All the classes name can be preceded by a / if they belong to a specific directory, following the format: <directory-name>/<class-
name>. In this case, the default class RIPE_Block belongs to the directory SPX.
984
SPX
a. In the Subnet class drop-down list, select one of your classes or a default class:
SPX/RIPE_PI_subnet or SPX/RIPE_subnet.
b. The selected class is moved to the New subnet class field.
c. Click on to confirm its selection. The class is moved to the List of ripe subnet.
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.
8. On the RIPE Block (v6) class configuration page, configure the class(es) for your IPv6 RIPE
blocks:
a. In the Block class (v6) drop-down list, select one of your classes or the default class
SPX/RIPE_Block.
b. Click on the NEXT . The next page opens.
9. On the Ripe subnet (v6) class configuration page, configure the class(es) for your IPv6
RIPE inetnums:
a. In the Subnet class (v6) drop-down list, select one of your classes or the default class
SPX/RIPE_subnet.
b. The selected class is moved to the New subnet class (v6) field.
c. Click on to confirm its selection. The class is moved to the List of RIPE subnets (v6).
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.
10. On the Ripe autnum class configuration page, configure the class(es) for your autnums:
a. In the New autnum class drop-down list, select one of your classes or the default class
SPX/RIPE.
b. The selected class is moved to the New AutNum class field.
c. Click on to confirm its selection. The class is moved to the List of RIPE AutNum.
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.
11. On the Ripe user class configuration page, configure the class(es) for your RIPE users:
a. In the New user class drop-down list, select one of your classes or the default class
SPX/RIPE_person.
b. The selected class is moved to the New user class field.
c. Click on to confirm its selection. The class is moved to the List of RIPE users.
d. Repeat these actions for as many classes as needed.
12. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
At any time, you can edit these settings or add new maintainers, for more details refer to the
section Editing the RIPE Configuration.
985
SPX
• blocks,
• inetnums,
• inet6nums,
• persons,
• aut-nums and policies.
From the GUI, you can import existing blocks, inetnums, inet6nums, aut-nums and persons. Once
imported, you can edit them or their content through the GUI.
Keep in mind that the blocks can only be imported.You can then edit their content through inetnum,
inet6num and person additions, editions and deletions.
Once you imported your network objects, editing the content of your inetnums follows the same
procedures as regular subnets. For more details, refer to the chapter Managing Addresses.
Once your configuration with the RIPE is complete, you can import the blocks that the RIPE al-
located you.
Following the IPAM hierarchy, your block(s) must belong to a space. If you do not have a space,
add one. For more details, refer to the procedure To add a space.
During the import, the Use the "ripe.db.inetnum" file stored in the Local files listing option allows
you to use the "ripe.db.inetnum" file if you uploaded it to the Local files listing before performing
the import. It allows to work with the file content rather than connecting to the RIPE using an In-
ternet connection to obtain the inetnum details.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks.
4. In the menu, select Add > Import > RIPE blocks. The Importing RIPE blocks wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA block class drop-down list, you can choose a class if you manage a block of Pro-
vider Aggregatable IP addresses.
9. In the PI block class drop-down list, you can choose a class if you manage a block of Provider
Independent IP addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
blocks are listed.
986
SPX
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > RIPE Blocks (v6). The Importing IPv6 RIPE blocks wizard
opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA block class drop-down list, you can choose a class if you manage a block of Pro-
vider Aggregatable IP addresses.
9. Click on OK to commit your import. The report opens and closes, the page refreshes. The
blocks are listed.
Once your configuration with the RIPE is complete and you have imported your blocks in a space,
you can import you existing inetnums if you have any. The RIPE inetnum correspond to the
subnets in the IPAM hierarchy.
During the import, the Use the "ripe.db.inetnum" file stored in the Local files listing option allows
you to use the "ripe.db.inetnum" file if you uploaded it to the Local files listing before performing
the import. It allows to work with the file content rather than connecting to the RIPE using an In-
ternet connection to obtain the inetnum details.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Import > RIPE Inetnums. The Importing RIPE inetnums (subnets)
wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA subnet class drop-down list, you can choose a class if you manage subnets of
Provider Aggregatable IP addresses.
9. In the PI subnet class drop-down list, you can choose a class if you manage subnets of
Provider Independent IP addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
inetnums are listed among the subnets.
987
SPX
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > RIPE Inetnums (v6). The Importing RIPE inet6nums
(IPv6 subnets) wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA subnet class drop-down list, you can choose a class if you manage subnets of
Provider Aggregatable IPv6 addresses.
9. In the PI subnet class drop-down list, you can choose a class if you manage subnets of
Provider Indepenedent IPv6 addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
inetnums are listed among the subnets.
Once you imported your inetnums, you can edit them from the GUI. Any change is sent to the
RIPE using the update method that you selected during the maintainer configuration (post or
email).
You can also add subnets from the GUI. These new objects are also communicated to the RIPE.
For more details, refer to the section Adding New RIPE Subnets.
You can import existing RIPE persons on the Users page. In the GUI, they are managed listed
like the other users. The main goal of importing RIPE persons is to edit them from the GUI, any
change is sent to the RIPE following the update method you selected when configuring the
maintainer.
You can create a group for your RIPE persons to gather them but, unlike standard users managed
via the appliance, there is no need to grant them specific rights.
The RIPE persons listed on the Users page do not have access to the appliance if you do not
grant them rights (through the group they belong to) or configure credentials for them.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > Import > RIPE persons. The Import: persons wizard opens.
4. In the Mntner drop-down list, select the maintainer of your choice.
5. Click on OK to commit your import. The report opens and closes, the page refreshes. The
RIPE persons are listed among the users.
988
SPX
You can import Autonomous System numbers (aut-nums) on the AS numbers page.
Importing of AS numbers also imports AS routing policies. The routing policy is described by
enumerating all neighboring AS number with which routing information is exchanged, they are
all listed in the All policies page. For each neighbor, the routing policy is described in terms of
exactly what is being sent (announced) and allowed (accepted). That way, each aut-num contains
policies that describes what can be implemented and enforced locally by said AS number.
Keep in mind the All policies page is accessible from the All AS numbers page. You can access
it through the breadcrumb.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > Import > RIPE aut-nums. The Importing RIPE aut-nums (AS
numbers) wizard opens.
4. In the Maintainer drop-down list, select the maintainer of your choice.
5. In the Class name drop-down list, you can select a class to apply to the aut-nums you are
importing.
6. Click on OK to commit your import. The report opens and closes, the page refreshes. The
aut-nums are listed.
7. In the AutNum name column, click on the name of the aut-num of your choice. The All
policies page displays the policies of this AS number.
• inetnums,
• inet6nums,
• persons,
• aut-nums and their policies.
You cannot add RIPE blocks, you can only import existing ones and edit their content.
Any addition sends a request to the RIPE that is confirmed or denied. The status of that request
can be displayed in a dedicated column on the All subnets and Users pages.
Once you added the network objects of your choice, editing the content of your inetnums follows
the same procedures as regular subnets. For more details, refer to the chapter Managing Ad-
dresses.
Using dedicated classes, the ones that come with the appliance or some that you created, you
can add RIPE subnets, inetnums, using the same addition wizard as standard subnets.
989
SPX
Keep in mind that you must provide the RIPE users that manage your network to SOLIDserver.
So before creating an inetnum, you must have a user in charge of managing it in the RIPE
database. If the inetnum managing person already exists in the RIPE, there is no need to create
it in the GUI, you can import it.
Once you added an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum addition was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Subnet > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The Block
class page opens.
6. In the Block class list, select the RIPE class of your choice. Click on NEXT . The the Subnet
class page opens.
7. In the Subnet class list, select the RIPE class of your choice. Click on NEXT . The Subnet
Size page opens.
8. Select a Subnet search size, Prefix or Netmask. The two other fields are edited accordingly.
9. Click on NEXT . The Search result page opens.
10. In the Subnet address list, select the start address of your choice. The subnet address list
displays the available subnets in the blocks matching the selected block class.
11. Click on NEXT . The Add an IPv4 subnet page appears.
12. Configure the inetnum:
a. The Address, Prefix field are displayed in read-only as they correspond to the criteria
previously set.
b. In the Terminal subnet section, the box is ticked.
c. In the Gateway field, the gateway is displayed. Its IP address corresponds to the default
gateway offset configured. You can edit it if need be.
d. In the Number of pools drop-down list, you can select a value between 1 and 5, depend-
ing on the number of pools you want to create in the inetnum. Once you selected a
value, you need to set the Size and Type of each pool.
e. In the Mode drop-down list, Configurable behaviors is selected by default. If you want
to set particular behaviors for the inetnum, select All behaviors. New fields appear. For
more details, refer to the IPAM section of the Default Behaviors chapter of this guide.
f. In the Inetnum field, the inetnum start and end address are displayed.
g. In the Net name, name the inetnum. The field automatically displays capital letters. The
value entered in also displayed in the Subnet name field.
h. In the Description field, type in a description for the inetnum.
i. In the Country drop-down list, select the country where the organization is located.
13. Click on NEXT . The next page opens and allows you to set up a notify mail:
990
SPX
a. In the Notify mail field, type in the email address of the person notified of any change
made on the inetnum you are creating.
b. Click on . The address is moved to the Notify list.
c. In the Remarks field, you can type in a comment regarding the inetnum.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.
15. Click on OK to commit your creation. The report opens and closes. The subnet is listed, its
state is Creating. Until its status is not OK, the RIPE has not confirmed the addition.
Have a look in the Waiting state column for more details regarding the addition confirmation.
If the inetnum status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.
If the inetnum status stays in wait_aw_confirm, refer to the section Validating a New Assignment
Window.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The Block
class page opens.
6. In the Block class list, select the RIPE class of your choice. Click on NEXT . The the Subnet
class page opens.
7. In the Subnet class list, select the RIPE class of your choice. Click on NEXT . The Subnet
Size page opens.
8. In the Subnet prefix drop-down list, select the value of your choice.
9. Click on NEXT . The Search result page opens.
991
SPX
10. In the Subnet address (v6) list, select the start address of your choice. The subnet address
list displays the available subnets in the blocks matching the selected block class.
11. Click on NEXT . The Add an IPv6 subnet page appears.
12. Configure the IPv6 inetnum:
a. The Address, Prefix field are displayed in read-only as they correspond to the criteria
previously set.
b. In the Terminal subnet section, the box is ticked.
c. In the Gateway field, the gateway is displayed. Its IP address corresponds to the default
gateway offset configured. You can edit it if need be.
d. In the Number of pools drop-down list, you can select a value between 1 and 5, depend-
ing on the number of pools you want to create in the inetnum. Once you selected a
value, you need to set the Size and Type of each pool.
e. In the Mode drop-down list, Configurable behaviors is selected by default. If you want
to set particular behaviors for the IPv6 inetnum, select All behaviors. New fields appear.
For more details, refer to the IPAM section of the Default Behaviors chapter of this guide.
f. In the Ine6tnum field, the IPv6 inetnum start address and prefix are displayed.
g. In the Net name, name the inetnum. The field automatically displays capital letters. The
value entered in also displayed in the Subnet name field.
h. In the Description field, type in a description for the inetnum.
i. In the Country drop-down list, select the country where the organization is located.
13. Click on NEXT . The next page opens and allows you to set up a notify mail:
a. In the Notify mail field, type in the email address of the person notified of any change
made on the IPv6 inetnum you are creating.
b. Click on . The address is moved to the Notify list.
c. In the Remarks field, you can type in a comment regarding the inetnum.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.
992
SPX
15. Click on OK to commit your creation. The report opens and closes. The subnet is listed, its
state is Creating. Until its status is not OK, the RIPE has not confirmed the addition.
Have a look in the Waiting state column for more details regarding the addition confirmation.
If the inet6num status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.
From the GUI Users page, you can add RIPE persons.
Once you added an person via the GUI, you have to wait for the RIPE confirmation. To make
sure the person addition was confirmed, you can display the Waiting column. For more details,
refer to the section Customizing the List Layout.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > User. The Add a user wizard opens.
4. In the User class list, select the RIPE class of your choice.
5. Click on NEXT . The Add a user page opens.
6. You can either configure the RIPE person with RIPE dedicated fields (step 7) or add extra
details for your management through the GUI (step 8).
7. Configuring the person RIPE details:
a. In the Usr login field, an identifier is automatically incremented. You can edit it if need
be.
b. In the Address field, type in the person mailing address to fill in the RIPE address field.
c. In the Phone field, type in th person phone number following the format: +<country
code> <area code> <phone number>.
d. In the Fax field, you can type in a fax number following the same format as the Phone
field.
e. In the Email field, type in the user email address.
f. In the Remark field, you can type in a comment regarding the person.
g. In the Notify field, you can type in the email address of the person notified of any changes
made on the details of the person you are creating.
h. In the Mntner drop-down list, select your maintainer.
8. Configure extra details for the RIPE person following the steps below.
993
SPX
9. Click on OK to commit the creation. The report opens and closes. The user is listed, its state
is Creating. Until its status is not OK, the RIPE has not confirmed the addition. Have a
look in the Waiting state column for more details regarding the addition confirmation.
If the person status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.
From the All numbers page, you can add AS numbers (aut-num). This addition is also notified to
the RIPE.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. In the menu, select Add > AS numbers. The wizard opens.
4. In the Autnum class list, select the RIPE class of your choice.
5. Click on NEXT . The Add an AS Number page opens.
6. Configure the AS number:
a. In the AutNum name field, the AS number full name is displayed once you filled in the
AS Number field as follows: AS<AS-number>.
b. In the AS Number field, type in the number of your choice.This number must be available,
composed of 10 digits at the most and lower that 4294967295. The value entered
automatically completes the AutNum name field.
c. In the AS name field, you can name the AS number.
d. In the Description field, you can type in a description.
e. In the Maintainer drop-down list, select your maintainer.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.
i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.
994
SPX
8. Click on OK to commit the creation. The report opens and closes. The user is listed, its state
is Creating. Until its status is not OK, the RIPE has not confirmed the addition. Have a
look in the Waiting state column for more details regarding the addition confirmation.
• inetnums,
• inet6nums,
• persons,
• aut-nums and their policies.
Any object edition sends a request to the RIPE that is confirmed or denied. The status of that
request can be displayed in a dedicated column on the All subnets and Users pages.
Editing the content of your inetnums, their pools and IP addresses, follows the same procedures
as regular subnets. For more details, refer to the chapter Managing Addresses.
RIPE inetnums can be edited in IPv4 and IPv6. Any changes are sent to the RIPE and the notify
mail person configured for the inetnum.
Once you edited an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum edition was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. In the Subnet class list, select a different class or None.
7. Click on NEXT . The Edit an IPv4 subnet or the Edit an IPv6 subnet page appears.
8. Edit the Net name, Description and/or Country fields, according to your needs.
9. Click on NEXT . The next page open.
10. Edit the list of notification email addresses and Remarks field according to your needs:
a. Add a new email address if need be. In the Notify mail field, type in the new email ad-
dress. Click on to move the address in the Notify list. In the Remarks field, you can
type in a comment regarding the inetnum to fill the RIPE remarks field.
995
SPX
b. Remove an address from the Notify list. Select the address you want to delete and click
on . The address is no longer listed.
c. In the Remarks field, you can edit the comment regarding the inetnum.
i. Add a new person if need be. In the Nic handle / Person field, type in the user's
Nic handle or name (as displayed in the RIPE person field). Click on SEARCH to re-
trieve their details. Click on . The contact is moved to the Technical contacts
field.
ii. Remove a person from the list. In the Technical contacts field, select a person and
click on . The person is no longer listed.
i. Add a new person if need be. In the Nic handle / Person field, type in the user's
Nic handle or name (as displayed in the RIPE person field). Click on SEARCH to re-
trieve their details. Click on . The contact is moved to the Administrative contacts
field.
ii. Remove a person from the list. In the Administrative contacts field, select a person
and click on . The person is no longer listed.
12. Click on OK to commit your changes. The report opens and closes. The changes are listed
in the panel.
13. Go to the All subnets list to see the inetnum state and make sure it was confirmed by the
RIPE. Until its status is not OK, the RIPE has not confirmed the edition. Have a look in
the Waiting state column for more details regarding the edition confirmation.
If the inetnum or inet6num status stays in wait_mail_add, refer to the section Making Sure the
RIPE Received Your Changes.
If the inetnum status stays in wait_aw_confirm, refer to the section Validating a New Assignment
Window.
RIPE persons can be edited from the Users page. Any changes are sent to the RIPE and the
email address of the Notify field if it was set during the person creation.
Once you edited a person via the GUI, you have to wait for the RIPE confirmation. To make sure
the inetnum edition was confirmed, you can display the Waiting column. For more details, refer
to the section Customizing the List Layout.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
996
SPX
3. In the Login column, click on the user name. The user properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. In the User class list, edit the class if need be.
6. Click on NEXT . The Edit a user page opens.
7. Edit the user information according to your needs. For more details, refer to the procedure
To add a RIPE person.
8. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
9. Go back to the Users list to see the person state and make sure it was confirmed by the
RIPE. Until its status is not OK, the RIPE has not confirmed the edition. Have a look in
the Waiting column for more details regarding the edition confirmation.
If the person status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.
1. editing its details of an AS number: AS name, Description, Maintainer and Contact information
but you cannot edit the Autnum full name.
2. editing its content of an AS number: delete some of its policies.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. At the end of the line of the AS number of your choice, click on . The properties pages
opens.
4. In the Main properties panel, click on EDIT . The wizard opens.
5. In the Autnum class list, edit the class if need be.
6. Click on NEXT . The Edit an AS Number page opens.
7. Edit the AS number configuration via the AS name, Description and Maintainer fields,
8. Click on NEXT . The Contacts page opens.
9. Edit the contacts details according to your needs.
10. Click on OK to commit the changes. The report opens and closes. The changes are listed
in the panel.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. In the AutNum name column, click on the name of the aut-num of your choice. The All
policies page opens.
4. Tick the policie(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
997
SPX
6. Click on OK to commit the deletion. The report opens and closes. The policies are no longer
listed.
Keep in mind that you can delete blocks, but this deletion does not affect your RIPE database.
It deletes the block from the list and you no longer manage it via SOLIDserver.
Any object edition sends a request to the RIPE that is confirmed or denied. The status of that
request can be displayed in a dedicated column on the All subnets and Users pages.
You can delete RIPE blocks from SOLIDserver is no longer want to manage them from the GUI.
Deleting a RIPE block from SOLIDserver does not delete it from your RIPE database.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. Tick the block(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The selected blocks are
no longer listed, they might be replaced by Orphan subnets. This deletion does not delete
the block from your RIPE database.
From the All subnets list, you can delete IPv4 and IPv6 inetnums from your database.
Once you deleted an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum deletion was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The subnet state is
Deleting until the RIPE confirms its deletion. Have a look in the Waiting state column for
more details regarding the deletion confirmation.
998
SPX
If you had used addresses within the inetnum, they are placed in an Orphan address and listed
among your subnets. They are simply displayed in the GUI but no longer used within your RIPE
database as the whole inetnum was deleted.
If the inetnum status stays in wait_mail_del, refer to the section Making Sure the RIPE Received
Your Changes.
RIPE persons can be deleted from the Users page. This deletion request is sent to the RIPE and
the email address of the Notify field if it was set during the person creation.
Once you deleted a person via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum edition was confirmed, you can display the Waiting column. For more details,
refer to the section Customizing the List Layout.
Before deleting a person, make sure that the inetnums they were managing are already
managed by someone else: edit the inetnums concerned Contacts details. For more details,
refer to the section Editing RIPE Inetnums.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The user state is Deleting
until the RIPE confirms its deletion. Have a look in the Waiting state column for more details
regarding the deletion confirmation.
If the person status stays in wait_mail_del, refer to the section Making Sure the RIPE Received
Your Changes.
If you want to delete the policies of an AS number refer to the section Editing RIPE Aut-nums.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The user state is Deleting
until the RIPE confirms its deletion.
999
SPX
This option resends your inetnum or person information to the RIPE via POST or EMAIL, depend-
ing on your configuration.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) that have the status wait_mail_add, wait_mail_del or must_send_mail.
5. In the menu, select Edit > RIPE > Register again. The Inetnum Register again wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The subnet Status evolves
until it is OK. Have a look in the Waiting state column for more details regarding the RIPE
confirmation.
1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the person(s) that have the status wait_mail_add or wait_mail_del.
4. In the menu, select Edit > Register again. The Person Register again wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The subnet Status evolves
until it is OK. Have a look in the Waiting state column for more details regarding the RIPE
confirmation.
• configuring an inetnum which start and/or end address exceeds the range of IP addresses
available in the block.
• allocating an inetnum to a user even if this allocation exceeds the total number of IP addresses
you are allowed to allocate. This sum takes into account the total number of IP addresses in
your Assignment Window over the last 12 months. For more details, refer to the prerogatives
in the section 7.0 Assignment Window in the document RIPE-599, available at ht-
tp://www.ripe.net/ripe/docs/ripe-599#Assignment-Window.
In both cases, the subnets are marked wait_aw_confirm. Keep in mind that if you do exceed the
AW, you need to:
1. Follow the appropriate RIPE procedures to be able to extend your Assignment Window.
2. Once your request is approved by the RIPE, you can use the option Validate AW in the GUI.
1000
SPX
If your request is denied, you should delete the inetnum. For more details, refer to the section
Deleting RIPE Inetnums and Inet6nums.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) marked wait_aw_confirm that were approved by the RIPE.
5. In the menu, select Edit > RIPE > Validate AW. The wizard opens.
6. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again. Have a look in the Waiting state and Status column to monitor the
evolution.
Keep in mind that you should not edit the maintainer name, registry identifier or AW size if
you already imported your blocks.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer you want to edit. The configuration current
values are displayed in the each field.
4. Change the value of the field(s) of your choice. For more details regarding the fields, refer
to the procedure To configure SOLIDserver with your RIPE details.
5. Click on UPDATE . The Maintainer list is edited according to your changes. Only the Source
and Maintainer name are displayed on this list.
6. Click on NEXT . The RIPE Block class configuration page opens.
7. Click on NEXT . The Ripe subnet class configuration page opens.
8. Click on NEXT . The RIPE Block (v6) class configuration page opens.
9. Click on NEXT . The Ripe subnet (v6) class configuration page opens.
10. Click on NEXT . The Ripe autnum class configuration page opens.
11. Click on NEXT . The Ripe user class configuration page opens.
12. Click on OK to commit your changes. The report opens and closes, the page refreshes.
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer you want to delete. The configuration current
values are displayed in the each field.
1001
SPX
1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer which classes you want to edit. The configuration
current values are displayed in the each field.
4. Click on NEXT . The RIPE Block class configuration page opens.
5. In the Block class and Block PI class drop-down lists, select a different class if need be.
6. Click on NEXT . The Ripe subnet class configuration page opens.
a. You can add classes using the Subnet class drop-down list and button. The class is
moved to the List of RIPE subnets.
b. You can remove a class, select it in the List of ripe subnet and click on . The class
is no longer listed.
7. Click on NEXT . The RIPE Block (v6) class configuration page opens.
8. In the Block class (v6) drop-down list, select a different class if need be.
9. Click on NEXT . The Ripe subnet (v6) class configuration page opens.
a. You can add classes using the Subnet class (v6) drop-down list and button. The class
is moved to the List of RIPE subnets (v6).
b. You can remove a class, select it in the List of RIPE subnets (v6) and click on . The
class is no longer listed.
10. Click on NEXT . The Ripe autnum class configuration page opens.
a. You can add classes using the New autnum class drop-down list and button. The
class is moved to the List of RIPE AutNum.
b. You can remove a class, select it in the List of RIPE AutNum and click on . The class
is no longer listed.
11. Click on NEXT . The Ripe user class configuration page opens.
a. You can add classes using the New user class drop-down list and button. The class
is moved to the List of RIPE users.
1002
SPX
b. You can remove a class, select it in the List of RIPE users and click on . The class is
no longer listed.
12. Click on OK to commit your changes. The report opens and closes, the page refreshes.
1003
adding a DHCP server, 360
Index adding a DNS server, 489
DHCP server, 360
DHCP server limitations, 362
A DNS server, 489
ACL DNS server limitations, 490
creating an ACL based on option 82, 437 alerts, 114
DNS server ACL, 540 acknowledging alerts, 120
editing a view match clients list, 553 adding alerts, 117
editing a view match destination list, 553 checking alerts, 119
granting access to known clients, 420 disabling alerts, 119
range ACL, 407 enabling alerts, 119
restricting access, 420 allow-notify
Active Directory at server level, 528
authenticating administrators, 833 at view level, 559
creating an administrator account, 492 at zone level, 592
domain, 583 allow-query
editing an AD DNS server, 494 at server level, 530
importing an AD DNS server, 492 at view level, 562
managing a Microsoft DNS server, 492 at zone level, 597
relying on AD credentials to log users, 832 allow-query-cache
stop managing an AD DNS server, 494 at server level, 531
addresses, 249 at view level, 564
adding, 252 allow-recursion, 527
adding by search, 254 allow-transfer
adding manually, 253, 256 at server level, 532
assigning, 252 at view level, 565
configuring aliases, 261 at zone level, 596
deleting, 267 allow-update, 595
editing, 258 also-notify
editing aliases, 263 at server level, 528
editing the network/broadcast address, 253 at view level, 559
moving IPv4 addresses across spaces, 261 alt-transfer-source, 538
moving IPv4 addresses across subnets, 260 alt-transfer-source-v6, 538
moving IPv4 addresses across the VLSM, 261 appliance
pinging an address, 266 default gateway, 83
removing aliases, 263 reboot, 109
renaming Pv4 addresses massively, 259 remote management, 863
restoring, 258 shutdown, 109
statuses, 251 SNMP agent, 105
undoing an address deletion, 258 troubleshooting, 886
updating upgrading, 894
Device Manager, 776 autoselect media port, 93
administrators
authenticating B
Active Directory, 833
backup, 889
LDAP, 836
configuring the remote archive, 891
RADIUS, 837
creating an instant backup, 890
enabling/disabling a user, 830
restoring a backup, 892
group of users, 811
scheduling a daily backup, 891
local user, 825
setting a backup rotation, 891
managing, 825
uploading a backup, 892
remote authentication, 832
BIND
Agentless server
1004
Index
1005
Index
1006
Index
1007
Index
1008
Index
1009
Index
1010
Index
1011
Index
1012
Index
updating from Z
IPAM subnets, 805
zones
VLANs (see VLAN)
classless in-addr.arpa delegation, 589
VLSM (Variable Length Subnet Masking), 287
delegation, 587
manual VLSM, 290
delegation-only zones, 582
moving IPv4 addresses across the VLSM, 261
deleting, 584
semi-automated VLSM, 293
disabling/enabling, 584
VRF, 296
duplicating zones, 585
Virtual Routing and Forwarding
forward, 577
adding, 297
hint, 581
deleting, 298
importing a VitalQIP archive file, 678
editing, 297
master, 571
importing, 159
migrating to another server, 585
VRF Route Target
moving zones, 585
adding, 299
slave, 576
deleting, 301
statuses, 571
editing, 301
stub, 579
importing, 161
synchronizing the manager with, 584
VRRP (Virtual Router Redundancy Protocol), 89
W
WinDHCP Manager agent, 354
WinDNS Manager agent, 495
Workflow, 720
customizing the requests administration, 742
adding statuses, 746
best practices, 747
editing the email notification, 745
editing the statuses, 743
executing requests, 737
using classes, 738
using the execute option, 737
incoming requests, 732
accepting requests, 735
archiving requests, 736
default request administration, 733
deleting requests, 736
finishing requests, 735
handling requests, 734
managing requests content, 733
rejecting requests, 735
outgoing requests, 724
adding creation requests, 725
adding deletion requests, 727
adding edition requests, 726
cancelling requests, 730
editing requests, 729
user access to classes, 722
X
X.509
HTTPS certificate, 100
1013