Administrator Guide

Version 5.0.3
Administrator Guide
Administrator Guide
Revision: #41302

Publication date May 28, 2014

Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014
EfficientIP
All specifications and information regarding the products in this document are subject to change without notice, and should not be
construed as a commitment by Efficient IP. Efficient IP assumes no responsibility or liability for any mistakes or inaccuracies that may
appear in this document. All statement and recommendations in this document are believed to be accurate but are presented without
warranty. Users must take full responsibility for their application of any product.
Table of Contents
About This Guide ........................................................................................................... xxv
Documentation Organization .................................................................................. xxv
Documentation Convention .................................................................................... xxvi
I. Starting .......................................................................................................................... 1
1. Hardware Appliance Front Panel ............................................................................ 3
2. Basic Network Configuration .................................................................................. 5
Prerequisites .................................................................................................... 5
Hardware requirements ............................................................................. 5
Supported Browser ................................................................................... 5
Basic Network Configuration using the LCD Screen ............................................ 5
Basic Network Configuration through the LCD ............................................ 6
Resetting the Basic Network Configuration ................................................. 7
Basic Network Configuration using a Terminal ..................................................... 7
Using SOLIDserver For the First Time .............................................................. 10
Logging on SOLIDserver ......................................................................... 10
Setting the Main Modules Default Behaviors ............................................. 11
Requesting and Adding a License ............................................................ 11
II. Graphical User Interface .............................................................................................. 13
3. Understanding the GUI ........................................................................................ 16
The Appliance Homepage ............................................................................... 17
The Modules ................................................................................................... 18
The Breadcrumb ............................................................................................. 18
The Menu ....................................................................................................... 19
Connected User Account Configuration .................................................... 20
The Pages ...................................................................................................... 22
The Homepages ..................................................................................... 22
The Listing Pages ................................................................................... 23
The Properties Pages .............................................................................. 31
The Wizards and Pop-up Windows ........................................................... 33
The Tree View ................................................................................................. 42
The Bookmarks ............................................................................................... 43
The Global Search Engine ............................................................................... 46
4. Dashboards and Gadgets .................................................................................... 48
Introduction ..................................................................................................... 48
Dashboards ............................................................................................ 48
Gadgets ................................................................................................. 49
Gadgets Library ...................................................................................... 55
My Gadgets ............................................................................................ 56
Statistics Page ........................................................................................ 56
Adding a Gadget ............................................................................................. 57
Adding a Gadget from a Dashboard ......................................................... 57
Adding a Gadget from the Statistics Page ................................................. 57
Adding a Gadget from a Properties Page .................................................. 58
Assigning a Gadget ......................................................................................... 58
Handling a Gadget .......................................................................................... 59
Moving a Gadget ..................................................................................... 59
Collapsing or Expanding a Gadget ........................................................... 59
Hiding a Gadget from a Dashboard .......................................................... 60
Displaying or Hiding a Gadget from My Gadgets ....................................... 60
Creating New Gadgets .................................................................................... 61
Creating a Chart ..................................................................................... 61

iii
 Administrator Guide

Creating a Top List .................................................................................. 62

Creating a Quick Search .......................................................................... 62
Creating a Quick Wizard Gadget .............................................................. 63
Creating a Bookmark Gadget ................................................................... 65
Editing a Gadget ............................................................................................. 66
Granting User Access to the Gadgets ............................................................... 66
Configuring Read-Write Access to a Group ............................................... 67
Setting Gadgets Visibility ......................................................................... 67
Enabling or Disabling a Gadget ........................................................................ 68
Enabling or Disabling a Gadget through the GUI ....................................... 68
Enabling or Disabling a Gadget through the Menu ..................................... 69
Deleting a Gadget ........................................................................................... 69
5. Customizing the GUI ............................................................................................ 71
Customizing SOLIDserver Login Page With an Image ....................................... 71
Uploading an Image to SOLIDserver ........................................................ 71
Displaying an Image on SOLIDserver Login Page ..................................... 71
Removing the Image Displayed on SOLIDserver Login Page ..................... 72
Customizing SOLIDserver Homepage Welcome Banner .................................... 72
Editing SOLIDserver Homepage Banner Title ............................................ 73
Displaying an Image on SOLIDserver Homepage Banner .......................... 73
Removing the Image from SOLIDserver Homepage Banner ....................... 73
Hiding SOLIDserver Homepage Welcome Banner ..................................... 74
Displaying SOLIDserver Homepage Welcome Banner Again ...................... 74
Customizing the Interface Names and Fields .................................................... 74
III. System Configuration .................................................................................................. 76
6. Network Configuration ......................................................................................... 78
Setting the Hostname ...................................................................................... 78
Setting the DNS Resolver ................................................................................ 79
Setting the Firewall .......................................................................................... 79
Setting up the Default Gateway ........................................................................ 82
Setting up Static Routes .................................................................................. 83
Configuring Basic IP Addressing on an Interface ............................................... 84
Setting up a VLAN Interface ............................................................................. 85
Setting up an Ethernet Port Failover ................................................................. 87
Configuring a VIP ............................................................................................ 89
Setting up a VIF .............................................................................................. 91
Configuring a Media Interface .......................................................................... 93
7. Services Configuration ......................................................................................... 94
Handling Services ........................................................................................... 94
Configuring the SSH Remote Account .............................................................. 96
Changing the SSH Remote Access Password ........................................... 96
Changing the SSH Password Level .......................................................... 96
Changing the SFTP/SCP/RSYNC User Account Password ................................ 97
Managing the TFTP Upload Authorizations ....................................................... 98
Configuring the SMTP Relay ............................................................................ 98
Configuring the NTP Server ............................................................................. 99
Managing the HTTPS Certificate .................................................................... 100
Importing an SSL Certificate .................................................................. 101
Creating an SSL Certificate .................................................................... 103
Changing the HTTPS Certificate ............................................................ 104
Managing the SNMP Service ......................................................................... 104
Downloading the DNS/DHCP/DHCPv6 Configuration File ................................ 106
8. Licenses Management ....................................................................................... 108
Requesting a New Activation Key ................................................................... 108

iv
 Administrator Guide

Activating a New Activation Key ...................................................................... 108

9. Shutting Down and Rebooting ............................................................................ 109
Shutting Down SOLIDserver .......................................................................... 109
Rebooting SOLIDserver ................................................................................. 109
IV. Global Policies .......................................................................................................... 111
10. Managing Alerts ............................................................................................... 114
Introduction ................................................................................................... 114
Alerts Definition ..................................................................................... 114
Alerts ................................................................................................... 114
Browsing the Alerts Database ........................................................................ 115
Adding Alerts ................................................................................................ 116
Enabling or Disabling Alerts ........................................................................... 119
Forcing the Check of an Alert Definition .......................................................... 119
Acknowledging or Dismissing an Alert ............................................................ 120
Changing an Alert Status ............................................................................... 120
Deleting Alerts .............................................................................................. 120
11. Managing Default Behaviors ............................................................................. 122
Introduction ................................................................................................... 122
Browsing Default Behaviors ................................................................... 122
Configuring and Applying IPAM Default Behaviors ........................................... 123
Space Default Behaviors ........................................................................ 123
Block Default Behaviors ......................................................................... 125
Subnet Default Behaviors ...................................................................... 127
Pool Default Behaviors ........................................................................... 130
Address Default Behaviors ..................................................................... 131
Configuring and Applying DHCP Default Behaviors ......................................... 133
Configuring and Applying DNS Default Behaviors ............................................ 135
Propagating Default Behaviors Parameters ..................................................... 137
Setting Default Behaviors Parameters ............................................................. 137
12. Importing Data ................................................................................................. 139
Introduction ................................................................................................... 139
The Import Wizard ................................................................................. 140
Importing Data to the IPAM ............................................................................ 141
Where to Import IPAM Data ................................................................... 141
Importing Spaces .................................................................................. 143
Importing Blocks ................................................................................... 144
Importing Subnets ................................................................................. 148
Importing Pools ..................................................................................... 153
Importing Addresses ............................................................................. 156
Importing VRFs ..................................................................................... 159
Importing VRF Route Targets ................................................................. 160
Importing Data to the DHCP .......................................................................... 162
Where to Import DHCP Data .................................................................. 162
Importing Scopes .................................................................................. 162
Importing Ranges .................................................................................. 166
Importing Statics ................................................................................... 169
Importing Data to the DNS ............................................................................. 173
Where to Import DNS Data .................................................................... 173
Importing Zones .................................................................................... 173
Importing Resource Records .................................................................. 174
Importing Data to NetChange ......................................................................... 176
Where to Import NetChange Data .......................................................... 176
Importing Network Devices .................................................................... 177
Importing Data to Device Manager ................................................................. 178

v
 Administrator Guide

Where to Import Device Manager Data ................................................... 178

Importing Devices ................................................................................. 178
Importing Ports & Interfaces ................................................................... 180
Importing Data to VLAN Manager ................................................................... 181
Where to Import VLAN Manager Data ..................................................... 181
Importing VLAN Domains ....................................................................... 182
Importing VLAN Ranges ........................................................................ 183
Importing VLANs ................................................................................... 185
Importing Data to the Administration Module ................................................... 187
Where to Import Data in the Administration Module ................................. 187
Importing Groups .................................................................................. 187
Importing Users .................................................................................... 188
Importing Custom Data .......................................................................... 190
Managing Import Templates ........................................................................... 191
13. Exporting Data ................................................................................................. 193
Introduction ................................................................................................... 193
The Export Wizard ................................................................................ 194
Browsing the Exports Database ..................................................................... 195
Configuring Exports ....................................................................................... 195
Exporting Data To Reimport It Later ................................................................ 198
Required Columns To Reimport Data in the IPAM Module ........................ 198
Required Columns To Reimport Data in the DHCP Module ...................... 199
Required Columns To Reimport Data in the DNS Module ......................... 200
Required Columns To Reimport Data in NetChange Module ..................... 200
Required Columns To Reimport Data in Device Manager Module ............. 200
Required Columns To Reimport Data in VLAN Manager Module ............... 201
Required Columns To Reimport Data in the Administration Module ........... 201
Managing Export Files ................................................................................... 201
Managing Scheduled Exports Configuration Files ............................................ 202
Managing Export Templates ........................................................................... 203
14. Managing Reports ........................................................................................... 204
Introduction ................................................................................................... 204
Browsing the Reports Database ..................................................................... 204
Generating a Report ...................................................................................... 205
Scheduling a Report ...................................................................................... 205
Downloading and Displaying Reports ............................................................. 206
Managing Scheduled Reports Configuration Files ........................................... 207
15. Managing Smart Folders .................................................................................. 209
Introduction ................................................................................................... 209
Smart Folders Overview ........................................................................ 209
Tree View .............................................................................................. 209
My Smart Folders .................................................................................. 209
Adding Smart Folders .................................................................................... 210
Editing Smart Folders .................................................................................... 210
Sharing Smart Folders ................................................................................... 211
Deleting Smart Folders .................................................................................. 212
V. IPAM Management .................................................................................................... 213
16. Introduction ..................................................................................................... 216
17. Managing Networks ......................................................................................... 218
Managing IP Spaces ..................................................................................... 218
Browsing Spaces .................................................................................. 218
Adding a Space ..................................................................................... 219
Editing a Space ..................................................................................... 220
Deleting a Space ................................................................................... 221

vi
 Administrator Guide

Defining a Space as a Group Resource .................................................. 221

Managing IP Blocks ....................................................................................... 222
Browsing Blocks .................................................................................... 222
Adding a Block ...................................................................................... 223
Editing a Block ...................................................................................... 225
Splitting an IPv4 Block ........................................................................... 225
Moving a Block ...................................................................................... 226
Deleting a Block .................................................................................... 226
Defining a Block as a Group Resource ................................................... 227
Managing IP Subnets .................................................................................... 227
Browsing Subnets ................................................................................. 227
Adding Subnets ..................................................................................... 229
Editing Subnets ..................................................................................... 236
Managing the IPv4 Block Map Page ....................................................... 238
Moving IPv4 Subnets across Spaces ...................................................... 239
Managing or Unmanaging Subnets ......................................................... 239
Associating Subnets to a VLAN .............................................................. 240
Deleting a Subnet .................................................................................. 240
Defining a Subnet as a Group Resource ................................................. 241
18. Managing Addresses ....................................................................................... 242
Managing IP Pools ........................................................................................ 242
Browsing Pools ..................................................................................... 242
Adding a Pool ........................................................................................ 244
Reserving a Pool ................................................................................... 247
Resizing a Pool ..................................................................................... 247
Deleting a Pool ...................................................................................... 248
Defining a Pool as a Group Resource ..................................................... 248
Managing IP Addresses ................................................................................. 249
Browsing IP Addresses .......................................................................... 249
Adding an IP Address ............................................................................ 252
Restoring an IP Address ........................................................................ 257
Editing an IP Address ............................................................................ 258
Configuring IP Address Aliases .............................................................. 261
Configuring Multiple A Records for an IP Address .................................... 264
Pinging an IP Address ........................................................................... 266
Deleting an IP Address .......................................................................... 267
Updating Device Manager with IP Addresses .......................................... 267
19. Setting Up a Transition From IPv4 to IPv6 .......................................................... 269
Transition Specificities ................................................................................... 269
Limitations .................................................................................................... 269
Configuring the IPv4 to IPv6 Transition ............................................................ 270
Configuring the Transition at Space, Block or Subnet Level ...................... 270
Configuring the Transition at IP Address Level ......................................... 270
Activating the IPv4 to IPv6 Transition .............................................................. 271
Activating the Transition at Space Level .................................................. 271
Activating the Transition at Block Level .................................................... 272
Activating the Transition at Subnet Level ................................................. 273
Activating the Transition at IP Address Level ............................................ 274
20. Managing IPAM Templates ............................................................................... 275
Creating Template Classes in Class Studio ..................................................... 275
Creating Templates in the IPAM ...................................................................... 276
Creating a Space Template .................................................................... 277
Creating a Block Template ..................................................................... 278
Creating a Subnet Template ................................................................... 280

vii
 Administrator Guide

Creating a Pool Template ....................................................................... 281

Applying a Template ...................................................................................... 283
21. Using VLSM to Manage Your Network ............................................................... 287
Introduction ................................................................................................... 287
VLSM Related Icons .............................................................................. 289
Managing Manual VLSM Organizations .......................................................... 290
Setting up a Manual Organization ........................................................... 290
Using the VLSM Hierarchy to Organize the Spaces Delegation ................. 292
Managing a Semi-Automated VLSM Organization ........................................... 293
22. Managing VRF ................................................................................................. 296
Managing Virtual Routing and Forwarding ....................................................... 296
Browsing VRFs ..................................................................................... 296
Adding a VRF ........................................................................................ 297
Editing a VRF ........................................................................................ 297
Importing a VRF .................................................................................... 298
Deleting a VRF ...................................................................................... 298
Creating Classes at VRF Level ............................................................... 298
Managing VRF Route Targets ......................................................................... 298
Browsing VRF Route Targets .................................................................. 299
Adding a VRF Route Target .................................................................... 299
Editing a VRF Route Target .................................................................... 301
Importing a VRF Route Target ................................................................ 301
Deleting a VRF Route Target .................................................................. 301
23. Importing Data into the IPAM ............................................................................ 302
Importing IPAM Data from a CSV File ............................................................. 302
Importing a VitalQIP Export ............................................................................ 302
Importing Nortel NetID IP Address Data ......................................................... 303
Importing Nortel NetID Networks ............................................................ 303
Importing Nortel NetID Subnets .............................................................. 303
Importing Nortel NetID Host Addresses .................................................. 304
24. Managing IPAM and DHCP Labels .................................................................... 305
Introduction ................................................................................................... 305
Creating Labels ............................................................................................. 306
Displaying or Hiding Labels ............................................................................ 306
Editing Labels ............................................................................................... 307
Deleting Labels ............................................................................................. 307
VI. DHCP Management ................................................................................................. 309
25. Introduction ..................................................................................................... 313
Overview ...................................................................................................... 313
DHCP Structure .................................................................................... 313
DHCP Servers ...................................................................................... 313
DHCP Failover ...................................................................................... 314
DHCP Management within SOLIDserver ......................................................... 314
26. Deploying DHCP Smart Architectures ............................................................... 316
Multi-Vendors DHCP Management ................................................................. 316
DHCP Servers Managing IPv4 addressing .............................................. 316
DHCP Servers Managing IPv6 addressing .............................................. 317
Building a Highly Available DHCP Service ....................................................... 317
Understanding the DHCP Safe Failover .......................................................... 317
DHCP Safe Failover Principles ............................................................... 318
Failover Operational States .................................................................... 318
Working with DHCP Smart Architectures ........................................................ 320
Implementing Smart Architectures .................................................................. 320
DHCPv4 Smart Architectures ................................................................. 321

viii
 Administrator Guide

DHCPv6 Smart Architectures ................................................................. 323

27. Managing DHCP Smart Architectures ............................................................... 326
Understanding DHCP Smart Architectures Statuses ........................................ 326
Locked Synchronization Status .............................................................. 326
Adding a DHCPv4 Smart Architecture ............................................................ 327
One-to-One Smart Architecture .............................................................. 328
One-to-Many Smart Architecture ............................................................ 330
Split-Scope Smart Architecture .............................................................. 332
Single-Server Smart Architecture ........................................................... 333
Adding a DHCPv6 Smart Architecture ............................................................ 335
DHCPv6 Single-Server Smart Architecture ............................................. 335
DHCPv6 Split-Scope Smart Architecture ................................................ 337
DHCPv6 Stateless Smart Architecture .................................................... 338
Editing a DHCP Smart Architecture ................................................................ 340
Adding a DHCP Server into a Smart Architecture .................................... 340
Removing a DHCP Server from a Smart Architecture .............................. 341
Changing the DHCP Server Roles within a Smart Architecture ................. 341
Changing the Type of a DHCP Smart Architecture ................................... 342
Deleting a DHCP Smart Architecture .............................................................. 343
Defining a DHCP Smart Architecture as a Group Resource ............................. 343
28. Managing DHCP Servers ................................................................................. 345
Browsing DHCP Servers ................................................................................ 345
Browsing the DHCP Servers Database ................................................... 345
Customizing the DHCP Servers Display .................................................. 346
Understanding the DHCP Servers Statuses ............................................ 346
Managing EfficientIP DHCP Servers ............................................................... 347
Configuring the Listening Network Interfaces ........................................... 347
Adding a SOLIDserver DHCP server ...................................................... 348
Configuring the SNMP ........................................................................... 352
Configuring Server Options .................................................................... 353
Managing Microsoft DHCP Servers with Agent ................................................ 354
WinDHCPManager Agent ...................................................................... 354
Adding a Microsoft DHCP server ............................................................ 358
Managing Agentless Microsoft DHCP Servers ................................................. 360
Understanding the Agentless Server Management .................................. 360
Adding an Agentless Microsoft DHCP Server .......................................... 360
MS Agentless DHCP Server Limitations .................................................. 362
Managing ISC DHCP Servers ........................................................................ 362
Managing EfficientIP ISC Linux Packages v4 .......................................... 363
Managing EfficientIP ISC Linux Packages v5 .......................................... 370
Adding an ISC DHCP Server ................................................................. 376
Editing a DHCP Server .................................................................................. 379
Deleting a DHCP Server ................................................................................ 379
Defining a DHCP Server as a Group Resource ............................................... 380
29. Managing DHCP Scopes .................................................................................. 381
Browsing Scopes .......................................................................................... 381
Browsing the Scopes Database .............................................................. 381
Customizing the DHCP Scopes Display .................................................. 382
Status of DHCP Scopes ......................................................................... 382
Adding a DHCP Scope .................................................................................. 383
Editing a DHCP Scope .................................................................................. 384
Applying DHCP Options at Scope Level .......................................................... 384
Editing the Scope Options ...................................................................... 384
Performing Option Changes on Several Scope At Once ........................... 385

ix
 Administrator Guide

Defining a Specific IPAM Space for a Scope .................................................... 386

Configuring Multiple Scopes for a Network Segment ........................................ 387
Managing DHCPv4 Scopes Duplication and Migration ..................................... 388
Applying Management Rules to the Scopes .................................................... 388
Deleting a DHCP Scope ................................................................................ 389
DHCP Relay Agents ...................................................................................... 389
Defining a DHCP Scope as a Group Resource ................................................ 390
30. Managing Fixed Reservations ........................................................................... 391
Managing DHCP Statics ................................................................................ 391
Browsing the Statics .............................................................................. 392
Adding a DHCP Static ........................................................................... 393
Editing a DHCP Static ........................................................................... 395
Applying DHCP Options at Static Level ................................................... 396
Copying a DHCPv4 Static Without IP ...................................................... 397
Deleting a DHCP Static ......................................................................... 397
Updating Statics Using Static Related Rules ........................................... 398
Managing DHCP Groups ............................................................................... 399
Browsing the Groups ............................................................................. 399
Adding a DHCP Group .......................................................................... 400
Deleting a DHCP Group ......................................................................... 401
Applying DHCP Options at Group Level .................................................. 402
31. Managing Dynamic Addressing ......................................................................... 403
Managing DHCP Ranges ............................................................................... 403
Browsing the Ranges ............................................................................ 403
Adding a DHCP Range .......................................................................... 405
Editing a DHCP Range .......................................................................... 407
Deleting a DHCP Range ........................................................................ 409
Using Rules To Manage Ranges ............................................................ 409
Applying DHCP Options at Range Level ................................................. 410
Managing DHCP Leases ............................................................................... 411
Browsing the Leases ............................................................................. 411
Defining the Leases Duration ................................................................. 413
Releasing Leases .................................................................................. 414
Converting Leases into Statics ............................................................... 415
Blacklisting Leases ................................................................................ 416
Tracking Leases .................................................................................... 416
Displaying the Relay Agent Information (Option 82) ................................. 417
Restricting Access ......................................................................................... 419
Granting Access to Known Clients .......................................................... 420
Restricting Access Using ACLs .............................................................. 420
Configuring the PXE ...................................................................................... 422
Necessary Parameters for PXE .............................................................. 423
Duplicated lease with PXE ..................................................................... 424
Preventing IP Address Duplication .................................................................. 424
32. Managing Failover Channels ............................................................................. 426
Browsing the DHCP Failover Channels Database ............................................ 426
Understanding the DHCP Failover Channels Columns ..................................... 426
Understanding the DHCPv4 Failover Channels Columns ......................... 427
Understanding the DHCPv6 Failover Channels Columns ......................... 428
Switching a DHCP server to Partner-down ...................................................... 429
33. Configuring DHCP Options ............................................................................... 430
Setting DHCP Options ................................................................................... 431
Customizing DHCP Options ........................................................................... 433
DHCP Vendor Class Identifier ........................................................................ 435

x
 Administrator Guide

Option 82: Relay Agent Information ................................................................ 436

The Relay agent Information with DHCPv6 ............................................. 437
Option 43: Vendor Specific Information ........................................................... 437
34. Reporting and Monitoring the DHCP ................................................................. 441
Generating DHCP Reports ............................................................................. 441
DHCP Server Reports ........................................................................... 441
DHCP Scope Reports ............................................................................ 441
Monitoring DHCP Servers .............................................................................. 442
Setting DHCP Monitoring Rules ............................................................. 442
35. Importing DHCP Data ...................................................................................... 444
EfficientIP Recommendations for DHCP Migrations ......................................... 444
Importing DHCP Data from a CSV File ........................................................... 444
Importing an ISC DHCP Configuration ............................................................ 444
Importing an Alcatel-Lucent VitalQIP Configuration .......................................... 445
Importing a Microsoft DHCP Configuration ...................................................... 446
Importing an Infoblox DHCP Configuration ...................................................... 448
Importing a MetaIP DHCP Configuration ......................................................... 449
Importing a Nortel NetID Configuration ........................................................... 450
VII. DNS Management ................................................................................................... 452
36. Introduction ..................................................................................................... 458
Overview ...................................................................................................... 458
DNS Structure ....................................................................................... 458
DNS Servers ......................................................................................... 459
DNS Zones and Resource Records ........................................................ 460
DNSSEC .............................................................................................. 460
DNS Management within SOLIDserver ........................................................... 461
37. Deploying DNS Smart Architectures .................................................................. 462
Master/Slave Smart Architecture .................................................................... 463
Multi-Master Smart Architecture ..................................................................... 463
Stealth Smart Architecture ............................................................................. 464
Single-Server Smart Architecture ................................................................... 464
Farm Smart Architecture ................................................................................ 465
38. Managing DNS Smart Architectures .................................................................. 466
Understanding DNS Smart Architectures Statuses .......................................... 466
Locked Synchronization Status .............................................................. 466
Adding a DNS Smart Architecture .................................................................. 467
Master/Slave Smart Architecture ............................................................ 468
Multi-Master Smart Architecture ............................................................. 470
Stealth Smart Architecture ..................................................................... 472
Single-Server Smart Architecture ........................................................... 474
Farm Smart Architecture ........................................................................ 476
Editing a DNS Smart Architecture .................................................................. 479
Adding a DNS Server into a Smart Architecture ...................................... 479
Removing a DNS Server from a Smart Architecture ................................. 480
Changing the DNS Servers Role within a Smart Architecture ................... 480
Changing the Type of DNS Smart Architecture ........................................ 481
Deleting a DNS Smart Architecture ................................................................ 482
Defining a DNS Smart Architecture as a Group Resource ................................ 483
39. Managing DNS Servers .................................................................................... 484
Browsing DNS Servers .................................................................................. 484
Browsing the DNS Servers Database ..................................................... 484
Customizing the DNS servers Display ..................................................... 485
Understanding the DNS Servers Statuses ............................................... 485
Managing an EfficientIP DNS Server .............................................................. 485

xi
 Administrator Guide

Adding a SOLIDserver DNS Server ........................................................ 485

Editing the SNMP Configuration of a SOLIDserver DNS Server ................ 487
Managing a Microsoft DNS Server .................................................................. 488
Managing an Agentless Microsoft DNS Server ........................................ 489
Managing a Microsoft DNS Server via Active Directory ............................ 492
Managing a Microsoft DNS Server with Agent ......................................... 495
Managing a BIND DNS Server ....................................................................... 497
Managing EfficientIP BIND Linux Packages v4 ........................................ 498
Managing EfficientIP BIND Linux Packages v5 ........................................ 505
Adding a BIND DNS Server ................................................................... 511
Managing a Generic DNS .............................................................................. 517
Adding a Generic DNS Server ................................................................ 517
Managing a Nominum ANS ............................................................................ 519
Adding a Nominum ANS Server ............................................................. 519
Adding Zones to a Nominum ANS Server ............................................... 520
Synchronizing a DNS Server .......................................................................... 521
Editing a DNS Server .................................................................................... 522
Deleting a DNS Server .................................................................................. 522
Defining a DNS Server as a Group Resource .................................................. 523
40. Configuring DNS Servers ................................................................................. 524
Configuring DNS Forwarding at Server Level .................................................. 524
Configuring a Forwarders List on a Smart Server .................................... 524
Configuring Specific Forwarding for a Physical Server Managed Through
a Smart ................................................................................................ 525
Configuring DNS Recursion at Server Level .................................................... 526
Enabling and Disabling the Recursion ..................................................... 526
Limiting the Recursion at Server Level .................................................... 527
Configuring DNS Notify Messages at Server Level .......................................... 528
Restricting DNS Queries at Server Level ......................................................... 530
Allow query ........................................................................................... 530
Allow query cache ................................................................................. 531
Limiting Zone Transfers at Server Level ........................................................... 532
Configuring a Blackhole ................................................................................. 533
Configuring Client Resolver Cache Options at Server Level ............................. 534
Configuring EDNS Options at Server Level ..................................................... 535
Configuring a Sortlist at Server Level .............................................................. 536
Configuring DNS Sources .............................................................................. 538
Configuring Access Control Lists For a Server ................................................. 540
Configuring DNS Keys ................................................................................... 542
Configuring Dynamic Name Server Update ..................................................... 543
Editing the Dynamic Update Key ............................................................ 543
Configuring Anycast DNS .............................................................................. 544
Prerequisites ......................................................................................... 544
Specificities .......................................................................................... 544
Configuring the Appliance for Anycast .................................................... 544
Configuring the Quagga Package and OSPF Routing .............................. 545
Making Sure DNS Anycast Was Properly Configured ............................... 547
41. Managing DNS Views ....................................................................................... 548
Browsing DNS Views ..................................................................................... 548
Browsing the DNS Views Database ........................................................ 548
Customizing the DNS Views Display ....................................................... 549
Understanding the DNS Views Statuses ................................................. 549
Adding DNS Views ........................................................................................ 549
Editing DNS Views ........................................................................................ 552

xii
 Administrator Guide

Editing a View Match Clients Configuration ............................................. 553

Editing a View Match Destinations Configuration ..................................... 553
Editing the Order of the Views ................................................................ 554
Deleting DNS Views ...................................................................................... 555
Defining a DNS View as a Group Resource ..................................................... 556
Going Back to Managing Zones Without Views ................................................ 556
42. Configuring DNS Views .................................................................................... 557
Configuring DNS Forwarding at View Level ..................................................... 557
Configuring a Forwarders List on a View ................................................. 557
Configuring Specific Forwarding for a View on a Physical Server Managed
Through a Smart ................................................................................... 558
Configuring DNS Notify Messages at View Level ............................................. 559
Configuring DNS Recursion at View Level ....................................................... 560
Enabling and Disabling the Recursion on a View ..................................... 561
Limiting the Recursion at View Level ....................................................... 561
Restricting DNS Queries at View Level ........................................................... 562
Allow Query .......................................................................................... 562
Allow Query Cache ................................................................................ 564
Limiting Zone Transfer at View Level ............................................................... 565
Configuring Client Resolver Cache Options at View Level ................................ 566
Configuring EDNS Options at View Level ........................................................ 567
Configuring a Sortlist at View Level ................................................................. 568
43. Managing DNS Zones ...................................................................................... 569
Browsing DNS Zones .................................................................................... 569
Browsing the DNS Zones Database ........................................................ 569
Customizing the DNS Zones Display ...................................................... 571
Understanding the DNS Zones Statuses ................................................. 571
Managing Master Zones ................................................................................ 571
Adding a Master Zone ........................................................................... 572
Editing a Master Zone ........................................................................... 575
Configuring a Dynamic Update ............................................................... 575
Using Multiple Masters .......................................................................... 575
Managing Slave Zones .................................................................................. 576
Adding a Slave Zone ............................................................................. 576
Editing Slave Zone Properties ................................................................ 577
Managing Forward Zones .............................................................................. 577
Adding a Forward Zone ......................................................................... 577
Editing Forward Zone Properties ............................................................ 578
Managing Stub Zones ................................................................................... 579
Adding a Stub Zone ............................................................................... 579
Editing Stub Zone Properties ................................................................. 580
Managing Hint Zones .................................................................................... 581
Adding a Hint Zone ................................................................................ 581
Editing a Hint Zone Properties ............................................................... 581
Managing Delegation-Only Zones .................................................................. 582
Adding a Delegation-Only Zone .............................................................. 582
Editing Delegation-Only Zone Properties ................................................ 583
Hosting Active Directory Domain Zones .......................................................... 583
Synchronizing Zones ..................................................................................... 584
Deleting Zones .............................................................................................. 584
Disabling and Enabling Zones ........................................................................ 584
Managing Zones Duplication and Migration ..................................................... 585
Defining a DNS Zone as a Group Resource .................................................... 586
44. Configuring DNS Zones ................................................................................... 587

xiii
 Administrator Guide

Managing Zones Delegation .......................................................................... 587

Configuring Delegation at the Zone level ................................................. 587
Automating the Zone Delegation ............................................................ 588
Using the Classless in-addr.arpa Delegation ........................................... 589
Configuring DNS Forwarding at Zone Level ..................................................... 590
Configuring a Forwarders List on a Zone ................................................. 590
Configuring Specific Forwarding for a Zone on a Physical Server Managed
Through a Smart ................................................................................... 591
Configuring DNS Notify Messages at Zone Level ............................................. 592
Managing DNS Security ................................................................................ 595
Modifying DNS Update Authorizations .................................................... 595
Limiting Zone Transfers for a Zone .......................................................... 596
Restricting DNS Queries for a Zone ........................................................ 597
45. Managing DNS Resource Records .................................................................... 599
Browsing DNS Resource Records .................................................................. 599
Browsing the DNS Resource Records Database ..................................... 599
Customizing the DNS Resource Records Display .................................... 600
Understanding the DNS Resource Records ............................................ 600
Adding Resource Records ............................................................................. 601
Adding an NS Record ............................................................................ 602
Adding an MX Record ........................................................................... 603
Adding an A Record .............................................................................. 604
Adding a AAAA Record ......................................................................... 604
Adding a PTR Record ............................................................................ 605
Adding a CNAME Record ...................................................................... 606
Adding a TXT Record ............................................................................ 607
Adding an SRV Record .......................................................................... 607
Adding an HINFO Record ...................................................................... 608
Adding an MINFO Record ...................................................................... 609
Adding a DNAME Record ...................................................................... 609
Adding an AFSDB Record ..................................................................... 610
Adding an NAPTR Record ..................................................................... 611
Adding an NSAP Record ....................................................................... 611
Adding a DS Record .............................................................................. 612
Adding a DNSKEY Record ..................................................................... 612
Adding a WKS Record ........................................................................... 613
Editing Resource Records ............................................................................. 614
Editing records ...................................................................................... 614
Editing the SOA .................................................................................... 615
Deleting Resource Records ........................................................................... 616
Configuring the Delegation at the RR Level ..................................................... 616
Managing RR Duplication and Migration ......................................................... 618
Changing the Hostname Convention ............................................................... 619
Load Balancing with Round Robin .................................................................. 619
SPF Record .................................................................................................. 620
46. DNSSEC ......................................................................................................... 621
Introduction ................................................................................................... 621
DNSKEY Resource Record .................................................................... 621
RRSIG Resource Record ....................................................................... 622
NSEC/NSEC3 Resource Record ............................................................ 623
DS Resource Record ............................................................................. 623
DNSSEC Chains of Trust ....................................................................... 623
Managing a DNSSEC Resolver ...................................................................... 624
Enabling a DNSSEC Resolver ................................................................ 625

xiv
 Administrator Guide

Managing DNSSEC Trust Anchors ......................................................... 625

Managing an Authoritative DNSSEC Server .................................................... 626
Signing a Zone ...................................................................................... 626
Regenerating Keys ................................................................................ 627
Managing the Delegation Signer ............................................................ 629
Disabling DNSSEC ........................................................................................ 632
Enabling and Disabling Keys .................................................................. 632
Unsigning DNSSEC Zones .................................................................... 633
Purging DNSSEC Zones ........................................................................ 633
Invalidating a Compromised KSK ........................................................... 633
Deleting Unused DNSSEC Keys ............................................................. 635
47. HSM ............................................................................................................... 636
Browsing the HSM Database ......................................................................... 636
Understanding the HSM Servers Statuses .............................................. 638
Prerequisites ................................................................................................. 638
Configuring the HSM ..................................................................................... 638
Integrating the HSM to SOLIDserver ....................................................... 638
Configuring the HSM ............................................................................. 640
Enabling the HSM Dedicated DNS Server ............................................... 642
Managing the HSM ........................................................................................ 643
Using the HSM Service With DNS Servers .............................................. 643
Using the HSM with DNSSEC ................................................................ 644
Deleting an HSM Appliance ................................................................... 644
Best Practices To Stop Using the HSM ................................................... 645
HSM Limitations ............................................................................................ 645
48. DNS Firewall (RPZ) .......................................................................................... 647
Browsing RPZ Zones and Records ................................................................. 647
Browsing the RPZ Database .................................................................. 648
Customizing the RPZ Resource Records Display .................................... 648
Managing RPZ Zones .................................................................................... 649
Adding RPZ Zones ................................................................................ 649
Editing RPZ Zones ................................................................................ 650
Deleting RPZ Zones .............................................................................. 651
Managing RPZ Records ................................................................................. 651
Understanding the RPZ Policies Order .................................................... 652
Configuring Policies Using Domain Names ............................................. 653
Configuring Policies Using IP Addresses ................................................. 656
Configuring Policies Using Name Servers ............................................... 659
Configuring Other Policies ..................................................................... 663
Deleting Policies .................................................................................... 663
49. Hybrid DNS Service ......................................................................................... 664
Checking the Compatibility with Hybrid ........................................................... 664
Matching Hybrid Basic Requirements ..................................................... 664
Making Sure the Server Configuration is Compatible with Hybrid .............. 665
Generating the Hybrid Incompatibilities Report ........................................ 665
Switching to Hybrid DNS ................................................................................ 667
The Server Switched to NSD ................................................................. 668
The Server Switched to Unbound ........................................................... 669
Hybrid DNS Engines Limitations ............................................................. 670
Forcing Compatibility with Hybrid .................................................................... 670
Switching Back to BIND ................................................................................. 671
Administrating the Backup and Restoration of Hybrid Configurations ................ 672
Generating a Backup with Hybrid Servers ............................................... 672
Restoring a Backup Containing Hybrid Servers ....................................... 672

xv
 Administrator Guide

50. Reporting and Monitoring the DNS .................................................................... 673

Generating DNS Reports ............................................................................... 673
DNS Server Reports .............................................................................. 673
DNS Zone Reports ................................................................................ 674
Monitoring DNS Servers ................................................................................ 674
Monitoring a DNS Server ....................................................................... 674
Monitoring DNS Queries ........................................................................ 675
51. Importing DNS Data ......................................................................................... 677
Importing DNS Data from a CSV File .............................................................. 677
Importing DNS Zones from a BIND Archive File .............................................. 677
Importing DNS Zones from a VitalQIP Archive File .......................................... 678
VIII. NetChange ............................................................................................................. 679
52. Introduction ..................................................................................................... 682
Objectives of NetChange ............................................................................... 682
Optimizing the Discovery Efficiency ................................................................ 683
Configuring CDP (Cisco devices) ........................................................... 683
Configuring Auto-topology NDP (Nortel devices) ..................................... 683
Listing Network Devices ......................................................................... 683
Configuring the SNMP ................................................................................... 684
Increasing the SNMP Performance ......................................................... 684
NetChange Licenses ..................................................................................... 684
53. Managing Network Devices .............................................................................. 685
Browsing Network Devices ............................................................................. 685
Browsing the Network Devices Database ................................................ 685
Customizing the Network Devices Display ............................................... 686
Adding Network Devices ................................................................................ 687
Importing Network Devices ............................................................................ 687
Importing Network Devices Using a CSV File .......................................... 687
Importing Network Devices Using Discovery Protocols ............................ 688
Enabling or Disabling the 802.1X Authentication Protocol ................................. 689
Refreshing the Network Devices Database ..................................................... 690
Refreshing a Device Manually ................................................................ 690
Scheduling a Refresh ............................................................................ 691
Connecting to a Network Device Via a Console ............................................... 692
Making a Network Device Snapshot ............................................................... 692
Creating Network Devices in Device Manager ................................................. 693
Deleting Network Devices .............................................................................. 693
Defining a Network Device as a Group Resource ............................................ 694
54. Managing Routes ............................................................................................. 695
Browsing the Routes Database ...................................................................... 695
Customizing the Routes Display ..................................................................... 695
55. Managing VLANs ............................................................................................. 696
Browsing VLANs ........................................................................................... 696
Browsing the VLANs Database ............................................................... 696
Customizing the VLANs Display ............................................................. 697
Adding a VLAN ............................................................................................. 697
Editing a VLAN .............................................................................................. 698
Deleting a VLAN ............................................................................................ 698
56. Managing Ports ............................................................................................... 699
Browsing Ports .............................................................................................. 699
Browsing the Ports Database ................................................................. 700
Customizing the Ports Display ................................................................ 700
Enabling or Disabling a Port ........................................................................... 701
Editing a Port Interconnection ........................................................................ 701

xvi
 Administrator Guide

Editing a Port Speed and Duplex Mode ........................................................... 702

Updating a Port Description ........................................................................... 703
Managing the 802.1X Authentication on a Port ................................................ 703
Restricting Access to a Port Using Port-security Protocol ................................. 704
Configuring VLAN Tagging on a Port ............................................................... 706
Configuring the Tagging Mode ................................................................ 706
Associating a Port With a VLAN .............................................................. 707
Refreshing the Ports Database ....................................................................... 708
57. Managing Discovered Items .............................................................................. 709
Browsing Discovered Items ............................................................................ 709
Browsing the Discovered Items Database ............................................... 709
Customizing the Discovered Items Display .............................................. 710
Refreshing the Discovered Items Database ..................................................... 710
Populating Device Manager ........................................................................... 710
Creating the IP Address of a Discovered Item in the IPAM ................................ 711
Using the History View to Track the Movements a Specific Device .................... 711
58. Managing Statistics .......................................................................................... 712
Displaying NetChange Statistics ..................................................................... 712
Displaying Network Devices Statistics ............................................................. 712
Displaying Ports Statistics .............................................................................. 712
Enabling the Rule That Retrieves Ports Information ................................. 712
Displaying a Port Charts ........................................................................ 713
59. Monitoring, Configuring and Tuning ................................................................... 714
Generating NetChange Reports ..................................................................... 714
Network Device Reports ........................................................................ 714
Keeping NetChange Data Up-to-date .............................................................. 714
Synchronizing the Network Devices with a CSV File ........................................ 716
Managing NetChange Advanced Configurations .............................................. 717
IX. Workflow .................................................................................................................. 718
60. Introduction ..................................................................................................... 720
Workflow Pages ............................................................................................ 720
Workflow Requests ....................................................................................... 720
Workflow Management Best Practices ............................................................ 720
61. Granting Access to Workflow Classes ............................................................... 722
62. Managing Outgoing Requests ........................................................................... 724
Browsing Outgoing Requests ......................................................................... 724
Browsing the Outgoing Requests Database ............................................ 724
Customizing the Outgoing Requests Display ........................................... 725
Adding Requests for Creation ........................................................................ 725
Adding Requests for Edition ........................................................................... 726
Adding Requests for Deletion ......................................................................... 727
Editing Requests ........................................................................................... 729
Editing a Request Details ....................................................................... 729
Adding Information to a Request ............................................................ 729
Cancelling Requests ...................................................................................... 730
63. Managing Incoming Requests ........................................................................... 732
Browsing Incoming Requests ......................................................................... 732
Browsing the Incoming Requests Database ............................................ 732
Customizing the Incoming Requests Display ........................................... 733
Managing the Requests Content .................................................................... 733
Administrating Requests Using the Default Statuses and Options ..................... 733
Handling Requests ................................................................................ 734
Accepting Requests .............................................................................. 735
Rejecting Requests ............................................................................... 735

xvii
 Administrator Guide

Finishing Requests ................................................................................ 735

Archiving Requests ............................................................................... 736
Administrating Requests Using Your Own Settings ........................................... 736
64. Executing Requests ......................................................................................... 737
Executing Requests Using the Execute Option ................................................ 737
Executing Requests Using Classes ................................................................ 738
Configuring a Workflow Request association Class .................................. 739
Applying a Workflow Request Association Class ...................................... 740
65. Customizing the Requests Administration .......................................................... 742
Editing the Workflow Statuses ........................................................................ 743
Editing the Email Notifications Details ............................................................. 745
Adding a Workflow Status .............................................................................. 746
Customized Statuses Best Practices .............................................................. 747
Status Addition Best Practices ............................................................... 747
Status Edition Best Practices ................................................................. 748
Status Deletion Best Practices ............................................................... 748
X. Device Manager ........................................................................................................ 749
66. Introduction ..................................................................................................... 751
Objectives of Device Manager ........................................................................ 751
Devices ........................................................................................................ 752
Ports and Interfaces ...................................................................................... 752
67. Managing Devices ........................................................................................... 754
Browsing Devices .......................................................................................... 754
Browsing the Devices Database ............................................................. 754
Customizing the Devices Display ............................................................ 755
Managing the Devices Visibility .............................................................. 755
Adding Devices ............................................................................................. 756
Adding Devices Automatically ................................................................ 756
Adding Devices Manually ....................................................................... 759
Duplicating Devices ....................................................................................... 760
Merging Devices ........................................................................................... 761
Deleting Devices ........................................................................................... 761
Importing Devices ......................................................................................... 762
68. Managing Ports and Interfaces ......................................................................... 763
Browsing Ports and Interfaces ........................................................................ 763
Browsing the Devices Database ............................................................. 763
Customizing the Devices Display ............................................................ 764
Managing the Ports and Interfaces Visibility ............................................ 764
Adding Ports and Interfaces ........................................................................... 765
Adding Ports and Interfaces Automatically .............................................. 765
Adding Ports and Interfaces Manually ..................................................... 766
Editing Ports and Interfaces Properties ........................................................... 770
Changing a Port or Interface Name ......................................................... 770
Editing a Port ........................................................................................ 771
Editing an Interface ............................................................................... 772
Tracking Changes in the All ports & interfaces List ........................................... 774
The Reconciliation Column .................................................................... 774
The Reconciliation Option ...................................................................... 774
Deleting Ports and Interfaces ......................................................................... 775
Importing Ports and Interfaces ....................................................................... 775
69. Managing the Interaction with the IPAM ............................................................. 776
Assigning IP Addresses to an Interface Using their MAC Address ..................... 776
Assigning IPv4 Addresses to an Interface ............................................... 777
Assigning IPv6 Addresses to an Interface ............................................... 778

xviii
 Administrator Guide

Managing the IP Addresses/Interfaces Link from the IPAM Module ................... 779
Using Default Behaviors to Associate IP Addresses with Interfaces .......... 780
Using the Menu to Manage the IP Addresses/Interfaces Link ................... 781
Editing the Devices Topology from the IPAM Module ........................................ 783
70. Rules Impacting Device Manager ...................................................................... 785
Other Modules Rules Impacting Device Manager ............................................ 785
DHCP Rules ......................................................................................... 785
NetChange Rules .................................................................................. 785
Adding Device Manager Rules ....................................................................... 785
Enabling or Disabling Device Manager Rules .................................................. 786
XI. VLAN Manager ......................................................................................................... 788
71. Introduction ..................................................................................................... 790
Objectives of VLAN Manager ......................................................................... 790
VLAN Domains ............................................................................................. 790
VLAN Ranges ............................................................................................... 791
72. Managing VLAN Domains ................................................................................. 792
Browsing VLAN Domains ............................................................................... 792
Browsing the VLAN Domains Database .................................................. 792
Customizing the VLAN Domains Display ................................................. 793
Adding VLAN Domains .................................................................................. 793
Editing VLAN Domains .................................................................................. 793
Deleting VLAN Domains ................................................................................ 794
Importing VLAN Domains ............................................................................... 794
Defining a VLAN Domain as a Group Resource ............................................... 794
Creating Classes at VLAN Domain Level ........................................................ 795
73. Managing VLAN Ranges .................................................................................. 796
Browsing VLAN Ranges ................................................................................. 796
Browsing the VLAN Ranges Database .................................................... 796
Customizing the VLAN Ranges Display ................................................... 797
Adding VLAN Ranges .................................................................................... 797
Editing VLAN Ranges .................................................................................... 798
Changing a Range Properties ................................................................ 798
Changing a Range Size ......................................................................... 798
Deleting VLAN Ranges .................................................................................. 799
Importing Ranges .......................................................................................... 799
Defining a VLAN Range as a Group Resource ................................................ 800
Creating Classes ........................................................................................... 800
74. Managing VLANs ............................................................................................. 801
Browsing VLANs ........................................................................................... 801
Browsing the VLANs Database ............................................................... 801
Customizing the VLANs Display ............................................................. 802
Understanding the VLANs Statuses ........................................................ 802
Adding VLANs ............................................................................................... 802
Editing VLANs ............................................................................................... 803
Deleting VLANs ............................................................................................. 803
Importing VLANs ........................................................................................... 804
75. Managing the IPAM / VLAN Interaction .............................................................. 805
Configuring the IPAM / VLAN Interaction ......................................................... 805
Applying the IPAM / VLAN Interaction ............................................................. 806
XII. Rights Management ................................................................................................. 808
76. Introduction ..................................................................................................... 810
77. Managing Groups ............................................................................................ 811
Browsing Groups of Users ............................................................................. 811
Browsing the Groups Database .............................................................. 811

xix
 Administrator Guide

Customizing the Groups Display ............................................................. 812

Adding Groups of Users ................................................................................. 812
Editing Groups of Users ................................................................................. 813
Managing the Resources of a Group of Users ................................................. 813
Understanding Resources ...................................................................... 813
Assigning Resources to a Group ............................................................ 817
Removing Resources from a Group ........................................................ 819
Managing the Permissions of a Group of Users ............................................... 819
Configuring the Groups Permissions ....................................................... 821
Editing a Group of Users Permissions ..................................................... 821
Managing the Users of a Group of Users ........................................................ 822
Adding a User to a Group ...................................................................... 822
Removing a User from a Group .............................................................. 822
Disabling or Enabling Groups of Users ............................................................ 823
Deleting Groups of Users ............................................................................... 824
Importing Groups of Users from a CSV File .................................................... 824
78. Managing Users .............................................................................................. 825
Browsing Users ............................................................................................. 825
Browsing the Users Database ................................................................ 825
Customizing the Groups Display ............................................................. 826
Adding Users ................................................................................................ 826
Editing Users ................................................................................................ 827
Editing the User Details ......................................................................... 827
Editing the User Group .......................................................................... 828
Changing the User Password ................................................................. 828
Configuring User Sessions ............................................................................. 829
Configuring Users Login Session Time ................................................... 829
Redirecting Users After They Log Out or Their Session Expires ................ 829
Disabling or Enabling User ............................................................................. 830
Deleting Users .............................................................................................. 830
Importing Local Users from a CSV File ........................................................... 831
79. Managing Authentication Rules ......................................................................... 832
Browsing Authentication Rules ....................................................................... 832
Browsing the Authentication Rules Database .......................................... 833
Adding Authentication Rules .......................................................................... 833
Relying on Active Directory Authentication .............................................. 833
Relying on LDAP Authentication ............................................................. 836
Relying on Radius Authentication ........................................................... 837
Editing an Authentication Rule ........................................................................ 839
Enabling or Disabling an Authentication Rule .................................................. 839
Deleting an Authentication Rule ..................................................................... 840
XIII. Administration ........................................................................................................ 841
80. High Availability Management ........................................................................... 845
Introduction ................................................................................................... 845
Definition .............................................................................................. 845
HA Management Concepts .................................................................... 845
The All SOLIDserver Page ..................................................................... 847
Configuring SOLIDserver for HA Management ................................................ 849
Configuring your Master Appliance Locally .............................................. 849
Adding an Appliance to the All SOLIDserver List ..................................... 850
Configuring HA Management ................................................................. 850
Upgrading Appliances in High Availability ........................................................ 852
Automatically Upgrading both Appliances ............................................... 852
Upgrading One Appliance at a Time ....................................................... 853

xx
 Administrator Guide

Switching the HA Configuration ...................................................................... 854

Monitoring the HA Logs ................................................................................. 855
Disabling the HA Configuration ....................................................................... 855
Disabling HA by Modifying the Appliances Role ....................................... 855
Disabling HA by Deleting an Appliance from the All SOLIDserver List ....... 856
High Availability Advanced Options and Troubleshooting Solutions ................... 857
If the Network is Unreliable .................................................................... 857
In the Event of a Network Disruption ....................................................... 859
In the Event of a Split-brain .................................................................... 860
If an Appliance Needs to be Replaced .................................................... 861
High Availability Limitations ............................................................................ 862
81. Remote Management of Other Appliances ........................................................ 863
Introduction ................................................................................................... 863
Configuring SOLIDserver to Remotely Manage Other Appliances ..................... 863
Configuring the Management Appliance ................................................. 863
Configuring the Remote Management .................................................... 864
Managing Other Appliances Remotely ............................................................ 864
Managing Remote Appliances Network Configuration .............................. 865
Managing Remote Appliances Services Configuration ............................. 865
Upgrading Remote Appliances through the All SOLIDserver list ............... 865
Removing Remote Appliances from the All SOLIDserver list .................... 866
Remote Management Advanced Options ........................................................ 866
If an Appliance Needs to be Replaced .................................................... 866
82. Monitoring Tools ............................................................................................... 867
Logs ............................................................................................................. 867
Logs Visualization ................................................................................. 867
Configuration of Network Logs ............................................................... 868
Statistics ....................................................................................................... 869
Session Tracking ........................................................................................... 870
Last User Connected ............................................................................. 870
All Users Connections ........................................................................... 871
User Tracking ................................................................................................ 871
Tracking Users Through the Filters ......................................................... 871
Tracking Users Through the Columns ..................................................... 872
Allowing Users to Display All the Operations Performed ........................... 873
Using the Extended User Tracking Display .............................................. 874
Netstat .......................................................................................................... 875
Database Tables Size .................................................................................... 875
Vacuum The Database .......................................................................... 876
Reports ........................................................................................................ 876
Statistics Reports .................................................................................. 877
User Reports ........................................................................................ 877
83. Managing SNMP Profiles ................................................................................. 878
Adding an SNMP Profile ................................................................................ 878
Editing an SNMP Profile ................................................................................ 879
Deleting an SNMP Profile .............................................................................. 879
84. Maintenance Tools ........................................................................................... 881
Using the Maintenance Mode ......................................................................... 881
Updating the Macros and Rules ..................................................................... 881
Clearing the Appliance Cache ........................................................................ 882
85. Local Files Listing ............................................................................................ 883
Understanding the Local Files Listing ............................................................. 883
Understanding the Page Display ............................................................. 883
Local Page ............................................................................................ 883

xxi
 Administrator Guide

TFTP Page ........................................................................................... 884

Logs Page ............................................................................................ 884
Config files Page ................................................................................... 884
Custom images Page ............................................................................ 884
Custom WSDL Page .............................................................................. 884
Managing Local Files Listing Files .................................................................. 884
Uploading Files ..................................................................................... 884
Downloading Files ................................................................................. 885
Deleting Files ........................................................................................ 885
86. Troubleshooting ............................................................................................... 886
Before Troubleshooting .................................................................................. 886
Troubleshooting Guidelines ............................................................................ 886
Troubleshooting Tools .................................................................................... 887
Network Capture ................................................................................... 887
Troubleshooting Dump ........................................................................... 888
87. Backup and Restoration ................................................................................... 889
Browsing the Backup Database ...................................................................... 889
Creating an Instant Backup ............................................................................ 890
Scheduling the Backup .................................................................................. 891
Archiving the Backup Files on FTP ................................................................. 891
Restoring a Configuration .............................................................................. 892
88. Upgrading ....................................................................................................... 894
Upgrading a SOLIDserver .............................................................................. 894
Running the Post-Migration to Update the Database ........................................ 895
89. Custom DB ...................................................................................................... 896
Browsing Custom DB .................................................................................... 896
Browsing Custom DB Database ............................................................. 896
Browsing Custom Data .......................................................................... 897
Adding a Custom DB ..................................................................................... 897
Editing a Custom DB ..................................................................................... 898
Deleting a Custom DB ................................................................................... 898
Configuring a Custom DB with Custom Data ................................................... 899
Adding Data in a Custom DB ................................................................. 899
Editing the Data of a Custom DB ............................................................ 899
Deleting Data From a Custom DB ........................................................... 900
Importing Custom Data .......................................................................... 900
90. Class Studio .................................................................................................... 901
Browsing Class Studio ................................................................................... 901
Browsing Class Studio Database ............................................................ 902
Browsing the Classes Database ............................................................. 902
Understanding Class Studio ........................................................................... 903
Understanding Classes .......................................................................... 904
Understanding Class Objects ................................................................. 905
Adding Classes ............................................................................................. 907
Editing Classes ............................................................................................. 908
Duplicating Classes ............................................................................... 908
Renaming Classes ................................................................................ 909
Moving Classes ..................................................................................... 909
Changing or Stop Using Classes ............................................................ 910
Using Classes ............................................................................................... 910
Deleting Classes ........................................................................................... 911
Configuring Classes with Class Objects .......................................................... 911
Adding Class Objects ............................................................................ 912
Editing Class Objects ............................................................................ 935

xxii
 Administrator Guide

Organizing Class Objects ...................................................................... 936

Deleting Class Objects .......................................................................... 936
Managing Class Studio Syntax ....................................................................... 937
Basic Regular Expressions .................................................................... 937
Defining a Class as a Group Resource ........................................................... 938
91. Packager ......................................................................................................... 939
Browsing the Packages Database .................................................................. 939
Uploading Packages ...................................................................................... 940
Creating Packages ........................................................................................ 940
Editing Packages ........................................................................................... 942
Installing Packages ........................................................................................ 943
Uninstalling Packages ................................................................................... 943
Downloading Packages .................................................................................. 944
Deleting Packages ........................................................................................ 944
A. DHCP Options .......................................................................................................... 945
Basic Options ........................................................................................................ 945
Server Parameters ................................................................................................ 946
Lease Information Options ..................................................................................... 947
WINS/NetBIOS Options ......................................................................................... 947
Host IP Options ..................................................................................................... 947
Interface Options ................................................................................................... 948
Servers Options .................................................................................................... 949
BOOTP Compatibility Options ................................................................................ 951
DHCP Packet Fields Options .................................................................................. 952
Microsoft DHCP Client Options .............................................................................. 953
NetWare Client Options ......................................................................................... 954
NIS/NISplus Options .............................................................................................. 954
Miscellaneous ....................................................................................................... 955
Vendor MSFT Options ........................................................................................... 955
Vendor Nwip Options ............................................................................................. 955
B. MAC Address Types References ................................................................................. 957
C. DNS Resource Records Related Fields ...................................................................... 959
D. User Tracking Services Filter ...................................................................................... 961
E. Class Studio Pre-defined Variables ............................................................................. 964
F. Matrices of Network Flows .......................................................................................... 967
IPAM Network Flows .............................................................................................. 968
DHCP Network Flows ............................................................................................ 969
SOLIDserver DHCP ...................................................................................... 969
Windows 2000, 2003, 2008 DHCP Agent ........................................................ 970
Windows 2000, 2003, 2008 DHCP Agentless .................................................. 971
DNS Network Flows .............................................................................................. 972
SOLIDserver DNS ......................................................................................... 972
Windows 2000, 2003, 2008 DNS .................................................................... 973
Windows 2000, 2003, 2008 DNS Agentless .................................................... 974
NetChange Network Flows .................................................................................... 975
High Availability Management Network Flows .......................................................... 976
G. Configuring Radius ................................................................................................... 977
Configuring FreeRadius ......................................................................................... 977
Configuring the Radius Server ....................................................................... 977
Configuring a FreeRadius server with SOLIDserver ......................................... 977
Configuring Radius with Cisco ACS ........................................................................ 978
H. SPX ......................................................................................................................... 981
Prerequisites ......................................................................................................... 981
Enabling the SPX Classes ..................................................................................... 982

xxiii
 Administrator Guide

Enabling the SPX Rules ......................................................................................... 982

Managing your RIPE Network With SOLIDserver ..................................................... 982
Configuring the Connection to the RIPE .......................................................... 983
Importing Your Network Objects ..................................................................... 986
Adding RIPE Objects From the GUI ................................................................ 989
Editing RIPE Objects From the GUI ................................................................ 995
Deleting RIPE Objects From the GUI .............................................................. 998
Making Sure the RIPE Received Your Changes ............................................. 1000
Validating a New Assignment Window ........................................................... 1000
Editing the Connection to the RIPE ............................................................... 1001
Index .......................................................................................................................... 1004

xxiv
About This Guide
SOLIDserver is an appliance suite that allows to manage a network on all levels (from the IP
address to the network devices) through key services, systems and protocols such as the IPAM,
the DNS, the DHCP or even NTP, SNMP, TFTP, etc. Its main purpose is to provide users with
the possibility to manage their network using only one device.

SOLIDserver Administrator Guide is a document that describes and details the modules you
might have purchased with your license. This guide will not detail the existing types of licenses
and what modules and options they contain or lack. Note that some of the configurations described
in this document should not be handled by end users if the do not have previous knowledge of
the basic principles of certain protocols and what creating, editing or deleting some objects implies
on the network configuration.

Documentation Organization
SOLIDserver Administrator Guide is divided into ten parts:

• Starting: the description of the appliance hardware front panel and the descriptions of its basic
and first configuration.
• Graphical User Interface: the description of the Graphical User Interface and everything you
need to know to manipulate SOLIDserver at the best of its potential. It also provides very
useful GUI tips such as the dashboards and gadgets as well as how to customize your session
through images.
• System Configuration: the system configuration possibilities of an appliance such as the
network configuration or the services.
• Global Policies: a description of all the features and options available in all the modules of
the appliance: the alerts, default behaviors, imports, exports, reports and Smart Folders.
• IPAM Management: a description of all the options available in the IP addresses dedicated
module.
• DHCP Management: a description of all the options available in the DHCP protocol dedicated
module.
• DNS Management: a description of all the options available in the DNS protocol dedicated
module.
• NetChange: a description of all the options available in the module NetChange dedicated to
devices connected to your network.
• Workflow: a description of all the options available in the Workflow dedicated module.
• Device Manager: a description of all the options available in the module Device Manager
dedicated to devices, ports and interfaces personalized management.
• VLAN Manager: a description of all the options available in the module VLAN Manager dedic-
ated to Virtual Local Area Network personalized management.
• Rights Management: a description of the pages dedicated to users, groups of users and the
available rules that allow their authentication management.
• Administration: a description of all the options available in the Administration module, including
high availability, users, groups and delegation options, etc.

At the end of the guide, you will also find appendices containing technical details regarding:

xxv
 About This Guide

• DHCP Options includes options and parameters from basic options to lease information, host
IP, interfaces, servers, BOOTP, Microsoft, NetWare NIS/NISplus or even vendors options.
• MAC Address Types References displays the reference number, in the GUI, of DHCP statics
supported MAC types.
• DNS Resources Records Related Fields displays the fields that will need to be configured
when adding resource record to a zone.
• Matrices of Network Flows details the network flows of the DNS, the DHCP, the IPAM as
well as the High Availability Management or NetChange.
• Configuring Radius: provides procedures to configure FreeRadius and Radius with Cisco
ACS and make them compatible with SOLIDserver.
• Class Studio Pre-defined Variables: provides a table detailing the values available when
configuring a pre-defined variable class object.
• SPX: the Service Provider eXtension module that allows you to manage your RIPE database
from SOLIDserver.

Documentation Convention
Each part of this guide is divided into chapters dedicated to configurations of specific objects is
order to give a clear presentation of their goal before providing procedures detailing the steps
to follow to configure, add, edit or modify objects managed through the appliance. To illustrate
the concepts explanations, you will find illustrations, diagrams and screenshots.

In each procedure, you will find some words highlighted to differentiate them from explanations
or actions. You will also find notes and explanatory tables like the one below:

Table 1. Highlighted Words And Messages in the Guide

Browser Version
Procedure All the configurations, additions, file deletions... are displayed step by step
in a procedure. The procedures will contain highlighted words that refer to
the Graphical User Interface, they might also contain some icons and notes.
Name Words that you will find in the GUI: page names, wizard titles, columns name,
etc.
BUTTON The content of the blue buttons that you will find in the GUI: OK, EDIT, DE-
LETE, CANCEL, UPDATE, etc.
Menu Menu related words. Click on the menu specified in the procedure, the options
available will open. Follow the procedure to get to the right option. The mouse
steps to get from the menu bar to a particular option are symbolized by arrows
as such: menu > option > option.
Table The tables in the guide will always contain a title and at least two columns
to put together in a clear manner the available options.
Notes contain information that should be taken into consideration.

Caution messages contain critical information that must be taken into account.

Warning messages contain important information that should not be over-

looked.

xxvi
 About This Guide

Browser Version
Tip messages contain advices to help the user enhance the use of SOLID-
server or the management of particular objects.

xxvii
Part I. Starting
Table of Contents
1. Hardware Appliance Front Panel .................................................................................... 3
2. Basic Network Configuration .......................................................................................... 5
Prerequisites ............................................................................................................ 5
Hardware requirements ..................................................................................... 5
Supported Browser ........................................................................................... 5
Basic Network Configuration using the LCD Screen .................................................... 5
Basic Network Configuration through the LCD .................................................... 6
Resetting the Basic Network Configuration ......................................................... 7
Basic Network Configuration using a Terminal ............................................................. 7
Using SOLIDserver For the First Time ...................................................................... 10
Logging on SOLIDserver ................................................................................. 10
Setting the Main Modules Default Behaviors ..................................................... 11
Requesting and Adding a License .................................................................... 11

2
Chapter 1. Hardware Appliance Front
Panel
The front panel of SOLIDserver allows you to plug in one or more physical interfaces. It is also
possible to plug in a console cable to visualize the display output on another computer/screen.
Using the server panel, you can easily set up basic network configuration.

the global IPAM company

1 1 2 2 3 4

eth1 eth2 eth3 eth4 rmgmt console

mgmt1 mgmt2 lan1 lan2

Figure 1.1. SOLIDserver Front Panel Ports

1 eth1/eth2: These ports allow you to plug in one or more cables for the management. To
understand how SOLIDserver manages all physical interfaces, please refer to the System
configuration section.
2 eth3/eth4: These ports allow you to plug in one or more cables for the network services.
To understand how SOLIDserver manages all physical interfaces, please refer to the System
configuration section.
3 rmgmt: This port is IPMI and LAN dedicated . The IPMI protocol leverages an out-of-band
network (typically dedicated for server monitoring and management), that provides a flawless
and secure path for mission-critical applications when regular in-band connectivity is lost or
is unresponsive. This port is only available on the SDS-500, SDS-1000, SDS-2000 and
SDS-3000.
4 console: This port allows you to plug in a console cable to visualize the output on a terminal
device. The console port on SOLIDserver is an asynchronous serial port. The console port
is configured as data terminal equipment (DTE). The console port uses RJ-45 connectors
(Cisco). Adapters are available for connections to PC terminals, modems, or other external
communication equipment. To connect a PC terminal to the console port, use either a RJ-
45-to-RJ-45 rollover cable, a RJ-45-to-DB-25 female DTE adapter or the RJ-45-to-DB-9 fe-
male DTE adapter (labeled "TERMINAL"). The default parameters for the console port are:

• 9600 baud.
• 8 data bits.
• No parity generated or checked.
• 1 stop bit.
• No Flow Control.

You may use the following softwares:

• Hyper terminal or Putty on Windows.

• minicom on Linux, MacOS, Unix.
• cu on Linux, MacOS, Unix.

3
 Hardware Appliance Front Panel

1 2 3

reset

4 5

Figure 1.2. SOLIDserver Front Panel LED, Screen and Buttons

1 This LED glows green when the appliance is on.

2 This LED flashes red when the hard drive processes data.
3 This LED glows yellow in case of a new information event.
4 Button to start/stop the server. If you keep the button pushed, the server will shutdown directly
- this action is not recommended. If you push the button once, the server will shut down by
itself.
5 Buttons to navigate through the LCD screen menus.

4
Chapter 2. Basic Network Configuration
SOLIDserver can be configured using the hardware appliance front panel LCD screen itself or a
terminal. We will discuss in detail the two different configuration approaches as well as the steps
to follow during the very first appliance use.

Prerequisites
Before using SOLIDserver Graphical User Interface (GUI) you need to connect your device to
the network and configure an IP address for it (i.e. The default gateway configured during the
installation).

The management client is the computer from which you configure and manage SOLIDserver, it
must meet the requirements below to operate a SOLIDserver.

Hardware requirements
The minimum hardware requirements are:

• 128 Kbps of network connectivity to SOLIDserver.

• 512 MB RAM available for the product GUI, 1 GB RAM is recommended.
• A display resolution of 1024x768.
• A mouse.

Warning
You must disable your WEB browser pop-up blocker for the IP address you configured
for your SOLIDserver to manage it properly.

Supported Browser
You must have at least one of the following WEB browsers:

Table 2.1. Browser supported

Browser Version
Microsoft Internet Explorer 7.x, 8.x and 9.0.8112.16421 (compatible mode)
Mozilla Firefox 3.x - 17.0.1
Safari 4.x - 6.0.2
Chrome 10.x - 23.0.1271.97 m

Basic Network Configuration using the LCD Screen

SOLIDserver front panel LCD screen can be used in two ways:

1. To set up the first network configuration.

Once SOLIDserver has booted and is up and running, you have 30 seconds to press any arrow
button to get into the edition mode. Through this mode you can edit the IP address as well as
the netmask and the gateway. By default, the first physical interface is configured (eth1 on the

5
 Basic Network Configuration

server panel, called em0 in the system) with an IP address 192.168.1.1/255.255.255.0 and a
gateway set to 0.0.0.0.The configuration of the Basic Network using LCD display can be applied
only on eth1 with one IP address.
2. To visualize the network configuration.

The LCD screen displays at all times the following information when SOLIDserver server is
running : the hostname, serial number, IP address, profeix/netmask and gateway. So during
the very first configuration if you let the 30 seconds timer run out, the default configuration will
be implemented and displayed on the screen after 90 seconds. No matter how you configured
the appliance, the LCD screen will provide a summary of the key network configuration data.

Basic Network Configuration through the LCD

To apply a basic network configuration

1. Plug in an Ethernet cable on Eth1   the default interface configured on SOLIDserver.

2. Turn on SOLIDserver by pushing . During the boot sequence, the LCD screen displays
Device booting.
3. Once SOLIDserver is booted, a 30 seconds countdown is displayed. Press to enter the
setup.
4. Modify the IP address: to move from one octet to the other, press / . To decrease/increase
its value, press / . By default, the IP address is 192.168.1.1 .
5. To commit the new IP address, go to the last position of the menu (on the far right). A new
Menu appears:

• Esc: Cancel the current modification and go back to the menu.

• No: Cancel the current modification and allows you to set a new value.
• Yes: Commit the value. The message Performing appears.

6. Modify the Netmask: to move from one octet to the other, press / . To decrease/increase
its value, press / . By default, the netmask is 255.255.255.0 .
7. To commit the new Netmask, go on the last position of the menu (on the far right). A new
Menu appears:

• Esc: Cancel the current modification and go back to the menu.

• No: Cancel the current modification and allows you to set a new value.
• Yes: Commit the value. The message Performing appears.

8. Modify the Gateway: to move from one octet to the other, press / . To decrease/increase
its value, press / . By default, the gateway is 0.0.0.0 .
9. To commit the new Gateway, go on the last position of the menu (on the far right). A new
Menu appears:

• Esc: Cancel the current modification and go back to the menu.

• No: Cancel the current modification and allows you to set a new value.
• Yes: Commit the value. The message Performing appears.

6
 Basic Network Configuration

10. The basic network configuration is applied. Now you can launch your browser and point it
to the IP address you just configured.

Resetting the Basic Network Configuration

If you reset the system the original network configuration will be applied, i.e. The default config-
uration of SOLIDserver appliance mentioned earlier:

• IP address/Netmask: 192.168.1.1 / 255.255.255.0 .

• Gateway: 0.0.0.0 .
• Physical interface: eth1.

Warning
Once the reset has been confirmed, SOLIDserver reboots automatically.

To reset the basic network configuration

1. If the SOLIDserver is not turned on, push . During the boot sequence, the LCD screen
displays Device booting. Once SOLIDserver is started, a timer is displayed. Press to enter
in the setup.
2. Push until the EXIT menu appears. Then press to enter in the RESET menu. The mes-
sage WARNING: net conf will be lost is displayed.
3. To commit the reset, push . The message Restarting appliance... appears. If you do not
want reset, push to discard.

Basic Network Configuration using a Terminal

Most of the system configuration on SOLIDserver must be done from the WEB console. To
connect to the WEB console, first of all you have to configure a network interface on the system.
SOLIDserver provides a Command-Line Interface (CLI) allowing to apply system configurations
without WEB access. This CLI allows changes to be made from the console by using the serial
port, the VMware console, the VGA/keyboard console or a SSH remote console connection as
well.

In the procedure below, we will configure a virtual interface and physical interface before setting
an IP address, netmask, gateway and DNS resolver IP address.

To configure the first network interface

To configure the appliance from a web browser, an IP address and a gateway must be configured.
By default, there is already an interface configured with IP address 192.168.0.1 and netmask
255.255.255.0.

1. Press Enter to see the login prompt.

SOLIDserver access
login:

2. Enter the login root and hit Enter. The root account does not use a password at the first in-
stallation. The Main menu appears.
3. Select N Network Configuration and hit Enter.

7
 Basic Network Configuration

Note
According to the support used, the display can be in color (VMware, your own
appliance system) or in black and white (SOLIDserver's appliance with console
port used).

The Network configuration menu opens.

4. Select V Virtual interfaces and hit Enter.

The Virtual interfaces menu opens.

5. Select 1 DEFAULT_INTERFACE and hit Enter.

The Virtual interface name menu opens.

6. Change the name if you want and hit Enter.

The Physical interfaces menu opens.

7. In this menu, the network interface controllers are listed (in the example below there is only
one). To select/unselect a physical interface, press Space to tick/untick it, the star indicates
the selected interface(s).

8
 Basic Network Configuration

Hit Enter to confirm the use of the interface. The IP addresses list menu.
8. Select the default IP address 1 192.168.1.1 255.255.255.0 and hit Enter.

The IP addresses configuration menu.

9. Edit the Address and Prefix/Netmask fields as needed.

Click on OK to save your changes. The IP addresses list menu opens again. Select E EXIT
and hit Enter until you get back to the Network configuration menu.
10. Select G Global configuration:

Hit Enter. The Global configuration menu opens.

11. Edit the Hostname if need be, edit the Default IPv4 gateway the 1st DNS resolver according
to your needs. You not need to define a Default IPv6 gateway for now.

Click on OK to save your changes. The Network configuration menu opens again. Select E
EXIT and hit Enter until you get back to the Main Menu.
12. Select C Commit modifications to system:

9
 Basic Network Configuration

Hit Enter to commit your configuration.

13. In the confirmation window, select Yes using the Y key:

Hit Enter to commit your choice. The configuration is being saved.

14. The last window opens:

Hit Enter to close the window.

Now your configuration is complete and you can access your SOLIDserver through the browser
of your choice. Make sure the browser version complies with the prerequisites mentioned above.

Using SOLIDserver For the First Time

The first connection to SOLIDserver follows a few steps: logging onto the appliance, defining for
which module you want to use the default behaviors and requesting a license.

Logging on SOLIDserver
No matter the browser you choose to use, to access SOLIDserver you need to follow the procedure
below:

on to SOLIDserver for the first time

1. Open your browser, in the URL field type in https://{IP address}. If you defined a name for
your SOLIDserver in your DNS, you can use its name.
2. Hit Enter. The browser displays a security warning prompting you to accept or reject
SOLIDserver certificate. If the default certificate is in use, warning messages appear stating
the certificate is not from a trusted certifying authority, and that the hostname on the certificate
is either invalid or does not match the name of the site.
3. Accept the certificate. SOLIDserver Login page appears.

10
 Basic Network Configuration

4. In the Login field type in ipmadmin. The default superuser login.

5. In the Password, type in admin. The default superuser password.
6. Click on OK . SOLIDserver Home page opens.

Setting the Main Modules Default Behaviors

Through the first use of SOLIDserver, you need to define which modules default behaviors you
want to activate.

Right after you validated your credentials on the Login page, the Home page appears. You need
to set the internal module setup. You can configure them later but we recommend that you set
them right away.

To define the main modules default behaviors

1. Once you logged in, the appliance Home page opens.

2. At the bottom of the SOLIDserver Configuration Checklist gadget, next to Internal module
setup, click on Configuration. The Internal module setup wizard opens.
3. To activate all the behaviors:

a. In the Architecture drop-down list, select IPAM.

b. Tick the Use DNS checkbox.
c. Tick the Use DHCP checkbox.

4. To activate only the DNS default behaviors:

• In the Architecture drop-down list, select DNS only.

5. Click on OK to commit your choice. The wizard closes. SOLIDserver homepage is visible
again.

At any point, you can change your mind and modify what you selected in that wizard through the
Settings menu that appears on every page of SOLIDserver (Settings > Expert > Internal Module
Setup).

Requesting and Adding a License

When you first connect to SOLIDserver, so now that you have logged onto SOLIDserver and
made the internal module setup, you see the appliance homepage with its two gadgets. As you

11
 Basic Network Configuration

can see in the gadget on the left, the System information gadget, a it has no license so you only
have the Administration tab available. You need to request a license to EfficientIP and then add
it.

Indeed, the operating licenses provided by Efficient IP allow customers to manage SOLIDserver,
the appliance cannot be operated until a valid activation key is installed. Each activation key is
unique and specific to one SOLIDserver appliance. It means that an activation key generated by
EfficientIP for an appliance will not work for another.

To request a license

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System Information > Licenses. The Licenses page opens.
3. In the menu, select Add > Request license. The wizard opens.
4. Read the Software License Agreement and click on NEXT . The next page opens.
5. Copy the content of the Key field and email it to requestlicense@efficientip.com. In the email,
ask for a test license.
6. Click on OK to close the wizard.

Once EfficientIP license team has answered your request and sent you a license key follow the
procedure below.

To add a license

1. From the EfficientIP email response to your license request, cut the license key.
2. Connect to SOLIDserver using the superuser credentials.
3. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
4. In the menu, select System Information > Licenses. The Licenses page opens.
5. In the menu, select Add > License. The wizard opens.
6. In the License field paste the license key.
7. Click on OK to save the key. The homepage refreshes. In the System Information panel,
the license type is now modified and all the modules that come with your license are now
visible.

12
Part II. Graphical User Interface
Table of Contents
3. Understanding the GUI ................................................................................................ 16
The Appliance Homepage ....................................................................................... 17
The Modules ........................................................................................................... 18
The Breadcrumb ..................................................................................................... 18
The Menu ............................................................................................................... 19
Connected User Account Configuration ............................................................ 20
The Pages .............................................................................................................. 22
The Homepages ............................................................................................. 22
The Listing Pages ........................................................................................... 23
The Properties Pages ...................................................................................... 31
The Wizards and Pop-up Windows ................................................................... 33
The Tree View ......................................................................................................... 42
The Bookmarks ....................................................................................................... 43
The Global Search Engine ....................................................................................... 46
4. Dashboards and Gadgets ............................................................................................ 48
Introduction ............................................................................................................. 48
Dashboards .................................................................................................... 48
Gadgets ......................................................................................................... 49
Gadgets Library .............................................................................................. 55
My Gadgets .................................................................................................... 56
Statistics Page ................................................................................................ 56
Adding a Gadget ..................................................................................................... 57
Adding a Gadget from a Dashboard ................................................................. 57
Adding a Gadget from the Statistics Page ......................................................... 57
Adding a Gadget from a Properties Page .......................................................... 58
Assigning a Gadget ................................................................................................. 58
Handling a Gadget .................................................................................................. 59
Moving a Gadget ............................................................................................. 59
Collapsing or Expanding a Gadget ................................................................... 59
Hiding a Gadget from a Dashboard .................................................................. 60
Displaying or Hiding a Gadget from My Gadgets ............................................... 60
Creating New Gadgets ............................................................................................ 61
Creating a Chart ............................................................................................. 61
Creating a Top List .......................................................................................... 62
Creating a Quick Search .................................................................................. 62
Creating a Quick Wizard Gadget ...................................................................... 63
Creating a Bookmark Gadget ........................................................................... 65
Editing a Gadget ..................................................................................................... 66
Granting User Access to the Gadgets ....................................................................... 66
Configuring Read-Write Access to a Group ....................................................... 67
Setting Gadgets Visibility ................................................................................. 67
Enabling or Disabling a Gadget ................................................................................ 68
Enabling or Disabling a Gadget through the GUI ............................................... 68
Enabling or Disabling a Gadget through the Menu ............................................. 69
Deleting a Gadget ................................................................................................... 69
5. Customizing the GUI .................................................................................................... 71
Customizing SOLIDserver Login Page With an Image ............................................... 71
Uploading an Image to SOLIDserver ................................................................ 71
Displaying an Image on SOLIDserver Login Page ............................................. 71
Removing the Image Displayed on SOLIDserver Login Page ............................. 72
Customizing SOLIDserver Homepage Welcome Banner ............................................ 72

14
 Graphical User Interface

Editing SOLIDserver Homepage Banner Title .................................................... 73

Displaying an Image on SOLIDserver Homepage Banner .................................. 73
Removing the Image from SOLIDserver Homepage Banner ............................... 73
Hiding SOLIDserver Homepage Welcome Banner ............................................. 74
Displaying SOLIDserver Homepage Welcome Banner Again .............................. 74
Customizing the Interface Names and Fields ............................................................ 74

15
Chapter 3. Understanding the GUI
SOLIDserver offers a GUI that centralizes the management of the addressing/naming plan of IP
subnets, DNS servers, DHCP servers and so forth. Its purpose is to provide a simple, easy and
scalable interface enabling you to carry out all administrative tasks through a WEB interface:
managing IP addresses, managing DNS/DHCP services, etc.

SOLIDserver is composed of several modules:

• IPAM allows to manage IP addresses and addressing plans,

• DHCP allows to manage DHCP servers,
• DNS allows to manage DNS servers,
• NetChange allows to reconcile IP addresses with the real network ports connection,
• Workflow allows to set up a workflow between administrators and simple users that will drive
IP addresses processes deployment,
• Device Manager allows to get an overview of the stock of equipment and manage it,
• SPX allows to automate public Internet address registration,
• Administration allows, among other things, to administer the users rights and their delegations.

Each module is composed in the same way to ease the navigation: you will find common icons,
menus, be able to see where you are in the module thanks to the breadcrumb etc. First of all,
we will provide you with the useful elements that you will see all throughout the appliance and
then details each of the key elements to understand the GUI and use it efficiently.

The image below shows a typical listing page within SOLIDserver (the IPAM subnets management
page).

Figure 3.1. A Listing Page within SOLIDserver GUI

In spite of the separation of protocols within modules, they all share common icons numbered in
the image above:

1 This icon allows to go back to SOLIDserver home page from anywhere in the appliance.
2 This field allows to look for data within all the modules (except Administration). For more
details, refer to the section The Global Search Engine.
3 This button is present on every page at the end of the breadcrumb line. Click on it to book-
mark the page you are on. For more details, refer to the section Bookmark Engine.

16
 Understanding the GUI

4 This shortcut button is visible on the pages providing IPv4 and IPv6 management: the blue
color indicates that you are displaying IPv4 data. If you click on it, the IPv6 data page will
be displayed.
5 This gray shortcut button is visible on the pages providing IPv4 and IPv6 management; the
gray color indicates that you are displaying IPv4 data. If you click on it, the IPv6 data page
will be displayed.
6 This shortcut button is visible on almost any list and opens the addition wizard of whatever
object listed on the page. Note that on many pages it opens directly the by search addition
wizard.
7 This button is the Logout button. You will find it in the upper right corner of every module, it
allows to quickly log out of the current user session and login with different user credentials
for instance.
8 This button is visible everywhere within SOLIDserver and allows to open the tree view. For
more details, refer to the section The Tree View.

The Appliance Homepage

Once you are connected SOLIDserver homepage is displayed: it includes the Main dashboard
under the menu. This window includes the welcome banner that contains a title with a light gray
background and a dashboard containing gadgets that provide an overview of the most important
information regarding your appliance. Each module provides a dashboard on which you will be
able to add the gadgets of your choice. For more details, refer to the chapter Dashboards and
Gadgets.

Figure 3.2. The Homepage Default Descriptive Gadgets

System Information Fields Explanation

• Connected as indicates who is connected to SOLIDserver.

• Version indicates the version of SOLIDserver currently installed.
• Date displays the current local date and time of SOLIDserver.
• License Type indicates the kind of license you are using: Temporary (with the End date between
brackets) or Official i.e. with no end date.
• Manufacturer indicates the product manufacturer.
• Product indicates the type of product you are using: either hardware (with its size) or software.
• Serial indicates SOLIDserver hardware appliance serial number: 6 hexadecimal digits that
identify your appliance. The virtual appliances have a serial number (VMware - UID) that is
only visible on the All SOLIDserver page.

17
 Understanding the GUI

General Information Fields Explanation

• Services indicates the services provided by SOLIDserver: represents services currently

stopped, represents services running.
• Hostname indicates the hostname you defined for SOLIDserver.
• IP addresses indicates the IP address you configured to connect to SOLIDserver as well as
the virtual interfaces you might add.
• Default gateway indicates the default gateway you configured for SOLIDserver.
• SOLIDserver role indicates the appliance role as Standalone, Master or Hot Standby. The two
latest imply that your SOLIDserver is part of an appliance high availability (HA) configuration.
• Status indicates the HA Management status of the appliance, an appliance in Standalone is
always OK. As for appliances configured in HA, a can indicate that the configuration is
not working properly.

Both these gadgets provide a number of options and links, for more details refer to the section
Descriptive Gadgets of the chapter Dashboards and Gadgets of this guide.

The Modules
Each module that you can manage through SOLIDserver is represented in the GUI by a tab.
When you navigate between each module, the tabs will remember the last page that you worked
on so when you go back to a tab, the page displayed is the last one you visited. Within the GUI
the tabs indicate in which module you currently are, the lightest tab is the one open:

Figure 3.3. A Tab For Each Module

Each tab has its own graphic design to help you visualize the internal organization of the module:
the modules are all designed in the same way but the items listed all correspond to particular
icons that share different gradations of a common color in each module. For instance, IPAM is
a gradation of orange, DHCP of deep blue, DNS of red, etc.

The Breadcrumb
According to the tab previously selected, the breadcrumb, i.e. navigation bar, displays the module
internal tree.

Figure 3.4. The Breadcrumb

As you can see in the image above, the breadcrumb uses the graphic design of each module:
here the orange matches the IPAM tab color and the icons respect the module internal hierarchy
3 . The colored icon represents the page you are currently on 2 , here the All subnets page. The

house icon 1 allows you to go directly to the module homepage, in the procedures of this guide
it will be represented as follows: .

18
 Understanding the GUI

Keep in mind that the breadcrumb is a linear representation of the module hierarchy. Therefore,
once you are displaying the subnets of a space for instance, this space will be visible in the
breadcrumb.

Figure 3.5. The Breadcrumb: Useful Location Reminder and Access Provider

In the image above, you can see that the mouse pointer is not an arrow but a hand and that the
space name is underlined: each element of the breadcrumb is a link in essence. In this example,
the subnets of the block USA belonging to the Local space are listed. Once you click on Local,
you will access the properties page of said space: once an element is named in the breadcrumb,
clicking on the name opens its properties page. So in the image above you could access the
USA block properties page as well from the breadcrumb.

The Menu
The menu is displayed on every page but will vary according to the page you are on: the available
options change on each page. It allows you to perform specific actions, in the example below
you can add, edit, access tools, change display features and launch reports for th listed items.

Figure 3.6. The Menu

On every page of SOLIDserver you will always have access to three menus:

Preferences
This menu contains:
• Links toward the pages My Quick Wizards, My Smart Folders, My Bookmarks and the two
gadgets related page: Gadgets Library and My Gadgets.
• Links toward the account configuration through the My Account section. For more details
refer to the section Connected User Account Configuration below.
• Links toward the gadgets addition. The gadgets available will vary on each page, for more
details refer to the chapter Dashboards and Gadgets.
Settings
At the very least this menu will contain an Expert section that allows to access the Internal
module setup wizard. Otherwise, depending on the page your are on it might contain:
• Customize user fields: a link toward the Class Studio pop-up window to see the existing
classes defined for the objects listed on the page. For more details, refer to the section
Browsing the Classes Database.
• Default behaviors: a link toward the Default behaviors configuration wizard that allows to
display a number of behaviors (fields) within the edition wizards of the objects listed on
the page. For more details, refer to the chapter Managing Default Behaviors.
• Listing templates: a link toward the listing template configuration wizard that allows you to
choose which columns you want to display or hide on the current listing page. For more
details, refer to the section Customizing The List Layout.
?
This menu offers links toward two documents:

19
 Understanding the GUI

• Help opens SOLIDserver Administrator Guide in the version corresponding to your appliance
version in a new tab in your browser.
• About opens the License wizard that contains the Software License Agreement.

Within all modules - but the Administration module - you will find on the listing pages the Display
menu. This menu will be useful for a number of reasons:

• It provides links towards the other pages within a module.

• It provides a link toward IPv4 and IPv6 data in the IPAM and the DHCP modules.
• It allows you to access the template mode in the IPAM module or display the members of the
smart architecture servers in the DNS and DHCP modules.
• It allows you to select a listing template layout among the ones you created.

Connected User Account Configuration

From any page of SOLIDserver and at any time you can configure the different aspects of your
Account. This account is obviously the account of the connected user.

With version 5.0.3, the gadget My account preferences & configuration is available on the appli-
ance Home page. It provides the connected user with shortcuts: to access the Gadgets Library
and to edit the interface language.

Time and Date Configuration

From the Configure Time and Date Format you can change your time reference: either Local
time zone or UTC time zone and/or the date format : either day/month/year or month/day/year.

Note that the local time is based on the time zone of your browser whereas the UTC (Universal
Time, Coordinated) is the international standard for civil time and the Internet.

Note
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems.

To change your appliance time zone and/or date format

1. From any page of SOLIDserver, in the menu select Preferences > My Account > Set
Time/Date Format. The Configure Time and Date Format wizard opens.
2. In the Time zone drop-down list, select Local time or UTC-GMT.
3. In the Date format drop-down list, select mm/dd/yyyy or dd/mm/yyyy.
4. Click on OK to commit your configuration. The report opens and closes. You can see the
display change on the Administration syslog page for instance.

Listings Configuration

At any time you can choose how many lines to display on the listing pages or decide to alternate
gray and white lines in the listing one by one or three by three.

20
 Understanding the GUI

To change the list format and/or the number of lines displayed on the listing pages

1. From the menu, select Preferences > My Account > Set Format List. The Set List Format
wizard opens.
2. In the List line count field, type the number of lines you want to display.
3. In the List format field, select 1-1 or 3-3.
4. Click on OK to commit your changes. The report opens and closes. You can see the result
on any listing page.

Caution
The more you increase the number of lines displayed, the more the resources used
by SOLIDserver to display lines are important.

Language Configuration

By default, SOLIDserver is in English, but you can change the language following the steps below:

To set the GUI language from any page

1. From the menu, select Preferences > My Account > Set Language. The Change language
wizard opens.
2. In the Language list, select English, French, Spanish, German, Dutch, Chinese or Japanese.
3. Click on OK to commit your choice. The report opens and closes. SOLIDserver refreshes,
the GUI is in the selected language.

To set the GUI language from the gadget My account preferences & configuration

1. Click on the efficientIP tab to open the appliance Home page.

2. In the gadget My account preferences & configuration, click on Set Language . The Change
language wizard opens.
3. In the Language list, select English, French, Spanish, German, Dutch, Chinese or Japanese.
4. Click on OK to commit your choice. The report opens and closes. SOLIDserver refreshes,
the GUI is in the selected language.

Password Configuration

At any time if you were granted sufficient rights, you can edit the password used to connect to
SOLIDserver.

To modify the password

1. From the menu, select Preferences > My Account > Change password. The Modify user
password wizard opens.
2. In the Previous password field, type in the old password.
3. In the New password and Confirmation fields, type in the new password.
4. Click on OK to commit your change. The report opens and closes.

21
 Understanding the GUI

The Pages
SOLIDserver provides different kinds of pages depending on the objects managed or the actions
you can preform on them. Consequently, we can distinguish four "families" of pages within the
GUI.

The Homepages
Each module has its own Homepage. It contains buttons toward the module different pages
and the module dashboard that you can customize.
The Listing Pages
The most widely used kind of page: it is a list that provides an overview of all the data and
gives access to a number of actions to perform on the object summarized by the menus
available.
The Properties Pages
This page is accessed through a listing page. It can either be a simple reminder of all there
is to know regarding a particular element or it can provide additional information not displayed
in the listing page you came from. In that case, you will be able to set up very specific config-
urations (e.g. DHCP options).
The Wizards and Pop-ups Windows
Both these pages will appear above the other pages and provide you with fields and/or buttons
to make changes and commit them.

The Homepages
The homepage is the page that you will see the first time that you open a module. As it gathers
a number of buttons and menus that you will sometimes not find elsewhere in the module.

The homepage it has its own shortcut icon (the house) in the breadcrumb. The Setting menu is
particularly interesting on the homepage: it gathers specific links towards page that you can only
access form this page.

All the buttons are concentrated in a light gray area under the menu. Right under the buttons,
you will find the dashboard that allows you to customize your homepage with the gadgets of your
choice. Refer to the chapter Dashboards and Gadgets for more details.

Figure 3.7. The IPAM Homepage

Keep in mind that from every homepage you can access a page from its button, the Display menu
or directly through the breadcrumb. For instance, to open the All spaces page, you can click on
the Spaces button or on All spaces in the breadcrumb or through the menu by selecting Display
> All spaces.

22
 Understanding the GUI

The Listing Pages

The listings pages are the most common pages within SOLIDserver: they provide an overview
of all kinds of objects. Each object (subnet, zone, scope, etc.) is listed separately in a table
composed of lines and columns. This choice of display allows to sort by ascending or descending
order the data in each column by clicking on the name of the column. There is no limit to the
number of objects on a page. However as the data is displayed on a table, to ease the navigation
through all the data, the items listed might be divided into different sub-pages. In this case, you
will find the sub-page number above the columns name to help you see at all times where you
are and what you are seeing or managing.

In the example below, you will see the list of all the IPv4 subnets of the space My_Company
sorted through the Address column:

Figure 3.8. The IPv4 Subnets List

SOLIDserver Listing Page Useful Tips

Links On Every Page
As you can see in the example above some information is underlined and in bold and
some is not. All the underlined data is in fact a link that allows you to display the content
of each element: in this case clicking on 10.0.0.0/24 will open the subnet and display all
the addresses it contains. On other pages, the link could allow you to access another
module or another list within the module (in NetChange for instance). However, once
you are in the smallest element of a particular module (the addresses in the IPAM, the
RRs in the DNS, etc.) this link will allow you perform all kinds of actions on the element:
assign an IP address, open an IP address properties page, open the RR edition wizard,
etc.
Objects Count

Figure 3.9. Useful Buttons on Any Listing Page

As there is no limit to the data listed on SOLIDserver listing pages, the GUI provides
some key fields, buttons and areas:

1 This button allows you to display the fist sub-page of data.

4 This button allows you to display the next sub-page of data.
3 In the light blue square, you can see the sub-page, you are currently on.
4 This numbered dark buttons indicate that there are more than one page. Click on
one of them to access the page, here the third listing page.

23
 Understanding the GUI

2 This button allows you to display the next sub-page of data.

5 This button allows you to display the last sub-page of data.
6 The Result value corresponds to the number of objects listed in total if there is no
filter applied. Once you filtered, it displays the result of the filtered research.
Data Management Tips
All the objects displayed in the listing pages are listed separately. Each item can be se-
lected thanks to a checkbox. Therefore you can select one by one the items you want
to manage.

Keep in mind that you can use the SHIFT key on your keyboard to select a set of suc-
cessive items: select the first item, press the SHIFT key, select the last item you want
and release the SHIFT key.

Moreover the checkbox located above the list, left of the first column search engine, allows
you to select at once all the items counted in the Result. If the list is filtered, checking
this box will select all the items listed in the search result. If there is no filter applied to
the list, all the objects listed will be selected on every sub-page and no matter how many
sub-pages there are.
DNS/DHCP Smart Architectures special Display
Both DNS and DHCP modules provide the smart architecture management of physical
servers. A smart architecture, once added, will behave and be displayed like a physical
server. Therefore, the physical server(s) it manages will not be visible in the list which is
why, on DHCP and DNS listing pages you will find the Show / Hide smart members button.
Clicking on it will either display or hide the physical server(s) the smart architecture is
managing.

Figure 3.10. The Show / Hide Smart Members Button On DNS And DHCP Listing Pages

Within the guide this button will be represented as follows: .

Filtering a List Using the Columns

All the data listed on most SOLIDserver pages can be filtered one column at a time or using
several columns. This column filter allows you to perform custom searches through each column
search engine field. Therefore you can include or exclude certain criteria when looking for partic-
ular data. It is possible to perform a search with multiple criteria on one or several columns at
once. The table below describes everything you need to know before filtering a list:

Figure 3.11. Filtering Tools

1 This icon allows you to unset altogether the filters applied, no matter how many filters were
set.
2 This arrow indicates that the list is sorted through the Address column in ascending order.

24
 Understanding the GUI

3 The underlined column names indicate that you can sort the column data in direct/reverse
alphabetical order.
5 These fields allow to type in the data you are looking for the in the column: it is the column
search engine. If this field is not visible, you cannot filter through said column, you might
only be able to sort.
4 This button allows you to apply the filter using the data entered in the column search engine.
You can also hit Enter to perform a filtered search.

To filter data using the columns

The procedure below describes how to filter a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.

1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. In the search engine field of the column of your choice, type in the data (string) that suits
your needs.
3. Click on SEARCH to perform the search.

Keep in mind that there is number of operators that will help you center of widen your search.
The following table lists the available operators that you can apply to filter the listed data: keep
in mind that you can put a space between the operator and the string as well.

Table 3.1. Filtering Operators

Expression Description
string contains string
~string contains string
^string starts with string
=string strictly equals string
>string greater than string
<string less than string
>=string greater or equal to string
<=string less than or equal to string
!=string strictly different from string
!~string does not contain string
=# empty column
!=# OR !~# column containing data
* string ends with string - the space between the string and the operator is
compulsory.
!~*string not end by string
string* begins with string
!~string* not begin by string
expression1 expression2 expression1 and expression2 on the same line.
expression1 & expression2 expression1 and expression2 on the same line.
expression1 | expression2 expression1 or expression2 in the same column: the lines matching
either data in the column will be displayed in the result.

25
 Understanding the GUI

You can also automate the search using the Filter constructor: double-click in the column search
engine field to display it and configure your search.

Figure 3.12. Example of Filter Constructor: on the DHCP Servers Status Column

As you can see in the example above the filter constructor indicates the different types of statuses
available for the DHCP servers. The drop-down list on the left allows you to choose the action
to perform on the string you will type in the field on the right (see next image for more details).
To look for different strings at once click on the plus button 3 and in the new field type in the
data you want to find or avoid. In the same way, to remove a string click on the minus button 2
that will be located on each new line. Then click on APPLY 1 or hit Enter to perform the search
using the filter(s) you just configured.

Figure 3.13. Overview of the Filter Constructor Operators

Depending on the objects listed on the page, you might find a list of checkboxes like for the
servers statuses we saw earlier or only one checkbox called Top occurrences, if you check it you
will display the most used values in the column and how many times they appear.

Figure 3.14. Example of the Filter Constructor Top occurrences: on Device Manager Ports & Interfaces MAC
Vendors Column

On some pages, you might have columns dedicated to the Date or to time and date. These
columns provide specific filtering operators:

Figure 3.15. Time and Date Dedicated Filter Constructor Operators

In addition, some keywords allow you to filter the list using specific dates or whole periods of
time. This filter is based on UTC time. The keywords are listed in the table below.

26
 Understanding the GUI

Table 3.2. Available Commands on Date Related Columns

Expression Description
date The date of your choice. It should be types in according to the time
and date format of your appliance: dd/mm/yyyy or mm/dd/yyyy.
You can also use the month written in full letters: dd <month> yyyy
or <month> dd yyyy.
today The results only include data matching the day (date) of the search.
now The results only include data matching the time and date of the
search.
yesterday The results only include data matching the day before the date of
the search.
last The results only include all the data matching the day, week, month
or year prior to date of the search.
n period ago The results only include data matching the number of day, week,
month, year prior to date of the search.
day of the week Any day of the week can provide a filter like last <day-of-the-week>
or n <day-of-the-week> ago. The column search engine is not case
sensitive.
day This keyword allows to set a number of days prior to the search if
used with the ago keyword. You can use it in singular or plural (day
or days) but only in English.
week This keyword allows to set a number of weeks prior to the search
if used with the ago keyword. You can use it in singular or plural
(week or weeks) but only in English.
month This keyword allows to set a number of months prior to the search
if used with the ago keyword. You can use it in singular or plural
(month or months) but only in English.
year This keyword allows to set a number of years prior to the search if
used with the ago keyword.You can use it in singular or plural (year
or years) but only in English.

Sorting a List Using the Columns

SOLIDserver makes it possible to sort by ascending or descending alphabetical order the inform-
ation contained in each column by clicking on the column name. Only one list can be sorted at
time. By clicking twice on the same name, you change the sorting order. Keep in mind that the
order will respect the ASCII alphabetical order: the digits will appear first, followed par capital
letters in alphabetical order and finally the small letters.

Figure 3.16. Ordering Tools

27
 Understanding the GUI

To sort the data listed through a column

The procedure below describes how to sort a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.

1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. If you click on Name 2 , the listing will be sorted in the alphabetical order of the subnets
name. If you click on Name 2 again, the list will be sorted in reverse. The blue arrow 3
symbolizes the sorting order.

This method is really efficient to sort the list according to your needs, for instance filter data
through the Size 1 column to display first the largest subnets.

Keep in mind that if a column contains too much data it cannot be sorted anymore. In this case,
the blue arrow next to the column name will be replaced by a red cross like 1 in the example
below.

Figure 3.17. A Red Cross Indicates That You Cannot Sort a Column Anymore

Customizing The List Layout

SOLIDserver allows users to select different layouts of listing pages. Layouts are stored in column
templates and allow to display, hide and order the columns of the listing page. Only a user be-
longing to the admin group can create, update and remove a template.

By default, each listing has a default listing template, if you choose it when editing a page listing
template, you will overwrite the default setting and will not be able to get it back, unless you know
which columns you chose to add or remove and edit it. So we strongly advise that you create
new templates rather than modifying the default one.

Columns corresponding to class objects can also be added to those already available in the listing
templates. These columns appear in the format Class param: <object label>.

To create a new listing template

The procedure below describes how to sort a list through one column using the IPAM All subnets
page as an example. You can follow this procedure on any other listing page.

1. Go to the IPAM tab, click on the All Subnets level in the breadcrumb. The All subnets page
opens.
2. In the menu, select Settings > Listing templates. The configuration wizard opens.
3. In the Action drop-down list, select New template. A next field appears.
4. In the Name field, type in the new template name.
5. Click on NEXT . The <Objects> lists configuration page opens.
6. The page allows editing the list of the Hidden columns and the list of the Displayed columns:

• To add a new column in the displayed list, select it in the Hidden columns list and click on
.

28
 Understanding the GUI

• To remove a displayed column, select it in the Displayed columns list and click on .
• To change the order of the columns on the page, select one by one the columns you want
to move in the Displayed columns list and place them where you want using and .

7. Click on NEXT . The last page of the wizard opens.

8. In the Filter class type drop-down list, you can either select one of the filters available or
None. The available filters allow you to automatically apply a layout template of column ac-
cording to a specific class.
9. Click on OK to commit the listing template creation. The report opens and closes. The list is
visible again. Keep in mind that the default listing template is still displayed. Refer to the
procedure To display a listing template for more details.

To display a listing template

1. Go to any page for which you created a listing template.

2. In the menu, select Display > Listing Templates > template of your choice.The layout displays
only the columns configured for the selected template.

Note that from any module homepage, except the Administration tab, you can create listing
templates through the menu Settings > Listing templates configuration > available page.

To modify an existing listing template

1. Go to any page for which you created a listing template.

2. In the menu, select Settings > Listing templates. The configuration wizard opens.
3. In the Action drop-down list, select Edit: template of your choice.
4. Click on NEXT . The <Objects> lists configuration page opens.
5. In the Hidden columns and Displayed columns lists, modify the columns you want to display
and their order (visible in the Displayed columns list).
6. Click on NEXT . The last page of the wizard opens.
7. In the Filter class type drop-down list, you can select None or change the class previously
selected.
8. Click on OK to commit the listing template changes. The report opens and closes. The list
is visible again.

Warning
When you edit a template, your update will be applied to all user.

To rename a listing template

1. Go to the homepage of any module for which you created a listing template. If the homepage
is not displayed, click on .
2. In the menu, select Settings > Listing templates management. The Listing Templates
Management page opens. This page contains several panels: one for each list in the module.
3. Open the panel that contains the template you want to rename.
4. Select the name of the template to rename.

29
 Understanding the GUI

5. Click on RENAME . The Rename template wizard opens.

6. In the New Name field, type it the new template name, it will overwrite the current one.
7. Click on OK to commit your change. The report opens and closes. The Listing Templates
Management page is visible again, the new name is displayed.

To delete a listing template

1. Go to the homepage of any module for which you created a listing template. If the homepage
is not displayed, click on .
2. In the menu, select Settings > Listing templates management. The Listing Templates
Management page opens. This page contains several panels: one for each list in the module.
3. Open the panel that contains the template you want to delete.
4. Select the name of the template to delete.
5. Click on DELETE . The Delete template wizard opens.
6. Click on OK to delete the template. The report opens and closes. The Listing Templates
Management page is visible again, the template is no longer listed.

The Multi-Status Column

With version 5.0.3, SOLIDserver introduces the Multi-Status column in all the modules. It gathers
useful status and state information regarding an object itself or the configuration within the module.

It is displayed by default on all the DNS module pages and concerns Hybrid compatibility at each
level of the hierarchy. In the DHCP, it is displayed by default on the All servers and All failover
channel v4 and v6 pages to provide in real information regarding the failover configuration between
servers. As for the other pages, you can add it through the Listing template configuration wizard
as explained in the section Customizing The List Layout.

Multi-status provides messages divided into 6 levels of severity. Each message and level of
severity is specific to each object.

Table 3.3. Multi-Status Column Description

Severity Color Description
Emergency Red The object configuration prevents the system from
running properly. Action is required.
Critical Orange The object configuration is in critical conditions. Imme-
diate action is recommended.
Error Yellow The object configuration failed at some level. Action is
recommended.
Warning Blue The object configuration will trigger error messages if
no action is taken. Action to be taken at your discretion.
Notice Light blue The object configuration is normal but undergoing
events that might trigger errors. No immediate action
required.
Informational Gray The object configuration is normal, operational mes-
sages (might inform you about potential incompatibilit-
ies with other modules, etc). No action required.

30
 Understanding the GUI

A colored square appears on the line of the object it applies to. It contains a number that corres-
ponding to the total amount of messages matching the severity. Put your mouse over the square
to display all the messages and deal with them if need be.

Each module contains a set of dedicated message numbers: IPAM from 0 to 999, DHCP from
1000 to 1999, DNS from 2000 to 2999, NetChange from 3000 to 3999, Device Manager from
4000 to 4999, Workflow from 5000 to 5499, VLAN Manager from 5500 to 5499 and finally Admin-
istration from 9000 to 9999. The message number precedes the message itself.

The Info Bar

On every listing page, SOLIDserver provides the Info Bar. This tool is a shortcut in essence toward
editing listed objects, accessing the properties of an object or filtering the list using a particular
column. To use this tool, you have to put your cursor over the data you want to handle. After one
second, the Info Bar will appear under the column entry of your choice and above the list:

Figure 3.18. The Info Bar

1 This shortcut button allows you to go to the current element properties page.
2 This shortcut button allows you to open the object editing wizard. This is basically the same
wizard than the one you open from the object properties page through the Main properties
panel EDIT button.
3 This button allows you to display a chart right over the page. The chart differs from a page
or object to the other. For instance, from the DNS servers page it displays a server statistics
chart. No matter the object, if a chart is available for an object, it is also displayed on the
properties page.
4 This button allows you to visualize quickly in a table under the Info Bar the most important
information regarding the object.
5 This button allows you to filter the list using the value over which you put the cursor: name,
IP address, etc.

The example above displays the full Info Bar with five available buttons. Most of the time you
have four buttons, at the very least the Filter button will be available on a standard listing page.

The Properties Pages

The properties page is a very useful page when it comes to gathering all the information regarding
a particular objects (server, subnet, zone, user, scope, etc.) and configuring or modifying the
configuration of said element. Not all listing pages offer access to a properties page as some of
them will gather all the information in the list, especially in the Administration module, for instance
the pages accessible through My Preferences menu.

The properties page display is different from a listing page: it is composed of a number of panels
that always respect the following criteria:

• A properties page always contains a Main properties panel.

• The Audit panel is common to the IPAM, DNS and DHCP elements and indicates every changes
made on the object, by whom and when.

31
 Understanding the GUI

• All the panels that you can edit have an EDIT button embedded that allows you to access a
wizard.
• All the objects belonging to the same module and level of hierarchy (like the IPAM subnets,
the DNS servers, etc.) will share a common set of panels. The options that you choose to apply
to one but not the other might add a panel or simply change the value displayed in it.

Figure 3.19. Example of the Properties Page of a DNS Name Master Zone

1 This button allows to display or hide all the panels at once.

2 This is what an open panel looks like. In this example, the screenshot displays the default
display of a zone properties page: the first time you access a properties page, the Main
properties panel is always open providing an overview of the main information regarding
the object.
3 This is what a closed panel looks like: only the panel name is visible. You can open one
panel using the button .
4 The EDIT button is present at the bottom of each and every open panel that you can modify.
It opens an edition wizard of the object parameter. In this example, the Access control
panel edit button will open a wizard to modify the configuration of the allow-query, allow-
transfer and allow-update limitations and access authorizations to query the master zone,
transfer the zone data or update the zone.

As you can see in the example above, the properties page of a name master zone allows you to
display the information regarding the zone divided into panels: Main properties, Default behavior
properties, Name servers, Forwarding, Groups access, Ticket, Notify, Access control, Sources,
Sources V6, State log and Audit. Each panel (except the State log and the Audit) contains an
EDIT button to configure the zone according to your needs. Obviously, the panels will differ for
every object and every module but this example gives you an overview of the information available
on a properties page.

Note that some pages within SOLIDserver use the properties page display but do not display
properties: the Listing templates Management for instance that you can access from any homepage
through the Settings menu.

32
 Understanding the GUI

The Wizards and Pop-up Windows

Within SOLIDserver there are two types of pages with a different behavior: the wizard and the
pop-up window. They both open above any displayed page.

The Wizards

The wizard is a key element of the GUI as it is present on every page to add, edit, delete or
configure all the objects that you will manage through the appliance. Its title will remind you of
the action your are performing on the page.

Understanding the Wizards

The wizard is composed of a number of buttons and fields that you need to understand before
using SOLIDserver at its best potential. The content of a wizards varies according to the actions
and configuration that the wizard enables. We will detail the common fields and options that the
wizard provides in SOLIDserver GUI.

Note that we will not detail the buttons of the wizard as they are self-explanatory and always
mentioned within each procedure in this guide.

Standard Fields
Using the screenshot below we will describe the fields that you will always find in a wizard.

Figure 3.20. IPv4 Subnet Addition Wizard

1 The pushpin icon is present on every wizard. It allows to save the current page in a
quick wizard. For more details, refer to the section Quick wizards below.
2 The cross button allows to close the wizard and cancel whatever configuration or changes
you were doing.
3 This section is a location reminder located on the left down corner of the wizard. It is
especially useful when adding objects to an existing space, server, etc. As you can see
in the example above, it indicates the block you selected in a previous step - start IP
address/prefix (name) - as well as the selected class - class name or none - and finally

33
 Understanding the GUI

the start address of the subnet you need to name and finish configuring before ending
the process.
4 The fields are present on all the wizards that allow you to configure objects. They might
have different colors: a blank white field indicates that you need to type in the value of
your choice, the field you are working on is surrounded by an orange line. If the field
background color turns orange, it indicates that you typed in an error (syntax error). If
you do not correct it you will be able to continue configuring or save any changes made
through the wizard. All the fields in which you need to type in data are referred to as
field in this guide.
5 The star icon indicates that a field/parameter/option is required. If you leave the field
blank you will not be able to go on with the configuration. If the field or drop-down list
has a default value, it will be selected and applied, if you do not change it, when you fi-
nally click on OK on the last page of the wizard.
6 The drop-down list field contains a down arrow that indicates that you might have a list
of values to choose from. Click on the field to display the list. We will refer to this kind
of field as a drop-down list in this guide.
7 This gray field is a read-only section of the wizard: you cannot edit it. In the case of our
example it is a sum of the basic information regarding the subnet being created. In
other cases you might find simple fields in light gray, they cannot be edited either but
are displayed as a reminder of the main information to remember, especially when
editing an object.
8 The checkbox is present on a number of wizards to configure particular parameters. It
will be located right or under of the field name and can be ticked or unticked according
to your needs. Note that ticking the box might reload the page. When located before a
field name, it will open a section with additional parameters to configure.
9 This information section might be located above or under the field it describes to guide
you in the configuration.
The PREVIOUS button allows to go the previous page to check what you configured on
these pages while keeping the change you just added to the current page. Once you
went back to a previous page, click on NEXT to go ahead in the configuration steps.
The OK button indicates that you are on the last page of the wizard. Clicking on it saves
and applies, in other words commits, the changes made through the wizard.
The CANCEL button, like the cross button, allows to close the wizard and cancel whatever
configuration or changes you were doing.

Every action within SOLIDserver opens a wizard. In particular the deletion process of any
object. Here below, you will find the most used wizard of all: the deletion confirmation wizard.
The GUI will also provide more information in the WARNING message section if needed.

34
 Understanding the GUI

Figure 3.21. Standard Deletion Confirmation Wizard

1 The warning message contains key information regarding the action you are performing
on an object, you must take into consideration before going further.
Additional Icons
The configuration and edition wizards will provide extra information icons embedded in the
page. These icons will open a window containing more detailed information to help with a
through configuration of the object. The DNS zone edition wizard is a good example:

Figure 3.22. DNS Zone Edition Wizard

1 The question mark icon is located after a field name and provides additional information
regarding the field and the particularities of the configuration.
2 Once you put your mouse over the question mark, a window opens above the wizard
with the relevant information to help you set the field parameter.

35
 Understanding the GUI

Additional Pages
SOLIDserver provides a tool to customize almost every resource through classes. If you or
your administrator configured classes for any resource, you might see a page, similar to the
one below, when adding or editing resources.

Figure 3.23. Classes Dedicated Page

As you can see, a <resource> class list is displayed, it allows users to select one of the
classes configured by the administrator or None. Once a class is selected, there will probably
be a set of additional fields and pages in the wizard that will not be detailed in the procedures
as they are specific to every appliance customization configuration. For more details, refer
to the Class Studio chapter of this guide.
Configuration Lists
In a number of wizards you will find configurations lists. That is to say a set of two lists that
gather all available data and allow you to choose a set of value from a large list. They usually
go in pairs: Avialable/Selected or Hidden/Displayed. The listing template configuration is a
good example of such lists:

Figure 3.24. DHCP Scopes Listing Template Configuration Wizard

36
 Understanding the GUI

1 This field is a list in essence that displays all the available columns that can be chosen
from. In this case, the columns that can be displayed on the All scopes listing page. You
can select every line that you want one by one and move them to the second field
(Displayed columns).
2 Once you selected a value in the first field, click on this button to move it to the second
field. You can also double-click on the line to move it to the other list. In this case, you
would add columns to the listing template display of the All scopes listing page.
3 This field is a list in essence that displays all the columns that are selected and kept in
the configuration. In this case, the columns that will be displayed on the all scopes listing
page. You can select every line that you want to remove one by one and move them to
the first field (Hidden columns).
4 Select a line (value) in the second field, click on this button to remove it from the list and
put it in the first field. You can also double-click on the line to move to the other list. In
this case, you would remove columns from the listing template display of the All scopes
listing page.
5 This button allows you to move up a value in the list and manage the order of the values
listed. The order displayed before you click on OK is the one that is saved. In this case,
the order of the values will correspond to the order of the columns displayed on the all
scopes page.
6 This button allows you to move down a value in the list and manage the order of the
values listed.
Management Fields and Buttons
Some wizards are management tools that provide within the window a list of values that you
can manage (modify or delete). These fields are all the more important as they are very
helpful when it comes to configure quickly key parameters like a virtual interface:

Figure 3.25. Management Wizard Page

As you can see in this wizard, the IP addresses list contains two IP addresses. Such a list
located under a set of configuration fields indicate that you can manage the values listed
from the wizard. Indeed, you can select one of the lines and modify or delete them one by
one.

37
 Understanding the GUI

Figure 3.26. Management Wizard Page When Modifying Data

1 Once you selected the item of your choice in the list at the bottom of the wizard page,
you can modify the value of any field displayed in white. In this case, you would be able
to modify the value of any of the following fields: IP address, Netmask, Specific route,
802.1q number and VIP service.
2 Click on this button to save your changes and overwrite the former configuration. Then
follow the wizards steps ( NEXT or OK ) to commit the changes.
3 Click on this button to delete the line i.e. the whole set of values displayed in the fields
that correspond to the selected line. In this case, the line 10.0.30.171-255.255.0.0 gw:
tag: vip: vhid: would be deleted. To delete data in a field, select it in the field use the
keyboard to delete the value. Then follow the wizards steps ( NEXT or OK ) to commit the
changes.
4 Click on this button to discard any changes made in the fields and be able to select
another line or add a whole new set of data, see the same page as the image Manage-
ment Wizard Page above. In this case, it would allow you to add a new interface.
5 The blue color indicates that the line has been selected to be modified or deleted. During
the modification, it turns gray.
Autocompletion Fields
Some wizards provide autocompletion fields to make the configuration faster and easier.
There are actually two kinds of auto-completion methods within SOLIDserver: the manual
one and the automated one.
Manual Autocompletion Field
The manual autocompletion field is signaled by a SEARCH button embedded in the
wizard page.

38
 Understanding the GUI

Figure 3.27. DNS Server Addition Wizard

1 This field is configured to provide manual completion as indicated by the presence

of the search button under it. In this field, type in the name of a host to find its IP
address. While you are typing in the name, the field turns orange.
2 Click on this button to retrieve and display the IP address of the host in the field.
The field turns back to white.

As you can see in the example above, the autocompletion option is available for the IP
address field.This option relies on a basic DNS query to find the corresponding IP address
and allows you not to learn the IP addresses by heart.
Automated Autocompletion Field
The automated autocompletion field is a very useful field that will offer a set of matching
values to the data you entered in the field. A good example of an automated autocomple-
tion implemented in a field of SOLIDserver is configuration of a DHCP range:

Figure 3.28. DHCP Range Addition Wizard

39
 Understanding the GUI

1 There is no indicator of the autocompletion fields. In this field, type in the value you
are looking for and a list of matching items will be provided. If only one value corres-
ponds to the data entered, the list will not appear and the matching value will be
displayed. The autocompletion will return an orange field if no values match the
data you type in the field.

The automated autocompletion tool will either return a list or a single matching value. In
the case of our example, a set of the commonly used ACL are saved in the database to
provide a list in the field and help you configure your range.

Saving a Wizard

Each wizard page can be saved using the pushpin button. This page and the data you typed in
or selected is saved within a quick wizard. The quick wizard is an extra feature offered by
SOLIDserver that allows you to go back to a configuration at any time and from any page.

All quick wizards are saved and listed on the page My Quick Wizards of the Administration
module. A quick wizard is a shortcut in essence that will open the wizard in the corresponding
module.

To access My Quick Wizards page

• From anywhere in the appliance, in the menu select Preferences > My Quick Wizards. My
Quick Wizards page opens.

There are three ways to access the wizard: through a quick access, a shortcut embedded in the
Quick Wizard gadget or through My Quick Wizards page. The creation wizard will allow you to
set the type of quick wizard that suit your needs.

To create a quick wizard

1. From any wizard page, click on . The Adding a Quick Wizard page appears.
2. In the Name field, name the quick wizard.
3. In the Module drop-down list, select a Quick Access to create a shortcut through the Prefer-
ences menu or a module to include a shortcut toward the quick wizard you are creating in
the quick wizard gadget. For more details, refer to the chapter Dashboards and Gadgets.
4. In the Description field, you can type in a description.
5. Click on OK to commit the creation. The report opens, the wizard closes. The page you
where on appears again. The quick wizard is listed on the Quick Wizards page.

Whatever the value you selected in the Module drop-down list, the quick wizard is listed on My
Quick Wizards pages. This page allows you to manage the quick wizards more thoroughly. It
contains five columns to organize the list as you please (you can sort of filter them):

• Name displays the quick wizard name. If you click on a name, the Edit a Quick Wizard wizard
opens and allows you to rename the quick wizard, add or remove a description, add or remove
the quick wizard from the dashboard of the module of you choice (or even make it a shortcut
within the quick wizard gadget and a quick access shortcut through the Preferences menu)
and finally change its visibility settings.
• All users indicates if you share the bookmark visibility with other users or not (yes or no).
• Description displays the description you might have added to the quick wizard among creation
or edition.

40
 Understanding the GUI

• Dashboard indicates the module dashboard on which you decided to display the shortcut in
the Quick Wizard gadget. For more details regarding the Quick Wizard gadget, refer to the
section Creating a Quick Wizard Gadget of the Dashboards and Gadgets chapter of this guide.
• Access contains the Access link toward the wizard saved through the quick wizard.

Figure 3.29. My Quick Wizards Page

If you created a Quick Wizard gadget, My Quick Wizards page will allow you to modify it. Editing
the quick wizard gadget through My Quick Wizards page basically allows to assign the quick
wizard buttons one by one to the gadget displayed. In other words, it allows to choose on which
dashboard you want to display the shortcut toward a particular quick wizard.

To add a quick wizard gadget from my quick wizards list

1. From any list, through the menu, select Preferences > My Quick Wizards. My Quick Wizards
page opens.
2. Click on the name of a Quick Wizard you want to add to the Quick Wizard gadget. The Edit
QuickWizard wizard opens.
3. In the Available list, select the module you want the Quick Wizard to be displayed on.
4. Click on . The module is now in the Configured field. You can repeat this action for every
additional Quick wizard gadget you want the Quick Wizard to be displayed in. If you list a
dashboard on which the gadget has not been created yet, it will be created and displayed
on the selected dashboard.
5. Click on OK to commit the creation. The report opens and closes. The Quick Wizard is in-
cluded in the Quick Wizard gadget of the dashboard(s) you selected.

This page also allows you to delete or define the visibility of several quick wizards shortcuts at
once. Note that there is no quick wizard properties page as all the information is displayed on
the page directly.

The Pop-up Windows

The pop-up window appears mostly when there are configuration errors: for instance, you just
selected an action through the menu without selecting the objects it is supposed to apply to. Or,
on the contrary, you selected two many elements at once for the chosen option. It will always
contain a question or a statement with an OK button that you will use to commit your choice or
close the window.

Caution
To use SOLIDserver to the best of its potential, make sure your Internet browser is
not configured to block pop-up windows.

However, there are some modules and pages in which the pop-ups are not error related: in the
Administration module the Groups page and Class Studio, use pop-up windows to configure

41
 Understanding the GUI

group and classes respectively. In the same way, to assign an IP address in the IPAM, you need
to click on it and confirm via a pop-up that you mean to assign it.

The Tree View

SOLIDserver is a highly structured and hierarchical application. The Tree View allows you to
visualize and access data with a totally different philosophy: it implements a visual tree symbol-
izing the most important data regarding DHCP, DNS, IPAM, smart folders, bookmarks and user
groups. The tree view represents all the information added in the DHCP, DNS, IPAM modules
and on the pages My Smart Folders, My Bookmarks and Groups of the Administration module.

Figure 3.30. Overview of the Opened IPAM Section in the Tree View

1 This button allows to open or close a section: this one indicates the section of the tree view
is closed.
2 This button allows to open or close a section: this one indicates the section of the tree view
is open.
3 This icon indicates that a branch of the tree view hierarchy is open. If you click on it you will
open the branch and display its hierarchical content.
4 This icon indicates that a branch of the tree view hierarchy is closed: it is a link toward the
content of the listed data. In this example, if you click on the block address you will access
the list of subnets of the block FR of My_Company space in the IPAM module.
5 The last element of the displayed hierarchy, preceded by a dotted line: it is a link toward the
listed data. In this example, it provides access toward the IP addresses list of the subnet
test of My_Company space in the IPAM module.
6 This button allows to refresh a section of the tree view.
7 This button is called the tree view button and allows display the tree view. You can also click
on it to drag open or closed the tree view according to your needs. Click on it and move
rightward to widen the tree view and leftward put it back to its default size.

The tree view is composed of several sliding panels. By clicking on one of them, you will open
the data it contains. If you click on a branch, you open the data it contains. You can perform a
number of actions from the tree view.

42
 Understanding the GUI

To open the tree view window

1. Put your mouse over tree view button in the lower left corner of SOLIDserver GUI. The Tree
view window opens.
2. Click on the section name of arrow button to open it, display its hierarchy and access the
page of your choice.

The Bookmarks
To access different product resources with a simple click, SOLIDserver provides a bookmark
engine. Based on the web browser's philosophy, it allows you to save any pages you want as a
bookmark.

Once saved, bookmarks are saved in the My Bookmarks page and accessible from the Tree
View module (for more details, refer to The Tree View section). Any page can be bookmarked,
even a listing page displaying filtered data, it allows you to make customized bookmarks according
to your needs.

Figure 3.31. Bookmarks in the Tree View

If you click on a bookmark - here the third IPAM bookmark in the example above, Blocks allocated
more than 10% - you can see all the blocks used at least at 10% of their total capacity.

Figure 3.32. Page Accessed through a Bookmark

To bookmark a page

1. From any page within SOLIDserver, click on at the end of the breadcrumb. The Bookmark
this page wizard opens.
2. In the Name field, rename the bookmark if need be: by default a bookmark is named Module:
Page. This field is mandatory.

43
 Understanding the GUI

3. The Bookmark Folder field allows you to put your bookmark in a directory and organize the
final display in the tree view. The name you type in will create the folder. If you already created
folders, click on SEARCH to display the list of existing bookmarks folders and select the one
you need.
4. Tick the Add to the Bookmark gadget checkbox if you want to add the bookmark to the
1
bookmark gadget.
5. Tick the Share with the other users checkbox if you want this bookmark to be visible to any
user in the Tree View. If you leave it unticked, you will be the only one to see the bookmark.
6. Click on OK to create your bookmark. The report opens and closes. The page is visible again
and now it is marked . The bookmark is now listed in the Tree View and on My Bookmarks
page.

To access a bookmarked page through the tree view

1. From any page within SOLIDserver, open the Tree View.

2. Open the section My Bookmarks.
3. Click on the folder that contains the bookmark you are looking if need be. The fodder opens
and displays the bookmarks it contains.
4. Click on the name of the bookmark of your choice. The corresponding page opens.

To remove a bookmark using the star icon

1. From any page where you have added a bookmark, click on , a wizard opens.
2. Click on OK to delete your bookmark.

To manage the bookmarks more thoroughly, you need to go to My Bookmark page. It is accessible
from any page of SOLIDserver through the Preferences menu and contains four columns to or-
ganize the bookmark list as you please (you can sort of filter them):

• Name displays the bookmark name. If you click on a name, the Edit Bookmark wizard opens
and allows you to rename the bookmark, place it in a folder or remove it from one, add it to the
bookmark gadget and/or change the visibility settings.
• All users indicates if you share the bookmark visibility with other users (Yes) or not (No).
• Bookmark Folder indicates if the bookmark belongs to a folder or not: it displays either the
folder name or /.
• Path contains the Access link toward the bookmarked page.

My Bookmarks page also allows you to delete or define the visibility of several bookmarks at
once. Note that you cannot see the properties page of a bookmark: all the information regarding
the bookmark is displayed on the page directly.

1
For more details, refer to the sections The Bookmark Gadget and Creating a Bookmark Gadget.

44
 Understanding the GUI

Figure 3.33. My Bookmarks Page

From this page, you can Access each bookmarked page, delete bookmarks and configure other
users access once the bookmark is created.

To access a bookmarked page through My Bookmarks page

1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. At the end of the line of the bookmark of your choice, click on Access. The corresponding
page opens.

To delete a bookmark through My Bookmarks page

1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) you want to delete.
3. In the menu, select Edit > Delete. The Delete Bookmark wizard opens.
4. Click on OK to commit the bookmark deletion. The report opens and closes. My Bookmarks
page is visible again.

To make a bookmark visible to all users

1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) for which you want to change the visibility.
3. In the menu, select Edit > Visible to all users > Set. The Bookmark Visibility wizard opens.
4. Click on OK to commit the configuration. The report opens and closes. My Bookmarks page
is visible again: the bookmark is marked Yes in the All users column.

To make a bookmark visible only to you

1. From any page within SOLIDserver, in the menu select Preferences > My Bookmarks. The
My Bookmarks page opens.
2. Tick the bookmark(s) for which you want to change the visibility.
3. In the menu, select Edit > Visible to all users > Unset. The Bookmark Visibility wizard
opens.
4. Click on OK to commit the configuration. The report opens and closes. My Bookmarks page
is visible again: the bookmark is marked No in the All users column.

45
 Understanding the GUI

The Global Search Engine

SOLIDserver includes a powerful engine called Global search that allows you to perform searches
into the entire SOLIDserver database except the data contained in the Administration module.
This engine is located to the top-right corner of the main window and therefore available from
any page. Type in the data your are looking for and a window will open to display the results if
there are any matches to your search:

Figure 3.34. The Global Search Window: the Results of a Search Performed Through the Engine

1 This field allows you to type in the data you are looking for.
2 This button, the magnifying glass, allows you to perform the search. You can also hit enter.
3 This icon, located at the end each result line, allows you to access the properties page of
the listed data.
4 Each line is preceded by the icon corresponding to its object type (like on every listing page)
in order to display an overview of all the occurrences of the data researched within SOLID-
server on each page and every module separately. In the example, the address corresponds
to an IP address, a pool, two subnets and three blocks in the IPAM module; two RRs in the
DNS and two MAC addresses listed in NetChange. This line is also useful when it comes
to displaying basic information regarding the object, see the procedures below for more
details.
5 This button allows you to drag open or closed the global search window according to your
needs. Click on it and move downward and leftward to widen the window or upward and
rightward to return to its default size.
6 This button allows you to close the window. Once you performed a search the window will
stay open, above the page you are currently on, until you close it.

The Global search is useful if you are looking for particular objects. You can type in fragments
of information (a section of a MAC address, some letters of a name...)for any data you are looking
for except IPv6 addresses that you will only find if you type them entirely.

The result of your search will respect the internal hierarchy of each module on the one hand and
the order of the modules in SOLIDserver on the other hand.Therefore if you look for an IP address,
the Global search window will display the block(s) that it belongs to, then the subnet(s) and finally
the IP address with their corresponding name in brackets (like in the example above). After these

46
 Understanding the GUI

three IPAM sections, you will find in which other modules the IP address is used in the following
order: DHCP, DNS and finally NetChange.

Keep in mind that the Global search covers the following objects:

• From the IPAM module: Space, Subnet, IP Address in v4 or v6 even in their compressed form.
• From the DHCP module: Scope, Range, Static Reservation, Lease, ACL.
• From the DNS module: Server, View, DNS Zone, Resource record.
• From NetChange Network Device, NetChange Port.
• From all modules: MAC address, hostname.

To perform a global search

1. On the top-right of the screen, type in the data you are looking for in the Global search field.
Once you put your cursor in the field Global search disappears.
2. Click on the Magnifying Glass or hit Enter to perform the search.
3. The window opens under the Global search field and displays the results found in each
module.

To display information in the global search window

1. Once you performed a search through the engine, the list of results appears in the global
search window.
2. Click on the line result of your choice. A table appears under the line, it displays key inform-
ation regarding the search result:

Figure 3.35. Example of a Search Result in the Global Search Window

1 This field allows you to type in the data you are looking for.
2 This button, the magnifying glass, allows you to perform the search. You can also hit
enter.
3 The displayed result provides more information regarding the object listed. Click on the
icon or the result itself to display or hide the information table. This action is the equival-
ent to the Information provided via the Info Bar.

47
Chapter 4. Dashboards and Gadgets
Introduction
SOLIDserver offers a number of customization options that include the personalization of every
homepage. You can add gadgets to the dashboards, decide to share them with other users,
make them visible or hide them, create new ones, organize them on each homepage as well as
delete them from the gadgets library.

Dashboards
The Dashboard is the gray customizable part of every module homepage. The appliance
homepage does not contain any buttons linking to any listing, it is therefore a dashboard in es-
sence. We will call it the main dashboard in this guide. On every other tab homepage, the dash-
board is located under the access buttons.

Figure 4.1. The Appliance Homepage or Main Dashboard

On each dashboard you can add, arrange, display, collapse or hide a number of gadgets. However,
the creation of new gadgets will be handled from the lists themselves.

In SOLIDserver every list of the IPAM, DHCP, DNS, NetChange and Device Manager modules
allows you to create gadgets from the preferences menu. The gadgets do not need to be related
to the dashboard of the module it is displayed on: you can therefore display a DNS zones related
chart on the IPAM homepage dashboard, etc.

Note
In this chapter, the reference to “any list” when it comes to the available gadgets
refers only to the listing pages of the IPAM, DHCP, DNS, NetChange and Device
Manager modules.

48
 Dashboards and Gadgets

Gadgets
A gadget is a drag and drop window displaying any data you need on a dashboard. You have
the possibility to create a number of different types of gadgets that you can choose to display,
hide, share with other users or even delete.

All the gadgets are composed of two parts:

Figure 4.2. SOLIDserver Gadgets Structure

• the upper gray part is the gadget drag bar. It contains from left to right: the gadget name, a
pushpin icon that allows you to remove it from the dashboard and the button to collapse or
expand the gadget.
• the lower white part contains the information and has a different display for every type of gadget.

There are six different kinds of gadgets available within SOLIDserver. They all offer different
possibilities that are detailed further down.

It is important to keep in mind that two lists help you manage the existing gadgets - the gadgets
library and my gadgets - and the statistics page of the administration that offers a number of
configured gadgets that you can easily assign to any dashboard.

The Descriptive Gadgets

Descriptive gadgets cannot be edited and provided assistance in monitoring the appliance key
aspects of network management from any dashboard. They are displayed by default on the ap-
pliance main dashboard of the superuser session and provide special options related to SOLID-
server current user or configuration.

System Information

This gadget sums up system related information such as who is connected (Connected as), the
appliance Version, the current Date and time, the License type and finally the support used
(Manufacturer, Product and Serial).

Figure 4.3. The Descriptive Gadget System Information

In addition to this information, this gadget provides a shortcut to the Configure user settings
wizard through the user. This wizard puts together Account options that are otherwise accessible
one by one via Preferences menu: Set Line Format, Set Time/Date Format and Set Language.

49
 Dashboards and Gadgets

To access and configure the connected user settings

1. From the System Information gadget, click on the user name displayed after the Connected
as field. The Configure user settings wizard opens.
2. In the List line count field, you can define how many entries (lines) will be displayed on each
page of SOLIDserver.
3. In the List format drop-down list, you can define how to color the lines to ease reading the
listings: you can let one white and color the next in gray (1-1) or alternate the coloring every
three lines (3-3).
4. In the Time zone drop-down list, you can either set it to the Local time or to the UTC-GMT
time.
5. In the Date format drop-down list, you can choose to display the day before the month or
vice versa (mm/dd/yyyy or dd/mm/yyyy).
6. In the Language drop-down list, you can the interface language: English, French, Spanish,
German, Dutch, Chinese or Japanese. By default, English is selected.
7. Click on OK to commit your configuration. The report opens and closes. The homepage is
visible again.

General Information

This gadget sums up hardware related information such as which modules are running or not
(Services), the Hostname, the IP addresses involved, the Default gateway, the Member type and
finally the Status of HA Management.

Figure 4.4. The Descriptive Gadget General Information

From the General Information gadget you can disable services and access some pages of
SOLIDserver.

To disable a service from the general information gadget

1. Click on a service marked (i.e. it is running). The Stop a service wizard opens.
2. Click on OK to commit your choice. The report opens and closes. The service is disabled
and marked .

The General Information gadget provides links towards three key pages of the Administration
page: the Services configuration, the Network configuration and the All SOLIDserver pages.

The Services configuration page

If you click on the name of a disabled service, marked , you access directly the Services
Configuration page where you can enable the service. For more details, see the section
Services Configuration of this guide.
The Network configuration page
This page can be accessed using three links available in the following fields:

50
 Dashboards and Gadgets

• The hostname: you need to click on the hostname and not the field, in the example above
it would imply clicking on solid.intranet.
• The default interface: you need to click on the interface name, in the example above it
would imply clicking on DEFAULT_INTERFACE.
• The default gateway: you need to click on the gateway address, in the example above it
would imply clicking on 10.0.0.254.

For more details regarding the configurations available on this page, refer to the section
Network configuration of this guide.
The All SOLIDserver page
This page is accessible through the appliance Status value ( OK in the example)

The Configuration Gadget

The SOLIDserver Configuration Checklist Gadget is currently the only configuration gadget. It
was introduced with version 5.0.3 to gather a set of shortcuts that help setting SOLIDserver main
configurations. It allows the administrator to make sure that your appliance is used at the best of
its potential from the first connexion onward.

Figure 4.5. SOLIDserver Configuration Checklist Gadget

As you can see on the image above, each configuration is followed by a red cross that will turn
into a green check mark once the configuration is complete, thus providing a checklist. Obviously,
the rest of the configurations (network, services, etc.) has to be done from the dedicated pages.

The text underlined provides a direct link toward a specific wizard as detailed below:

Local SOLIDserver
Allows to configure your local SOLIDserver appliance from the homepage. Click on Config-
uration to open the Configure local SOLIDserver wizard. For more details, refer to the Con-
figuring your Master Appliance Locally section of this guide.
Remote SOLIDserver
Allows to add remote appliances to the All SOLIDserver page from the homepage. Click on
Add to open the Add/modify remote SOLIDserver wizard. For more details, refer to the
Adding an Appliance to the All SOLIDserver List section of this guide.
NTP servers configuration
Allows to add NTP servers from the homepage. Click on Configuration to open the NTP
servers configuration wizard. For more details, refer to the Configuring the NTP Server
section of this guide.
DNS smart architecture
Allows to create a DNS smart architecture from the homepage. Click on Add to open the
Add a DNS server wizard. For more details regarding smart architectures, refer to the Adding
a DNS Smart Architecture section of this guide.

51
 Dashboards and Gadgets

DHCP smart architecture

Allows to create a DHCPv4 smart architecture from the homepage. Click on Add to open the
Manage a DHCP server wizard. For more details regarding smart architectures, refer to the
Adding a DHCPv4 Smart Architecture section of this guide.
Backup
Allows to archive the appliance backup on FTP from the homepage. Click on Configuration
to open the Archive server parameters wizard. For more details regarding remote FTP con-
figuration, refer to the Archiving the Backup Files on FTP section of this guide.
Change ipmadmin password
Allows the ipmadmin (also called the superuser) to edit his/her SOLIDserver connexion
password from the homepage. Click on Configuration to open the Modify user password
wizard. For more details, refer to the Password Configuration section of this guide.
Authentication (AD, LDAP, Radius)
Allows you to add one by one the three rules that configure the remote users authentication
via AD, Radius or LDAP. Click on Configuration to open the Add a rule wizard. For more
details regarding the methods of remote authentication, refer to the chapter Managing Au-
thentication Rules.
Group
Allows you to add groups of users from the homepage. Click on Add to open the Add a group
wizard. For more details, refer to the Adding a Group section of this guide.
Internal module setup
Allows to set the modules default behaviors interaction of the appliance. Click on Configuration
to open the Internal module setup wizard. For more details, refer to the Setting the Main
Modules Default Behaviors section of this guide.

Once the configuration matches your needs, you can hide the gadget from the dashboard if you
want.

The Charts

This gadget allows you to create a chart representing graphically – with a pie chart or a bar chart
- the activity of given items within the different modules. For instance, the RRs type distribution
within a DNS server.

Figure 4.6. RRs Type Distribution Illustrated with a Pie Chart

52
 Dashboards and Gadgets

Figure 4.7. RRs Type Distribution Illustrated with a Bar Chart

In addition, note that both charts allow to compare a value and a label.

The Top Lists

This gadget allows you to create a specific list displaying only the first 5 and up to 25 items of
your choice and is settable from each list separately. This gadget looks like a table composed of
a maximum of 4 columns. The main advantage of this gadget is that you can add it from filtered
data in a list and for instance display a list of the first five heavily used subnets, in order not to
overload them.

Figure 4.8. Example of a Top List Gadget

The top list gadget is editable thanks to the icon.

The Quick Search

This gadget allows you to easily access filtered data in lists, one list at a time, by providing a set
of columns to choose from. Basically, each column displayed in the gadget supplies a field in
which you can enter a value that will automatically provide, in the corresponding list, a filtered
result according to the values entered. One of the advantages of this gadget is that you can filter
data in the corresponding list several columns at a time from any dashboard.

Figure 4.9. Example of a Quick Search Gadget

The quick search gadget is editable thanks to the icon.

The Quick Wizard Gadget

This gadget allows you to save any wizard at any step of its configuration. You can save any
given step as a gadget on any dashboard or as a quick access accessible through the preferences
menu.

53
 Dashboards and Gadgets

The quick wizard gadget is a sole gadget providing buttons to access the saved quick wizards.
The gadget is by default named QuickWizard, it can be duplicated on every dashboard but will
be unique on each dashboard. It is editable through the icon.

Figure 4.10. Example of a Quick Wizard Gadget

The quick access is accessible from everywhere in the appliance through the preferences menu.

Figure 4.11. Example of a Quick Access

The Bookmark Gadget

This gadget allows you to access selected bookmarks from any dashboard. It will display a set
of chosen bookmarks as buttons named “tab: List” if you keep their default name.

The bookmark gadget is a sole gadget that you can duplicate on as many dashboards as you
want but that you cannot name.

Figure 4.12. Example of a Bookmark Gadget

The Default Gadgets

A set of gadgets are available by default with version 5.0.3.You can assign them to the dashboard
of your choice from the Gadgets Library.

My account preferences & configuration

This gadget gathers shortcuts that open pages or wizards to assist the connected user in setting
preferences.

Figure 4.13. My account preferences & configuration

Shortcuts

This gadget is a bookmark gadget in essence that provides shortcuts toward key objects of the
IPAM, DNS and DHCP modules.

Figure 4.14. Shortcuts

54
 Dashboards and Gadgets

For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.

Alerts

This gadget is a Top 10 list of all the raised alerts on the Alerts page.

Figure 4.15. Alerts

For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.

Alert on ports/interfaces reconciliation drift

This gadget is a Device Manager Top 5 list of the alert set by default if their is a drift in the Re-
conciliation column of the All ports and interfaces page.

Figure 4.16. Alert on ports/interfaces reconciliation drift

For more details regarding the configuration of a Top List, refer to the section Editing a Gadget
below.

Gadgets Library
Gadgets library contains all the gadgets available in SOLIDserver. It is accessible from every-
where in the appliance through the menu Preferences > My Dashboards > Gadgets Library.

Gadgets library allows you to enable, disable and delete the gadgets.

By default, the gadgets library contains a list of default gadgets that are all Enabled in the status
column and displayed on the Main dashboard and NetChange, Device Manager and the Admin-
istration dashboards.

To ease up the gadgets management, a set of columns allow to sort and filter the entries in the
list but you cannot edit the listing template of this page.

Table 4.1. Gadgets Library Columns

Column Description
Name Displays the gadget name.
All users Displays the gadget visibility, or access restriction. Yes means that it is visible
to all users and No means that only the user who created it can see it.
Type Displays the gadget type: Descr (descriptive gadget), Configuration
(SOLIDserver Configuration Checklist), Chart, TopList, QuickWizard, Quick-
Search... For more details, refer to the Gadgets section above.
Dashboard Displays the dashboards the gadget is displayed on.
Status Displays the gadgets status: either Enabled or Disabled.

55
 Dashboards and Gadgets

At the end of each entry, you can access the gadgets properties page. It contains a panel called
Main properties that sums up the gadget name, type, accessibility settings and status. This page
does not allow you to edit the gadget like other items in the appliance.

Clicking on the gadgets name will displayed My gadgets list, if said gadget has been assigned
to a dashboard, if not the list is empty.

My Gadgets
My gadgets is the list of all the gadgets displayed on the dashboards. It is accessible from
everywhere in the appliance through the menu Preferences > My Dashboards > My Gadgets.

My gadgets allows you to manage the gadgets displayed on the dashboards. Under the menu,
each dashboard has a specific bullet that allows you to filter the list. You can also list them all
using All.

Note
Depending on the module from which you access this list, my gadgets list will auto-
matically filter the data and only display the gadgets assigned to the dashboard of
the module from where you access My Gadgets.

This page contains the same columns than the Gadgets Library and you cannot edit the listing
template of this page either.

By default, all the gadgets displayed on the main dashboard and on the NetChange, Device
Manager and Administration dashboards will be listed on the page (when the dashboards filter
is set to All). Among these defaults gadgets, the charts will be empty during the first use of the
appliance and as long as there is no data to display in the corresponding lists.

Statistics Page
Within the administration page, Statistics offers fourteen gadgets ready to be assigned to any
dashboard. The available gadgets are:

• DNS traffic.
• DHCP traffic.
• HTTP traffic.
• SNMP traffic.
• Database replication traffic.
• CPU per process.
• Memory usage per process,.
• IOs per process.
• SQL queries.
• Threads.
• Memory.
• User sessions.
• Disk Usage.
• Processes state.

56
 Dashboards and Gadgets

They all offer system related data displayed in a chart, except processes state that displays a
drop-down field. All these charts are empty during the first use of the appliance and as long as
there is no relevant data to display. For more details, refer to the section Statistics in the chapter
Monitoring Tools of this guide.

Adding a Gadget
Existing gadgets can be added either from each dashboard or from the statistics page.

Adding a Gadget from a Dashboard

From any dashboard you can add existing gadgets through the Add Gadgets link located in the
upper right corner of the dashboard.

Figure 4.17. Add Gadgets in the upper right corner of any Dashboard

To add a gadget from a dashboard

1. Go to the dashboard of your choice.

2. Click on Add Gadgets. The Gadget Addition wizard opens.
3. Select the Type of your choice. Other contains the descriptive gadgets, the Bookmark gadget
and the Quick Wizard gadget.
4. Click on NEXT . The Gadget list displays the available gadgets of the selected type.
5. Select the gadget you want. If there is no gadget of this type yet, the list is empty.
6. Click on OK to commit your addition. The gadget is now visible on the dashboard.

Adding a Gadget from the Statistics Page

In the Administration module, the statistics page allows you to add gadgets.

To add a gadget from the statistics page

1. Go the Administration tab homepage.

2. Click on the Statistics button in the Monitoring section. The Statistics page opens.
3. Click on in the upper right corner of the page to close all the panels.
4. Click on the push-pin in the drag bar of the panel that interests you. The Add a graph wizard
opens.
5. Select a dashboard in the Module Dashboard list.
6. Click on OK to commit your addition. The gadget is now displayed on the selected dashboard.

57
 Dashboards and Gadgets

Adding a Gadget from a Properties Page

All the charts that are displaced on objects properties page can be added to any dashboard. For
instance, from a server properties page, a NetChange port properties pages, etc. you can assign
one or all charts to the dashboard of your choice.

To add a gadget from a properties page

1. Go the properties page of the object of your choice.

2. Click on in the upper right corner of the page to open all the panels.
3. On a panel containing a chart, click on the push-pin in the drag bar. The Add a graph wizard
opens.
4. Select a dashboard in the Module Dashboard list.
5. Click on OK to commit your addition. The page refreshes. The gadget is now displayed on
the selected dashboard.

Assigning a Gadget
From the gadgets library and my gadgets you can assign one or several gadgets to one or more
dashboards at once. It simply means that you specify on which dashboard you want the gadget
to be displayed.

Any gadget is listed in the gadgets library even if it is not displayed on any dashboard yet.

To assign a gadget to a dashboard from the gadgets library

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. Tick the gadget you want to assign to a dashboard. You can tick several gadgets.
3. In the menu Edit, select Assign Gadget(s). The Gadget configuration wizard opens.
4. In the Available list, double-click on the name of the dashboard you want the gadget to be
displayed on. The name is moved to the Configured list. You can select on several dash-
boards if you want.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is now
displayed on the selected dashboard(s).

If you want to display a gadget on another dashboard, meaning it is already displayed on one or
more dashboards, you can assign it to a new dashboard from my gadgets.

To assign a gadget to a dashboard from my gadgets

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. In the menu Edit, select Assign a gadget. The Gadget Configuration wizard opens.
3. Select the Type. Other contains the descriptive gadgets, the Bookmark gadget and the Quick
Wizard gadget.
4. Click on NEXT . The Gadget list displays the available gadgets of the selected type.
5. Select the gadget you want. If there is no gadget of this type yet, the list is empty.

58
 Dashboards and Gadgets

6. Click on NEXT . The last page of the wizard opens.

7. In the Available list, double-click on the name of the dashboard you want the gadget to be
displayed on. The name is moved to the Configured list. You can select several dashboards
if you want.
8. Click on OK to commit your choice. The Report wizard opens and closes. The gadget is now
displayed on the selected dashboard(s).

Handling a Gadget
On every dashboard you can organize all the gadgets the way you want.

Moving a Gadget
On any dashboard you can drag and drop the gadgets to organize them the way you want.

Figure 4.18. Moving a Gadget

The pointer changes shape to indicate that you can drag the gadget. When moving the gadget,
the tool allows you to visualize the former position of the gadget and how much space it will take
up in the new spot you are putting it in. Simply let go of the mouse to drop it where it suits you.

Collapsing or Expanding a Gadget

Every gadget can be reduced thanks to the button at the end of the drag bar.

To indicate that you are about to expand or collapse the gadget, the pointer changes shape.

Figure 4.19. Collapsing a Gadget

Once collapsed, the gadget is displayed as a simple line containing only the gadget name and
the buttons. Even collapsed the gadget can still be dragged and dropped the gadget.

59
 Dashboards and Gadgets

Figure 4.20. Example of a Collapsed Gadget

To expand again the gadget, click on the button at the end of the drag bar.

Hiding a Gadget from a Dashboard

On every dashboard you can choose to display or hide a gadget thanks to the pushpin button
located in the upper right corner of each gadget.

Hiding a gadget means that it is no longer visible on a given dashboard but it does not mean that
it has been deleted: it is still listed in the Gadgets Library but no longer in My gadgets.

To hide a gadget on a dashboard

1. Go to the dashboard of your choice and locate the dashboard you wish to hide.
2. Click on the pushpin button in the gadget drag bar. The Disable Gadget wizard opens.
3. Click on OK to commit your choice. The report wizard opens and closes. The gadget is no
longer visible on the dashboard.

Once you hid a gadget you can display it again through the add gadget button on the dashboard
or through my gadgets (see next part for more details).

Displaying or Hiding a Gadget from My Gadgets

From My gadgets page you can choose to display or hide a gadget thanks to the status column.

Hiding a gadget means that it is no longer visible on a given dashboard but it does not mean that
it has been deleted: it is still listed in the Gadgets Library but no longer in My gadgets.

To hide a gadget from my gadgets

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. Click on Unset Filters to list all the displayed gadgets.
3. In the list, filter the names to find the chosen gadget.
4. Once you found it, click on Visible in the Status column. The Disable Gadget wizard opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked as Hidden and no longer visible on the dashboard.

In the same manner, displaying a gadget can be done from my gadgets list.

To display a gadget from my gadgets

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> My Gadgets. My Gadgets page opens.
2. Click on Unset Filters to list all the displayed gadgets.
3. In the list, filter the names to find the chosen gadget.
4. Once you found the correct line, click on Hidden in the Status column. The Enable Gadget
wizard opens.

60
 Dashboards and Gadgets

5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked as Visible and displayed on the dashboard it was assigned to.

Creating New Gadgets

For every type of gadgets there is one or more ways to create a new gadget or edit its content.
Each type of gadget has a certain logic when it comes to the creation of a new gadget or the
edition of its content when possible.

That's why the creation of charts, top lists, quick search, quick wizards and bookmark gadgets
is detailed here below. As for the descriptive gadgets you cannot create new descriptive gadgets
or delete them, you can enable them, disable them and make visible or not to other users.

Creating a Chart
From any list in the appliance you can create a chart. You can display as many charts as you
want on every dashboard in the appliance.

Note
In the Administration tab, only the following pages allow you to create charts: Key
ring ; SOLIDserver centralized management ; Groups ; Users ; Logs visualization
; Statistics (directly through the push pin button on each panel) ; Session tracking
; User tracking ; Alerts ; Custom DB ; Rules (homepage menu: System > Expert >
Rules) ; Registry database (homepage menu: System > Expert > Registry database)
; Netstat (homepage menu: System > Expert > Netstat) ; Localization (Customization
> Language editor).

To create a new chart from a list

1. Go to the list you want to create a chart from.

2. In the menu, select Preferences > Add a Chart. The Create a chart wizard opens.
3. In the Chart name field, name the chart.
4. In the Chart type drop-down list, select a pie chart of a bar chart.
5. In the Value drop-down list, select the value that will be displayed in the chart. In some lists,
there is only one value available and Entries count is selected by default.
6. In the Label drop-down list, select a label, it correspond to the columns names of the list.
7. In the Secondary label drop-down list, select a secondary label to compare with the first one.
This option is only available if you selected to create a bar chart.
8. In the Order by drop-down list, you can choose to display the value, label or secondary label
(if you chose to create a bar chart) in an ascending order (ASC) or a descending order
(DESC).
9. Click on PREVIEW if you want to have an overview of the final chart. The preview will not be
possible if you did not name the chart.
10. Click on NEXT . The second page opens.
11. In the Module drop-down list, select the dashboard on which you want the chart to be dis-
played on.
12. Click on OK to commit the creation. The report opens and closes. The chart is visible on the
dashboard you chose to display it on.

61
 Dashboards and Gadgets

Once a chart is created you cannot modify it. If it turns out that the data you asked for do not
correspond to your needs anymore, you will have to create a new one and delete the old one.

Creating a Top List

From any list in the appliance you can create a top list. You can display as many top lists as you
want on every dashboard in the appliance.

Note
In the administration tab, only the following pages allow you to create top lists: Session
tracking ; User tracking and Alert.These pages are accessible through the Monitoring
section of the Administration tab homepage.

To create a new top list from a list

1. Go to the list you want to create a Top List from.

2. In the menu, select Preferences > Add a Top List. The Add a Top List wizard opens.
3. In the Top List Name field, name the gadget.
4. In the Module Top List drop-down list, select the dashboard on which you want the Top List
to be displayed.
5. In the Columns list, select one by one the columns to be displayed in the Top List.
6. Click on . The name is moved to the Selected Columns field. If you want to remove a
column from that field, select it and click on , the columns is moved back in the Columns
list.
7. In the Selected Columns field, use and to order the columns to your convenience. You
cannot display more that four columns in the gadget so if you specify more than one, only
the first four will be saved.
8. In the Limit field, specify the amount of items that will be displayed in the final gadget.
9. Click on OK to commit your creation. The report opens and closes. The chart is visible on
the dashboard you chose to display it on.

A top list can be edited through the icon in the gadget drag bar.

If you displayed a top list on several dashboards, any modification made (renaming it, changing
the columns displayed, etc.) on one dashboard will be applied to every copy of this gadget on
the other dashboards.

By default, the first part of a Top List name is always “Top X list:”, X being the number of items
you want to display in that list.

Creating a Quick Search

From any list in the appliance you can create a top list. You can display as many quick search
gadgets as you want on every dashboard in the appliance.

The fields available to configure the quick search depend on the list the gadget is set from; anyhow
we recommend that you name your gadget according to the list in which it is going to apply the
search.

62
 Dashboards and Gadgets

To create a new quick search gadget from a list

1. Go to the list you want to create a Quick Search from.

2. In the menu, select Preferences > Add a Quick Search. The Add a Quick Search wizard
opens.
3. In the Quick Search Name field, name the gadget.
4. In the Select module drop-down list, select the dashboard on which you want the Quick
Search to be displayed.
5. In the Columns list, select one by one the columns to be displayed in the gadget.
6. Click on . The name is moved to the Selected Columns field. If you want to remove a
column from that field, select it and click on , the columns is moved back in the Columns
list.
7. In the Selected Columns field, use and to order the search fields to your convenience.
8. Click on OK to commit your creation. The report opens and closes. The chart is visible on
the dashboard you chose to display it on.

A quick search gadget can be edited through the icon in the gadget drag bar.

If you displayed a quick search gadget on several dashboards, any modification made (renaming
it, changing the columns displayed, etc.) on one dashboard will be applied to every copy of this
gadget on the other dashboards.

Once you created a quick search you can assign it to any dashboard through my gadgets or
through the button Add Gadgets on any dashboard.

Creating a Quick Wizard Gadget

As any action in SOLIDserver is assisted by a wizard you can save a great variety of steps as a
quick wizard whether the wizard relates to an edition, a creation, a deletion, etc. The particularity
of the quick wizards is that you can choose to access it through a gadget or through a quick access
available everywhere in the appliance from the preferences menu.

Quick Wizard Gadget

The quick wizard gadget is a sole gadget that can only be displayed once on each dashboard.
It has the default name QuickWizard and offers different edition methods.

Adding a Quick Wizard Gadget

When saving a quick wizard you can specify the module dashboard on which you want the
shortcut to be displayed.

To add a Quick Wizard gadget from a dashboard

1. From any dashboard, click on the Add Gadgets. The Gadget Addition wizard opens.
2. In the field, select Other.
3. Click on NEXT . The Gadget field appears and QuickWizard is listed in the field.
4. Select QuickWizard.
5. Click on OK to commit your choice. The report opens and closes. The Quick Wizard gadget
is now visible and empty on the dashboard.

63
 Dashboards and Gadgets

You can also create a quick wizard gadget from any dashboard. This action is only possible if
you already have existing quick wizards, otherwise this type of gadget will not be displayed in
the wizard. To modify the content of the gadget, see the section Editing a Quick wizard Gadget
below.

Editing a Quick Wizard Gadget

Once you created a quick wizard gadget you can modify the quick wizard shortcuts it contains.
The easiest way to do so is through the gadget edition button .

To add a quick wizard to the quick wizard gadget from the gadget itself

1. From the Quick Wizard gadget, click on the edition button in the gadget drag bar. The Quick
Wizard Gadget Configuration wizard opens.
2. In the Available list, select a Quick Wizard among the existing ones.
3. Click on . The Quick Wizard is now in the Configured field. Select as many Quick Wizards
as needed.
4. Click on OK to commit your configuration. The report opens and closes. The Quick Wizard
is visible in the Quick Wizard gadget.

In the same manner, you can delete all the quick wizards from the gadget. If you do so, the
message The gadget is empty will be displayed in the gadget. To add one or more quick wizards
to the gadget, refer to the procedure above or click on The gadget is empty, My Quick Wizards
list will open and you simply need to follow the procedure below to fill the gadgets with the needed
quick wizards. For more details regarding My Quick Wizards page, refer to the section Saving a
Wizard of the Understanding SOLIDserver chapter of this guide.

Quick Access Option

Quick access allows you to access a quick wizard from everywhere within SOLIDserver through
the preferences menu.

To create a Quick Access when creating a Quick Wizard

1. On the wizard you want to save, click on the icon in the gadget drag bar. The Add a Quick
Wizard wizard opens.
2. In the Name field, name the Quick Wizard.
3. In the Module drop-down list, select Quick Access.
4. In the Description field, you can add a description if you want.
5. Click on OK to commit your creation. The report opens and closes. Quick Access is a now
the first available option in the Preferences menu and lists the Quick Wizard. The Quick
Wizard is listed in My Quick Wizards.

If you did not set a quick wizard as a quick access, you can always do so later on from my quick
wizards list. Any quick wizard can be set as a quick access.

To create a Quick Access from My Quick Wizards

1. From any list, through the menu, select Preferences > My Quick Wizards. My Quick Wizards
page opens.

64
 Dashboards and Gadgets

2. Click on the name of a gadget you want to set as a Quick Access. The Edit QuickWizard
wizard opens.
3. In the Available field, select Quick Access. Quick Access is now listed in the Configured
field.
4. Click on OK to commit the creation. The report opens and closes. Quick Access is a now
the first available option in the Preferences menu and lists the Quick Wizard.

Creating a Bookmark Gadget

From any page in the appliance you can create a bookmark gadget. The bookmark gadget is a
sole gadget that you can display on any dashboard. It is composed of buttons to easily access
bookmarked pages.

The bookmark gadget is named by default Bookmark and cannot be edited from the gadget itself.

As any page can be bookmarked in SOLIDserver, the bookmark gadget is the only gadget that
can be created from everywhere in the appliance through the Bookmark wizard.

To create a bookmark gadget when bookmarking a page

1. On any page, click on in the upper-right corner of the page. The Bookmark wizard opens.
2. In the Name field, name the bookmark. By default, the bookmark is named “tab: page” but
you can change it.
3. In the Bookmark Folder field, you can name a folder. If you type in a name and click on
SEARCH the appliance will find the folder with the corresponding existing folder. If you do not
have any folder yet, a new folder will be created it in the Tree View. Naming a folder
“\nameA\nameB” will create a sub folder “nameB” in the folder “nameA”.
4. Tick the Add to the bookmark gadget box. The bookmark gadget will be created and added
to the Gadgets Library.
5. Click on OK to commit your creation. The report opens and closes. The star is now marked
to indicate it is bookmarked. The gadget is not displayed on any dashboard but is now in
the Gadgets Library list. To assign the gadget, see the procedure described in the part As-
signing a gadget.

Once you created a bookmark gadget, you can display it on another dashboard with the add
gadgets button on this dashboard. Otherwise, the Add a gadget wizard will not list it among the
gadgets type.

To create a bookmark gadget from a dashboard

1. From any dashboard, click on the Add Gadgets. The Gadget Addition wizard opens.
2. In the type field, select Other.
3. Click on NEXT . The Gadget field appears, Bookmark is listed.
4. Select Bookmark.
5. Click on OK to commit your choice. The report opens and closes. The Bookmark gadget is
now visible on the dashboard.

You can edit the content of the bookmark gadget: you can either add then one by one by ticking
the add to the bookmark gadget box when creating a bookmark or follow the procedures below
to add or remove bookmarks buttons.

65
 Dashboards and Gadgets

To add a bookmark to the bookmark gadget from my bookmarks

1. From any list, through the menu, select Preferences > My Bookmarks. My Bookmarks page
opens.
2. Click on the name of the bookmark you want to add to the gadget.The Edit Bookmark wizard
opens.
3. Tick the Add to the bookmark gadget box. The bookmark is added to the bookmark gadget.
4. Click on OK to commit your modification. The report opens and closes. The bookmark is
visible in the Bookmark gadget on the dashboard you assigned it to. The bookmarks added
to the gadget named are marked with a yellow star.

Given that the bookmark gadget is a sole gadget, if you add a bookmark button to the gadget it
will be added to every copy of the gadget.

You can at any time remove a bookmark button from the gadget.

To remove a bookmark from the bookmark gadget

1. From any list, through the menu, select Preferences > My Bookmarks. My Bookmarks page
opens.
2. Click on the name of the bookmark you want to remove. The Edit Bookmark wizard opens.
3. Untick the Add to the bookmark gadget box. The bookmark is removed from the bookmark
gadget.
4. Click on OK to commit your modification. The report opens and closes. The bookmark is no
longer visible in the Bookmark gadget on any dashboard.

Editing a Gadget
From the dashboards themselves, you can edit Top List, Quick Search and Quick Wizard gadgets
through the icon on the gadget drag bar.

To edit a Top List, Quick Search or Quick Wizard gadget

1. Go to the dashboard where the gadget is displayed.

2. If the gadget is collapsed, expand it using .
3. Click on , the configuration or modification wizard opens.
4. Edit the gadget content.
5. Click on OK to commit your changes. The report opens and closes. The gadget content is
now updated.

If you want to edit other types of gadgets, you have to create a new gadget with the needed
features and replace the old one.

Granting User Access to the Gadgets

All the procedures explained in the present chapter are accessible to the default ipmadmin super
user. If you do not grant access permission to the groups, users will not be able to make any of
these gadget related modifications.

66
 Dashboards and Gadgets

Accessing gadgets also includes managing the visibility of your gadgets.

Configuring Read-Write Access to a Group

In SOLIDserver, you have to give specific rights to a group of users to allow them to manage
themselves parts of the appliance. The super user is the only one who can grant or limit access
to all the gadgets.

Do not forget to include the users to the group. Only the super user can grant access to gadget
related options following the procedure below.

To grant access to all the gadget related options to a group

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Groups icon. The Group page list opens.
3. Filter the name of the group that you want to grant access to the gadgets to.
4. Click on . The group properties page opens.
5. Click on in the upper right corner of the page to open all the panels.
6. In the Administration panel, click on EDIT . The Edit group access wizard opens.
7. In the Unauthorized services, select all the options preceded by Bookmarks and Gadgets.
8. Click on . The option is listed in the Authorized services list. Repeat this action as many
times as needed to include all the gadget related options listed above this procedure.
9. Click on OK to commit the modification. The report opens and closes. The permissions list
is now updated in the panel.

Do not forget to include users to the group. For more details regarding user permissions refer to
the part Rights Management of the guide.

Setting Gadgets Visibility

The default gadgets are visible to anyone with read-write access unless the super user modifies
their visibility parameters. All the gadgets created can be set as visible to all the appliance users
or, on the contrary, be visible only to the user who created them whether this user is a super user
or an average user belonging to a group with read-write access to the gadgets.

Note
You cannot change the visibility setting of the descriptive gadgets, General information
and System information, they are visible for every user by default.

In the gadget library the column all users is the best way to know if a gadget to visible to every
user or not. Any modification made in this list will have an effect on the gadget and all the dash-
boards it is displayed on.

To make a gadget visible to all the users through the gadgets library

1. From any list, through the menu, select Preferences > My Dashboards > Gadgets Library.
2. Tick the gadget you want to make visible to all the other users. You can tick several items.
3. In the menu Edit, select Visible to all users > Set. The Gadget visibility wizard opens.

67
 Dashboards and Gadgets

4. Click on OK . The report opens and closes. In the All Users column, the gadget is marked
Yes.

On the contrary, to unset these parameters, you can use the same procedure as below.

To make a gadget visible only to the creating user through the gadgets library

1. From any list, through the menu, select Preferences > My Dashboards > Gadgets Library.
2. Tick the gadget you want to make visible only to you. You can tick several items.
3. In the menu Edit, select Visible to all users > Unset. The Gadget visibility wizard opens.
4. Click on OK . The report opens and closes. In the All Users column, the gadget is marked
No.

Enabling or Disabling a Gadget

The fact of enabling or disabling a gadget has a greater extent than simply hiding or disabling it
one dashboard at a time. Indeed, if you disable a gadget you remove it from all the dashboards
it has been displayed on at once. It does not delete it, it is still listed in the gadget library and my
gadgets.

In the same manner, enabling a gadget makes it visible again on all the dashboards it was as-
signed to.

Disabling or enabling a gadget can only be done and undone from the gadgets library. Once a
gadget is disabled, it is marked as such in my gadgets status column and you can no longer
change the value from that list.

Note
You cannot disable the descriptive gadgets, system Information and general Inform-
ation, there are enabled by default.

There are two different ways to disable a gadget.

Enabling or Disabling a Gadget through the GUI

From the gadgets library you can disable any gadget through its status column.

To disable a gadget from the gadgets library list

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Once you found the correct line, click on Enable in the Status column. The Disable Gadget
opens.
4. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Disabled and is no longer visible on any of the dashboards it was assigned to.

From the gadgets library, the status column can help you enable any gadget previously disabled.

68
 Dashboards and Gadgets

To enable a gadget from the gadgets library list

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Once you found the correct line, click on Disable in the Status column. The Enable Gadget
opens.
4. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Enabled and is visible on the dashboards it was assigned to.

Enabling or Disabling a Gadget through the Menu

From the gadgets library you can disable one or several gadgets at a time through the edit menu.

To disable a gadget through the edit menu

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Tick the gadget you want to disable.
4. In the menu, select the Edit menu > Status > Disable. The Disable Gadget opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Disabled and is no longer visible on any of the dashboards it was assigned to.

In the gadgets library you can enable one or several previously disabled gadgets through the
edit menu.

To disable a gadget through the edit menu

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, filter the names to find the gadget.
3. Tick all the gadgets you want to enable.
4. In the menu, select the Edit menu > Status > Enable. The Enable Gadget opens.
5. Click on OK to commit your choice. The report wizard opens and closes. The gadget is
marked Enabled and is visible on the dashboards it was assigned to.

Deleting a Gadget
Gadget deletion is only possible from the gadgets library and applies to the gadget as a whole
no matter on how many dashboards it is displayed.

To delete a gadget

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. Tick the gadget you want to delete. You can tick several gadgets if need be.
3. In the menu, select Edit > Delete Gadget. The Delete Gadget wizard opens.

69
 Dashboards and Gadgets

4. Click on OK to commit the deletion.The report opens and closes.The gadget is now removed
from the dashboard(s) it was displayed on and from the Gadgets Library and My Gadgets.

70
Chapter 5. Customizing the GUI
Customizing SOLIDserver Login Page With an Image
SOLIDserver provides the possibility to display an image on the appliance Login page. At any
time, this image can be changed or removed. Only users of the admin group are able to perform
these changes.

To customize the login page with an image you need to:

1. Upload the image to the local files listing;

2. Specify the image name as the value of the dedicated registry database item.

Uploading an Image to SOLIDserver

You can upload any image to SOLIDserver database. Keep in mind that uploading images with
a transparent background allows to fully integrate them with SOLIDserver graphical interface.

The login page image maximum size is 610x250 pixels. If you want upload a smaller image it will
be displayed in the upper left corner of the login banner.

You can upload several images to the Local files listing page, for that you need to follow the first
procedure for as many different images as needed.

To upload an image to customize the login page

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens.
3. Under the menu, tick the Custom images bullet. The Custom images list opens.
4. In the menu, select Tools > Upload file. The Import a file wizard opens.You can only upload
one file at a time.
5. Click on BROWSE to look for the chosen image on your computer.
6. Find the folder containing the image you want to upload.
7. Select the image.
8. Click on Open. The window closes and the Import a file wizard is visible again. The selected
image is visible in the File name field.
9. Click on OK . The report wizard opens and closes. The image is listed.

Displaying an Image on SOLIDserver Login Page

Once you uploaded the image you want to display on the appliance login page, you have to save
its name as the value of the appropriate key in the registry database.

To display an image on the appliance login page

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

71
 Customizing the GUI

2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword logo. The list is filtered and displays
the items www.display.home_page.logo and www.display.login_page.logo.generic.
4. In the Value column of www.display.login_page.logo.generic, click on <empty>. The Registry
database Edit a value wizard opens.
5. In the Value field, type in the full name of the image (name.extension) you want to display
on the login page. If you have not uploaded it yet to the Local Files Listing Custom images
page, refer to the procedure To upload an image to customize the login page.
6. Click on OK to commit your choice. The specified image replaces the default SOLIDserver
logo. To see it open SOLIDserver in a different browser or log out.

If you want to display a different image on the login page, you need to upload it to the Local files
listing, follow the To display an image on the appliance login page procedure again. Instead of
clicking on <empty>, you need to click on the image currently displayed and type in the value
field the name of the new image you want to display.

Removing the Image Displayed on SOLIDserver Login Page

The registry database also allows to remove the image from the login page, you need to empty
the value of the dedicated item.

To remove the image of the appliance login page

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword logo. The list is filtered and displays
the items www.display.home_page.logo and www.display.login_page.logo.generic.
4. In the Value column of www.display.login_page.logo.generic, click on <image-name>. The
Registry database Edit a value wizard opens.
5. In the Value field, empty the field.
6. Click on OK to commit your choice. The specified image replaces the default SOLIDserver
logo. To see it open SOLIDserver in a different browser or log out.

If you want to display a different image on the login page, you need to upload it to the Local files
listing, follow the To display an image on the appliance login page procedure again. Instead of
clicking on <empty>, you need to click on the image currently displayed and type in the value
field the name of the new image you want to display.

Customizing SOLIDserver Homepage Welcome Banner

SOLIDserver Homepage welcome banner can be edited to suit your needs: you can customize
it with an image, change the message or even hide the banner altogether.

Only users of the admin group can edit the welcome banner.

72
 Customizing the GUI

Editing SOLIDserver Homepage Banner Title

By default, SOLIDserver welcome banner contains the message Welcome to SOLIDserver™,
you can edit it if you want.

To edit the appliance homepage banner title

1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. In the Title field, replace the current message with the one of your choice.
4. Click on OK to commit your title edition. The report opens and closes. The homepage re-
freshes, the new message is visible.

Displaying an Image on SOLIDserver Homepage Banner

It is possible to add an image next to the title in the welcome banner. The size of this image does
not matter as it is automatically resized to fit in the welcome banner.

To display an image on the appliance homepage

1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. Click on BROWSE to look for the chosen image on your computer.
4. Find the folder containing the image you want to upload.
5. Select the image.
6. Click on Open. The window closes and the wizard is visible again. The selected image is
visible in the File name field.
7. Click on OK to commit your image selection. The report opens and closes. The homepage
refreshes, the image is visible on the appliance homepage banner.

If you want to display a different image in the welcome banner, follow the procedure and select
another image. Keep in mind that the selected images are all saved in the Local files listing
Custom images page.

Removing the Image from SOLIDserver Homepage Banner

At any time, users of the admin group can remove the image from the banner.

To remove the image displayed on the appliance homepage

1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on . The Editing the welcome banner
wizard opens.
3. Tick the Remove the image from the banner checkbox.
4. Click on OK to commit your image deletion. The report opens and closes. The homepage
refreshes, the image is no longer visible.

73
 Customizing the GUI

Hiding SOLIDserver Homepage Welcome Banner

You might not want to have a welcome banner on the appliance homepage. In this case, you
can hide it from all the users.

To hide the appliance welcome banner

1. Go the appliance Homepage: click on the efficient iP tab to display the Home page.
2. In the right corner of the welcome banner, click on .The Hiding the welcome banner wizard
opens.
3. Click on OK to commit your choice. The report opens and closes. The homepage refreshes,
the banner is no longer visible.

Displaying SOLIDserver Homepage Welcome Banner Again

To display the welcome banner on the homepage again, you need to delete the item of the registry
database that hides the banner.

To display the appliance homepage welcome banner

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword panel.home. The list is filtered and
displays the item panel.home.welcome.delete .
4. Tick panel.home.welcome.delete .
5. In the menu, select Edit > Delete. The confirmation pop up window opens.
6. Click on OK to commit your deletion. The page refreshes, the item is no longer listed.
7. Click on the efficient iP tab to display the Home page. The banner is visible again.

Customizing the Interface Names and Fields

The Administration module provides a page dedicated to administrators that allows them to
customize the interface labels, that is the default name of some fields and menus. To be precise,
this page allows you to rename: fields name, menu names, page and columns title. From Language
editor, you can add entries that will replace existing labels in the GUI.

There are two exceptions :

• you cannot edit the title of the Language editor page itself.
• you cannot rename the homepage welcome banner title using this page. For more details,
refer to the Customizing the Appliance Homepage Banner Title section.

Note
The interface label customization applies to the language you chose to manage
SOLIDserver with. The label of the English interface field that you add to Language
editor with a Spanish new name, will not be edited.

74
 Customizing the GUI

To add a customized label

1. From any page or wizard within SOLIDserver, copy the name of a field, page, column or
menu that you want to replace with your label.
2. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Language editor. The Language editor page opens.
4. In the menu, select Add > Entry. The wizard opens.
5. In the Key field, paste the value you want to replace. We recommend that you copy/paste
the label name because Language editor is case sensitive.
6. If your appliance is displayed in English, in the English field, type in the new label value.
7. Click on OK to commit your creation. The entry is listed. Go back to the page where you
copied the label to see the new name.

To delete a customized label

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Language editor. The Language editor page opens.
3. In the Key column, click on the label name. The wizard opens.
4. Empty all the fields.
5. Click on OK to commit your deletion. The entry is no longer listed. Go to the page the label
is displayed on: it now displays the standard label.

To edit a customized label

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Language editor. The Language editor page opens.
3. In the Key column, click on the label name. The wizard opens.

a. In the Key field, you can edit the label itself. This will edit a different field, column or
page, or nothing at all if it does not corresponds to anything in the GUI.
b. If your appliance is displayed in English, in the English field, you can edit the label.

4. Click on OK to commit your changes. The entry is listed. Go to the page the label is displayed
on: it now displays the edited label in the corresponding language.

75
Part III. System Configuration
Table of Contents
6. Network Configuration ................................................................................................. 78
Setting the Hostname .............................................................................................. 78
Setting the DNS Resolver ........................................................................................ 79
Setting the Firewall .................................................................................................. 79
Setting up the Default Gateway ................................................................................ 82
Setting up Static Routes .......................................................................................... 83
Configuring Basic IP Addressing on an Interface ....................................................... 84
Setting up a VLAN Interface ..................................................................................... 85
Setting up an Ethernet Port Failover ......................................................................... 87
Configuring a VIP .................................................................................................... 89
Setting up a VIF ...................................................................................................... 91
Configuring a Media Interface .................................................................................. 93
7. Services Configuration ................................................................................................. 94
Handling Services ................................................................................................... 94
Configuring the SSH Remote Account ...................................................................... 96
Changing the SSH Remote Access Password ................................................... 96
Changing the SSH Password Level .................................................................. 96
Changing the SFTP/SCP/RSYNC User Account Password ........................................ 97
Managing the TFTP Upload Authorizations ............................................................... 98
Configuring the SMTP Relay .................................................................................... 98
Configuring the NTP Server ..................................................................................... 99
Managing the HTTPS Certificate ............................................................................ 100
Importing an SSL Certificate .......................................................................... 101
Creating an SSL Certificate ............................................................................ 103
Changing the HTTPS Certificate .................................................................... 104
Managing the SNMP Service ................................................................................. 104
Downloading the DNS/DHCP/DHCPv6 Configuration File ........................................ 106
8. Licenses Management ............................................................................................... 108
Requesting a New Activation Key ........................................................................... 108
Activating a New Activation Key .............................................................................. 108
9. Shutting Down and Rebooting .................................................................................... 109
Shutting Down SOLIDserver .................................................................................. 109
Rebooting SOLIDserver ......................................................................................... 109

77
Chapter 6. Network Configuration
In this chapter, you will find the basic settings that are necessary to configure the SOLIDserver,
it includes:
1
• Hostname: is the Full Qualified Domain Name (FQDN) of the SOLIDserver appliance. It is
used to name the local SOLIDserver in the management GUI.
• DNS resolver: is the address of the DNS that SOLIDserver uses to resolve names and addresses
that it manages.
• Firewall: SOLIDserver embedded firewall to reinforce its security by blocking potential dangerous
communications.
• Default gateway: is the gateway address that SOLIDserver uses to reach networks out of its
domain's broadcast.
• Static routes: It enables data to be forwarded through the network with fixed paths.
• Basic configuration Interface : The simplest way to set Interface with IP address.
• VLAN configuration Interface : Ability of SOLIDserver to set physical interface as 801.1Q inter-
2
face .
• Ethernet Port Failover configuration interface: allows aggregation of multiple network interfaces
as one virtual interface in order to provide fault-tolerance and high-speed links.
3
• VIP configuration: Ability to set up IP address that is not connected to a specific computer or
network interface card on a computer. Incoming packets are sent to the VIP address, but all
packets travel through real network interfaces.
4
• VIF configuration: It is a powerful EfficientIP concept allowing to add into a VIF a ready-simple
configuration of physical interface embedding many services (for instance: VLAN, Ethernet
port failover, VIP).
• Media of physical interface: Set the option supported by the physical interface.

With version 5, EfficientIP introduced a new way of managing the High Availability and the Remote
Management that allows to manage others appliances even directly through the Network Config-
uration page. Therefore, right under the menu on this page you will find a drop-down list called
SOLIDserver that displays all the appliances listed on the All SOLIDserver page of the Adminis-
tration. For more details, refer to the High Availability and Remote Management chapters.

Warning
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems. Set the Time & Date through the GUI following the To
change your appliance time zone and/or date format procedure and refer to the
Configuring the NTP Server section.

Setting the Hostname

The hostname is applied to the SOLIDserver itself. That name is generally used to identify appli-
ances between them.

1
Full Qualified Domain Name (FQDN) is the name of the host concatenated with the domain name.
2
Virtual Local Area Network (VLAN) is a group of hosts with a common set of requirements that communicate as if they were attached
to the same broadcast domain, regardless of their physical location.
3
Virtual IP (VIP).
4
Virtual Interface (VIF).

78
 Network Configuration

To configure an appliance hostname

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Hostname link in the network configuration listing.The Edit the hostname wizard
opens.
4. In the hostname field, name your hostname with a valid FQDN. By default, every appliance
is named solid.intranet.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Setting the DNS Resolver

The DNS resolver is the default DNS server that SOLIDserver uses to resolve local name. Sev-
eral modules like IPAM, NetChange and DNS Manager use the DNS resolver to find IP addresses'
FQDN or to resolve an FQDN IP address.

To configure DNS resolver (Add/Edit/Delete)

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the DNS Resolver link. The Edit DNS resolvers wizard opens.
4. In the DNS server field, type in the IP address of the server(s) of your choice and click on
ADD . The IP address is now listed in the DNS Resolvers list, if you have several resolvers
use the and button to order the list according to your needs.

To update an entry, select a DNS resolver, change the needed data and click on UPDATE .

To delete an entry, select a DNS resolver and click on DELETE .

To discard the latest modifications, click on CANCEL .

5. Click on OK to commit your configuration.

6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Setting the Firewall

5
SOLIDserver embeds a restrictive stateful firewall for securing flows. SOLIDserver firewall uses
the legacy stateless rules and a legacy rule coding technique to achieve what is referred to as
Simple Stateful logic. SOLIDserver stateful filtering treats traffic as a bi-directional exchange of

5
State full Packet Inspection, also known as dynamic packet filtering.

79
 Network Configuration

packets comprising a session conversation. It has the matching capabilities to determine if the
session conversation between the originating sender and the destination are following the valid
procedure of bi-directional packet exchange. Any packets that do not properly fit the session
conversation template are automatically rejected. SOLIDserver allows firewall messages filing
making it possible to review after the fact information such as: which packets have been dropped,
from which addresses they came from and where they were going, giving you significant capacity
to track down attackers. SOLIDserver supports Stateful Packet Inspection (SPI) mode that helps
preventing network attacks by tracking more state per session.

Caution
The firewall rule #32 cannot and must not be deleted. It refers to a fragment of an
IP packet. There is a maximum packet size for transport level that depends on the
transport medium (1500 bytes for Ethernet) and so if an IP packet is larger than this,
it needs to be broken up into fragments. These fragments get reassembled at the
destination. Note that the fragments do not necessarily have to arrive in order.

To start/stop the firewall

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. In the Configuration column, in the Firewall line can be in one of 2 states: Restricted or
Open. Click on the current state to change it to the other one. The Firewall state configuration
wizard opens.
4. Click on OK to commit your modification.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Before adding or editing firewall rules you need to understand a few concepts:

Precedence
It is a key concept in the firewall rule configuration. It corresponds to a number specified in
the Firewall rule wizard. All the parameters that you configure (action, protocol, from, to, port,
via, log and keep state) in the wizard set up a distinct set of conditions that, if matched, will
be dealt with respecting the order set in the Position field. Therefore it is paramount to under-
stand that if for instance you set two firewall rules regarding the ipv4/ipv6 protocol from a
DNS server A to a DNS server B through the port 53 via em0, and one denies access
whereas the other accepts it, the rule that will prevail is the one set with the smaller position
number of the two in the Position field.
Firewall rules
The firewall being restrictive, as opposed to permissive, the last position (65535) denies access
to any kind of packets no matter what protocol or where it goes or comes from. Which is why
EfficientIP has configured a number of firewall rules, they are all listed on the Firewall rules
page. On this page you can edit a number of exiting rules, and of course the one you will
create : the underlined rules in the Position column can be edited, all the others cannot. For
technical reasons, the positions 1 - 99 are reserved by EfficientIP and users cannot use any
of them when creating rules or editing rules. Obviously the position 65535 cannot be used
either.

80
 Network Configuration

To add a firewall rule

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the menu, select Add > Rule. The Firewall rule configuration wizard opens, fill in all the
required parameter following the table below:

Table 6.1. Firewall Rules Parameters

Parameters Description
Position In this field, set the rule precedence using a number between 100 and
65534. For more details, refer to the paragraphs Precedence and Firewall
rule above.
Action In this drop-down list, define what will be executed when a packet matches
the selection criterion of the rule. For each rule you can:

• allow: packets matching the defined criterion. The rule will exit the
firewall rule processing. The search terminates at this rule.
• deny: packets matching the defined criterion. The packets will be dis-
carded. The search terminates.

Protocol In this drop-down list, choose the protocol used for that rule: CARP, ICMP,
IP, TCP or UDP. These protocols will handle IPv4 and/or IPv6 protocols.
From & To In these fields, define the source and destination parameters. Values are:

• any: is a special keyword that matches any IP address.

• me: is a special keyword that matches any IP address configured on
an interface in SOLIDserver.
• IP addresses are specified as a dotted digital IP address form/mask-
length (0.0.0.0/0).
• Single dotted digital IP address form (0.0.0.0).

Port In this field, you can define the list of ports on which firewall rules are
applied. The port state is represented as a number, use the comma to
separate several port numbers.
Via In this drop-down list, set the interface the packets will go through. The
via parameter causes the interface to always be checked as part of the
match process.
Log In this drop-down list, select Yes or No to save, or not, the log parameter
indicating if a packet matches a rule in the SOLIDserver syslog page (it
is saved with a facility SECURITY name).
Keep-state In this drop-down list, select Yes or No depending on your needs: if you
want the SOLIDserver firewall to create a dynamic rule, upon match,
whose default behavior is to match bidirectional traffic between source
and destination IP/port using the same protocol.

81
 Network Configuration

5. Click on OK to commit your changes.

6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To edit a firewall rule

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the Position column, click on the underlined number corresponding to the rule you want
to modify. The Firewall rule configuration wizard opens.
5. Edit the parameters according to your needs, following the informations described in To add
a firewall rule procedure above.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To delete a firewall rule

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. Tick the firewall rule you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Setting up the Default Gateway

A gateway is a node on a TCP/IP network that is used as an access point to another network.
The default router is the gateway used by SOLIDserver that forwards traffic to remote subnets
on behalf of a sending host or router. Only one default router can be configured for the entire
appliance in each version of the IP protocol. For security reasons, SOLIDserver does not route
packets between network interfaces.

Keep in mind that the default gateway will only be used if a packet is sent from a network address
unknown to SOLIDserver. For some networks, you might want to use route sourcing and set up
a specific route to send the response packet to the sender through the channel is came from
rather than using the default gateway to try and locate the sender. For more details, and depending
on your needs, refer to the procedure in the sections below: Configuring Basic IP Addressing on

82
 Network Configuration

an Interface, Setting up a VLAN Interface, Setting up an Ethernet Port Failover, Configuring a

VIP.

To configure the default gateway

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Default gateways link in the network configuration listing. The Edit the default
gateways wizard opens.
4. In the IPv4 default gateway field, fill in the IPv4 gateway of your choice.
5. In the IPv6 default gateway field, fill in the IPv6 gateway of your choice.
6. Click on OK to commit your changes.
7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Setting up Static Routes

If it is necessary, SOLIDserver allows you to add static routes. This routes allow you to commu-
nicate with another network(s) and to forward data through a fixed path.

To configure static routes (Add/Edit/Delete)

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Static routes link. The Static Routes (IPv4) page of the wizard opens.

Table 6.2. IPv4 Static Route Configuration Parameters

Parameters Description
Route name In this field, name the static route. This field is compulsory.
IP address In this field, type in the static route IP address. This field is compulsory.
Netmask In this drop-down list, depending on the IP address you typed in above,
you might have a list of netmasks to choose from. The netmask you
choose will automatically select the corresponding prefix. This field
is compulsory.
Prefix In this drop-down list, depending on the IP address and selected
netmask, a prefix will be automatically selected. If you choose a differ-
ent prefix, the netmask will be modified accordingly. This field is op-
tional.
Gateway In this field, type in the gateway you want to use with the static route.
This field is compulsory.

Once all the parameters needed are configured, click on ADD . The static route is now listed
in the Static routes list. You can add multiple static routes.

83
 Network Configuration

To update entry, select an existing static route, change data and click on UPDATE .

To delete entry, select an existing static route and click on DELETE .

To discard the latest modifications, click on CANCEL .

4. Click on NEXT . The Static routes (IPv6) page opens. Follow the step 4 to configure an IPv6
static route.
5. Click on OK to commit your configuration.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Configuring Basic IP Addressing on an Interface

Multiple IP addresses can be configured on a single VIF. Configuring multiple IP addresses on
a VIF can be helpful in different scenarios, such as DNS server migration. Configuring multiple
IP addresses of existing DNS server to a single VIF enables administrators to provide continuous
service during server migration or high availability of the service through different appliances. By
default, an existing VIF (called DEFAULT_INTERFACE) is already applied in the system, you
can use this one or create a new one. In order to apply a new one, please go to VIF Configuration
section.

Note
The overlap of IP addresses linked on different physical interfaces is not allowed in
order to avoid asymmetrical routing. Indeed, if a packet is received from a physical
interface it must not be forwarded to another one.

To configure a Basic Interface Configuration

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the DEFAULT_INTERFACE link.The Virtual network interface configuration wizard
opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:

Table 6.3. IPv4 Virtual Network Interface Configuration Parameters

Parameters Description
IP address In this field, type in the interface IP address. This field is compulsory.
Netmask In this field, type in the interface netmask. This field is compulsory.

84
 Network Configuration

Parameters Description
a
Specific route In this field, you can apply a Specific route (Source routing ) if neces-
sary. This root will be dedicated to the IP address.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.

Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, SOLIDserver will be
accessible through all the IP addresses configured on this VIF.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters following
the details in the table below:

Table 6.4. IPv6 Virtual Network Interface Configuration Parameters

Parameters Description
IPv6 address In this field, type in the interface IP address. This field is compulsory.
Prefix In this field, type in the interface prefix. This field is compulsory.
Specific route In this field, you can apply a Specific route (Source routing) if neces-
sary. This root will be dedicated to the IP address.

Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field. You can add multiple IP addresses, SOLIDserver will
be accessible through all the IP addresses configured on this VIF.
8. Click on OK to commit your configuration.
9. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them.

Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.

Setting up a VLAN Interface

On the network configuration page, you can set up a VLAN interface through the VIF wizard. By
default, an VIF (called DEFAULT_INTERFACE) is already created in the network configuration,
you can use this one or create a new one. To do so, please go to the VIF Configuration section.

Note
To avoid asymmetrical routing, you cannot link overlapped IP addresses to different
physical interfaces. This way, if a packet is received from a physical interface it
cannot be forwarded to another interface.

85
 Network Configuration

To set up a VLAN interface configuration

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:

Table 6.5. IPv4 Virtual Network Interface Configuration Parameters

Parameters Description
IP address In this field, type in the interface IP address. It must of course corres-
pond to one of the VLAN configured on your network. This field is
compulsory.
Netmask In this field, type in the interface netmask. This field is compulsory.
a
Specific route In this field, you can apply a Specific route (Source routing ) if neces-
sary. This root will be dedicated to the IP address.
802.1q tag number In this field, type in the VLAN number of your choice (between 1 and
4094). This tag can be common to different appliances and will differ-
entiate them from other IP addresses on the VLAN: packet sent to
the VLAN with the same tag will only be received by these appliances.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.

Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, the IP will determine
to which configured VLAN they belong and the tag will provide a more accurate filter.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:

Table 6.6. IPv6 Virtual Network Interface Configuration Parameters

Parameters Description
IPv6 address In this field, type in the interface IP address. It must of course corres-
pond to one of the VLAN configured on your network. This field is
compulsory.
Prefix In this field, type in the interface prefix. This field is compulsory.

86
 Network Configuration

Parameters Description
Specific route In this field, you can apply a Specific route (Source routing) if neces-
sary. This root will be dedicated to the IP address.
802.1q tag number In this field, type in the VLAN number of your choice (between 1 and
4094). This tag can be common to different appliances and will differ-
entiate them from other IP addresses on the VLAN: packet sent to
the VLAN with the same tag will only be received by these appliances.

Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IPv6 addresses list field.You can add multiple IP addresses, the IP will determine
to which configured VLAN they belong and the tag will provide a more accurate filter.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

8. Click on OK to commit your configuration.

9. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them.

Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.

Setting up an Ethernet Port Failover

The Ethernet Port Failover is an ability of the network system to have 2 or more physicals interfaces
configured with one (or more) IP address access. To sum up, Ethernet Port Failover interface
ensures a high SOLIDserver accessibility (if one of the physical interface is disconnected, the
system is still available). By default, an existing VIF (called DEFAULT_INTERFACE) is already
applied in the system, you can use this one and create others to set up a failover. For more details
regarding interface addition, please refer to the VIF Configuration section.

To configure an Ethernet Port Failover Interface Configuration

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select two or more interfaces one by one and click
on . They are now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:

87
 Network Configuration

Table 6.7. IPv4 Virtual Network Interface Configuration Parameters

Parameters Description
IP address In this field, type in the interface IP address. This field is compulsory.
Netmask In this field, type in the interface netmask. This field is compulsory.
a
Specific route In this field, you can apply a Specific route (Source routing ) if neces-
sary. This root will be dedicated to the IP address.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.

Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:

Table 6.8. IPv6 Virtual Network Interface Configuration Parameters

Parameters Description
IPv6 address In this field, type in the interface IP address. This field is compulsory.
Prefix In this field, type in the interface prefix. This field is compulsory.
Specific route In this field, you can apply a Specific route (Source routing) if neces-
sary. This root will be dedicated to the IP address.

Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

8. Click on OK to commit your failover configuration.

9. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them.

Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.

88
 Network Configuration

Configuring a VIP
By default, an existing VIF, called DEFAULT_INTERFACE, is already applied in the system, you
can use this one or create a new one. In order to apply a new one, please go to VIF Configuration
section.

SOLIDserver allows you to set up virtual IP addresses (VIP) on supported services. This mech-
anism, known as Common Address Redundancy Protocol (CARP) is a protocol which allows
multiple EfficientIP devices on the same local network to share one single or a set of IP addresses.
Its primary purpose is to provide failover redundancy. For example, if there is a single SOLIDserver
running a DNS service, and it goes down, then either the networks on either side of the DNS
service can no longer communicate with each other, or they communicate without any DNS
service. If, however, there are two EfficientIP devices running a DNS service, running CARP,
then if one fails, the other will take over, and SOLIDserver on either side of the DNS service will
not be aware of the failure, so operation will continue as normal. Note that through a VIP you can
manage DNS smart architectures master/slave and multi-master.

The general idea is to have a single IP address, and several physical servers behind. In the case
of a failure, the next available server will take the lead and provide the relevant services. This
mechanism is available for DNS, NTP, TFTP services and SOLIDserver management.

To configure a VIP

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to configure (all interfaces are preceded by an
orange dot). The Virtual network interface configuration wizard opens.
4. In the Virtual interface name field, you can rename the default interface if you want.
5. In the Available physical interfaces list, select the available interface, it is named after the
physical port and port MAC address as follows: eth# (##:##:##:##:##:##) and click on . It
is now listed in the Physical interfaces field.
6. Click on NEXT . The IPv4 address configuration page opens. Fill in the interface parameters
following the details of the table below:

Table 6.9. IPv4 Virtual Network Interface Configuration Parameters

Parameters Description
IP address In this field, type in the interface IP address. This field is compulsory.
Netmask In this field, type in the interface netmask. This field is compulsory.
a
Specific route In this field, you can apply a Specific route (Source routing ) if neces-
sary. This root will be dedicated to the IP address.
VIP service In this drop-down list, you can select one of four services: the DNS
server, NTP server, TFTP server or SOLIDserver management.
DNS/NTP/TFTP serv- The IP address is dedicated to the selected service.
er
SOLIDserver manage- Selecting this service allows you to access the appliances configured
ment in High availability through the IP address configured above. Note
that this can only work if both appliances and the IP configured belong

89
 Network Configuration

Parameters Description
to the same LAN. Moreover, this virtual IP address only gives you
access to the Master appliance. For more details, see chapter High
Availability Management.
VHID In this field, type in the Virtual Host IDentification if you are setting
up the high availability of the selected service. This VHID must be a
number between 1 and 255 and it has to be the same on the appli-
ances through which you set the service high availability.
Password In this field, type in the password of your choice if you are setting up
the high availability of the selected service. This password has to be
the same on the appliances set in high availability.
Priority In this drop-down list, you can set the appliance priority to Low, Me-
dium or High. In other words, you can decide which appliance is the
Master appliance in the selected service high availability configura-
tion. The highest level configured corresponds to the master, the
lower ones set up backup appliances. So if for instance you set one
appliance to medium and the second to low, the appliance set to
medium is the master in the configuration.
a
Source routing allows to specify the route for the return packet. Otherwise, once sent from a subnet not configured
among SOLIDserver network interfaces, the response packet would be returned through the default gateway and
might never get back to the sender.

Note
Through the Basic Interface Configuration, you can set up the availability of the
DNS, NTP, TFTP or SOLIDserver management services, as long as each appli-
ance is set with the exact same parameters in all the fields that you have or
chose to configure EXCEPT for the Priority drop-down list. Indeed to avoid any
conflict, you must set one level on the first appliance and a different one on the
next.

Once all the parameters needed are configured, click on ADD . The new IP address is now
listed in the IP addresses list field. You can add multiple IP addresses, SOLIDserver will be
accessible through all the IP addresses configured on this VIF.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

7. Click on NEXT . The IPv6 addresses configuration page opens. Fill in the parameters below:

Table 6.10. IPv6 Virtual Network Interface Configuration Parameters

Parameters Description
IPv6 address In this field, type in the interface IP address. This field is compulsory.
Prefix In this field, type in the interface prefix. This field is compulsory.
Specific route In this field, you can apply a Specific route (Source routing) if neces-
sary. This root will be dedicated to the IP address.
VIP service In this drop-down list, you can select one of four services: the DNS
server, NTP server or TFTP server.

90
 Network Configuration

Parameters Description
DNS/NTP/TFTP serv- The IP address is dedicated to the selected service.
er
VHID In this field, type in the Virtual Host IDentification if you are setting
up the high availability of the selected service. This VHID must be a
number between 1 and 255 and it has to be the same on the appli-
ances through which you set the service high availability.
Password In this field, type in the password of your choice if you are setting up
the high availability of the selected service. This password has to be
the same on the appliances set in high availability.
Priority In this drop-down list, you can set the appliance priority to Low, Me-
dium or High. In other words, you can decide which appliance is the
Master appliance in the selected service high availability configura-
tion. The highest level configured corresponds to the master, the
lower ones set up backup appliances. So if for instance you set one
appliance to medium and the second to low, the appliance set to
medium is the master in the configuration.

Note
Through the Basic Interface Configuration, you can set up the availability of the
DNS, NTP or TFTP services, as long as each appliance is set with the exact
same parameters in all the fields that you have or chose to configure EXCEPT
for the Priority drop-down list. Indeed to avoid any conflict, you must set one
level on the first appliance and a different one on the next.

Once all the parameters needed are configured, click on ADD . The new IP address will be
listed in the IPv6 addresses list field. You can add multiple IP addresses, SOLIDserver will
be accessible through all the IP addresses configured on this VIF.

To update an entry, select a configured IP address, change the needed data and click on
UPDATE .

To delete an entry, select a configured IP address and click on DELETE .

To discard the latest modifications, click on CANCEL .

8. Click on OK to commit your configuration.

9. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them.

Warning
Make sure that at least one interface is available, otherwise you will loose your
current connection to SOLIDserver.

Setting up a VIF
VIF (Virtual Interface) is a concept that allows to set a number of configurations in a virtual con-
tainer. Through said container you can simply and efficiently apply or modify a network configur-
ation including embedded services. Keep in mind that while the procedures below will show you

91
 Network Configuration

how to create, edit or delete a VIF through the Network configuration page, during each procedure
you will need to make sure that you have at least one operating interface connected to SOLID-
server or you might simply loose you point of access, and therefore be unable to manage the
appliance.

To add a VIF

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. In the menu, select Add > Virtual interface.
4. Configure the Virtual interface according to your needs. For more details, refer to the proced-
ures in the following sections: Basic Interface Configuration, VLAN Interface Configuration,
Ethernet Port Failover Interface Configuration or VIP Interface Configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To edit a VIF

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to edit (all interfaces are preceded by an orange
dot). The Configure network virtual interface wizard opens.
4. Modify the Virtual interface according to your needs. For more details, refer to the procedures
in the following sections: Basic Interface Configuration, VLAN Interface Configuration, Eth-
ernet Port Failover Interface Configuration or VIP Interface Configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To delete a VIF

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of the interface you want to delete (all interfaces are preceded by an orange
dot). The Configure network virtual interface wizard opens.
4. In the Physical interfaces field, select the interfaces to be deleted one by one and click on
. The physical interfaces, are now listed in the Available physical interfaces.
5. Click on NEXT . The IPv4 address configuration page opens.

92
 Network Configuration

6. In the IP addresses list, select the configured IP address(es) one by one. The configuration
fields appear.
7. Click on DELETE . The IP address is no longer listed in the field.
8. Click on NEXT . The IPv6 addresses configuration page opens. Repeat the steps 6 and 7 on
this page.
9. Click on OK to commit your changes.
10. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Configuring a Media Interface

By default, SOLIDserver automatically negotiates the optimal connection speed and transmission
type (full or half duplex) on the physical links between the 10/100Base-T and 10/100/1000Base-
T ports and the Ethernet ports on a connecting switch. It is usually unnecessary to change the
default auto-negotiation setting; however, you can manually configure connection settings for a
port if necessary.

Set the media interface

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the name of Physical interface of your choice (it is attached to a VIF or located under
the Unused interfaces). The Network interface configuration wizard opens.
4. In the Media drop-down list, select the speed and duplex that will be applied to the physical
interface you clicked on. By default, the autoselect option is selected, it is automatically se-
lected by SOLIDserver according to your network configuration.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

93
Chapter 7. Services Configuration
SOLIDserver provides a simple and efficient interface to manage embedded services.This chapter
is a small presentation of services supported by SOLIDserver, described below:
1
• SSH server: allows to connect from a SSH client to the SOLIDserver.

Caution
That SSH session offers you a shell session directly on the SOLIDserver file system.
Updates directly made on configuration files can disturb the running SOLIDserver.
Only experts must use this configuration mode.

2
• SFTP - SCP - RSYNC : SOLIDserver embeds SFTP, SCP and RSYNC protocol to allow the
xfer account to use them respectively.
3
• TFTP : allows to deliver TFTP services in order to send boot and configuration files to DH-
CP/BOOTP clients (such as IP phones, thin clients, bootless stations).
4
• SMTP relay: is the host relay that SOLIDserver uses to send mails.
5
• NTP server: is the address of the Network Time Protocol (NTP) server that it is used to update
the SOLIDserver timer.
• HTTP web server: allows to handle SOLIDserver Apache certificates.
• DNS server: allows to deliver DNS services on SOLIDserver.
• DHCP server: allows to deliver DHCP services on SOLIDserver.
• SNMP server: allows to monitor SOLIDserver performances and load through the SNMP pro-
tocol.

With version 5, EfficientIP introduced a new way of managing the High Availability and the Remote
Management that allows to manage others appliances even directly through the Services Config-
uration page. Therefore, right under the menu on this page you will find a drop-down list called
SOLIDserver that displays all the appliances listed on the All SOLIDserver page of the Adminis-
tration. For more details, refer to the High Availability and Remote Management chapters.

Warning
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems. Set the Time & Date through the GUI following the To
change your appliance time zone and/or date format procedure and refer to the
Configuring the NTP Server section.

Handling Services
SOLIDserver allows you to completely disable a network service. While a network service is
disabled it cannot run. Once a network service is enabled, it's state is automatically updated after

1
SSH stands for Secure Shell.
2
SFTP stands for Secure File Transfer Protocol also known as SSH File Transfer Protocol. SCP stands for Secure Copy. RSYNC
stands for Remote Synchronization.
3
TFTP stands for Trivial File Transfer Protocol server.
4
SMTP stands for Simple Mail Transfer Protocol.
5
NTP stands for Network Time Protocol.

94
 Services Configuration

having applied the configuration. To sum up, a user can easily handle the embedded services:
enabling/disabling and starting/stoping every service provided by SOLIDserver. Keep in mind
that d.

Note
Disabling and stopping a service are two different actions but they are linked: dis-
abling a service will automatically stop it. In the same way, enabling a service
will automatically start it.

To enable a service

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column, click on the Disabled link. The Enable a service wizard opens.
4. Click on OK to commit your changes.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To disable a service

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column, click on the Enabled link. The Disable a service wizard opens.
4. Click on OK to commit your changes.
5. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

To start a service

Note
Once a service is disabled, it cannot be started.

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Running column, click on the Stopped link. The Start a service wizard opens.
4. Click on OK to commit your changes.

95
 Services Configuration

To stop a service

Note
Once disabled any service is automatically stopped, so you can only stop an enabled
service.

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Running column, click on the Started link. The Stop a service wizard opens.
4. Click on OK to commit your changes.

Configuring the SSH Remote Account

SOLIDserver allows remote SSH connection with the admin account . The admin account is the
unique account that can connect to the remote access. By default the admin password is set to
admin. The admin account cannot be changed but its password can be modified as well as the
level of security of said password.

To enable/disable the SSH remote console access for SOLIDserver administration. Please refer
to the Handling services section above.

Changing the SSH Remote Access Password

By default the admin account password is set to admin. It can be modified by the ipmadmin WEB
console account.

To change the SSH password

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name, click on the Account: admin link. The wizard opens.
4. Fill in the password of your choice, in accordance with the level of security you chose, in the
New password and Confirm password fields.
5. Click on OK to commit your changes.

Changing the SSH Password Level

SOLIDserver allows to set up the password security level of your choice on the services that use
a shell connection. There are 3 levels of security:

1. Low: the password can contain any character and as few as you want.
2. Medium: the password requires at least 8 characters, it can be any character.
3. High: the password requires at least 8 characters, among which at least 2 have to be special
characters (for example: !, #, @...).

96
 Services Configuration

To change the SSH password level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on System > Expert > Registry database.
4. Search for the registry key called module.system.ssh_password and click on the digit link
in the Value field. The Modify a register value wizard opens. By default, the password level
is set to 1.
5. Fill in value of your choice with a valid digit (respectively: 1= low, 2 = medium and 3 = high).
6. Click on OK to commit your changes.

Changing the SFTP/SCP/RSYNC User Account Password

The xfer account manages the SFTP, SCP and RSYNC services. By default there is no password
applied to xfer account, so you need to set a password and activate the account to be able to
access these services through a shell connection.

To set the xfer account password

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on the Account: xfer link. The wizard opens.
4. In the New password field, type in the password of your choice, in accordance with the level
of security you chose.
5. In the Confirm password field, type in the password again.
6. Click on OK to commit your changes.

The xfer account is not enabled and disabled like the services. Only one wizard allows to enable
and disable the account that will manage the SFTP, SCP and RSYNC protocols.

To enable the xfer account

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column of the Account: xfer line, click on Disabled. The Enable/Disable the
xfer Account wizard opens.
4. Click on OK to commit your choice. The account is now marked as Enabled.

To disable the xfer account

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.

97
 Services Configuration

2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Enabled column of the Account: xfer line, click on Enabled. The Enable/Disable the
xfer Account wizard opens.
4. Click on OK to commit your choice. The account is now marked as Disabled.

Managing the TFTP Upload Authorizations

SOLIDserver allows to download and upload files through the Trivial File Transfer Protocol (TFTP).
From the GUI, you can enable or disable the service, for more details refer to the Handling Services
section above.

From the Services configuration page, you can enable uploads from remote appliances to
SOLIDserver GUI.The uploaded files and files available for download will be listed on a dedicated
page of the Local Files Listing page. For more details, refer to the Local Files Listing chapter of
this guide.

To enable TFTP uploads to SOLIDserver

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under TFTP server, click on the Upload Authorization: Disabled link.
The TFTP File Upload Authorization wizard opens.
4. Click on OK to commit your changes. The report opens and closes. The TFTP Upload Au-
thorizations status is now Enabled.

Once the uploads are enabled, following the procedure above will disable them.

Configuring the SMTP Relay

SOLIDserver provides SMTP (Simple Mail Transfer Protocol) to allow you to add/modify the host
relay on e-mails directly sent through the appliance.

To configure an Outgoing mail server

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on SMTP relay. The SMTP Relay Configuration wizard opens.
4. In the Outgoing mail server, fill in the valid FQDN or the IPv4 address of the server.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

You can also change the source email address of the outgoing mails and alerts notifications.

98
 Services Configuration

To change the Default source mail

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under the Mail - SMTP line, click on Default source mail :
noreply@efficientip.com. The Source mail configuration wizard opens.
4. In the Default mail field, type in the email address of your choice.
5. Click on OK to commit your changes. The new address has now replaced the default address
in the list.

To change the Alert source mail

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, under the Mail - SMTP line, click on Alert source mail : noreply@effi-
cientip.com. The Source mail configuration wizard opens.
4. In the Alert mail field, type in the email address of your choice.
5. Click on OK to commit your changes. The new address has now replaced the default address
in the list.

Configuring the NTP Server

SOLIDserver requires the configuration of an NTP server for the DHCP failover, the SNMPv3
protocol, the DNSSEC mechanism, the Microsoft Active Directory management and the TSIG
zone transfer. You can use the address of a public or private NTP server, ask your network ad-
ministrator to make the best choice. SOLIDserver supports multiple NTP servers with specific
stratum. Stratum is a level that defines the distance from the reference clock.

Note
All your services and SOLIDserver appliance must be at the same time to prevent
any management problems.

To configure NTP servers

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the Name column, click on the NTP server link. The NTP Servers Configuration wizard
opens.
4. Fill in the NTP address and Stratum fields. The address can be an IPv4 or IPv6 address.
5. Click on ADD to move the data in the NTP servers list.

99
 Services Configuration

To update an entry, select the NTP server of you choice, change data and click on UPDATE .

To delete an entry, select the NTP server of your choice and click on DELETE .

To discard the latest modifications, click on CANCEL .

6. Click on OK to commit your changes.

7. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

At any time, you might need to force the time and date update of the NTP server (for instance
when managing two appliances in HA).

To force an NTP update

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Under the NTP server line, click on FORCE UPDATE. The Force NTP update wizard opens.
4. Click on OK to commit your choice.

Note
Updating the NTP server time and date will restart all the services that are im-
pacted by the server. Make sure that at least one NTP server is configured and
reachable in the meantime otherwise you + might not be able to access your appliance
at all.

Managing the HTTPS Certificate

During the first boot, SOLIDserver generates a self-signed certificate.

This default certificate is used to make your connection safe from eavesdroppers, but it is not
trusted by your web browser as it is not signed by a Certificate Authority (CA). For this reason,
warning messages appear to inform you that the certificate is not from a trusted certifying authority,
that the hostname of the certificate is invalid, etc.

When you receive such warnings, you can accept the certificate just for the current session, save
it in the certificate store of your browser or authenticate SOLIDserver and eliminate the certificate
warnings altogether. To do so, you must :

• import a CA signed SSL certificate or create your own certificate through the GUI.
• change the HTTPS certificate.

Which is why, SOLIDserver manages X.509 (official and auto-signed SSL certificates), Private
Key certificates as well as the certificate signing requests (CSR).

100
 Services Configuration

Importing an SSL Certificate

You can obtain a CA signed SSL certificate from any Certificate Authority trusted by your Internet
browser. This certificate must respect the CRT format and can be uploaded to SOLIDserver if
you respect the following:

1. Create a CSR through the GUI to require certificate respecting the CRT format. For more details
refer to the Creating a CSR through the GUI section below.
2. Once the CA sent you a certificate, you can upload it via a *.ZIP or a *.TAR archive file that
contains:
• The certificate that must respect the CRT format and be named "certificate" without extension.
• Your private key named "private_key" without extension.
3. Once your archive file respects the above requirements, you can upload it to SOLIDserver.
For more details refer to the Importing a Certificate to SOLIDserver section below.
4. Once the archive is uploaded, you can use it as new HTTPS certificate. For more details, refer
to the section Changing the HTTPS Certificate.

Creating a CSR from the GUI

You can create the CSR yourself or take advantage of SOLIDserver and the CSR creation ded-
icated wizard.

To create a CSR from the GUI

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Add > Certificate. The Create an SSL object wizard opens.
6. In the Object Name field, name your certificate.
7. In the SSL File Type drop-down list, select CSR File.
8. If you want to use an existing private key, follow the steps below. Otherwise, go to step 9.

a. Tick the Use a previously generated private key box. The Use key field appears.
b. In the Use key drop-down list, select the one of your private keys or certificates or even
the default entry Apache SSL Key Base or request_auto_key.
c. Click on NEXT . The next page of the wizard opens.

9. If you do not want to use an existing key:

a. In the Encryption type drop-down list, select DSA or RSA.

b. In the Encryption field, type in the value of your choice. By default, 1024 is displayed.
c. In the Certificate Validity (days) field, edit the default number of days, 1825, if need be.
d. In the Digest method drop-down list, select MD5, SHA1 or MD2.

101
 Services Configuration

e. Click on NEXT . The next page of the wizard opens.

10. Finish the file configuration.

a. In the Country Code field, type in the two letter code of your country.
b. In the State or Province field, type in the state, province or region name in full letters.
c. In the Locality field, type in the city name.
d. In the Organization Name field, type in your company name.
e. In the Organization Unit Name field, type in the name of the department final user among
the company.
f. In the Common Name field, type in the appliance hostname.
g. In the Email address field, type in your email address.

11. Click on OK to commit your import. The report opens and closes. The Authentication key
ring is visible again and lists your certificate.

Once the CSR is created, you will need to send the certificate to the Certificate Authority.

To retrieve the needed CSR data before sending it to a CA

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. At the end of the line of the CSR, click on . The properties page opens.
6. In the Certificate panel, click on DOWNLOAD .

7. Send the file to the CA.

Once the CA sent you back a certificate that respects SOLIDserver requirements, you can upload
it.

Importing a Certificate to SOLIDserver

The certificate upload has to be done from the Authentication key ring page if it respects the fol-
lowing:

1. The CA signed certificate respects the CRT format.

2. The certificate is named "certificate" without extension.
3. The certificate is included in a *.ZIP or a *.TAR archive file that also contains your private key,
named "private_key" without extension.

To import a CA signed SSL certificate

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.

102
 Services Configuration

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Tools > Import. The Import an SSL certificate wizard opens.
6. In the Object type drop-down list, select Certificate.
7. Click on BROWSE and look for the certificate. Once selected, it will be visible in the File name
field.
8. Click on OK to commit your import. The report opens and closes. The Authentication key
ring is visible again and lists your certificate.

Once the certificate is listed on the Authentication key ring page, you can use it as HTTPS certi-
ficate. For more details, refer to the section Changing the HTTPS Certificate.

Creating an SSL Certificate

From the Authentication key ring of the Administration module you can add an SSL certificate
yourself. The wizard allows to create a self-signed certificate, a CSR or a private key. We will
detail the creation of an X509 certificate, a self-signed certificate.

To create an SSL certificate

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Key ring icon. The Key ring list opens.
4. In the menu, select Display > Certificate. The Authentication key ring page opens. The
Apache SSL Cert Base is listed.
5. In the menu, select Add > Certificate. The Create an SSL object wizard opens.
6. In the Object Name field, name your certificate.
7. In the SSL File Type drop-down list, select X509 certificate.
8. If you want to use an existing private key, follow the steps below. Otherwise, go to step 9.

a. Tick the Use a previously generated private key box. The Use key field appears.
b. In the Use key drop-down list, select the one of your private keys or certificates or even
the default entry Apache SSL Key Base or request_auto_key.
c. In the Certificate Validity (days) field, edit the default number of days, 1825, if need be.
d. In the Digest method drop-down list, select MD5, SHA1 or MD2.
e. Click on NEXT . The last page of the wizard opens.

9. If you do not want to use an existing key:

a. In the Encryption type drop-down list, select DSA or RSA.

b. In the Encryption field, type in the value of your choice. By default, 1024 is displayed.

103
 Services Configuration

c. In the Certificate Validity (days) field, edit the default number of days, 1825, if need be.
d. In the Digest method drop-down list, select MD5, SHA1 or MD2.
e. Click on NEXT . The last page of the wizard opens.

10. Finish the file configuration.

a. In the Country Code field, type in the two letter code of your country.
b. In the State or Province field, type in the state, province or region name in full letters.
c. In the Locality field, type in the city name.
d. In the Organization Name field, type in your company name.
e. In the Organization Unit Name field, type in the name of the department final user among
the company.
f. In the Common Name field, type in the appliance hostname.
g. In the Email address field, type in your email address.

11. Click on OK to commit your creation. The report opens and closes. The list is visible again
and lists your certificate.

Once the certificate is created, you can use it to change the HTTPS certificate. For more details,
refer to the Using an HTTPS Certificate section below.

Changing the HTTPS Certificate

Once you have an SSL certificate in your database, whether you added or imported it, you must
follow the procedure below to use it.

To choose an HTTPS certificate

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Under the HTTP webserver line, click on the SSL Certificate link. The Change the current
SSL certificate wizard opens.
4. In the SSL Certificate drop-down list, select the certificate of your choice. By default, the
Apache SSL Cert Base is available and selected.
5. Click on OK to commit your changes.
6. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Managing the SNMP Service

With SOLIDserver you can manage servers directly from the user interface. The servers that can
be modified are the DNS, DHCP and SNMP servers.

The Administration module allows you to:

104
 Services Configuration

• configure SNMP V1, V2 and V3 as well as determine which version will be running or down;
• set up SNMP Traps;
• configure the TCP/UDP ports the server listens on.

If the server is not running on the appliance, you will be informed through an information panel.

To manage SNMP services

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. Click on the SNMP server link. The SNMP Server Configuration wizard opens.
4. In the UDP port and TCP port fields, type in the port number to communicate with the protocol
of your choice. At least one field has to be filled in. By default, the UDP port number used
is 161, you can also use that port with TCP.
5. Click on NEXT . The next page opens. It allows you to configure the SNMP profile, refer to
the table below for more details.

Table 7.1. SNMP Profile Parameters

Parameters Description
SNMP version In this drop-down list, you can choose either v1/v2c or v3. By default,
v1/v2c is selected.
SNMP v1/v2c SNMPv1 and SNMPv2c are simple request/response protocols. SNMPV2c
support includes a bulk-retrieval mechanism and more detailed error
message reporting to management stations. If you select v1/v2c, the
Access, Community and SNMP restriction fields will be displayed.
Access This field cannot be edited, it is by default in Read only.
Community In the field, name the community through which you will access the agent.
SNMP restriction In the field, type in the source of the SNMP. It can be one IP address,
several IP addresses separated by a space or a default value.
SNMP v3 SNMPv3 uses the security features providing secure access to devices.
If you select v1/v2c, the Access field, authentication fields (Users, Key,
and Protocol) and privacy fields (Key and Protocol) will be displayed.
Access This field cannot be edited, it is by default in Read only.
Users In this field, type in the login used for authentication.
Key In this field, type in the authentication passphrase (i.e. password), it must
contain at least 8 characters.
a b
Protocol In this drop-down list, you can select either the MD5 or the SHA al-
gorithm. By default, MD5 is selected.
Key In this field, type in a privacy passphrase. If the privacy passphrase is
not specified, it is assumed to be the same as the authentication pass-
phrase. This field is optional
c
Protocol In this drop-down list, the DES algorithm is the only one available, and
is therefore selected by default.
a
MD5, Message-Digest algorithm 5, is a widely used cryptographic hash function with a 128-bit hash value.
b
SHA, Secure Hash Algorithm, is one of a number of cryptographic hash functions.

105
 Services Configuration

c
DES: Data Encryption Standard — is a widely-used method of data encryption using a private (secret).

When your configuration is complete, click on ADD , the profile is listed in the SNMP access
list field. You can add as many as you need.

To update an entry, select the SNMP profile of your choice, change the data according to
your needs and click on UPDATE .

To delete an entry, select the SNMP profile of your choice and click on DELETE .

To discard the latest changes, click on CANCEL .

6. Click on NEXT when you are done. The last page of the wizard opens. It allows you to set
the SNMP Trap configuration, refer to the table below for more details.

Table 7.2. Parameters of SNMP profile

Parameters Description
a
Send Trap v1 In this drop-down list, you can choose to enable an agent to send a trap
notifying the management station of significant events through the SNMP
v1 protocol. By default, Yes is selected.
Send Trap V2 In this drop-down list, you can choose to enable an agent to send a trap
notifying the management station of significant events through the SNMP
v2 protocol. By default, Yes is selected.
Send Trap Inform In this drop-down list, you can choose to enable routers to send inform
requests to SNMP managers. By default, Yes is selected.
Host In this field, type in the IP address of the computer that will listen on the
network and catch the trap.
Port In this field, you can define through which port the host will catch the trap.
This field is optional.
Community In this field, type in the community name. It can be one you used in the
previous step or another one.
a
Details regarding agent can be found in the Management Information Base (MIB)

When your configuration is complete, click on ADD , the profile is listed in the Trap list field.
You can add as many as you need.

To update an entry, select the SNMP trap of your choice, change the data according to your
needs and click on UPDATE .

To delete an entry, select the SNMP trap of your choice and click on DELETE .

To discard the latest changes, click on CANCEL .

7. Click on OK to commit your changes.

8. Right now your configuration is pending. In the menu, select Tools > Apply configuration
to save your changes or Tools > Rollback configuration to discard them. The corresponding
wizard opens, click on OK to confirm your choice.

Downloading the DNS/DHCP/DHCPv6 Configuration File

The Services configuration page allows you to download the current DNS (named.conf), DHCP
(dhcpd.conf), DHCPv6 (dhcpd6.conf), NSD (nsd.conf) or Unbound (unbound.conf) configuration

106
 Services Configuration

file of the appliance of your choice: whether the local one or the configuration of one of the appli-
ances you are managing remotely.

To download the DNS/DHCP/DHCPv6/NSD/Unbound configuration file

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Services configuration.
3. In the SOLIDserver drop-down list, under the menu, select the appliance for which you want
to download the configuration file.
4. In the menu, select Tools > Download configuration file. The Download configuration file
wizard opens.
5. In the Configuration file drop-down list, select DNS, DHCP, DHCP V6, NSD or Unbound
according to your needs.
6. Click on OK to commit your choice. The report opens, the configuration file is now stored on
the Local files listing page (Administration tab homepage > Maintenance > Local files listing).
If you do not want to download the file on your computer, go to step 8.
7. Click on DOWNLOAD if you want to open the report and/or save it. A new window opens in
your browser:

• If you choose to open the file, it will be opened and downloaded in the download folder of
your browser;
• If you choose to save the file, it will only be saved in the download folder of your browser.

8. Click on CLOSE . The wizard closes and the Services configuration page is visible again. Note
that the report is generated and stored on the Local Files Listing page. For more details re-
garding reports, refer to the chapter Managing Reports of this guide.

107
Chapter 8. Licenses Management
At any point you might need to renew your license because it expired or change it to manage
more services. Before installing an activation key, check that this activation key is compatible for
the appliance you are upgrading. If you do not have an activation key for your SOLIDserver, you
must make an activation key request to EfficientIP. In order to generate your new activation key,
you have to send EfficientIP the reference token of the current SOLIDserver you installed. The
procedure to request a new activation key is explained below.

Requesting a New Activation Key

You can enable/disable SSH remote console access for SOLIDserver administration. Please
refers to Handling services section.

To request a new activation key

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Licenses, a new page is displayed.
4. In the menu, select Add > Request license, a new page is displayed.
5. Click on the requestlicense@efficientip.com link to copy and paste the token in your current
email tool, or copy and paste it and send it manually by email to requestlicense@efficien-
tip.com with your contract number. EfficientIP will reply by email to you with your new activ-
ation key.
6. The generated license key is unique for this SOLIDserver installation. It cannot be used for
another system.
7. Click on OK to commit your changes.

Activating a New Activation Key

This operation can start once you have received the activation key from EfficientIP.

To activate a new activation key

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Licenses, a new page is displayed.
4. In the menu, select Add > License, a new page is displayed.
5. In the opened Add a license wizard, copy the activation key into the License text box.
6. Click on OK to commit your changes.

108
Chapter 9. Shutting Down and Rebooting
The shutdown and the reboot utilities transfer the SOLIDserver file system cache to disk, stop
all running processes and, respectively, halt or restart the system. SOLIDserver supports the
management of its power supplies; once the SOLIDserver operating system is stopped, the power
supplies are automatically turned off.

Shutting Down SOLIDserver

SOLIDserver is designed to operate continuously, so under normal circumstances, you do not
need to turn it off or shut it down. However, if you have to turn off a SOLIDserver, you can use
the web console, the CLI or the power button on the SOLIDserver front panel as well. Before
shutting down a remote SOLIDserver, make sure you can physically restart it. You cannot restart
the system using the GUI.

To shutdown the system from the web console

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Shutdown the system
4. The Shutdown wizard appears.
5. Click on OK to commit your changes.

To shutdown the system from the CLI

1. Connect to the console by using SSH or a port console.

2. From the displayed menu, press P key to enter in Power Management then press the S key
to select Shutdown appliance.

3. Press Enter to validate.

4. A pop-up opens to validate the operation. Confirm by Yes or select No to cancel the operation.

To shutdown the system from the front panel

1. From the front panel of the appliance, press the power button during 3 seconds.
2. The appliance will stop automatically, after synchronizing its buffer on the disk.

Rebooting SOLIDserver
To reboot and shutdown a SOLIDserver, you can use the web console or the CLI as well.

109
 Shutting Down and Rebooting

To reboot the system from the web console

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Reboot the system
4. The Reboot wizard appears.
5. Click on OK to commit your changes.

To reboot the system from the CLI

1. Connect to the console by using SSH or a port console.

2. From the displayed menu, press P key to enter in Power Management then press the R key
to select Reboot appliance.

3. Press Enter to validate.

4. A pop-up opens to validate the operation. Confirm by Yes or select No to cancel the operation.

110
Part IV. Global Policies
Table of Contents
10. Managing Alerts ....................................................................................................... 114
Introduction ........................................................................................................... 114
Alerts Definition ............................................................................................. 114
Alerts ........................................................................................................... 114
Browsing the Alerts Database ................................................................................ 115
Adding Alerts ........................................................................................................ 116
Enabling or Disabling Alerts ................................................................................... 119
Forcing the Check of an Alert Definition .................................................................. 119
Acknowledging or Dismissing an Alert .................................................................... 120
Changing an Alert Status ....................................................................................... 120
Deleting Alerts ...................................................................................................... 120
11. Managing Default Behaviors ..................................................................................... 122
Introduction ........................................................................................................... 122
Browsing Default Behaviors ........................................................................... 122
Configuring and Applying IPAM Default Behaviors ................................................... 123
Space Default Behaviors ................................................................................ 123
Block Default Behaviors ................................................................................. 125
Subnet Default Behaviors .............................................................................. 127
Pool Default Behaviors ................................................................................... 130
Address Default Behaviors ............................................................................. 131
Configuring and Applying DHCP Default Behaviors ................................................. 133
Configuring and Applying DNS Default Behaviors .................................................... 135
Propagating Default Behaviors Parameters ............................................................. 137
Setting Default Behaviors Parameters ..................................................................... 137
12. Importing Data ......................................................................................................... 139
Introduction ........................................................................................................... 139
The Import Wizard ......................................................................................... 140
Importing Data to the IPAM .................................................................................... 141
Where to Import IPAM Data ........................................................................... 141
Importing Spaces .......................................................................................... 143
Importing Blocks ........................................................................................... 144
Importing Subnets ......................................................................................... 148
Importing Pools ............................................................................................. 153
Importing Addresses ..................................................................................... 156
Importing VRFs ............................................................................................. 159
Importing VRF Route Targets ......................................................................... 160
Importing Data to the DHCP .................................................................................. 162
Where to Import DHCP Data .......................................................................... 162
Importing Scopes .......................................................................................... 162
Importing Ranges .......................................................................................... 166
Importing Statics ........................................................................................... 169
Importing Data to the DNS ..................................................................................... 173
Where to Import DNS Data ............................................................................ 173
Importing Zones ............................................................................................ 173
Importing Resource Records .......................................................................... 174
Importing Data to NetChange ................................................................................. 176
Where to Import NetChange Data .................................................................. 176
Importing Network Devices ............................................................................ 177
Importing Data to Device Manager ......................................................................... 178
Where to Import Device Manager Data ........................................................... 178
Importing Devices ......................................................................................... 178

112
 Global Policies

Importing Ports & Interfaces ........................................................................... 180

Importing Data to VLAN Manager ........................................................................... 181
Where to Import VLAN Manager Data ............................................................. 181
Importing VLAN Domains ............................................................................... 182
Importing VLAN Ranges ................................................................................ 183
Importing VLANs ........................................................................................... 185
Importing Data to the Administration Module ........................................................... 187
Where to Import Data in the Administration Module ......................................... 187
Importing Groups .......................................................................................... 187
Importing Users ............................................................................................ 188
Importing Custom Data .................................................................................. 190
Managing Import Templates ................................................................................... 191
13. Exporting Data ......................................................................................................... 193
Introduction ........................................................................................................... 193
The Export Wizard ........................................................................................ 194
Browsing the Exports Database ............................................................................. 195
Configuring Exports ............................................................................................... 195
Exporting Data To Reimport It Later ........................................................................ 198
Required Columns To Reimport Data in the IPAM Module ................................ 198
Required Columns To Reimport Data in the DHCP Module .............................. 199
Required Columns To Reimport Data in the DNS Module ................................. 200
Required Columns To Reimport Data in NetChange Module ............................. 200
Required Columns To Reimport Data in Device Manager Module ..................... 200
Required Columns To Reimport Data in VLAN Manager Module ....................... 201
Required Columns To Reimport Data in the Administration Module ................... 201
Managing Export Files ........................................................................................... 201
Managing Scheduled Exports Configuration Files .................................................... 202
Managing Export Templates ................................................................................... 203
14. Managing Reports ................................................................................................... 204
Introduction ........................................................................................................... 204
Browsing the Reports Database ............................................................................. 204
Generating a Report .............................................................................................. 205
Scheduling a Report .............................................................................................. 205
Downloading and Displaying Reports ..................................................................... 206
Managing Scheduled Reports Configuration Files ................................................... 207
15. Managing Smart Folders .......................................................................................... 209
Introduction ........................................................................................................... 209
Smart Folders Overview ................................................................................ 209
Tree View ...................................................................................................... 209
My Smart Folders .......................................................................................... 209
Adding Smart Folders ............................................................................................ 210
Editing Smart Folders ............................................................................................ 210
Sharing Smart Folders ........................................................................................... 211
Deleting Smart Folders .......................................................................................... 212

113
Chapter 10. Managing Alerts
Introduction
SOLIDserver offers a number of customization options that include the alert configuration from
any page. You can either be notified of the changes of your choice (new value, status, etc.) via
email or via an SNMP trap. The alert configuration is quite simple and all alerts, configured or
raised, can be displayed through two pages of the administration module. In other words, the
alerts provide an extra monitoring system.

Both pages display all the available columns so you cannot configure the listing page display.

Alerts Definition
Alerts Definition is a listing page containing all the alerts configured in SOLIDserver. It displays
the configuration details of each alert through six columns: Alert Name, Condition, Created on,
Scheduling, State and Status.

Table 10.1. Alerts Definition Page Columns Description

Expression Description
Alert Name Displays the name you chose for the alert.
Condition Displays the trigger condition of the alert, 0 being the status or value
that will trigger the alert if met (=), different (!=, <, >), etc.
Created on Displays the date and time of creation of the alert.
Scheduling Sums up the check frequency of the parameters that trigger the
alert that you set up when creating the alert.
State Display the alert state, either Released or Raised:

• Released: once the alert is created it is Released on the Alerts

Definition page.
• Raised: once the parameters set for the alert are met, the alert
is raised. From that moment on, it is listed on the Alerts page
and will keep the raised state until you acknowledge or dismiss
the alert.

Status Indicates if the alert is Enabled or Disabled.

For more details regarding each alert, go to its properties page (through at the end of the line
of each alert) where you will see the severity, priority, recipients of the email, etc.

The Alerts definitions page gives an overview of all the alerts created. Once triggered, an alert
will be listed on that page as well as on the Alerts page.

Alerts
Alerts is a listing page of all the raised alerts that provides further details regarding the page of
SOLIDserver where the alert was set, when it was raised, etc. This page also provides a shortcut
towards the page where you set it.

114
 Managing Alerts

Table 10.2. Alerts Page Columns Description

Expression Description
Severity Displays the alert severity that you set upon creation: Minor, Major,
Crash or Block.
Module Displays the name of the module where the alert was created.
Sub Module Displays the name of the page within the module where the alert
was created.
Alert Name Displays the name given to the alert upon creation.
Priority Displays the level of priority you set upon creation: Low, Normal,
High, Urgent or Immediate.
Begin date Displays the time and date when the alert went from released to
raised, i.e. the moment the parameters set where met.
Starting since Displays the period of time during which the alert has been raised.
Status Displays the alert status: - if the alert was raised and has not been
dealt with yet and DISMISS (<users' group name>) or ACK (<users'
group name>).
Related Data Provides a shortcut called View alert filters toward the page where
the alert was set. That way you can access it in a simple click and
perform the needed changes before acknowledging or dismissing
the alert.
Status Displays the alert status: Raised or OK (once acknowledged or
dismissed).

Keep in mind that by default only the raised alerts (that have not been either acknowledged or
have been manually back to non acknowledged) are displayed on that page. To display all the
formerly raised alerts, go the To display all the alerts on the Alerts page procedure.

Browsing the Alerts Database

To display the Alerts page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens. Only the raised alerts
are displayed by default.

To display the Alerts page from the administration homepage

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Alerts. The Alerts list opens. Only the raised alerts are
displayed by default.

To display all the alerts on the Alerts page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.

115
 Managing Alerts

3. Under the menu, tick the Display all alerts box. All the alerts are listed, whether they are
raised or already acknowleged/dismissed.

To display the Alerts Definition page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.

To display the Alerts Definition page from the administration homepage

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Alerts Definition. The Alerts Definition list opens.

To display the raised alerts of a specific alert definition

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Click on the name of the alert definition. The Alerts page displays all the raised alerts of that
specific definition.
5. Under the menu, tick the Display all alerts box. All the raised alerts are listed.

Note
If nothing is displayed, it means that the alert has never been raised.

To display an alert properties page through the Alerts Definition page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. At the end of the line of the alert of your choice, click on . The properties page opens.

Tip
You can also access the properties page through the Info Bar: put your mouse over
the name of the alert of your choice, once the Info Bar appears, click on .

Adding Alerts
From any page within SOLIDserver you can create alerts from the Preferences menu. The main
advantage of the alerts creation is that you can filter the list and then add the alert, which will
automatically take into account the parameters you chose to trigger the alert. So if you decide to
filter the DNS zones list status column with != OK and then add an alert, the alert will be triggered

116
 Managing Alerts

when any zone of the page changes status to any other status than OK and send you an email
and/or an SNMP trap depending on your alert configuration.

To add an alert

In this procedure, we will describe the configuration of an alert on the DNS zones page: if any
zone status changes to anything but OK, an alert will be sent.

1. Go to the page of your choice and filter the list according to your needs.

a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS zones icon. The DNS All zones list opens.
c. In the Server column, click on the name of the server of your choice to display the zones
it contains.
d. In the Status column, double-click in the search engine. The filter constructor appears.
e. In the drop-down list, select != (different from).
f. Among the statuses listed, tick OK. OK is now displayed in the field. A new line appears.
g. Click on APPLY . The list is now filtered and only the zones that have a status different
from OK are displayed.

2. In the menu, select Preferences > Add an Alert. The Create an Alert Definition wizard opens.
3. In the Name field, name the alert. By default, he alert is named after the module and page
from where you configure it, in our example DNS: Zones.
4. In the Description field, you can type in a description if needed.
5. In the Expert mode section, tick the box to display the expert configuration fields.
6. Through the Filter results and Value fields, you can configure the alert execution parameters.

Table 10.3. Alert Execution Configuration Fields

Fields Description
Filter results In this drop-down list, you can select != (different from), > (Greater
than), < (Less than) or == (Equal to). Any of these conditions will af-
fect the number typed in the Value field. By default, != (different from)
is selected.
Value In this field, you can type in a number that corresponds to the
threshold of your the filter you set before adding the alert. By default,
0 is displayed.

For instance, if you do not want the alert to be triggered for less than 2 zones with a status
different from OK, you will select Greater than in the Filter results drop-down list and 2 in
the Value field.
7. In the Triggered by change section, tick the box if you want your alert to match your filter
only by change. In the case of our example, if you do not tick the box and three zones already
correspond to the filter (they could be in delayed create, timeout...), the alert will be triggered
if, at the next check, the zones are still not set to OK.
8. In the Alert Priority drop-down list, define the alert priority. It can be Low, Normal, High, Urgent
or Immediate.

117
 Managing Alerts

9. In the Alert Severity drop-down list, define the alert severity. You can choose among Minor,
Major, Crash and Block.
10. In the Alert Group Owner drop-down list, select a group of users among the ones you created.
11. In the Scheduling section, tick the box to display the schedule related fields.

Table 10.4. Alert Check Scheduling Parameters

Fields Description
Day(s) of the week In this drop-down list, select a frequency (over the whole week or for
a specific set of days) or a specific day of the week.
Date of the month In this drop-down list, select a specific day of the month or a fre-
quency (every day) for the refresh.
Month In this drop-down list, select a specific month or a frequency (every
month) for the refresh.
Hour In this drop-down list, select a frequency (over the whole day or for
a limited period of time each day), a set of hours or a specific hour
per day for the refresh.
Minute In this drop-down list, select the moment (o'clock, quarter past, half
past or quarter to) or the frequency (in minutes) of the refresh.

By default, the check is scheduled every 5 minutes of every hour, day and month.
12. In the Send mail section, tick the box to display the email configuration fields.

Table 10.5. Alerts Page Columns Description

Expression Description
Mailing lists In this drop-down list, select a group of users among the ones
created on the Group page of the Administration module. Make
sure that the email address of the users belonging to the selected
group is configured otherwise they will never receive the alert.
Additional Mail Type in the email address of the recipient of the alert and click
on ADD to move it to the Additional Mail List. Repeat these ac-
tions from as many recipients as needed.
Additional Mail List In this list are displayed all the recipients of the alert email.

13. In the SNMP Trap section, tick the box to display the trap configuration fields.

Table 10.6. SNMP Trap Configuration Parameters

Parameters Description
SNMP version The version of SNMP, could be v1/v2c or v3.
SNMP Destination The IP address of the network management platform.
SNMP Community The community name.
SNMP ID The SNMP object ID (e.g.: 1.3.6.1.6.3.1.1.5).

14. Click on OK to commit the alert creation. It is now listed in the Alerts Definitions page and
marked as Released.

118
 Managing Alerts

Enabling or Disabling Alerts

If at some point you want an alert definition to stop raising alert instances, you can disable it.

To disable an alert

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to disable.
5. In the menu, select Edit > Disabled. The Disabled an Alert wizard opens.
6. Click on OK to commit the change. The report opens and closes. The list is visible again,
the alert definition is marked as Disabled.

When you want it to raise alert instances again, enable it again.

To enable an alert

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to disable.
5. In the menu, select Edit > Enabled. The Enable an Alert wizard opens.
6. Click on OK to commit the change. The report opens and closes. The list is visible again,
the alert definition is marked as Enabled.

Forcing the Check of an Alert Definition

At any time, you might want to check that you did not miss any alert. It is useful if you did not
trigger on change an alert definition configuration or if on the contrary you just configured an alert
definition with a check every 5 minutes, using the Check for matching alerts option allows you to
check if the definition raises any alert right away and whenever you need.

Keep in mind that this option does not check the alert definition configuration itself but only if any
alert that matches your definition should be raised.

To manually force an alert check

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to check.
5. In the menu, select Tools > Check for matching alerts. The Force alert trigger wizard opens.

119
 Managing Alerts

6. Click on OK to commit the check. The report opens and closes. The list is visible again. To
see if the alert is now raised, go to the Alerts page.

Acknowledging or Dismissing an Alert

Once an alert was raised and you accessed the page where it was defined and made the needed
changes. You should acknowledge the alert in order to make sure that next time it is raised you
actually only see the instances that matter and not old ones.

To acknowledge an alert

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. Tick the raised alert(s) that you want to acknowledge.
4. In the menu, select Edit > Acknowledge / Dismiss. The Acknowledge / Dismiss an Alert
wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again, the alert is no longer listed. To see it again, tick the Display all alerts box.

Once you acknowledged an alert it may be marked as ACK or DISMISS. If this status is underlined
(generally the latest raised alert instance is), if you click on this status you will be able to change
it back to not acknowledged, i.e. an alert that you still need to deal with.

Changing an Alert Status

Once an alert was raised and you accessed the page where it was defined and made the needed
changes. You should acknowledge the alert in order to make sure that next time it is raised you
actually only see the instances that matter and not old ones.

To stop acknowledging an alert

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.
3. Tick the raised alert(s) that you want to acknowledge.
4. In the menu, select Edit > Non Acknowledge. The Non Acknowledge an Alert wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again, the alert is no longer listed marked as ACK or DISMISS.

Deleting Alerts
At any time, you might want to delete an alert. You can do it from the Alerts Definition page.

To delete an alert

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on the Alerts icon. The Alerts list opens.

120
 Managing Alerts

3. In the breadcrumb, click on Alerts Definition. The Alerts Definition list opens.
4. Tick the alert(s) that you want to delete.
5. In the menu, select Edit > Delete an Alert. The Delete an Alert wizard opens.
6. Click on OK to commit the alert deletion. The report opens and closes. The list is visible
again, the alert is no longer listed.

121
Chapter 11. Managing Default Behaviors
Introduction
SOLIDserver allows the members of the admin group to configure, apply, propagate and set
default classes at different levels of the IPAM, DHCP and DNS modules. These default classes,
called default behaviors, are independent from other classes that can be managed through Class
Studio. For more details on classes, refer to the Class Studio chapter of this guide.

These behaviors modify the existing replication rules behaviors and can enable automatic inter-
actions between these three modules and/or additional options within the modules themselves:

• From the IPAM module, you can update the DNS and reserve a DHCP static for every assigned
IP address, configure a subnet as a DHCP shared network and create pools through the subnet
addition wizards.
• From the DHCP module, you can update the IPAM and DNS with the leases information.
• From the DNS module, you can update the IPAM with the corresponding resource records
information and create a PTR record for any new RR in a smart architecture.

Default behaviors can be configured to display or hide related fields in the addition and edition
wizards.

Default behaviors parameters are based on replication and inheritance. When these parameters
are set during the creation or modification of a container, they are automatically inherited by the
new objects that will be created within this container, but not on those it already contains. For
preexisting structures, please refer to the Setting default behaviors parameters and Propagating
default behaviors parameters sections.

Browsing Default Behaviors

There is no listing page dedicated to default behaviors. However, they are displayed on the
properties page of an object. In case of replication and inheritance, the Default Behaviors prop-
erties panel also displays between brackets the level from which the behavior has been set.

Figure 11.1. Default Behaviors Properties Panel

To display the default behavior properties panel

1. Go to the properties page of the object of your choice using .

2. Open the Default Behavior properties panel, using . The panel displays the default beha-
viors parameters of that object and the level from which it has been set between brackets.

122
 Managing Default Behaviors

Configuring and Applying IPAM Default Behaviors

Different default behaviors can be set on IPAM objects to:

• Update the DNS module with addresses assigned in the IPAM.

• Reserve a DHCP static for every assigned IP address.
• Configure a subnet as a DHCP shared network.
• Create pools from the subnet addition wizards.

Space Default Behaviors

Space default behaviors parameters can be applied through the space addition and edition wizards.
Members of the admin group can also configure said wizards to display or hide the configurable
default behaviors fields.

To configure default behaviors at the space level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Spaces icon. The All spaces list opens.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a space and Edit a space wizards. The table below details
the available behaviors:

Table 11.1. Space Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Select the DNS server where the IP addresses will be up- DNS server
dated
Select the DNS view where the IP addresses will be updated DNS view
Select the DNS domain where the IP addresses will be Default Domain
updated
Select a restricted list of the allowed domains Domains list / Selected Do-
mains list
Create a DNS reverse zone DNS server for reverse zones /
DNS view for reverse zones
Select the DNS server where the reverse zone of a subnet DNS server for reverse zones
will be created
Select the DNS view where the reverse zone of a subnet DNS view for reverse zones
will be created
Select the DHCP failover cluster where the configuration DHCP cluster
will be applied
Display the "Update DNS" checkbox Update DNS
Display the "Create DHCP static" checkbox Create DHCP Static

123
 Managing Default Behaviors

6. Click on OK to commit your configuration. The report opens and closes. The All spaces page
is visible again.

Your configuration is now available in the space addition and edition wizards if you select
Configurable behaviors in the Mode drop-down list. Selecting All behaviors will display all
the available behaviors for this type of object regardless of the current default behaviors
configuration.

To apply default behaviors parameters at the space level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Spaces icon. The All spaces list opens.
4. Add or edit a space. For more details refer to the Managing IP spaces chapter. The corres-
ponding wizard opens.
5. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.2. Space Default Behaviors Parameters

Field Default Description
value
DNS server None Select the DNS server where the assigned IP ad-
dresses of the space will be updated. Once you selec-
ted a server, the DNS view, Domains list, Selected
domains list and Default domain fields are visible if
they were ticked in the Default behaviors configuration
wizard.
DNS view All Select the DNS view where the assigned IP addresses
of the space will be updated.
Domains list / Select the DNS domain(s) where the assigned IP ad-
dresses of the space will be updated. You might have
the possibility to add several existing domains to the
Selected domains list field using .
Default domain None Select the default domain among the Selected do-
mains.
DNS server for re- All Select the DNS server where reverse zones will be
verse zones created upon addition / edition of subnets in the space.
DNS view for reverse All Select the DNS view where the reverse zones will be
zones created upon addition / edition of subnets in the space.
Update DNS Unticked Tick this box to update the DNS module with the IP
changes to come. If you do not tick this checkbox, the
DNS configuration set in the above fields will not be
implemented.
DHCP cluster None Select the DHCP failover cluster that will be inherited
bu the block and subnets of the space. To configure
the inheritance of the automated leases creation, see
the Create DHCP Static option below.

124
 Managing Default Behaviors

Field Default Description

value
Create DHCP Static Unticked Tick this box to make sure the automated static reser-
vation is inherited by the blocks and subnets of the
space. A DHCP static is automatically created for every
assigned IP address in the space. This automated
creation cannot be done is the no DHCP failover cluster
has been specified.

6. Click on OK to commit your configuration. The report opens and closes. The All spaces page
is visible again.

The default behaviors parameters will now be inherited by on the new objects created in this
space. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.

Block Default Behaviors

Block default behaviors parameters can be applied through the block addition and edition wizards.
Members of the admin group can also configure said wizards to display or hide the configurable
default behaviors fields.

To configure default behaviors at the block level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Blocks icon. The All blocks list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a block and Edit a block wizards. The table below details the
available behaviors:

Table 11.3. Block Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Select the DNS server where the IP addresses will be up- DNS server
dated
Select the DNS view where the IP addresses will be updated DNS view
Select the DNS domain where the IP addresses will be Default Domain
updated
Select a restricted list of the allowed domains Domains list / Selected Do-
mains list
Create a DNS reverse zone DNS server for reverse zones /
DNS view for reverse zones
Select the DNS server where the reverse zone of a subnet DNS server for reverse zones
will be created

125
 Managing Default Behaviors

Configurable behaviors Default behaviors fields

Select the DNS view where the reverse zone of a subnet DNS view for reverse zones
will be created
Select the DHCP failover cluster where the configuration DHCP cluster
will be applied
Display the "Update DNS" checkbox Update DNS
Display the "Create DHCP static" checkbox Create DHCP Static

7. Click on OK to commit your configuration. The report opens and closes. The All blocks page
is visible again.

Your configuration is now available in the block addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.

To apply default behaviors parameters at the block level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Blocks icon. The All Blocks list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a block. For more details refer to the Managing IP blocks chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.4. Block Default Behaviors Parameters

Field Default Description
value
DNS server All Select the DNS server where the assigned IP ad-
dresses of the block will be updated. Once you selected
a server, the DNS view, Domains list, Selected domains
list and Default domain fields are visible if they were
ticked in the Default behaviors configuration wizard.
DNS view All Select the DNS view where the assigned IP addresses
of the block will be updated.
Domains list / Select the DNS domain(s) where the assigned IP ad-
dresses of the block will be updated. You might have
the possibility to add several existing domains to the
Selected domains list field using .
Default domain None Select the default domain among the selected domains.
DNS server for re- All Select the DNS server where reverse zones will be
verse zones created upon addition / edition of subnets in the block.
DNS view for reverse All Select the DNS view where the reverse zones will be
zones created upon addition / edition of subnets in the block.

126
 Managing Default Behaviors

Field Default Description

value
Update DNS Unticked Tick the box to update the DNS module with the IP
changes to come. If you do not tick this checkbox, DNS
configuration set in the above fields will not be imple-
mented.
DHCP cluster None Select the DHCP failover cluster that will be updated
by the configuration. See Create DHCP Static option
below.
Create DHCP Static Unticked Tick this box to reserve a static DHCP for every as-
signed IP address in the block. Make sure a DHCP
failover cluster has been correctly specified.

7. Click on OK to commit your configuration. The report opens and closes. The All blocks page
is visible again.

The default behaviors parameters will now be inherited by the new objects created in this
block. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.

Subnet Default Behaviors

Subnet default behaviors parameters can be applied through the subnet addition and edition
wizards, both in IPv4 an IPv6. Members of the admin group can also configure said wizards to
display or hide the configurable default behaviors fields.

To configure default behaviors at the subnet level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Subnets icon. The All subnets list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add a subnet and Edit a subnet wizards. The table below details
the available behaviors:

Table 11.5. Subnet Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Offset gateway (default gateway value) Gateway
Display the "Gateway" field Gateway
Select the DNS server where the IP addresses will be up- DNS server
dated
Select the DNS view where the IP addresses will be updated DNS view
Select a restricted list of the allowed domains Domains list / Selected domains
list

127
 Managing Default Behaviors

Configurable behaviors Default behaviors fields

Select the DNS domain where the IP addresses will be Default Domain
updated
Select a restricted list of the allowed domains Domains list / Selected Do-
mains list
Create a DNS reverse zone DNS server for reverse zones
Select the DNS server where the reverse zone of a subnet DNS server for reverse zones
will be created (visible if Create a DNS reverse zone is
ticked)
Select the DNS view where the reverse zone of a subnet DNS view for reverse zones
will be created (visible if Create a DNS reverse zone is
ticked)
Display the "Update DNS" checkbox Update DNS
Select the DHCP failover cluster where the configuration DHCP cluster
will be applied
Ask if this subnet must be configured as a DHCP shared Shared network
network (visible if the option above is ticked)
Display the "Create DHCP static" checkbox Create DHCP Static
Ask the number of pool to create Number of pools / Size / Type /
Name

7. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again.

Your configuration is now available in the subnet addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.

To apply default behaviors parameters at the subnet level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Subnets icon. The All Subnets list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP subnets chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.6. Subnet Default Behaviors Parameters

Field Default Description
value
DNS server All Select the DNS server where the assigned IP ad-
dresses of the subnet will be updated. Once you selec-
ted a server, the DNS view, Domains list, Selected

128
 Managing Default Behaviors

Field Default Description

value
domains list and Default domain fields are visible if
they were ticked in the Default behaviors configuration
wizard.
DNS view All Select the DNS view where the assigned IP addresses
of the subnet will be updated.
Domains list / Select the DNS domain(s) where the assigned IP ad-
dresses of the subnet will be updated. You might have
the possibility to add several existing domains to the
Selected domains list field using .
Default domain None Select the default domain among the selected domains.
DNS server for re- All Select the DNS server where reverse zones will be
verse zones created upon addition / edition of subnets.
DNS view for reverse All Select the DNS view where the reverse zones will be
zones created upon addition / edition of subnets.
Update DNS Unticked Tick this box to update the DNS module with the IP
changes to come. If you do not tick this checkbox, DNS
configuration set in the above fields will not be imple-
mented.
DHCP cluster None Select a DHCP failover. Once the subnet is created, a
scope is created in each server of the selected cluster.
It is named after the subnet name and matches the
subnet range of addresses. If you are creating an IPv4
subnet, the routers options is automatically set for the
DHCP servers of the cluster, its value is the subnet
gateway IP address. To automate leases creation, see
the Create DHCP Static option below.
Shared network Use subnet Select the DHCP scope you want to associate with
address your subnet to create a shared network. Selecting the
Use subnet address value will create a new scope in
the selected DHCP server. Make sure a DHCP cluster
has been specified.
Create DHCP Static Unticked Tick this box to reserve a DHCP static for every as-
signed IP address in the subnet. This automated assig-
nation can only be done if a DHCP cluster has been
selected.
Gateway Penultimate Edit the gateway field if need be. By default, the gate-
IP address way is the penultimate IP address of the subnet (-1).
of the subnet To modify the default gateway offset, refer to the pro-
cedure To configure default behaviors at the subnet
level.
Number of pools 0 In this drop-down list, select the number of pools you
want to create in the subnet you are creating. For each
pool, you will need to specify a Size and a Type. If
leave the default value, no pool is created. You cannot
create pools from the subnet edition wizard.

129
 Managing Default Behaviors

Field Default Description

value
Size None In this field, type in the number of IP addresses of the
pool. This option is available in IPv4 only.
Type Select a In this drop-down list, select the pool type (i.e its pur-
value pose): either DHCP, Router, Network, Printer, Server,
Workstation or Other. Once the type is selected, the
wizard page will reload. If you select Other, the Name
field appears.
Name None If you selected Other, name the pool in this field.

7. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again.

The default behaviors parameters will now be inherited by the new objects created in this
subnet. To apply these parameters on objects it already contains, refer to the Propagating
default behaviors parameters section.

Pool Default Behaviors

Pool default behaviors parameters can be applied through the pool addition and edition wizards,
both in IPv4 an IPv6. Members of the admin group can also configure said wizards to display or
hide the configurable default behaviors fields.

To configure default behaviors at the pool level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Pools icon. The All pools list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkbox to display the default behavior corresponding field
in the Add a pool and Edit a pool wizards. The table below details the available behaviors:

Table 11.7. Pool Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Display the field "Create a DHCP range" Create a DHCP range

7. Click on OK to commit your configuration. The report opens and closes. The All pools page
is visible again.

Your configuration is now available in the pool addition and edition wizards, both in IPv4 and
IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All behaviors
will display all the available behaviors for this type of object regardless of the current default
behaviors configuration.

130
 Managing Default Behaviors

To apply default behaviors parameters at the pool level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Pools icon. The All pools list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP pools chapter. The corres-
ponding wizard opens.
6. On the last page of the wizard, you can set the default behavior parameter according to the
table below:

Table 11.8. Pool Default Behaviors Parameters

Field Default Description
value
Create a DHCP range Unticked Tick this box to create a range in the DHCP. This range
matches the range of addresses of the pool you are
creating. The range is created in the scope matching
the subnet your pool belongs to.

7. Click on OK to commit your configuration. The report opens and closes. The All pools page
is visible again.

The default behaviors parameters will now be inherited by the new objects created in this
pool.To apply these parameters on objects it already contains, refer to the Propagating default
behaviors parameters section.

Address Default Behaviors

Address default behaviors parameters can be applied through the address addition and edition
wizards, both in IPv4 an IPv6. Members of the admin group can also configure said wizards to
display or hide the configurable default behaviors fields.

To configure default behaviors at the address level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Addresses icon. The All addresses list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the Add an address and Edit an address wizards. The table below
details the available behaviors:

131
 Managing Default Behaviors

Table 11.9. Address Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Enable the automatic construction of the IP address host- Shortname / Domain
name: shortname.domain
Make the Domain selection mandatory for the IP address Domain: a domain must be se-
hostname construction lected
Select the DNS server where the IP addresses will be up- DNS server
dated
Select the DNS view where the IP addresses will be updated DNS view
Select the DNS domain where the IP addresses will be Domain
updated
Display the "Update DNS" checkbox Update DNS
Display the "Create DHCP static" checkbox Create DHCP Static

7. Click on OK to commit your configuration. The report opens and closes. The All addresses
page is visible again.

Your configuration is now available in the address addition and edition wizards, both in IPv4
and IPv6, if you select Configurable behaviors in the Mode drop-down list. Selecting All be-
haviors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.

To apply default behaviors parameters at the address level

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the Addresses icon. The All Addresses list opens.
4. Next to the Logout button, click on IP4 or IP6 according to your needs.
5. Add or edit a subnet. For more details refer to the Managing IP addresses chapter. The
corresponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.10. Address Default Behaviors Parameters

Field Default Description
value
Shortname / In this field, type in a shortname for the IP address
name. The complete IP address name will be <short-
name>.<domain_name>. Selecting this option will
create an A resource record for the address in the DNS
zone specified in the Domain field.
DNS server All Select the DNS server where the assigned IP ad-
dresses of the subnet will be updated.
DNS view All Select the DNS view where the assigned IP addresses
of the subnet will be updated.

132
 Managing Default Behaviors

Field Default Description

value
Domain None Select the domain to complete the IP address name
<shortname>.<domain_name> . Selecting this option
will create an A resource record for the address in the
corresponding zone. This field is required if you ticked
the corresponding checkbox in the Default behaviors
configuration wizard.
Update DNS Unticked Tick this box to update the DNS module with the IP
changes to come. If you do not tick this checkbox, any
DNS configuration set in the above fields will not be
implemented.
Create DHCP Static Unticked Tick this box to reserve a static DHCP for every as-
signed IP address. Make sure a DHCP cluster has
been specified. µIf no DHCP cluster has been selected
at subnet level or inherited from above (space or block),
no lease is reserved.

7. Click on OK to commit your configuration. The report opens and closes. The All addresses
page is visible again.

Configuring and Applying DHCP Default Behaviors

Different default behaviors can be set on DHCP objects to:

• Update the IPAM module with the IP addresses allocated through dynamic addressing (leases).
• Update the DNS resource records database with the leases information.

Note
The following procedures apply to DHCP servers, groups, scopes and ranges in
IPv4 only.

To configure DHCP default behaviors

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All groups, All scopes or All ranges page depending on your needs.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
6. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the addition and edition wizards of the selected object.The table below
details the available behaviors:

133
 Managing Default Behaviors

Table 11.11. DHCP Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Display the "Push leases to IPAM" checkbox Push leases to IPAM
Display the "Lease name" drop-down list Lease name
Display the "Use client name (FQDN)" checkbox Use client name (FQDN)
Display the "Update DNS" checkbox Update DNS

7. Click on OK to commit your configuration. The report opens and closes. The All servers, All
groups, All scopes or All ranges page is visible again.

Your configuration is now available in the addition and edition wizards at the level of your
choice, if you select Configurable behaviors in the Mode drop-down list. Selecting All beha-
viors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.

To apply DHCP default behaviors parameters

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All groups, All scopes or All ranges page depending on your needs.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. Add or edit the DHCP object of your choice. For more details refer to the DHCP management
part. The corresponding wizard opens.
6. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.12. DHCP Default Behaviors Parameters

Field Default Description
value
Push leases to IPAM Unticked Tick this box to push each allocated lease information
to the IPAM module, i.e assign the IP address to a cli-
ent and its MAC address. Once you ticked this box,
the Lease name, Use client name (FQDN) and Update
DNS fields appear.
Lease name Only one cli- This drop-down list sets the behaviors of the IPAM if
ent can up- their are hostname conflicts in the DHCP. In term, such
date the conflict could affect the DNS, which is why you need
IPAM to decide what you want to send to the IPAM.
Only the first client / If multiple clients that have the same name obtain a
updates the IPAM lease, only the client getting the first lease will update
the IPAM and DNS. Until the first client lease has not
expired, its name cannot be replaced in the DNS. Ba-
sically, the first client getting a lease will have its inform-
ation pushed to the IPAM (name, MAC address and
IP address). The second client with the same name,
will have its IP and MAC addresses pushed to the IPAM
without a name and therefore will not update the DNS.

134
 Managing Default Behaviors

Field Default Description

value
Only one client can / This option is dedicated to mobile clients, on a network
update the IPAM configuration composed of several scopes. In this
mode, the client connecting from two different parts of
the network with the same name and MAC address is
listed twice in the DHCP. Both leases name, MAC ad-
dress and IP address are pushed to the IPAM: the
name and MAC address are identical but the IP ad-
dress differs. Once saved in the IPAM, only the latest
lease information updates the DNS.
Clients always update / All the DHCP clients update the IPAM no matter their
the IPAM name, IP or MAC address. In other words, every client
getting a lease will have its information pushed to the
IPAM (name, MAC address and IP address) even if its
name has already been pushed to the IPAM. This is
the most permissive mode. Keep in mind that only the
latest lease information updates the DNS.
Use client name Unticked Tick this box to make sure the leases "client name"
(FQDN) value (the FQDN) is pushed in the IPAM and used as
IP address name. If you have configured the DNS
replication as well (the Update DNS behavior), the zone
matching the FQDN will be updated as well.
Update DNS Unticked Tick this box to update the DNS resource records
database with the leases information.

7. Click on OK to commit your configuration. The report opens and closes. The All servers, All
groups, All scopes or All ranges page is visible again.

The default behaviors parameters will now be inherited by the new objects created in the
selected server, group, scope or range. To apply these parameters on objects it already
contains, refer to the Propagating default behaviors parameters section.

Configuring and Applying DNS Default Behaviors

Different default behaviors can be set on DNS objects to:

• Update the IPAM module with the corresponding DNS resource records information.
• Create a PTR record for any new RR created in the DNS server(s) of a smart architecture.

Note
The following procedures apply to DNS servers, views and zones.

To configure DNS default behaviors

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Go to the All servers, All views, or All zones page depending on your needs.

135
 Managing Default Behaviors

4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the configurable behavior checkboxes of your choice to display the default behavior
corresponding field in the addition and edition wizards of the selected object.The table below
details the available behaviors:

Table 11.13. DNS Configurable Default Behaviors

Configurable behaviors Default behaviors fields
Display the "Update IPAM" checkbox Update IPAM
Display the "Create PTR" checkbox (not available for DNS Create PTR
views)

6. Click on OK to commit your configuration. The report opens and closes. The All servers, All
views, or All zones page is visible again.

Your configuration is now available in the addition and edition wizards at the level of your
choice, if you select Configurable behaviors in the Mode drop-down list. Selecting All beha-
viors will display all the available behaviors for this type of object regardless of the current
default behaviors configuration.

To apply DNS default behaviors parameters

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the DNS Servers, Views or Zones icon. The corresponding listing page opens.
4. Add or edit the DNS object of your choice. For more details refer to the DNS management
part. The corresponding wizard opens.
5. On the last page of the wizard, set the default behaviors parameters of your choice according
to the table below:

Table 11.14. DNS Default Behaviors Parameters

Field Default Description
value
Update IPAM Unticked Tick this box to update the IP addresses with the
changes made in the resource records database.
Create PTR Unticked Tick this box to create a PTR record for each resource
record created in the DNS physical servers managed
via a smart architecture. This option can be applied on
DNS servers, views and zones.

6. Click on OK to commit your configuration. The report opens and closes. The All servers, All
views, or All zones page is visible again.

The default behaviors parameters will now be inherited by the new objects created in the
selected server, view, or zone. To apply these parameters on objects it already contains,
refer to the Propagating default behaviors parameters section.

136
 Managing Default Behaviors

Propagating Default Behaviors Parameters

Default behaviors parameters can be propagated from a container to the objects it manages.
However, the Propagate default behaviors parameters option does not overwrite existing values.
Therefore, a container can only propagate a value for default behaviors parameters that have
not been already set on the objects it contains.

For instance, if a DNS server has been specified at the space level, propagating the default be-
haviors of said space will only apply to the blocks, subnets, pools and addresses it manages for
which a DNS server has not already been set. To overwrite the value of a default behavior
parameter on one or several objects, refer to the Setting Default Behaviors Parameters section.

Containers from which a default behaviors parameter can be propagated include:

• IPAM: spaces, blocks, subnets and pools (both in IPv4 and IPv6).
• DHCP: servers, groups, scopes and ranges (Only in IPv4).
• DNS: servers, views and zones.

Note
The Propagate default behaviors parameters option does not apply to VLAN and
Device Manager default behaviors.

To propagate default behaviors parameters

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the container of your choice. You will be able to propagate some or all of its default
behaviors parameters.
5. In the menu, select Tools > Expert > Propagate default behaviors parameters. The
Propagate class parameters wizard opens.
6. In the Parameters list, select one by one the parameters you want to propagate and click
on .The parameters are moved to the Selected parameters list.You can remove parameters
from this list using .
7. Click on OK to commit the propagation. The report opens and closes. The list is visible again.
The behaviors have been propagated unless they already had a value: none of the existing
parameters have been overwritten.

Setting Default Behaviors Parameters

Default behavior parameters can be set individually for several objects at a time regardless of
any preexisting configuration. Setting default behaviors parameters this way allows to overwrite
any value already configured on the selected objects.

The new value set for a parameter can also be propagated to all the objects managed by the
selected containers.

137
 Managing Default Behaviors

Note
The Set default behaviors parameters option does not apply to VLAN and Device
Manager default behaviors.

To set default behaviors parameters

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the object(s) for which you want to set default behaviors parameters.
5. In the menu, select Tools > Expert > Set default behaviors parameters. The Update IP ad-
dress parameters wizard opens.
6. In the Parameter drop-down list, select the parameter of your choice.The Value drop-down
list appears.
7. In the Value drop-down list, select the parameter value.
8. Click on OK to commit the changes. The report opens and closes. Any parameter value
previously set for this object has been overwritten.

To set and propagate default behaviors parameters

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the IPAM, DHCP or DNS tab. If the homepage is not displayed, click on . The
homepage opens.
3. Go to the page of the object of your choice.
4. Tick the object(s) for which you want to set and propagate default behaviors parameters.
5. In the menu, select Tools > Expert > Set default behaviors parameters. The Update IP ad-
dress parameters wizard opens.
6. In the Parameter drop-down list, select the parameter of your choice.The Value drop-down
list appears.
7. In the Value drop-down list, select the value that suits your needs.
8. Tick the Propagate checkbox. If you do not tick this checkbox, the default behavior parameter
will be set only on the selected objects and will not be replicated at the lower levels.
9. Click on OK to commit the changes. The report opens and closes. The list is visible again.
Any parameter value previously set has been overwritten for the selected container(s) and
for all the objects it contains.

Warning
It is possible, but highly inadvisable, to allow members of other groups than the admin
group to set or propagate default behaviors. The Propagate class parameters and
Update IP address parameters permissions can thus be granted through the IPAM
panel located in the properties page of non-admin groups. For more details, refer to
the Defining the Group Permissions section.

138
Chapter 12. Importing Data
Introduction
SOLIDserver provides a simple tool to massively import data from CSV files on any listing page
of the IPAM, DHCP, DNS, NetChange and Device Manager modules. The standard data import
format is CSV. On some pages other formats are required, these specific imports are described
in each module.

There is a set of basic information that need to be taken into account before going through with
the import:

• The user importing the data must have the corresponding administrative rights

For instance, importing subnets into a block implies that the user has administrative rights over
the said block. Other subnets, attached to blocks that are out of the perimeter of user authority,
cannot be imported.
• The object parameters that you can import correspond to the columns of the listing
page

That way, you can import the name of the object container: if you export a list of zones you
can also import the name of the server and view they belong to and easily recreate the whole
hierarchy of objects you exported in the first place.
• An import is generated one page at a time

If you are importing zones from the All zones page in the DNS, you will only import the zones
themselves but not the RRs they contain.
• An import can be done from the object list or from a higher level of the hierarchy

Every module allows to import data from the object listing page itself or from the containing
object page. For that reason, importing a space can only done from the All spaces page but
you can import subnets from the All subnets page or from the All spaces or All blocks page.
• An import is done at a specific time

Importing data is merely importing a list to the corresponding page of SOLIDserver. However,
you can import several lists one after the other.
• An import can overwrite the existing listing page data

The import wizard last step allows to overwrite the existing page data or not.
• An import can take into account or ignore the class parameters saved on the import
CSV file

The import wizard last step allows to import or ignore the class parameters saved in the CSV
file list.
• If the page does not have the Import Option in the Add menu you cannot import data

Within SOLIDserver, almost any listing page allows the import. As for the import of CSV files,
the Add menu will contain Import > CSV <data>. To see the whole list of pages where you can
import data within SOLIDserver, refer to the table in each module-dedicated import section
below.

139
 Importing Data

The Import Wizard

During an import, once you selected the CSV file you want to import, the second page of the
wizard - CSV fields configuration - will always contain the sections below.

Figure 12.1. The CSV Import Wizard Main Page

1 In this section, you need to specify the CSV import file details; this will speed up the checking
process. The 6 first fields are displayed on the import wizard, no matter what object you are
importing.

Table 12.1. CSV Fields Association Description

Fields Description
Delimiter Select the data delimiter of your choice (a comma, a semi-colon or
a tab) in the drop-down list. The comma is selected by default.
Enclosure Select the data enclosure of the text (a single quotation or a double
quotation mark) in the drop-down list. The double quotation mark is
selected by default.
a
Input format Select the input format of your data (UTF-16, ASCII or UTF-8 ) in
the drop-down list. The ASCII format is selected by default.
Skip first line Select Yes or No in the drop-down list depending on your needs.
Skipping the first line will avoid importing the columns title. Yes is
selected by default.
Template Select None if you do not want to save your parameters in a template.
Select New template to save your parameters as a CSV file export
template. This drop-down list also contains the existing templates
that you can reuse.
Template name If you selected New template, name it in this field.
Save template This checkbox is visible if you do not create template or if you selec-
ted an existing template. Tick it if you want to save the changes
made to an existing template.
a
The UTF-8 input format is necessary to successfully import CSV files containing accents.

140
 Importing Data

2 In this section, you can create an import template. This section is not part of the NetChange
import wizard nor is the Save template field in the Custom data import wizard.
3 In this section are displayed some of the object parameters (columns) that you can import.

Once you click on NEXT , the Class parameters page will open and like the section 3 here above,
you will have a section of drop-down lists available. You will have as many fields as there are
class parameters configured by you or your administrator in the corresponding database. None
of the fields are required, it simply allows to make an import as specific and detailed as possible.

Once you click on NEXT , the CSV import parameters page of the wizard opens.

Figure 12.2. The CSV Import Wizard Check Page

1 In this drop-down list, you can replace the exiting data with your CSV file data.
2 In this drop-down list, you can keep or overwrite the object class parameters saved on the
database where you are importing the list.
3 The CHECK button performs a data validity check of the content of the CSV file. Therefore
the last pages of the wizard will be couple a report pages: one that validates the data and
another that confirms the import and might indicate why some elements have not been im-
ported.

Importing Data to the IPAM

Where to Import IPAM Data
Within the IPAM module, you can import data on every page but the All deleted IP addresses
(v4 or v6) and All policies pages. The table below, details all the data that you can import on each
page. As you will notice, at the spaces level you can import any data (spaces, blocks, subnets,
pools, addresses) as it is the highest level of the hierarchy. The further you go within the hierarchy
the less data you can import: you can import the element on which level your are and anything
it can contain.

141
 Importing Data

Table 12.2. Pages of the IPAM Where you Can Import CSV Files
IPAM page Objects that can be imported Option name in the Add > Import
menu
All spaces Spaces CSV spaces
Blocks CSV blocks
Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
IPv6 blocks CSV blocks (v6)
IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
RIPE blocks RIPE block
RIPE Inetnums RIPE Inetnums
IPv6 RIPE blocks RIPE Blocks (v6)
IPv6 RIPE Inetnums RIPE Inetnums (v6)
All blocks Blocks CSV blocks
Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
RIPE blocks RIPE blocks
RIPE Inetnums RIPE Inetnums
All blocks (v6) IPv6 blocks CSV blocks (v6)
IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
RIPE IPv6 blocks RIPE block (v6)
RIPE Inetnums (v6) RIPE Inetnums (v6)
All subnets Subnets CSV subnets
Pools CSV pools
Addresses CSV addresses
RIPE Inetnums RIPE Inetnums
All subnets (v6) IPv6 subnets CSV subnets (v6)
IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)
IPv6 RIPE Inetnums RIPE Inetnums (v6)
All pools Pools CSV pools
Addresses CSV addresses
All pools (v6) IPv6 pools CSV pools (v6)
IPv6 addresses CSV addresses (v6)

142
 Importing Data

IPAM page Objects that can be imported Option name in the Add > Import
menu
All addresses Addresses CSV addresses
All addresses (v6) IPv6 addresses CSV addresses (v6)
All AS Numbers Autnums CSV Autnums
RIPE Autnums RIPE Autnums
All VRFs VRFs CSV VRFs
VRF Route Targets CSV VRF Route Targets
All VRF Route Targets VRF Route Targets CSV VRF Route Targets

Importing Spaces
When importing one or several spaces, the import wizard will always contain at least 14 drop-
down lists that correspond to columns that you can display on the All spaces listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.

On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: only the Name field is compulsory. The other parameters on this
page and any other parameter that you will find on the next page, Class parameters, are optional
and can be left blank.

Keep in mind that from the All spaces page you can also import IPv4 or IPv6 blocks, subnets,
pools and addresses, refer to the section Where to Import IPAM Data above for more details.

To import spaces through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Import > CSV spaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:

Table 12.3. Blocks Import Parameters

Parameters Description
Name Select the column corresponding to the space(s) name. This field is
compulsory.

143
 Importing Data

Parameters Description
Description Select the column corresponding to the space(s) description. This field
is optional.
Parent space Select the column corresponding to the space(s) parent space (VLSM),
if relevant. This field is optional.
Class parameters Select the column corresponding to the space(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Class name Select the column corresponding to the space(s) class name. This field
is optional.

8. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the corresponding columns contained to your CSV file to import the needed data.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.4. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the listing. Don't re-
place is selected by default.
Keep the existing This drop-down list refers to the existing class parameters of the
class parameters spaces database. Select Yes or No depending on your needs.Yes
is selected by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All spaces list. Your space list in now updated.

Importing Blocks
When importing one or several blocks, the import wizard will always contain at least 18 drop-
down lists that correspond to columns that you can display on the All blocks listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.

When importing a list from the All blocks list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the First address
field and any field that indicates the block size are compulsory - Last address, Netmask, Prefix
or Size. The other parameters on this page and any other parameter that you will find on the next
page, Class parameters, are optional and can be left blank.

144
 Importing Data

Keep in mind that from the All blocks page, either IPv4 or IPv6, you can also import subnets,
pools and addresses, refer to the section Where to Import IPAM Data above for more details.

Note that the procedures below are based on an import made on the All blocks page. However,
you can of course go to the all blocks list of a particular space to import blocks. In this case, the
containing space will not be required during the import. This allows you to import a block from
any space into the space that suits your needs.

To import IPv4 blocks through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks.
4. In the menu, select Add > Import > CSV blocks. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The First address field and any field that indicates the block size
(Last address, Netmask, Prefix or Size) are required. The different fields are detailed in the
table below:

Table 12.5. Blocks Import Parameters

Parameters Description
First address Select the column corresponding to the block(s) first address. This field
is compulsory.
Last address | Select the column corresponding to the block(s) last (end) address or to
Netmask | Prefix the block(s) Netmask or to the block(s) Prefix or to the block(s) Size. Only
| Size one the four drop-down lists needs to be filled to indicate the block(s)
size during the import. It is compulsory to choose at least one of these
fields.
Name Select the column corresponding to the block(s) name. This field is op-
tional.
Class parameters Select the column corresponding to the block(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Description Select the column corresponding to the block(s) description. This field is
optional.
Class name Select the column corresponding to the block(s) class name. This field
is optional.
Space name Select the column corresponding to the name of the space containing
the block(s). At the bottom of the list of columns of the CSV file, the exist-

145
 Importing Data

Parameters Description
ing spaces are also listed, select the space where you want import the
block(s). This field is compulsory.

9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.6. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the listing. Don't re-
place is selected by default.
Keep the existing This drop-down list refers to the existing class parameters of the
class parameters blocks database. Select Yes or No depending on your needs.Yes is
selected by default.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All blocks list. Your blocks list in now updated.

To import IPv6 blocks through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > CSV blocks (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.

146
 Importing Data

8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The First address, Prefix and Space name fields are required. The
different fields are detailed in the table below:

Table 12.7. IPv6 Blocks Import Parameters

Parameters Description
First address Select the column corresponding to the first address of the IPv6 block(s).
This field is compulsory.
Prefix Select the column corresponding to the block(s) Prefix. This field is
compulsory.
Name Select the column corresponding to the block(s) name. This field is op-
tional.
Class name Select the column corresponding to the block(s) class name. This field
is optional.
Class parameters Select the column corresponding to the block(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Description Select the column corresponding to the block(s) description. This field is
optional.
Space name Select the column corresponding to the name of the space containing
the block(s). At the bottom of the list of columns of the CSV file, the exist-
ing spaces are also listed, select the space where you want import the
block(s). This field is compulsory.

9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.8. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All blocks list. Your blocks list in now updated.

147
 Importing Data

Importing Subnets
When importing one or several subnets, the import wizard will always contain at least 26 drop-
down lists that correspond to columns that you can display on the All subnets listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.

When importing a list from the All subnets page, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the Address, Name,
Space name and one of the Prefix, Size or Netmask fields are compulsory. The other parameters
on this page and any other parameter that you will find on the next page, Class parameters, are
optional and can be left blank.

The subnet import configuration wizard offers very useful options and configuration to the user:

Importing subnets and organizing them later

To give you time to organize your network of subnets the way you want, you can simply import
subnets in a space (choosing a target space is compulsory) containing no matching blocks.
The imported subnets will be put in an Orphan subnets container at the blocks level and
displayed separately at the subnets level. You will be able to create blocks later on to contain
these subnets. For more details regarding blocks addition, refer to the section Managing
Blocks of the Managing IP Networks chapter.
Using the option Use best space
If you import IPv4 subnets in the All subnets page (rather than within a specific space or
block), the subnets import wizard provides the Use best space option in the Space name
field. It puts the content of the CSV file into the space that contains the smallest block possible
that can receive the subnet. This option is particularly useful when it comes to changing the
organization of your subnets within SOLIDserver.

As for VLSM, two options are dedicated to the import:

Specifying a VLSM space name field

During the import of subnets you can manage the VLSM organization contents. If you are
importing a list of subnets in a parent space, you can select one of its direct sub-spaces in
the VLSM space name field. This way, the imported subnet(s) in the parent space will be
automatically replicated as block(s) in the selected sub-space. Note that to import subnets
in a VLSM configuration you will need to be in the All subnets list of the parent space.
SOLIDserver cannot go through with the import if you choose the Use best space option in
the Space name field and specify a child space in the VLSM space name field.

Caution
The subnet import wizard displays on the same page the options imbricated
subnet and VLSM space name, however configuring both these options
during an import will trigger error messages as the VLSM space name will
prevail and the imbricated subnets will be ignored. You need to configure these
options separately if you need them both in your network configuration.

Ticking the imbricated subnets box

If you want to import subnets containing other terminal or non terminal subnets, the imbricated
subnets checkbox allows you to recreate the whole subnets hierarchy included in your CSV
file.

148
 Importing Data

Keep in mind that if you want to import a subnets hierarchy without ticking this box, they will
be imported in an Orphan subnets container following the order saved in the .csv file: the
first items will be imported, the rest will be considered overlap, trigger an error message and
not be imported at all.

Besides, if you choose to import a subnets hierarchy into a space not containing any
block to welcome it: the first non terminal subnet will become a block.

Finally, if you want to import a subnets hierarchy into a space that already contains a block
matching even partially the range of addresses of the first non terminal subnet:
• If the block is bigger than the first non terminal subnet, the whole hierarchy is created
within the block, but only if there is enough space available. Otherwise, the report displays
an error message and only the subnets that fit in the block are imported.
• If the block and the first non terminal subnet are the same size, the first non terminal
subnet is ignored, the block already matches its ranges of addresses.The subnets contained
in the non terminal subnet are imported in the block if there is enough space for them in
the block. Otherwise, the report displays an error message and only the subnets that fit in
the block available addresses are imported.

Keep in mind that from the All subnets page, either IPv4 or IPv6, you can also import pools and
addresses, refer to the section Where to Import IPAM Data above for more details.

Note that the procedures below are based on an import made on the All subnets list. However,
you can of course go to the all subnets list of a particular space or block to import subnets. In
this case, the containing space will not be required during the import. This allows you to import
a subnet from any space or block into the container that suits your needs.

To import IPv4 subnets through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Address, Name, Space name field and any field that indicates
the subnet size (Netmask, Prefix or Size) are required. The different fields are detailed in
the table below:

149
 Importing Data

Table 12.9. Subnets Import Parameters

Parameters Description
Address Select the column corresponding to the subnet(s) start address.This field
a
is compulsory.
Netmask | Prefix Select the column corresponding to the subnet(s) Netmask or Prefix or
| Size Size. Only one the three drop-down lists needs to be filled if you want to
indicate the subnet(s) size during the import. It is compulsory to choose
at least one of these fields.
Name Select the column corresponding to the subnet(s) name. This field is
compulsory.
Subnet is termin- Select the column corresponding to the VLSM status of the subnet(s),
al terminal or non terminal. By default, if you import a subnets hierarchy the
last imbricated subnet is considered terminal even if it is not. Selecting
the line corresponding to the value of the column will add an extra check
when parsing the data and ensure that the import respects the status you
set for each subnet. The values listed between brackets should be 0 or
b
1 otherwise it will not be taken into account during the import . This field
is optional.
Class parameters Select the column corresponding to the subnet(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. If not, you can select the Use best space
option described in the line below. This field is compulsory.
Use best space Select this option if you do not have a Space name column in your CSV
[Space name file. Note that if you need this option, the VLSM space name option will
field option] not work properly.
VLSM space If you set up a Variable Length Subnet Masks (VLSM) organization of
name your network spaces, select at the bottom of the list, the sub space that
will use the subnet you are importing as a block. Note that this option
cannot work in association with the Imbricated subnets option. This field
is optional.
Class name Select the column corresponding to the subnet(s) class name. This field
is optional.
Imbricated sub- Tick this box if you want to import a hierarchy of non terminal and terminal
nets subnets. You cannot use this option if you are setting up a VLSM import
using the VLSM space name option.
a
When reimporting data from SOLIDserver, you can select the Address + prefix field and simply select at least the
Name and Space name fields to continue with the import.
b
When exporting the content of the Terminal column, make sure to tick the The export might be reimported box. If
the import wizard displays Yes and No between brackets, it will be ignored during the import.

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

150
 Importing Data

Table 12.10. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All subnets list. Your blocks list in now updated.

To import IPv6 subnets through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Import > CSV subnets (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The Address, Prefix, Name and Space name fields are required.
The different fields are detailed in the table below:

Table 12.11. IPv6 Subnets Import Parameters

Parameters Description
Address Select the column corresponding to the subnet(s) start address.This field
is compulsory.
Prefix Select the column corresponding to the subnet(s) Netmask or Prefix or
Size. Only one the three drop-down lists needs to be filled if you want to

151
 Importing Data

Parameters Description
indicate the subnet size during the import. It is compulsory to choose at
least one of these fields.
Name Select the column corresponding to the subnet(s) name. This field is
compulsory.
Class name Select the column corresponding to the subnet(s) class name. This field
is optional.
Class parameters Select the column corresponding to the subnet(s)-related combination of
parameters, in URL format, if need be. This field is optional.
VLSM space If you set up a Variable Length Subnet Masks (VLSM) organization of
your network spaces, select at the bottom of the list, the sub space that
will use the subnet your are importing as a block. Note that this option
cannot work in association with the imbricated subnet option at the bottom
of the list.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. At the bottom of the list of columns of the
CSV file, the existing spaces are also listed, select the space where you
want import the subnet(s). This field is compulsory.
Imbricated sub- Tick this box if you want to import a hierarchy of non terminal and terminal
nets subnets. You cannot use this option if you are setting up a VLSM import
using the VLSM space name option.

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.12. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All subnets list. Your blocks list in now updated.

152
 Importing Data

Importing Pools
When import one or several pools, the import wizard will always contain at least 8 drop-down
lists that correspond to columns that you can display on the All pools listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured at this level of the IPAM module.

Note
You cannot import pools in an empty space: to successfully import pools, you need
a subnet that can receive them.

When importing a list from the All pools list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the First ad-
dress, Name and Space name fields and any field that indicates the pool size are compulsory.
The other parameters on this page and any other parameter that you will find on the next page,
Class parameters, are optional and can be left blank.

Keep in mind that from the All pools page, either IPv4 or IPv6, you can also import addresses,
refer to the section Where to Import IPAM Data above for more details.

Note that the procedures below are based on an import made on the All pools list. However, you
can of course go to the all pools list of a particular space, block or subnet to import pools. In this
case, the containing space will not be required during the import. This allows you to import a pool
from any space, block or subnet into the container that suits your needs.

To import IPv4 pools through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The First address, Name, Space name and one of the two size-
related fields (Last address or Size) are required. The different fields are detailed in the table
below:

Table 12.13. Pools Import Parameters

Parameters Description
First address Select the column corresponding to the pool(s) first address. This field is
compulsory.

153
 Importing Data

Parameters Description
Last address Select the column corresponding to the pool(s) last (end) address. If you
do not specify the pool Last address you will need to indicate the Size
(line below).
Size Select the column corresponding to the pool(s) size. If you do not specify
the pool Size you will need to indicate the Last address (line above).
Name Select the column corresponding to the pool(s) name. This field is com-
pulsory.
Read only Select the column corresponding to the pool(s) reservation status. This
field is optional.
Class name Select the column corresponding to the pool(s) class name. This field is
optional.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. If not, see the next line detailing the Use
best space option. This field is compulsory.
Use best space Select this option if you do not have a Space name column in your CSV
[Space name file.
field option]

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.14. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All pools list. Your blocks list in now updated.

To import IPv6 pools through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.

154
 Importing Data

2. Click on the Pools icon. The All pools list opens.

3. Next to the Logout button, click on IP6 to display the IPv6 pools.
4. In the menu, select Add > Import > CSV subnets (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The First address, Last address, Name and Space name fields
are required. The different fields are detailed in the table below:

Table 12.15. IPv6 Pools Import Parameters

Parameters Description
First address Select the column corresponding to the pool(s) first address. This field is
compulsory.
Last address Select the column corresponding to the pool(s) last (end) address. This
field is compulsory.
Name Select the column corresponding to the pool(s) name. This field is com-
pulsory.
Read only Select the column corresponding to the pool(s) reservation status. This
field is optional.
Class name Select the column corresponding to the pool(s) class name. This field is
optional.
Space name Select the column corresponding to the pool(s) space name. At the bottom
of the list of columns of the CSV file, the existing spaces are also listed,
select the space where you want import the pool(s). This field is compuls-
ory.

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.16. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

155
 Importing Data

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All pools list. Your blocks list in now updated.

Importing Addresses
When import one or several addresses, the import wizard will always contain at least 28 drop-
down lists that correspond columns that you can display on the All addresses listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured at this level of the IPAM module.

When importing a list from the All addresses list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the IP address,
Name and Space name fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.

Note
You can import addresses in an empty space, they will be saved in an Orphan Sub-
nets entity.

Note that the procedures below are based on an import made on the All addresses list. However,
you can of course go to the all addresses list of a particular space, block, subnet or pool to import
addresses. In this case, the containing space will not be required during the import. This allows
you to import an address from any space, block, subnet or pool into the container that suits your
needs.

To import IPv4 addresses through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses.
4. In the menu, select Add > Import > CSV subnets. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

156
 Importing Data

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The IP address, Name and Space name fields are required.
The different fields are detailed in the table below:

Table 12.17. Addresses Import Parameters

Parameters Description
IP address Select the column corresponding to the IP address(es). This field is
compulsory.
Name Select the column corresponding to the IP address(es) name. This field
is compulsory.
MAC address Select the column corresponding to the IP address(es) MAC address.
This field is optional.
Alias Select the column corresponding to the alias associated with the IP ad-
dress(es). This field is optional.
Class parameters Select the column corresponding to the address(es)-related combination
of parameters, in URL format, if need be. This field is optional.
Space name Select the column corresponding to the name of the space if you want
to recreate your organization. If not, see the next line detailing the Use
best space option. This field is compulsory.
Use best space Select this option if you do not have a Space name column in your CSV
[Space name file. The best space will be a space containing a block and subnet that
a
field option] can receive the IP address(es).
Class name Select the column corresponding to the class name of the subnet(s) you
are importing.
a
To add IP addresses in an Orphan subnets, display any list of a specific space (All blocks, subnets or pools page).

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.18. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.

157
 Importing Data

13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All addresses list. Your blocks list in now updated.

To import IPv6 addresses through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 addresses.
4. In the menu, select Add > Import > CSV subnets (v6). The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The IP address, Name and Space name fields are required.
The different fields are detailed in the table below:

Table 12.19. IPv6 Addresses Import Parameters

Parameters Description
IP address Select the column corresponding to the IP address(es). This field is
compulsory.
Name Select the column corresponding to the IP address(es) name. This field
is compulsory.
MAC address Select the column corresponding to the IP address(es) MAC address.
This field is optional.
Class name Select the column corresponding to the IP address(es) class name. This
field is optional.
Class parameters Select the column corresponding to the address(es)-related combination
of parameters, in URL format, if need be. This field is optional.
Space name Select the column corresponding to the address(es) space name. At the
bottom of the list of columns of the CSV file, the existing spaces are also
listed, select the space where you want import the address(es). This field
is compulsory.

9. Click on NEXT . The CSV class parameters page opens. All the fields are optional, choose
the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

158
 Importing Data

Table 12.20. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All addresses list. Your blocks list in now updated.

Importing VRFs
The VRF import requires little information to be effective.

When importing a list from the All VRFs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the VRF name
and VRF RD ID fields are compulsory.

Keep in mind that from the All VRFs page, you can also import VRF Route Targets, refer to the
section Where to Import IPAM Data above for more details.

To import VRFs through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Add > Import > CSV VRFs. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.

159
 Importing Data

7. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The VRF name and VRF RD ID fields are required. The different
fields are detailed in the table below:

Table 12.21. Addresses Import Parameters

Parameters Description
VRF name Select the column corresponding to the VRF(s) name. This field is
compulsory.
VRF RD ID Select the column corresponding to the VRF(s) RD ID. This field is
compulsory.
VRF comment Select the column corresponding to the VRF(s) comment. This field
is optional.
VRF class name Select the column corresponding to the VRF(s) class name. This
field is optional.
VRF class parameters Select the column corresponding to the VRF(s)-related combination
of parameters, in URL format, if need be. This field is optional.

8. Click on NEXT . If you or your administrator configured classes at the VRF level, the CSV
class parameters page opens. Choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.22. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All VRFs list. Your VRF list in now updated.

Importing VRF Route Targets

Like the VRF import, the VRF Route Target import requires little information to be effective
provided that the Route Target has set up communication between VRFs that are already in the
database.

160
 Importing Data

When importing a list from the All VRFs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the Source
RD ID of the VRF Route Targets and Target RD ID of the VRF Route Targets fields are compulsory.
As the VRFs are already in the database, the name will be retrieved and displayed on the listing
page once the Route Targets are imported.

To import VRF Route Targets through a CSV file

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > Import > CSV VRF Route Targets. The Import a CSV file wizard
opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. In the last section of the wizard, select the columns of your CSV file corresponding to the
data requested in each field. The Source RD ID of the VRF Route Targets and Target RD
ID of the VRF Route Targets fields are required. The different fields are detailed in the table
below:

Table 12.23. Addresses Import Parameters

Parameters Description
Source RD ID of the Select the column corresponding to the source VRF of the Route
VRF Route Targets Target(s). This field is compulsory.
Target RD ID of the Select the column corresponding to the target VRF of the Route
VRF Route Targets Target(s). This field is compulsory.
Imported VRF Route Select the column corresponding to the import VRF Route Target(s)
Target parameter. This field is optional.
Exported VRF Route Select the column corresponding to the export VRF Route Target(s)
Target parameter. This field is optional.

9. Click on NEXT . If you or your administrator configured classes at the VRF level, the CSV
class parameters page opens. Choose the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.24. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the
same name or Don't replace to add the items to the list of ports and
interfaces in the drop-down list. Don't replace is selected by default.

161
 Importing Data

Fields Description
Keep the existing Select Yes or No depending on your needs. Yes is selected by de-
class parameters fault.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All VRF Route Targets list. Your VRF Route Targets list in
now updated.

Importing Data to the DHCP

Where to Import DHCP Data
Within the DHCP module, you can import data on the scopes, ranges and statics pages in IPv4
and IPv6. The table below, details all the data that you can import on each page.

Table 12.25. Pages of the DHCP Where you Can Import CSV Files
DHCP page Objects that can be imported Option name in the Add > Import
menu
All scopes Scopes CSV scopes
Ranges CSV ranges
Statics CSV statics
All scopes (v6) IPv6 scopes CSV scopes
IPv6 ranges CSV ranges
IPv6 statics CSV statics
All ranges Ranges CSV ranges
All ranges (v6) IPv6 ranges CSV ranges
All statics Statics CSV statics
All statics (v6) IPv6 statics CSV statics

Importing Scopes
Several scope files can be successively imported into the same DHCP server. It allows you to
merge scopes coming from different DHCP configurations in one unique DHCP server. DHCP
scopes can be imported into one or several DHCP servers. In the following example, we will explain
how to import DHCP scopes from a CSV file into the all scopes list. However, you can also go
to the scopes list of a specific server. If you plan on importing scopes into different servers, make
sure that your CSV file contains a column dedicated to the server name.

162
 Importing Data

When importing one or several scopes, the import wizard will always contain a set of drop-down
lists that correspond to columns that you can display on the All scopes listing page. The number
of fields that might be required depends on the class parameters you or your administrator might
have configured at this level of the DHCP module. For instance, the CSV file can contain addi-
tional columns to define DHCP options, such as router (default gateway), domain name, or domain
server. Refer to the Configuring DHCP Options chapter for more details regarding DHCP options.

On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: only the address related field and server name field are compulsory.
The other parameters on this page and any other parameter that you will find on the next page,
Class parameters, are optional and can be left blank.

Keep in mind that from the All scopes page you can import IPv4 or IPv6 scopes as well as ranges
and statics, refer to the section Where to Import DHCP Data above for more details.

To import IPv4 scopes through a CSV file

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > CSV scopes. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Address, any field that indicates the scope size (Prefix, Netmask
or Size) and the DHCP server fields are required. The different fields are detailed in the table
below:

Table 12.26. Scopes Import Parameters

Fields Description
Name Select the column corresponding to the scope(s) name. This field is op-
tional.
Address Select the column corresponding to the scope(s) first address. This field
is compulsory.
Prefix | Netmask Select the column corresponding to the scope(s) prefix or to scope(s)
| Size Netmask or to the scope(s) Size. Only one the three drop-down lists
needs to be filled to indicate the scope(s) size during the import. It is
compulsory to choose at least one of these fields.
Scope space Select the column corresponding to the scope(s) space in the IPAM. This
field is optional.
Shared network Select the column corresponding to the scope(s) shared network. This
field is optional.

163
 Importing Data

Fields Description
Failover Select the column corresponding to the scope(s) failover. This field is
optional.
Class name Select the column corresponding to the scope(s) class name. This field
is optional.
Class parameters Select the column corresponding to the scope(s)-related combination of
parameters, in URL format, if need be. This field is optional.
DHCP server Select the column corresponding to the scope(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the scope(s). This field
is compulsory.

9. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.

Table 12.27. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the scopes
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

To import IPv6 scopes through a CSV file

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 scopes.
4. In the menu, select Add > Import > CSV scopes. The Import a CSV file wizard opens.

164
 Importing Data

5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Prefix)
and the DHCP server field are required. The different fields are detailed in the table below:

Table 12.28. Scope Parameters in IPv6

Fields Description
Name Select the column corresponding to the scope(s) name. This field is op-
tional.
Start address Select the column corresponding to the scope(s) start address. This field
is compulsory.
End address | Select the column corresponding to the scope(s) end address or to the
Prefix scope(s) prefix. Only one the two drop-down lists needs to be filled to
indicate the scope(s) size during the import. It is compulsory to choose
at least one of these fields.
Scope space Select the column corresponding to the scope(s) space in the IPAM. This
field is optional.
Class name Select the column corresponding to the scope(s) class name. This field
is optional.
Class parameters Select the column corresponding to the scope(s)-related combination of
parameters, in URL format, if need be. This field is optional.
DHCP6 server Select the column corresponding to the scope(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the scope(s). This field
is compulsory.

9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for IPv6 scopes. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.

Table 12.29. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.

165
 Importing Data

Fields Description
Keep the existing This drop-down list refers to the existing class parameters of the scopes
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Ranges
The DHCP ranges can be imported separately from the scope procedure, but a scope must be
created (or imported) first as it will contain the range.

When importing one or several ranges, the import wizard will always contain a set of drop-down
lists that correspond to columns that you can display on the All ranges listing page. The number
of fields that might be required depends on the class parameters you or your administrator might
have configured at this level in DHCP module. For instance, the CSV file can contain additional
columns to define DHCP options for IPv4 ranges, such as router (default gateway), domain name,
or domain server. Refer to the Configuring DHCP Options chapter for more details regarding
DHCP options.

On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: the start address, range size-related and server name fields are
compulsory. The other parameters on this page and any other parameter that you will find on the
next page, Class parameters, are optional and can be left blank.

Keep in mind that from the All ranges page you can also import IPv4 or IPv6 ranges, refer to the
section Where to Import DHCP Data above for more details.

To import IPv4 ranges through a CSV file

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The DHCP All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. In the menu, select Add > Import > CSV ranges. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.

166
 Importing Data

7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Size)
and the DHCP server field are required. The different fields are detailed in the table below:

Table 12.30. Range parameters in IPv4

Fields Description
Start address Select the column corresponding to the range(s) start address. This field
is compulsory.
End address | Select the column corresponding to the range(s) end address or to the
Size range(s) size. One these two drop-down lists needs to be filled to indicate
the range(s) size during the import. It is compulsory to choose at least
one of these fields.
Failover channel Select the column corresponding to the range(s) failover channel. This
field is optional.
ACL Select the column corresponding to the range(s) ACL. This field is option-
al.
Class name Select the column corresponding to the range(s) class name. This field
is optional.
Class parameters Select the column corresponding to the range(s)-related combination of
parameters, in URL format, if need be. This field is optional.
DHCP server Select the column corresponding to the range(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the range(s). This field
is compulsory.

9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ranges. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.

Table 12.31. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the ranges
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.

167
 Importing Data

13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All ranges list. Your blocks list in now updated.

To import IPv6 ranges through a CSV file

Note
In IPv6, there are no DHCP options, so the step will obviously be automatically be
skipped in the following procedure.

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The DHCP All ranges list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 ranges.
4. In the menu, select Add > Import > CSV ranges. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Start address field, any size-related field (End address or Size)
and the DHCP6 server field are required. The different fields are detailed in the table below:

Table 12.32. Range parameters in IPv6

Fields Description
Start address Select the column corresponding to the range(s) start address. This field
is compulsory.
End address | Select the column corresponding to the range(s) end address or to the
Size range(s) size. One these two drop-down lists needs to be filled to indicate
the range(s) size during the import. It is compulsory to choose at least
one of these fields.
Class name Select the column corresponding to the range(s) class name. This field
is optional.
Class parameters Select the column corresponding to the range(s)-related combination of
parameters, in URL format, if need be. This field is optional.

168
 Importing Data

Fields Description
DHCP6 server Select the column corresponding to the range(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the range(s). This field
is compulsory.

9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for IPv6 ranges. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The CSV import parameters page opens.

Table 12.33. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the ranges
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

11. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
13. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 15.
14. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
15. Click on CLOSE to go back to the All ranges list. Your blocks list in now updated.

Importing Statics
The DHCP statics can be imported in a DHCP server. When importing one or several statics, the
import wizard will always contain a set of drop-down lists that correspond to columns that you
can display on the All statics listing page. The number of fields that might be required depends
on the class parameters you or your administrator might have configured at this level of the DHCP
module. For instance, the CSV file can contain additional columns to define DHCP options, such
as router (default gateway), domain name, or domain server. Refer to the Configuring DHCP
Options chapter for more details regarding DHCP options.

On the CSV fields association page of the import wizard, you will always find a set of drop-down
lists at the bottom of the page: the DHCP static name and server name fields are compulsory in
both versions. The import of IPv4 statics will require the MAC address as well. The other para-
meters on this page and any other parameter that you will find on the next page, Class parameters,
are optional and can be left blank.

Keep in mind that from the All statics page you can also import IPv4 or IPv6 statics, refer to the
section Where to Import DHCP Data above for more details.

169
 Importing Data

To import IPv4 statics through a CSV file

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The DHCP All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 statics.
4. In the menu, select Add > Import > CSV statics. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DHCP static name field, MAC address and the DHCP server
field are required. The different fields are detailed in the table below:

Table 12.34. Statics Parameters in IPv4

Field Description
DHCP static name Select the column corresponding to the static(s) name. This field is
compulsory.
MAC address Select the column corresponding to the static(s) MAC address. This
field is compulsory.
DHCP static IP ad- Select the column corresponding to the static(s) IP address. This
dress field is optional.
DHCP group Select the column corresponding to the static(s) group. This field is
optional.
DHCP static class Select the column corresponding to the static(s) class name. This
name field is optional.
Class parameters Select the column corresponding to the static(s)-related combination
of parameters, in URL format, if need be. This field is optional.
DHCP server Select the column corresponding to the static(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are
also listed, select the server where you want to import the static(s).
This field is compulsory.

9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for statics. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.

170
 Importing Data

Table 12.35. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the statics
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All statics list. Your blocks list in now updated.

To import IPv6 statics through a CSV file

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The DHCP All statics list opens.
3. Next to the Logout button, click on IP6 to display the DHCPv6 statics.
4. In the menu, select Add > Import > CSV statics. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DHCP static name field, MAC address and the DHCP server
field are required. The different fields are detailed in the table below:

Table 12.36. Statics Parameters in Ipv6

Field Description
DHCP static name Select the column corresponding to the static(s) name. This field is
compulsory.
Static IP address Select the column corresponding to the static(s) IP address. This
field is optional.

171
 Importing Data

Field Description
MAC address | Client Select the column corresponding to the static(s) MAC address or the
DUID static(s) Client DUID. One these two drop-down lists needs to be
filled to identify the static(s) client. It is compulsory to choose at least
one of these fields.
DHCP group Select the column corresponding to the static(s) group. This field is
optional.
DHCP static class Select the column corresponding to the static(s) class name. This
name field is optional.
Class parameters Select the column corresponding to the static(s)-related combination
of parameters, in URL format, if need be. This field is optional.
DHCP6 server Select the column corresponding to the static(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are
also listed, select the server where you want to import the static(s).
This field is compulsory.

9. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for statics. All the fields are optional, choose the data you want to import.
10. Click on NEXT . The DHCP options page opens. All the fields are optional, choose the data
you want to import. Refer to the Configuring DHCP Options chapter for more details.
11. Click on NEXT . The CSV import parameters page opens.

Table 12.37. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the statics
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

12. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
14. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 16.
15. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
16. Click on CLOSE to go back to the All statics list. Your blocks list in now updated.

172
 Importing Data

Importing Data to the DNS

Where to Import DNS Data
Within the DNS module, you can import data on the zones and resource records pages. The
table below, details what can import on both pages.

Table 12.38. Pages of the DNS Where you Can Import CSV Files
DNS page Objects that can be imported Option name in the Add > Import
menu
All zones Zones CSV zones
All RRs Resource records CSV RRs

Importing Zones
When importing one or several zones, the import wizard will always contain drop-down lists that
correspond to columns that you can display on the All zones listing page. It can contain more
fields that might be required depending on the class parameters you or your administrator might
have configured at this level of the DNS module.

When importing a list from the All zones list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the DNS zone
name, DNS zone type and DNS server name fields are compulsory. The other parameters on
this page and any other parameter that you will find on the next page, Class parameters, are
optional and can be left blank.

Note that the procedures below are based on an import made on the All zones page. However,
you can of course go to the all zones list of a particular server. In this case, the containing server
name will not be required during the import. This allows you to import a zone from any server
into the server that suits your needs.

To import zones through a CSV file

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > Import > CSV zones. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The DNS zone name, DNS zone type and DNS server name fields
are required. The different fields are detailed in the table below:

173
 Importing Data

Table 12.39. Zones Parameters

Fields Description
DNS Zone name Select the column corresponding to the zone(s) name. This field is com-
pulsory.
DNS Zone type Select the column corresponding to the zone(s) type. This field is com-
pulsory.
Master IP ad- Select the column corresponding to the zone(s) master server IP address.
dress This field is compulsory when importing slave zone(s).
Forwarder IP ad- Select the column corresponding to the zone(s) forwarding server IP ad-
dress dress. This field is optional.
DNS view Select the column corresponding to the zone(s) view name. This field is
optional.
DNS server name Select the column corresponding to the zone(s) server name. At the
bottom of the list of columns of the CSV file, the existing servers are also
listed, select the server where you want to import the zone(s). This field
is compulsory.

8. Click on NEXT . The Class parameters page opens. All the fields are optional, choose the
data you want to import.
9. Click on NEXT . The CSV import parameters page appears.

Table 12.40. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the zones
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Resource Records

When importing one or several resource records, the import wizard will always contain drop-down
lists that correspond to columns that you can display on the All RRs listing page.

174
 Importing Data

When importing a list from the All RRs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the RR name,
Value 1, Zone name and RR type fields are compulsory. The other parameters on this page and
any other parameter that you will find on the next page, Class parameters, are optional and can
be left blank.

Note that the procedures below are based on an import made on the All RRs page. However,
you can of course go to the all RRs list of a particular server or zone. This allows you to import
RRs from any zone or server into the zone that suits your needs.

To import resource records through a CSV file

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All RRs list opens.
3. In the menu, select Add > Import > CSV RRs. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The RR name, Value 1 and RR type fields are required. The different
fields are detailed in the table below:

Table 12.41. Object parameters

Fields Description
RR name Select the column corresponding to the RR(s) name. This name can be
FQDN if you also import the column containing the Zone name. This field
is compulsory.
TTL Select the column corresponding to the RR(s) TTL. This field is optional.
Value 1 Select the column corresponding to the Value column: it can contain a
whole list of information. This field is optional.
Value 2 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.
Value 3 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.
Value 4 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.
Value 5 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.
Value 6 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.
Value 7 Select the column corresponding to the Value column: it allows to import
additional data regarding a resource record. This field is optional.

175
 Importing Data

Fields Description
Zone name Select the column corresponding to the RR(s) zone name. This field is
compulsory.
DNS view Select the column corresponding to the RR(s) view name. This field is
optional.
DNS server Select the column corresponding to the RR(s) server name. This field is
optional.
RR type Select the column corresponding to the RR(s) type. At the bottom of the
list of columns of the CSV file, the existing RR types are also listed, you
can choose one of them. This field is compulsory.

8. Click on NEXT . The CSV import parameters page appears.

Table 12.42. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the zones
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

9. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 11.
10. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
11. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it
go to step 13.
12. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
13. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Data to NetChange

Where to Import NetChange Data
Within NetChange module, you can import data on the network devices page. The table below,
details what can import on this page.

Table 12.43. Pages of NetChange Where you Can Import CSV Files
NetChange page Objects that can be imported Option name in the Add > Import
menu
All network devices Network devices CSV file

176
 Importing Data

Importing Network Devices

When importing one or several network devices, the import wizard will always contain drop-down
lists that correspond to columns that you can display on the All network devices listing page. It
can contain more fields that might be required depending on the class parameters you or your
administrator might have configured at this level of the NetChange module.

When importing a list from the All zones list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the Target
space field is compulsory. The other parameters on this page and any other parameter that you
will find on the next page are optional and can be left blank.

To import network devices through a CSV file

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Add > Import > CSV file. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page appears.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line. For
more details, refer to the CSV Fields Association Description table in the Introduction section
of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Target space field is required. The different fields are detailed
in the table below:

Table 12.44. Object parameters

Fields Description
Address Select the column corresponding to the network device(s) IP address.
We recommend that you select at least this column but it is optional.
Community Select the column corresponding to the network device(s) SNMP com-
munity. This field is optional.
Class Select the column corresponding to the network device(s) class. This
field is optional.
Target space Select the column corresponding to the network device(s) space in the
IPAM. The selected space will list the IP address of the discovered items
of the network device(s). This field is compulsory.

8. Click on NEXT . The Import a CSV file page appears.

177
 Importing Data

Table 12.45. SNMP Profile Information Fields

Fields Description
SNMP profiles configura- This field lists the available versions of the SNMP protocol. If
tion you know the version, select it and click on to move it to the
Selected profiles list.
Selected profiles This field lists the versions of the SNMP protocol you chose to
use to retrieve the network information. To remove a version
from the list, select it and click on .

If you do not select any, NetChange will use the standard v2c.
9. Click on OK to commit the import. The Report opens and work for a while: the import pro-
gression is visible. Once the import is over, the report lists the IP addresses imported as well
as the existing ones. If you want to download that final report, refer to the next step. If you
do not want to download it, go to step 11.
10. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
11. Click on CLOSE to go back to the All network devices list. Your list in now updated.

Importing Data to Device Manager

Where to Import Device Manager Data
Within Device Manager module, you can import data on the devices and ports & interfaces pages.
The table below, details what can import on both pages.

Table 12.46. Pages of Device Manager Where you Can Import CSV Files
Device Manager page Objects that can be imported Option name in the Add > Import
menu
All devices Devices CSV devices
Ports and/or interfaces CSV interfaces
All ports & interfaces Ports and/or interfaces CSV interfaces

Importing Devices
When importing one or several devices, the import wizard will always contain drop-down lists
that correspond to columns that you can display on the All devices listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.

When importing a list from the All devices list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: only the device
Name field is compulsory. The other parameters on this page and any other parameter that you
will find on the next page, Class parameters, are optional and can be left blank.

Keep in mind that from the All devices page, you can also import ports and interfaces, refer to
the section Where to Import IPAM Data above for more details.

178
 Importing Data

To import devices through a CSV file

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Import > CSV devices. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name field is required. The different fields are detailed in the
table below:

Table 12.47. Devices Import Parameters

Parameters Description
Name Select the column corresponding to the device(s) name. This field is
compulsory.
Class name Select the column corresponding to the device(s) class name. This field
is optional.
Class parameters Select the column corresponding to the device(s)-related combination of
parameters, in URL format, if need be. This field is optional.

8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for devices. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.48. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the devices
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.

179
 Importing Data

12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Ports & Interfaces

When importing one or several ports and/or interfaces, the import wizard will always contain drop-
down lists that correspond to columns that you can display on the All ports & interfaces listing
page. It can contain more fields that might be required depending on the class parameters you
or your administrator might have configured.

When importing a list from the All ports & interfaces list, on the CSV fields association page of
the import wizard, you will always find a set of drop-down lists at the bottom of the page: the
Name, Type and Device fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.

Note that the procedure below is based on an import made on the All ports & interfaces page.
However, you can of course go to the all ports & interfaces list of a particular device. In this case,
the containing device will not be required during the import.

To import ports and/or interfaces through a CSV file

This import can be done from the All Devices list or the All ports & interfaces list.

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All devices list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name field is required. The different fields are detailed in the
table below:

Table 12.49. Ports &Interfaces Import Parameters

Parameters Description
Name Select the column corresponding to the port(s) and/or interface(s) name.
This field is compulsory.

180
 Importing Data

Parameters Description
Type Select the column corresponding to the port(s) and/or interface(s) type.
This field is compulsory.
MAC address Select the column corresponding to the port(s) and/or interface(s) MAC
address. This field is optional.
Class name Select the column corresponding to the port(s) and/or interface(s) class
name. This field is optional.
Class parameters Select the column corresponding to the port(s) and/or interface(s)-related
combination of parameters, in URL format, if need be.This field is optional.
Device Select the column corresponding to the port(s) and/or interface(s) device
name. At the bottom of the list of columns of the CSV file, the existing
devices are also listed, select the device where you want to import the
port(s) and/or interface(s). This field is compulsory.

8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.50. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the ports
class parameters and interfaces database. Select Yes or No depending on your needs.
Yes is selected by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Data to VLAN Manager

Where to Import VLAN Manager Data
Within VLAN Manager module, you can import data on the domains, ranges and VLANs pages.
The table below, details what can import on both pages.

181
 Importing Data

Table 12.51. Pages of VLAN Manager Where you Can Import CSV Files
VLAN Manager page Objects that can be imported Option name in the Add > Import
menu
All domains Domains CSV domains
Ranges CSV ranges
VLANs CSV VLANs
All ranges Ranges CSV ranges
VLANs CSV VLANs
All VLANs VLANs CSV VLANs

Importing VLAN Domains

When importing one or several VLAN domains, the import wizard will always contain drop-down
lists that correspond to columns that you can display on the All domains listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.

When importing a list from the All domains list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the domain Name,
Start ID and End ID fields are compulsory. The other parameters on this page and any other
parameter that you will find on the next page, Class parameters, are optional and can be left
blank.

Keep in mind that from the All domains page, you can also import ranges and VLANs, refer to
the section Where to Import VLAN Manager Data above for more details.

To import VLAN domains through a CSV file

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the menu, select Add > Import > CSV devices. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name, Start ID and End ID fields are required. The different
fields are detailed in the table below:

182
 Importing Data

Table 12.52. Domains Import Parameters

Parameters Description
Name Select the column corresponding to the domain(s) name. This field is
compulsory.
Start ID Select the column corresponding to the domain(s) first VLAN ID. This
field is compulsory.
End ID Select the column corresponding to the domain(s) last VLAN ID. This
field is compulsory.
Description Select the column corresponding to the domain(s) description. This field
is optional.
Class name Select the column corresponding to the domain(s) class name. This field
is optional.
Class parameters Select the column corresponding to the domain(s)-related combination
of parameters, in URL format, if need be. This field is optional.

8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for devices. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.53. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the devices
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing VLAN Ranges

When importing one or several VLAN ranges, the import wizard will always contain drop-down
lists that correspond to columns that you can display on the All ranges listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.

183
 Importing Data

When importing a list from the All ranges list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the range Name,
Start ID, End ID and Domain fields are compulsory. The other parameters on this page and any
other parameter that you will find on the next page, Class parameters, are optional and can be
left blank.

Keep in mind that from the All ranges page, you can also import VLANs, refer to the section
Where to Import VLAN Manager Data above for more details.

Note that the procedure below is based on an import made on the All ranges page. However,
you can of course go to the All domains list of a particular device. In this case, the containing
domain will not be required during the import.

To import VLAN ranges through a CSV file

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The Name, Start ID, End ID and Domain fields are required.The
different fields are detailed in the table below:

Table 12.54. Ranges Import Parameters

Parameters Description
Name Select the column corresponding to the range(s) name. This field is
compulsory.
Start ID Select the column corresponding to the range(s) first VLAN ID. This field
is compulsory.
End ID Select the column corresponding to the range(s) last VLAN ID. This field
is compulsory.
Description Select the column corresponding to the range(s) description. This field
is optional.
Class name Select the column corresponding to the range(s) class name. This field
is optional.
Class parameters Select the column corresponding to the range(s)-related combination of
parameters, in URL format, if need be. This field is optional.
Domain Select the column corresponding to the range(s) domain name. This field
is compulsory.

184
 Importing Data

8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.55. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the ports
class parameters and interfaces database. Select Yes or No depending on your needs.
Yes is selected by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing VLANs
When importing one or several VLANs, the import wizard will always contain drop-down lists that
correspond to columns that you can display on the All VLANs listing page. It can contain more
fields that might be required depending on the class parameters you or your administrator might
have configured.

When importing a list from the All VLANs list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: the VLAN ID, Range
and Domain fields are compulsory. The other parameters on this page and any other parameter
that you will find on the next page, Class parameters, are optional and can be left blank.

Note that the procedure below is based on an import made on the All VLANs page. However,
you can of course go to the All domains and All ranges list of a particular device. In this case,
the containing domains and range will not be required during the import.

To import VLANs through a CSV file

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. In the menu, select Add > Import > CSV interfaces. The Import a CSV file wizard opens.

185
 Importing Data

4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The VLAN ID, Range and Domain field is required. The different
fields are detailed in the table below:

Table 12.56. VLANs Import Parameters

Parameters Description
Name Select the column corresponding to the VLAN(s) name. This field is op-
tional.
VLAN ID Select the column corresponding to the VLAN(s) ID. This field is compuls-
ory.
Range Select the column corresponding to the VLAN(s) range name. This field
is compulsory.
Domain Select the column corresponding to the VLAN(s) domain name. This field
is compulsory.

8. Click on NEXT . The Class parameters page opens if you or your administrator created classes
for ports/interfaces. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.57. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the ports
class parameters and interfaces database. Select Yes or No depending on your needs.
Yes is selected by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.

186
 Importing Data

13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the All scopes list. Your blocks list in now updated.

Importing Data to the Administration Module

Where to Import Data in the Administration Module
Within the Administration module, you can import data on the Groups, Users and Custom data
pages. The table below, details what can import on these pages.

Table 12.58. Pages of the Administration Module Where you Can Import CSV Files
Administration page Objects that can be imported Option name in the Add > Import
menu
Groups Groups of users CSV groups
Users Users CSV file
RIPE users RIPE persons
Custom data Custom data CSV custom data

Importing Groups
When importing one or several groups of users, the import wizard will always contain at least 5
drop-down lists that correspond to columns that you can display on the Group listing page. It can
contain more fields that might be required depending on the class parameters you or your admin-
istrator might have configured.

When importing a list from the Group list, on the CSV fields association page of the import wizard,
you will always find a set of drop-down lists at the bottom of the page: only the device Name field
is compulsory. The other parameters on this page and any other parameter that you will find on
the next page, Class parameters, are optional and can be left blank.

To import groups through a CSV file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Groups icon. The Groups list opens.
3. In the menu, select Add > Import > CSV groups. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:

187
 Importing Data

Table 12.59. Groups Import Parameters

Parameters Description
Name Select the column corresponding to the group(s) name. This field is
compulsory.
Description Select the column corresponding to the group(s) description. This field
is optional.
Category Select the column corresponding to the group(s) category. This field is
optional.
Class name Select the column corresponding to the group(s) class name. This field
is optional.
Group parent Select the column corresponding to the group(s) group parent name. This
name will copy the rights of the selected group to the group(s) your are import-
ing. This field is optional.

8. Click on NEXT . The CSV class parameters if you or your administrator created classes for
groups. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.60. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the groups
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the Group list. Your space list in now updated.

Importing Users
When importing one or several users, the import wizard will always contain at least 10 drop-down
lists that correspond to columns that you can display on the Group listing page. It can contain
more fields that might be required depending on the class parameters you or your administrator
might have configured.

188
 Importing Data

When importing a list from the User list, on the CSV fields association page of the import wizard,
you will always find a set of drop-down lists at the bottom of the page: only the device Login field
is compulsory. The other parameters on this page and any other parameter that you will find on
the next page, Class parameters, are optional and can be left blank.

To import groups through a CSV file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users icon. The Users list opens.
3. In the menu, select Add > Import > CSV file. The Import a CSV file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.
5. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
6. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line,
Template and Save template fields. For more details, refer to the CSV Fields Association
Description table in the Introduction section of this chapter.
7. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. The space Name is the only required field. The different fields are
detailed in the table below:

Table 12.61. Users Import Parameters

Parameters Description
Login Select the column corresponding to the user(s) login. This field is com-
pulsory.
First name Select the column corresponding to the user(s) first name. This field is
optional.
Last name Select the column corresponding to the user(s) last name. This field is
optional.
Email Select the column corresponding to the user(s) email address. This field
is optional.
Password Select the column corresponding to the password the user(s) will use to
access SOLIDserver. This field is optional.
Description Select the column corresponding to the user(s) description. This field is
optional.
Authentication Select the column corresponding to the user(s) authentication method.
method This field is optional.
Default page Select the column corresponding to the user(s) default page. This field
is optional.
Class name Select the column corresponding to the user(s) class name. This field is
optional.
Maintainer group Select the column corresponding to the user(s) maintainer group. This
field is optional.

189
 Importing Data

8. Click on NEXT . The CSV class parameters if you or your administrator created classes for
users. All the fields are optional, choose the data you want to import.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.62. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the users
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the User list. Your space list in now updated.

Importing Custom Data

Within a custom DB you can import one or several custom data. The import wizard will always
contain at least 10 drop-down lists that correspond to columns that you can display on the Custom
data listing page. It can contain more fields that might be required depending on the class para-
meters you or your administrator might have configured.

When importing a list from the Custom data list, on the CSV fields association page of the import
wizard, you will always find a set of drop-down lists at the bottom of the page: they are all named
Value <number> which corresponds to the default columns name of a custom DB. Only the Value
1 field is compulsory. The other parameters on this page and any other parameter that you will
find on the next page, Class parameters, are optional and can be left blank.

To import custom data through a CSV file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database list opens.
3. In the Name column, click on the name of the custom database of your choice. The Custom
data list of that database opens.
4. In the menu, select Add > Import > CSV custom data. The Import a CSV file wizard opens.
5. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders.

190
 Importing Data

6. Double-click on the needed CSV file. The window closes and the file is visible in the File
name field of the wizard.
7. Click on NEXT . The CSV fields association page opens.

Configure the import through the Delimiter, Enclosure, Input format, Skip the first line and
Template fields. For more details, refer to the CSV Fields Association Description table in
the Introduction section of this chapter.
8. At the bottom of the page, select the columns of your CSV file corresponding to the data
requested in each field. There are in total 10 fields named Value 1 through to Value 10. The
Value 1 is the only required field.
9. Click on NEXT . The CSV import parameters page opens.

Table 12.63. CSV Import Parameters

Fields Description
Existing records Select either Replace to overwrite the existing records that have the same
name or Don't replace to add the items to the listing. Don't replace is se-
lected by default.
Keep the existing This drop-down list refers to the existing class parameters of the custom
class parameters database. Select Yes or No depending on your needs. Yes is selected
by default.

10. Click on CHECK . The Check the validity of the CSV file page opens and displays a report
indicating the total amount of correct lines within the file. If you want to download the validity
report, refer to the next step. If you do not want to download it, go to step 12.
11. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
validity report in the corresponding file format.
12. Click on OK to accept the validity check report results. The Import data from a CSV file page
opens and displays a report indicating the total number of spaces actually imported. If you
want to download that final report, refer to the next step. If you do not want to download it,
go to step 14.
13. In the Export format section of the wizard, click on TEXT , HTML , or EXCEL to download the
import report in the corresponding file format.
14. Click on CLOSE to go back to the Custom data list. Your space list in now updated.

Managing Import Templates

Every created template is displayed on the Import/Export Templates Management page of each
module. On this page, you can either rename or delete the templates.

The Import/Export Templates Management page is composed of a set of panels corresponding

to each listing page. The panels lists all the templates configured on that page, whether import
or export templates, the import templates are displayed as such: Import: <template_name>.

To rename an import template

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.

191
 Importing Data

3. In the panel of your choice, select the Import: <template_name> you want to rename.
4. Click on RENAME . The Rename template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The name changes in
the list.

To delete an import template

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Import: <template_name> you want to delete.
4. Click on DELETE . The Delete template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The template is no longer
listed.

192
Chapter 13. Exporting Data
Introduction
Within SOLIDserver, you can export data from almost any listing page. Exporting data follows a
set of rules that you need to keep in mind:

• The object parameters that you can export correspond to the columns of the listing
page

That way, on the one hand you can export the name of the object container: if you export a list
of zones you can also export the name of the server and view they belong to. And on the other
hand, you can export the customized parameters that you created through Class Studio and
displayed as columns. These columns will be preceded by the mention Class param: in the
wizard.
• An export is generated one level at a time

If you are exporting zones from the All zones page in the DNS, you will only export the zones
themselves but not the RRs they contain.
• An export can be generated in five different formats
1
You can export lists of objects in .csv, .html, .xml, .xls and .pdf . Only the .csv file format provides
the possibility to reimport the list again in the GUI.
• An export can take into account from 1 to n objects

On any listing page, exporting data will take into account every object listed. However, if you
tick one or more elements, only the parameters of the ones you ticked will be exported.
• An export can be done at a specific time or scheduled to be generated regularly

From the export wizard, you can choose to export the data right away or later on, even on a
regular basis and at the frequency of your choosing.
• An export name provides time and format information

An export is always named after its format and moment of generation, never after what it con-
tains. Each export is named as follows: export_<extension>_<date>_<time>.<extension>.
Where extension refers to the export format; date is displayed as such: YYYYMMDD and time
as such: HHMMSS. For instance, "export_excel_20130301_073042.xls" is an export generated
in EXCEL on March 1st, 2013 at 07:30:42.
• If the page does not have the Report menu you cannot export the data listed

Within SOLIDserver, almost any listing page allows to export data. To see the whole list of
pages where you can export data, refer to the section Pages Where The Export is Possible
below.

All exports are displayed on a single page, however the configuration files of the scheduled exports
are displayed on their own page.

1
Keep in mind when exporting data to a PDF file that the number of columns selected will affect the final display and might generate
a very hard to read file.

193
 Exporting Data

Within SOLIDserver, the export of data is available on almost every page. In the GUI, the Report
menu indicates which pages are concerned. The table below lists all these pages.

Table 13.1. Pages of SOLIDserver Where Data Export is Possible

Module Pages
IPAM All the listing pages of the module allow the export
DHCP All the listing pages of the module allow the export
DNS All the listing pages of the module allow the export
NetChange All network devices
All ports
All discovered items
Device Manager All the listing pages of the module allow the export
VLAN Manager All the listing pages of the module allow the export
Administration Key Ring
All SOLIDserver
Groups
Users
Session tracking
User tracking
Alerts
Custom database
Custom data

The Export Wizard

No matter what format you chose for the export, the Export <format> file wizard will open and
look like the image below.

Figure 13.1. The CSV Export Wizard

194
 Exporting Data

1 Template is a drop-down list that allows you to save all your configuration as a template for
later exports of the list.
2 When exporting CSV files, you will find two extra fields. First, the Delimiter drop-down list
allows you to select which delimiter you want to use during the data export. Second, the
2
The export might be reimported checkbox can be ticked if you want to reimport the data
in a SOLIDserver appliance: this will basically export the list as raw data that will be easier
(and therefore faster) to reimport.
3 Action is a drop-down list that allows you to export right away your list or schedule the export
it at the frequency of your choice.
4 Columns is a list that allows you to select the listing page columns, i.e. parameters, of your
choice. This list contains all the columns that you can display on the page as well as the
class parameters related to the objects of the list.
5 Selected is a list that sums up all the columns that you selected and which data you are
about to export. It also allows you to order the data according to your needs.

Browsing the Exports Database

All the exports are saved in the Administration module of SOLIDserver, on the Local files listing
page. The scheduled exports configuration are available on the Scheduled exports page.

To list the exports within SOLIDserver GUI

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local files listing page opens.
By default it displays the Local list where you will find all your exports.

To list the scheduled exports within SOLIDserver GUI

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.

Configuring Exports
The export can be of numerous forms as you can choose an export format, to schedule it or not
and finally save your columns configuration in a template and later on use the template as is or
use it as a basis during another export.

To export data immediately

1. Go to the listing page of your choice.

2. Tick the objects of your choice or none if you want to export the whole list.
3. In the menu, select Report > Export > format of your choice. The Export <format> file wizard
opens.
4. In the Template drop-down list, you can:

a. Choose not to create a template by selecting None.

2
Exporting data without ticking this box might trigger some errors. Some columns will not be imported at all, for instance the Subnet is
terminal column value cannot be imported if the box remains unticked.

195
 Exporting Data

b. Choose to create a template by selecting New template. The Template name field ap-
pears, name your template. The template will save the columns you select as well as
the delimiter if you export the list in a .csv file.

Once the export is generated, you can rename or delete the templates if need be. For more
details refer to the section Managing Export Templates below.
5. If you chose to export a CSV file:

a. In the Delimiter drop-down list, select the comma, semi-colon or tab.

3
b. In the The export might be reimported section, tick the box to export the list or selected
objects as raw data.

6. In the Action drop-down list, select Generate new data.

7. In the Columns list, select one by one the columns that you want to export and click on .
They are moved to the Selected list.
8. In the Selected list, you can order the columns according to your needs using and . To
remove a column from the export, select it and click on . It is moved back to the Columns
list.
9. Click on OK to commit the export. The report works and displays the final page of the wizard.
10. You can either click on DOWNLOAD to save the export in your browser Downloads folder, this
will automatically close the wizard and display the object page again. Or, you can click on
CLOSE to close the wizard. The export is available on the Local files listing page, for more
details refer to the procedure To list the exports within SOLIDserver GUI above.

From the Report > Export menu you can also schedule exports. Keep in mind that these exports
are managed differently. Like any export generated at a given time, the generated file is available
in the Local files Listing but scheduling an export creates a configuration that you can manage
on the Scheduled exports page. For more details, refer to the Managing Scheduled Exports
Configuration Files section below.

To schedule an export

1. Go to the listing page of your choice.

2. Tick the objects of your choice or none if you want to export the whole list.
3. In the menu, select Report > Export > format of your choice. The Export <format> file wizard
opens.
4. In the Template drop-down list, you can:

a. Choose not to create a template by selecting None and export your data.
b. Choose to create a template by selecting New template. The Template name field ap-
pears, name your template. The template will save the columns you select as well as
the delimiter if you export the list in a .csv file.

5. If you chose to export a CSV file:

a. In the Delimiter drop-down list, select the comma, semi-colon or tab.

3
This option must be ticked if you plan on reimporting some data, for instance the value of the Terminal column.

196
 Exporting Data

b. In the The export might be reimported section, check the box to export the list or selected
objects as raw data.

6. In the Action drop-down list, select Schedule the report. The page refreshes.
7. In the Columns list, select one by one the columns that you want to export and click on .
They are moved to the Selected list.
8. In the Selected list, you can order the columns according to your needs using and . To
remove a column from the export, select it and click on . It is moved back to the Columns
list.
9. Click on NEXT . The last page of the wizard opens.
10. Configure the export frequency or date and time (UTC) of the export using the table below.

Table 13.2. Scheduled Export Fields

Fields Description
Day(s) of the week In this drop-down list, select a frequency (over the whole week or for
a specific set of days) or a specific day of the week. By default, Every
day is selected.
Date of the month In this drop-down list, select a specific day of the month or a fre-
quency (every day) for the refresh. By default, Every day is selected.
Month In this drop-down list, select a specific month or a frequency (every
month) for the refresh. By default, Every month is selected.
Hour In this drop-down list, select a frequency (over the whole day or for
a limited period of time each day), a set of hours or a specific hour
per day for the refresh. The hour respects the UTC standard. By
default, Every hour is selected.
Minute In this drop-down list, select the moment (o'clock, quarter past, half
past or quarter to) or the frequency (in minutes) of the refresh. The
minute respects the UTC standard. By default, Every minute is selec-
ted.
Name In this field, name the scheduled export in this field.
Mail to In this drop-down list, select the group which users will receive the
export notification email. This email will not be sent if the users email
address is not valid or if your SMTP relay is not configured, refer to
the Configuring the SMTP Relay section for more details. By default,
the first of your groups, in the ASCII alphabetic order, is selected.
Rights as In this drop-down list, select a user, his/her rights and limitations will
be applied in the report: only the items this user has access to will
be listed in the export.

11. Click on OK to commit the export. The report works and displays the export report. The export
configuration is available on the Scheduled exports page, for more details refer to the pro-
cedure To list the scheduled exports within SOLIDserver GUI. Once generated, the export
is available on the Local files listing page. For more details refer to the procedure To list
the exports within SOLIDserver GUI above.
12. Click on CLOSE to display the objects list again.

197
 Exporting Data

Exporting Data To Reimport It Later

Any list you might have exported can be reimported on most pages as long as you exported it in
a CSV file.

Note
We strongly recommend that during the export you tick the The export might be re-
imported box, to make it faster to process.

Keep in mind that in each module and page, you will be able to reimport all the parameters of
your choice but some columns are required, and without them, you cannot go through with the
import. So when exporting, you must select these columns. In the sections below, we will only
detail the pages where you can actually import data.

Required Columns To Reimport Data in the IPAM Module

The Export wizard can be accessed through the Report menu on any page of the IPAM module.
On each page some data is required during an import so you will need the columns listed in the
table below if you intend to reimport a CSV file.

Table 13.3. Required Columns To Reimport Data on the IPAM Pages

IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All spaces Name Space Name Name
All blocks Start Block start address First address
Space Space name Space name
a
All subnets Address Address + prefix Address
Name Subnet name Name
Space Space name Space name
All pools Start address Pool start address First address
Name Pool name Name
Space Space name Space name
All addresses Address IP address IP address
Name IP name Name
Space Space name Space name
All blocks (v6) Start Block start address First address
Prefix Block prefix Prefix
Space Space name Space name
All subnets (v6) Address Subnet address Address
Prefix Subnet prefix Prefix
Name Subnet name Name
Space Space name Space name
All pools (v6) Start address Pool start address First address
End address Pool end address Last address

198
 Exporting Data

IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
Name Pool name Name
Space Space name Space name
All addresses (v6) Address IP address IP address
Name IP name Name
Space Space name Space name
All VRFs Name VRF name VRF name
RD ID VRF RD ID VRF RD ID
All VRF Route Targets Source RD ID Source RD ID Source RD ID of the
VRF Route Targets
Target RD ID Target RD ID Target RD ID of the
VRF Route Targets
a
This field can be used to export and reimport the subnet start address and size.

Note
Keep in mind that the Space name field of the import wizard allows you to select the
corresponding column of your CSV file or select one space among the ones in your
database or the option Use best space, with IPv4, that will use the IP address and
size to place the object in the best space, block and/or subnet possible.

Required Columns To Reimport Data in the DHCP Module

The Export wizard can be accessed through the Report menu on any page of the DHCP module.

Note
It is impossible to import a list on the All servers, All leases and All leases (v6) pages.

Table 13.4. Required Columns To Reimport Data on the DHCP Pages

DHCP page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All scopes Address DHCP scope address Address
Server DHCP server name DHCP server
All ranges Start address DHCP range start addr Start address
Server DHCP server name DHCP server
All statics Name DHCP static name DHCP static name
MAC address MAC address MAC address
Server DHCP server name DHCP server
All scopes (v6) Address Address Start address
Server Server DHCP6 server
All ranges (v6) Start address Start address Start address
End address End address End address
Server Server DHCP6 server

199
 Exporting Data

DHCP page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All statics (v6) Name DHCP static name DHCP static name
Server Server DHCP6 server

Note
Keep in mind that the DHCP server and DHCP6 server fields of the import wizard
allow you to select the corresponding column of your CSV file or select one server
among the ones in your database.

Required Columns To Reimport Data in the DNS Module

The Export wizard can be accessed through the Report menu on any page of the DNS module.

Table 13.5. Required Columns To Reimport Data on the DNS Pages

DNS page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All zones Name Zone name DNS zone name
Type Zone type DNS zone type
Server DNS server name DNS server name
All RRs RR name RR name RR name
a
Value RR value Value 1
Zone DNS zone name Zone name
Type Space name RR type
a
This field includes all the information contained in the export of the Value field.

Required Columns To Reimport Data in NetChange Module

The Export wizard can be accessed through the Report menu on all of the NetChange module
but the All VLANs page.

Table 13.6. Required Columns To Reimport Data on the NetChange Pages

NetChange page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All network devices Space Space Name Target space

Required Columns To Reimport Data in Device Manager Module

The Export wizard can be accessed through the Report menu on any page of the Device Manager
module.

Table 13.7. Required Columns To Reimport Data on the Device Manager Pages
IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All devices Name Device name Name
All ports & interfaces Name Interface name Name
Type Type Type

200
 Exporting Data

IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
Space Device name Device

Required Columns To Reimport Data in VLAN Manager Module

The Export wizard can be accessed through the Report menu on any page of VLAN Manager
module. On each page some data is required during an import so you will need the columns listed
in the table below if you intend to reimport a CSV file.

Table 13.8. Required Columns To Reimport Data on VLAN Manager Pages

IPAM page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
All domains Name Name Name
Start ID Domain Start ID Start ID
End ID Domain End ID End ID
All ranges Name Name Name
Start ID Range Start ID Start ID
End ID Range End ID End ID
Domain Range Domain Domain
All VLANs VLAN ID VLAN ID VLAN ID
Range Range Range
Domain Domain Domain

Required Columns To Reimport Data in the Administration Module

The Export wizard can be accessed through the Report menu on a limited number of pages of
the Administration module: Key Ring, All SOLIDserver (SOLIDserver Centralized Management
on the homepage), Groups, Users, Session tracking, User tracking, Alerts, Custom database
(Custom DB on the homepage) and Custom data.

Table 13.9. Required Columns To Reimport Data on the Administration Pages

Administration page Listing page required Column name in the Column name in the
column(s) export wizard import wizard
Groups Name Name Name
Users Login Login Login
Custom data First column / Value 1

Managing Export Files

Once generated, all the exports are saved in the directory /data1/exports. In the GUI, they
are available in the Local files listing page where you can export or delete them.

All the exports are listed under the Local page filter. Each column corresponds to the parameters
configured during the export configuration. You can sort the list through each column, you can
filter it through the columns Name, Type and Owner. You cannot modify the listing layout of this
page or access the exports properties page as all the information is displayed.

201
 Exporting Data

To download an export file from the Local files listing

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local Files listing page opens.
By default it displays the Local list where you will find all your exports.
3. Click on the name of the export of your choice to download it.

To delete an export file from the Local files listing

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local Files listing. The Local Files listing page opens.
By default it displays the Local list where you will find all your exports.
3. Tick the export(s) you want to delete.
4. In the menu, select Edit > Delete file(s). The Delete file wizard opens.
5. Click on OK to commit the export file deletion. The report opens and closes. The page re-
freshes, the selected export is no longer listed.

Managing Scheduled Exports Configuration Files

If you created scheduled exports, the configuration file is on the Scheduled exports page. ONce
created you cannot edit the configuration. However, you can disable it and later enable it; you
can also delete it.

All the configuration files are listed and each column corresponds to the parameters configured
during the scheduled export creation.You can sort and filter the list through each column but you
cannot modify the listing layout of this page or access the scheduled exports configuration
properties page as all the information is displayed.

To delete a scheduled export configuration file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the file deletion. The report opens and closes. The page refreshes,
the file is no longer listed.

To disable a scheduled export configuration file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to disable.
4. In the menu, select Edit > Delete. The Delete wizard opens.

202
 Exporting Data

5. Click on OK to commit your modification. The report opens and closes. The file is marked
Disabled.

To enable a scheduled export configuration file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Scheduled exports. The Scheduled exports page opens.
3. Tick the configuration file(s) you want to disable.
4. In the menu, select Edit > Enable. The Activate wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The page refreshes,
the file is marked OK.

Managing Export Templates

Every created template is displayed on the Import/Export Templates Management page of each
module. On this page, you can either rename or delete the templates.

The Import/Export Templates Management page is composed of a set of panels corresponding

to each listing page. The panels lists all the templates configured on that page, whether import
or export templates, the export template are displayed as such: Export: <template_name>.

To rename an export template

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Export: <template_name> you want to rename.
4. Click on RENAME . The Rename template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The name changes in
the list.

To delete an export template

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Settings > Import/Export templates management. The Import/Export
Templates Management page opens.
3. In the panel of your choice, select the Export: <template_name> you want to delete.
4. Click on DELETE . The Delete template wizard opens.
5. In the New Name field, rename your template.
6. Click on OK to commit your changes. The report opens and closes. The template is no longer
listed.

203
Chapter 14. Managing Reports
Introduction
In addition to the traditional multi-format exports, detailed in the Exporting Data chapter of this
guide, SOLIDserver allows the generation of advanced reports for a specific set of resources of
the IPAM, DHCP, DNS, NetChange and Administration modules.

Reports can be generated to obtain data comparison, summaries and graphs from the Report
menu or the relevant objects properties page. Two formats are available: HTML or PDF.

Table 14.1. Pages Where Reports Are Available

Module Page Report
DHCP All servers Servers options comparison
Servers usage evolution graph
All scopes Scopes options comparison
Scopes summary
DNS All servers Compare DNS data with IPAM data
Servers configuration
Hybrid DNS Engine incompatibilities
Servers configuration comparison
Server usage charts
All zones Zones missing RRs
Zones configuration comparison
NetChange All n e t wo r k Network devices properties
devices NetChange/IPAM/DHCP data comparison
Network devices summary
Administration Statistics Statistics charts
Users Users rights in each group

Like traditional exports, you can generate them immediately or schedule them in advance. The
scheduled report details are available on the Scheduled report page. Once generated, any report
is listed on the Reports page.

Browsing the Reports Database

All the reports and their configuration details are accessible in the Administration module.

To list the reports

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.

204
 Managing Reports

To list the scheduled reports

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.

Generating a Report
Reports can be generated and downloaded in PDF or HTML format.

To generate a report

1. Go to the page of your choice. To know which page provides the report option, refer to the
table above.
2. If necessary, tick the object(s) you want to generate the report for.
3. In the menu, select Report > <report-of-your-choice>. The corresponding wizard opens.
4. In the Report format list, select an export format, either HTML or PDF. By default, HTML is
selected.
5. Click on NEXT . The next page of the wizard opens.
6. In the Action drop-down list, select Generate new data. If you already have generated a
report for the same object, the drop-down list allows to select and generate it again.
7. Click on OK to generate the report. The report works and displays the final page of the wizard.
8. You can either click on DOWNLOAD to save the report in your browser Downloads folder, this
will automatically close the wizard and display the object page again. Or, you can click on
CANCEL to close the wizard.

Once generated, the report is available on the Administration module Reports page. For more
details, refer to the Browsing the Reports Database section of this guide.

Scheduling a Report
The generation of reports can easily be scheduled for all types of reports through the same wizard
as for immediate generation.

To schedule the generation of a report

1. Go to the page of your choice. To know which page provides the report option, refer to the
table above.
2. If necessary, tick the object(s) you want to generate the report for.
3. In the menu, select Report > <report-of-your-choice>. The corresponding wizard opens.
4. In the Report format list, select an export format, either HTML or PDF. By default, HTML is
selected.
5. In the Action drop-down list, select Schedule the report. The page refreshes and displays
the scheduling fields..
6. Configure the export frequency or date and time of export using the table below.

205
 Managing Reports

Table 14.2. Scheduled Report Fields

Fields Description
Day(s) of the week In this drop-down list, select a frequency (over the whole week or for
a specific set of days) or a specific day of the week. By default, Every
day is selected.
Date of the month In this drop-down list, select a specific day of the month or a fre-
quency (every day) for the refresh. By default, Every day is selected.
Month In this drop-down list, select a specific month or Every month. By
default, Every month is selected.
Hour In this drop-down list, select a frequency (period of time), a set of
hours or a specific hour of the day. By default, 20 is selected.
Minute In this drop-down list, select a moment (o'clock, quarter past, half
past or quarter to). By default, 00 is selected.
Name In this field, name the scheduled export in this field. By default, it is
named after the reports generation service. This field is compulsory.
Mail to In this drop-down list, select a group of users, its members receive
the export notification email. This email will not be sent if the users
email address is not valid or if your SMTP relay is not configured,
refer to the section Configuring the SMTP Relay for more details. By
default, the first of your groups, in the ASCII alphabetic order, is se-
lected.
Rights as In this drop-down list, select a user, his/her rights and limitations are
applied to the report: only the items this user has access to are listed
in the export.

7. Click on OK to commit the scheduling. The report opens and closes. The report scheduling
configuration is available on the Scheduled reports listing page. For more details, refer to
the section Managing Scheduled Report Configurations.

Once generated, the report is available on the Administration module Reports page. For more
details, refer to the Browsing the Reports Database section of this guide.

Downloading and Displaying Reports

From the Reports page, you can download PDF reports and open the HTML reports in a new
tab of your browser. All the generated reports are listed on this page whether they were generated
at a specific time or scheduled.

To download PDF reports

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the Format column, filter the list through to display only PDF reports.
4. In the Name column, click on the report of your choice to download it to your computer.

206
 Managing Reports

To display HTML reports

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the Format column, filter the list through to display only PDF reports.
4. In the Name column, click on the report of your choice to download it to your computer.

Managing Scheduled Reports Configuration Files

The Scheduled reports page gathers the configuration details of all the scheduled reports. It allows
you to disable and enable back a scheduling or delete it. Every time a report is generated, it is
listed on the Reports page, for more details refer to the section Downloading and Displaying
Reports.

To disable a scheduled report

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.
5. Tick the scheduled report you want to disable.
6. In the menu, select Edit > Disable. The Disable wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The scheduled report
configuration is now Disabled.

To enable a scheduled report

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.
5. Tick the scheduled report you want to enable.
6. In the menu, select Edit > Enable. The Enable wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The scheduled report
configuration is now OK.

To delete a scheduled report

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the menu, select Display > Scheduled reports. The Scheduled reports page opens.
4. All the scheduled reports are listed by name, report type and format.

207
 Managing Reports

5. Tick the scheduled report you want to delete.

6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The scheduled report
configuration is no longer listed.

208
Chapter 15. Managing Smart Folders
Introduction
Smart folders is one the many customization opportunities provided by SOLIDserver. They allow
to organize your items differently than on the listing pages. Smart Folders can be created, deleted,
edited or shared with other users.

Smart Folders Overview

A smart folder is database view that helps you organize data into a tree-like hierarchy. You can
make a smart folder out of any list of items within the IPAM, DHCP, DNS, NetChange and Device
Manager modules. This organization can have any many levels as you need and is composed
of columns and/or metadata (class parameters). Remember that this display is completely virtual
and does not affect in any way your data.

Like the gadgets, smart folders can either be personal or shared with other users. See sections
below to learn more about the Smart Folder-related options.

Tree View
The Tree View is the only place within SOLIDserver where you can display the Smart Folders.
A whole section is dedicated to Smart Folders.

The smart folders are listed in the ASCII alphabetic order, so first come the digits, then the upper-
case letters, and finally the lowercase letters. By clicking on the smart folder or level name (that
is to say the columns or class parameters you chose), you display the sub-hierarchy of each
level. Each line is preceded by a folder icon if it contains information, the lowest level of the
hierarchy contains the item you chose to reorganize through the smart folder and is preceded by
the symbol associated with the it. For instance, an orange dot for the IP addresses, an underlined
blue dot for a DHCP static, etc.

Thanks to the indentation, you will visualize at any time where you are in the hierarchy. Plus, the
folder icons will change color to ease the reading and understanding of said hierarchy. Each
containing level displays at the end a number between brackets, this number indicates the
number of items it contains at the lowest level. Note that some level will not appear in the hierarchy
if there is no data. The same way, if you choose parameters as levels in the hierarchy but did
not name them properly, the folder will be named Empty by default.

My Smart Folders
My smart folders is a page listing all the created smart folders located in the administration tab.
You can access this page from anywhere within SOLIDserver through the preferences menu.

From this page you can manage edit, delete or share your smart folders.You cannot create them
from this page considering that for one, they are created directly from a list and depending on
the module, and that the available parameters will depend on the module you are creating them
from.

On my smart folders page, it is impossible to create a listing template as all the columns are
displayed by default. There are five columns in total:

• My Smart Folders: lists all the smart folders name.

209
 Managing Smart Folders

• All users: displays Yes or No depending on whether you shared the smart folder with the other
users or not.
• User: lists the name of the creating user.
• Type: displays the module and lists where the Smart Folder was created as follow: "module:
list".
• Group By: displays the smart folder hierarchy.

Note that smart folders do not have a properties page as all the information is displayed on my
smart folders page.

Adding Smart Folders

Smart Folders can be added, i.e. created, from any list within the IPAM, DHCP, DNS, NetChange
and Device Manager modules. They are going to organize into a hierarchy the list as it is displayed.
Do not hesitate to filter the data at your convenience to visualize a tree displaying only the pieces
of information of your choice.

To add a smart folder

1. Go to the tab of your choice.

2. Filter the data if needed.
3. In the menu, select Preferences > Add Smart Folder. The Add a Smart Folder wizard opens.
4. In the Smart Folder Name field, name your Smart Folder.
5. In the Group By drop-down lit, select a group, i.e. a column or a class parameter.
6. Click on . The selected group is listed in the Select Group By list. Repeat these two steps
for as many groups as you need.
7. In the Select Group By list, order the groups hierarchy with the buttons and . The group
order will impact the final display of the Smart Folder.
8. In the Select Group By list, select a column or parameter and click on if you want to remove
it from the Smart Folder hierarchy. It is listed back in the Group By list once removed from
the Select Group By list.
9. In the Visible to the other users section, tick the box if you want to share your Smart Folder
with the other users.
10. Click on OK to commit your creation. The report opens and closes. The list from where you
created your Smart Folder is visible again. Through the Tree View you can visualize your
Smart Folder.

Once created, the smart folder is listed in the Tree View. If you do not see it use the button.

Editing Smart Folders

Smart folders can be edited at any time from the smart folder list. You can edit every column
through this procedure, except of course the User column.

To edit a smart folder

1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.

210
 Managing Smart Folders

2. In the list, put your mouse over the name of the Smart Folder you want to edit. The Info Bar
appears.
3. Click on . The Edit a Smart Folder wizard opens.
4. In the Smart Folder Name field, change the name if need be.
5. In the Group By drop-down lit, add more groups if needed click on . The selected group
is listed in the Select Group By list.
6. In the Select Group By list, modify the groups hierarchy if needed with the buttons and
. The group order will change according to your modifications.
7. In the Select Group By list, remove a group from the hierarchy if needed by selecting it and
clicking on , the groups will be put back in the Group By list.
8. In the Visible to the other users section, tick the box if you want to share your Smart Folder
with the other users or untick it do not.
9. Click on OK to commit your edition. The report opens and closes. The list from where you
created your Smart Folder opens again. Your modifications are visible is the Smart Folder's
details.

Once edited, the smart folder new configuration is visible in the Tree View. Click on to refresh
the display.

Sharing Smart Folders

For each smart folder created you have the possibility to share it with other users or make it ac-
cessible only to you. There are two ways to do so, you can either choose to share the smart
folder when creating it (see the part Adding Smart Folders for more details), or you can choose
to share or hide it from the smart folders list.

To share a smart folder with other user from the smart folder list

1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.
2. In the list, tick the Smart folder you want to share. Filter the Smart Folders if need be.
3. In the menu, select Edit > Global > Set. The Set as global wizard opens.
4. Click on OK to commit your choice. The report opens and closes. My Smart Folders page
is visible again. In the All Users column, the Smart Folder is marked Yes.

The same procedure allows you to make a Smart Folder visible only to you.

To make a smart folders visible only to you from the smart folder list

1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
The Smart Folder page opens.
2. In the list, tick the Smart folder you want to make visible only to you. Filter the Smart Folders
if need be.
3. In the menu, select Edit > Global > Unset. The Unset as global wizard opens.
4. Click on OK to commit your choice. The report opens and closes. My Smart Folders page
is visible again. In the All Users column, the Smart Folder is marked No.

211
 Managing Smart Folders

Deleting Smart Folders

Smart Folders can be deleted from the smart folder list. You can delete one or several smart
folders at a time.

To delete a smart folder

1. From anywhere in SOLIDserver, using the menu, select Preferences > My Smart folders.
My Smart Folders page opens.
2. In the list, select the Smart Folder you want to delete. Filter the Smart Folders if need be.
3. In the menu, select Edit > Delete. The Delete wizard opens.
4. Click on OK to commit the deletion. The report opens and closes. My Smart Folders page
is visible again. The selected Smart Folder(s) is no longer listed.

212
Part V. IPAM Management
Table of Contents
16. Introduction ............................................................................................................. 216
17. Managing Networks ................................................................................................. 218
Managing IP Spaces ............................................................................................. 218
Browsing Spaces .......................................................................................... 218
Adding a Space ............................................................................................. 219
Editing a Space ............................................................................................. 220
Deleting a Space ........................................................................................... 221
Defining a Space as a Group Resource .......................................................... 221
Managing IP Blocks ............................................................................................... 222
Browsing Blocks ............................................................................................ 222
Adding a Block .............................................................................................. 223
Editing a Block .............................................................................................. 225
Splitting an IPv4 Block ................................................................................... 225
Moving a Block .............................................................................................. 226
Deleting a Block ............................................................................................ 226
Defining a Block as a Group Resource ........................................................... 227
Managing IP Subnets ............................................................................................ 227
Browsing Subnets ......................................................................................... 227
Adding Subnets ............................................................................................. 229
Editing Subnets ............................................................................................. 236
Managing the IPv4 Block Map Page ............................................................... 238
Moving IPv4 Subnets across Spaces .............................................................. 239
Managing or Unmanaging Subnets ................................................................. 239
Associating Subnets to a VLAN ...................................................................... 240
Deleting a Subnet .......................................................................................... 240
Defining a Subnet as a Group Resource ......................................................... 241
18. Managing Addresses ............................................................................................... 242
Managing IP Pools ................................................................................................ 242
Browsing Pools ............................................................................................. 242
Adding a Pool ................................................................................................ 244
Reserving a Pool ........................................................................................... 247
Resizing a Pool ............................................................................................. 247
Deleting a Pool .............................................................................................. 248
Defining a Pool as a Group Resource ............................................................. 248
Managing IP Addresses ......................................................................................... 249
Browsing IP Addresses .................................................................................. 249
Adding an IP Address .................................................................................... 252
Restoring an IP Address ................................................................................ 257
Editing an IP Address .................................................................................... 258
Configuring IP Address Aliases ...................................................................... 261
Configuring Multiple A Records for an IP Address ............................................ 264
Pinging an IP Address ................................................................................... 266
Deleting an IP Address .................................................................................. 267
Updating Device Manager with IP Addresses .................................................. 267
19. Setting Up a Transition From IPv4 to IPv6 .................................................................. 269
Transition Specificities ........................................................................................... 269
Limitations ............................................................................................................ 269
Configuring the IPv4 to IPv6 Transition .................................................................... 270
Configuring the Transition at Space, Block or Subnet Level .............................. 270
Configuring the Transition at IP Address Level ................................................. 270
Activating the IPv4 to IPv6 Transition ...................................................................... 271

214
 IPAM Management

Activating the Transition at Space Level .......................................................... 271

Activating the Transition at Block Level ............................................................ 272
Activating the Transition at Subnet Level ......................................................... 273
Activating the Transition at IP Address Level .................................................... 274
20. Managing IPAM Templates ....................................................................................... 275
Creating Template Classes in Class Studio ............................................................. 275
Creating Templates in the IPAM .............................................................................. 276
Creating a Space Template ............................................................................ 277
Creating a Block Template ............................................................................. 278
Creating a Subnet Template ........................................................................... 280
Creating a Pool Template ............................................................................... 281
Applying a Template .............................................................................................. 283
21. Using VLSM to Manage Your Network ....................................................................... 287
Introduction ........................................................................................................... 287
VLSM Related Icons ...................................................................................... 289
Managing Manual VLSM Organizations .................................................................. 290
Setting up a Manual Organization ................................................................... 290
Using the VLSM Hierarchy to Organize the Spaces Delegation ......................... 292
Managing a Semi-Automated VLSM Organization ................................................... 293
22. Managing VRF ......................................................................................................... 296
Managing Virtual Routing and Forwarding ............................................................... 296
Browsing VRFs ............................................................................................. 296
Adding a VRF ................................................................................................ 297
Editing a VRF ................................................................................................ 297
Importing a VRF ............................................................................................ 298
Deleting a VRF .............................................................................................. 298
Creating Classes at VRF Level ....................................................................... 298
Managing VRF Route Targets ................................................................................. 298
Browsing VRF Route Targets .......................................................................... 299
Adding a VRF Route Target ............................................................................ 299
Editing a VRF Route Target ............................................................................ 301
Importing a VRF Route Target ........................................................................ 301
Deleting a VRF Route Target .......................................................................... 301
23. Importing Data into the IPAM .................................................................................... 302
Importing IPAM Data from a CSV File ..................................................................... 302
Importing a VitalQIP Export .................................................................................... 302
Importing Nortel NetID IP Address Data ................................................................. 303
Importing Nortel NetID Networks .................................................................... 303
Importing Nortel NetID Subnets ...................................................................... 303
Importing Nortel NetID Host Addresses .......................................................... 304
24. Managing IPAM and DHCP Labels ............................................................................ 305
Introduction ........................................................................................................... 305
Creating Labels ..................................................................................................... 306
Displaying or Hiding Labels .................................................................................... 306
Editing Labels ....................................................................................................... 307
Deleting Labels ..................................................................................................... 307

215
Chapter 16. Introduction
The Internet Protocol Address Management (IPAM) is a powerful tool that allows to plan, track,
organize and manage IP addresses into networks. Most of the time, by network users mean
subnets, within SOLIDserver the network is a larger concept that includes subnets of IP addresses.
The IPAM is one of the most important modules as it allows setting the IP addresses management
strategies and creates a link between the DNS and DHCP modules.

This module also allows you to manage your RIPE databases. Thanks to a dedicated licence,
you can configure the connection to the RIPE and manage your blocks content (inetnums,
net6nums, persons and aut-num) from the GUI. For more details, refer to the appendix SPX at
the end of this guide.

The IPAM tab is accessible from anywhere in the interface. From its Homepage you can access
all the main pages of the module, they correspond to the hierarchy we decided to set up to organize
the addressing.

Figure 16.1. The IPAM Homepage

EfficientIP introduced two root concepts to organize subnetting: the IP space and the IP block.

• IP address space: is the essential entry point of the IP address management. It defines the
addressing space in which all the addresses will be unique. If you use several plans(shots) of
addressing you can define several IP spaces.
• IP block: is a container including all subnets. The blocks cannot be overlapped in the same
IP space.

When creating an IP address space, you typically begin by defining IP blocks. After the IP blocks
are defined, you create subnets within the blocks. You can then manage the addresses within
the subnets.

The IPAM is composed of 5 levels of organization:

• Space: the space is the highest level of the IPam hierarchy and can contain blocks, subnets,
pools and/or IP addresses. They can contain IPv4 and IPv6 addresses.
• Block: the block is the second level of the IPAM hierarchy and can contain subnets, pools
and/or IP addresses. They can be created to manage IPv4 or IPv6 addresses.
• Subnet: the subnet is the third level of the IPAM hierarchy and can contain pools and/or IP
addresses. They can be created to manage IPv4 or IPv6 addresses.
• Pool: the pool is optional and constitutes the fourth level of the IPAM hierarchy: it can contain
IP addresses. They can be created to manage IPv4 or IPv6 addresses.
• IP addresses: the IP address the lowest level of the IPAM hierarchy, the end goal of the
module is to manage them. They can be created respecting the IPv4 or the IPv6 protocol and
be organized through pools, subnets, blocks and spaces.

216
 Introduction

As you can see the subnets are located at the center of the hierarchy, this allows to easily organize
them and their content. Keep in mind that at any time you have the possibility to visualize the
addressing organization through the Tree View:

Figure 16.2. IPAM Hierarchy through the Tree View

As networking can be done in version 4 or version 6 of the Internet Protocol, SOLIDserver provides
similar management tools for both versions. Some options are only available in one version or
the other but the overall management of both types of addresses is essentially the same. Among
the differences between IPv4 and IPv6 we can emphasize the creation of templates in IPv4 that
simplifies provisioning and the labeling of IPv6 addresses in the IPAM and DHCP modules. All
the similarities and differences are detailed all through this part of the guide.

The chapters Managing IP Networks and Managing IP Addresses describe everything you can
do on each level of the IPAM hierarchy in IPv4 and IPv6 to the exception of the data import, which
is detailed in the chapter Importing IP Address Data.

SOLIDserver also provides Variable Length Subnet Mask (VLSM) options that will allow you to
delegate and organize on different levels your network whether in IPv4 or IPv6. For more details,
see chapter Using VLSM to Manage Your Network.

Keep in mind that to ease the management of the IPAM, DNS and DHCP there are a number of
behaviors that you can trigger upon creation of IP addresses containers.

With version 5.0.2, the IPAM introduces:

• two new pages of management: the All VRFs and All VRF Links page. For more details, refer
to the Managing VRFschapter of this guide.
• a way to link your IPAM subnets to the module VLAN Manager. For more details, refer to the
section Managing IP Subnets of this part.

217
Chapter 17. Managing Networks
The subnet management is a major part of the IP address management. As a network adminis-
trator, you decide how to distribute IP addresses across an organization of subnets. When
managing a network, one of the first things you need to decide is the subnetting organization you
will use.

Subnetting is the process of dividing your network address space into smaller areas called blocks
and subnets, simplifying network administration. These subnets may correspond to different
areas of your organization: offices in other cities or other regions of the country or the world, a
different floor in your building, or a group of employees who share common tasks such as ac-
counting or sales. Following the five levels of the IPAM hierarchy logic, the Server creation comes
first and then the blocks creation within which you organize your subnets and pools.

Managing IP Spaces
The IPAM space is the highest level of organization in the IPAM module. It merely contains all
the IP addresses (in v4 and v6).

Browsing Spaces
The space has an organization related role in the addresses structure: it will contain blocks,
subnets, address pools and addresses.

space

block

subnet

pool
ipr-navspc

address

Figure 17.1. The Space within the IPAM Hierarchy

Spaces allow a hermetic bulk-heading of the resources.The consistency check of the IP resources
and their uniformity is carried out within a space; there cannot be two IP addresses, nor two ad-
dress pools, under identical networks and/or blocks. To manage identical N address plans, it is
sufficient to create N spaces in the IPAM module RFC 1918.

The space creation is unlimited, each space is able to contain an unlimited number of blocks.
The number of subnets, address pools and IP addresses is then determined by the size and the
number of the blocks created. However, you might need to create several spaces. Depending
on your strategy, spaces can differentiate amongst: Organizations, Geographic locations, Company
1
services, Address suppliers, Clients for whom the address structure is delegated , Multiple private
networks following RFC 1918.

By default, the Local space is present in SOLIDserver. This space will receive blocks, subnets,
IP addresses, DHCP servers, scopes, ranges, leases, DNS servers, zones, and RRs that are
not attached to a space.

1
Within VLSM architectures the spaces allow a definition of client and supplier entities.

218
 Managing Networks

Spaces are all gathered in the All spaces list. Considering they do not require to be defined by
IP addresses, they allow to create IPv4 and IPv6 blocks.

Here below, you can see the breadcrumb link to browse the spaces database:

Figure 17.2. IPAM: All spaces

Browsing the Spaces Database

Spaces are identified by name. You can navigate through spaces, search for them or list them
by applying search criteria and filters.

To list the IP spaces through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.

To list the IP spaces through the breadcrumb

1. Go to the IPAM tab.

2. Click on All spaces in the breadcrumb. The All spaces list opens.

To display an IP space properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. At the end of the line of the space of your choice, click on . The space properties page
opens.

Tip
To open a panel, click on in the right end corner. To close it, click on .

To search for a specific space, use the filtering fields located right under the columns name. You
can type in the name or part of the name of an object to find it. If you want to do a more thorough
search, double-click on in any filtering field to display the filter constructor and enter one by one
the parameters of your search.

Customizing the Spaces Display

SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.

Adding a Space
Space addition is the first step towards managing IP addresses, unless you want to use the
Local space. As spaces can contain IPv4 and IPv6 addresses but are not defined by the addresses
they contain, there is only one procedure to be followed.

219
 Managing Networks

To add a space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Space. The Add a space wizard opens.
4. If you or your administrator created classes at the space level, the Space class page opens.
In the Space class list select the class you want to apply to this block or select None.

Click on NEXT . The next page of the wizard appears.

5. In the Space name field, type in the name of the space.
6. In the Description field, you can type in a description of the space.
7. Fill in the default behaviors parameters fields according to the table below.

Table 17.1. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

8. Click on NEXT . The next page of the wizard appears.

9. In the VLSM parent space list, select None or one of the existing empty spaces. If you select
an existing space as VLSM parent space, this new space will be affiliated space to the se-
lected space. See the chapter Using VLSM to Manage Your Network of this guide for more
details.
10. Click on OK to commit the configuration. The report opens and closes. The new space is
listed.

Tip
You can also add a space by clicking on the in the upper-right corner of the All
spaces page. The Add a space wizard will open, follow the procedure above to create
it.

Note that you can also use templates if you plan on adding different spaces with similar properties.
See the Managing IPAM Templates chapter of this guide for more details.

Editing a Space
At any time you can edit an existing space. You can either edit it through the properties page,
see procedure below, or through the Info Bar: by putting your mouse over the name of the space
you want to edit, you can then click on the Edit button and open the Edit a space wizard.

220
 Managing Networks

To edit an IP space through its properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. At the end of the line of the space of your choice, click on . The space properties pages
opens.
4. In the Main properties panel, click on EDIT .

5. The Edit a space wizard opens.

6. Modify the Space name, Description, and Mode, DNS properties and DHCP properties fields
according to your needs.
7. Click on NEXT . The next page of the wizard appears.
8. In the VLSM parent space list, select a parent space if need be.
9. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

Deleting a Space
The space deletion can be undergone at any time.

Warning
Deleting a space implies deleting all the addresses, pools, subnets and blocks it
contains as well.

Note that any replication made in the DHCP and DNS modules (automated creation of statics,
etc.) will not be deleted in these modules. This is a safety measure, considering that a space
could be deleted by mistake.

To delete one or several IP spaces

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Tick the space(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. Selected spaces are no
longer listed.

Defining a Space as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a space as one of the resources of a specific group will allow the users of that
group to manage the space(s) in question as long as they have the corresponding rights and
delegations granted.

Allowing access to a space as a resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

221
 Managing Networks

Managing IP Blocks
Blocks allow organizing the IPv4 and IPv6 subnets. A block is a set of related IP addresses, and
each block belongs exclusively to one space. The aim of such blocks can be to: manage subnet
provisioning, delegate the management of subnets to administrators, organize the address
structure, structure the network routes, give management rights to a scope of subnets, reserve
large range of IP addresses for specific usage or allocated range of IP addresses to a sub-spaces.

If you want to manage RIPE blocks, refer to the appendix SPX at the end of this guide.

Browsing Blocks
Within the IPAM module, the blocks represent the second level of the hierarchy. They are com-
pulsory and can be created in IPv4 and IPv6 depending on the IP addresses you intend to manage
and organize.

space

block

subnet

pool

address ipr-navblck

Figure 17.3. The Block within the IPAM hierarchy

Here below, you can see the link to browse the blocks database:

Figure 17.4. IPAM: All Blocks

Browsing the Blocks Database

Blocks are identified by name, start IP address and end IP address. You can navigate through
blocks, search for them or list them by applying search criteria and filters whether they manage
IPv4 or IPv6 addresses.

To list the IPv4 blocks through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP4 icon
is blue.

To list the IPv6 blocks through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP6 icon
is blue.

222
 Managing Networks

To list the blocks through the breadcrumb

1. Go to the IPAM tab.

2. Click on All blocks in the breadcrumb. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.

To list the blocks of an IP space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space of your choice to list the blocks it contains. The All blocks
list of the space opens.
4. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks of that space.

To display a block properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on All blocks in the breadcrumb. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. At the end of the line of the block of your choice, click on . The block properties pages
opens.

To search for a specific block, use the filtering fields located right under the columns name. You
can type in a name or an IP address in full or partially to find it. If you want to do a more thorough
search, double-click on in any filtering field to display the filter constructor and enter one by one
the parameters of your search.

Customizing the IP Blocks Display

SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.

Adding a Block
The block addition, whether it manages IPv4 or IPv6, can be undergone from the all blocks list
or within a specific space all blocks list. If you choose to add a block within a space, the creation
process will be slightly shorter than the procedure below as you will not need to specify the space.

The procedure is exactly the same in IPv4 and IPv6 as long as you activate the same default
behavior parameters on the IPv6 All blocks page.

To configure the blocks default behaviors in IPv6

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.

223
 Managing Networks

4. In the menu, select Settings > Modify the default behavior.The Default behavior modification
wizard opens.
5. Tick all the boxes.
6. Click on OK to commit your configuration. The report opens and closes. The All blocks list
is visible again.

From then on, the blocks addition in both versions of the Internet protocol will be created following
the procedure below.

To add an IPv4 or IPv6 block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. In the menu, select Add > Block. The Space selection wizard page appears.
5. In the Choose a space list, select the space in which you want to add the block. Click on
NEXT . The next page of the wizard appears.

6. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select None.

Click on NEXT . The next page of the wizard appears.

7. In the Block Name field, name the block.
8. In the Description field, you can type in a description.
9. In the Block address field, type in the start address.
10. In the Netmask drop-down list (only for IPv4 blocks), select a netmask. The netmask you
choose will automatically modify the prefix.
11. In the Prefix drop-down list, select a value if you did not choose a netmask. The netmask
will be modified automatically by the prefix you choose, the result of these modifications is
visible in the Comment field.
12. Fill in the default behaviors parameters fields according to the table below.

Table 17.2. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

13. Click on OK to commit the addition. The report opens and closes. The block is listed.

Note that you can also use templates if you plan on adding different IPv4 blocks with similar
properties. See the Managing IPAM Templates chapter of this guide for more details.

224
 Managing Networks

Editing a Block
At any time you can edit an existing block. The IPv4 blocks can be edited as long as their config-
uration is not defined through a template.

You can either edit it through the properties page, see procedure below, or through the Info Bar:
by putting your mouse over the name of the space you want to edit, you can then click on the
Edit button and open the Edit a block wizard.

To edit a block through its properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. At the end of the line of the space of your choice, click on . The block properties pages
opens.
5. In the Main properties panel, click on EDIT . The Edit an IPv4 block or Edit an IPv6 block
wizard opens
6. If you or the administrator created classes, in the Block class list, you can select a different
class or None.
7. Click on NEXT . The next page of the wizard appears.
8. Modify the Block name, Description, DNS properties and DHCP properties fields according
to your needs.
9. Fill in the default behaviors parameters fields according to the table below.

Table 17.3. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

10. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

Considering that handling blocks does not affect the elements they contain (subnets, pools, IP
addresses), if you want to merge or resize blocks the simplest solution would be to delete blocks,
all the data would be saved in an Orphan Subnet and then re-create a bigger block that can
contain the data. For more details regarding deletion, see the section Deleting a Block above.

Splitting an IPv4 Block

In IPv4, you have the possibility to modify the structure of a block by splitting it into 2, 4 or 8
smaller blocks. They will all have the same name but different start and end IP addresses.

225
 Managing Networks

To split one or several blocks

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 icon to display the IPv4 blocks.
4. Tick the block(s) you want to split.
5. In the menu, select, Tools > Migrate to another space. The Splitting blocks wizard opens.
6. In the drop-down list, select the number of blocks you want to create: 2, 4 or 8. By default,
2 is selected.
7. Click on OK to commit the split. The report opens and closes. The blocks are listed.

Moving a Block
You can move your blocks from one space to the other both in IPv4 and IPv6. Before migrating
blocks, make sure the addresses they manage are not already managed by another block in the
target space.

To move a block from one space to the other

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 depending on your needs.
4. Tick the block(s) you want to migrate.
5. In the menu, select, Edit > Split. The Migrate IPv4 blocks to another space or the Migrate
IPv6 blocks wizard opens.
6. In the Target space drop-down list, select the space where you want the block to be moved.
7. Click on OK to commit the split. The report opens and closes. The blocks are listed.

Deleting a Block
The block deletion can be undergone at any time. In reality, using the Delete option will not erase
the block from the database it if it contains objects (subnets, pools, used IP addresses). The
block(s) in question will be renamed Orphan Subnets and will be used in the next block that has
the same configuration than the one you deleted (i.e. IP addresses, size and DNS/DHCP config-
uration). This is a safety measure, considering that a block could be deleted by mistake, that way
the replication made in the DHCP and DNS modules (automated creation of statics, etc.) will be
saved.

To delete one or several blocks

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. Tick the block(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. Selected blocks are no
longer listed, they might be replaced by Orphan subnets.

226
 Managing Networks

If you really want to delete a block and everything it contains, you we have to start by deleting
all the addresses it contains, and then the pool(s), the subnet(s) and you will finally be able to
delete the block itself. For more details regarding the deletion of all these elements, see the
sections Managing IP Subnets, Managing IP Pools and Managing IP Addresses of this guide.

Defining a Block as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a block as one of the resources of a specific group will allow the users of that
group to manage the block(s) in question as long as they have the corresponding rights and
delegations granted.

Allowing access to a block as a Resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

Managing IP Subnets
Subnets were introduced with the RFC 950 in order to provide a solution to the problems that
the Internet community was facing with dual hierarchical address levels.

If you want to manage RIPE inetnums and/or inet6nums, refer to the appendix SPX at the end
of this guide.

Browsing Subnets
Within SOLIDserver, the subnets represent the third level of the IPAM module hierarchy and will
contain pools of addresses and/or IP addresses. There are the core of the organization and can
be manage IPv4 and IPv6 addresses.

space

block

subnet

pool
ipr-navsubn

address

Figure 17.5. The Subnet within the IPAM Hierarchy

In the IPAM streamline, the IP address management at the subnet level follow three basic rules:

1. all subnets are contained within a block to which they are systematically attached,
2. two subnets cannot overlap each other in the same block,
3. a subnet is defined by a network IP address, a size and a name.

Here below, you can see the breadcrumb link to browse the subnets database:

Figure 17.6. IPAM: All Subnets

227
 Managing Networks

Browsing the Subnets Database

Subnets are identified by name, start/end IP address and size.You can navigate through subnets,
search for them or list them by applying search criteria and filters whether they manage IPv4 or
IPv6 addresses.

To list the IPv4 subnets through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens, next to the Logout button, the IP4
icon is blue.

To list the IPv6 subnets through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets (v6) icon. The All subnets list opens, next to the Logout button, the
IP6 icon is blue.

To list the subnets through the breadcrumb

1. Go to the IPAM tab.

2. Click on All subnets in the breadcrumb. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.

To list the subnets of an IP block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the block of your choice to list the subnets it contains.

To list the subnets of an IP space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Click on the name of the space of your choice. The All blocks list of that space opens.
4. In the breadcrumb, click on All subnets to display all the subnets of that space.
5. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.

To display a subnet properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.

228
 Managing Networks

4. Filter the list if need be.

5. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.

Tip
If you or your administrator configured IPAM to DHCP default behaviors parameters,
some subnet properties page will contain a DHCP options panel that will allow to
configure DHCP options for the subnet and its corresponding scope. For more details
regarding default behaviors, refer to the Default Behaviors chapter of this guide. For
more details regarding DHCP options, refer to the Setting DHCP Options section of
this guide.

To search for a specific subnet, use the filtering fields located right under the columns name.
You can type in a name or an IP address in full or partially to find it. If you want to do a more
thorough search double-click on in any filtering field to display the filter constructor and enter one
by one the parameters of your search.

Customizing the IP Subnets Display

SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of the columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.

Tip
The Free IP column allows to see from the listing page the total number of free ad-
dresses in each IPv4 subnet.

Understanding the IP Subnets Statuses

SOLIDserver uses different statuses with associated icons to show the state and functionality of
the subnets. These status are:

Table 17.4. Subnets Statuses

Status Description
Unmanaged The subnet is not managed.
OK The subnet is properly configured.
Creating The creation is delayed while you wait for the RIPE to confirm the use
of a subnet.
Deleting The deletion is delayed while you wait for the RIPE to confirm the use
of a subnet.
NOT VALID The subnet size does not fit the available space in a block although it
was validated by the RIPE.
N/A The subnet is deleted but not its content.

Adding Subnets
The subnet addition can be manual or semi-automated. SOLIDserver provides options to find
subnets and make sure that you are using all the available subnets of a specific network.

229
 Managing Networks

The GUI of the All subnets list helps you differentiate the subnets size: every subnet is preceded
by an orange icon once created, unless their prefix is very small: subnets managing 4, 2 or 1
address are preceded by a green icon like in the image below.

Figure 17.7. IPv4 All Subnets List Icons

This display allows you to quickly spot the smallest subnets in the list. In IPv4, the /30, /31 and
/32 subnets will be preceded by a green icon and so will the IPv6 /126, /127 and /128 subnets.
By default, when creating a large enough subnet, he first and last address of a subnet are in most
cases reserved by the IPAM respectively for the network and broadcast addresses. In the All
addresses listing page, even though these addresses status is Free, they are not underlined and
cannot be edited or assigned. Still, essentially for import purposes, members of the Admin group
may be brought to make these addresses editable through the registry database. For more details,
refer to the first tip in the Adding an IP Address section of this guide. Subnets managing 2 or less
addresses do not use any address.

Adding a Subnet Manually

If you already know that a subnet is available, it is possible to create it directly in a subnets list
in IPv4 and IPv6. When its creation is validated, the IPAM module will check to see whether this
subnet overlaps with another that already exists in the same space.

In the following procedures, we will add a subnet in the All subnets list but you can of course do
it as well within a block or a non terminal subnet directly.

Note
The same name can be used several times for different subnets. The usage of the
same name for several subnets can be useful if you have to extend IP address ca-
pacity for an organization of a particular purpose.

To add an IPv4 subnet manually

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, make sure that the IP4 icon is blue. If it is not, click on IP4 to
display the IPv4 subnets.
4. In the menu, select Add > Subnet > Manual.
5. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.

230
 Managing Networks

6. On the Block/subnet list page, the spaces are listed in the Choose a block/subnet list. Click
on the + sign located left of the spaces to display the available blocks and subnets in IPv4.
2
Select one block or subnet and click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list, select the class you want to apply to this block or select None.

Click on NEXT . The Add an IPv4 subnet page opens.

8. Fill in the subnet settings.

Table 17.5. IPv4 Subnet Parameters

Fields Description
Subnet name In this field, name the subnet.
Address In this field, type in the subnet IP address.
Netmask In this drop-down list, select the mask applicable for the addresses
in this subnet. The corresponding prefix is automatically selected in
the next field.
Prefix In this drop-down list, select the number of bits reserved for the ad-
dress portion of the subnet. If you select a prefix, the netmask will
be automatically selected to match it in the previous field.
Comment In this field are summed up the details of the subnet depending on
what you selected in the Address, Netmask or Prefix fields.

9. In the Terminal subnet section, untick the box if you intend to create another subnet within
that subnet.
10. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
11. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.

Table 17.6. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the subnet level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

12. Click on OK to commit your creation. The report opens and closes. The subnet is listed.

Note that you can also use templates if you plan on adding different IPv4 subnets with similar
properties. See the Managing IPAM Templates chapter of this guide for more details.

2
If you used VLSM at the block or subnet level, you will have the possibility to choose among terminal or non terminal blocks and
subnets.

231
 Managing Networks

To add an IPv6 subnet manually

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > Manual.
5. If you or your administrator created classes at the subnet level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.
6. On the Block/subnet list page, the spaces are listed in the Choose a block/subnet list. Click
on the + sign located left of the spaces to display the available blocks and subnets in IPv6.
3
Select one block or subnet and click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None.
8. Click on NEXT . The Add an IPv6 subnet page opens.
9. In the Subnet name field, name the subnet.
10. In the Address field, type in the subnet FQDN IPv6 address of your choice.
11. In the Prefix drop-down list, select a prefix. By default, a list of prefixes corresponding to the
address you chose is available.
12. In the Terminal subnet section, tick the box if you do intend to create another subnet within
that subnet.
13. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
14. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.

Table 17.7. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the subnet level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

15. Click on OK to commit your creation. The report opens and closes. The subnet is listed.

3
If you used VLSM at the block or subnet level, you will have the possibility to choose among terminal or non terminal blocks and
subnets.

232
 Managing Networks

Finding Available Subnets

Rather than defining yourself the start address of a subnet, you might want to add a subnet of
the size of your choice within a space and let SOLIDserver add it to the first block that can hold
a subnet that size. This is possible through the By search option both in IPv4 and IPv6.

Note that although the creation procedure is assisted, you might get a pop-up error if you want
to create a subnet too big to fit in the specified space. In this case, either change the subnet size
or go back to the space selection step and choose a different space.

Tip
Next to the Logout button, the + button is a shortcut towards the By search subnet
addition wizard.

To search for a free IP4 subnet across all blocks

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Subnet > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT .

6. If you or your administrator created classes at the block level, the Block class page appears.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT . The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None. Click
on NEXT . The next page of the wizard appears.
8. In the Subnet Size page, select a value among one of the following fields to define the size
of the subnet:

• Subnet search size.

• Prefix.
• Netmask.

Note
Each one of the value available automatically changes the other two, which is
why you simply need to specify one.

9. Click on NEXT . The Search result page opens. Select an address in the Subnet address list.

The subnet address list displays the available subnets matching your criteria. These results
are displayed in ascending order from the block with the most important fragmentation to
the block with the least fragmentation.The hierarchy is symbolized by stars (three stars denote
a block defragmentation).
10. Click on NEXT . The Add an IPv4 subnet page appears. In the bottom left part of the wizard
are summed up all the criteria you selected so far.
11. In the Subnet name, name the subnet.

233
 Managing Networks

12. The Address, Prefix field are displayed in read-only as they correspond to the criteria previ-
ously set.
13. In the Terminal subnet section, you can untick the box if you plan on creating other subnet(s)
within the subnet you are creating.
14. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
15. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.

Table 17.8. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the subnet level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

16. Click on OK to commit your creation. The report opens and closes. The subnet is listed.

To search for a free IP6 subnet across all blocks

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The next page
of the wizard appears.
6. If you or your administrator created classes at the block level, the Block class page appears.
In the Block class list select the class you want to apply to this block or select No class.
Click on NEXT. The next page of the wizard appears.
7. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select None. Click
on NEXT . The Subnet size page opens.
8. In the Subnet prefix drop-down list, select a size. The size is displayed in bits, the bigger
the value the less addresses the subnet contains.
9. Click on NEXT . The Search result page opens. Select an address in the Subnet address (v6)
list.

The subnet address list displays the available subnets matching the selected size. These
results are displayed in ascending order from the block with the most important fragmentation
to the block with the least fragmentation. The hierarchy is symbolized by stars (three stars
denote a block defragmentation).
10. Click on NEXT . The Add an IPv6 subnet page appears.

234
 Managing Networks

11. In the Subnet name, name the subnet.

12. The Address, Prefix field are displayed for the record as they correspond to the criteria
previously set.
13. In the Terminal subnet section, you can untick the box if you plan on creating other subnet(s)
within the subnet you are creating.
14. In the Gateway field is visible the default gateway for the subnet. It is defined through the
Default behavior wizard at the subnet level. You can modify it if you want. All the fields dis-
played after this field match the default behavior parameters set by your administrator.
15. Fill in the default behaviors parameters fields. The table below, details the available options
of the Mode drop-down list at the bottom of the page.

Table 17.9. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the subnet level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

16. Click on OK to commit your creation. The report opens and closes. The subnet is listed.

Discovering IPv4 Subnets

Besides the By search addition of subnets, the IPAM module allows you to discover the available
addresses of selected IPv4 subnets. This option will perform a scan of the subnets of your choice
and add the IP addresses that respond to the ping sent. Due to performances, the network dis-
covery can be set to fast, middle or slow. The slower the discovery, the more likely you are to
properly scan the network. The discovery mechanism sends 32 ICMP echoes at once on the
network.

To discover available addresses on particular subnets

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) you want to discover.
5. In the menu, select Edit > Discover Subnets > Fast / Normal / Slow. The Discover subnets
wizard opens.

Table 17.10. Discovering IPv4 subnets mode

Discover mode Timeout Retry
Slow 3 seconds 2 retries
Normal 2 seconds 1 retries
Fast 1 second no retry

235
 Managing Networks

6. Click on OK to perform the subnet discovery. The report opens during the discovery. Click
on CLOSE to go back to the list.

Note
The discovered subnets IP addresses will be set to Yes in the Used column, their
name will also be retrieved and displayed in the list if the appliance DNS resolver is
properly configured. For more details regarding the resolvers, refer to the Network
configuration chapter.

Editing Subnets
There are two ways of editing a subnet:

1. Changing the subnet properties.

2. Editing the reserved addresses of a subnet.
3. Redefining the subnet size:
• Splitting a subnet.
• Merging subnets.

Editing a Subnet

At any point in time, you can modify the parameters of a subnet whether is regards its name,
size or location.

To edit a subnet through its properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. If you or the administrator created classes, in the Subnet class list, select a different class
or None.
7. Click on NEXT . The Edit an IPv4 subnet or the Edit an IPv6 subnet page appears.
8. Modify the Subnet name field, if need be.
9. Fill in the default behaviors parameters fields according to the table below.

Table 17.11. IPAM Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.

236
 Managing Networks

Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

10. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

Splitting IPv4 Subnets

Terminal subnets in IPv4 can be split in 2, 4 or 8 subnets of equal size. These newly created
subnets reuse all the addresses contained in the original subnet and are named after it. They all
have contiguous addresses to match total number of IP addresses in the original subnet. Each
new subnet is assigned the first available IP address as gateway.

To split one or several IPv4 subnets

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) you want to split.
5. In the menu, select Edit > Split. The Splitting subnets wizard opens.
6. In the Number of subnets to create drop-down list, select a value (2, 4 or 8).
7. Click on OK to commit the split of the subnet(s). The report opens and closes. The subnets
are now listed.

Merging IPv4 Subnets

With SOLIDserver, you have the possibility to merge several IPv4 subnets together. Two or more
subnets can be merged respecting several rules:

• The subnets must be of identical size,

• The subnets must be contiguous,
• The subnets must be in the same block,
• The number of subnets merged must be a power of two (2, 4, 8, 16, 32, 64, ...),
• The result of the merge must produce a subnet with a netmask address boundary.

When several subnets are merged in one subnet, all the existing addresses in the default subnet
will be automatically be integrated to the new one in order not to lose any address. The result
will be a unique subnet named after the very first subnet in the list.

To merge IPv4 subnets

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnets you want to merge.
5. In the menu, select Edit > Merge. The Merging subnets wizard opens.

237
 Managing Networks

6. Click on OK to commit the merge. The report opens and closes. The new subnet is listed
with the start address of the first subnet and the end address of the last subnet.

Note
If the merge you are trying to apply is impossible, an error message appears on the
report page and only a partial report of some subnets is executed.

Managing the IPv4 Block Map Page

SOLIDserver provides a page that allows you see in one glance the ranges of addresses available.
In other words, what space you have left in a specific block or non terminal subnet to create new
subnets. This allows you to have an overview of the ranges of addresses left and help you make
sure you did not forget any part of your network. This page is called Block map and is only
available from the All subnets list of a specific IPv4 block or non terminal subnet.

Each block is divided into lines of /24 subnets that allow you to get a fast overview of the addresses
used and available in the block.

Figure 17.8. Block Map Representation of All the Subnets Created

1 This line corresponds to the first 256 addresses of the block and represents the used and
available addresses divided into blue colored subnets. The sections of the line in dark and
light blue correspond to subnets created, the sections in gray are still available.
2 This blue section represents a /21 subnet. Its start address (1.0.8.0) is displayed at the start
of the first line on the left, and its end address (1.0.15.255) is displayed at the end of the
last line. All the lines are linked by a blue area that highlights that they belong to the same
subnet.

As this subnet is quite big, and in order to avoid representing a line for every chunk of 256
addresses (/24), you can see that two lines are separated by a zigzag line. That line indicates
as well that the range of addresses represented is large.
3 Put your mouse over any blue section to obtain details regarding the subnet represented:
its name, its start and end IP addresses and its size. You can also click on any blue section
to go to the properties page of the subnet in question.

238
 Managing Networks

4 This gray section indicates that from the IP addresses 1.3.1.0 to the address 1.255.255.255,
not any address is part a subnet. Here again, the zig zag line indicates that the range of
addresses represented is very large.

To display the Block Map page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens, next to the Logout button, the IP4 icon
is blue.
3. Click on the name of the block of your choice. The All subnets list of the block opens.
4. In the menu, select Display > Block map. The Block map page opens.
5. Click on any blue section to access the properties page of the subnet of your choice.

Moving IPv4 Subnets across Spaces

At any given point you can migrate a subnet from one space to the other for as long as the receiv-
ing space contains a block named exactly like the containing block of the subnet(s) to be migrated
and a start address that can receive said subnet. To put it simply, if you want to move your subnet
Directors with the start address 3.16.0.15, located in the block Paris, from the space Board to
the space Europe; you will need to make sure that the block Paris exists in the space Europe
and that its start address can contain the subnet (for instance, it would be a block with the start
address 3.0.0.0).

To migrate subnets across spaces

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens, next to the Logout button, the IP4
icon is blue.
3. Tick the subnet(s) you want to migrate.
4. In the menu, select Tools > Expert > Migrate to another space. The Migrate a subnet wizard
opens.
5. In the Target space drop-down list, select one of the existing spaces listed. Make sure the
target space contains a block named after the block from which you are moving the selected
subnet(s).
6. In the Overwrite drop-down list, select Yes or No according to your needs.
7. Click on OK to commit the migration. The report opens and closes. The subnet is now part
of the specified space.

Managing or Unmanaging Subnets

The Manage/Unmanage option of the IPAM module prevents subnets overlapping. These options
are useful when it comes to clearing up the subnet database if you are allocated a particular
range of addresses by the RIPE through SPX, especially if you are still waiting on this range to
be officially allocated to you. Indeed, any subnet set as unmanaged is virtually non existent in
the database, which gives you the time to create new subnets that have the exact same IP address
and prefix than an unmanaged subnet and assign in advance the addresses it contains if need
be. To avoid overlapping, it will be impossible to set an unmanaged subnet to Manage if it uses
the same IP addresses to provision the database.

239
 Managing Networks

Note that any action (split or merge) undergone on an unmanaged subnet puts it back to being
Managed if the addresses it contains are not already used. Besides, once set to unmanaged,
the assigned addresses, including the gateway, will be placed in an Orphan Addresses container.

By default, all IPv4 and IPv6 subnets are set as Managed through the OK status.

To unmanage a subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display the
IPv6 subnets..
4. Tick the subnet(s) you want to unmanage.
5. In the menu, select Tools > Expert > Unmanage. The Unmanage wizard opens.
6. Click on OKto unmanage selected subnet(s). The report opens and closes. The subnet is
listed as Unmanaged.

To manage a subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display the
IPv6 subnets..
4. Tick the subnet(s) you want to manage.
5. In the menu, select Tools > Expert > Manage. The Manage wizard opens.
6. Click on OK to manage selected subnet(s). The report opens and closes. The subnet is listed
as OK.

Associating Subnets to a VLAN

With version 5.0.2, SOLIDserver provides the possibility of creating Virtual Local Area Networks
and associate them with existing subnets to allow them to communicate no matter what space
or block they belong to. These VLANs can be created in the GUI in the VLAN Manager module.

Once you VLANs are created, the configuration within the IPAM is enabled through the configur-
ation of default behaviors than you can later on apply when adding or editing your subnets. For
more details, refer to the VLAN Manager part of this guide.

Deleting a Subnet
The subnet is an IP address container. When you delete a subnet, the addresses that were
contained therein are not systematically deleted: if they were all free the subnet is deleted, if
some addresses were assigned, the subnet is replaced by an Orphan Subnets container and
listed in the All subnets list.

To delete one or more subnets

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.

240
 Managing Networks

3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The subnet is no longer
listed or is now listed as Orphan Addresses.

Defining a Subnet as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a subnet as one of the resources of a specific group will allow the users of that
group to manage the subnet(s) in question as long as they have the corresponding rights and
delegations granted.

Allowing access to a subnet as a Resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

241
Chapter 18. Managing Addresses
Ultimately within the IPAM module, what you want to manage are the IP addresses. There is one
last level within the IPAM hierarchy that can help you organize all your addresses: the pools.

Managing IP Pools
The pools are the fourth level of the IPAM module hierarchy and the last addresses container
level. Creating pools is not compulsory. If some pools seem to be missing, it is probably because
you do not have enough rights to see them, in that case you have to ask your administrator to
extend your privileges on these objects.

Browsing Pools
SOLIDserver introduced the concept of pools because it allows reserving IP addresses for restric-
ted usage such as: address provisioning, planning or migrations. Pools can be also used to del-
egate one or several ranges of IP addresses to groups of administrators.

space

block

subnet

pool
ipr-navpool

address

Figure 18.1. The Pools Within the IP Hierarchy

Here below, you can see the breadcrumb link to browse the pools database:

Figure 18.2. IPAM: All Pools

Browsing the Pools Database

Pools are identified by name and start/end IP address. You can navigate through pools, search
for them or list them by applying search criteria and filters whether they manage IPv4 or IPv6
addresses.

To list the IPv4 pools through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens, next to the Logout button, the IP4 icon is
blue.

To list the IPv6 pools through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.

242
 Managing Addresses

2. Click on the Pools icon. The All pools list opens, next to the Logout button, the IP6 icon is
blue.

To list the pools through the breadcrumb

1. Go to the IPAM tab.

2. Click on All pools in the breadcrumb. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.

Note
If some pools seems missing for you it is probably because you have not enough
rights to see them, in that case you have to ask your administrator to extend your
privilege on these objects.

To list the pools of an IP subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice to list the pools it contains. If the subnet
contains other subnets, either click on the name of one of the subnets to see its pools or
click on All pools in the breadcrumb to see the pools of all these imbricated subnets.

To list the pools of an IP block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. Click on the name of the block of your choice to list the subnets it contains.
5. In the breadcrumb, click on All pools to display the pools of the block.

To list the pools of an IP space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. In the breadcrumb, click on All pools to display all the pools of that space.
4. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.

To display a pool properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.

243
 Managing Addresses

3. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
4. Filter the list if need be through the Name column filtering field for instance.
5. At the end of the line of the pool of your choice, click on . The pool properties pages opens.

To search for a specific pool, use the filtering fields located right under the columns name. You
can type in a name or an IP address in full or partially to find a pool or all the pools sharing the
value you entered. If you want to do a more thorough search, double-click on in any filtering field
to display the filter constructor and enter one by one the parameters of your search.

Customizing the IP Pools Display

SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.

Adding a Pool
Within any subnet, you can create pools to organize further your IP addresses and gather them
in a pool to define a common set of options for instance.

The addition of pools, unlike blocks and subnets, can only be done manual, mainly because this
level of organization is not mandatory.

You can create pools from the All subnets page, the All pools page, the All pools page of a spe-
cific subnet or even the properties page of a specific subnet.

To create an IP address pool from the all subnets page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice. The All addresses list of this subnet opens.
5. In the menu, select Add > Pool or Add > pool (v6).
6. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.

Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
7. Fill in the following fields to configure the pool:

Table 18.1. IP Pools Configuration Fields

Fields Description
Pool name In this field, name the pool. This field is compulsory.
Pool read only In this section, tick the box if you want to set the pool in read only
i.e. reserve it. This field is optional. By default, the checkbox is not
ticked.
Start address In this field, type in the first address of the pool. This field is compuls-
ory.

244
 Managing Addresses

Fields Description
End address In this field, type in the last address of the pool. This field is compuls-
ory.
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

8. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.

To create an IP address pool from the all pools page of a specific subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice. The All addresses list of this subnet opens.
5. In the breadcrumb, click on All pools. The All pools page of the subnet opens.
6. In the menu, select Add > Pool or Add > pool (v6) depending on the subnet you chose.
7. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.

Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
8. Fill in the following fields to configure the pool:

Table 18.2. IP Pools Configuration Fields

Fields Description
Pool name In this field, name the pool. This field is compulsory.
Pool read only In this section, tick the box if you want to set the pool in read only
i.e. reserve it. This field is optional. By default, the checkbox is not
ticked.
Start address In this field, type in the first address of the pool. This field is compuls-
ory.
End address In this field, type in the last address of the pool. This field is compuls-
ory.

245
 Managing Addresses

Fields Description
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

9. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.

You can obviously also create a pool from the All pools page outside a subnet. In this case, you
need to specify the space, block and subnet in which you want to create it. You might also need
to select classes if you or your administrator created at some levels of the IPAM hierarchy.

To create an IP address pool from a subnet properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Filter the list if need be.
5. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
6. In the IP address pool panel, click on ADD. The wizard opens.
7. If you or your administrator created classes at the pool level, the Pool class page opens. In
the IP pool class list select the class you want to apply to this block or select None.

Click on NEXT . The Add an IPv4 pool or the Add an IPv6 pool page opens.
8. Fill in the following fields to configure the pool:

Table 18.3. IP Pools Configuration Fields

Fields Description
Pool name In this field, name the pool. This field is compulsory.
Pool read only In this section, tick the box if you want to set the pool in read only
i.e. reserve it. This field is optional. By default, the checkbox is not
ticked.
Start address In this field, type in the first address of the pool. This field is compuls-
ory.

246
 Managing Addresses

Fields Description
End address In this field, type in the last address of the pool. This field is compuls-
ory.
Size In this field, type the number of addresses contained in the pool. The
Size field value is automatically calculated depending upon the Start
Address and End address fields. If you type in a size, the end address
will automatically be modified accordingly.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

9. Click on OK to commit the creation. The report opens and closes. The addresses included
in the pool are now listed in a blue frame of their own and are marked with their pool name
in the Pool column.

Reserving a Pool
You can choose to reserve a pool of addresses for DHCP use, to identify a bunch of printers,
etc. To go through with the reservation, you simply need to tick a box upon creation of the pool
or edit it through its properties page.

To put a pool in read only through its properties page

1. Go to the properties page of the pool of your choice. For more details, see the procedure
To display a pool properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes at the pool level, the IP pool class opens. In the
IP pool class list, select one of the classes or None. Click on NEXT . The Edit an IPv4 pool
or Edit an IPv6 pool page opens.
4. In the Pool read only, tick the box to reserve the pool.
5. Click on OK to commit your changes. The report opens and closes. The pool is now marked
Yes in the Read only part of the Main properties panel.

Resizing a Pool
IPv4 pools can be edited to manage more or less addresses than they did when you created
them: we call this operation resizing a pool. It will basically shift the start and end addresses of
the pool. Through the wizard you will be able to indicate the number or addresses to include to
or exclude from the selected pool. Resizing a pool will not be possible if if the addresses you in-
clude or exclude are already used or belong to another pool.

So if your pool managed the addresses 192.168.100.10-192.168.100.125 you can decide to

resize it to manage the addresses 192.168.100.100-192.168.100.105 indicating a start address
shift of "90" and an end address shift of "-20".

247
 Managing Addresses

To resize a pool

1. Go to the IPAM tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Pools icon. The All pools page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. Filter the list if need be.
5. Tick the pool(s) you want to resize.
6. In the menu, select Edit > Resize Pools. The Resize IPAM pools wizard opens.
7. In the Start address shift field, type in the positive or negative shift for the pool start address
that suits your needs. If you type in 0 (zero), the address stays the same.
8. In the End address shift field, type in the positive or negative shift for the pool end address
that suits your needs. If you type in 0 (zero), the address stays the same.
9. Click on OK to commit the new size. The report opens and closes. The new pool(s) size is
visible.

Deleting a Pool
The pool deletion can be undergone at any time.

Note
Unlike the blocks and subnets, if you delete a pool you do not delete the addresses
it contains or create an orphan container. You only delete the pool itself and the
parameters that come with it.

To delete one or more pools

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools or on IP6 to display IPv6
pools.
4. Tick the pool(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The pool is no longer listed
nor are the addresses present in the All addresses list.

Defining a Pool as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a pool as one of the resources of a specific group will grant the users access to
the selected pool(s) as long as they have the corresponding rights and delegations granted.

Allowing access to a pool as a Resource will also make every item it contains available. If a user
has limited rights to one pool of a specific subnet, he/she will only see and manage the IP ad-
dresses of this pool and not any other IP addresses of the subnet. For more details, refer to the
section Assigning Objects as Resource in the chapter Managing Groups of administrator of this
guide.

248
 Managing Addresses

Managing IP Addresses
Like any page of the IPAM from the blocks down, there is one page dedicated to the IPv4 man-
agement and one for IPv6. From the All addresses pages, you can finalize the organization of
your network addresses. The entire IP addresses database can be displayed as a unique list
from the SOLIDserver user interface.

Browsing IP Addresses
Addresses represent the fifth and last level of the IPAM hierarchy.

space

block

subnet

pool

ipr-navaddr
address

Figure 18.3. IP addresses in the IP hierarchy

Here below, you can see the breadcrumb link to browse the IP Addresses database:

Figure 18.4. IPAM: All IP Addresses

Browsing the IP Addresses Database

SOLIDserver allows you to display the entire IP address database as one list. This feature allows
an administrator to seek IP addresses through all spaces, blocks, subnets and pools as well.
SOLIDserver automatically changes the columns' organization: for instance if you directly display
the list of all IP address without filtering by block or by subnet, then SOLIDserver will add the
block and subnet column to allow filtering this information.

It is also possible to list the IP addresses by diving into the database in depth. SOLIDserver allows
you to dive into the database identifying each level as you go down, each time you cross a level,
it will be automatically added as a new filter in the navigation bar.

To list the IPv4 addresses through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.

To list the IPv6 addresses through the IPAM homepage

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses (v6) icon. The All addresses list opens, next to the Logout button,
the IP6 icon is blue.

249
 Managing Addresses

To list the addresses through the breadcrumb

1. Go to the IPAM tab.

2. Click on All addresses in the breadcrumb. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.

Caution
The Address column filtering field has some limitations in IPv6. Considering how
long the addresses are in this version of the protocol, you can only type in an IP ad-
dress entirely to look for it.

To list the addresses of an IP pool

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Pools icon. The All pools list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.
4. Click on the name of the pool of your choice to list the IP addresses it contains.

To list the addresses of an IP subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the name of the subnet of your choice to list the addresses it contains. If it contains
pools, click on the pool of your choice to display its addresses.

To list the addresses of an IP block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks or IP6 to display the IPv6
blocks.
4. Click on the name of the block of your choice to list the subnets it contains.
5. In the breadcrumb, click on All addresses to display the addresses of the block.

To list the addresses of an IP space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the breadcrumb, click on All addresses to display all the addresses of that space.
4. Next to the Logout button, click on IP4 to display the IPv4 pools or IP6 to display the IPv6
pools.

250
 Managing Addresses

To display an IP address properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list if need be through the columns filtering field.
5. At the end of the line of the address of your choice, click on . The address properties pages
opens.

To display an IPv6 address in full

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Display > Uncompress IPv6 addresses. All the addresses are displayed
entirely.

Customizing the IP Addresses Display

SOLIDserver enables you to modify the columns display in the list. You can add or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this guide.

Tip
The Aliases column provides a complete overview of your IPv4 addresses configured
aliases.

Type, Status and Reservation of IP Addresses

SOLIDserver uses different types to differentiate IP addresses. These types are listed in the Type
column and explained below:

Table 18.4. IP address types

Status Description
Network This address is the first address of a subnet. It represents the IP address
of the network. It should not be used excepted in some configuration
for /31 or /32 interconnection network.
a
Broadcast This address is the last address of a subnet. It represents the broadcast
IP address for a network. It should not be used excepted in some con-
figuration for /31 or /32 interconnection network.
Orphan This address is assigned and was therefore not deleted like the rest of
the block or subnet that contained it.
Regular This address can be used.
a
A broadcast address is a network address that allows information to be sent to all nodes on a network, rather than to a
specific network host.

251
 Managing Addresses

Note
In IPv4, upon creation of a subnet, the penultimate address is set as the gateway
address. This address will simply be named Gateway in the Name column. It is not
notified in the Type column.

Each one of the addresses listed can be assigned if available, i.e. free. In the Status column, you
will find the statuses listed below:

Table 18.5. IP address statuses

Status Description
Used This address is assigned to a host on the network. It can be associated
with a resource record, a fixed address, DHCP static reservation, DHCP
lease, or an item discovered by NetChange.
Free This IP address is unassigned.

Finally, through the Reserved column you will be able to know if an IP address is reserved or
not, that is to say part a of a pool of addresses in read-only:

Table 18.6. IP address reservations

Status Description
No This IP address is not reserved.
Yes This IP address reserved, e.g. part of a pool of addresses that will be
used for DHCP.

Therefore, rather than having only one column and a long list of statuses that mix the type, status
and availability of an IP address. You will be able through these columns to know more rapidly
what options you have with the listed addresses. However, you can still display mixed statuses
through the Overall status column:

• The Reserved Free: if an IP address is available but reserved by a pool in order to prevent
a conflict between statically configured devices and dynamically configured devices, it will be
marked as Yes in the Reserved column, Regular in the Type column and Free in the Status
column. It basically means that this unassigned address could be a part of a DHCP range, but
have not yet been assigned to a host yet. In other words, it cannot be assigned by a user op-
eration.

• The Reserved Used: if an IP address is reserved by a pool and used, to prevent address
conflicts between statically configured devices and dynamically configured devices. It will be
marked as Yes in the Reserved column, Regular in the Type column and Used in the Status
column. It basically means that this address could be dynamically assigned through DHCP if
it belong to a DHCP range. Basically, this address cannot be released by a user operation.

To display this column, use the menu Settings > Listing templates. Either edit the default template
display or create a new one and in the Hidden columns select the Overall status and add it to
the Displayed columns. Then click on OK to commit your changes.

Adding an IP Address
At the All addresses level, adding an IP address is in fact assigning it. There are three ways of
assigning IP addresses:

252
 Managing Addresses

• Manually: if you already know the IP address you want to assign and are sure that this IP ad-
dress is free.
• By search: you do not know is there is a free IP address that matches your need. You just
know the subnet where you want to assign a new IP address.
• Through selection: from the list of the IP address of a subnet, you can directly click on a free
IP address to assign it.

Once assigned, the IP address will be marked as Used in the Status column whether it is associ-
ated with a specific MAC address or not.

Tip
By default, the Broadcast and Network addresses of all subnets are reserved
and cannot be assigned. However, you can allow their assignation using a re-
gistry database key. This is all the more useful if you manage many small subnets
and need to use all the your addresses. To make both addresses editable in IPv4
and IPv6, go to the Administration tab homepage. In the menu, select System > Expert
> Registry database. Once the Registry database page is displayed, in the Name
column look for the www.display.lock_broadcast_network_addresses key. Click on
its value - by default it is set to 1 to prevent the assignation of both addresses - the
Registry database Edit a value wizard opens. Type in 0 in the Value field and click
on OK to commit your edition.Your changes are visible in the list. Now you can assign
the broadcast and network addresses of all subnets both in IPv4 and IPv6.

Assigning addresses from the All addresses list

From the All addresses list, you can assign addresses manually or by search through the Add
menu. In other words, you can name it and link it to a specific MAC address.

To add an IP address manually from the All addresses list

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Add > Address > Manual or Add > Address (v6) > Manual. The wizard
opens.
5. On the Space selection page, in the Space list select a space and click on NEXT . The next
page opens.
6. If you or your administrator created classes at block, subnet, pool or address level, the
<object> class page appears before the <object> list page. Select the class of your choice
or No class and click on NEXT to be able to specify a container and continue. If you cannot
select the option None or No class in the class list, it means that all the objects listed are
associated with a class.
7. In the Block name, select the block of your choice.
8. Click on NEXT . The Subnet list page opens.
9. In the Subnet name, select a subnet.
10. Click on NEXT . The Pool list page opens. The pool list page might not appear if you did not
create any.

253
 Managing Addresses

11. In the Pool name list, select a pool or No pool.

12. Click on NEXT . On the Add an IPv4 address or the Add an IPv6 address wizard, fill in the
following fields:

Table 18.7. IP Address Configuration Fields

Fields Description
IP address name This field is in read-only and displays the name entered in the
Shortname field followed by the domain if you select one.
IP address In this field, type in the IP address of your choice. Keep in mind that
this address has to be part of the selected subnet.
MAC address In this field, you can enter the MAC address of the host you want to
assign the IP address to. Remember that in IPv6, the MAC address
corresponds to the last twelve hexadecimal characters of the client
DUID. This field is optional.
Shortname In this field, name the IP address. This field is compulsory.
Domain In this drop-down list, you can select one of your DNS zones or None.
The selected zone will be updated by and associated with the IP
address. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

Click on NEXT . The Aliases configuration page opens.

Tip
The selected subnet is visible in the bottom-left corner of the wizard. If you
named the IP address but realize that you selected the wrong subnet, click on
PREVIOUS , modify the subnet or block and click on NEXT until you get back to that
step of the creation.

13. In the Add an alias field, name your alias(es). Click on to add it to the Aliases list. For
more details regarding aliases, see the section Configuring IP Address Aliases.
14. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

The By search tool is a very powerful tool that can save you quite some time figuring out where
you might have some available IP addresses. Note that if selected blocks do not have subnets
created yet, you will not be able to go through with the addition process.

To add an IP address by search from the all addresses list

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.

254
 Managing Addresses

3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. In the menu, select Add > Address > By search or Add > Address (v6) > By search. The
wizard opens.
5. On the Space selection page, in the Space list select a space and click on NEXT . The next
page opens.
6. If you or your administrator created classes at block, subnet, pool or address level, the
<object> class page appears before the <object> list page. Select the class of your choice
or No class and click on NEXT to be able to specify a container and continue. If you cannot
select the option None or No class in the class list, it means that all the objects listed are
associated with a class.
7. In the Block name, select the block of your choice.
8. Click on NEXT . The Subnet list page opens.
9. In the Subnet name, select a subnet.
10. Click on NEXT . The Pool list page opens. The pool list page might not appear if you did not
create any.
11. In the Pool name list, select a pool or No pool.
12. Click on NEXT . The Search result page opens.
13. In the IP address list, all the available addresses of the selected subnet are visible. Select
the IP address of your choice.
14. Click on NEXT . On the Add an IPv4 address or the Add an IPv6 address page, fill in the fol-
lowing fields:

Table 18.8. IP Address Configuration Fields

Fields Description
IP address name This field is in read-only and displays the name entered in the
Shortname field followed by the domain if you select one.
IP address This field is in read-only and displays the previously selected IP ad-
dress.
MAC address In this field, you can enter the MAC address of the host you want to
assign the IP address to. Remember that in IPv6, the MAC address
corresponds to the last twelve hexadecimal characters of the client
DUID. This field is by default optional but can be mandatory depend-
ing on the selected class.
Shortname In this field, name the IP address. This field is compulsory.
Domain In this drop-down list, you can select one of your DNS zones or None.
The selected zone will be updated by and associated with the IP
address. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

255
 Managing Addresses

Click on NEXT . The Aliases configuration page opens.

Tip
The selected subnet is visible in the bottom-left corner of the wizard. If you
named the IP address but realize that you selected the wrong subnet, click on
PREVIOUS , modify the subnet or block and click on NEXT until you get back to that
step of the creation.

15. In the Add an alias field, name your alias(es). Click on to add it to the Aliases list. For
more details regarding aliases see the section Configuring IP Address Aliases.
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

Assigning addresses from the All addresses list of a specific subnet

Once you displayed the addresses of the subnet of your choice, you can click on the IP address
to name it and link it to a specific MAC address if need be.

To select an IP address to assign

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. Click on the subnet name of your choice to display its IP addresses. If need be, filter the list
through the Status column to display only the Free addresses.
5. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
6. Click on OK . The wizard opens.
7. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.

Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. Configure the address following the fields below.

Table 18.9. IP Address Configuration Fields

Fields Description
IP address name This field is in read-only and displays the name entered in the
Shortname field followed by the domain if you select one.
IP address This field is in read-only and displays the IP address you clicked on.
MAC address In this field, you can enter the MAC address of the host you want to
assign the IP address to. Remember that in IPv6, the MAC address
corresponds to the last twelve hexadecimal characters of the client
DUID. This field is by default optional but can be mandatory depend-
ing on the selected class.
Shortname In this field, name the IP address. This field is compulsory.

256
 Managing Addresses

Fields Description
Domain In this drop-down list, you can select one of your DNS zones or None.
The selected zone will be updated by and associated with the IP
address. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

Click on NEXT . The Aliases configuration page opens.

9. In the Add an alias field, name your alias(es). Click on to add it to the Aliases list. For
more details regarding aliases see the section Configuring IP Address Aliases.
10. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

Restoring an IP Address
SOLIDserver provides a powerful option that allows to restore any deleted IP address both in
IPv4 and IPv6. All deleted IP addresses will be listed in the All deleted IP addresses page (one
page is dedicated to IPv4 addresses and the other to IPv6 addresses) from where you will have
the possibility to restore the IP addresses deleted if need be. In other words, from these pages
you can undo the address deletion. Obviously, if no address has been deleted, the All deleted
IP address page, whether in IPv4 or IPv6, will be empty.

To make it easy to use, an icon was added in the user interface on the All addresses pages of
the IPAM.

Figure 18.5. IPAM All Addresses Page: The Undo Icon

1 This icon called Deleted IP addresses list in the GUI allows you to access the All Deleted
IP addresses and the All deleted IP addresses (v6) page depending on the version of the
addresses displayed on the page.

Through the Display menu, you can also access the All deleted IP addresses pages. Both pages
contain three columns: Date, Users and Description.

Table 18.10. The Deletes IP Address pages (v4 or v6)

Column Description
Date In this column are displayed the date and time of the IP address deletion.
Through the menu, Preferences > My Account > Set Date/Time Format
you can change the display of both values.

257
 Managing Addresses

Column Description
Users In this column is displayed the name of the user who deleted the IP ad-
dress. This name is underlined, if you click on it you will access display
the user properties page in the Administration module.
Description In this field are displayed a number of details regarding the deleted IP
addresses: the IP address itself, its name, its MAC address (if relevant),
the subnet it belongs to and finally the space it belongs to.

Like on any other page, you will be able to export a report of all the IP addresses deleted. From
these pages you can create two gadgets: an alert and/or a chart.

To undo an IP address deletion

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon to display the IPv4 addresses or on the Addresses (v6) icon to
display the IPv6 addresses.
3. Click on the Undo icon. The All deleted IP addresses or the All deleted IP addresses (v6)
opens.
4. Tick the addresses you want to restore to the All addresses list.
5. In the menu, select Edit > Undo IP deletion or Undo IP deletion (v6). The Restoring IP ad-
dresses or Restoring IPv6 addresses wizard opens.
6. Click on OK to commit your modifications. The report opens and closes. The addresses are
no longer listed on the All deleted IP addresses page.
7. Next to the Logout button, click on IP4 or IP6 depending on the addresses you chose to re-
store. The corresponding All addresses list opens, your addresses are listed again.

Editing an IP Address
Editing an IP Address

You can edit any IP address to change its class, rename it, apply or remove a number of default
behaviors or a MAC address.

Note that you can only edit used IP addresses. The available ones can only be assigned.

To edit an existing IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Put your mouse over the name of the IP address you want to edit. The Info Bar appears,
click on edit button.

Note
You can also edit the IP address through its properties page. In the Main prop-
erties panel, click on EDIT to open the edition wizard and follow the steps below
to go through with the edition.

258
 Managing Addresses

5. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
6. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens. Fill in the
following the following fields:

Table 18.11. IP Address Configuration Fields

Fields Description
IP address name This field is in read-only and displays the name entered in the
Shortname field followed by the domain if you select one.
IP address This field is in read-only and displays the IP address you clicked on.
MAC address In this field, you can enter the MAC address of the host you want to
assign the IP address to. Remember that in IPv6, the MAC address
corresponds to the last twelve hexadecimal characters of the client
DUID. This field is by default optional but can be mandatory depend-
ing on the selected class.
Shortname In this field, name the IP address. This field is compulsory.
Domain In this drop-down list, you can select one of your DNS zones or None.
The selected zone will be updated by and associated with the IP
address. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.

Click on NEXT . The Aliases configuration page opens.

7. In the Add an alias field, name your alias. Click on to add it to the Aliases list. For more
details regarding aliases see the section Configuring IP Address Aliases.
8. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

Renaming IPv4 Addresses Massively

SOLIDserver provides a tool to rename IPv4 addresses massively through three options:

• Rename: replaces the IP name by the new input.

• Append: concatenates the input at the end of the IP address name.
• Prepend: concatenates the input at the beginning of the IP address name.

To massively rename IP addresses

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses.
4. Tick the IP addresses you want to rename.

259
 Managing Addresses

5. In the menu, select Edit > Replace > IP address name. The Replace name of IP addresses
wizard opens.
6. In the Exact search field, you can select one of the following options:

Table 18.12. Exact Search Available Options

Options Description
Replace Selecting this option allows you to rename IP addresses of partially.
In the Replace field, enter the name or part of the name to be re-
placed; in the Name field, enter the new name.
Append Selecting this option allows you to add the characters of your choice
at the end of selected IP addresses name. In the Name field, enter
the input of your choice.
Prepend Selecting this option allows you to add the characters of your choice
at the beginning of selected IP addresses name. In the Name field,
enter the input of your choice.

7. Click on OK to rename selected IP addresses.The report opens and closes.The IP addresses

are renamed in the list.

Moving IPv4 Addresses

To manage the IP addresses as efficiently as possible, SOLIDserver includes tools to move IPv4
addresses through the IPAM database. You can migrate IP addresses to another subnet, move
IP addresses to another space or migrate IP addresses into the lowest VLSM subnet. Basically,
a number of tools allow you to move hosts from a subnet to the other whether they are part of
the same space or not.

Relocating IP Addresses within a Subnet

SOLIDserver allows to massively move IP addresses from one subnet to the other. This operation
is helpful when you have to relocate hosts to another network. The following command allows to
move selected IP addresses to the first available IP addresses of the destination subnet.

To relocate the IP address to another subnet

1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another subnet.
3. In the menu, select Edit > Migrate to another subnet. The Addresses migration wizard
opens.
4. In the Target space drop-down list, select a space.
5. In the New subnet IP field, type in the start address of the subnet you want to move the ad-
dress(es) to.
6. Click on OK to commit the modifications. The report opens and closes. The list is visible
again, you can filter it to check the new address assigned to your hosts.

Moving IP Addresses to another Space

IP addresses can be massively moved from one space to the other and maintain their assignment
after being moved. Obviously, the target space must have a subnet that can receive all the new

260
 Managing Addresses

IP addresses. It means that you will not be able to move addresses between spaces if the target
space does contain a subnet with a start address that can receive the selected addresses. In the
same way, if you move more addresses than the number of addresses that the target subnet can
hold, the migration will be impossible. Keep in mind that all the IP addresses that will be moved
must be free in the target subnet. If an IP being moved collides with an existing IP address in the
target space, an error message will alert you in the report and stop the procedure.

To move addresses to another space

1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another space.
3. In the menu, select Edit > Migrate to another space. The Addresses migration wizard opens.
4. In the Target space drop-down list, select a space.
5. Click on OK to commit the modifications. The report opens and closes. The list is visible
again, display the addresses of the target space to see your addresses listed.

Spreading IP Addresses across the VLSM Hierarchy

If you reorganize the hierarchy and plan on adding sub-spaces, you might need to move subnets
from a top level space to a lower level of the hierarchy. In that case, the IP addresses must be
relocated to said sub-space. This operation could be performed by moving IP addresses from
one space to the other one as it is explained in the Relocating IP Addresses within a Subnet
section. However, you might have a lot of subnets to spread on multiple sub-spaces, and it would
take a long time to repeat the operation for each sub-space. SOLIDserver allows to automate
the IP addresses migration to the lowest subnets across the space hierarchy. Then the IP ad-
dresses will be spread on all the available subnets that can contain these IP addresses. That is
to say, a subnet at the lowest level of the hierarchy which start address can receive selected
addresses.

To spread IP addresses across the VLSM hierarchy

1. Go to the IPv4 All addresses list. For more details, see the procedure To list IPv4 addresses
through the IPAM home page.
2. Tick the IP address(es) you want to move to another space.
3. Tick the boxes to the left of the IP addresses which you intend to move IP address.
4. In the menu, select Tools > Expert > Move addresses to VLSM subnet. The Move VLSM IP
addresses wizard opens.
5. Click on OK to commit the migration. The report opens and closes. The addresses are listed
in the list but the space, block and subnet they belong to have changed.

Configuring IP Address Aliases

One IP address can have one unique FQDN that can be registered in the DNS. If additional
names are necessary, SOLIDserver allows to register them as IP aliases. There is no limitation
for the number of IP aliases that SOLIDserver can manage. If you configured the update of the
IP addresses in the DNS, the alias is usually a CNAME record created within the chosen domain
that can therefore resolve the IP address name in your DNS servers.

The alias creation can be done from a free IP address or from a used IP address. Your alias can
be named the way you want, its full name concatenates the name of one your existing domains

261
 Managing Addresses

to associate it with one your zones. Technically, the IP address alias can create either an A or
AAAA record in the DNS or a CNAME record.

The aliases configuration can be used to point a record toward an IP address within one zone
or toward an IP address saved in a different zone. Within the same zone, the IP address alias is
a CNAME record that follows the DNS standard use and points to an A/AAAA record. Among
two different zones, the name is crucial: the IP address shortname.domain1 creates an A record
of the zone domain1 and a CNAME record in the zone domain2 with the value shortname.domain2.
That way, your alias name links two of your zones.

The most commonly used aliases create CNAME records in the DNS but depending on the DNS
configuration you want to set, you might need to create A records.

To let users follow the procedures below you need to configure the IPAM to DNS default behaviors
so that the alias creation from the IP addresses can actually create records in the DNS. At subnet
level, or higher, you need to choose a DNS server, set a Domains list and tick the Update DNS
checkbox. Obviously, you can also set a default domain. For more details, refer the Default Be-
haviors chapter of this guide. That way, the addresses you configure with aliases all inherit the
behaviors and the records are successfully created in the DNS. Administrators simply need to
display the All behaviors mode and set these options to successfully create records in the DNS.

To configure an alias on a free IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
5. Click on OK . The wizard opens.
6. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
7. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. In the Shortname field, name the IP address.
9. In the Domain drop-down list, select one of the available zones (the list depends on the
zones selected during the subnet configuration).
10. In the Mode drop-down list, select All behaviors and make sure that the DNS server para-
meter selected is All.
11. Click on NEXT . The Aliases configuration page opens.
12. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
13. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
14. In the Type drop-down list, select CNAME, A or AAAA. By default, CNAME is selected.
15. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many aliases
as you need. In the list, each alias is listed as follows: <full-alias-name> (<record-type>).
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

262
 Managing Addresses

To configure an alias on a used IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list to display only the used addresses if need be. For instance, use the Info Bar
button over the Used status.
5. At the end of the line of the IP address of your choice, click on . The properties page opens.
6. Next to the Logout button, click on the expand all icon to open all the panels and have a look
at the Aliases panel.
7. In the Main properties panel, click on EDIT . The wizard opens.
8. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
9. Click on NEXT . The Aliases configuration page opens.
10. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
11. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
12. In the Type drop-down list, select CNAME, A or AAAA. By default, CNAME is selected.
13. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many aliases
as you need. In the list, each alias is listed as follows: <full-alias-name> (<record-type>).
14. Click on OK to commit your creation. The report opens and closes. The Aliases list you just
set is visible in the Aliases panel.

To edit an IP address alias

1. Go to the properties page of the IP address of your choice. For more details, see the proced-
ure To display an IP address properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
4. Click on NEXT . The Aliases configuration page opens.
5. In the Aliases list field, select the alias you want to edit. The alias details are displayed in
each of the relevant fields.
6. Make the changes you need.
7. Click on UPDATE . The alias is edited and listed in the Aliases list.
8. Click on OK to commit the alias edition. The report opens and closes. The properties page
is visible again, in the Aliases panel, the aliases list has been edited.

263
 Managing Addresses

To remove an alias from an IP address

1. Go to the properties page of the IP address of your choice. For more details, see the proced-
ure To display an IP address properties page.
2. In the Main properties panel, click on EDIT . The wizard opens.
3. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.
4. Click on NEXT . The Aliases configuration page opens.
5. In the Aliases list field, select the alias you want to remove and click on DELETE . The alias
is not longer listed.
6. Click on OK to commit the alias deletion. The report opens and closes. The properties page
is visible again, in the Aliases panel, the alias is no longer listed.

Keep in mind that editing an alias is not possible, you will need to delete the one you want to
modify and create a new one to replace it.

Configuring Multiple A Records for an IP Address

With version 5.0.3 SOLIDserver provides the possibility to create several A records for one IP
address from the IPAM module. That way, one IP address can have several aliases in the DNS,
this can be especially useful when configuring load balancing and round robin. For more details,
refer to the Load Balancing and Round Robin section of this guide.

We strongly recommend against configuring your DNS with one IP address associated
with a set of A aliases. Indeed, a proper configuration of your DNS implies that one name zone
is configured with a reverse zone which allows DNS clients to query your domain through its
name on the one hand and its IP address on the other. In this configuration, DNS best practices
advise to create a PTR record in the reverse zone for each A record of the name zone to make
sure the domain or sub-domain is accessible through its name and IP address. If your name zone
contains several A records with the same value, your reverse zone should contain as many PTR
record. These records would all be named after the same IP address (the value of the A records).
In this case, the reverse zone would contain several PTR records with the same name pointing
to different domains. Therefore querying this IP address to get the corresponding domain or sub-
domain is impossible: the server cannot know which hostname to send when answering the DNS
clients query. To make sure that a domain can be accessed through its name and IP address,
there should be one PTR record in the reverse zone for each A record of the name zone. If you
need to provide an alias, you should add a CNAME record pointing to the A record in the master
zone. For more details, refer to the Adding an A record, Adding a AAAA Record, Adding a PTR
Record and the Adding a CNAME Record sections of this guide.

To let users follow the procedures below you need to configure the IPAM to DNS default behaviors
so that the alias creation from the IP addresses can actually create records in the DNS. At subnet
level, or higher, you need to choose a DNS server, set a Domains list and tick the Update DNS
checkbox. Obviously, you can also set a default domain. For more details, refer the Default Be-
haviors chapter of this guide. That way, the addresses you configure with aliases all inherit the
behaviors and the records are successfully created in the DNS. Administrators simply need to
display the All behaviors mode and set these options to successfully create records in the DNS.

Keep in mind that if you configuration is not properly set in the IPAM, the A/AAAA records are
not created in the DNS and no error message is displayed in the DNS.

264
 Managing Addresses

To create several A/AAAA records when assigning an IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
5. Click on OK . The wizard opens.
6. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None.
7. Click on NEXT . The Add an IPv4 address or the Add an IPv6 address page opens.
8. In the Shortname field, name the IP address.
9. In the Domain drop-down list, select one of the available zones (the list depends on the
zones selected during the subnet configuration).
10. In the Mode drop-down list, select All behaviors and make sure that the DNS server para-
meter selected is All.
11. Click on NEXT . The Aliases configuration page opens.
12. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
13. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
14. In the Type drop-down list, select A or AAAA.
15. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many A record
aliases as you need. In the list, each alias is listed as follows: <full-alias-name> (A) or <full-
alias-name> (AAAA).
16. Click on OK to commit your creation. The report opens and closes. The address is listed,
you might need to filter to see it.

To create several A/AAAA records for an assigned IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Filter the list to display only the used addresses if need be. For instance, use the Info Bar
button over the Used status.
5. At the end of the line of the IP address of your choice, click on . The properties page opens.
6. Next to the Logout button, click on the expand all icon to open all the panels and have a look
at the Aliases panel.
7. In the Main properties panel, click on EDIT . The wizard opens.
8. If you or your administrator created classes, the IP address class page appears. Select the
class you want to apply to this block or select None. The Edit an IPv4 address or the Edit
IPv6 address wizard opens.

265
 Managing Addresses

9. Click on NEXT . The Aliases configuration page opens.

10. In the Name field, name your alias. Its name must be different that the IP address, especially
if they share the same domain.
11. In the Domain drop-down list, select an existing domain or None. The alias full name is dis-
played in the Alias field following the format: name.domain.
12. In the Type drop-down list, select A or AAAA.
13. Click on ADD to move your alias to the Aliases list. Repeat these actions for as many A record
aliases as you need. In the list, each alias is listed as follows: <full-alias-name> (A) or <full-
alias-name> (AAAA).
14. Click on OK to commit your creation. The report opens and closes. The Aliases list you just
set is visible in the Aliases panel.

To edit or remove your A and AAAA record aliases, refer to the procedures To edit an IP address
alias and To remove an alias from an IP address in the Configuring IP Address Aliases section
above.

Pinging an IP Address
From the IPAM module, you can ping IP addresses to check if the host they are associated with
is responding.

The report can display the following messages:

• Notice Ping OK (IP address).

The corresponding host was found and responded to the ping.

• Error Ping Timeout (IP address).

The corresponding host did not respond to the ping. It could mean a number of things, the host
is nor running, is an a different network, is configured not to respond to the ping utility...

To ping one or several IP addresses

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the IP Address(es) you want to ping.
5. In the menu, select Tools > Ping. The Pinging IP addresses wizard opens.
6. Click on OK to perform the ping. The report opens and displays the results.
7. In the Export format section, you can click on TEXT , HTML or EXCEL to export the result in the
corresponding format. Even if you do not download the report, it is available in the Reports
window next to the Global search field.
8. Click on CLOSE to close the wizard.

266
 Managing Addresses

Deleting an IP Address
At the All addresses level, deleting an address will in fact frees it. Even though it is not listed
anymore, you can assign it again by search or manually. Note that as deleting an address releases
it, it is impossible to delete free addresses.

In the following procedure, the deletion is made from the All addresses list but you can of course
follow the steps in the IP addresses list of a specific pool, subnet, block or space.

To delete one or several IP addresses

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the address(es) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. Selected addresses are
no longer listed.

Updating Device Manager with IP Addresses

From the All addresses list, there are two ways of updating Device Manager with IPAM addresses.
First, you can tick a set of used IP addresses and populate Device Manager. Second, with version
5.0.2+, you can edit Device Manager when adding free IP address.

Populating Device Manager

From the All addresses list, you can select assigned addresses and populate Device Manager.
That is to say, create devices and interfaces using your IP addresses. Each device will be created
using the IP address name from anywhere in the IPAM network. These devices will contain a set
of interfaces using each IP address and MAC address.

So, for instance, if you select all the used IP addresses of the All addresses list both in IPv4 and
IPv6 and use the Populate Device Manager option, one device will gather all the gateway ad-
dresses of your network and be named Gateway if you kept the default gateway address name.
This device will contain as many interfaces as there are gateway addresses on your network,
each interface will have an IP address (IPv4 or IPv6) and a MAC address.

For more details, refer to the Automatically Add Devices from the IPAM Module section of the
Managing devices of this guide.

Editing Device Manager from the All Addresses Page

Since version 5.0.2, when adding an IP address you can use the default behaviors to allow users
to:

• create devices,
• associate an IP address with an existing device,
• modify the topology links between devices.

267
 Managing Addresses

For more details, refer to the Adding Devices from the IPAM Module section of the Managing
devices of this guide.

268
Chapter 19. Setting Up a Transition From
IPv4 to IPv6
With version 5.0.3 SOLIDserver introduces a semi-automated way to transition from IPv4 to IPv6
when creating IPv4 objects. You can now link the IPv4 blocks, subnets or addresses you create
with existing IPv6 blocks, subnets or addresses as long as they belong to the same space. That
way, the day you stop using IPv4 addressing, your network is already configured with IPv6.

The transition options are managed like the default behaviors: you need to configure and then
activate them.

Transition Specificities
1. The options set and activated at space, block or subnet level are inherited by all the objects
you create within said objects after the configuration is applied.
2. At block level, if the transition options are configured and activated:

- The transition to IPv6 can be set when adding or editing IPv4 blocks.

- The transition can only be set with existing IPv6 blocks: the transition options do not create
blocks in IPv6.
3. At subnet level, if the transition options are configured and activated:

- You must specify an existing block address to set up the transition. Unless your subnet belongs
to a block already configured with the transition, in which case the field displays the IPv6 block
address.

- Adding or editing an IPv4 subnet automatically creates the appropriate IPv6 subnet within
the specified block.

- The IPv6 subnet created is named after the IPv4 subnet.

4. At IP address level, if the transition options are configured and activated:

- You can create IPv6 addresses from the IP4 All addresses page only if the transition options
have been configured and applied at subnet level.

- You can choose the IPv6 address creation behavior.

- Adding or editing an IPv4 address creates the corresponding IPv6. The IPv6 address is
named after the IPv4 address, has the same MAC address, device and class parameters.
5. If you edit an IPv4 subnet already configured with a VLAN to set the transition to IPv6, the
IPv6 corresponding subnet inherits the IPAM/VLAN interaction settings: both subnets then
belong to the VLAN.

Limitations
• The transition can only be set within one space: you cannot create IPv4 subnets in one space
and expect to link them with IPv6 subnets that belong to another space.

269
 Setting Up a Transition From IPv4
to IPv6

• If you set the transition parameters on an existing organization, they are not inherited and have
to be set applied one object at a time.
• The transition options are not default behaviors and therefore cannot be propagated.
• At block level, the transition can only be configured and activated with existing IPv6 blocks.
The transition options do not create blocks in IPv6 but simply link IPv4 blocks with the existing
IPv6 blocks.
• The default behaviors set in IPv4 are not inherited by the corresponding IPv6 objects.
• At pool level, the transition options are not available.
• If your create an object in IPv4 and its corresponding in IPv6 overlaps existing objects, only
the IPv4 object is created.
• Deleting an IPv4 object linked to an IPv6 object does not delete the corresponding IPv6 object.

Configuring the IPv4 to IPv6 Transition

The transition has to be configured through the default behaviors configuration wizard before
being applied. The option is managed in two different ways: container management versus final
object management. In other words, there is common procedure for the spaces, blocks and
subnet and a particular transition configuration for the addresses.

Configuring the Transition at Space, Block or Subnet Level

The transition configuration is the same at space, block and subnet level: you need to tick the
Display the IPv4 to IPv6 transition fields checkbox to be able to apply the transition on every
object.

To configure IPv4 to IPv6 transition default behaviors at space, block or subnet

level

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces, Blocks or Subnets icon. The corresponding list opens.
3. On the All blocks and All subnets page, next to the Logout button, make sure the IP4 button
is blue.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. Tick the Display the IPv4 to IPv6 transition fields.
6. Click on OK to commit the configuration. The report opens and closes. The list is visible
again. Your configuration is now available in the addition and edition wizards.

Once the default behavior is configured, you can apply it when adding or editing your spaces,
IPv4 blocks and IPv4 subnets.

Configuring the Transition at IP Address Level

At IP address level, the transition option offer three ways of creating the IPv6 addresses:

1. Offset allows to convert in hexadecimal the last byte of the IPv4 address and use it at the end
of an IPv6 address it corresponds to in the selected IPv6 subnet.

270
 Setting Up a Transition From IPv4
to IPv6

2. Injection allows to convert in hexadecimal the whole IPv4 address and use it at the end of an
IPv6 address it corresponds to in the selected IPv6 subnet.
3. First IP address available allows to assign the first available IPv6 address in the selected
subnet.

To configure IPv4 to IPv6 transition default behaviors at level

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPv4 addresses transition to IPv6 policy drop-down list, select Offset, Injection or First
IP address available.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the Add/Edit an IPv4 address
wizards.

Activating the IPv4 to IPv6 Transition

Once the option has been configured, you can activate it at every level of the IPAM hierarchy,
except at pool level.

In the procedures below, the procedures use the inheritance from space to block, block to subnet
and subnet to address. And create them one after the other. But each procedure can be used
when editing the objects as long as you configured the option through the Setting menu.

The configuration details are displayed on the IPv4 and IPv6 objects properties page.

Activating the Transition at Space Level

At space level, you can configure and apply t he transition options. This does not create any IPv6
object but sets the existing IPv6 blocks of your choice for the transition. The options you set at
this level are inherited by the IPv4 blocks you create in your space.

To activate the IPv4 to IPv6 transition when creating a space

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Space. The Add a space wizard opens
4. If you or your administrator created classes at the space level, the Space class page opens.
In the Space class list select the class you want to apply to this block or select None.

Click on NEXT . The next page of the wizard appears.

5. In the Space name field, type in the name of the space.
6. In the Description field, you can type in a description of the space.
7. Tick the Activate the IPv4 to IPv6 transition. The IPv6 block field appears.

271
 Setting Up a Transition From IPv4
to IPv6

8. In the IPv6 block field, type in the beginning of the IPv6 block address where the subnets
and addresses of your space are created. The value set in this field must not exceed the 2
first bytes of the existing IPv6 block. You cannot use the semi-colon (:) twice.
9. Click on NEXT . The last page of the wizard appears.
10. Click on OK to commit the configuration. The report opens and closes. The All spaces list
appears. Your configuration is now available in the Add/Edit a Space wizards along with the
Configurable behaviors value in the Mode field.

Once the option is configured, the IPv4 blocks, subnets and addresses you create within your
block inherit this option.You can untick the Activate the IPv4 to IPv6 transition if you do not want
to set a transition for some of your objects.

The space properties page indicates that if the transition is activated or not in the Default beha-
vior properties panel.

Activating the Transition at Block Level

At block level, the transition settings applied at space level are inherited automatically by the
IPv4 blocks. When creating a block, the settings are displayed and taken into account automat-
ically. You can untick the Activate the IPv4 to IPv6 transition checkbox if you do not want to set
the transition for a particular block.

To set the transition for existing IPv4 blocks, you need to tick the Activate the IPv4 to IPv6
transition checkbox when you edit them.

To activate the IPv4 to IPv6 transition when creating a block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space you applied the transition options to. The All blocks list of
the space opens.
4. Next to the Logout button, make sure the IP4 button is blue.
5. In the menu, select Add > Block. The Space selection wizard page appears.
6. In the Choose a space list, select the space in which you want to add the block. Click on
NEXT . The next page of the wizard appears.

7. If you or your administrator created classes at the block level, the Block class page opens.
In the Block class list select the class you want to apply to this block or select None.

Click on NEXT . The next page of the wizard appears.

8. In the Block Name field, name the block.
9. In the Description field, you can type in a description.
10. In the Block address field, type in the start address. The Netmask and Prefix drop-down list
are automatically filled. As they work together, if you edit the netmask, the prefix is automat-
ically changed as well.
11. In the IPAM properties section, the Activate the IPv4 to IPv6 transition checkbox is ticked.
Untick the checkbox if you do not want to set the transition.
12. The IPv6 block field displays the block set at space level. You can edit it if need be as long
as the bytes entered in the field correspond to an existing IPv6 block.

272
 Setting Up a Transition From IPv4
to IPv6

13. Click on OK to commit the addition. The report opens and closes. The block is listed. In IPv6,
the block is created as well and shares the same name.

On both blocks properties page you can display the details of the configuration in the Default
behavior properties panel.

Activating the Transition at Subnet Level

At subnet level, the transition settings applied at block level are inherited automatically by the
IPv4 subnets.

When creating a subnet, whether terminal and non-terminal, the settings are displayed and taken
into account automatically. You can untick the Activate the IPv4 to IPv6 transition checkbox if
you do not want to set the transition for a particular subnet.

To set the transition for existing IPv4 subnets, you need to tick the Activate the IPv4 to IPv6
transition checkbox when you edit them.

The procedure below applies the transition options when manually adding a subnet. You can
obviously apply them when using the By search creation option.

To activate the IPv4 to IPv6 transition when creating a subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The IP4 All blocks list opens.
3. Filter the list if need be.
4. Click on the name of the block you applied the transition options to. The All subnets list of
the block opens.
5. In the menu, select Add > Subnet > Manual.
6. If you or your administrator created classes at the subnet level, the Subnet class page opens.
In the Subnet class list select the class you want to apply to this block or select No class.
Click on NEXT . The Add an IPv4 subnet page opens.
7. Fill in the subnet settings.

Table 19.1. IPv4 Subnet Parameters

Fields Description
Subnet name In this field, name the subnet.
Address In this field, type in the subnet IP address.
Netmask In this drop-down list, select the mask applicable for the addresses
in this subnet. The corresponding prefix is automatically selected in
the next field.
Prefix In this drop-down list, select the number of bits reserved for the ad-
dress portion of the subnet. If you select a prefix, the netmask will
be automatically selected to match it in the previous field.
Terminal subnet This checkbox indicates of the subnet is terminal or not. If not, you
can create other subnet within the subnet once you created it. By
default, the box is ticked.
Gateway This field displays the subnet getaway address.

273
 Setting Up a Transition From IPv4
to IPv6

8. The Activate the IPv4 to IPv6 transition checkbox is ticked. Untick the checkbox if you do
not want to set the transition.
9. The IPv6 block field displays the block set at space or block level. You can edit it if need be
as long as the bytes entered in the field correspond to an existing IPv6 block.
10. The IPv6 subnet field displays in gray the IPv6 subnet and prefix that is created along with
the IPv4 subnet.
11. For more details regarding an IPv4 subnet configuration, refer to the Adding Subnets section
of this guide.
12. Click on OK to commit your creation. The report opens and closes. The subnet is listed. In
IPv6, the subnet is created as well and shares the same name.

On both subnets properties page you can display the details of the configuration in the Default
behavior properties panel.

Activating the Transition at IP Address Level

At address level, every configuration made is inherited.

To activate the IPv4 to IPv6 transition when assigning an IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The IP4 All subnets list opens.
3. Filter the list if need be.
4. Click on the subnet name you applied the transition options to. The All addresses page of
the subnet appears.
5. Click on the available IP address of your choice. The pop up window This address is free,
do you want to assign it? opens.
6. Click on OK . The wizard opens.
7. If you or the administrator created classes at the IP addresses level, the IP address class
page opens. Select a class or None. Click on NEXT . The Add an IPv4 address opens.
8. In the MAC address field, you can type in the MAC address of your choice. The IPv6 address
is also linked to this MAC address.
9. In the Corresponding IPV6 address field, the IPv6 address is displayed in grey. This IP ad-
dress depends on the transition you set in the default behavior configuration wizard. For
more details, refer to the section Configuring the Transition at IP Address Level above.
10. In the Shortname field, name the IP address. The IPv6 address is named the same. The IP
address name field displays the shortname you typed in.
11. For more details regarding an IP address configuration, refer to the Adding an IP Address
section of this guide.
12. Click on NEXT, the last page of the wizard opens.
13. Click on OK to commit your creation. The report opens and closes. The address is listed. In
IPv6, the address is created as well, it has the same name and MAC address.

On both IP addresses properties page you can display the details of the configuration in the Default
behavior properties panel.

274
Chapter 20. Managing IPAM Templates
The IPAM template mode allows to create fully preconfigured IPAM structures that can be asso-
ciated to specific template classes. Such a class can then be used to automatically create the
said structure upon addition of a new IPAM resource.

For instance, you can create a block template containing 3 subnets with 3 pools and associate
it to a template class. Selecting this class when adding a new block will overwrite the block name
and automatically create the related child objects with the corresponding names, sizes and or-
ganization. The IP addresses specified for the block template will not be literally applied on the
new resources, thus allowing to use the same template for different blocks. They are rather used
to organize the subnets and pools and keep the defined offsets between them.

Note
The prefix of a template is not applied to the newly created object, still it must be
small enough to contain the template structure.

Creating Template Classes in Class Studio

To use personalized IPv4 templates, you need to create a class that will be applied to the IPAM
object of your choice.

You need to create a template class for as many elements as you want to use. Therefore, if you
need two different templates at the blocks level to set up two blocks configuration, you will need
to create two different template classes. The same logic applies for the subnets and for the pools.
If you have many templates, creating sub directories might come in handy. Note that the classes
will be named as follow: sub-directory-name/class-name and be listed in the class list of the IPAM
module as such: sub-directory-name/class-name [template].

To create an IPAM template class

1. Create a class.

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the Customization section, click on the Class Studio icon. The Class Studio page
opens.
c. In the menu, select Add > Class. The Add a new class wizard opens.
d. In the Filename field, name the class.

Tip
Considering that the class will be configured as a template you do not need
to use the word "template" in the Filename field, the fact that this class is
a template will be mentioned.

e. In the Sub directory, you can type in a directory name, it will be created and contain
the class you are adding. You will need to type in the full name of this directory to add
other classes in it.

275
 Managing IPAM Templates

f. In the Module drop-down list, select IPAM.

g. In the Type drop-down list, select either Block, Pool or Subnet. Any other element listed
cannot be set as a template class.
h. In the Enable class section, tick the box.
i. Click on OK to commit the creation. The report opens and closes. The class is now listed
on the page among the IPAM module classes and marked Enabled in the Status column.

2. Enable the class as a template:

a. In the Class Studio list, tick the newly created class.

b. In the menu, select Tools > Enable class as Template. The Add template wizard opens.
c. Click on OK to commit the configuration. The report opens and closes. The class is
marked yes in the template column.

You can rename or modify the type of resource for a template class once it has been created as
long as you are not using it already. For more details, refer to the chapter Class Studio.

Creating Templates in the IPAM

Thanks to the template mode, you have the possibility to create templates at every containing
level of the IPAM module in IPv4. Keep in mind that the space template is merely a templates
container: you cannot apply a class template at the space level in template mode, but you need
the space template to create all the other templates. In the same way, you need a block template
to create a subnet template and you need a subnet template to create a pool template. To make
these templates eligible during the addition of any block, subnet or pool in Normal mode, you will
simply need to apply the appropriate class during the different templates creation in Template
mode.

Considering that the IPAM hierarchy needs to be respected to the letter in Template mode, even
if you only need a template to create subnets, you will need to create a space in which you create
a block, in which you create a subnet associated with a class to be able to use the subnet template
of you choice in Normal mode.

Before going further, let us remind you of some key information regarding the templates:

• You cannot apply templates at the space level. Space template are only here to store the other
templates.
• You cannot apply templates at the addresses level. However, if you assign addresses belonging
to a block template, subnet template or pool template, they will be assigned as well in normal
mode once the template is applied.
• The template of an element created in Template mode not associated with any class cannot
be used in Normal mode.
• You can create a whole hierarchy in template mode but if you only associate one object (e.g.
a subnet) with the appropriate class template: only this template will be available in Normal
mode.
• The start address of a template is overwritten by the address you choose in normal mode: it
is only used to define the general size parameters of the block, subnet or pool template.
• Even in Template mode you cannot overlap addresses even though you might associate only
a few elements with a class to used them as templates in normal mode.

276
 Managing IPAM Templates

• A block template associated with an enabled template class will allow you to create a block.
This block will have the same name and properties as the block template, the same subnets,
the same pools and the same assigned addresses.
• A subnet template associated with an enabled template class will allow you to create a subnet.
This subnet will have the same name and properties as the subnet template, the same pools
and the same assigned addresses.
• A pool template associated with an enabled template class will allow you to create a pool. This
pool will have the same name and properties as the pool template and the same assigned
addresses.

Creating a Space Template

If you want to apply templates at the blocks, subnets or pool level, you need to integrate your
templates into a space template. You can create several space templates but all the block/sub-
net/pool templates can be part of a common space template.

Like any space, a space in template mode can have a particular behavior configuration regarding
the DNS and DHCP modules. These behaviors will be inherited by the blocks, subnets and pools
that you create in template mode. Considering that you cannot associate the space templates
with a class template, you will need to set the exact same parameters to your space in normal
mode before using the configured block, subnet or pool templates.

To create a space in template mode

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: the
breadcrumb indicates that you are still in the All spaces list, however a red message
under the menu indicates that you are in template mode.

2. Create a space template.

a. In the menu, select Add > Space. The Add a space wizard opens.
b. In the Space name field, name the space.

Caution
You cannot give the same name to a space in normal mode and to a space
in template mode.

c. In the Description field, you can type in a description of the space.

d. Fill in the default behaviors fields according to the table below:

Table 20.1. Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavi- This option is selected by default in the Mode drop-down list and
or displays all the fields and options that have been ticked in the

277
 Managing IPAM Templates

Fields Description
Default behavior wizard at the server level. For more details, refer
to the IPAM section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options
that can be ticked in the Default behavior wizard. For more details,
refer to the IPAM section of the Default Behaviors chapter of this
guide.

e. Click on NEXT . The next page of the wizard appears.

f. In the VLSM parent space list, select None.
g. Click on OK to commit the configuration. The report opens and closes. The new space
is listed.

Once your space template is created, you can create the objects it contains. Keep in mind that
in Template mode, you need to follow the IPAM hierarchy: the orphan subnets and orphan ad-
dresses containers do not exist.

Creating a Block Template

The procedure to create templates is the same at every level of the IPAM hierarchy. So once
you created a space template you will be able to create block templates in it.

If you intend to use a block as template, do not forget to create the corresponding template class
in Class Studio. See the section Creating Template Classes above for more details.

In the following procedures we will explain how to create blocks within a template space; however
you can also create it in the All blocks list in template mode, you will simply need to specify the
space to which the block belongs. Keep in mind that even in template mode, the overlap is not
tolerated. The procedure below details how to create a block in template mode. This block will
not be used as a template in normal mode. In this block you will be however be able to create
subnet and/or pool templates.

To create a block in template mode

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.

2. Create a block template.

a. Click on the name of the space template of your choice to display its blocks.
b. In the menu, select Add > Block. The Block class wizard opens.
c. If you want to create a block template, select None and click on NEXT . The Add an IPv4
Block page appears.
d. In the Block Name field, name the block.

278
 Managing IPAM Templates

e. In the Description field, you can type in a description.

f. In the Block address field, type in the start address.
g. Select a Netmask or a Prefix in either drop-down list. The netmask you choose will
automatically modify the prefix and vice versa. The result of these modifications is visible
in the Comment field.
h. Optional fields could appear depending on the default behavior configured by your ad-
ministrator at the space level. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
i. Click on OK to commit the addition. The report opens and closes. The block is listed.

The procedure below explains how to create a block template. Keep in mind that any element
added in the block are going to be part of the block template. So you do not need to associate
any of the them with a class template.

To create a block template

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.

2. Create a block template.

a. Click on the name of the space template of your choice to display its blocks.Click on
the name of the space template of your choice to display its blocks.
b. In the menu, select Add > Block. The Block class wizard opens.
c. Select the block related class template of your choice in the list (it will look like your-
template-name [template] or your-sub-directory/your-template-name [template]) and
click on NEXT . The Add an IPv4 Block page appears.

Note
If do not want to create a block template but rather a subnet or pool template,
select None in the Block class list.

d. In the Block Name field, name the block.

e. In the Block address field, type in the start address.
f. Select a Netmask or a Prefix in either drop-down list. The netmask you choose will
automatically modify the prefix and vice versa. The result of these modifications is visible
in the Comment field.
g. Optional fields could appear depending on the default behavior configured by your ad-
ministrator at the space level. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
h. Click on OK to commit the addition. The report opens and closes. The block is listed.

279
 Managing IPAM Templates

Creating a Subnet Template

Once you created a block template you will be able to create subnet templates in it.

If you intend to use a subnet as template, do not forget to create the corresponding template
class in Class Studio. See the section Creating Template Classes above for more details.

In the following procedure we will explain how to create subnets within a block template using
the By search option; however you can also create it in the All subnets list in template mode, you
will simply need to specify the space, block to which the subnet belongs and start address. The
created subnet(s) through this procedure will be part of the block template. Keep in mind that
even in template mode, the overlap is not tolerated.

To create a subnet in a block template

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.

2. Create a subnet template.

a. Click on the name of the block template of your choice to display its subnets.
b. In the menu, select Add > Subnet > By search. The Subnet class wizard opens.
c. Select None and click on NEXT . The Subnet size page appears.
d. Select a Subnet search size, a Prefix or a Netmask, the two other fields will be modified
and set according to what you selected in one of these fields.
e. Click on NEXT . The Search result page opens.
f. In the Subnet address list, select the start address of your choice.
g. Click on NEXT . The Add an IPv4 subnet opens.
h. In the Subnet name field, name your subnet.
i. In the Terminal subnet section, you can untick the box if you want your subnet no be
non terminal.
j. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
k. Click on OK to commit your addition. The report opens and closes. The subnet is listed.

At the subnet level, you can create a subnet template. It can belong to a block created in template
mode or to a block template i.e a block created in template and associated with a class template.

To create a subnet template

1. Display the template mode.

280
 Managing IPAM Templates

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.

2. Create a subnet template.

a. Click on the name of the block of your choice to display its subnets.
b. In the menu, select Add > Subnet > By search. The Block subnet wizard opens.
c. If you want a create a subnet template, select the subnet template you created in the
list (it will look like your-template-name [template] or your-sub-directory/your-template-
name [template]) and click on NEXT . The Add an IPv4 Block page appears.
d. Select the subnet related class template of your choice in the list (it will look like your-
template-name [template] or your-sub-directory/your-template-name [template]) and
click on NEXT . The Subnet size page appears.
e. Select a Subnet search size, Prefix or Netmask, the two other fields will be modified
and set according to what you selected in one of these fields.
f. Click on NEXT . The Search result page opens.
g. In the Subnet address list, select the start address of your choice.
h. Click on NEXT . The Add an IPv4 subnet opens.
i. In the Subnet name field, name your subnet.
j. In the Terminal subnet section, you can untick the box if you want your subnet no be
non terminal.
k. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
l. Click on OK to commit your addition. The report opens and closes. The subnet is listed.

If you do not need pools, you can go to the Applying a Template section below.

Do not hesitate to assign addresses within the subnet templates, they will be automatically as-
signed in normal mode when the template is used.

Creating a Pool Template

Just like subnet templates, pool templates can be part of a subnet created in template mode or
to a subnet template. As all the configuration is inherited at that level as well, if you create a pool
within a subnet belonging to a block that has a particular behavior configuration, you will not need
to configure the pool behavior again. But you can modify from the pool level, this modification
makes sense if the pool is the only object associated with a class template.

If you intend to use a pool as template, do not forget to create the corresponding template class
in Class Studio. See the section Creating Template Classes above for more details.

In the following procedure we will explain how to create pools within a template subnet however,
you can also create it in the All pools or All addresses list in template mode. You will simply need
to specify the space, block and subnet to which the pool belongs.

281
 Managing IPAM Templates

To create a pool in a block or subnet template

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Blocks icon. The All blocks list opens.
c. Click on the Blocks or Subnets icon. The corresponding list opens.
d. In the menu, select Display > Template mode. The list opens in template mode: in the
breadcrumb you are still in the same list, however a red message under the menu indic-
ates that you are in template mode.

2. Create a pool template.

a. Click on the name of the block template or subnet template of your choice to display its
content. In the breadcrumb, click on All addresses to display the addresses and existing
pools.
b. In the menu, select Add > Pool. The IP pool class page of the wizard opens.
c. Select None and click on NEXT . The Add an IPv4 pool page appears.
d. In the Pool name field, name your pool.
e. In the Pool read only section, tick the box if you want all the addresses the pool contains
to be reserved.
f. In the Start address field, the first address of the selected subnet is automatically pro-
posed. Modify it if need be.
g. In the End address field, the last address of the selected subnet is automatically pro-
posed. Modify it if need be, it will modify the size field. If you modify the Size, the last
address will automatically be modified.
h. In the Size field, enter the number of addresses you want in the pool. If you do not type
in anything, the number will be calculated according to the start and end addresses.
i. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
j. Click on OK to commit your addition. The report opens and closes. The pool is listed in
the Pool column next to the addresses it contains.

At the pool level, you can create pool templates as well, within a subnet template or within a
subnet created in template mode.

To create a pool template

1. Display the template mode.

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. In the menu, select Display > Template mode. The list of spaces template opens: in the
breadcrumb you are still in the All spaces list, however a red message under the menu
indicates that you are in template mode.

282
 Managing IPAM Templates

2. Create a pool template.

a. Click on the name of the block template or subnet template of your choice to display its
content. In the breadcrumb, click on All addresses to display the addresses and existing
pools.
b. In the menu, select Add > Pool. The IP pool class page of the wizard opens.
c. Select the pool template you created in the list (it will look like your-template-name
[template] or your-sub-directory/your-template-name [template]) and click on NEXT . The
Add an IPv4 pool page appears.
d. In the Pool name field, name your pool.
e. In the Pool read only section, tick the box if you want all the addresses the pool contains
to be reserved.
f. In the Start address field, the first address of the selected subnet is automatically pro-
posed. Modify it if need be.
g. In the End address field, the last address of the selected subnet is automatically pro-
posed. Modify it if need be, it will modify the size field. If you modify the Size, the last
address will automatically be modified.
h. In the Size field, enter the number of addresses you want in the pool. If you do not type
in anything, the number will be calculated according to the start and end addresses.
i. In the Mode section, you can select All behaviors and modify the DNS and DHCP beha-
viors according to your needs. For more details, refer to the IPAM section of the Default
Behaviors chapter of this guide.
j. Click on OK to commit your addition. The report opens and closes. The pool is listed in
the Pool column next to the addresses it contains.

Do not hesitate to assign addresses within the pool templates, they will be automatically assigned
when the template is used.

Once you created all the spaces, blocks, subnets and pools that you need in template mode, you
can use your template(s) in normal mode.

Applying a Template
To apply the templates in normal mode you simply need to select your templates classes when
creating block, subnets and pools.

Considering that these classes cannot be configured at the space level, if you create a block,
subnet or pool template with a specific configuration of behaviors, you will need to create a space
in normal mode with the same configuration than the space containing your template in template
mode. That way, once you add the blocks, subnets or pools using the class template the config-
uration will be created without any problem.

283
 Managing IPAM Templates

Example 20.1. Creating a space before using a template with a specific configuration of behaviors

If you created a block template in template mode that automatically creates DHCP statics when
you assign an IP address. You have to make sure that in normal mode, the space this block will
belong to has the DHCP parameters configured. If you created a space with the default behaviors
regarding DNS and DHCP, the specific configuration of your block template will not be applied
to the block you want to add using your template.

In normal mode, as the parameters are inherited by the objects contained, the space will overwrite
the default parameters rather than respect the parameters of your block/subnet/pool templates.
So, for instance, to implement the block template parameters when you create the space that
will contain a block template configured to update the DHCP, make sure that None is selected
in all the DNS properties drop-down lists and that the Update DNS checkbox in unticked. In the
same way, select a failover channel in the DHCP cluster drop-down list and tick the Create DHCP
static checkbox. See figure below.

Figure 20.1. Example of a space configuration that will allow the successful use of a template

Once your space is created respecting your templates needs configuration-wise, using the tem-
plates will be very easy. See the procedure below for more details.

Whatever template you plan on using, you should keep in mind the following:

• Templates use has some behavioral limitations

• When you create an element block, subnet or pool using a template, you need to name it in
the wizard but this name does not matter as it will be overwritten by the name that this element
(associated with the template class) has in template mode.

In normal mode, if you are creating a block named France using the block template france
associated with the block Paris created in template mode, the block you create in normal
mode will contain all the subnets paris contains in template mode but will be named paris
and not France like you wanted to name it in the wizard.
• You cannot rename a block, subnet or pool created using a template.
• When you define an address in the wizard (for a block, subnet or pool), this address is actually
used. The addresses used in template mode are only used to define the size.
• Block and subnet templates have some specificities
• When you are configuring the block or a subnet using a template, simply type in the start
address and make sure that the size proposed automatically is greater than the size of the

284
 Managing IPAM Templates

template. In other words, make sure the size proposed could contain the template, the tem-
plate class will do the rest.

For instance, if you are using a subnet template, type in the name and the start address, the
size proposed will go from the start address you typed in and the very last available of the
block that contains the block. If that this represents let say 512 addresses and your subnet
template sets up 128 addresses, do not modify anything as you subnet template size could
be contained in the subnet automatically calculated, only the first 128 addresses you need
will be included in the subnet.
• Pool templates have some specificities
• The pool template used alone is a great way to provision a subnet. All the assigned addresses
are saved and recreated.
• When you use a class template associated with a pool, you actually need in the wizard to
specify the right Size and tick or untick the Pool read only checkbox according to the template
configuration.

To illustrate the steps to follow to use the templates you created, we will go through the procedure
of using a block template. You simply need to select the appropriate class to use the template,
as long as the space in which you created it respects the same behaviors than the template.

To apply a template when creating blocks

Tip
The procedure below describes the use of the block template but you can apply it
for any kind of template. You need to select your class template at the right step of
the addition wizard: in the Block class list to use a block template, in the Subnet class
list to use a subnet template and in the Pool class list to use a pool template.

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. Click on the name of the space of your choice. The All blocks list of this space appears.
4. Next to the Logout button, make sure the IP4 icon is blue.
5. In the menu, select Add > Block. The wizard opens and displays the Block class page.
6. In the Block class list select the class template of your choice. It will look like your-template-
name [template] or your-sub-directory/your-template-name [template]
7. Click on NEXT . The Add an IPv4 Block page appears.
8. In the Block Name field, name the block. Whatever the name you type in the field, it will be
overwritten by the block template name.
9. In the Description field, you can type in a description.
10. In the Block address field, type in the start address.
11. Do not modify the Netmask and Prefix fields. By default, following the address you chose,
the biggest prefix possible is selected. If the size automatically selected can contain the ac-
tual size of your template block, it will automatically be changed and respect your template
configuration.
12. Optional fields could appear depending on the default behavior configured by your adminis-
trator at the space level. Modify the parameters if need be. If the space created fits the

285
 Managing IPAM Templates

configuration of the block template, the class will implement every detail you created in
template mode from the number of subnets and pools to the assigned IP addresses.
13. Click on OK to commit the addition. The report opens and closes. The block is listed, click
on its name, all the objects it contains have been created as well.

286
Chapter 21. Using VLSM to Manage Your
Network
Introduction
The Variable Length Subnet Masking (VLSM) is a technique that allows network administrators
to break down the IP address organization on different levels of spaces, blocks, subnets or pools
in IPv4 and IPv6. It can be used as a tool to delegate rights to the users. From the space level
you can use the IPAM hierarchy to modeling the organization of IP resources and increase its
capacity. Spaces allow to maintain several IP address plans that could be overlapped. As spaces
can be combined to map your organization, they can help network administrator (the superuser)
to delegate the IP address management per layer of space.

For instance, big blocks of IP address are defined as root entries at the top level of the space
hierarchy. Blocks of IP address stock can be chopped in several subnets to be allocated to sub
spaces. Then in these sub spaces, IP addresses could be chopped again in smaller subnets,
and so on, on other sub spaces or directly used as IP address unit to register a network device.

VLSM actually sets up an affiliation between two spaces and the objects they contain. The IPAM
hierarchy using VLSM introduces a parent >child dependency relationship between two spaces.
A child space is related to its parent space to which it is attached. We call them affiliated spaces.

space: parent
bloc

Space
filiation

space: child

Figure 21.1. Affiliated paces

The resources contained in the parent space can then be allotted to one of its child spaces. Once
these resources are defined in a parent space, they may not be modified from the child space.
When a subnet is added in a parent space, it may then be allocated to a child space. This subnet
will be created in the child space as a block.

space: parent
bloc

Space
filiation

space: child
bloc

Figure 21.2. Affiliated spaces - delegation of subnets

287
 Using VLSM to Manage Your Net-
work

This block may then be cut out in several subnets to be allocated as blocks with new spaces
"grandchildren ", and so on.

space: parent
bloc

Space
filiation

space: child
bloc

subnet

Figure 21.3. Affiliated spaces - delegation of subnets

This hierarchy makes it possible to obtain a coherent space unit where the resource administration
is governed by the dependent relationships created between these spaces. The consistency
check of resources and their uniformity are made between all affiliated spaces. Anything you
create in a parent is created in the child and vice versa. In the same way, anything you delete in
a parent is deleted in the child and vice versa.

SOLIDserver provides two different ways of implementing VLSM:

1) The manual implementation

The manual implementation of VLSM organizes spaces all throughout your network. You
can create spaces one by one and choose a VLSM parent space to connect it to. From then
on, in the parent space every non-terminal subnet becomes a block in the child space, the
subnets belonging to the non-terminal subnets are common to both spaces, and so are the
pools and assigned addresses. There is no limit to the number of spaces affiliated to one
another. Simply keep in mind that the non-terminal subnets in a parent space become blocks
for the child space right underneath it.

We recommend that you set up the affiliations between all spaces before creating blocks,
non-terminal subnets, subnets, etc. Indeed, if you already set up the VLSM between two
spaces up to the subnets and pools but realize that you will need a third space, you will not
be able to add it the organization of affiliated spaces.

Figure 21.4. Example of a manual VLSM organization at the space level

In the example above, each country has a separate space affiliated to the continent it belongs
to in order to organize the clients IP database. These spaces were created prior to creating
the blocks, subnets and pools that will shape the rest of the IP addresses organization.

288
 Using VLSM to Manage Your Net-
work

2) The semi-automated implementation

The semi-automated implementation of VLSM only includes subnets delegation as opposed
to spaces delegation with the manual technique. So when you create non-terminal subnets
in a space not affiliated to any other space and therefore distribute addresses on more than
one level you are implementing semi-automated VLSM. Indeed, principles of VLSM apply
the same way, but you do not need to set up anything before delegating your subnets which
is why we call it semi-automated VLSM. In reality, the fact that you made a subnet non-ter-
minal implies that this subnet could be a block in a child space. However, as there is no space
affiliated to the space you are working on, this lower space and the block that would come
with it do not need to be created.

Tip
To organize your network, you can combine the use of manual and semi-auto-
mated VLSM. However, it can go only one way: once you set up a manual VLSM
organization, you can use semi automated VLSM at the lowest space level. You
cannot set up a manual VLSM organization of spaces once you used non-terminal
subnets. Considering that the hierarchy of a semi-automated VLSM is actually
hidden to the user in the interface. Once you started organizing your network
with it, it is impossible to affiliate spaces manually.

Customizing your organization through VLSM also provides an easy way to delegate rights to
the users. Even though anything created at a lower level will be created in the parent spaces, it
allows to limit the visibility of the users only to what they need to see and manage.

Remember that both VLSM techniques can be used simultaneously in an organization or even
within a space. As long as they are set up properly: you can implement manual VLSM and then
use semi-automated at the lowest level of spaces; but you cannot use manual VLSM if you already
implemented a deep organization of subnets. In other words, you can use space delegation and
then subnets delegation but you cannot use subnets delegations and then set up a spaces del-
egation.

As for the import of VLSM organizations, you can actually import subnets VLSM organization at
once, for more details the chapter Importing Data in the Global Policies part of this guide.

VLSM Related Icons

SOLIDserver uses different icons to show the different levels of hierarchy of the spaces or which
subnets are non-terminal. These icons are:

Table 21.1. VLSM Related Icons in the IPAM Module

Icons Description
This dot located left of the space symbol in the All spaces list indicates that the
space is a level 2 space i.e. it is affiliated to another space.
These two dots, left of the space symbol in the All spaces list, indicate that the
space is a level 3 space i.e. i is affiliated to a space that is affiliated to another
space.
These three dots, left of the space symbol in the All spaces list indicate that the
space is a level 4 space i.e. it is affiliated to a level 3 space that is affiliated to a
level 2 space, affiliated to another space.

289
 Using VLSM to Manage Your Net-
work

Icons Description
This subnet icon indicates that the subnet is non-terminal i.e. using VLSM. This
icon is used in a space using semi-automated VLSM as well as in a space using
manual VLSM, in this case it is linked to a block of the child space.
This block icon indicates that the block is part of an affiliated space organization
in a level 2 space, or lower. It shows that the block is linked to a non-terminal
subnet in the parent space of your current space, they both share the same name
and size.

Managing Manual VLSM Organizations

Setting up a Manual Organization
As we saw earlier, we recommend that you create all the spaces affiliation hierarchy before cre-
ating the blocks and non-terminal subnets that will become the blocks of the child spaces et so
forth depending on the number of spaces you need.

Considering that the IPAM parameters configured at the space are inherited by the blocks, subnets,
and pools, you can configure your network using this feature at your advantage. If at the top level
space you decided to update a DNS server, your non-terminal subnets will update it as well.
Meaning that the blocks created in the level 2 space will be configured to update the DNS as
well. Therefore, if your level 2 space is only configured to create DHCP statics, all the blocks that
you create within this child space will inherit these DHCP parameters. Therefore, in one space
you can have blocks that update the DNS and other that are dedicated to DHCP options.

Keep in mind that throughout the VLSM hierarchy the direct affiliation between spaces updates
simultaneously both spaces. Which is why anything you create in the parent space in a non-ter-
minal subnet is created at the blocks or subnets level in the child space. In the same way, anything
newly added element in the child space will also be created at the corresponding level in the
parent space.

To set up a manual VLSM space hierarchy

1. Creating the top level space

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Spaces icon. The All spaces list opens.
c. Add a space. For more details, see the procedure To add a space in the Managing IP
Networks chapter of this guide. This space will be the level 1 space (top level) of your
organization, the equivalent of the clients space in the example above.

2. Creating the affiliated child space

a. Once your space is listed, add another space: in the first step of the wizard, Name your
space, add a Description if need be, you can set up the same parameters than the
space you just created.
b. Click on NEXT . The second page of the wizard opens.
c. In the list, select the parent space i.e. the top level space you just created.
d. Click on OK to commit the creation of the child space. The report opens and closes.
The space is listed right under the top level space preceded by the dot icon. You can

290
 Using VLSM to Manage Your Net-
work

repeat step 2 for as many spaces as you need: all the spaces that can become VLSM
parent spaces are listed, so you can actually select the top space, a level 2 space or
even lower if you want your spaces organization to be deeper.

Once your spaces are affiliated to one another, you can create IPv4 or IPv6 blocks in the top
level space, if need be follow the procedure To add a block in the Managing IP Networks chapter
of this guide. Now you can create subnets in it. Terminal subnets will only belong to the top level
space, the non-terminal subnets will become the blocks of the child space of your choice.

In the procedure below, we will create a non-terminal subnet by search, you can of course create
them manually. Keep in mind that the By search tool will find available subnets depending on the
size you asked for. Therefore, if you only create one block in which you have all the non-terminal
subnets of your entire VLSM hierarchy, the first subnet might not be located where you want it.

To create a top level subnet/lower level block (by search) in IPv4

1. Click on the name of the top level space. The corresponding All blocks list opens.
2. Depending on the blocks you created, click on IP4 to display the IPv4 blocks.
3. Click on the name of the block of your choice to display its subnets list.
4. In the menu, select Add > Subnet > By search. The wizard Subnet size page opens.
5. Among the Subnet Search size, Prefix and Netmask drop-down list, set the value of your
choice in one of the three, the two other will automatically adjust. Click on NEXT . The Search
result page opens.
6. In the Subnet address list, select a start address. Click on NEXT . The Add an IPv4 subnet
page opens.
7. In the Subnet name field, type in the subnet name.
8. In the section Terminal subnet, untick the checkbox. The wizard updates and displays the
Add an IPv4 subnet page, the pool related section disappears.
9. In the Gateway field, you can modify the address if need be.
10. Click on NEXT . The VLSM space page opens.

Note
If your VLSM hierarchy includes only one child space below the space where
you are creating subnets, you do not need to specify a VLSM space and you
can click on OK directly (step12).

11. In the VLSM space list, select the child space that will receive the non-terminal subnet as a
block.
12. Click on OK to commit the creation. The report opens and closes. The non-terminal subnet
is listed.
13. In the breadcrumb, click on All spaces. The All spaces list opens.
14. Click on the name of the child space of your choice. The All blocks list opens: the non-ter-
minal subnet is listed as a block.

To create a top level subnet/lower level block (by search) in IPv6

1. Click on the name of the top level space. The corresponding All blocks list opens.

291
 Using VLSM to Manage Your Net-
work

2. Depending on the blocks you created, click on IP6 to display the IPv6 blocks.
3. Click on the name of the block of your choice to display its subnets list.
4. In the menu, select Add > Subnet (v6) > By search. The wizard Subnet size page opens.
5. In the Subnet prefix drop-down list, select a size in bits. Click on NEXT . The search result
page opens.
6. In the Subnet address (v6) list, select a start address. Click on NEXT . The Add an IPv6 subnet
page opens.
7. In the Subnet name field, type in the subnet name.
8. In the section Terminal subnet, untick the checkbox. The wizard updates and displays the
Add an IPv6 subnet.
9. Click on NEXT . The VLSM space page opens.

Note
If your VLSM hierarchy includes only one child space below the space where
you are creating subnets, you do not need to specify a VLSM space and you
can click on OK directly (step12).

10. In the VLSM space list, select the child space that will receive the non-terminal subnet as a
block.
11. Click on OK to commit the creation. The report opens and closes. The non-terminal subnet
is listed.
12. In the breadcrumb, click on All spaces . The All spaces list opens.
13. Click on the name of the child space of your choice. The All blocks list opens: the non-ter-
minal subnet is listed as a block.

From now on, anything created within the non-terminal subnet is created in the child space as
well. If you add another non-terminal subnet in the parent space, a new block will be created in
the child space. In the same way, if you create subnets within the child space, they will be created
in the parent space as well. For more details regarding subnets and pools creation see the chapter
Managing IP Networks of this guide, from the section Managing IP Subnets.

Using the VLSM Hierarchy to Organize the Spaces Delegation

Do not hesitate to use the different levels of the VLSM hierarchy to organize, divide or limit the
different users rights in the IPAM module. Through the Edit menu you can make some spaces,
blocks, subnets or pools a resource for as many groups of users as you need. That way you can
give them the possibility to add/delete/duplicate/move, etc the different element of the hierarchy.

For more details regarding how to make IPAM objects a resource for a group of users, see the
section Defining a [Space | Block | Subnet | Pool] as a Group Resource at the end of the corres-
ponding Managing section of the Managing IP Network chapter of this guide.

If you make the different pieces of a space organization resources to specific groups, you can
delegate the management one level at a time and whoever has access to the whole hierarchy
can keep track of the changes. To illustrate this we will reuse the manual VLSM organization.

292
 Using VLSM to Manage Your Net-
work

Figure 21.5. Example of a manual VLSM organization at the space level

Following the example above, the best way to use the VLSM hierarchy to your advantage would
be to give a group of users access to the space america and to all the blocks, non-terminal subnets,
subnets and pools related to usa. That way, users have in reality access to both america and
usa spaces. Therefore, the superuser or the users with access to the whole hierarchy will be able
to oversee everything that was modified in america and usa.

Note that if you simply give access to the space america and usa at the space level, users will
be able to list the blocks and non-terminal subnets created in america but would not have access
to the content of these subnets, or to the pools and addresses contained in these subnets.

For more details regarding users, groups and delegation within SOLIDserver, see the part Admin-
istration of this guide.

Managing a Semi-Automated VLSM Organization

The semi-automated technique to implement VLSM manages subnets rather than spaces. It is
considered semi-automated as you do not need to specify a child space that will receive the non-
terminal subnet as a block. Therefore, you do not need to organize spaces at all.

As we saw earlier, once in an independent space (or not a parent space), defining a subnet as
non-terminal sets up a semi-automated VLSM organization of the network. It allows to organize
further the subnets level and delegate rights and access to each and every one them if need be.
The semi-automated VLSM is actually very useful if you simply need your hierarchy to be under-
stood at a glance. All the subnets and blocks can be listed all together, there is no need to go
through different spaces separately to view non-terminal subnets/blocks and the subnets they
contain.

Figure 21.6. Example of a semi-automated VLSM organization at the blocks/subnet

Keep in mind that as semi-automated VLSM organizes subnets, manual VLSM organizes spaces.
Considering that they both organize different levels of the IPAM hierarchy, if you intend on using
them both you need to respect the level to which they apply. It actually follows the IPAM hierarchy
logic: spaces contain blocks that contains subnets that contain pools that contain addresses; so

293
 Using VLSM to Manage Your Net-
work

you can set up manual VLSM and then use the semi-automated VLSM at the lowest level of the
organization but not the other way around. That is to say you can organize spaces and then
subnets but not organize subnets before spaces.

You can create non-terminal subnets in the block of your choice in IPv4 and IPv6. You simply
need to untick the Terminal subnet checkbox in the Add an IPv4 subnet or Add an IPv6 subnet
page of the creation wizard. For more details regarding these procedures see the Adding a subnet
section of the Managing IP Networks chapter of this guide.

Figure 21.7. Screen shot of the last step of a non-terminal subnet creation in IPv4

Figure 21.8. Screen shot of the last step of a non-terminal subnet creation in IPv6

Using this checkbox, you can also edit existing subnets and make them non-terminal. Simply
keep in mind that unticking the terminal subnet checkbox limits the number of fields to configure
in IPv4 and IPv6, if the Configurable behavior is selected in the Mode drop-down list and if there
are no DNS or DHCP parameters to configure (inherited from the block).

Note
You cannot edit a non-terminal subnet and make it terminal if it contains one or more
terminal subnets.

You can create as many levels of non-terminal subnets as you need. Just like in the manual
VLSM, the level of the subnet is visible at a glance in the GUI thanks to the dots preceding the
subnet address. See example below for illustration.

294
 Using VLSM to Manage Your Net-
work

Figure 21.9. Example of a deep subnets organization through VLSM

295
Chapter 22. Managing VRF
The IPAM module provides, in version 5.0.2, Virtual Routing and Forwarding management pages.
A VRF, defined in RFC 4364, allows several instances of a routing table to co-exist within the
same router of an MPLS Virtual Private Network. The routing tables will exchange data through
a level 3 connection: using an IP address. Each routing instance is independent from the other(s),
so you can use one IP address on each one of them without worrying about a potential overlapping.
They provide additional routes in a VPN for routing and forwarding.

On a router, each VRF will basically behave like an independent router with its own interfaces,
IP subnets and routing protocol. Each VRF has separate routing and forwarding tables used only
for the packets that enter said VRF. To ease their management, they can be identified through
their Route Distinguisher (RD), it is specific to each VRF, that allows to differentiate all the routes
configured on the network that potentially use the same IP addresses. That way the RD keeps
the routes globally unique, for instance if New York subnets were used in Singapore as well, the
router would still be able to distinguish whether the traffic was destined for New York or Singapore
thanks to the RD).

Within SOLIDserver, you will find two pages of routing tables that enable the management of
your VRFs: one that displays all the VRFs and the other that displays all the Route Targets that
you set up between the VRFs of your database. On both pages the RD is a key piece of inform-
ation to manage the VRF and their Route Targets.

Once added to your database, the VRF will provide an extra tool to link your subnets. To set up
this interaction, you will need to create and configure classes, for more details, see your admin-
istrator.

Managing Virtual Routing and Forwarding

VRFs can be added and displayed on the All VRFs page for basic management purposes only.
Once added, you will be able to link them and enable the import and/or export of data between
them.

Browsing VRFs
With the IPAM module, the All VRFs page is a routing table in essence where you can add or
import all the VRFs that you need.

Figure 22.1. IPAM: All VRFs

Browsing the VRF Database

To display the list of VRFs

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.

296
 Managing VRF

To display a VRF properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. At the end of the line of the VRF of your choice, click on . The properties page opens.

Customizing the VRF Display

By default, all the columns are displayed on the page. However, SOLIDserver enables you to
modify the columns display in the list, especially if you add classes.You can add columns, remove
columns or modify the order of columns. For more details, see the Customizing the List Layout
section of the Understanding the SOLIDserver User Interface part of this documentation.

Adding a VRF
You can as many VRF to the All VRFs routing table as you need.

To add a VRF

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Add > VRF. The Add a VRF wizard opens.
4. In the Name field, name your VRF.
5. In the RD ID field, type in the Route Distinguisher IDentifier of your VRF. It must comply with
the following format: <numeric>:<numeric>.
6. In the Comment field, you can add a description. This field is optional.
7. Click on OK to commit the addition. The report opens and closes. The VRF is listed.

Editing a VRF
Once created, you can edit all the information regarding a VRF.

Note
If you edit a VRF name or RD ID, its VRF Route Targets will be updated as well.

To edit a VRF through the Info Bar

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Put your mouse over the name of the VRf you want to edit. The Info Bar appears.
4. Click on . The Add a VRF wizard opens.
5. Edit the Name, RD ID and Comment fields according to your needs.
6. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
VRF is listed with the new information.

297
 Managing VRF

To edit a VRF through the properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. At the end of the line of the VRF of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VRF wizard opens.
5. Edit the Name, RD ID and Comment fields according to your needs.
6. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
VRF is listed with the new information.

Importing a VRF
Like most modules in SOLIDserver, you have the possibility to import VRFs on the All VRFs page
from a CSV file. From then on, you will be able to add the VRF Route Targets to organize them
as you please. For more details, refer to the chapter Importing Data in the Global Policies part
of this guide.

Deleting a VRF
At any point you can delete one or several VRFs. Keep in mind that the related VRF Route Targets
will be deleted as well.

To delete a VRF

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Tick the VRF(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the VRF deletion. The report opens and closes. The VRF is no longer
listed, the VRF Route Targets with that VRF are deleted as well.

Creating Classes at VRF Level

Like many other objects within SOLIDserver, you can add classes for the VRFs. From the All
VRFs page, you can modify the VRFs user fields (Settings > Customize user fields). In the same
way, from the Administration tab Class Studio page, you can create the classes of your choice
and apply them to VRFs.

Managing VRF Route Targets

The route-target is a way of linking routes between the VRFs. Every VRF is associated with one
or more Route Target (RT) attributes. A Route Target attribute can be thought of as a set of sites
identifiers even though it would be more precise to describe it as the identifier of a set of VRFs.
Associating a particular Route Target attribute with a route allows said route to be placed in the
VRFs that are used for routing the traffic received by the corresponding sites.

298
 Managing VRF

Browsing VRF Route Targets

Along with the All VRFs page, the IPAM module provides a routing table of all the VRF Route
Targets. So once created, you can link together your VRFs on this page.

Figure 22.2. IPAM: All VRF Route Targets

Browsing the VRF Route Targets Database

To display the list of VRF Route Targets from the breadcrumb

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.

To display the list of VRF Route Targets from the menu

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the menu, select Display > All VRF Route Targets. The All VRF Route Targets page
opens.

The VRF Route Targets do not have a properties page as all the information is displayed on the
page.

If you click on a VRF name, you will be able to display the list of VRF Route Targets that have
this VRF defined as source name. Obviously, if the list is empty it means that the VRF has never
been used as a source.

To display the list of VRF Route Targets of a specific source VRF

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. Click on the name of the VRF of your choice. The All VRF Route Targets page opens.
4. Only the Route Targets with the chosen VRF defined as source are listed.

Customizing the VRF Route Targets Display

By default, all the columns are displayed on the page. However, SOLIDserver enables you to
modify the columns display in the list.You can add columns, remove columns or modify the order
of columns. For more details, see the Customizing the List Layout section of the Understanding
the SOLIDserver User Interface part of this documentation.

Adding a VRF Route Target

You can link you VRFs through their name on the All VRF Route Targets page. For this configur-
ation to be effective you will need to decide which VRF can send out or receive data from the

299
 Managing VRF

other one. Which is why it is crucial to decide which VRF will be the source VRFand which one
the destination VRF.

To add a VRF Route Target that allows both VRFs to exchange data

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Import section, tick the checkbox.
8. In the Export section, do not tick the checkbox.
9. Click on OK to commit the addition. The report opens and closes. The VRF is listed.

Note
If you do not tick either the Import or Export checkbox, the data exchange will not
be possible.

To add a VRF Route Target that allows the source VRF to receive data from the
target VRF

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Import section, tick the checkbox.
8. Click on OK to commit the addition. The report opens and closes. The VRF is listed.

To add a VRF Route Target that allows the source VRF to send data to the target
VRF

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, type in the first letters of your source VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.

300
 Managing VRF

6. In the Target VRF name field, type in the first letters of your target VRF. The auto-completion
will fill in the rest of the name or provide you with a list of matching names.
7. In the Export section, tick the checkbox.
8. Click on OK to commit the addition. The report opens and closes. The VRF is listed.

Editing a VRF Route Target

To edit a Route Target, you need to follow the addition procedure and set different import and
export parameters. The new addition will overwrite the existing Route Target.

To edit a VRF Route Target

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. In the menu, select Add > VRF Route Target. The Add a VRF Route Target wizard opens.
5. In the Source VRF name field, the source VRF of your choice.
6. In the Target VRF name field, he target VRF of your choice.
7. In the Import and Export section, you can overwrite the existing Route Target by ticking the
checkbox(es) that now suits your needs.
8. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
configuration changes are visible in the Imported and Exported columns.

Importing a VRF Route Target

Like most modules in SOLIDserver, you have the possibility to import VRF Route Targets on the
All VRF Route Targets page from a CSV file. For more details, refer to the chapter Importing
Data in the Global Policies part of this guide.

Deleting a VRF Route Target

At any point you can delete a VRF Route Target between two VRFs.

To delete a VRF Route Target

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the VRF icon. The All VRFs list opens.
3. In the breadcrumb, click on All VRF Route Targets. The All VRF Route Targets page opens.
4. Tick the VRF Route Target(s) you want to delete.
5. In the menu, select Edit > Delete VRF Route Target. The Delete wizard opens.
6. Click on OK to commit the VRF deletion. The report opens and closes. The page refreshes,
the VRF Route Target is no longer listed.

301
Chapter 23. Importing Data into the IPAM
EfficientIP provides within the IPAM module a powerful tool to importing existing data into your
appliance without having to configure manually the network organization that you were using so
far. There are a number of options and features that help you import your IP addresses organiz-
ation whether you want to import raw data or configurations coming from the VitalQIP or Nortel
NetID softwares.

Importing IPAM Data from a CSV File

SOLIDserver provides a simple tool to massively import data from CSV files. Most of the time,
CSV files are imported in the IPAM database to:

1. Import external data and organize it within SOLIDserver

You can import CSV files containing addresses, subnets, etc. into specific blocks or simply
into a space and then organize the data within the module. Note that at the subnet, pool and
address level, there is a tool allowing you to let SOLIDserver find the best space possible, i.e.
the space containing the smallest block possible that can receive the data you are importing
and avoid overlapping.
2. Import external data with the same network organization

If you plan on importing already configured spaces to SOLIDserver, we recommend that you
follow the hierarchy and import one after the other all levels: space, blocks, subnets, pools (if
relevant) and finally addresses. That way, you will be sure not to miss any parameters or lose
any data.

For more details regarding Spaces, Blocks, Subnets, Pools and Addresses, in IPv4 and IPv6
refer to the chapter Importing Data in the Global Policies part of this guide.

Importing a VitalQIP Export

From the All spaces list you can import VitalQIP data in .qef . This file includes blocks, subnets
and addresses so you need to go through with the import only once.

To import it into SOLIDserver, the file must be located at the root of a .zip or a .rar file.

Tip
This compressed file does not need to include the *_aud.qef files as they are not
relevant to the import and will make your import take longer.

To import Vital QIP data

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Spaces icon. The All spaces list opens.
3. In the menu, select Add > Import > QIP IPAM. The Import entries from file wizard opens.
4. Click on BROWSE to search for the CSV file to import. A window opens to help you browse
through folders, select the needed file.
5. Click on Open. The window closes and the file is visible in the File name field of the wizard.

302
 Importing Data into the IPAM

6. Click on NEXT . The Select space page opens.

7. In the Space drop-down list, select one of the following options:

Table 23.1. Space Field Available Options

Fields Description
Create space per organization Select this option if you want SOLIDserver to create a space
for each or the organization that you are importing. This
option is selected by default.
Listed spaces Select the one of your existing spaces if you want your data
to be imported in one of your existing space.

Note that all the data the space contains will be imported as well (blocks, subnets and ad-
dresses).
8. In the Block class drop-down list, select an existing class to be applied to the blocks you
are importing.
1
9. In the Subnet class drop-down list, select an existing class to be applied to the subnets you
are importing.
10. Click on OK to import the data. The report opens and closes. The data is listed according to
your import configuration.

Importing Nortel NetID IP Address Data

SOLIDserver allows to import NetID network, subnet and host address.The Nortel NetID database
must be exported as a text file by selecting the comma or semi-colon as data delimiter. Here
below, are listed the Nortel NetID's fields that SOLIDserver can import as CSV files. For more
details regrading CSV imports, see the Importing CSV Flat File section of this chapter.

Importing Nortel NetID Networks

In SOLIDserver, the Nortel NetID Networks will be imported as Blocks. Here below are listed
the fields equivalence between the two appliances to help you go through with the networks import.

Table 23.2. Import Fields Equivalence between NortelID and SOLIDserver

Nortel NetID Fields SOLIDserver Fields
Network number Address
Network name Name
Subnet type -
CIDR mask -
Subnet mask Netmask

Importing Nortel NetID Subnets

In SOLIDserver, the Nortel NetID Subnets are also called Subnets, however the fields to describe
them differ. See table below for more details.

1
The classes that may be listed in these fields are the classes created through Class Studio (in the Administration tab) and applied to
the IPAM blocks or subnets. For this classes to be visible in the list, they will need to be enabled at the time of the import.

303
 Importing Data into the IPAM

Table 23.3. Import Fields Equivalence between NortelID and SOLIDserver

Nortel NetID Fields SOLIDserver Fields
Network number Address
Network name Name
Subnet type -
CIDR mask -
Subnet mask Netmask

Importing Nortel NetID Host Addresses

In SOLIDserver, the Nortel NetID Host addresses are also called IP addresses. Here below are
listed the fields equivalence between the two appliances to help you go through with the networks
import.

Table 23.4. Import Fields Equivalence between NortelID and SOLIDserver

Nortel NetID Fields SOLIDserver Fields
Host address Address
Domain name Domain name
Client ID -
MAC address MAC address
ClMAC type -
Custom fields -

304
Chapter 24. Managing IPAM and DHCP
Labels
Introduction
SOLIDserver introduced the labels in version 4.0.2 along with the IPv6 addresses management.
Labels are a visual aid that displays the letters and colors of your choice above part of the IP
address and allows therefore to see at a glance the IP addresses belonging to a common con-
tainer in the IPAM and DHCP modules. Therefore you will be able to create and configure them
in both modules.

Figure 24.1. Example of a Geographical Distribution of Labels in the IPAM

In the example above, you can see that the labels are named after the subnets and blocks and
colored to reflect the hierarchy.

There is some information to keep in mind when it comes to using labels:

• For now, labels are only available in the IPAM and DHCP modules for the IPv6 addresses.
• The label goes above, and therefore hides, the address configured whether it is a full address
or part of an address.
• Once the labels are displayed, you can still uncompress or compress the IPv6 addresses ac-
cording to your needs.
• The label name can be set in lower-case and/or upper-case but must not exceed three letters.
• There are 12 colors to choose from.
• If you have common addresses among several spaces, blocks or subnets, they will all have
the same label (see the Canberra and Management subnets label in the example above).

The label-related options are available on all the pages displaying IPv6 addresses, that is to say:

• In the IPAM module: the All blocks IP6, All subnets IP6, All pools IP6 and All addresses IP6
pages.
• In the DHCP module: the All scopes IP6, All ranges IP6, All leases IP6 and All statics IP6
pages.

Note that these options also are available if you are listing the addresses of a particular subnet,
the leases of a specific server, etc.

305
 Managing IPAM and DHCP Labels

Creating Labels
The labels are all managed through the same wizard, accessible through the Settings menu of
the IPAM and DHCP modules on IPv6 pages. You can create as many labels as you need.

To create a label

1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the IPv6 field, type in or paste the address or part of the address to be labeled.
6. In the Label Name field, type in the label name. It should not have more three 3 characters,
that can be letters or numbers except the usual forbidden characters in Windows and Linux.
7. In the Color drop-down list, select the color of your choice.

Tip
In the Preview area at the bottom of the wizard is displayed the label with the
characters and color of your choice.

8. Click on ADD . The label is now listed in the List Label field. Repeat these steps for as many
labels as you need.
9. Click on OK to commit your creation and close the wizard. The list is visible again.

Once created, the labels need to be displayed manually. See the section Displaying or Hiding
Labels for more details.

Displaying or Hiding Labels

On any of the IPv6 pages you can create, edit or delete labels on the one hand and display or
hide them on the other hand.

To display the labels

1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. In the menu, select Display > Use IPv6 labels. The configured labels are now visible.

At any time you can also display the addresses rather than the labels.

306
 Managing IPAM and DHCP Labels

To hide the labels

1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. In the menu, select Display > Do not use IPv6 labels.The labels are not visible anymore.

Editing Labels
The labels edition has to be undergone in the label configuration wizard.

To edit a label

1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the Settings menu, select Configure IPv6 labels.The Configure IPv6 labels wizard opens.
6. In the List Label field, select the label you want to edit.
7. Modify the data in the IPv6, Label Name and/or Color fields.
8. Click on UPDATE to save the changes. The label is no longer listed in the field. Repeat these
steps for as many labels as you need.
9. Click on OK to commit your edition and close the wizard. The list is visible again.

Deleting Labels
The labels deletion has to be undergone in the label configuration wizard.

To delete a label

1. Go to the IPAM or the DHCP tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on the level of your choice, except for the All spaces level or the
All servers level.
3. Next to the Logout button, click on the IP6 icon to display the IPv6 objects.
4. In the menu, select Settings > Configure IPv6 labels. The Configure IPv6 labels wizard
opens.
5. In the Settings menu, select Configure IPv6 labels.The Configure IPv6 labels wizard opens.
6. In the List Label field, select the label you want to delete. You can only delete labels one at
a time.
7. Click on DELETE . The label is no longer listed in the field. Repeat these steps for as many
labels as you need.

307
 Managing IPAM and DHCP Labels

8. Click on OK to commit your changes and close the wizard. The list is visible again.

308
Part VI. DHCP Management
Table of Contents
25. Introduction ............................................................................................................. 313
Overview .............................................................................................................. 313
DHCP Structure ............................................................................................ 313
DHCP Servers .............................................................................................. 313
DHCP Failover .............................................................................................. 314
DHCP Management within SOLIDserver ................................................................. 314
26. Deploying DHCP Smart Architectures ....................................................................... 316
Multi-Vendors DHCP Management ......................................................................... 316
DHCP Servers Managing IPv4 addressing ...................................................... 316
DHCP Servers Managing IPv6 addressing ...................................................... 317
Building a Highly Available DHCP Service ............................................................... 317
Understanding the DHCP Safe Failover .................................................................. 317
DHCP Safe Failover Principles ....................................................................... 318
Failover Operational States ............................................................................ 318
Working with DHCP Smart Architectures ................................................................ 320
Implementing Smart Architectures .......................................................................... 320
DHCPv4 Smart Architectures ......................................................................... 321
DHCPv6 Smart Architectures ......................................................................... 323
27. Managing DHCP Smart Architectures ....................................................................... 326
Understanding DHCP Smart Architectures Statuses ................................................ 326
Locked Synchronization Status ...................................................................... 326
Adding a DHCPv4 Smart Architecture .................................................................... 327
One-to-One Smart Architecture ...................................................................... 328
One-to-Many Smart Architecture .................................................................... 330
Split-Scope Smart Architecture ...................................................................... 332
Single-Server Smart Architecture ................................................................... 333
Adding a DHCPv6 Smart Architecture .................................................................... 335
DHCPv6 Single-Server Smart Architecture ..................................................... 335
DHCPv6 Split-Scope Smart Architecture ........................................................ 337
DHCPv6 Stateless Smart Architecture ............................................................ 338
Editing a DHCP Smart Architecture ........................................................................ 340
Adding a DHCP Server into a Smart Architecture ............................................ 340
Removing a DHCP Server from a Smart Architecture ...................................... 341
Changing the DHCP Server Roles within a Smart Architecture ......................... 341
Changing the Type of a DHCP Smart Architecture ........................................... 342
Deleting a DHCP Smart Architecture ...................................................................... 343
Defining a DHCP Smart Architecture as a Group Resource ..................................... 343
28. Managing DHCP Servers ......................................................................................... 345
Browsing DHCP Servers ........................................................................................ 345
Browsing the DHCP Servers Database ........................................................... 345
Customizing the DHCP Servers Display .......................................................... 346
Understanding the DHCP Servers Statuses .................................................... 346
Managing EfficientIP DHCP Servers ....................................................................... 347
Configuring the Listening Network Interfaces ................................................... 347
Adding a SOLIDserver DHCP server .............................................................. 348
Configuring the SNMP ................................................................................... 352
Configuring Server Options ............................................................................ 353
Managing Microsoft DHCP Servers with Agent ........................................................ 354
WinDHCPManager Agent .............................................................................. 354
Adding a Microsoft DHCP server .................................................................... 358
Managing Agentless Microsoft DHCP Servers ......................................................... 360

310
 DHCP Management

Understanding the Agentless Server Management .......................................... 360

Adding an Agentless Microsoft DHCP Server .................................................. 360
MS Agentless DHCP Server Limitations .......................................................... 362
Managing ISC DHCP Servers ................................................................................ 362
Managing EfficientIP ISC Linux Packages v4 .................................................. 363
Managing EfficientIP ISC Linux Packages v5 .................................................. 370
Adding an ISC DHCP Server ......................................................................... 376
Editing a DHCP Server .......................................................................................... 379
Deleting a DHCP Server ........................................................................................ 379
Defining a DHCP Server as a Group Resource ....................................................... 380
29. Managing DHCP Scopes .......................................................................................... 381
Browsing Scopes .................................................................................................. 381
Browsing the Scopes Database ...................................................................... 381
Customizing the DHCP Scopes Display .......................................................... 382
Status of DHCP Scopes ................................................................................. 382
Adding a DHCP Scope .......................................................................................... 383
Editing a DHCP Scope .......................................................................................... 384
Applying DHCP Options at Scope Level .................................................................. 384
Editing the Scope Options .............................................................................. 384
Performing Option Changes on Several Scope At Once ................................... 385
Defining a Specific IPAM Space for a Scope ............................................................ 386
Configuring Multiple Scopes for a Network Segment ................................................ 387
Managing DHCPv4 Scopes Duplication and Migration ............................................. 388
Applying Management Rules to the Scopes ............................................................ 388
Deleting a DHCP Scope ........................................................................................ 389
DHCP Relay Agents .............................................................................................. 389
Defining a DHCP Scope as a Group Resource ........................................................ 390
30. Managing Fixed Reservations ................................................................................... 391
Managing DHCP Statics ........................................................................................ 391
Browsing the Statics ...................................................................................... 392
Adding a DHCP Static ................................................................................... 393
Editing a DHCP Static ................................................................................... 395
Applying DHCP Options at Static Level ........................................................... 396
Copying a DHCPv4 Static Without IP .............................................................. 397
Deleting a DHCP Static ................................................................................. 397
Updating Statics Using Static Related Rules ................................................... 398
Managing DHCP Groups ....................................................................................... 399
Browsing the Groups ..................................................................................... 399
Adding a DHCP Group .................................................................................. 400
Deleting a DHCP Group ................................................................................. 401
Applying DHCP Options at Group Level .......................................................... 402
31. Managing Dynamic Addressing ................................................................................. 403
Managing DHCP Ranges ....................................................................................... 403
Browsing the Ranges .................................................................................... 403
Adding a DHCP Range .................................................................................. 405
Editing a DHCP Range .................................................................................. 407
Deleting a DHCP Range ................................................................................ 409
Using Rules To Manage Ranges .................................................................... 409
Applying DHCP Options at Range Level ......................................................... 410
Managing DHCP Leases ....................................................................................... 411
Browsing the Leases ..................................................................................... 411
Defining the Leases Duration ......................................................................... 413
Releasing Leases .......................................................................................... 414
Converting Leases into Statics ....................................................................... 415

311
 DHCP Management

Blacklisting Leases ........................................................................................ 416

Tracking Leases ............................................................................................ 416
Displaying the Relay Agent Information (Option 82) ......................................... 417
Restricting Access ................................................................................................. 419
Granting Access to Known Clients .................................................................. 420
Restricting Access Using ACLs ...................................................................... 420
Configuring the PXE .............................................................................................. 422
Necessary Parameters for PXE ...................................................................... 423
Duplicated lease with PXE ............................................................................. 424
Preventing IP Address Duplication .......................................................................... 424
32. Managing Failover Channels ..................................................................................... 426
Browsing the DHCP Failover Channels Database .................................................... 426
Understanding the DHCP Failover Channels Columns ............................................. 426
Understanding the DHCPv4 Failover Channels Columns ................................. 427
Understanding the DHCPv6 Failover Channels Columns ................................. 428
Switching a DHCP server to Partner-down .............................................................. 429
33. Configuring DHCP Options ....................................................................................... 430
Setting DHCP Options ........................................................................................... 431
Customizing DHCP Options ................................................................................... 433
DHCP Vendor Class Identifier ................................................................................ 435
Option 82: Relay Agent Information ........................................................................ 436
The Relay agent Information with DHCPv6 ..................................................... 437
Option 43: Vendor Specific Information ................................................................... 437
34. Reporting and Monitoring the DHCP ......................................................................... 441
Generating DHCP Reports ..................................................................................... 441
DHCP Server Reports ................................................................................... 441
DHCP Scope Reports .................................................................................... 441
Monitoring DHCP Servers ...................................................................................... 442
Setting DHCP Monitoring Rules ..................................................................... 442
35. Importing DHCP Data .............................................................................................. 444
EfficientIP Recommendations for DHCP Migrations ................................................. 444
Importing DHCP Data from a CSV File ................................................................... 444
Importing an ISC DHCP Configuration .................................................................... 444
Importing an Alcatel-Lucent VitalQIP Configuration .................................................. 445
Importing a Microsoft DHCP Configuration .............................................................. 446
Importing an Infoblox DHCP Configuration .............................................................. 448
Importing a MetaIP DHCP Configuration ................................................................. 449
Importing a Nortel NetID Configuration ................................................................... 450

312
Chapter 25. Introduction
Overview
DHCP Structure
In a continually changing network environment, applying manually the correct settings on each
host to access the Internet can quickly become tedious. The Dynamic Host Configuration Protocol
(DHCP) is a network protocol whose role is to automate the assignment of network parameters
including the IP address, subnet mask, default gateway, DNS name servers and, sometimes,
proxy settings.

This system allows improved management and easier connection for already present and new
devices according to their situation on the network. The administrator can for instance reserve
a pool of addresses for temporary users (dynamic allocation) while listing fixed addresses for the
permanent ones (static allocation).

The DHCP protocol respects the following four steps:

1. Discovery: the DHCP client (host) broadcasts a DHCPDISCOVER packet on its physical
subnet (usually 255.255.255.255) to discover the available DHCP servers.
2. Offer: the available DHCP servers receiving the request respond with a DHCPOFFER packet
containing their own IP address and valid connection settings according to the type of allocation
configured by the administrator for that host (dynamic or static).
3. Request: the client may receive offers from several DHCP servers, hence the need on part
of the DHCP server to provides its IP address. Once an offer has been accepted, the client
sends a DHCPREQUEST packet to inform the other servers of the acceptance. In the case
of dynamic allocation, the other offered addresses return to the pool of available addresses
of the offering server.
4. Acknowledgment: the final step of the process.The selected server sends all the configuration
data to the client in the DHCPACK packet.

DHCP Servers
The main function of a DHCP server is to provide a host with a valid IP address according to the
client needs. Once the network architecture configured (subnets, subnet masks...), the adminis-
trator declares the DHCP server with an IP address that is part of one of the subnets. That way,
the server can provide clients with addresses. In case of large networks, DHCP servers can rely
on DHCP relays (also called helpers). The whole DHCP configuration is stored in a text file called
dhcpd.conf that describes the part of the network managed by the server.

Within a server, the administrator must define scopes - pools of addresses available for allocation
within each subnet. Scopes allow to perform two different types of allocation:

Dynamic allocation
The administrator defines one or several ranges of IP addresses in a scope. From a range,
the server will randomly allocate one IP address to a host for a limited period of time. This
process is called leasing. When the lease time expires, the address is returned to the pool
of addresses to be allocated to another host.

313
 Introduction

Dynamic allocation of addresses is impossible if the server does not contain a scope and a
range of addresses.
Static allocation
To make sure that a client always connects to a subnet with the same IP address, the admin-
istrator can use statics. The static allocation is usually the association of one of the IP ad-
dresses of a scope with the MAC address of a client. The statics are listed in a table and
stored on the server.

Note that the static allocation does not only refer to the IP addresses of a subnet, it can also
refer to the MAC address: you can create statics without IP address in order to configure a
number of options for a particular client. The connection to a subnet will then be handled
dynamically, the client will randomly get the first lease available but always the same DHCP
options.

DHCP statics can be part of a group and share the same DHCP options.

server

scope group

range static

dhcp-navsrv
lease

Figure 25.1. DHCP Server Structure

From the server level downward, the administrator can define DHCP options such as minimum
lease time, maximum lease time, ping check, broadcast address, etc. These options will be inher-
ited by the scopes, ranges, leases, groups and statics managed by the server. However, defining
options at the lower levels of the hierarchy will always prevail. Therefore, if the minimum lease
time is set to 3600 seconds at the server level but one range of addresses has a minimum lease
time set to 1800 seconds, all the leases contained in that range will have a minimum lease time
of 1800 seconds no matter what was set at the scope or server level.

The DHCP protocol allows IP addresses allocation both in IPv4 and IPv6. However, even
though the purpose of the protocol remains the same, the DHCPv6 options are different.

DHCP Failover
Due to the critical role of the DHCP, a failure at the server level would cause hosts to lose their
addresses and the ability to communicate with the rest of the network. The presence of at least
another DHCP backup server ensures the integrity of the database but requires them to continually
communicate. The failover protocol provides a way for two synchronized servers to share and
manage a particular set of IP addresses, thus avoiding possible conflicts in addresses allocation.
DHCP failover also allows disaster recovery.

DHCP Management within SOLIDserver

SOLIDserver interface allows the creation of DHCP servers or the management of existing ones
through the DHCP module. The module is divided into six levels represented in the GUI through
listing pages:

• Servers: the highest level of the DHCP hierarchy, where are listed the servers that contain
the scopes, ranges, leases, statics and groups. There are 5 different types of servers in IPv4

314
 Introduction

that you can create on this page: EfficientIP DHCP, Agentless Microsoft DHCP, Microsoft
DHCP with agent, Cisco DHCP and Nominum DCS. In Ipv6, you can create EfficientIP DHCP
servers.
• Groups: an optional level between the server and the static IP addresses it manages. It allows
administrators to apply specific options to defined groups of static IP addresses.
• Scopes: the second level of the DHCP hierarchy where are listed the scopes created and
managed through the SOLIDserver GUI. Scopes may contain ranges of IP addresses for dy-
namic allocation or individual IP addresses for static allocation.
• Ranges: the third level of the hierarchy for dynamic allocation where are listed the different
ranges of IP addresses available for leasing. At range level, you can define Access Control
Lists (ACLs) to restrict or authorize access to specific users.
• Leases: the lowest level of dynamic allocation where are listed the leases in progress, the IP
addresses currently allocated from a range by the DHCP server.
• Statics: the lowest level of static allocation where are listed the static pairs of IP/MAC addresses
and the statics without IP address.

Servers, groups, scopes, ranges and statics can be added at will and all the changes made in
this module can be automatically updated in the IPAM and the DNS through the default behaviors
configuration..

The DHCP homepage also provides access to the failover channels pages, one for IPv4 and the
other for IPv6, and the leases tracking pages (called lease logs) also available in both versions
of the IP protocol.

Figure 25.2. DHCP Module Homepage

At the server level, EfficientIP allows you to manage your servers on their own or through DHCP
smart architectures. The smart architecture technology offers a solution for a global management
of DHCP servers. In IPv4, physical servers can be managed through One-to-One, One-to-Many,
Split-Scope or Single-Server architectures. Besides, some of these architectures can provide
several failover channels configuration between the servers. In Ipv6, physical servers can be
managed through Split-Scope, Single-Server or Stateless architectures. The main advantage
being that the smart architecture configuration will provide a backup of a specific configuration
that will allow you not to loose time or data if a physical server crashes or stops responding. For
more details, refer to the chapters Deploying DHCP Architectures and Managing DHCP Smart
Architectures below.

315
Chapter 26. Deploying DHCP Smart
Architectures
DHCP can quickly become an essential piece of any network data organization. Once set up,
DHCP is usually hardly noticed, silently and faithfully performing its duties day in and day out.
Unfortunately, the hardest thing with DHCP is getting it to that point. The DHCP client needs
must be considered, including which DHCP options are supported by the client's operating system
and which options and their values need to be assigned. In large-scale DHCP implementations,
the topology of the network becomes a very important factor. The network topology dictates
where DHCP servers and/or relay agents must be placed. A final consideration is planning for
fault tolerance. Once DHCP is implemented, it quickly becomes a service that the entire network
is depending on. Steps can be taken to ensure that DHCP will be available at all times.

SOLIDserver provides different options and configurations for DHCPv4 and DHCPv6. They will
be described in each of the following parts to make it clear before actually implementing the ar-
chitectures.

Multi-Vendors DHCP Management

DHCP Servers Managing IPv4 addressing
Most of the time, the architecture of the enterprise network is a result of the fusion, integration
or conjunction of independent networks. In addition many organizations run Microsoft DHCP
servers. As a consequence, the infrastructures management of companies require flexibility and
adaptability in their administration of DHCP servers.

SOLIDserver appliances supports both EfficientIP and other vendor DHCP servers, allowing you
to readily configure and deploy IP services across your distributed network and synchronize
SOLIDserver data updates in real time. SOLIDserver provides a unique user interface that unifies
the management of multi vendor DHCP servers.This allows the management of different vendors
of DHCP servers including:

• EfficientIP SOLIDserver appliances.

• Microsoft Windows DHCP server (Windows 2003 and 2008).
• ISC DHCP v3 with EfficientIP software packages for FreeBSD, Linux (Novell, RedHat and
Debian) and Solaris.
• Nominum DCS DHCP engine.

SOLIDserver supports almost all features delivered by each vendor but does not add additional
features at the service level. Thus, limitations on features delivered by each vendor are those of
each vendor. For instance Microsoft Windows DHCP services do not have failover feature yet,
thus EfficientIP will not deliver failover functionality for Microsoft Windows DHCP services.

The single and consistent SOLIDserver console used to view and manage these multi-vendor
configurations reduces errors, saves time, and eliminates the requirement of having to replace
existing DHCP. SOLIDserver is an abstraction layer which masks the specific processes of each
DHCP vendor to network administrators. DHCP services are not managed server per server any
more but as a global service. It is possible to simultaneously configure Microsoft Windows running
DHCP servers and Linux running ISC DHCP servers, modify VoIP options on all DHCP servers

316
 Deploying DHCP Smart Architec-
tures

or create transversal reports to get an immediate comprehensive understanding of network services

configurations.

Each and every one of these servers can be managed by SOLIDserver smart architecture to
ease the management configuration and provide a backup of the chosen configuration. See the
Managing DHCP Smart Architectures part of this documentation for more details.

DHCP Servers Managing IPv6 addressing

With DHCPv6 addressing, the choice is more limited. For now, we only provide the management
of the EfficientIP SOLIDserver appliances. However, there are a number of architectures that
allow you to manage either one or several EfficientIP DHCP servers at once. See the Managing
DHCP Smart Architectures part of this documentation for more details.

Building a Highly Available DHCP Service

A way of maintaining DHCP service in the presence of a partial power loss or partial network
outage is to set up two DHCP servers and enable them to both serve the same network. It might
be worthwhile setting up each server on a different network. In this case, if you lose connectivity
or power on one network but not the other, DHCP service continues.

Two active DHCP servers cannot share an IP address pool since they have no way of knowing
with certainty which IP addresses are being distributed. Hence, two active DHCP servers cannot
perform dynamic DHCP. Therefore, scope splitting is necessary to separate IP address ranges
per server.

With a traditional active/passive pair of DHCP servers, if the active server fails, the network ad-
ministrator is required to manually turn on the passive DHCP server so that it can take over until
the initial active server is restored. DHCP high availability with IP address scope splitting provides
failover but with the risk of meeting downtime as addresses are leased to more than one client
and have potential manual intervention to clean up the lease database.

In order for two DHCP servers to provide DHCP services for the same network segments, the
servers must coordinate their behavior. Each server must either know what the other is doing or
be configured so that it can operate without knowing what the other is doing. In order for each
server to know what the other is doing, the DHCP safe failover protocol can be implemented.

Note
The Split-Scope configuration is available for both DHCPv4 and DHCPv6 services
management. However, the DHCP safe failover protocol is only available when
managing IPv4 addresses. Failover protocol is not available in IPv6.

Understanding the DHCP Safe Failover

The DHCPv4 synchronization mechanism is called failover because it was initially intend to
provide a way for one DHCP server to act as a primary server and for a second DHCP server to
act as a backup. In most of the basic failover configuration, the secondary server does not reply
to the DHCP client requests when it is in contact with the primary, it simply synchronizes updates
from the primary. In a EfficientIP's DHCP configuration, both primary and secondary servers
provide simultaneously the DHCP service. The two servers use a deterministic load-balancing
algorithm to decide which server answers to which DHCP requests.

317
 Deploying DHCP Smart Architec-
tures

Note
The failover mechanism is not available when it comes to IPv6 addressing.

DHCP Safe Failover Principles

The failover involve three principles. The first is that the primary and the secondary failover
servers divide the dynamic ranges of free addresses that they have to server into free and backup
addresses. Free addresses are available for the primary server to allocate to its clients and
backup addresses are available for the secondary server to allocate to its clients.

The second principle is that DHCP servers can allocate or extend a lease only to a limited amount
of time beyond the lease time known by its peer. This limited time is called the maximum client
lead time (MCLT). The MCLT is configured at one hour by default.

The third principle is that in normal operation, an address that has been assigned to one client
cannot be assigned to another client unless both DHCP servers agree that the first client is no
longer using it.

Failover Operational States

There are several DHCP operational states in the failover protocol: Normal, Communications-
interrupted and Partner-down. Still, the GUI presents more information, for more details refer to
the failover channels state table in this guide.

Operating in Normal State

When in Normal state, each server services and all other DHCP requests other than dhcpre-
quest/renewal or dhcprequest/rebinding from the client set defined by the load balancing algorithm
RFC 3074. Each server services dhcprequest/renewal or dhcpdiscover/rebinding requests from
any client.The partner server then writes the information about lease updates in its lease database.
The lease database in a DHCP server would normally be changed as a result of DHCP protocol
activity with a DHCP client (e.g., granting a lease to a DHCP client through the familiar discov-
er/offer/request/ack cycle or extending a lease due to a renewal from a DHCP client) or possibly
because a lease has expired or undergone another state change that must be recorded in the
DHCP lease database.

Failover Channel

DHCP 1 DHCP 2
local range
local range

1 allocate new 14 15 28 1 14 15 allocate new 28

address address

16
19
2
1

Figure 26.1. DHCP Failover Operating in Normal State

318
 Deploying DHCP Smart Architec-
tures

Operating in Communications-interrupted State

When operating in Communications-interrupted state, each server is operating independently,

but does not assume that its partner is not operating. The partner server might be operating and
simply unable to communicate with this server, or might not be operating. Each server responds
to the full range of DHCP client messages that it receives, but in such a way that graceful reinteg-
ration is always possible when its partner comes back into contact with it.

Failover Channel

DHCP 1 DHCP 2
local range
local range

1 15 allocate new 28
1 allocate new 14 15 respond for 28 respond for 14
address existing addresses existing addresses address

2020 23
16 19
16
55 3
1 2
1

Site A Site B

Figure 26.2. DHCP Failover Operating in Communications-interrupted State

Operating in Partner-down State

For a variety of reasons, is it possible that one member of a DHCP failover pair might stop oper-
ating. This could be the result of a planned outage or an unplanned outage. In order to provide
the best possible service when one member of a failover pair is down, the other can be placed
in the Partner-down state. When operating in Partner-down state, a server assumes that its
partner is not currently operating, but does make allowances for the possibility that server was
operating in the past, though possibly out of communications with this server. It responds to all
DHCP client requests in Partner-down state. After a server enters the Partner-down state, it can
reclaim any available IP address that belongs to its peer after the MCLT is passed.

DHCP 1 DHCP 2
local range local range

1 28 1 28

16
19
2
1

Figure 26.3. DHCP Failover Operating in Partner-down State

319
 Deploying DHCP Smart Architec-
tures

Once the peer server is coming up, it will automatically connect its failover channel to change for
operation in Normal state. For the purpose of better controlling the DHCP service, before moving
a server for instance, the administrator can manually switch the backup server of a failover
channel to partner-down, for more details refer to the chapter Managing Failover Channels of
this guide. For One-to-One DHCP smart architectures, the administrator can also set an Automatic
switch to partner-down delay (in minutes) after which a server in Communications-interrupted
state should automatically switch to Partner-down. For more details, refer to the DHCP One-to-
One Smart Architecture section of this guide.

Working with DHCP Smart Architectures

SOLIDserver allows administrators to deploy pre-built DHCP smart architecture including backup
and failover features with IPv4 addressing. DHCPv6 smart architectures simply provide a config-
uration backup. By working with the DHCP smart architecture, you simplify your deployment,
save some time and drastically reduce the risk of misconfiguration.

For IPv4, SOLIDserver allows to build 4 types of high available DHCP architectures:

• One-to-One: in this DHCP configuration, two servers share the ranges of dynamic IP addresses.
• One-to-Many: this DHCP configuration is based on a central DHCP server with several peri-
pheral DHCP servers as backup.
• Split-Scope: two DHCP servers are running in active/active mode and distribute the ranges
management. DHCP split scope is the Microsoft's recommended solution to increase the
availability.
• Single-Server: this configuration manages one DHCP server. It provides a backup of the con-
figuration that will be pushed onto a new DHCP server if ever the original server crashed or
stopped responding.

For IPv6, SOLIDserver allows to build 3 types of high available DHCP architectures:

• Single-Server: this configuration manages one DHCP server. It provides a backup of the con-
figuration that will be pushed onto a new DHCP server if ever the original server crashed or
stopped responding.
• Split-Scope: two DHCP servers are running in active/active mode and distribute the ranges
management. DHCP split scope is the Microsoft's recommended solution to increase the
availability.
• Stateless: this configuration provides a number of options to the servers managed through the
architecture. The defined options, and not any other, will be accessible to the DHCP clients.
There is no limitation in the number of DHCP servers managed as this mode only provides
options. Note that the stateless smart architecture also implies that no ranges or statics will be
created. Nor will there be any leases provided.

Implementing Smart Architectures

We strongly recommend that you manage every DHCP server with the smart architecture that
suits your needs. Indeed, one of the main goals of this virtual management tool is the backup. If
the server(s) you are managing through the smart architecture were to crash, you could simply
install it back on your SOLIDserver and the set up configuration would be pushed back onto the
server(s) automatically. Plus, changing the smart architecture when your management needs
change is fairly easy, you edit the smart architecture and add or remove the needed servers.

320
 Deploying DHCP Smart Architec-
tures

When it comes to smart architectures, the main difference between DHCPv4 and DHCPv6 ad-
dressing is the failover. Indeed, the failover protocol is not available in IPV6, which explains the
different architectures provided by SOLIDserver. Therefore, the All failover channels page in v6
is merely a list linking DHCPv4 and DHCPv6 servers through the defined ports.

Keep in mind that the IPv6 addressing is only possible from the EfficientIP servers. There is no
compatibility with the numerous vendors providing IP addressing.

DHCPv4 Smart Architectures

With DHCPv4 addressing, there is a number of management configuration available to the users
depending on their needs. The configuration can be applied to one or several DHCP servers.

Implementing a One-to-One DHCP Failover

The DHCP One-to-One smart architecture allows you to quickly build a peer of two DHCP servers
managing IPV4 addresses with a pre-built high availability mechanism. When you deploy a One-
to-One smart architecture, you drastically reduce the DHCP service downtime if one of your
DHCP servers is out of service.

DHCP DHCP
Master Backup

Figure 26.4. DHCPv4 One-to-One Smart Architecture

The One-to-One smart architecture allows two DHCP servers to share a range of common ad-
dresses. Each server will have half of the available addresses in the range for a given period of
time. Should a server stop working, the second server will renew the leases of its peer server
within its half of the range. When the server comes back on line, it detects that it stopped its
service and reclaims the totality of the leases allocated to the other server during the interruption.
Henceforth, the two servers share as they did before.

Implementing a One-to-Many DHCP Failover

Functionally, the DHCP One-to-Many smart architecture is a replication of several One-to-One

smart architectures, which is why it is only available for DHCP servers managing IPv4 addresses.
The configuration of DHCP One-to-Many smart architecture is based on a set of DHCP servers
that are replicated to only one DHCP server.

321
 Deploying DHCP Smart Architec-
tures

DHCP
Master
DHCP DHCP
Backup Backup

Figure 26.5. DHCPv4 One-to-Many Smart Architecture

The DHCP One-to-Many smart architecture is particularly relevant for organizations that have
many sites and need to have a dedicated DHCP service per site. To fit this need, many vendors
provide DHCP clusters enforcing you to deploy double DHCP servers. With DHCP One-to-Many
smart architecture, you deploy one DHCP server per site plus one unique DHCP as a backup
for all others. It looks like a star configuration, where each edge DHCP server share a failover
channel with the central DHCP server of the smart architecture.

This architecture allows you to reduce the number of DHCP servers to deploy, and then save
investment and maintenance operations as well. The EfficientIP's One-to-Many smart architecture
costs N+1 servers, against the common DHCP clustering that costs 2xN servers. The following
table compares a common DHCP cluster with the EfficientIP's One-to-Many architecture for a
15 sites configuration.

Table 26.1. Simulation of a 15 sites DHCP deployment in HA

Fields Common DHCP DHCP One-to-Many
Clusters
DHCP Server per Site 15 15
Additional DHCP Server for the HA 15 1
DHCP Server Amount 30 16
a
% of Extra Cost for HA 100% 7%
a
Include Capex and Opex.

Implementing a Microsoft DHCP Split-Scope

SOLIDserver has the ability to update Microsoft Windows DHCP server configuration, providing
an alternative management console that can be used organization wide for DHCPv4 configuration,
the Split-Scope smart architecture. Microsoft configuration of scopes, ranges and reservation
can be defined within SOLIDserver and then updated to the remote Microsoft Windows server.
All active lease information from Microsoft Windows server is displayed in real time within the
SOLIDserver user interface. SOLIDserver can control the policy that governs the way the Microsoft
DHCP server performs the DNS update.

322
 Deploying DHCP Smart Architec-
tures

DHCP DHCP
Split-Scope Split-Scope
80% 20%

Figure 26.6. DHCPv4 Split-Scope Smart Architecture

At a technical level, the Split-Scope configuration sets up two servers as peers and will require
to specify a port on each one of them. This port will be dedicated to the information sharing and
named Failover port on one server and Failover peer port on the other server. Keep it mind that
this configuration has nothing to do with the Safe Failover Protocol, you simply need to indicate
which port on each server will take part in the information sharing in that configuration.

Implementing a DHCP Single-Server

The Single-Server architecture will provide a backup of the management configuration of any of
the available DHCP servers: EfficientIP server, Microsoft DHCP, Cisco DHCP or Nominum DCS.
Therefore, if it were to crash, you could install it again and let SOLIDserver push automatically
the smart architecture configuration back onto your server. Do not forget that if you manage a
DHCP server through the Single-Server configuration it will be very easy to manage the server
through another DHCPv4 smart architecture later on.

DHCP
Single

Figure 26.7. DHCPv4 Single-Server Smart Architecture

DHCPv6 Smart Architectures

With DHCPv6 addressing, there is a number of management configuration available to the users
providing that they do not need to apply it to any other server than an EfficientIP server.

Keep in mind that a DHCPv6 server operates on an appliance running in IPv4.

Implementing a DHCPv6 Single-Server

The Single-Server architecture with DHCPv6 will provide a backup of the management configur-
ation of an Efficient IP DHCP server. Therefore, if it were to crash, you could install it again and
let SOLIDserver push automatically the smart architecture configuration back onto your server.

323
 Deploying DHCP Smart Architec-
tures

Do not forget that if you manage a DHCP server through the Single-Server configuration it will
be very easy to manage the server through another DHCPv6 smart architecture later on.

DHCPv6
Single

Figure 26.8. DHCPv6 Single-Server Smart Architecture

Implementing a DHCPv6 Split-Scope

The Split-Scope smart architecture allows you to share ranges between two EfficientIP DHCP
servers in an active/active configuration. You can actually set up the proportion of IP addresses
managed by each one of the servers. One server is set as a master and the other one as a
backup. The main goal of this architecture is the availability of the services at all times thanks to
the load sharing. There is no failover protocol between the two servers but being a smart archi-
tecture, the Split-Scope provides a backup of the configuration: if anything were to happen to
any of the managed servers, installing them back to SOLIDserver would apply the smart archi-
tecture back onto it.

DHCPv6 DHCPv6
Split-Scope Split-Scope
80% 20%

Figure 26.9. DHCPv6 Split-Scope Smart Architecture

At a technical level, the Split-Scope configuration sets up two servers as peers and will require
to specify a port on each one of them. This port will be dedicated to the information sharing and
named Failover port on one server and Failover peer port on the other server. Keep it mind that
this configuration has nothing to do with the Safe Failover Protocol, you simply need to indicate
which port on each server will take part in the information sharing in that configuration.

Implementing a DHCPv6 Stateless

The Stateless smart architecture allows you to set up a number of options to the scopes of the
servers you choose to manage. The clients will then have access to the options defined in the
architecture. Which is why you can add as many servers as you need in this configuration.

324
 Deploying DHCP Smart Architec-
tures

Stateless
DHCPv6

Figure 26.10. DHCPv6 Stateless Smart Architecture

There is no master or backup servers per se in this configuration. By default they all are independ-
ent master servers sharing the same configuration options.

Keep in mind that the Stateless smart architecture only has an impact on the options available
to the DHCPv6 clients, therefore its is impossible to add ranges and static through this configur-
ation. In the same way, no leases will be provided or managed.

325
Chapter 27. Managing DHCP Smart
Architectures
Understanding DHCP Smart Architectures Statuses
Within SOLIDserver GUI, the smart architecture status provides useful information regarding the
configuration.

Table 27.1. Smart Architectures Statuses

Columns Description
OK The smart architecture is operational.
Invalid settings The smart architecture does not contain any physical server, is
missing one or several physical servers or is not configured
properly (not enough failover channels configured, etc).

Moreover, the Sync (i.e. synchronization) column provides additional information regarding the
exchanges between the smart architecture and the physical server(s).

Table 27.2. Smart Architectures Synchronization Statuses

Columns Description
Synchronized The smart architecture has successfully synchronized the server(s)
it manages.
Busy The smart architecture is synchronizing the server(s).
Locked synchronization The smart architecture cannot send the configuration file to the
physical server.

Locked Synchronization Status

With SOLIDserver 5.0.1, EfficientIP introduced a new data consistency check for the smart archi-
tectures. Once you configured a smart architecture with the server(s) you want to manage, before
sending the new configuration to the physical server(s), there is a simple check of the data in
order to verify consistency in the configuration and avoid pushing useless information to the
server.

If the check is conclusive, the information is sent to the server and the Sync status is Synchronized.
However, if any error is found during that check the verification stops and the Locked Synchron-
ization status appears on the All servers page in the Sync column the next time the page refreshes.
To get a valid synchronization status again, you need to "undo" the latest changes, this will load
a new synchronization and uploads the status accordingly.

Once the server is in Locked synchronization, the corrupted configuration file is automatically
stored locally on the appliance and available for download in the Local files listing. It will be named
<server_name>-dhcpd.conf. We advice that you take a look at this file because after the first
found error, the check stops and returns the Locked synchronization status. So if there are sev-
eral errors, the status will be returned over and over again until the file is conclusive and can be
sent to the physical server.

326
 Managing DHCP Smart Architec-
tures

The check for failure in the configuration file can be done though CLI (we recommend it) or through
the GUI.

To check for failure in a DHCP configuration file through CLI

1. Open an SSH session.

2. Use the following command to retrieve the list of corrupted files:
# ls -la /data1/exports/*-dhcpd.conf

3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/dhcpd –t –4 -cf /data1/exports/<server_name>-dhcpd.conf

4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.

To check for failure in a DHCPv6 configuration file through CLI

1. Open an SSH session.

2. Use the following command to retrieve the list of corrupted files:
# ls -la /data1/exports/*-dhcpd6.conf

3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/dhcpd -t -6 -q -cf /data1/exports/<server_name>-dhcpd6.conf

4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.

To look for DHCP errors on the syslog page of the local appliance

1. Go to the Administration page. If the homepage is not displayed click on . The homepage
appears.
2. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
3. In the SOLIDserver drop-down list, verify that the local appliance is selected. Only the host-
name will appear with no IP address.
4. In the Services filed, select dhcpd. The logs appear.

Adding a DHCPv4 Smart Architecture

A smart architecture can be configured without DHCP servers. It allows you to create the archi-
tecture that suits your needs before applying it to one or more DHCP servers. It also provides a
backup of the management configuration of the server it manages. If your DHCP server crashes,
you delete it and add a new one on which you apply the same architecture, SOLIDserver will
remember the former server's configuration and apply it to the new one.

With DHCPv4, there are four different kinds of smart architectures: One-to-One, One-to-Many,
Split-Scope and Single-Server. As for DHCPv6 smart architectures, SOLIDserver proposes the
Single-Server, Split-Scope and Stateless architectures. In the procedures below, we are going
to describe the configuration of the DHCP smart architectures with the DHCP servers they
manage, but you can go through the configuration without adding any server and do it later, see
part Adding DHCP Server into DHCP Smart Architecture for more details.

327
 Managing DHCP Smart Architec-
tures

Once the configuration is completed, the DHCP smart architecture appears in the All servers list
as a real server.

Figure 27.1. DHCP Smart Architecture configuration not managing any DHCP server

As you can see, the column Type mentions the kind of smart architecture applied, the DHCP
smart members column is marked N/A and for that reason, the server status is Invalid settings.

One-to-One Smart Architecture

The One-to-One smart architecture allows you to set up a failover channel between two DHCP
servers: one is set as master server and the other one as backup. Note that if the master server
crashes, you will have to manually set up the partner-down mode to reclaim the available IP ad-
dresses, see paragraph Operating in partner-down state in the Understanding the DHCP Safe
Failover section of this documentation. This architecture also provides a shared management of
the leases that you can configure according to your needs.

To configure a DHCP One-to-One smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:

Table 27.3. DHCPv4 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

328
 Managing DHCP Smart Architec-
tures

5. Click on NEXT .The next page of the wizard appears.

6. In the DHCP smart architecture list, select One-to-One.

DHCP DHCP
Master Backup

Figure 27.2. DHCPv4 One-to-One Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, you can select one by one the two DHCP servers that
you want to manage through the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list. Repeat these
actions for the second server.
10. Click on NEXT . The next page of the wizard appears.
11. In the Master DHCP server drop-down list, select which one of the two servers is going to
be the Master server in the configuration.
12. Click on NEXT . The next page of the wizard appears.
13. This page allows you to configure the failover channel between the servers of the architecture.
Fill in the fields according to the table below:

Table 27.4. DHCPv4 One-to-One Failover Parameters

Parameters Description
Peering name By default, the peering channel connecting the IPAM and the DHCP
server is named failover-your.smart.server.name. You can modify it
if need be.
Failover port Type in the failover port name, that is the port of your master server
dedicated to the failover. By default, the port 847 is used.
Failover peer port Type in the failover port name, that is the port of your backup server
dedicated to the failover. By default, the port 647 is used.
Peer DHCP server The DHCP backup server is automatically entered in this field.
Automatic switch to Type in this field the amount of time (in minutes) after which a server
partner-down delay (in in Communications-interrupted state should automatically switch to
minutes) Partner-down. By default, the field is empty and the option is disabled.
Split leases In this drop-down list you can choose the way you want to split the
leases between the two servers: Balanced, Prefer backup or Prefer
master. By default, Balanced is selected.
Balanced If you select this option, the leases are delivered to the clients by
both servers equally.
Prefer backup If you select this option, the leases are delivered to the clients by the
backup server only.

329
 Managing DHCP Smart Architec-
tures

Parameters Description
Prefer master If you select this option, the leases are delivered to the clients by the
master server only.

14. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (one-to-one) in the Type column. If your con-
figuration is managing DHCP servers, you can display them in the All servers list by clicking
on in the upper right corner.

One-to-Many Smart Architecture

The One-to-Many smart architecture, which is basically a star network topology of the DHCP
servers of your choice, allows you to set up several failover channels between one master server
and at least two backup servers that will be used as backup. You actually can include as many
servers as you want in this configuration as long as there are no power limitations or overload of
the equipment managing the flow of information between the servers. This architecture also
provides a shared management of the leases that you can configure according to your needs.

To configure a DHCP One-to-Many smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:

Table 27.5. DHCPv4 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

330
 Managing DHCP Smart Architec-
tures

6. In the DHCP smart architecture list, select One-to-Many.

DHCP
Master
DHCP DHCP
Backup Backup

Figure 27.3. DHCPv4 One-to-Many Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, you can select one by one the DHCP servers that you
want to manage through the smart architecture. Ideally, you would configure at least three
DHCP servers with this architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list. Repeat these
actions as many times as needed.
10. In the Master DHCP server drop-down list, select which one of the two servers is going to
be the Master server in the configuration.
11. Click on NEXT . The last page of the wizard appears.
12. In the DHCP peering assignment list, select the default failover channel named Peering:
failover-<smart_server_name> on DHCP (). Then, configure it following the table below:

Table 27.6. DHCPv4 One-to-Many Failover Parameters

Fields Description
Peering name The default failover channel name is displayed in the field. You can
modify it if need be.
Failover port Type in the failover port name, that is the port on your Master server
dedicated to the failover with one of the other servers. The default
failover port is 847, you can only use it once.
Failover peer port Type in the failover port name, that is the port on your chosen backup
server dedicated to the failover with the Master. The default failover
port is 647, you can use on each backup server if you want.
Peer DHCP server Choose the DHCP backup server with which you want to configure
the failover. By default, None is selected.
Split leases In this drop-down list you can choose the way you want to split the
leases between the two chosen servers: Balanced, Prefer backup
or Prefer master. By default, Balanced is selected.
Balanced If you select this option, the leases are delivered to the clients by
both servers equally.
Prefer backup If you select this option, the leases are delivered to the clients by the
backup server only.

331
 Managing DHCP Smart Architec-
tures

Fields Description
Prefer master If you select this option, the leases are delivered to the clients by the
master server only.

Click on UPDATE to commit your configuration. Your first failover channel is configured and
listed in the DHCP peering assignment as such: Peering: <failover_channel_name> on
DHCP (<backup_server_name>).

Repeat this action in order to have a failover channel between the master and each backup
server.
13. Click on OK to commit your smart architecture configuration. The report opens and closes.
The smart architecture is listed as a DHCP server and marked Smart (one-to-many) in the
Type column. If your configuration is managing DHCP servers, you can display them in the
All servers list by clicking on in the upper right corner.

Split-Scope Smart Architecture

The Split-Scope smart architecture allows you to distribute the management of ranges (and
therefore leases) between two DHCP servers. They are set in an active/active configuration that
ensures availability of the services at all times: if one server fails, the other can still lease IP ad-
dresses to the clients. You can actually choose the proportion of IP addresses (in percent)
managed by each one of them.

To configure a DHCP Split-Scope smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:

Table 27.7. DHCPv4 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.

332
 Managing DHCP Smart Architec-
tures

Parameters Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DHCP smart architecture list, select Split-Scope.

DHCP DHCP
Split-Scope Split-Scope
80% 20%

Figure 27.4. DHCPv4 Split-Scope Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, you can select one by one the two DHCP servers if want
to manage through the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list. Repeat these
actions for the second server.
10. Click on NEXT . The next page of the wizard appears.
11. In the Master DHCP server drop-down list, select which one of the two servers is going to
be the Master server in the configuration.
12. In the Distribution ratio (in percent) field, type in the ratio of IP ranges that will be managed
by the Master DHCP server you just selected. By default, 80 is proposed, meaning that the
remaining 20% will be listed and managed by the backup server.
13. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (split-scope) in the Type column. If your
configuration is managing DHCP servers, you can display them in the All servers list by
clicking on in the upper right corner.

Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.

Single-Server Smart Architecture

The Single-Server smart architecture allows you to manage one single DHCP server that provides
a backup. If the DHCP server crashes, the smart architecture configuration will be saved and
automatically applied to the new DHCP server managed through the Single-Server smart archi-
tecture.

333
 Managing DHCP Smart Architec-
tures

To configure a DHCP Single-Server smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DHCP smart architecture. The Manage a DHCP server
wizard opens.
4. Fill in the fields according to the table below:

Table 27.8. DHCPv4 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DHCP smart architecture list, select Single-Server.

DHCP
Single

Figure 27.5. DHCPv4 Single-Server Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

334
 Managing DHCP Smart Architec-
tures

8. In the Available DHCP servers list, select the DHCP server that you want to manage through
the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (single-server) in the Type column. If your
configuration is managing a DHCP server, you can display them in the All servers list by
clicking on in the upper right corner.

Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.

Adding a DHCPv6 Smart Architecture

A smart architecture can manage IPv6 addresses and just like DHCPv4 can be configured without
DHCP servers. Note that with a DHCP v6 smart architecture, you will still apply your configuration
to a DHCP server managed on a SOLIDserver appliance running on an IPv4 address.

With DHCPv6, there are three different kinds of smart architectures: Single-Server, Split-Scope
and Stateless. In the procedures below, we are going to describe the configuration of DHCPv6
smart architectures with DHCP servers but you can go through the configuration without adding
any server and do it later, see part Adding DHCP Server into DHCP Smart Architecture for more
details.

DHCPv6 Single-Server Smart Architecture

The Single-Server smart architecture in DHCPv6 has the same advantages than in DHCPv4. It
allows you to manage one single DHCP server that provides a backup. If the DHCP server
crashes, the smart architecture configuration will be saved and automatically applied to the new
DHCP server managed through the Single-Server smart architecture.

To configure a DHCPv6 Single-Server smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:

Table 27.9. DHCPv6 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down

335
 Managing DHCP Smart Architec-
tures

Parameters Description
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DHCP smart architecture list, select Single server.

DHCPv6
Single

Figure 27.6. DHCPv6 Single-Server Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, select the DHCPv6 server that you want to manage
through the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (single-server) in the Type column. If your
configuration is managing DHCPv6 servers, you can display them in the All servers list by
clicking on in the upper right corner.

Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.

336
 Managing DHCP Smart Architec-
tures

DHCPv6 Split-Scope Smart Architecture

The Split-Scope smart architecture allows you to distribute ranges of IP addresses between two
DHCP servers. The active/active configuration ensures availability of the leasing service to clients.
You can actually choose the proportion of IP addresses (in percent) managed by each one of
them.

To configure a DHCPv6 Split-Scope smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:

Table 27.10. DHCPv6 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DHCP smart architecture list, select Split-Scope.

337
 Managing DHCP Smart Architec-
tures

DHCPv6 DHCPv6
Split-Scope Split-Scope
80% 20%

Figure 27.7. DHCPv6 Split-Scope Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, you can select one by one the two DHCP servers if want
to manage through the smart architecture.
9. Click on . The selected server is moved to the Selected DHCP servers list. Repeat these
actions for the second server.
10. Click on NEXT . The next page of the wizard appears.
11. In the Master DHCP server drop-down list, select which one of the two servers is going to
be the Master server in the configuration.
12. In the Distribution ratio (in percent) field, type in the ratio of IP ranges that will be managed
by the Master DHCP server you just selected. By default, 80 is proposed, meaning that the
remaining 20% will be listed and managed by the backup server.
13. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (split-scope) in the Type column. If your
configuration is managing DHCPv6 servers, you can display them in the All servers list by
clicking on in the upper right corner.

Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.

DHCPv6 Stateless Smart Architecture

The Stateless smart architecture allows you to set up a number of options to the scopes of the
servers you choose to manage. The clients will then have access to the options defined in the
architecture. Keep in mind that there is no ranges, statics or leases management in a stateless
architecture: you cannot create or provide them.

To configure a DHCPv6 Stateless smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, click on Add > Server (v6) > DHCP smart architecture. The Manage a DHCP
server wizard opens.
4. Fill in the fields according to the table below:

338
 Managing DHCP Smart Architec-
tures

Table 27.11. DHCPv6 Smart Architecture Basic Parameters

Parameters Description
DHCP server name Name your server with a valid FQDN.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DNS. Keep in
mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DHCP smart architecture list, select Stateless.

Stateless
DHCPv6

Figure 27.8. DHCPv6 Stateless Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. In the Available DHCP servers list, you can select one by one as many DHCP servers as
you want.
9. Click on . The selected server is moved to the Selected DHCP servers list. Repeat these
actions as many time as needed.
10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DHCP server and marked Smart (stateless) in the Type column. If your config-
uration is managing DHCPv6 servers, you can display them in the All servers list by clicking
on in the upper right corner.

339
 Managing DHCP Smart Architec-
tures

Note
A virtual failover channel will be automatically created along with the smart ar-
chitecture, it will be named failover-<smart_architecture_name> and listed on
the All failover channels.

Editing a DHCP Smart Architecture

Adding a DHCP Server into a Smart Architecture
Once smart architecture is properly configured and applied, you can add DHCP servers
whenever you want. First, to add a DHCP server, please follow the section Manage DHCP
server section. According to the DHCP smart architecture chosen, if you do not complete the
architecture with all the necessary servers, the smart architecture may not work properly. Please
check that you have added all the necessary DHCP servers into the smart architecture.

Warning
When you add one or more DHCP servers into a smart architecture, the data are
replicated from the smart architecture to the DHCP server added automatically. So
if the smart architecture is empty (first use), the DHCP server added will be totally
overwritten.

To add a DHCP server into DHCP smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. In the DHCP server type list, make sure DHCP smart architecture is selected. Click on NEXT .
The Manage a DHCP server page opens.
6. If need be, modify the smart architecture basic parameters. For more details, refer to DHCP
Smart Architecture Basic Parameters table in this guide. Click on NEXT . The next page of
the wizard appears.
7. In the DHCP smart architecture list, modify the type of your DHCP smart architecture if need
be. Click on NEXT . The next page of the wizard appears.
8. In the Available DHCP servers list, select a server to add in the smart architecture and click
on . The server has been moved to the Selected DHCP servers list. Repeat this action for
as many server as needed. You can remove any of them from the selected servers list by
clicking on .
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, modify the master server if need be.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.

340
 Managing DHCP Smart Architec-
tures

12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit your modifications. The report opens and closes. You can display the
added servers in the All servers list by clicking on in the upper right corner. The DHCP
Smart members column of the smart architecture displays the name of the new master
server in brackets next to the name of the other backup servers.

Removing a DHCP Server from a Smart Architecture

Whenever you want, you can remove one or more DHCP server from a DHCP smart architecture.
When you remove one, the configuration applied on this server is conserved on the DHCP
server previously removed.

To remove a DHCP server from a smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. Click on NEXT . The Manage a DHCP server page opens.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The next page of the wizard appears.
8. The servers managed by the smart architecture are listed in the Selected DHCP servers list.
You can remove any of them by clicking on . The server(s) will be moved to the Available
DHCP servers list.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. If the smart architecture is still managing servers: in the Master DHCP server list, change
the master server if need be. Click on NEXT . The next page of the wizard appears.
11. If the smart architecture is still managing servers: modify the failover ports on each server
and/or the split leases parameters if need be.
12. Click on OK to commit your modifications. The report opens and closes. The servers that
has been removed are listed as DHCP servers of whatever kind in the Type list. If your smart
architecture is still managing DHCP servers, you can display them in the All servers list by
clicking on in the upper right corner.

Changing the DHCP Server Roles within a Smart Architecture

As easily as possible, you can change the role of DHCP servers within a smart architecture. For
instance, you can change a master server into a slave server within a One-to-one smart architec-
ture at any given time.

To change the role of a DHCP server within a smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.

341
 Managing DHCP Smart Architec-
tures

3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. Click on NEXT . The Manage a DHCP server page opens.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The next page of the wizard appears.
8. The servers managed by the smart architecture are listed in the Selected DHCP servers list.
You can remove any of them and add a new one by clicking on or . The server(s) will
be moved accordingly between the Selected DHCP servers and Available DHCP servers
lists.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, select the master server.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.
12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit your modifications. The report opens and closes. If your configuration
is managing DHCP servers, you can display them in the All servers list by clicking on in
the upper right corner. The DHCP Smart members column of the smart architecture displays
the name of the new master server in brackets next to the name of the other backup servers.

Changing the Type of a DHCP Smart Architecture

The type of a DHCP smart architecture can be easily changed while keeping all DHCP configur-
ation and data you already set. For instance, you already have a DHCP smart architecture con-
figured in One-to-One that includes two DHCP servers -one in master and the other in slave-
and you plan to change your smart architecture type into Split-Scope. By editing the smart archi-
tecture, you can change its type and configure the role of servers.

To change the type of a DHCP smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP server wizard opens.
5. In the DHCP server type list, make sure DHCP smart architecture is selected. Click on NEXT .
The Manage a DHCP server page opens.
6. If need be, modify the smart architecture basic parameters. For more details, refer to DHCP
Smart Architecture Basic Parameters table in this guide. Click on NEXT . The next page of
the wizard appears.
7. In the DHCP smart architecture list, modify the type of your DHCP smart architecture. Click
on NEXT . The next page of the wizard appears.
8. If your smart architecture manages servers, they are listed in the Selected DHCP servers
list. You can remove any of them and add a new one by clicking on or . The server(s)

342
 Managing DHCP Smart Architec-
tures

will be moved accordingly between the Selected DHCP servers and Available DHCP servers
lists.
9. For a Single-Server smart architecture, go to the last step of this procedure. Otherwise, click
on NEXT . The next page of the wizard appears.
10. In the Master DHCP server drop-down list, select the master server.
11. For a Split-Scope architecture, type in the Distribution ratio (in percent) between the two
servers in the corresponding field.
12. If need be, modify the existing failover ports and split leases parameters between the master
and backup servers.
13. Click on OK to commit the modifications. The report opens and closes. The All servers listing
page is visible again. The Type column displays the modification you performed on the smart
architecture.

Deleting a DHCP Smart Architecture

At any time, you can decide to stop managing your DHCPv4 or DHCPv6 servers through the
smart architectures. Keep in mind that if you do decide to delete the smart architecture you will
not loose any data but simply stop managing the server through the smart architecture. Therefore,
the configuration backup that comes with the smart architecture will be deleted as well, if the
server crashes after that you will have to configure everything manually.

If you want to delete a smart architecture because you want to change the smart architecture,
note that you do not need to delete the smart architecture at all. See the part Changing the Type
of a DHCP Smart Architecture for more details.

Note
You cannot delete a smart architecture if it is still managing DHCP servers.

To delete a DHCP smart architecture

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. If you want to delete a DHCPv6 smart architecture, click on the IP6 icon in the upper right
corner.
4. If the smart architecture is managing DHCP servers, remove them according to the Removing
a DHCP Server from a Smart Architecture section of this guide.
5. Tick the smart architecture you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The smart architecture is
no longer listed in the All servers listing page.

Defining a DHCP Smart Architecture as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a smart architecture as one of the resources of a specific group will allow the
users of that group to manage the architecture in question as long as they have the corresponding
rights and delegations granted.

343
 Managing DHCP Smart Architec-
tures

Granting access to a smart architecture as a resource will also make every physical server it
contains available. For more details, refer to the section Assigning Objects as Resource in the
chapter Managing Groups of administrator of this guide.

344
Chapter 28. Managing DHCP Servers
Within the DHCP module, the server is the highest level of the hierarchy where you set the basis
of any DHCP configuration. You can either manage servers independently or a within a smart
architecture that will allow you to configure a number of useful parameters to a single server or
even the Failover between a master server and its backup or backups. The smart architectures
also provide a backup of the configuration, which is very useful if your server were to crash. For
more information regarding the available smart architectures for DHCPv4 or DHCPv6 see the
Deploying DHCP Architectures and Managing DHCP Architectures chapters of this documentation.

Browsing DHCP Servers

To put it simply, the server is a container for all the information necessary to provide IP addresses
to the DHCP clients. Keep in mind that any parameters and/or options set at a lower level will
overwrite any options definition set at the server level.

These servers can be configured to provide IPv4 and IPv6 addresses, obviously the options
available will change from one version to the other as in essence, DHCPv4 and DHCPv6 protocols
can be considered to be two different protocols although they serve the common goal of providing
the addresses to DHCP clients. Both versions of the Dynamic Host configuration Protocol allow
to configure the server and provide either dynamic addressing or fixed addressing : in the figure
below the two branches of the tree symbolize both type of addressing. On the left are represented
the level of hierarchy necessary to set up dynamic addressing and on the right the fixed addressing.

server

scope group

range static
dhcp-navsrv

lease

Figure 28.1. DHCP Servers Hierarchy

So basically, the very first step of the DHCP implementation is the creation of the server with a
unique IP address within which you have to create at least one scope that will listen on a partic-
ular part of the network and discover any request from the client and answer them at the best of
its capacity. Afterward, you decide to set up dynamic and/or fixed addressing for the DHCP clients.

To ease the management of the servers, they are all listed on one page. Here below, you can
see the link to browse the DHCP servers database:

Figure 28.2. DHCP: All DHCP Servers

Browsing the DHCP Servers Database

To list the DHCP servers through the DHCP homepage

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.

345
 Managing DHCP Servers

2. Click on the DHCP servers icon. The DHCP All servers list opens.

To list the DHCP servers through the breadcrumb

1. Go to the DHCP tab.

2. Click on All servers in the breadcrumb. The DHCP All servers list opens.

To list the IPv4 DHCP servers

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the Protocol column, put your mouse over IPv4. The Info Bar appears.
4. Click on to list only the IPv4 DHCP servers.

To list the IPv6 DHCP servers

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the Protocol column, put your mouse over IPv6. The Info Bar appears.
4. Click on to list only the IPv6 DHCP servers.

Tip
To list IPv4 or IPv6 DHCP servers, you can also type in IPv4 or IPv6 in the filtering
field of the Protocol column.

To display a DHCP server properties page

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the server of your choice, click on . The corresponding server
properties pages opens.

Customizing the DHCP Servers Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the DHCP Servers Statuses

The statuses of the DHCP servers provide a report on their operations. Servers statuses are
displayed on the right end of the servers list. The table below explains the different statuses:

Table 28.1. DHCP servers statuses

Status Description
OK The server is configured
Unknown The server does not have a status as it has not synchronized yet.

346
 Managing DHCP Servers

Status Description
Timeout The server does not answer anymore due to a scheduled configuration
of the server.
Invalid credentials The SSL credentials are invalid.
Syntax error The server configuration could not be parsed properly.
License The license used in SOLIDserver is not compliant with the added server:
the license is invalid.
Invalid settings There was a setting error during the server declaration. For instance,
some settings were added to a server that does not support them.
Insufficient privileges The account used to add the Agentless DHCP server does not have
sufficient privileges to manage it.
ESC The ESC (Error SNMP Configuration) status indicates there was an
SNMP profile error during the server configuration.

Note that the Sync column will change in accordance with the Status column: while the server
synchronization is not OK yet, the Sync column might be Busy. In this column, you may
also see a physical server marked in Locked Synchronization like a smart architecture. Refer
to the Locked Synchronization Status section of this guide for more details.

Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the server failover. For more details, refer to the Multi-status
Column section of this guide.

Managing EfficientIP DHCP Servers

The DHCP management module supports several EfficientIP DHCP servers, including the DHCP
server embedded in SOLIDserver device and EfficientIP DHCP package running the ISC DHCP
server on Linux, Solaris and FreeBSD.

Configuring the Listening Network Interfaces

The DHCP server selects the listening network interfaces by using the DHCP scopes. To make
the server listen on an interface, you have to create a scope which includes one or several local
interfaces of the DHCP server. If any scope of the server contains a network interface, then the
server will not listen to the network and will not reply to the DHCP client requests. For more in-
formation about scope management, see chapter Managing DHCP Scopes.

Warning
Do not use HA virtual IP address as an address for the DHCP server. The EfficientIP
DHCP server implements the safe DHCP failover protocol. For more information
about this feature, see chapter Deploying DHCP Architectures.

Example 28.1. Listening scope

For instance, your DHCP server has 3 network interfaces configured: 192.168.10.3, 192.168.10.5
and 10.0.0.34. To listen on the interface 192.168.10.3, you have to configure a scope with the
network address 192.168.10.0 and the netmask 255.255.255.0. Once the scope is configured,
the server will listen on all network interfaces it can contains, in that case: 192.168.10.3 and
192.168.10.5.

347
 Managing DHCP Servers

Adding a SOLIDserver DHCP server

The EfficientIP DHCP server, or SOLIDserver DHCP, is the only server that you can create to
provide IPv4 or IPv6 addresses. With version 5.0.0, SOLIDserver uses the SSL protocol to
manage the DHCP servers.You still have the possibility to manage DHCP servers through SNMP
protocol, but this implies that you would be managing DHCP servers that belong to a SOLIDserver
in version 4 and prior. In the same way, managing a DHCP server through SSL makes it a DHCP
server version 5.0.x.

Throughout the different versions of SOLIDserver, the use of SSL has greatly evolved when it
comes to the IPMserver itself on the one hand and to DHCP on the other hand. The tables below
show these evolutions from version 3.0.1 and prior through to version 5.0.x.

Table 28.2. SOLIDserver Supported Management Protocols

SOLIDserver Version SNMP Protocol SSL Protocol
<= 3.0.1 X
4.0.x X X
5.0.x X X

Table 28.3. DHCP Services Supported Management Protocols

SOLIDserver Version SNMP Protocol SSL Protocol
<= 3.0.1 X
4.0.x X X
5.0.x X

Adding a SOLIDserver DHCP server managed through SSL

In regards to the management protocols use evolution, managing a SOLIDserver DHCP server
through SSL will imply that the server in question is on an appliance in version 5.0.

To add a SOLIDserver DHCP server in IPv4 managed through SSL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP. The Manage a DHCP server wizard
opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

348
 Managing DHCP Servers

Table 28.4. DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Protocol drop-down list, select SSL.

7. In the Configure SSL parameters section, you can tick the box if you modified the SSH login
and password: SSL and SSH login and password need to match.

Once, the box is ticked, the fields Login and Password appear. By default, they are both
filled with admin. You can edit them both.
8. In the Mode drop-down list, you can set up the following parameters:

Table 28.5. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.

As for IPv6 addressing, the SSL management is the only one available, the addition procedure
is otherwise identical to DHCPv4 addressing.

To add a SOLIDserver DHCP server in IPv6 through SSL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server (v6) > EfficientIP DHCP. The Manage a DHCP server
wizard opens.

349
 Managing DHCP Servers

4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.6. DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Configure SSL parameters section, you can tick the box if you modified the SSH login
and password: SSL and SSH login and password need to match.

Once, the box is ticked, the fields Login and Password appear. By default, they are both
filled with admin. You can edit them both.
7. In the Mode drop-down list, you can set up the following parameters.

Table 28.7. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

8. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.

350
 Managing DHCP Servers

Adding a SOLIDserver DHCP server managed through SNMP

Version 5.0.x of SOLIDserver still provides the DHCP server management with SNMP i.e. the
configuration of legacy servers. This configuration is obviously only available for IPv4 addressing.

To add a SOLIDserver DHCP legacy server (prior to 4.0.x) managed through SNMP

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP. The Manage a DHCP server wizard
opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.8. DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Protocol drop-down list, select SNMP.

7. In the Configure SNMP parameters section, tick the box to configure the SNMP parameters
used to configure the remote DHCP server (by default set to Hide). The SNMP parameters
related fields appear:

Table 28.9. SNMP parameters

Fields Description
SNMP port The port used to connect to the remote SOLIDserver. By default the
port is set to 1162. If you have to change it, do not forget to modify
it in the system configuration of the remote server.

351
 Managing DHCP Servers

Fields Description
Use TCP transport Tick the box if you want to use the TCP protocol instead of the UDP
when the network link is not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. By default, SOLIDserver configures
three SNMP security profiles with three levels of security (SNMP v1,
v2c and v3).
SNMP retries The number of SNMP retries on timeouts.
SNMP timeout The SNMP timeout in seconds.

8. In the Mode drop-down list, you can set up the following parameters.

Table 28.10. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.

Configuring the SNMP

With SOLIDserver 5.0, the SNMP configuration is only available for DHCP servers in version 4.x
or prior. From an appliance in version 5.0 you will only be able to manage a DHCP server through
SNMP if this appliance is in a former version.

To edit the SNMP configuration of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.

Table 28.11. SNMP parameters of an IPMDHCPv4 Server

Fields Description
SNMP version In this field, select the SNMP protocol version you want to use. It can
be either v1, v2c or v3. By default, v2c is selected.
SNMP port In this field, choose the SNMP service port to be used. By default,
the port 1162 is proposed. Under certain configurations, when a
server is already using this port, you may modify its value.

352
 Managing DHCP Servers

Fields Description
SNMP retry In this drop-down list, you can select the number of connection at-
tempts when the server is in timeout. You can set it between 0 and
5. By default, it is set to 2 attempts.
SNMP timeout In this drop-down list, you can select the time between each connec-
tion attempt. You can set it between 1s and 5s or set it to 10s (s
stands for seconds). By default, it is set to 5s.
Use Bulk In this Yes or No drop-down list, you can choose to use the compact
SNMP request method, that sends several requests at once. It is
employed to accelerate transfers. By default, it is set to Yes.
Use TCP transport In this Yes or No drop-down list, you can choose to use the TCP
transport protocol or not.

5. Click on NEXT . The SNMP profile page opens.

6. In the SNMP profile drop-down list, choose the same version of the SNMP protocol than the
one you previously selected. If you created SNMP profiles, you will be able to choose one
of your profiles. Note that the profiles will be listed only if they use the same version of the
SNMP protocol than the one you selected during the previous step.

Note
The SNMP profiles you can choose from must be configured on the appliance
you are currently working with. If you created profiles on the appliance which
DHCP server you are managing (the one corresponding to the IP address of
the server in question) they will not be available in the list.

7. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

Configuring Server Options

It is possible to implement DHCP options to servers. Therefore, the options configured at this
level are propagated to the DHCP objects managed by the server, whether the addressing is
dynamic or fixed. EfficientIP provides the DHCP option inheritance in the following order: server,
scope, range. For more information about DHCP options, refer to the DHCP Options chapter.

To edit the DHCP server options

1. Display the chosen server properties page (for more details, see procedure To display a
DHCP server properties page).
2. In the DHCP Options panel, click on EDIT . The wizard Configure DHCP options wizard opens.
3. For a DHCPv4 server: in the Options category drop-down list, select a category if need be.
The Most used options are displayed by default.
4. For a DHCPv6 server: scroll down the wizard to find the needed option(s).
5. Make your modifications.
6. Click on OK to commit the changes. The report opens and closes. Every item modified is
displayed in the panel.

353
 Managing DHCP Servers

Managing Microsoft DHCP Servers with Agent

SOLIDserver has the ability to update Microsoft Windows DHCP server configuration, providing
an alternative management console that can be used organization wide for DHCP configuration.
The Microsoft configuration of scopes, ranges and reservations can be defined within SOLIDserver
and then updated to the remote Microsoft Windows server. All active lease information from Mi-
crosoft Windows server is displayed in real time within the SOLIDserver user interface. SOLID-
server can control the policy that governs how the Microsoft DHCP server performs the DNS
update.

Note that the way to manage the ranges within IPMserver (SOLIDserver) and Microsoft DHCP
server are different because you can create as many ranges as you need with IPMserver but
only one with Microsoft DHCP. When IPMserver overwrites the Microsoft DHCP server configur-
ation, what will happen is that this unique range start and end addresses will match the start and
end address of the scope and there will be a number of exclusion ranges that correspond to the
ranges you created with SOLIDserver.

Therefore, even though the way to configure ranges is different between IPMserver and Microsoft
it will end up offering the same services. What you see in SOLIDserver interface will differ from
what you see on the Microsoft DHCP server (through Windows Administrative Tools): the ranges
that you create with SOLIDserver correspond to a unique range with a number of exclusion
ranges.

Example 28.2. DHCP configuration: IPMserver vs. Microsoft DHCP server

With IPMserver when you create a scope with the start address 192.168.10.0 and the end address
192.168.10.255, the configuration is pushed onto Microsoft DHCP server exactly the same.
However, the way to deal with the ranges will differ.

When you create the two following ranges with IPMserver:

First range
192.168.10.5 - 192.168.10.10
Second range
192.168.10.25 - 192.168.10.100

The configuration will look as follows in the Microsoft DHCP configuration:

One unique range

192.168.10.0 - 192.168.10.255. It basically corresponds to the scope start and end addresses.
Three exclusion ranges
192.168.10.1 - 192.168.10.4

192.168.10.11 - 192.168.10.24

192.168.10.101 - 192.168.10.254

WinDHCPManager Agent
The WinDHCPManager is a software agent used by SOLIDserver to remotely manage Microsoft
DHCP Windows 2000, 2003, 2008 and 2008 R2 servers. This agent is provided as a Microsoft
Windows service, it can be monitored through the service management interface provided by
Microsoft. The WinDHCPManager agent must be deployed on all DHCP servers you plan to
manage from SOLIDserver.

354
 Managing DHCP Servers

Prerequisite

To be managed by SOLIDserver, Microsoft DHCP servers do not need to be members of an AD

Primary Domain. However, the WinDHCPManager agent must be running with an account that
is authorized to read and modify the DHCP options and parameters. Since a Windows service,
WinDHCPManager runs by default as a system account, this authorization is not implicitly defined
so you will have to configure the account to access the Microsoft DHCP server with the sufficient
rights. This account can be a domain user or could be a local user, just as long as the DHCP
authorizations allow that account write or full access to the Windows DHCP server.

• An open TCP port (4000 by default) on the Windows server must be accessible from manage-
ment platform.
• A Windows 2003, or 2008 server with service Microsoft DHCP already configured.
• To be connected to the DHCP server with the Windows administrator rights during the install-
ation of the service.
• The Windows registry branch HKLM\SOFTWARE\Microsoft\DHCPServer must be readable.
• If the Windows DHCP server is a member of an Active Directory domain, the DHCP server
must be authorized for the domain.

Installing WinDHCPManager

To install the WinDHCPManager, you first need to download the files from our website.

To download the installation file

1. Go to http://www.efficientip.com/support/downloads/microsoft/WinDHCP/. An Authentication
Required pop up window opens.
2. Fill in your User Name and Password. The Support Downloads page opens.
3. Click on microsoft/. The Microsoft list opens.
4. Click on WinDHCP/. The list of WinDHCP execution files opens.

Table 28.12. WinDHCP Execution Files

Available Files To be downloaded if
Setup-EIPWinDHCPMgr-v3.0.1-w2k3-w2k8-x86- You work with a 32-bits OS running with
x64.exe Windows 2003-2008 that will manage the
corresponding WinDHCP servers.
Setup-EIPWinDHCPMgr-v3.0.1-w2k8-w2k8R2- You work with a 64-bits OS. It can manage a
64bits-no_openssl.exe WinDHCP server version 2008 or 2008 R2.

5. Click on the appropriate file name to download it.

Once you downloaded the proper file, you can install it following the procedure below.

To install the WinDHCPManager service

1. Run the installation file. The Welcome WinDHCP Manager Setup Wizard window opens.

355
 Managing DHCP Servers

Figure 28.3. WinDHCPManager Setup Window

2. Click on Next to continue. The next page opens.

3. Once the program is Ready to Install, click on Next to start installing.
4. On the Completing the WinDHCPManager Setup Wizard page, click on Finish to finish in-
stalling the manager.
5. Restart the Microsoft DHCP service through the Administrative Tools:

1. Click on Start > Administrative Tools > DHCP.

2. Right-click on the server name listed below DHCP. The available options appear, select
All Tasks > Restart. A pop-up window opens to inform you that Microsoft DHCP server
stops and starts again.

Caution
If the Microsoft DHCP service does not restart, WinDHCPManager will not be able
to manage it.

Description of the Installation Operations Done on Microsoft Windows

The following operations will be done during the installation on Microsoft Windows servers:

• Copy of eip-windhcpmgr.exe in the directory \Program Files\eip\.

• Copy of EIP-DHCPHook.dll in the directory \Program Files\eip\.
• Copy of EIP-winDHCPMgr.cpl in the directory \Program Files\eip\.
• Registry update in read only mode starting at the key: HKLM\SOFTWARE\EfficientIP\DHCP-
Manager
• LogLevel (DWORD/OPTIONAL): Log level (0=Debug, 5=None).
• DataPath (STRING): Installation path (usually in c:\program files\eip).
• PortNumber (DWORD/OPTIONAL): Communication port (default is 4000).
• IPMServer (STRING/OPTIONAL): IP address of IPMServer (Access control).
• SSLEnabled (DWORD/OPTIONAL): SSL activation (0=no, 1=yes).

356
 Managing DHCP Servers

• SSLCertificate (DWORD/OPTIONAL): Path to the SSL PEM certificate.

• ReadOnly (DWORD/OPTIONAL): Specify that the agent must be run in read only mode. If
this parameter is set, then all changes made from the management platform will be refused.
• Synchro (DWORD/OPTIONAL): Sleep time between each synchronization.
• Registry update in write mode starting at the key: HKLM\SOFTWARE\EfficientIP\DHCPManager
• LastlogIndex (DWORD): 0.
• LastlogPosition (DWORD): 0.
• The registry update on HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control
Panel\Cpls: (STRING) eip-windhcp=c:\program files\eip\EIP-WinDHCPMgr.cpl
• The registry update on HKLM\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
with values:
• (STRING) CalloutDLLs=c:\program files\eip\EIP-DHCPHook.dll
• (DWORD) CalloutEnabled=1

Configuring the WinDHCPManager

To configure the WinDHCP Manager service

1. Open up the Windows services panel of the Windows server: click on Start > Parameters >
Configuration Panel.
2. In the Configuration Panel window, double click on the WinDHCPManager icon, the
WinDNSManager service opens in a new window.

Figure 28.4. WinDHCPManager configuration

3. In the IPM Server Address field, fill in the IP address of the management platform.
4. Fill in the port that the management platform will use to connect to the agent. The port
number 4001 is used by default.
5. Tick the Read only mode check box to refuse all changes made from the management
platform.

357
 Managing DHCP Servers

6. If you plan on using the secure connection between the management platform and the
WinDHCPManager agent, you must tick the SSL Enabled check box. The Certificate file
field will appear. You have to choose to set the SSL certificate:

• Click on Browse... to add the file containing the SSL certificate.

• Click on Generate certificate... to automatically generate a self signed certificate.

7. In the Logging level drop-down list, select the level of detail you wish to have in the log file.

Table 28.13. Logging Level Available Options

Fields Description
Debugging This option lists in the log file everything that happens: connections,
actions, errors, warnings, etc.
Info This option lists in the log file all the basic information: or instance
who connected to the server, what action was undertaken, etc.
Warnings This option lists in the log file all the potential problems that are im-
portant to acknowledge: for instance, a refresh time not long enough,
a name already used, etc.
Errors This option lists in the log file all non fatal errors to the service itself
that prevent a particular action from being carried through: for in-
stance, it is impossible to answer to a client, the network connection
was not successful, etc.
Critical errors This option lists in the log file all the fatal errors to the service: the
appliance crashed partly or entirely, there is no network layer, etc.
None This option does not list anything in the log file.

Regardless of the level you chose the active log file is C:\Program Files (x86)\eip\dhcpsvc.txt.

There is also an archive log file, C:\Program Files (x86)\eip\old_dhcpsvc.txt, that gets overwrit-
ten by the content of the active log file each time max log file is reached. The content of
old_dhcpsvc.txt will therefore be modified on a regular basis to match the content of the
active log file that is about to be replaced.
8. Fill in the Max log size, i.e. the maximum size of the log file. Every time this size is reached,
the active log file is replaced and its content overwrites the old_dhcpsvc.txt file.
9. Click on OK to commit the configuration. The window will close automatically once WinDH-
CPManager has restarted.

Restricting WinDHCPManager in Read Only Mode

The WinDHCPManager agent offers a read only option to ensure that it will refuse all updates
coming from the SOLIDserver management. As SOLIDserver will not be allowed to update the
Windows DHCP in read only, the SOLIDserver still allowed to retrieve all DHCP information
available from the WinDHCPManager agent. These DHCP informations are pushed to the
SOLIDserver DHCP and IPAM management tab.

Adding a Microsoft DHCP server

Once you configured the WinDHCPManager Agent, you can update Microsoft windows DHCP
server in IPv4 through SOLIDserver. Note that IPv6 addressing is not available for now.

358
 Managing DHCP Servers

To add a Microsoft DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > Microsoft DHCP (with agent). The Manage a DHCP
server wizard opens.
4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice for this server. Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.14. Microsoft DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the TCP port field, fill in the same port number as the one indicated when setting up the
WinDHCPManager. By default, the port is 4000.
7. In the Use SSL drop-down list, select Yes or No depending on what you configured through
WinDHCPManager. By default, No is selected.
8. In the Mode drop-down list, you can set up the following parameters.

Table 28.15. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.

359
 Managing DHCP Servers

Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

9. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.

Managing Agentless Microsoft DHCP Servers

With version 5.0.1 of SOLIDserver, EfficientIP introduced the Agentless Microsoft DHCP server.
Meaning that you do not need to install the WinDHCP agent anymore to manage your Microsoft
DHCP server if you do not want to. Through this Agentless server, you can remotely manage
Microsoft DHCP server Windows 2003, 2008 and upper but there are some limitations to this
management listed in the section MS Agentless Servers Management Limitations below. This
server can be included into an Active Directory (AD) domain or not.

Understanding the Agentless Server Management

The Agentless Microsoft DHCP server management through SOLIDserver is based on the Mi-
crosoft Remote Procedure Calls (MSRPC). This inter-process communication technique provides
an efficient method to extend the notion of conventional, or local procedure calling, in such a way
that there is no need to have the called procedure and the calling procedure in the same space
of addresses anymore. The two processes can either be on the same system or on different
systems as long as they have a network connecting them. That way, programmers of distributed
applications avoid the details of the interface with the network. Plus, the transport independence
of RPC isolates the application from the physical and logical elements of the data communications
mechanism and allows the application to use a variety of transports.

Through MSRPC, the client first calls a procedure to send a data packet to the server. Upon re-
ception of the packet, the server calls a dispatch routine to perform the requested service, and
then sends back a reply. Finally, the procedure call returns to the client. That's how EfficientIP
offers a new way of managing your Microsoft DHCP server and no longer requires the installation
of an agent. This simplifies drastically the Windows server management.

Adding an Agentless Microsoft DHCP Server

Whether agentless or with agent, the procedure within SOLIDserver to add a Microsoft DHCP
server is the same, only a few fields differ. Keep in mind that before proceeding you will need
the credentials of a user with sufficient privileges to manage the server.

Note that if your Microsoft DHCP server is integrated to an AD with several forests, you can use
the Expert mode to display the AD domain field under the credentials fields and type the domain
of the AD that you want to manage through SOLIDserver:

To add an agentless Microsoft DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > Microsoft DHCP (agentless). The Manage a DHCP
server wizard opens.

360
 Managing DHCP Servers

4. If you created classes at the server level, in the DHCP server class list, select the DHCP
server class of your choice or None. Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.16. Microsoft DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Login field, type in the name of user with sufficient managing privileges over the
Windows DHCP server.
7. In the Password field, type in the corresponding password.
8. In the AD domain field, type in the domain name.
9. In the Mode drop-down list, you can set up the following parameters.

Table 28.17. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

10. Click on OK to commit the server configuration. The report opens and closes. The server is
listed.

361
 Managing DHCP Servers

If your Microsoft DHCP server is integrated to an AD with several forests, you can use the Expert
mode to display the AD domain field under the credentials fields and type the domain of the AD
that you want to manage through SOLIDserver:

MS Agentless DHCP Server Limitations

The management of Microsoft DHCP servers within SOLIDserver has some limitations closely
linked to the MS limitations themselves. For more details regarding the MS servers limitations
refer to the documentation provided by Microsoft.

Windows Limitations
Windows Server Limitations

• You need to create or define a user on your Windows server that will have administrator rights
on the MS DHCP server before managing it through SOLIDserver.
• You need to create or define a user on your Windows server that will have reading rights on
the MS DHCP server if you want that user to be able to view the server in SOLIDserver.
• With MS DHCP servers, there is no failover. Nor is there failover between an MS server and
any other kind of server (EfficientIP DHCP server, Cisco DHCP server...). To reproduce the
Windows cluster configuration, you need to manage the MS servers with a smart architecture.
• Any modification of the MS DHCP made on the Windows server directly are not automatically
transferred to SOLIDserver. The server synchronization is manual on the All servers page (edit
> synchronize).

Note
The Synchronization of an Ms DHCP server within SOLIDserver does not work if
the server is managed through a smart architecture: the smart configuration will
overwrite the new data.

DHCP Options Limitations

• Encapsulated DHCP options are not supported by MS DHCP servers.

Leases Limitations

• The start date of a lease is unknown. SOLIDserver displays an arbitrary start date that corres-
ponds to the moment when the lease is detected.
• DHCP configurations involving a very large number of leases trigger refresh problems. By de-
fault, leases are refreshed every 10 seconds, it overloads the service and creates a loop when
there are a lot of leases. You need to reduce the refresh time to avoid that problem.

Managing ISC DHCP Servers

Efficient IP provides its software versions through native packages of operating system. There
are two versions of Linux packages supported with SOLIDserver from version 5.0.0. The legacy
version (v4) respects the SNMP protocol, whereas the latest version (v5) works with SSL. Thus,
the prerequisites before installing the packages and managing an ISC server differ accordingly.

362
 Managing DHCP Servers

Installing a DHCP package allows you to use the DHCP module of SOLIDserver at the best of
its potential on Linux/Unix: it allows you to manage an ISC server through an EfficientIP DHCP
server and benefit from all the options that come with it (DHCP statistics, etc.).

Managing EfficientIP ISC Linux Packages v4

In the sections below are a set of procedures to successfully install the DHCP packages on
Debian, FreeBSD, Redhat, Suse and Solaris. Once the installation that suits your needs is
complete, you can add your ISC server to the management following the steps in the section
Adding an ISC DHCP Server.

ISC DHCP Installation Prerequisites

• Linux platform must have at least 8Mo of free memory space;

• Linux can need certain libraries of your operating system, you must have a shell access with
root login in local, via telnet or ssh on the server to be installed;
• You must have the media (Cd-rom) or access the operating system distribution of your server
by the network;
• You must install the native SNMP library of your Linux system;
• You must be sure not to interfere with an existing SNMP service on your server;
• You must make sure that SNMP ports (161, 162) are not blocked by a network filtering process
(firewall).

IPMDHCP Package on Debian System

The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.

Note
The results of the commands can be different according to the platform characteristics.

To install the ipmdhcp package

• Under root login, run the installation of ipmdhcp package.

# dpkg -i ipmdhcp-4.*-i386.deb

Selecting previously deselected package ipmdhcp.

(Reading database ... 18631 files and directories currently installed.)
Unpacking ipmdhcp (from ipmdhcp-4.0-i386.deb) ...
Setting up ipmdhcp (4.0) ...
Setting rc. files
To configure iPmDhcp: /usr/local/nessy2/script/configure/configure_ipmdhcp.sh
To start iPmDhcp: /etc/init.d/ipmdhcp start

The parameters setting of IPManager software are carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching the service. If the IP address
of the IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.

To configure the ipmdhcp service

1. Under root login, run the ipmdhcp configuration.

363
 Managing DHCP Servers

#/usr/local/nessy2/script/configure/configure_ipmdhcp.sh

==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/sbin/chown
+ checking for ness-dhcp.conf... not found
+ checking for hostname... /bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... i386
+ checking for processor architecture... i386
+ checking for operating system name... FreeBSD
+ checking for operating system release... 4.9-STABLE
+ checking for hostname... dell.intranet
==================================================
Configuration requests
==================================================

2. Fill in the IP address of IPM server.

Enter the iPmServer address [] 10.0.0.41

3. Edit the SNMP parameters, type "n".

Do you want to edit SNMP parameters ? (Y/N) ? [N]

==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done
+ create /var/net-snmp/ness-dhcp.conf... done
+ delete tempory files... done

The Debian init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdhcp be-
cause it is standard and easy to use with Debian.

The Debian init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represents the six default runlevels configured by default under Debian. The
launch and halt scripts are located in these directories.

Table 28.18. IPMDHCP Launch and Halt Scripts on Debian

Script Description
/etc/init.d/ipmdhcp ipmdhcp launch and halt
/etc/rc2.d/K15ipmdhcp ipmdhcp halt
/etc/rc3.d/S15ipmdhcp ipmdhcp launch

To launch ipmdhcp

• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start

The process will be launched in background as a daemon.

To halt ipmdhcp

• Under root login, run the ipmdhcp script with the stop parameter:
# /etc/init.d/ipmdhcp stop

364
 Managing DHCP Servers

Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.

IPMDHCP Package on FreeBSD System

The IPMDHCP package contains all programs, libraries, and configuration scripts to deploy Efficient
IP DHCP service.

Note
The results of the commands can be different according to the platform characteristics.

To install the ipmdhcp package

• Under root login, run the ipmdhcp package installation.

# pkg_add ipmdhcp-4.*-freebsd*-intel.tgz

To configure iPmDhcp: /usr/local/nessy2/script/configure/configure_ipmdhcp.sh

To start iPmDhcp: /usr/local/etc/rc.d/ipmdhcp.sh start

The IPManager software setting parameters are carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching of service. If the IP address
of IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.

To configure the ipmdhcp service

1. Under root login, run the ipmdhcp configuration.

#/usr/local/nessy2/script/configure/configure_ipmdhcp.sh
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/sbin/chown
+ checking for ness-dhcp.conf... not found
+ checking for hostname... /bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... i386
+ checking for processor architecture... i386
+ checking for operating system name... FreeBSD
+ checking for operating system release... 4.9-STABLE
+ checking for hostname... dell.intranet
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []

2. Fill in the IP address of IPMserver.

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n".

Do you want to edit SNMP parameters ? (Y/N) ? [N]
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done
+ create /var/net-snmp/ness-dhcp.conf... done
+ delete tempory files... done

365
 Managing DHCP Servers

The FreeBSD init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdhcp because it is standard and easy to use with FreeBSD.

The FreeBSD init files are located in the /usr/local/etc/rc.d/ et /usr/local/etc/init.d directories. Each
of the numbered directories /usr/local/etc/rc.d represents the six default runlevels configured by
default under FreeBSD. The launch and halt scripts are located in these directories.

Table 28.19. IPMDHCP Launch and Halt Scripts on FreeBSD

Script Description
/usr/local/etc/init.d/ipmdhcp.sh ipmdhcp launch and halt
/usr/local/etc/rc2.d/K15ipmdhcp.sh ipmdhcp halt
/usr/local/etc/rc3.d/S15ipmdhcp.sh ipmdhcp launch

To launch ipmdhcp

• Under root login, run the ipmdhcp script with the start parameter:
# /usr/local/etc/init.d/ipmdhcp.sh start

The process will be launched in background as a daemon.

To halt ipmdhcp

• Under root login, run the ipmdhcp script with the stop parameter:
# /usr/local/etc/init.d/ipmdhcp.sh stop

Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.

IPMDHCP Package on Redhat and Suse System

The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.

Note
The results of the commands can be different according to the platform characteristics.

To install the ipmdhcp package

• Under root login, run the installation of ipmdhcp package.

# rpm -ivh ipmdhcp-4.*-intel.i386.rpm
Setting rc. files

To configure iPmDhcp: /usr/local/nessy2/script/configure/configure_ipmdhcp.sh

To start iPmDhcp: /etc/init.d/ipmdhcp.sh start

The parameters setting of IPManager software is carried out thanks to a configuration script
provided in the package. This script can be executed after the installation if necessary. The IPM-
DHCP server configuration must be executed before the launching of service. If the IP address
of IPManager server changes or if the IP address (or name) of the server hosting the DHCP
service changes, it is recommended to re-execute the configuration script.

366
 Managing DHCP Servers

To configure the ipmdhcp service

1. Under root login, run the ipmdhcp configuration.

#/usr/local/nessy2/script/configure/configure_ipmdhcp.sh
==================================================
Checking
==================================================
+ checking for awk... /bin/awk
+ checking for chown... /bin/chown
+ checking for ness-dhcp.conf... /usr/local/share/snmp/ness-dhcp.conf
+ checking for hostname... /bin/hostname
+ checking for sed... /bin/sed
+ checking for hardware architecture...i686
+ checking for processor architecture...unknown
+ checking for operating system name...Linux
+ checking for operating system release...2.4.20-28.7
+ checking for hostname...rh73.intranet
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []

2. Fill in the IP address of IPMserver.

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n".

Do you want to edit SNMP parameters ? (Y/N) ? [N]
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done
+ create /var/net-snmp/ness-dhcp.conf... done
+ delete tempory files... done

The RedHat /Suse init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdhcp because it is standard and easy to use with RedHat.

The RedHat/Suse init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the
numbered directories /etc/rc.d represents the six default runlevels configured by default under
RedHat/Suse. The launch and halt scripts are located in these directories.

Table 28.20. IPMDHCP Launch and Halt Scripts on RedHat/Suse

Script Description
/etc/init.d/ipmdhcp ipmdhcp launch and halt
/etc/rc2.d/K15ipmdhcp ipmdhcp halt
/etc/rc3.d/S15ipmdhcp ipmdhcp launch

To launch ipmdhcp

• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start

The process will be launched in background as a daemon.

To halt ipmdhcp

• Under root login, run the ipmdhcp script with the stop parameter:

367
 Managing DHCP Servers

# /etc/init.d/ipmdhcp stop

Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.

IPMDHCP Package on Solaris System

The IPMDHCP package contains all programs, libraries, and configuration scripts for the deploy-
ment of Efficient IP DHCP service.

Note
The results of the commands may be different according to the platform characterist-
ics.

To install the IPMDHCP package

1. Uncompress of the ipmdhcp package.

# gunzip ipmsnmp-4.*-solaris*-sparc.pkg.gz

2. Under root login, run the ipmdhcp package installation.

# pkgadd -d ./ipmsnmp-4.*-solaris*-sparc.pkg ipmsnmp

Processing package instance <ipmsnmp> from </export/home/packages/ipmsnmp-5.0.9-solaris9-sparc.pkg>

EfficientIP IPM NET-SNMP 4.0
(sparc) EfficientIP IPM NET-SNMP
EfficientIP
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing EfficientIP IPM NET-SNMP 4.0 as <ipmsnmp>
## Installing part 1 of 1.
/usr/local/nessy2/lib/libnetsnmp.so <symbolic link>
/usr/local/nessy2/lib/libnetsnmp.so.4 <symbolic link>
/usr/local/nessy2/lib/libnetsnmp.so.4.0
/usr/local/nessy2/lib/libnetsnmpagent.so <symbolic link>
/usr/local/nessy2/lib/libnetsnmpagent.so.4 <symbolic link>
/usr/local/nessy2/lib/libnetsnmpagent.so.4.0
/usr/local/nessy2/lib/libnetsnmphelpers.so <symbolic link>
/usr/local/nessy2/lib/libnetsnmphelpers.so.4 <symbolic link>
/usr/local/nessy2/lib/libnetsnmphelpers.so.4.0
/usr/local/nessy2/lib/libnetsnmpmibs.so <symbolic link>
/usr/local/nessy2/lib/libnetsnmpmibs.so.4 <symbolic link>
/usr/local/nessy2/lib/libnetsnmpmibs.so.4.0
[ verifying class <none> ]
Installation of <ipmsnmp> was successful.

3. Uncompress the ipmdhcp package.

# gunzip ipmdhcp-4.*-solaris*-sparc.pkg.gz

4. Under root login, run the ipmdhcp package installation.

# pkgadd -d /ipmdhcp-4.*-solaris*-sparc.pkg ipmdhcp

Processing package instance <ipmdhcp> from </export/home/packages/ipmdhcp-4.0-solaris9-sparc.pkg>

EfficientIP IPM DHCP 4.0
(sparc) EfficientIP IPM DHCP
EfficientIP
## Processing package information.
## Processing system information.
6 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.

368
 Managing DHCP Servers

## Checking for conflicts with packages already installed.

## Checking for setuid/setgid programs.
This package contains scripts which will be executed with super-user
permission during the process of installing this package.
Do you want to continue with the installation of <ipmdhcp> [y,n,?]

5. Type 'Y' to validate the installation.

Installing EfficientIP IPM DHCP 4.0 as <ipmdhcp>
## Executing preinstall script.
## Installing part 1 of 1.
/etc/init.d/ipmdhcp
/etc/rc0.d/K15ipmdhcp
/etc/rc1.d/K15ipmdhcp
/etc/rc2.d/K15ipmdhcp
/etc/rc3.d/S51ipmdhcp
/etc/rcS.d/K15ipmdhcp
/usr/local/nessy2/bin/dhcpd
/usr/local/nessy2/bin/ipmdhcp_starter.sh
/usr/local/nessy2/script/configure/configure_ipmdhcp.sh
/usr/local/nessy2/share/dhcp/dhcpd.conf.sample
/usr/local/nessy2/share/snmp/ness-dhcp.conf.sample
[ verifying class <none> ]
## Executing postinstall script.
To configure iPmDhcp: /usr/local/nessy2/script/configure/configure_ipmdhcp.sh
To start iPmDhcp: /etc/init.d/ipmdhcp start
Installation of <ipmdhcp> was successful.

The IPManager software sets its parameters by a configuration script provided in the package.
This script may be executed after the installation, if necessary. The IPMDHCP server configuration
must be executed before launching the service. If the IP address of the IPManager server changes,
or if the IP address (or name) of the server hosting the DHCP service changes, a re-execution
the configuration script is recommended.

To configure the ipmdhcp service

1. Run the ipmdhcp configuration under root login.

#/usr/local/nessy2/script/configure/configure_ipmdhcp.sh

==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/bin/chown
+ checking for ness-dhcp.conf... /usr/local/share/snmp/ness-dhcp.conf
+ checking for hostname... /usr/bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... sun4u
+ checking for processor architecture... sparc
+ checking for operating system name... SunOS
+ checking for operating system release... 5.9
+ checking for hostname... e250
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []

2. Fill in the IP address of IPMserver.

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters and type "N".

Do you want to edit SNMP parameters ? (Y/N) ? [N]

==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dhcp.conf ...done

369
 Managing DHCP Servers

+ create /var/net-snmp/ness-dhcp.conf... done

+ delete tempory files... done

The Solaris init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdhcp be-
cause it is standard and easy to use with Solaris.

The Solaris init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represents the six default runlevels configured by default under Solaris. The
launch and halt scripts are located in these directories.

Table 28.21. IPMDHCP Launch and Halt Scripts on Solaris

Script Description
/etc/init.d/ipmdhcp ipmdhcp launch and halt
/etc/rc2.d/K15ipmdhcp ipmdhcp halt
/etc/rc3.d/S15ipmdhcp ipmdhcp launch

To launch ipmdhcp

• Under root login, run the ipmdhcp script with the start parameter:
# /etc/init.d/ipmdhcp start

The process will be launched in background as a daemon.

To halt ipmdhcp

• Under root login, run the ipmdhcp script with the stop parameter:
# /etc/init.d/ipmdhcp stop

Once the installation is complete, you can add your ISC server to the management following the
steps in the section Adding an ISC DHCP Server.

Managing EfficientIP ISC Linux Packages v5

In the sections below are a set of procedures to successfully install the DHCP packages v5 on
Linux Debian/Ubuntu and CentOS/RedHat.

Installing the EfficientIP DHCP package for Linux Debian/Ubuntu 6 - 64 bits

Prerequisites

• The DHCP package file, ipmdhcpxx-5.x.x-debianxx-amd64.deb, whose name provides you

with a number of information separated by hyphens: the type of package (ipmdhcpxx: a DHCP
package with a DHCP in version xx where xx is x dot x), the version of SOLIDserver (5.x.x);
the version of Debian (debianxx where xx is x dot x) and finally the Debian architecture (amd64).
In the procedure below, this file will be referred to as ipmdhcp*;
• The EfficientIP ISC package platform must have at least 20 Mo of free disk space;
• The EfficientIP ISC package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that Apache server is up-to-date and running.

370
 Managing DHCP Servers

• You must make sure that SOLIDserver and Debian/Ubuntu are set to the same time and date,
• You must make sure that HTTPS (port 443), the DHCP service (port 67) and the failover ports
(647-667 and 847-867) are not blocked by a network filtering process (firewall).

Note
If your Apache configuration already uses the port 443, you have to create an ad-
ditional IP-based VirtualHost dedicated to the DNS management.

Installing the EfficientIP DHCP Package

You can install the EfficientIP DHCP Package on both Debian and Ubuntu Linux.

If you have not installed the DNS packages yet, you need to:

1. follow the procedure To install the EfficientIP DHCP Package on Debian and Ubuntu.
2. follow the procedure To complete the DHCP package installation on Debian/Ubuntu if the DNS
package is not installed.

If you already installed the DNS packages, you only need to follow the procedure To install
the EfficientIP DHCP Package on Debian and Ubuntu below.

In the installation procedure below, we will include the commands that make the webservices
configurable.

To install the EfficientIP DHCP Package on Debian and Ubuntu

1. Open an SSH session.

2. Stop and disable your DHCP software, using the following commands:
# service isc-dhcp-server stop
# update-rc.d -f isc-dhcp-server remove

3. Install the dependency packages, ONLY if you have not installed the EfficientIP DNS package,
using the following commands:
# apt-get install php5
# apt-get install sudo
# apt-get install snmpd
# apt-get install sqlite
# apt-get install php5-sqlite

4. If you are using Ubuntu, install the package on Ubuntu, using the following command (only
if you have not installed the DNS package yet):
# aptitude install libssl0.9.8

5. Install the EfficientIP DHCP package, using the following command:

# dpkg -i ipmdhcp*

6. Make the webservices configurable: in the directory /etc/sudoers.d , create the file ipmdhcp
containing the line below.
www-data ALL = NOPASSWD: /usr/local/nessy2/script/install_dhcpd_conf.sh, \
/usr/local/nessy2/script/install_dhcpd6_conf.sh

7. Set the users access rights as follows:

371
 Managing DHCP Servers

# chmod 440 /etc/sudoers.d/ipmdhcp

Note
You can change the webservice admin password using the command below:
# htpasswd /usr/local/nessy2/www/php/cmd/dhcp/.htpasswd admin

If you have not installed the DNS package or are not planning on installing it, you must
follow the procedure below. Otherwise, you can add your ISC servers to the management following
the Adding a SOLIDserver DHCP server managed through SSL procedure.

To complete the DHCP package installation on Debian/Ubuntu if the DNS package

is not installed

1. Open an SSH session.

2. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440

3. Start the snmp daemon, using the following command:

# service snmpd start

4. Create a self-signed certificate for apache, using the following commands:

# cd /etc/apache2
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# openssl rsa -in server.key -out server.key.insecure
# mv server.key server.key.secure
# mv server.key.insecure server.key

5. Activate the SSL mode in Apache using the following command:

# a2enmod ssl

6. Make sure that there is a symbolic link from /etc/apache2/sites-available/default-ssl to

/etc/apache2/sites-enable/, if not, use the following command line:
# ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/

7. Configure the webservices. In the file /etc/apache2/sites-enabled/default-ssl, enter the con-

figuration below:
<VirtualHost *:443>

ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000

SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

372
 Managing DHCP Servers

php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>

8. Disable the default site in Debian Apache configuration using the following commands:
# cd /etc/apache2/sites-enabled
# unlink 000-default

9. Restart Apache using the following command line:

# service apache2 restart

10. Make sure that the ipmdhcp package is running using the following command line:
# service ipmdhcp status

If it is not running, use the following command line:

# service ipmdhcp start

Once the configuration is complete, you can add EfficientIP DHCP servers to manage your ISC
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the Adding a SOLIDserver DHCP server managed through SSL procedure.

Installing the EfficientIP DHCP package for Linux CentOS/RedHat 6 - 64 bits

Prerequisites

• The DHCP package file, ipmdhcpxx-5.x.x-redhatx.x86_64.rpm, whose name provides you with
a number of information separated by hyphens or a point: the type of package (ipmdhcpxx: a
DHCP package with a DHCP in version xx where xx is x dot x), the version of SOLIDserver
(5.x.x); the version of RedHat (redhatx) and finally the Debian architecture (x86_64). In the
procedure below, this file will be referred to as ipmdhcp*;
• The EfficientIP ISC package platform must have at least 20 Mo of free disk space;
• The EfficientIP ISC package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that SOLIDserver and RedHat/CentOS are set to the same time and date,
• You must make sure that HTTPS (port 443), the DHCP service (port 67) and the failover ports
(647-667 and 847-867) are not blocked by a network filtering process (firewall).

Installing the EfficientIP DHCP Package

You can install the EfficientIP DHCP Package on both RedHat and CentOS Linux.

If you have not installed the DNS packages yet, you need to:

1. follow the procedure To install the EfficientIP DHCP Package on RedHat and CentOS.
2. follow the procedure To complete the DHCP package installation on RedHat/CentOS if the
DNS package is not installed.

373
 Managing DHCP Servers

If you already installed the DNS packages, you only need to follow the procedure To install
the EfficientIP DHCP Package on RedHat and CentOS below.

In the installation procedure below, we will include the commands that make the webservices
configurable.

To install the EfficientIP DHCP Package on RedHat and CentOS

1. Open an SSH session.

2. Stop and disable your DHCP software, using the commands below.
• On RedHat:
# service isc-dhcp-server stop
# update-rc.d -f isc-dhcp-server remove

• On CentOS:
# service dhcpd stop
# chkconfig dhcpd stop

3. Install the dependency packages, ONLY if you have not installed the EfficientIP DNS package,
using the following commands:
# yum install net-snmp php mod_ssl sudo sqlite php-pdo

4. Install the EfficientIP DHCP package, using the following command:

# rpm -ivh ipmdhcp*

5. Make the webservices configurable: in the directory /etc/sudoers.d , create the file ipmdhcp
containing the line below.
apache ALL = NOPASSWD: /usr/local/nessy2/script/install_dhcpd_conf.sh, \
/usr/local/nessy2/script/install_dhcpd6_conf.sh

6. Set the users access rights as follows:

# chmod 440 /etc/sudoers.d/ipmdhcp

Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dhcp/.htpasswd admin

If you have not installed the DNS package or are not planning on installing it, you must
follow the procedure below. Otherwise, you can add your ISC servers to the management following
the Adding a SOLIDserver DHCP server managed through SSL procedure.

To complete the DHCP package installation on RedHat/CentOS if the DNS package

is not installed

1. Open an SSH session.

2. Configure or disable the firewall.
• To disable the firewall on the current session, use the following command:
# iptables -F

374
 Managing DHCP Servers

• To disable it completely, use the following commands:

# service iptables save
# service iptables stop
# chkconfig iptables off

3. If Apache did not start automatically, start it using the following command:
# chkconfig httpd on

4. Disable selinux. In the file /etc/selinux/config, modify the line SELINUX=enforcing to match
the following one:
SELINUX=disabled

5. In the line /etc/sudoers, disable requiretty by making it a comment as follows:

#Defaults requiretty

6. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440

7. Start the snmp daemon, using the following command:

# service snmpd start

8. Create a self-signed certificate for apache, using the following commands:

# cd /etc/httpd
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# openssl rsa -in server.key -out server.key.insecure
# mv server.key server.key.secure
# mv server.key.insecure server.key

9. Configure the webservices. In the file /etc/httpd/conf.d/ssl.conf, replace the FULL VirtualHost
section with the configuration below:
<VirtualHost *:443>
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000

SSLEngine on
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>

10. Restart Apache using the following command line:

# service httpd restart

375
 Managing DHCP Servers

11. Make sure that the ipmdhcp package is running using the following command line:
# service ipmdhcp status

If it is not running, use the following command line:

# service ipmdhcp start

Once the configuration is complete, you can add EfficientIP DHCP servers to manage your ISC
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the Adding a SOLIDserver DHCP server managed through SSL procedure.

Adding an ISC DHCP Server

The addition of an ISC DHCP server follows the same procedure as the addition of an Efficient
IP DHCP server. The configuration will make it an ISC DHCP server in the appliance, compatible
with the Linux package in v4 or v5, depending on the used protocol i.e. SNMP or SSL.

Note
The addition of an Efficient IP DHCP package is only available in DHCPv4

Adding an ISC DHCP Server for a Linux Package v4

After installing a Linux package v4, you will need to configure the DHCP with the SNMP protocol.
Adding a DHCP server this way implies that the server is in version 4.0.x or prior. Follow the
procedure below to add the server through the GUI.

To add an ISC DHCP server for a Linux package v4

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, select Add > Server > EfficientIP DHCP Package. The Manage a DHCP server
wizard opens.
4. In the DHCP server class list, select the DHCP server class of your choice for this server.
Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.22. DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.

376
 Managing DHCP Servers

Fields Description
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Protocol drop-down list, select SNMP.

7. In the Configure SNMP parameters section, tick the box to configure the SNMP parameters
used to configure the remote DHCP server. The SNMP parameters related fields appear:

Table 28.23. SNMP parameters

Fields Description
SNMP port The port used to connect to the remote SOLIDserver. By default the
port is set to 1162. If you have to change it, do not forget to modify
it in the system configuration of the remote server.
Use TCP transport Tick the box if you want to use the TCP protocol instead of the UDP
when the network link is not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. Three SNMP security profiles with
three levels of security (SNMP v1, v2c and v3) are already available
on the appliance. By default, the standard v2c level is selected in
this drop-down list.
SNMP retries The number of SNMP retries on timeouts. By default, the number of
retries is set to 2.
SNMP timeout The SNMP timeout in seconds. By default, the timeout is set to 5
seconds.

8. In the Mode drop-down list, you can set up the following parameters.

Table 28.24. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

377
 Managing DHCP Servers

9. Click on OK to save the server configuration. The report opens and closes. The server is
listed.

Adding an ISC DHCP Server for a Linux Package v5

For the addition of an ISC DHCP server after installing a Linux package v5, the DHCP configur-
ation will be done through SSL. Follow the procedure below to add the server through the GUI.

To add an ISC DHCP server for a Linux package v5

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. In the menu, depending on the type of addressing (IPv4or IPv6), select Add > Server > Effi-
cientIP DHCP Package. The Manage a DHCP server wizard opens.
4. In the DHCP server class list, select the DHCP server class of your choice for this server.
Click on NEXT . The next page of the wizard appears.

Note
If no class is available for that operation, the wizard page of the classes will
automatically be skipped. Applying a class on an object can impact the behavior
of its configuration, for more information consult your administrator.

5. Fill in the following fields to set up the basic server configuration:

Table 28.25. DHCP Server Basic Parameters

Fields Description
DHCP server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DNS. Keep in
mind that the server will still receive data if your network configuration
allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure
that the configuration you set suits your needs before you untick the
box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Management Protocol drop-down list, select SSL.

7. If you modified the SSH login and password, in the Configure SSL parameters section, tick
the checkbox. The fields Login and Password appear.
8. If need be, edit the SSH login and password to match those of the SSL. By default, they are
both filled with admin.
9. In the Mode drop-down list, you can set up the following parameters.

378
 Managing DHCP Servers

Table 28.26. DHCP Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

10. Click on OK to save the server configuration. The report opens and closes. The server is
listed.

Editing a DHCP Server

To edit any kind of DHCP server configuration, you need to open its properties page and edit the
panel(s) of your choice. The panels that do not contain the EDIT button cannot be edited.

If you want to add, edit or delete DHCP options, please refer to the Configuring DHCP Options
chapter of this guide.

To edit a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. Filter the list if need be.
4. At the end of the line of the server of your choice, click on . The properties page opens.
5. Open all the panels using .
6. In the panel of your choice, click on EDIT . The corresponding wizard opens.
7. Make the changes you need. Click on NEXT if need be to get to last page of the wizard.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and refreshes.

Deleting a DHCP Server

Granted that it is not managed by a smart architecture, you can at any time delete a DHCP
server from the All servers page. This way, you stop managing it through SOLIDserver.

To delete a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The DHCP All servers list opens.
3. Filter the list if need be.
4. Tick the server(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.

379
 Managing DHCP Servers

6. Click on OK to commit the deletion. The report opens and closes. The server might be marked
Delayed delete until it is no longer listed.

Defining a DHCP Server as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a server as one of the resources of a specific group will allow the users of that
group to manage the server(s) in question as long as they have the corresponding rights and
delegations granted.

Allowing access to a server as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

380
Chapter 29. Managing DHCP Scopes
SOLIDserver scopes constitute a level in the DHCP module and are used to determine the topology
of the network, apply DHCP options for a routable domain, describe network clients, and indicate
the addresses that will be allocated to certain clients. In order to use the DHCP service, each
subnet to be served must have a DHCP scope that matches with its IP address and its netmask
(size). When a DHCP server serves clients which are local to its physical network, the scope is
easily assimilated to its broadcast domain. A scope belongs to a DHCP server, and can contain
several DHCP ranges.

Browsing Scopes
server

scope group

range static

dhcp-navscp
lease

Figure 29.1. DHCP Scopes Hierarchy

Here below, you can see the link to browse the DHCP scopes database:

Figure 29.2. DHCP: All DHCP Scopes

Browsing the Scopes Database

To list the DHCP scopes through the DHCP homepage

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.

To list the DHCP scopes through the breadcrumb

1. Go to the DHCP tab.

2. Click on All scopes in the breadcrumb. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.

Note
When you use display the All scopes list, you can see that SOLIDserver automatically
adds the Server column into the table. This column allows you to apply specific
server filtering to refine your selection of scopes.

381
 Managing DHCP Scopes

To list the scopes of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice to list the scopes contained in it.

To find a scope

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens and display all the scopes regardless
of which server they belong to.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Use one of the following tips to filter the scopes database through the Name or Address
column:

• *pattern allows to find a scope with the end of its name.

• pattern allows to find a scope through a part of its name.
• =pattern* allows to find a scope through the first letter(s) of its name.
• =192.168* allows to fine a scope through its address first number(s).

5. Click on SEARCH to display the results list. Only the scopes matching what you filled in are
displayed.

To display a DHCP scope properties page

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The corresponding scope
properties pages opens.

Customizing the DHCP Scopes Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Status of DHCP Scopes

The status of the DHCP scopes provides a report on the scope operations. Scopes statuses are
displayed next to the right column of the list of the scopes. The table below explains all status
values:

Table 29.1. DHCP scopes statuses

Status Description
OK The scope is configured

382
 Managing DHCP Scopes

Status Description
Delayed create The creation or update is delayed due to a scheduled configuration of
the server. The creation will be automatically done after maximum of 1
minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.

Adding a DHCP Scope

The addition of a scope to a DHCP server defines a new extension to the network's topology.
Once created, the DHCP server is ready to receive a range of dynamic addresses.

You can add a scope to the all scopes list or within the scopes list of a specific server. If you do
so, the creation process will be slightly shorter than the procedure below as you will not need to
specify a server.

To add a DHCP scope in IPv4 or IPv6

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. In the menu, select Add > DHCP scope or Add > DHCP scope (v6). The Add a DHCP scope
wizard opens.
5. In the Select a DHCP server list, select the DHCP server in which you want to create the
scope.
6. Click on NEXT . The next page of the wizard appears.
7. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
8. Click on NEXT . The next page of the wizard appears.
9. Fill in the following fields to configure the scope parameters:

Table 29.2. DHCP Scope Configuration Parameters

Field Description
Name In this field, name the scope.
Network address In this field, fill in the scope address.
Netmask In this drop-down list, select the shared physical network.
Prefix In this drop-down list, select the scope prefix. By default, the prefix
is selected depending on the netmask you chose. The prefix you
select will change the netmask.
DHCP scope space In this drop-down list, you can select one of your existing IPAM
name spaces: the scope will be part of it.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default

383
 Managing DHCP Scopes

Field Description
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

10. Click on OK to commit the creation. The report opens and closes. The scope is listed.

Editing a DHCP Scope

To modify the main properties of a DHCP scope in IPv4 or IPv6

1. Go to the scope of your choice properties page (for more details, see the procedure To display
a DHCP scope properties page).
2. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
3. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
4. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
5. You can modify the Name, Shared network, DHCP scope space name and Mode.
6. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

Applying DHCP Options at Scope Level

SOLIDserver allows to specify DHCP options at the scope level in IPv4 addressing. All the options
you configure at the scope level are thus inherited to all the DHCP addresses it distributes: DHCP
static reservations and DHCP dynamic.

Editing the Scope Options

SOLIDserver provides a powerful configuration assistant to set DHCP options. This assistant is
available from the property page of DHCP scopes. For more information about the DHCP options
configuration, refer to the Configuring DHCP Options chapter.

To modify a scope DHCP option in IPv4

1. Go to the properties page of the DHCPv4 scope of your choice (for more details, see To
display a DHCP scope properties page).
2. In the upper right corner, click on .
3. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
4. In the Option category drop-down list, select the category of your choice. The corresponding
fields are displayed.
5. Modify the parameters and options according to your needs.
6. Click on OK to commit the modification. The report and closes. The modifications are listed
in the panel.

384
 Managing DHCP Scopes

To modify a scope DHCP option in IPv6

1. Go to the properties page of the DHCPv6 scope of your choice (for more details, see To
display a DHCP scope properties page).
2. In the upper right corner, click on .
3. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
4. Modify the parameters and options according to your needs.
5. Click on OK to commit the modification. The report and closes. The modifications are listed
in the panel.

Performing Option Changes on Several Scope At Once

SOLIDserver offers powerful tools to massively apply or remove options on DHCP scopes. Options
can be set on all scopes you select from the DHCP scope table. You can select scopes from
your one criteria by using column filtering for one server or through all DHCP server.

To perform a DHCP option addition on one or several scopes

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Add. The Add DHCP scope options wizard opens.
7. In the Option Name drop-down list, select an option.
8. In the Value field, type in the relevant value.
9. Click on OK to commit your option addition.The report opens and closes, the page refreshes.
If you open the scope properties page DHCP options panel, you will see all the DHCP options
and their value.

To perform a DHCP option value replacement on one or several scopes

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Replace. The Delete DHCP scope options wizard opens.
7. In the Option Name drop-down list, select the option which value you want to replace.
8. In the Replace field, type in the value to be replaced (i.e. the value you set when adding the
option).
9. In the By field, type in the new value.

385
 Managing DHCP Scopes

10. Click on OK to commit your changes. The report opens and closes, the page refreshes. If
you open the scope properties page DHCP options panel, you will see the DHCP option
new value.

To perform remove a DHCP option from one or several scopes

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) to be modified.
5. Tick the scope(s).
6. In the menu, select Edit > Option > Delete. The Delete DHCP scope options wizard opens.
7. In the Option Name drop-down list, select an option.
8. In the Option value filter field, type in the option value.
9. Click on OK to commit your option deletion. The report opens and closes. If you open the
scope properties page DHCP options panel, you will see that the DHCP option is no longer
listed.

Defining a Specific IPAM Space for a Scope

As SOLIDserver allows you to maintain several IP addresses spaces with overlapped subnets,
it makes it possible to configure these different subnets on distinct DHCP servers. A scope can
be linked to a space. If you do not specifically link a scope to an IP space, SOLIDserver will
transparently link the scope with the best subnet it could find in the IPAM database.

By default, a scope is automatically attached to the DHCP server's space. Defining a specific
space at the scope level allows to apply policy rules from the IPAM module to several addresses.
In particular, setting such rules avoids any overlapping of ranges and spreads of reserved ad-
dresses.

To modify a scope space in IPv4 or IPv6

1. Go to the properties page of the DHCP scope of your choice (for more details, see To display
a DHCP scope properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
3. In the DHCP scope space name list, select the space that you want to associated with the
scope.
4. Click on OK to commit your modifications. The report opens and closes. The modifications
are listed in the panel.

The scope space can be massively modified in IPv4 from the list of the scopes page. A set of
scopes can be first filtered and then have their space relation modified in one time, you can of
course also tick only one scope.

To modify the related IPAM space for several scopes at once

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.

386
 Managing DHCP Scopes

3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to modify.
5. In the menu, select Edit > Set > Space. The Edit the scope space wizard opens.
6. In the Space drop-down list, select the space you want your scopes to be associated with.
7. Click on OK to commit the change. The report opens and closes. The new space is listed in
the Scope space column.

Tip
If you select None in the Space drop-down list, you can remove the scope relation
with any IPAM space.

Configuring Multiple Scopes for a Network Segment

A shared network is a group of scopes serving a entire network segment as a single entity. Typ-
ically, a shared network is used where a DHCP server is being used to support DHCP clients on
a single physical network that has multiple IP subnets in use. This is sometimes referred to as
multinetting. This occurs when a subnet is depleted of available IP addresses and more addresses
need to be used. For example, if a company has a single Class C network address, the company
has 254 IP addresses to use. If the company is growing and has used all of its addresses, the
company needs to add another Class C network address and route the data between the two
networks. Since these address ranges are not contiguous, they cannot belong to the same scope.
By creating a shared network, the DHCP server is able to manage both Class C networks as a
single entity.

Because the network administrator defines scopes and assigns them to network segments, a
client scope cannot be determined just by its network connection. The client is connected to a
network segment on which any number of IP scopes may be configured. Thus, when a request
arrives from a client, the DHCP server first determines from which network segment the message
was sent. If the client is requesting an existing address, the DHCP server can check the requested
address to determine whether it is from any of the IP scopes assigned to the client network seg-
ment. If it is, and if the address is available for the client, the server can assign that address to
the client.

If dynamic DHCP ranges appear within scopes using the same shared network, all address
ranges are offered independently. Once the first range is full, the ranges that are declared within
the same shared network will be used one after the other until all addresses are used.

To add a DHCP scope to a shared network

1. Go to the properties page of the DHCP scope of your choice (for more details, see To display
a DHCP scope properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP scope wizard opens.
3. If you created classes at the scopes level, in the DHCP scope Class list, select a class if
need be.
4. Click on NEXT . The last page of the wizard appears.
5. In the Share network drop-down list, select the scope you want to associate with the one
you are editing.
6. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.

387
 Managing DHCP Scopes

Managing DHCPv4 Scopes Duplication and Migration

To assist you in the management, scopes can be copied and moved from one server to the other.
In both cases, make sure that the IP addresses they manage is not already managed by another
scope in the target space.

Migrating a scope also migrates the DHCP ranges and statics with IP address it contains. As for
the statics without IP migration, refer to the section Copying a DHCPv4 Static Without IP of this
guide.

Keep in mind that if your physical server is managed through a smart, only the scope created on
the smart can be duplicated or moved.

To copy a scope to another server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to duplicate.
5. In the menu, select Edit > Migrate. The Copying/Moving scopes wizard opens.
6. In the Method drop-down list, select Copy.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the scope duplication. The report opens and closes. The All scopes
list is visible again, both scopes are listed: they share the same name, start address and
end address. The duplicate scope is in Delayed create in the target server.

To move a scope to another server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes.
4. Tick the scope(s) you want to duplicate.
5. In the menu, select Edit > Migrate. The Copying/Moving scopes wizard opens.
6. In the Method drop-down list, select Move.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the RR migration. The report opens and closes. The All scopes list
is visible again, the scope is no longer listed as part of the first server. It now belongs to the
selected target server.

Applying Management Rules to the Scopes

SOLIDserver provides rules to automate operational management tasks. Several rules allow to
adapt the DHCP management behavior according to your own processes.

The generic rule number (098) Create a DHCP scope (from the IPAM module, listed under the
event Add a subnet) is enabled by default and automatically adds a new DHCP scope each time
a new subnet is created. If you ever want to disable it, follow the procedure below.

388
 Managing DHCP Scopes

To disable the generic rule 098

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the Rule # column filtering field, type in 098. The rule (098) (generic) Create a DHCP
scope is listed.
4. Tick the rule.
5. In the menu, select Edit > Disable. The Disable wizard opens.
6. Click on OK to commit your modification. The report opens and closes. The rule is marked
Disable in the Status column.

Deleting a DHCP Scope

The deletion of a DHCP scope means that the address ranges and leases that it contains will
disappear. This deletion restricts the network's topology.

To delete a DHCP scope

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Filter the list to find the scope(s) you want to delete (for more details, see To find a scope).
5. Tick the box left of the scope(s) to be deleted.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The scope is no longer
listed.

DHCP Relay Agents

Rather than directly connecting the DHCP server to every network segment it serves, it is possible
to configure a DHCP relay agent on each network segment. Relay agents are configured with a
list of one or more DHCP servers, two servers must be configured for the DHCP failover. When
a relay agent receives a message from a DHCP client on a particular network segment, it records
the IP address of the interface on which it received the request in the GiAddr field of the message,
and then it forwards the message to the DHCP server. From there, the server will directly respond
to the client.

The DHCP relay is a mechanism that allows the transfer of DHCP/BOOTP messages between
clients and servers of different subnets. The routers used to interconnect these subnets possess
for the most part the functionality of TCP/IP relay agents. To conform to the RFC 1542 norm and
deal with the relay agent, each router must be capable of recognizing BOOTP and DHCP mes-
sages and relaying them in an appropriate manner. A router equipped with the capacities of a
BOOTP relay agent generally relays DHCP packets, as well as all BOOTP packets transmitted
on the network. SOLIDserver supports DHCP relay transparently. If a scope has the same network
address as one of the interfaces of the DHCP server, then it is a local scope. This means that it
belongs to the same broadcast domain than the DHCP server. Otherwise, it is a relay scope.

389
 Managing DHCP Scopes

Example 29.1. BOOTP / DHCP relay on Cisco devices (IP helper)

In this following example, one DHCP server is on the network 191.24.1.0 and the other one is
on network 110.44.0.0. By setting this configuration, the IP broadcast from all hosts will be for-
warded in unicast toward the two servers.
interface ethernet1
ip helper-address 191.24.1.45
ip helper-address 110.44.0.125

Example 29.2. BOOTP / DHCP relay on Juniper devices (IP helper)

In this following example, one DHCP server is in VLAN 20 with the 20.20.20.2 IP address, the
client PC is in VLAN 10, the Juniper switch is configured as DHCP relay and performs inter VLAN
routing between VLANs 10 and 20.
set vlans vlan10 vlan-id 10
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan10
set vlans vlan10 l3-interface vlan.10
set interfaces vlan unit 10 family inet address 10.10.10.1/24

set vlans vlan20 vlan-id 20

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan20
set interfaces vlan unit 20 family inet address 20.20.20.1/24
set vlans vlan20 l3-interface vlan.20
set forwarding-options helpers bootp server 20.20.20.2
set forwarding-options helpers bootp interface vlan.10

Example 29.3. BOOTP / DHCP relay on HP devices (IP helper)

In this following example, the DHCP server have the 10.10.20.3 IP address, the client PC is in
VLAN 40.
vlan 40
ip helper-address 10.10.20.3

Defining a DHCP Scope as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a scope as one of the resources of a specific group will allow the users of that
group to manage the scope(s) in question as long as they have the corresponding rights and
delegations granted.

Allowing access to a scope as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

390
Chapter 30. Managing Fixed
Reservations
Managing DHCP Statics
A DHCP static reservation is a permanent lease that is used to ensure a specified client always
uses the same IP address on a subnet. For clients who require a constant IP address, you can
manually configure a static IP address or assign a DHCP static reservation. DHCP static reser-
vations differ from statically configured IP addresses in one significant manner: if DHCP options
are modified on the DHCP server, the device configured with the DHCP static reservation para-
meters are updated when the device requests the static lease renewal. A DHCP static reservation
provides information about a particular DHCP client. Every DHCP static declaration must have
a unique name. Usually the name of the DHCP static reservation is just used to identify it, but in
particular contexts, it can be used to enforce the client's hostname. DHCP static reservations
match DHCP, PXE or BOOTP clients based on either client's MAC address or DHCP-client-
identifier option.

When it comes to statics, there is a main difference between DHCP managing IPv4 and IPv6
addresses. DHCPv6 introduces a new piece of informations, the DHCP Unique Identifier (DUID).
It should not exceed 128 bits in total and allows to identify a client rather than an equipment. It
contains the MAC address, therefore this address is not a unique independent set of numbers
anymore, it corresponds to the last 48 to 64 bits of the DUID depending on its type.

There are three different types of DUID:

• DUID based on Link Layer (LL).

• DUID based on Link-Layer Address Plus Time (LLT).
• DUID Assigned by Vendor Based on Enterprise Number (EN).

The DUID default structure goes like this:

DUID-LLT
DUID type Hardware Time Stamp MAC Address

DUID-EN
DUID type Enterprise Vendor Vendor Identifier

DUID-LL
DUID type Hardware MAC Address

0 8 16 24 32 40 48 56 64 72 80 88 96 104 112 120 128

bits

Figure 30.1. Three Different Structures of DUID

Keep in mind that to ease the static creation in DHCPv6, you will be able to fill in either the whole
DUID or only the MAC address.

391
 Managing Fixed Reservations

Browsing the Statics

server

scope group

range static

dhcp-navstat
lease

Figure 30.2. DHCP Static Hierarchy

Here below, you can see the link to browse the DHCP statics database:

Figure 30.3. DHCP: All DHCP Statics

Browsing the statics database

To list the statics (all servers taken together)

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.

To list the statics of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice. The scopes of this server are listed.
4. In the breadcrumb, click on All statics. The All statics page opens.
5. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.

To display a DHCP static properties page

1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. At the end of the line of the static of your choice, click on . The properties page opens.

On the statics properties page you will find the following information in separate panels:

• Main properties: sums up all the information filled in during the static creation (DHCP server,
scope and group, its name, IP address, client DUID or MAC address, class).
• Audit: displays sum up of all the changes carried out at the same level (the statics level) after
the creation of the item you are about to modify. You cannot edit this information.
• DHCP options: displays all the DHCP options you can define. None of the default options are
listed except for the type of DHCP server. See the chapter DHCP options of this guide for more
details.

392
 Managing Fixed Reservations

Customizing the DHCP statics display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the DHCP Statics Statuses

The status of DHCP static provides a report on the static operations. Statics statuses are displayed
at the end of each range line next to the properties shortcut button. The table below explains all
statuses value:

Table 30.1. DHCP statics statuses

Status Description
OK The static is operational.
Delayed create The creation is delayed due to a scheduled configuration of the server.
The creation will be automatically done after maximum of 1 minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.

Adding a DHCP Static

Whether you work with DHCPv4 or DHCPv6, the statics creation process is the same. However,
the data required in both versions is completely different, as in each version the DHCP protocol
work differently. In both cases, the fields displayed in the wizard will vary depending on which
list you choose to create them from, the All statics list or the list of statics of a particular server
or scope.

SOLIDserver allows you to choose the MAC address type upon creation of statics, this type will
modify the addresses display on the page. For more details regarding the supported MAC ad-
dresses types, refer to the MAC Address Types References appendix of this guide.

Adding DHCPv4 Statics

With DHCPv4, the process is quite simple, to set up a static, you will need an IP address and a
user identifier: the equipment MAC address.

To add a DHCPv4 static in the all statics list

1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. Next to the Logout button, click on IP4 to display the DHCPv4 statics.
3. In the menu, select Add > DHCP Static. The Add a DHCP static wizard opens.
4. In the DHCP server drop-down list, select the DHCP server of your choice.
5. Click on NEXT . The next page opens.
6. In the DHCP scope drop-down list, select the scope of your choice. You can select None if
you wish to simply configure DHCP options and not assign it an IP address.
7. Click on NEXT . The next page opens.
8. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
9. Configure the static using the table below:

393
 Managing Fixed Reservations

Table 30.2. Static DHCPv4 configuration parameters

Fields Description
Name In this field, name the DHCP static. This field is required.
IP address In this field, fill in the IPv4 address you want to assign to the device.
This field is required if you selected a scope.
MAC address In this field, fill in the MAC address of the device that will use the
DHCP static. This field is required.
MAC address type In this drop-down list, you can select the protocol associated with
the MAC address. Ethernet is selected by default. The protocol cor-
responding reference will be automatically displayed before the MAC
address in the default MAC address column. If you select Unknown,
the Type reference field appears.
Type reference In this field, specify the reference number of an unlisted type of the
MAC address drop-down list. If the reference you type in is already
part of the database, it will be automatically retrieved and visible
when editing the static.
Group name In this drop-down list, you can select the DHCP group the static be-
longs to. There will be no group in this list if you have not created
any group yet.

10. Click on OK to commit the static creation. The report opens and closes. The static is listed.

Adding DHCPv6 Statics

With DHCPv6, the process is similar, to set up a static you will need an IP address and a user
identifier: the client DUID. Considering that the DUID can be quite long - see introduction [391]
for more details - you have the possibility to either put it in full in the DUID field or put only the
DHCPv4 equivalent of the MAC address, that is to say the last 48 to 64 bits, so it will look like xx
: xx : xx : xx : xx : xx or xx : xx : xx : xx : xx : xx : xx.

To add a DHCPv6 static in the all statics list

1. Go to the All statics page. For more details, see To list the statics (all servers taken together).
2. Next to the Logout button, click on IP6 to display the DHCPv6 statics.
3. In the menu, select Add > DHCP Static (v6). The Add a DHCP static wizard opens.
4. In the DHCP server drop-down list, select the DHCP server of your choice.
5. Click on NEXT . The next page opens.
6. In the DHCP scope drop-down list, select the scope of your choice. You can select None if
you wish to simply configure DHCP options and not assign it an IP address.
7. Click on NEXT . The last page the wizard opens.
8. Configure the static using the table below:

Table 30.3. Static DHCPv6 configuration parameters

Fields Description
Name In this field, name the DHCP static. This field is required.
IP address In this field, type in the IPv6 address that the device will use. This
field is required if you selected a scope.

394
 Managing Fixed Reservations

Fields Description
Client DUID In this field, type in the equipment DUID. If you do not fill in the Client
DUID field, you need to fill in the MAC address field.
MAC address In this field, type in the MAC address, that is to say the six sets of
hexadecimal digits of the equipment DUID. If you do not fill in the
MAC address field, you need to fill in the Client DUID field.
MAC address type In this drop-down list, select the protocol associated with the MAC
address. The protocol reference will be displayed before the MAC
address in the default MAC address column. Ethernet is selected by
default. This field is required.
Group name In this drop-down list, select the DHCP group the static belongs to.
There will be no group in this list if you have not created any group
yet.

9. Click on OK to commit the static creation. The report opens and closes. The static is listed.

Editing a DHCP Static

After creating DHCPv4 or DHCPv6 statics, you can modify their parameters through the different
panels of its properties page offers. The two versions allow you to modify different parameters
of the Main properties panel.

To modify the main properties of a DHCPv4 static

1. Display the list of DHCPv4 statics. For more details, see To list the statics (all servers taken
together).
2. Filter the list if need be.
3. At the end of the line of the static you chose, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP static wizard opens.
5. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.

Warning
Changing an object class may generate important repercussions on its properties,
starting with more required fields to fill in. For more information, see your admin-
istrator.

6. Modify the information of your choice in the IP address, MAC address, MAC address type
and/or Group name fields. Note that you cannot edit the static name.
7. Click on OK to commit your edition. The report open and closes. The modifications are visible
in the panel.

In addition to the nature of the information that differs when you make a static reservation in
DHCPv6, you can actually modify the static name through the properties page once the static
has been created.

395
 Managing Fixed Reservations

To modify the main properties of a DHCPv6 static

1. Display the list of DHCPv6 statics. For more details, see To list the statics (all servers taken
together).
2. Filter the list if need be.
3. At the end of the line of the static you chose, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DHCP static wizard opens.
5. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.

Warning
Changing an object class may generate important repercussions on its properties,
starting with more required fields to fill in. For more information, see your admin-
istrator.

6. Modify the information of your choice in the Name, IP address, Client DUID, MAC address,
MAC address type and/or Group name fields.
7. Click on OK to commit your edition. The report open and closes. The modifications are visible
in the panel.

If you have created DHCPv4 statics before creating groups, you can create a group and then put
the static in the group of your choice.

To put a static in an existing group

1. Go to the list of IPv4 statics of your the server of your choice. For more details, see To list
the statics of a DHCP server.
2. Filter the list if need be.
3. Tick the static(s) you want to put in a different group.
4. In the menu, select Edit > Modify > Group. The Modify the DHCP group of a static wizard
opens.
5. In the DHCP group drop-down list, select the group of your choice.
6. click on OK to commit the modification. The report opens and closes. The group is listed in
the Group column of the static.

Applying DHCP Options at Static Level

You can configure DHCP options on a DHCP static. Option details for a DHCP static are described
in the DHCP options chapter.

To modify the DHCP options of a static

1. Go to the static of your choice properties page. For more details, see To display the static
properties.
2. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
3. Modify the fields of your choice. Note that, in DHCPv4, the Options category drop-down list
helps you filter the type of options.

396
 Managing Fixed Reservations

4. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the DHCP options panel.

Keep in mind that you can modify the options to statics one by one or you can gather them in a
group and configure these options at once by editing the DHCP options of the Group itself. In
some cases, it can save you some time. For more details, see the DHCP Groups part further
down in this guide.

Copying a DHCPv4 Static Without IP

To assist you in the management, statics without IP can be copied from one server to the other.
Keep in mind that you can copy any static without IP even if its MAC address is already declared
in the target server. Statics with IP address are copied or moved when you migrate the scope
they belong to.

Keep in mind that if your physical server is managed through a smart, only the static created on
the smart can be duplicated.

To copy a static without IP in another serve

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. In the upper right corner, click on IP4 to display the DHCPv4 statics.
4. Filter the list of need be.
5. Tick the static(s) without IP you want to duplicate.
6. In the menu, select Edit > Migrate. The Copying statics wizard opens.
7. In the Target server drop-down list, select the server of your choice.
8. Click on OK to commit the scope duplication. The report opens and closes. The All statics
list is visible again, the static is display twice, in two different servers.

Deleting a DHCP Static

At any point, you can delete a static reservation and the equipment/client - IP address information
that comes with it. The process is identical in both versions of the DHCP protocol.

To delete DHCP statics

1. Display the list of DHCP statics (for more details,see the Browsing the statics database
section).
2. Next to the Logout button, click on IP4 to display the DHCPv4 statics or IP6 to display the
DHCPv6 statics.
3. Filter the list to find the static(s) you want to delete.
4. Tick the static(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The static is no longer
listed.

397
 Managing Fixed Reservations

Updating Statics Using Static Related Rules

SOLIDserver provides rules to update IP addresses in the IPAM module. Several rules allow
automatic synchronization of IP entry with each DHCP static.

Automatically Create a DHCP Static for Each IP Address Created

You can automate the static creation for each IP address addition in DHCPv4 and DHCPv6. Two
generic rules automate this process:

• The Create a DHCP static (rule 167 for DHCPv4)

This rule is triggered by the IPAM module when you Add an IP address.

This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
• The Create a DHCP IPv6 Static (rule 232 for DHCPv6)

This rule is triggered by the IPAM module when you Add an IPv6 address.

This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.

Automatically Delete an IP address for Each DHCP Static Deleted

You can automate the static deletion for each IP address deleted in DHCPv4 and DHCPv6. Two
generic rules automate this process:

• The Delete a DHCP static (rule 168 for DHCPv4)

This rule is triggered by the IPAM module when there is a Deletion of an IP address.

This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.
• The Delete a DHCP IPv6 Static (rule 233 for DHCPv6)

This rule is triggered by the IPAM module when you Delete an IPv6 address.

This rule is generic so it is enabled by default. Type in its name or number in the filter field of
the corresponding column to make sure its status is OK. If you want to disable it, tick it and
disable it through the Edit menu.

Automatically Make Sure That Statics Do Not Duplicate a Hostname

The rule Check DHCP static duplicate hostnames (rule 022) allows to automatically check that
two different statics do not have the same name on one DHCP server.

This rule is only available for DHCPv4 and is triggered from the DHCP module itself when you
are about to add a new static, it will Check before adding a DHCP static that the chosen name
is unique.

398
 Managing Fixed Reservations

Managing DHCP Groups

The DHCP group allows to apply one or more parameters to a group of static declarations.
Configuring a group is not compulsory, the statics would work properly without separately as
well. For clients with statically assigned addresses, or for installations where only known clients
will be served, each such client must have a DHCP static declaration. If parameters are to be
applied to a group of declarations which are not related strictly on a per-subnet basis, the group
declaration can be used. Some sites may have departments which have clients on more than
one subnet, but it may be desirable to offer those clients a uniform set of parameters which are
different than what would be offered to clients from other departments on the same subnet. For
clients which will be declared explicitly with DHCP static declarations, these declarations can
belong to a DHCP group declaration along with the parameters which are common to that depart-
ment.

You can add as many groups as you want but you cannot edit them. You can delete them and
replace them with new ones.

Note
DHCP group feature is only available on EfficientIP DHCP servers. The groups level
will not be visible in the breadcrumb when you work with a Microsoft or a Cisco DHCP
server.

Browsing the Groups

server

scope group

range static
dhcp-navgrp

lease

Figure 30.4. DHCP Group Hierarchy

Here below, you can see the link to browse the DHCP groups database:

Figure 30.5. DHCP: All DHCP Groups

Browsing the Groups Database

To list all the groups (all servers taken together)

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on Groups icon. The All groups list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 groups or IP6 to display the
DHCPv6 groups.

399
 Managing Fixed Reservations

To list the groups of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Put your mouse over the name of the server of your choice. The Info Bar appears.
4. Click on . The server properties page opens.
5. In the breadcrumb, click on All groups. The All groups list of that server opens.

To display a DHCP group properties page

1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. At the end of the line of the group of your choice, click on . The properties page opens.

Customizing the DHCP Groups Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the DHCP Statics Statuses

The status of DHCP group provides a report on the group operations. Groups status are displayed
next to the right column of the list of the groups. The table below explains all status values:

Table 30.4. DHCP Groups Statuses

Status Description
OK The group is operational.
Delayed create The creation is delayed due to a scheduled configuration of the server.
The creation will be automatically done after maximum of 1 minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.

Adding a DHCP Group

At any point, you can add a group to an EffcientIP DHCP server. Even if you already created
statics, you have the possibility to put them in the group of your choice, see procedure To put a
static in an existing group for more details.

Keep in mind that you cannot edit a group, you have to delete it.

With both DHCPv4 and DHCPv6, you can add a group to the All groups list.

To add a DHCPv4 group to the all groups list

1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP4 to display the DHCPv4 groups.
3. In the menu, select Add > DHCP group. The Add a DHCP group wizard opens.
4. In the DHCP server list, select the DHCP server in which you want to add a group.

400
 Managing Fixed Reservations

5. Click on NEXT . The last page of the wizard appears.

6. In the DHCP group name, type in the name of the new group.
7. In the Mode drop-down list, you can set up the following parameters.

Table 30.5. DHCP Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

8. Click on OK to commit the addition. The report opens and closes. The group is listed.

To add a DHCPv6 group to the all groups list

1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP6 to display the DHCPv6 groups.
3. In the menu, select Add > DHCP group (v6). The Add a DHCP group wizard opens.
4. In the DHCP server list, select the DHCP server in which you want to add a group.
5. Click on NEXT . The last page of the wizard appears.
6. On the DHCP group configuration, fill in the group name.
7. Click on OK to commit the addition. The report opens and closes. The group is listed.

You can of course add a group to the All groups list of a particular server.

To add a DHCP group to a server

1. Go to the All groups list of the server of your choice. For more details, see To list the groups
of a DHCP server.
2. In the menu, select Add > DHCP group or DHCP group (v6) depending on the server you
chose. The Add a DHCP group wizard opens.
3. In the DHCP group name, type in the name of the new group.
4. Click on OK to commit the creation. The report opens and closes. The group is listed.

Deleting a DHCP Group

The deletion of a DHCP group does not mean that the DHCP statics which it contained will dis-
appear. The DHCP options that were set for the group will simply no longer apply to the statics
it contained.

401
 Managing Fixed Reservations

To delete a DHCP group

1. Go to the All groups list. For more details, see To list all the groups (all servers taken togeth-
er).
2. Next to the Logout button, click on IP4 to display the DHCPv4 groups or on IP6 to display
the DHCPv6 groups.
3. Filter the list to display the group you want to delete.
4. Tick the group(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The selected group is no
longer listed.

Applying DHCP Options at Group Level

At the group level you can configure DHCP options. These options will be propagated to the
DHCP ranges and to the leases that it delivers. The details of such options are described in
chapter DHCP Options.

To modify the DHCP options of a group

1. Go to the properties page of the group of your choice. For more details, see To display a
DHCP group properties page.
2. In the DHCP options panel click on EDIT . The Configure DHCP options wizard opens.
3. Modify the fields of your choice.
4. Click on OK to commit your changes. The report opens and closes. The modifications are
listed in the DHCP options panel.

402
Chapter 31. Managing Dynamic
Addressing
Managing DHCP Ranges
Ranges must be declared in SOLIDserver for dynamic addressing. A DHCP range is a contiguous
suit of valid IP addresses which are available for lease to client computers on a particular scope.
A range belongs to just one DHCP scope, and contains the leases of the dynamic addresses.
Several ranges can be defined in the same scope if they do not overlap each other.

In the All ranges list, you will find two icons next to the Logout button: IP4 and IP6. They allow
you to display the DHCPv4 ranges on the one hand and the DHCPv6 ranges on the other hand.
Obviously, these buttons are not useful when you are listing the ranges of a particular scope or
server, if you click on the IP6 icon when listing leases of a DHCPv4 scope, you will list all the IP6
ranges regardless of the servers or scopes they are a part of.

Browsing the Ranges

server

scope group

range static

dhcp-navrng
lease

Figure 31.1. DHCP Ranges hierarchy

Here below, you can see the link to browse the DHCP ranges database:

Figure 31.2. DHCP: All DHCP Ranges

Browsing the Ranges Database

To list the DHCP ranges (all servers and scopes taken together)

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.

To list the ranges of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice.

403
 Managing Dynamic Addressing

4. In the breadcrumb, click on All ranges to display the chosen server's ranges.

To list the ranges of a DHCP scope

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the scope of your choice to visualize the ranges it contains.

To find a DHCP range

1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
4. In the filter field at the top of the Ranges column, you can look for a particular range by:

• Filling in the address of the beginning of the range.

• Filling in the address of the end of the range.

5. Click on SEARCH to display the results list. Only the ranges matching what you filled in are
displayed.

To display a DHCP range properties page

1. Search for the range of your choice (for more details, see To find a DHCP range).
2. A the end of the line of the range of your choice, click on . The properties page opens.

Customizing the DHCP Ranges Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the DHCP Ranges Statuses

The status of the DHCP ranges provides a report on the range operations.The table below explains
the Status column possible values:

Table 31.1. DHCP Range Statuses

Status Description
OK The range is configured
Delayed create The creation or update is delayed due to a scheduled configuration of
the server. The creation will be automatically done after maximum of 1
minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.

404
 Managing Dynamic Addressing

Adding a DHCP Range

The addition of a new range offers DHCP clients a new quantity of free addresses. A range is
defined by the first and the last address.You can add a IPv4 or an IPv6 range from the All ranges
page. The addition can also be done in ranges list of a particular scope, in this case the wizard
will display directly the DHCP range parameters page.

Note
The IPv4 range addition wizard provides by default an Access Control List (ACL)
configuration page. Keep in mind that the order of the elements listed in the DHCP
range ACL field is important as each restriction or permission will be reviewed follow-
ing the order you set in the list.

To add a DHCPv4 range

1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens, the IP4 button is blue.
3. In the menu, select Add > DHCP Range. The Add a DHCP range wizard opens.
4. In the DHCP Server list, select a server.
5. Click on NEXT . The scope selection page opens.
6. In the DHCP Scope list, select a scope.
7. Click on NEXT . The next page opens.
8. If you or your administrator created classes, the DHCP static class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
9. Configure the DHCP range parameters following the fields below:

Table 31.2. DHCPv4 Range Parameters

Fields Description
Start address First address of range.
End address Last address of range. If you modify this address, the size field is
automatically updated.
Size Number of addresses in the range. If you modify this field, the last
address will change.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

10. Click on NEXT . The ACLs configuration page opens if you are editing an EfficientIP DHCP
server, depending on the classes configured by your administrator.
11. In the Specific ACL field, configure ACLs using the table below.

405
 Managing Dynamic Addressing

Table 31.3. DHCPv4 Specific ACL Configuration Fields

Fields Description
Specific ACL In this field, type in the first letters of the ACL name, the auto-com-
pletion list appears and you can select the ACL of your choice.
Allow Tick this box to grant access to the selected ACL. Ticking or unticking
the box will modify the content of the ACL field.
ACL This field displays the configuration: whether you deny members of
or allow members of the selected ACL. Once the configuration suits
your needs click on . The configuration is listed in the DHCP range
ACL list.
DHCP range ACL This list sums up the ACL configurations.

12. In the General ACL field, configure ACLs using the table below.

Table 31.4. DHCPv4 General ACL Configuration Fields

Fields Description
Specific ACL In this drop-down list, select unknown clients, known clients, all clients
or dynamic bootp clients.
Allow Tick this box to grant access to the selected ACL. Ticking or unticking
the box will modify the content of the ACL field.
ACL This field displays the configuration: whether you deny members of
or allow members of the selected ACL. Once the configuration suits
your needs click on . The configuration is listed in the DHCP range
ACL list.
DHCP range ACL This list sums up the ACL configurations.

13. Click on OK to commit the creation. The report opens and closes. The ACLs are listed in the
ACL panel of the range properties page.

With IPv6, the procedure is the same but it is slightly shorter.

To add a DHCPv6 range

1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges (v6) icon. The All ranges page opens, the IP6 button is blue.
3. In the menu, select Add > DHCP range (v6). The Add a DHCP range wizard opens.
4. In the DHCP Server list, select a server.
5. Click on NEXT . The next page opens.
6. In the DHCP Scope list, select a scope.
7. Click on NEXT . The last page opens.
8. Configure the DHCPv6 range following the table below:

406
 Managing Dynamic Addressing

Table 31.5. DHCPv6 range parameters

Fields Description
Start address In this field, type in the range start address, it will change the content
of the Size field. By default, the field automatically displays the selec-
ted scope start address. This field is compulsory.
End address In this field, type in the range end address, it will change the content
of the Size field. By default, the field automatically displays the selec-
ted scope end address. This field is compulsory.
Size In this field, type in the number of addresses you want in the range.
The number you type in will modify the range end address.

9. Click on OK to commit the creation. The report opens and closes. The range is listed.

Editing a DHCP Range

Once created, DHCPv4 ranges can be modified as far as their ACL and size are concerned.

Editing a Range Properties

With DHCPv4, you can edit a range mode and the ACLs once created from its properties page.

Note
With DHCPv6, you cannot edit a range. The properties page will simply display all
the information available.

To modify the main properties and/or ACLs of a DHCPv4 range

1. Go to the range of your choice properties page (for more details, see To display a DHCP
range properties page).
2. In the Main properties panel, click on EDIT . The Edit a DHCP range wizard opens and displays
the range Start address, End address and Size, you cannot modify them.
3. In the Mode drop-down list, you can configure the following options:

Table 31.6. DHCP Default Behavior Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DHCP section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DHCP section of the Default Behaviors chapter of this guide.

4. Click on NEXT . The ACL configuration page opens. See the Restricting Access part for more
details regarding ACLs.
5. Thanks to the fields and boxes explained below you can configure ACLs:

407
 Managing Dynamic Addressing

Table 31.7. ACL Configuration Options

Fields Description
Specific ACL In this field, type in the name of the ACL you want to grant or deny
access at this level in the DHCP. The auto-completion allows you to
find them more easily.
General ACL In this drop-down list, you can create exceptions that will apply to
unknown clients, known clients, all clients or dynamic bootp clients.
Allow This box has to be checked if you want to allow the parameters set
up in the Specific ACL or General ACL field. If you do not tick it, what
you specified in those fields is denied.
ACL This field displays each ACL section configuration. It is gray by default
because its content depends on what you configured above. Once
your configuration is visible and suits your needs, click on . The
configuration is then listed the DHCP range ACL list.
DHCP range ACL This list sums up all the ACLs configured through the wizard.

6. Click on OK to commit the edition. The report opens and closes. The modifications are visible
in the Main properties and/or the ACLs panels.

Editing a Range Size

With DHCPv4, you can resize ranges. Basically, you will edit the range start and/or end address
so that it includes more or less addresses. Through the wizard you will be able to indicate the
number or addresses to include to or exclude from the range using the minus sign. This shift of
addresses will be done as long as the addresses included or excluded are not already used or
part of another range.

So if your range is 192.168.0.10-192.168.0.125 you can decide to resize to 192.168.0.100-

192.168.0.105 indicating a start address shift of "90" and an end address shift of "-20".

To resize a DHCP range

1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. Filter the list if need be. For more details, see To find a DHCP range.
5. Tick the range(s) you want to resize.
6. In the menu, select Edit > Resize DHCP ranges. The Resize ranges wizard opens.
7. In the Start address shift field, type in the positive or negative shift for the range start address
that suits your needs. If you type in 0 (zero), the address stays the same.
8. In the End address shift field, type in the positive or negative shift for the range end address
that suits your needs. If you type in 0 (zero), the address stays the same.
9. Click on OK to commit the new size. The report opens and closes. The new range(s) size is
visible.

408
 Managing Dynamic Addressing

Deleting a DHCP Range

When a subnet is no longer used, or whenever you wish to delete an existing range, you can do
so easily with SOLIDserver. The deletion procedure is identical for IPv4 and IPv6 ranges.

Before deleting an existing range, remember to create a new one using a different range of ad-
dresses.

To delete a DHCP range

1. Go to the DHCP tab homepage.If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
4. Filter the list if need be. For more details, see To find a DHCP range.
5. Tick the range you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The range is no longer
listed.

Using Rules To Manage Ranges

SOLIDserver provides rules to update addresses pool in the IPAM module. Several rules allow
you to synchronize automatically a pool entry for each DHCP range.

Automatically Check For Overlap

To automatically check the IP overlapping, you must enable the Checking IP overlapping rule.

To automatically check for IP overlap

1. Go to the Administration tab.

2. In the menu, select System > Expert > Rule. The Rules page opens.
3. Click on Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select DHCP.
5. In the Event drop-down list, select Add: DHCP ranges.
6. In the Rule drop-down list, select (021) Checking IP overlapping.
7. In the Rule name field, name the rule. This name will appear in the Instance column of the
Rules list.
8. In the Comment field, you can fill in a comment if you want.
9. Click on NEXT . The Rule filters page opens.
10. Then click on OK to commit the addition. The report opens and closes. The rule is listed.

409
 Managing Dynamic Addressing

Automatically Create a DHCP Range for each IP Pool Created

By default, the rule 088 regarding the addition of ranges for every newly added IPv4 pool is en-
abled. It is named (generic) Create a DHCP range for each IP pool created and is listed under
the event Add a pool of the IPAM module.

By default, the rule 230 regarding the addition of ranges for every newly added IPv6 pool is en-
abled. It is named, (generic) Add a DHCP IPv6 range and is listed under the event Add an IPv6
pool of the IPAM module.

If you want to disable one these rules, tick them and in the menu select Edit > Disable.

Delete a DHCP Range for each IP Pool Deleted

By default, the rule 097 regarding the deletion of ranges for every IPv4 pool deletion is enabled.
It is named (generic) Delete a DHCP range for each IP pool deleted and is listed under the event
Delete a pool of the IPAM module.

By default, the rule 231 regarding the deletion of ranges for every IPv6 pool deletion is enabled.
It is named, (generic) Delete a DHCP IPv6 range and is listed under the event Delete an IPv6
pool of the IPAM module.

If you want to disable one these rules, tick them and in the menu select Edit > Disable.

Applying DHCP Options at Range Level

It is possible to implement DHCP options to ranges. Therefore, the options configured at this
level are propagated to the DHCP leases delivered by said range. EfficientIP provides the DHCP
option inheritance in the following order: server, scope, range. For more information about DHCP
options, refer to the DHCP Options chapter.

Warning
Microsoft DHCP servers does not allow the options configuration on DHCP ranges.

To edit the DHCP range options

Note
The DHCP options can be edited at the range level only in DHCPv4.

1. Display the chosen range properties page (for more details, see procedure To display a
DHCP range properties page).
2. In the DHCP Options panel, click on EDIT . The wizard Configure DHCP options wizard opens.
3. In the Options category drop-down list, select a category if need be. The Most used options
are displayed by default.
4. Make your modifications.
5. Click on OK to commit the changes. The report opens and closes. Every item modified is
displayed in the panel.

410
 Managing Dynamic Addressing

Managing DHCP Leases

When it comes to dynamic addressing, the lease is the lowest level of the DHCP hierarchy. A
lease corresponds to one IP address, listed in the IPAM module. Just like its name indicates it,
a lease is limited in time. When a client requests an IP address to a DHCP server, the server will
deliver an IP address that is part of the scope that listens to the network area where the client
asked for an address. Which is why it is important to properly set up the DHCP server. Once you
created at least one scope and one range in a DHCP server you are able to deliver leases.

With SOLIDserver in DHCPv4, the maximum lease time is 24 hours (86400 seconds). By default,
the lease time is of 12 hours (43200 seconds). You can obviously change these parameters
either one a particular lease individually or at the range, scope or server level. As for DHCPv6,
you can configure the leases only at the server or scope level.

In the All leases list, you will find two icons next to the Logout button: IP4 and IP6. They allow
you to display the DHCPv4 leases on the one hand and the DHCPv6 leases on the other hand.
Obviously, these buttons are not useful when you are listing the leases of a particular scope or
server, if you click on the IP6 icon when listing leases of a DHCPv4 scope, you will list all the IP6
leases regardless of the servers, scopes and ranges they belong to.

Caution
If SOLIDserver is not on time, you will not be able to retrieve any leases. To configure
the NTP server, see the Services configuration chapter of this guide.

The All leases page, provides all kind of information regarding the leases. For instance their
current Status (for more details refer to the section Understanding the DHCP Leases Statuses),
IP address, MAC address, Start and End time and date, etc. In addition, the OS name column
(DHCP client OS version) provides extra information to identify the IPv4 leases DHCP client.

Browsing the Leases

server

scope group

range static
dhcp-navleas

lease

Figure 31.3. DHCP Leases hierarchy

Here below, you can see the link to browse the DHCP leases database:

Figure 31.4. DHCP: All DHCP Leases

Browsing the leases database

To list all the DHCP leases (all servers, scopes and ranges taken together)

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.

411
 Managing Dynamic Addressing

2. Click on the Leases icon. The All leases page opens.

3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.

To list the leases of a DHCP server

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the server of your choice.
4. In the breadcrumb, click on All leases to display the chosen server's ranges.

To list the leases of a DHCP scope

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the scope of your choice to visualize the ranges it contains.
5. In the breadcrumb, click on All leases to see all the leases of that scope.

To list the leases of a DHCP range

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. Click on the name of the range of your choice to visualize the leases it contains.

To find a DHCP lease

1. Go to the DHCP tab homepage.

2. Click on the Leases icon. The All leases page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 leases or IP6 to display the
DHCPv6 leases.
4. In the filter field at the top of the columns, you can look for a particular lease according to
its IP address, creation or expiration date or even through the range, scope or server it belongs
to.
5. Click on SEARCH to display the results list. Only the leases matching what you filled in are
displayed.

To display a DHCP lease properties page

1. Search for the range of your choice. For more details, see To find a DHCP lease.
2. At the end of the line of the lease of your choice, click on . The properties page opens.

412
 Managing Dynamic Addressing

Customizing the DHCP leases display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the DHCP Leases Statuses

The status of the DHCP leases provides information regarding each lease. The Status column
possible values are:

Table 31.8. DHCP Leases Statuses

Status Description
OK The lease is configured
Delayed create The creation or update is delayed due to a scheduled configuration of
the server. The creation will be automatically done after maximum of 1
minute.
Delayed delete The deletion is delayed due to a scheduled configuration of the server.
The deletion will be automatically done after maximum of 1 minute.

Defining the Leases Duration

When a DHCP client requests an IPv4 or an IPv6 address, it may suggest a lease duration in
the DHCPDISCOVER message. If the client requests a particular lease duration, the server
makes sure the requested lease time is within a range specified by the min-lease-time and max-
lease-time parameters. If the requested lease time is not within the specified range, it is set to
the value of min-lease-time if it is too short or to the value of max-lease-time if it is too long. If
the client does not request a specific lease duration, the lease duration specified in the default-
lease-time is used, and the same limits are applied.

EfficientIP DHCP server allows administrators to specify a default lease duration, a minimum
lease duration, and a maximum lease duration as defined below:

• default-lease-time specifies the duration of the lease that the DHCP server assigns if the client
requesting the lease does not ask for a specific expiration time.
• minimum-lease-time duration is used to force the DHCP client to take a longer lease than
the lease duration that it requests.
• maximum lease-time duration is used to define the longest lease that the DHCP server can
allocate. If a DHCP client asks for a longer lease than the maximum lease duration, then the
server limits the lease to the maximum lease duration.

Note
Maximum lease times do not apply to dynamic BOOTP leases. These leases are
not specified by the client and can exceed the maximum lease time configured.

DHCP lease duration is a topic of discussion among network administrators. Some use a lease
time of 6 months, some use lease time of 5 minutes. The right lease duration depends on each
network's context. Default lease duration on EfficientIP DHCP server is 12 hours.You can change
this default according to your requirements and set leases time at different levels, based on dif-

413
 Managing Dynamic Addressing

ferent factors. You can set a default lease time at the server, scope, range, group, DHCP class,
or static level of the EfficientIP DHCP organization.

To configure lease duration in DHCPv4

1. Go to the DHCP listing page of your choice: you can set up the lease duration at server,
scope, range, group or static level. You can also configure a DHCP class to set the lease
duration.
2. Filter the list if need be.
3. At the end of the line of the object of your choice, click on . The properties page opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. In the Option category drop-down list, make sure Most used options is selected.
6. In the Default lease time field, you can set a default lease time in seconds. The lease time
will be respected unless the client specifies another one when requesting a lease.
7. In the Max lease time field, you can set the maximum lease time in seconds.
8. In the Min lease time field, you can set the minimum lease time in seconds.
9. Click on OK to commit your configuration.The report opens and closes.The edited information
is now listed in the panel.

With IPv6 addressing, the procedure is the same except that you can only set it up from the two
highest levels in DHCP that is to say the servers themselves or the scopes.

To configure lease duration in DHCPv6

1. Go to the All servers list or the All scopes list to set up the lease duration.
2. Filter the list if need be.
3. At the end of the line of the object of your choice, click on . The properties page opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. In the Default lease time field, you can set a default lease time in seconds. The lease time
will be respected unless the client specifies another one when requesting a lease.
6. In the Max lease time field, you can set the maximum lease time in seconds.
7. In the Min lease time field, you can set the minimum lease time in seconds.
8. Click on OK to commit your configuration.The report opens and closes.The edited information
is now listed in the panel.

Releasing Leases
In case of ranges overloading, the lease release feature can be helpful in order to punctually free
a critical case. This operation asks the DHCP server to simulate a DHCP release.

Caution
This operation should not be used on a daily basis to resolve a lack of free space in
a range, the best way is to extend the range capacity as soon as possible.

To delete a DHCP lease

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.

414
 Managing Dynamic Addressing

2. Click on the Leases icon. The All leases page opens.

3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges or IP6 to display the
DHCPv6 ranges.
4. Filter the list to find the lease(s) you want to delete.
5. Tick the lease(s) to be deleted.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The selected lease(s) are
no longer listed.

Warning
A lease deletion can create IP addresses overlapping. Before proceeding with the
lease deletion make sure that the impacted DHCP client will not connect to the net-
work where the addresses were deleted.

Converting Leases into Statics

SOLIDserver allows you to convert lease to static reservation in order to register a host by its
MAC address in one or several DHCP servers. When you convert a lease to static, a static reser-
vation will be done on all servers where the lease existed. By default the new static is created
with the same name than the lease, and without IP address.

Note
It is for now impossible to convert an IPv6 lease into a static. However, you can
create IPv6 statics.

To convert an IPV4 lease into a static

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 leases.
4. Filter the list to find the lease(s) you want to convert.
5. Tick the lease(s) to be converted.
6. In the menu, select Edit > Convert to static > Without IP address or With IP address.

Table 31.9. Lease to Static Conversion Available Options

Option Description
Without IP address Converting a lease to a static without IP address will allow the
definition of certain DHCP options to a specific MAC address. The
IP addressing would therefore be dynamic, this MAC address will
for instance have a maximum lease time of a few hours each times
it connects but will be connected to the first available IP address
during that time.
With IP address Converting a lease to a static with IP address will allow the definition
of certain DHCP options to a specific MAC address that will always
connect to the IP address of your choice.

415
 Managing Dynamic Addressing

If you select the Without IP address option, the Convert lease to static without IP address
wizard opens.

If you select the With IP address option, the Convert DHCP lease to DHCP static wizard
opens.
7. Click on OK to commit the conversion. The report opens and closes. The converted IP ad-
dresses are not listed anymore, you will find them in the All statics lists (in the menu select
Display > All statics).

Blacklisting Leases
Once delivered, you can blacklist a lease at any time. This will convert the lease into a static
without IP. From that point on, the client MAC address cannot access to the DHCP server or its
failover channel. The client MAC address is even saved on the DHCP server configuration file
as blacklist-<MAC_address> to ensure that any lease request is denied.

Blacklisting a lease can be easily done from the All leases page through an option in the menu.
Once a lease is blacklisted, the corresponding static without IP is immediately created. This
static is automatically configured with a set of ACL restrictions that prevent the connection to the
server and its failover. In the meantime, the lease remains valid until it expires, the next client
request for renewal will be denied. Once the lease duration is up, the client MAC address is dis-
connected and unable to connect again.

To blacklist a lease

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. Tick the lease(s) you want to blacklist.
4. In the menu, select Edit > Blacklist lease. The report opens and closes. The lease is still
visible on the All leases page and disappears once it has expired. On the All statics page,
you will be able to find every blacklisted MAC address if you filter the Name column using
blacklist.

Tracking Leases
SOLIDserver keeps track of the leases delivered by all the DHCP servers you manage. The lease
logs are available on the Leases tracking page that provides information on the lease duration
and status, the server that delivered the lease, the host name, its IP and MAC addresses, the
client identifier, and the remote and circuit IDs.

To track leases

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases tracking icon for IPv4 leases or Leases tracking (v6) icon for IPv6 leases.
The All leases page opens and displays the corresponding leases logs.

In IPv4, the lease logs are automatically erased 60 days after the leases have expired, as set in
rule 012. You can change this rule configuration following the procedure below.

416
 Managing Dynamic Addressing

To edit the automatic lease logs purge rule in IPv4

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the Rule # column search field, type in 012. The Purge history of DHCP leases rule is listed.
4. In the Instance column, click on auto_purge_histo_dhcplease. The rule properties page
opens.
5. In the Main properties panel, click on EDIT . The Edit a rule wizard opens.
6. Click on NEXT . The Rule filters page appears.
7. If you chose to schedule the purge, configure the fields according to the table below:

Table 31.10. Rule Filters Parameters

Action Description
Day(s) of the week Select a day or a period of days in the drop-down list. By default,
Every day is selected.
Date of the month Select a date in the drop-down list. By default, Every day is selected.
Month Select a month in the drop-down list. By default, Every month is se-
lected.
Hour Select a specific time or one of the available schedules in the drop-
down list. By default, Every hour is selected.
Minute Select a period of time, minutes-wise, in th drop-down list. By default,
Every minute is selected.

8. Click on NEXT . The Rule parameters page appears.

9. In the Number of days field, type in the number of days beyond which an expired lease
should be removed from the logs. By default, the value is 60 days.
10. Click on OK to commit your modifications. The report open and closes. The rule properties
page is visible again.

You can at any time disable this rule. Tick it in the list and, in the menu, select Edit > Disable.

Displaying the Relay Agent Information (Option 82)

To put it simply, DHCPv4 Option 82 is the DHCP Relay Agent Information option. The DHCP
relay agent and Option 82 are defined in RFC 3046. Option 82 was designed to allow a DHCP
relay agent to insert circuit specific information into a request that is being forwarded to a DHCP
server. Specifically the option works by setting three sub-options: Circuit ID, Remote ID and GI-
ADDR.

• The Circuit ID field generally contains information describing the port location that the DHCP
request is coming in from. It may contain additional information that helps describe which IP
address should be assigned out, such as the VLAN ID, a wireless modem or an ATM virtual
circuit. This value must be unique for a particular switch or router that is providing the Relay
Agent function. The value must also stay the same if modules are installed or removed in the
Switch or Router that implements the Relay Agent. Therefore, having subfields representing
the Module, Slot and Port is highly recommended.

417
 Managing Dynamic Addressing

• The Remote ID field is intended to carry information describing the device at the remote end
of the link. However, in Ethernet systems, this is typically the MAC address of the Relay Agent.
This is not particularly useful since the MAC address would change if the Relay Agent was
ever replaced. Building a DHCP server database using the MAC address of the Relay Agent
would require that the table be rebuilt every time one of the Relay Agents was replaced. Some
vendors have modified this field to use the IP address of the Relay Agent or some other string
describing the Relay Agent. This field must be unique to the entire network.
• The GIADDR (or Gateway Address) field is part of the normal DHCP message. It contains the
IP address of the Relay Agent. Since IP addresses must be unique, this field is unique for the
entire network.

By combining the GiAddr and the Circuit ID, a network wide unique string can be created. This
string can be used for table lookup in the DHCP server. We called this string a pseudo MAC ad-
dress, since most DHCP servers do a MAC to IP mapping in their databases.

In its default configuration, the DHCP Relay Agent Information Option passes along port and
agent information to SOLIDserver DHCP server. It is useful in statistical analysis, as well as, in-
dicating where an assigned IP address physically connects to the network. It may also be used
to make DHCP decisions based on where the request is coming from or even which user is
making the request, for more information on how to implement it, please refer to the DHCP Options
chapter.

The following procedure explains how to add the Circuit ID column in the listing of the leases.
This information is only available on the EfficientIP's SOLIDserver DHCP and is not available
with the other DHCP server vendors.

To display the circuit ID within the leases listing

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Leases icon. The All leases page opens.
3. In the menu, select Settings > Configure listing template. The template selection wizard
opens.
4. In the Action drop-down list, select Edit: Default to edit the default template. Or select New
Template and in the name it.
5. Click on NEXT . The DHCP lease list configuration page opens.
6. In the Hidden columns list, double-click on DHCP lease circuit ID. The column is moved to
the Displayed columns list. Use the and to place the column where you want. If you
configured classes, follow the next step. If you did not create any class, go straight to step
8.
7. Click on NEXT . The next page of the wizard appears.
8. In the Filter class type drop-down list, select None or one of your classes according to your
needs.
9. Click on OK to validate. The Circuit ID will appear in the DHCP lease listing where you placed
it if you modified the default template. Note that if you created a template, you have to display
it to visualize the added column (in the menu, select Display > Listing template > your tem-
plate).

To display the remote ID within the leases listing

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.

418
 Managing Dynamic Addressing

2. Click on the Leases icon. The All leases page opens.

3. In the menu, select Settings > Configure listing template. The template selection wizard
opens.
4. In the Action drop-down list, select Edit: Default to edit the default template. Or select New
Template and in the name it.
5. Click on NEXT . The DHCP lease list configuration page opens.
6. In the Hidden columns list, double-click on DHCP lease remote ID. The column is moved to
the Displayed columns list. Use the and to place the column where you want. If you
configured classes, follow the next step. If you did not create any class, go straight to step
8.
7. Click on NEXT . The next page of the wizard appears.
8. In the Filter class type drop-down list, select None or one of your classes according to your
needs.
9. Click on OK to validate. The Circuit ID will appear in the DHCP lease listing where you placed
it if you modified the default template. Note that if you created a template, you have to display
it to visualize the added column (in the menu, select Display > Listing template > your tem-
plate).

The Relay agent Information with DHCPv6

With DHCPv6, the client ID, circuit ID and remote ID are not supported. It is impossible therefore
to retrieve these pieces of information separately, much less display them in a listing template
on the leases page. This information might be delivered by the agent in DHCPv6 but the appliance
will not retrieve it at the server level.

The equivalent of the option 82 relay agent would be the DHCPv6 option 9 (relay message option)
and the option 47 (relay data option).

Restricting Access
When a DHCP client requests an IP address, SOLIDserver offers an address from a range asso-
ciated with the network segment for that client. In addition to identifying DHCP clients and alloc-
ating addresses to them, you might want to identify clients for other reasons.

For instance, you can control access to leases that the SOLIDserver supplies or restrict allocation
of IP addresses to DHCP clients the network administrators do not know. Some network areas
might want to group clients in some way or you might have to allocate dynamic IP addresses for
known clients on a particular network segment and for unknown clients on the same network
segment but on a different subnet.

Therefore, SOLIDserver provides you with several ways to restrict the access to DHCP clients.

Warning
This configuration is not available on Microsoft Windows servers. Access control is
only available on EfficientIP SOLIDserver appliances and on ISC DHCP delivered
in EfficientIP's packages for Linux, Solaris and FreeBSD.

419
 Managing Dynamic Addressing

Granting Access to Known Clients

If you want to set up a SOLIDserver that provides dynamic IP addresses only to known clients,
you first need to declare static reservations for these clients with a client identifier or a MAC ad-
dress, without specifying an IP address for them. Then, you must configure the DHCP server not
to provide IP addresses to unknown clients, in order to limit access to DHCP clients for which
static reservations exist. To apply this mechanism you have to setup the Allow Known Client ACL
on the DHCP ranges.

Note
DHCPv6 does not support ACLs configuration.

To grant DHCP access only to known clients

1. Go to the properties page of the range of your choice. For more details, see To display a
DHCP range properties page.
2. In the ACLs panel, click on EDIT . The Edit a DHCP range wizard opens.
3. Click on NEXT to skip the range main information. The next page of the wizard appears.
4. In the Specific ACL section, do not modify anything.
5. In the General ACL section, in the drop-down list select known clients.
6. In the Allow section, tick the box. The ACL field displays allow known clients.
7. Click on . allow known clients is now listed in the DHCP range ACL.
8. Click on OK to commit your changes. The report opens and closes. The modification is visible
in the ACLs panel.

Restricting Access Using ACLs

SOLIDserver offers a construct called ACL that you can use to group DHCPv4 clients in a more
general manner than you can do with a static reservation. Like static reservations, ACLs can be
used as a client membership to control how addresses are allocated. DHCP clients become
members of ACLs either because they match an ACL matching rule or because they match an
entry of that ACL. ACLs can be applied to allow or deny the dynamic allocation from a range of
IP addresses. Once an ACL is defined it can be used several times to restrict the access to a
range.

The DHCP modules provides two different lists regarding ACLs:

• The All ACLs page is accessible through the Display menu on the DHCP homepage and from
the All servers, scopes, ranges and leases pages.
• The ACL Entries page that is only accessible through the breadcrumb on the All ACLs page.

Adding, Editing and Copying ACLs

From the All ACLs page you can add ACLs that grant or deny access to the DHCPv4 servers of
your choice. The ACL is a succession of checks that ultimately make sure that all the parameters
you want or refuse from your DHCPv4 clients towards the DHCP server of your choice are re-
spected. There are a number of predefined ACLs available upon creation if you want to apply
specific behaviors or simply reuse the syntax and configure a custom made ACL. Among them,
only the MAC address checks a list of data rather than parameters.

420
 Managing Dynamic Addressing

To add an ACL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the menu, select Add > ACL. The DHCP server selection page of the wizard opens.
4. In the DHCP server list, select one of your DHCPv4 servers.
5. Click on NEXT . The DHCP ACL parameters page opens.
6. In ACL name field, type in the name of the ACL to be created.
7. In the Predefined ACL drop-down list, you can select one of the available ACLs. The ACL
syntax is displayed in the ACL rule field and can be modified. By default, None is selected
and nothing is displayed in the ACL rule field.
8. In the ACL rule field, type in or modify the syntax if need be.
9. Click on OK to commit your configuration. The report opens and closes. The ACL is listed.

Once added, the ACL can be configured to be even more efficient. For instance, if you used the
MAC address ACL or an ACL comparing a list of information, you can define an ACL Entry to
set up the corresponding parameters, and make sure, for example, that the access list will be
granted or denied only to the MAC address of your choice.

To edit an ACL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. Filter the list if need be.
4. Put your mouse over the ACL you want to edit. The Info Bar appears.
5. Click on . The ACL properties page opens.
6. In the Main properties panel, click on EDIT . The DHCP ACL parameters wizard opens.
7. Edit the ACL name, Predefined ACL and ACL rule fields according to your needs.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.

At any time, you can copy an ACl from one server to the other. This ACL duplication copies the
ACL entries as well. However, once copied, you still to assign each new ACL in the target server
to use it.

Keep in mind that if your physical server is managed through a smart, only the ACL created on
the smart can be duplicated.

To copy an ACL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. Filter the list if need be.
4. Put your mouse over the ACL you want to edit. The Info Bar appears.
5. Click on . The ACL properties page opens.
6. In the Main properties panel, click on EDIT . The DHCP ACL parameters wizard opens.

421
 Managing Dynamic Addressing

7. Edit the ACL name, Predefined ACL and ACL rule fields according to your needs.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.

If you migrate an ACL to a smart architecture that manages physical servers, the ACL is copied
to the smart and then pushed to the physical server: it stays in Delayed create until it is successfully
pushed.

Adding ACL Entries

Once you added an ACL, you can add ACL entries to the ACL to define the rule that governs the
ACL you are adding. Note that you can only add or delete ACL Entries, you cannot edit them
even from their properties page.

To add an ACL Entry

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the breadcrumb, click on ACL Entries. The ACL Entries page opens.
4. In the menu, select Add > ACL Entry. The Add an ACL data wizard opens.
5. In the DHCP server list, select one of your DHCPv4 servers.
6. Click on NEXT . The next page opens.
7. In the DHCP ACL list, select the ACL of your choice.
8. Click on NEXT . The last page opens.
9. In the ACL Entry field, type in your condition following the a MAC format of two hexadecimal
characters separated by a semi-colon. If your ACL is a matching MAC address, type in the
matching MAC address.
10. Click on OK to commit your addition. The report opens and closes. The ACL Entry is listed,
it named after the server it belongs to and its value matches what you typed into the ACL
Entry field.

Configuring the PXE

The PXE (Preboot eXecution Environment) is used to boot hosts using a network interface inde-
pendently of available data storage devices or installed operating systems. The PXE protocol is
a combination of DHCPv4 and TFTP protocol. DHCP is used to locate the appropriate boot
server or servers, with TFTP used to download the initial bootstrap file. After it downloads the
file, the host reboots and sends another IP address request. When such a PXE client starts up,
it first requests an IP address in order to download the file it needs to boot.

The client, wishing to remotely boot an operating system image, broadcasts a DHCPDISCOVER
packet as per the DHCP protocol. This packet is transmitted to acquire an IP address. The client
also sends PXE protocol specific DHCP option 60 (Vendor Class Identifier) along with this
packet. The DHCP server responds to the above DHCPDISCOVER packet by sending a DH-
CPOFFER packet that contains the IP Address allocated to the client. In a PXE remote boot, the
DHCP server also sends:

• a special tag (option 60, with the value set to the string "PXEClient") to identify that it is capable
of configuring a PXE client.

422
 Managing Dynamic Addressing

• the next server to specify the server host address from which the initial boot file is to be loaded.
• the filename to specify the name of the initial boot file to be loaded by a DHCP client.

The client downloads the executable file using either standard TFTP (port69) or MTFTP (port
assigned in Boot Server Ack packet). The file downloaded and the placement of the downloaded
code in memory is dependent on the client's CPU architecture. After it downloads the boot file,
the client reboots and sends a new DHCPDISCOVER.

You can set a different lease time for PXE boot requests to manage your dynamic ranges better.
The DHCP server can allocate an IP address with a shorter lease time to hosts that send PXE
boot requests in order to release IP addresses faster.

Note
There is no Preboot eXecutable Environment boot standard for IPv6 yet.

Necessary Parameters for PXE

Usually, to implement the PXE protocol, DHCP options and/or BOOTP parameters must be
configured:

• Next-server (BOOTP parameter) specifies the host address of the server from which the initial
boot file (specified in the filename statement) is to be loaded. The value of this option should
be a numeric IP address. If no next-server parameter applies to a given client, the DHCP
server IP address is used.
• TFTP-server-name (DHCP option #66) is used to identify a TFTP server when the Next-
server (BOOTP parameter) field in the DHCP header has been used for DHCP options.
• Filename (BOOTP parameter) specifies the name of the initial boot file to be loaded by a
DHCP client. The value of this option should be the name of a file that is recognizable to
whatever file transfer protocol the client is expected to use to load the file. Some clients might
prefer to receive this information in the bootfile-name option.
• Bootfile (DHCP option #67) specifies the name of the boot file to be used when the file field
is used to carry options.

These options can be configured at multiple levels: server, scope, static reservation, DHCP group
or dynamic range.

To configure the next-server and the filename options in DHCPv4

1. Go to the properties page of the server, scope, range, group or static of your choice.
2. In the DHCP options panel, click on the EDIT . The Configure DHCP options wizard opens.
3. In the Option category drop-down list, select the BootP Compatible option. The two options:
next-server and filename are listed among the options.
4. In the next-server field, type in the IP address of the server which the initial boot file will be
loaded.
5. In the filename field, type in the name of the initial boot file to be loaded by the DHCP client.
6. Click on OK to commit your configuration. The report opens and closes. The modifications
are listed in the DHCP options panel.

423
 Managing Dynamic Addressing

Note
The PXE parameters configuration only applies to DHCPv4. For now, it is impossible
to set them with IPv6 addressing.

Duplicated lease with PXE

The PXE client uses two stages in its IP address request. The first is done by the hardware
firmware, and the second one by the operating system. On some configuration the hardware can
request IP address by using DHCP parameters that differ from the operating system, and then
have two different DHCP leases for the same device. For instance, the first DHCP lease is de-
livered by the PXE stage by using the MAC address as lease identifier, and the operating system
receive another DHCP lease based on a client identifier (sent by the client) instead of the MAC
address. In this case the DHCP server believes it negotiates IP addresses for two different clients,
one based on its MAC address and the other one on its client identifier.

To avoid this issue, SOLIDserver manages leases by setting a different lease time for PXE boot
request. SOLIDserver allows you to allocate an IP address with a shorter lease time to hosts that
send PXE boot requests, so IP addresses are not leased longer than necessary. By default the
lease duration for PXE client is set to 5 minutes (300 seconds). It can be changed by following
the next procedure.

To change the lease time for PXE client

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACL page opens.
3. In the Name column search engine, type in PXE. The PXE clients ACLs are listed.
4. At the end of the line of the ACL of your choice. Click on . The properties page opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. In the Option category drop-down list, select Most used options.
7. In the Default lease time field and in the Max lease time, type in the durations of your choice.
These value are in seconds, by default they are set to 300 seconds (5 minutes)
8. Click on OK to commit the configuration. The report opens and closes. The modifications
are listed in the DHCP options panel.

Preventing IP Address Duplication

The ping check feature tells the DHCP server whether to send a ping request to check an IP
address before offering it to a DHCP client using either IPv4 or IPv6. The ping check feature can
protect the DHCP against address overlapping.

When the DHCP server is considering dynamically allocating an IP address to a client, it first
sends an ICMP echo request (a ping) to the address being assigned. It waits for a second, and
if no ICMP echo response has been heard, it assigns the address. If a response is heard, the
lease is abandoned, and the server selects another free IP address and sends it a ping. The
DHCP server continues this process until it finds an IP address that does not respond to the ping.
The DHCP server then sends a DHCPOFFER message with the unused IP address to the DHCP
client.

424
 Managing Dynamic Addressing

To enable the ping check with DHCPv4

1. Go to the properties page of the DHCPv4 server of your choice.

2. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
3. In the Option category, select Server parameters.
4. In the Ping check drop-down list, select Yes.
5. In the Ping timeout field, you can set up a timeout if necessary.

Note
If the DHCP server determines that it should send an ICMP echo request (a
ping) because the ping-check statement is true, ping-timeout allows you to
configure how many seconds the DHCP server should wait for an ICMP Echo
response to be heard, if no ICMP Echo response has been received before the
timeout expires, it assigns the address. If a response is heard, the lease is
abandoned, and the server does not respond to the client. If no value is set, the
ping-timeout is of 1 second by default.

6. Click on OK to commit the update. The report opens and closes. The modifications are listed
in the DHCP options panel.

With DHCPv6, the procedure is similar. Only a few wizard-related steps change.

To enable the ping check with DHCPv6

1. Go to the properties page of the DHCPv6 server of your choice.

2. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
3. In the Ping check drop-down list, select Yes.
4. In the Ping timeout field, you can set up a timeout if necessary.

Note
If the DHCP server determines that it should send an ICMP echo request (a
ping) because the ping-check statement is true, ping-timeout allows you to
configure how many seconds the DHCP server should wait for an ICMP Echo
response to be heard, if no ICMP Echo response has been received before the
timeout expires, it assigns the address. If a response is heard, the lease is
abandoned, and the server does not respond to the client. If no value is set, the
ping-timeout is of 1 second by default.

5. Click on OK to commit the update. The report opens and closes. The modifications are listed
in the DHCP options panel.

425
Chapter 32. Managing Failover Channels
SOLIDserver allows you to display all the failover channels for the DHCP smart architectures it
manages.

In contrast with One-to-One and One-to-Many smart architectures that include as many failover
channels as physical secondary servers, the failover channel of a Single-Server or a Split-Scope
architectures are virtual. It links the managed server(s) to the smart architecture that act as a
configuration backup for the dhcpd.conf file. For more details, refer to the Understanding the
DHCP Safe Failover section of this guide.

The All failover channels page provides you with detailed information on all the failover channels
of the smart architectures you manage.

Browsing the DHCP Failover Channels Database

To list DHCPv4 failover channels using the DHCP homepage buttons

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels icon. The All failover channels page opens.

To list DHCPv4 failover channels through the Display menu

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All failover channels. The All failover channels page opens.

To list DHCPv6 failover channels using the DHCP homepage buttons

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels (v6) icon. The All failover channels page opens.

To list DHCPv6 failover channels through the Display menu

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All failover channels (v6). The All failover channels page
opens.

Understanding the DHCP Failover Channels Columns

The DHCP module provides a failover channels page both in IPv4 and IPv6.

Note
The concept of failover channels is not very widespread in IPv6. Still, awaiting for its
implementation, SOLIDserver already proposes a listing page for the virtual failover
channels that provides a backup of the smart architectures configuration. For more
details refer to the DHCPv6 Smart Architectures section of this guide.

426
 Managing Failover Channels

Understanding the DHCPv4 Failover Channels Columns

The DHCPv4 All failover channels page displays 10 columns described in the table below:

Table 32.1. All Failover Channels Columns

Column Description
Name Displays the name of each of the failover channels that you set when
creating the smart architecture.
Smart DHCP Lists the name of the DHCP smart architectures.
Primary server Displays the IP address of the master DHCP server from which the data
is sent through the failover channel.
Primary port Displays the number of the primary DHCP server port used to send data
through the failover channel.
Secondary server Displays the IP address of the backup DHCP server to which the data
is sent through the failover channel.
Secondary port Displays the number of the secondary DHCP server port dedicated to
the failover channel.
Split Displays the way leases are split between the servers: Balanced, Prefer
backup or Prefer master.
a
Drift Displays the time difference (in seconds) between the two servers. Both
servers must be set at the same time or have a minimal drift (<2s) to
work properly: if the difference is greater than a minute (60 in the
column), it could have consequences on the DHCP failover replication.
To make sure that your appliance and both servers are at the same
time, you can set the time and date configuration through the GUI, force
an NTP update or configure it manually.
Failover state Displays the failover operational state, either Both servers in Timeout,
Normal, Primary recovering, Secondary recovering, Primary in Partner-
down, Secondary in Partner-down, Primary communications-interrupted,
Secondary communications-interrupted, Startup, or Unknown state. For
more details, refer to the Failover Channels State table below.
Status Displays the failover channel status. It can be Delayed create, Delayed
delete or OK. Both creation and deletion might be delayed due to a
scheduled configuration of the server.
Multi-status Displays emergency, warning, critical, error or informational messages
regarding the failover channel, if relevant. For more details, refer to the
Multi-status Column section of this guide.
a
If at least one of the servers does not run properly or is in an earlier version than 5.0.2, this column will display the Un-
supported option status. Indeed, if the servers do not send the time and date data, the drift cannot be calculated.

Note
The Split-Scope and Single-Server smart architecture will provide few inform-
ation on this page as their failover is virtual and therefore cannot be edited. For
both architectures, you will find no data or N/A displayed in every column except the
Name, Smart DHCP and Status columns.

The failover state column is one of the most useful columns as it indicates the operational state.
There are 10 different states in the GUI to provide as much detail as possible.

427
 Managing Failover Channels

Table 32.2. Failover Channels State

Failover state Description
Normal Both of the managed servers are configured and function cor-
rectly. The failover channel is operational.
Startup The failover channel is synchronizing. The failover channel is
operational.
Primary recovering The primary server is recovering from a partner-down state. The
failover channel is operational.
Secondary recovering The secondary server is recovering from a partner-down state.
The failover channel is operational.
! Primary in Partner-down The primary server is in partner-down state. The failover channel
is operational.
! Secondary in Partner-down The secondary server is in partner-down state. The failover
channel is operational.
Primary communications-in- The primary server is in communications-interrupted state. The
terrupted failover channel is operational.
Secondary communications- The secondary server is in communications-interrupted state.
interrupted The failover channel is operational.
Both servers in Timeout Both of the managed servers are in timeout. The failover channel
is not operational.
Unknown state The failover configuration for the smart architecture is incorrect.
The failover channel is not operational.
N/A The failover channel is virtual, therefore the concept of failover
state is not applicable. You will see it for Split-Scope, Single-
Server smart architectures.

Understanding the DHCPv6 Failover Channels Columns

The DHCPv6 All failover channels page displays 9 columns. Considering that the failover channel
in IPv6 is basically virtual as it is, the State column will remain empty.

Table 32.3. All Failover Channels Columns

Column Description
Name Displays the name of each failover channel that you set when creating
the smart architecture.
Type Displays the failover channel type: either Primary or Secondary.
Local address Displays the IP address of the primary server, or Master, in the smart
architecture.
Local port Displays the port number on the smart architecture primary server ded-
icated to the failover.
Remote address Displays the IP address of the secondary server in the smart architecture.
Remote port Displays the port number of the smart architecture secondary server
dedicated to the failover.
State Displays the connection state between the two servers. As nowadays
there is no failover per se in IPv6, this column is empty.
DHCP name Displays the smart architecture name.

428
 Managing Failover Channels

Column Description
Status Displays the failover channel status: either OK, Delayed create or
Delayed delete.
Multi-status Displays emergency, warning, critical, error or informational messages
regarding the failover channel, if relevant. For more details, refer to the
Multi-status Column section of this guide.

Note
The Split-Scope and Single-Server smart architecture will provide few inform-
ation on this page. For both architectures, you will find N/A displayed in the port
related columns.

Switching a DHCP server to Partner-down

There are several DHCPv4 operational states in the failover protocol: Normal, Communications-
interrupted and Partner-down. When one of the managed server is unable to communicate with
the other, or is down, the failover channel switches to the Communications-interrupted state. At
that point, you can choose to place the other server in the Partner-down state and keep making
allowances. There are two ways of switching a server in partner-down: either you automate the
switch or you switch the running server manually.

You can automate the switch for servers managed via One-to-One smart architectures, the ad-
ministrator can also set an Automatic switch to partner-down delay (in minutes) after which a
server in Communications-interrupted state should automatically switch to Partner-down. For
more details, refer to the DHCP One-to-One Smart Architecture section of this guide.

To manually switch a server to partner-down, you can simply break the failover channel following
the procedure below, SOLIDserver will automatically switch the right server to Partner-down. For
more details refer to the Failover Operational States.

To manually switch a server to partner-down

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Failover channels icon. The All failover channels page opens.
3. Click on the icon in the upper right corner to display the DHCP server(s) managed by the
smart architecture(s).
4. Tick the failover channel(s) you want to break.
5. In the menu, select Edit > Switch to partner-down. The Switch to partner-down wizard
opens.
6. Click onOK to commit your modifications. The report opens and closes. The All failover
channels page is visible again. In the Failover state column the failover channel has switched
to Primary in Partner-down or Secondary in Partner-down.

429
Chapter 33. Configuring DHCP Options
The DHCP dynamically distributes addresses, but also offers the possibility of providing config-
uration information and other specific controls to the servers clients. These pieces of information
are called DHCP options.

Most standard DHCP options are currently detailed in the RFC 2132 recommendation, "DHCP
Options and BOOTP Vendor Extensions". Even if most DHCP servers offer several options, the
vast majority of DHCP clients are generally conceived to request and take charge of just a sub-
part of the ensemble of standard RFC options.

SOLIDserver offers to manage 4 types of DHCP option:

• Internal options of the DHCP server: these options allow to configure the global behavior of
the DHCP server when it processes DHCP requests. These options do not have DHCP option
code number and they are only available on the EfficientIP's DHCP engine provided with
SOLIDserver appliances or ISC DHCP software. These options are not sent to the DHCP client.
For more information on internal server options, see the Server parameters section of the ap-
pendix regarding DHCP options.
• Client side options: these options are sent from the DHCP client to the DHCP server to
achieve predefined series of actions, for instance vendor-class or hostname options. If these
options can be processed by the server, their content cannot be configured from the server
side.
• Predefined server side options: these options are predefined and they cannot be modified.
Most of these options are common and include options like: routers, domain-name, name-
server. These options sent from the server to the client describe network configuration settings
and various services available on the network.
• Custom server side options: these option can be added and/or modified according to the
DHCP clients requirements. These options sent from the server to the client describe network
configuration settings and various services available on the network.

SOLIDserver provides a user-friendly interface from which you can apply, modify or delete DHCP
options. EfficientIP's DHCP organization allows you to apply DHCP options on three hierarchical
levels: the server, the scope and the range.

Warning
Microsoft DHCP servers do not allow options configuration on DHCP ranges.

server

scope group

range static
dhcp-navsrv

lease

Figure 33.1. Options in the DHCP Hierarchy

In the above configuration plan, the DHCP server options and maximum lease time have been
defined to the DHCP server globally; these two options will be propagated to the scope and the
range.

430
 Configuring DHCP Options

You will also observe that the default router has been configured both in the DHCP scope and
range. Only in this case shall the default router defined by the range be taken into account.

When it comes to DHCPv6, the options configuration of EfficientIP DHCP servers is roughly the
same, you can configure options at the server and scopes level that will propagate to the lower
levels. You can also set options at the groups level or directly on a specific static reservation.
However, it is not possible to set DHCP options to a range or a lease.

Setting DHCP Options

DHCP options can be configured from the properties pages of different DHCPv4 objects such
as: server, scope, range, static, group, and ACL. In IPv6, the DHCP options can be set at the
server, scope, static and group level: there are no ACLs and the range DHCP options are not
editable.

The options setting will apply to a DHCP client according to a defined precedence. Options are
arranged into a hierarchy in order to respect the following ranking:

• an option set at the ACL level overrides all other options.

• an option set at the static level overrides options at the following levels: group, scope and
server.
• an option set at the group level overrides options at the scope and server level.
• an option set at the range level overrides options at the scope and server level.
• an option set at the scope level overrides options at the server level.
• an option set at the server level is overridden by all other options.

Options can be indifferently applied to the DHCP objects.

But the application of options on this hierarchy depends of technical constraints with your devices
on your network. >>>> However, there are some technical constraints, the devices/clients con-
nected to the network can have an impact on the configuration efficiency.

Basically, the options should be configured by starting from the top of the DHCP tree hierarchy
(server) in order not to configure the same options over and over again on each object. Usually
options specified at the server level are global or applied for a default setup. Everything that was
set at the server level will be propagated onto the lower objects, therefore you can configure a
common set of options and then add other options to the other objects to match clients needs.
If you do not configure repeatedly the same options to several objects, your DHCP configuration
will be simpler to manage.

The vendors' DHCP servers that SOLIDserver can manage do not share the same internal archi-
tecture and cannot be managed in the same way. For instance, contrary to EfficientIP DHCP
server, Microsoft DHCP server does not support the configuration of options at the range level.

Warning
Only the options identified by a number are supported by the Microsoft DHCP service.

To configure DHCP options at the server level in DHCPv4 or DHCPv6

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.

431
 Configuring DHCP Options

3. At the end of the line of the server of your choice, click on . The server properties page
opens.
4. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
5. Modify the fields of your choice. For more details regarding options parameters, see the
Customizing DHCP Options part below.
6. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.

To configure DHCP options at the scope level in DHCPv4 or DHCPv6

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.

To configure DHCP options at the range level in DHCPv4

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 ranges.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.

To configure DHCP options at the static level in DHCPv4 or DHCPv6

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Statics icon. The All statics list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes or IP6 to display the
DHCPv6 scopes.
4. At the end of the line of the scope of your choice, click on . The scope properties page
opens.
5. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.

432
 Configuring DHCP Options

6. Modify the fields of your choice. For more details regarding options configuration, see the
Customizing DHCP Options part below.
7. Click on OK to commit the changes. The report opens and closes. The modifications are
visible in the panel.

Customizing DHCP Options

SOLIDserver allows to define DHCP custom options for specific DHCP clients like special terminal
devices or IP phones. Each value of DHCP option is built by the DHCP server according to a
predefined data type, structure of data types or array of types. The graphical user interface allows
the administrator of a DHCP server to define the custom data type according to the requirements
of the DHCP clients.

To add a custom DHCP option in DHCPv4

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All options definitions. The list All options definitions opens,
i.e. the list of all the options defined at the DHCPv4 servers level.
4. In the menu, select Add > Option definition. The DHCP server configuration wizard opens.
5. In the DHCP server list, select the server on which you want to specify the custom option..
6. Click on NEXT . The next page of the wizard appears.
7. In the Option name field, name the custom option. The option will be named option yourop-
tionname in the Name column.
8. In the Option space field, you can fill in the option space parameter that will be used to build
encapsulated options. If the space name you chose does not exist it will be created.
9. In the Option code field, enter an option code. This code is a number between 1 to 255.

Note
If you are creating a code within the dhcp space, you must define a code
greater than 128. The option codes included between 1 and 128 are usually
reserved: using a code included in that range of numbers would overwrite existing
options.

10. In the Parameter counter drop-down list, select the number of parameters you want to set
for that option. You can select up to 6 parameters, the corresponding number of fields will
appear.
11. In the Parameter <number> drop-down list, you have to choose one of the parameters below:

Table 33.1. DHCP options parameter types

Data type Description
IP address an IPv4 address.
Boolean a flag accepting a value of either true or false (or yes or no).
Text an ASCII text string (the same as the text data type) or a list of
hexadecimal characters separated by colons Formatting to distin-
guish an ASCII text string from a hexadecimal string is important.

433
 Configuring DHCP Options

Data type Description

8 bits value a numeric range of the following possible values 8-bit unsigned in-
teger: from 0 to 255 or signed: from -128 to 127.
16 bits value a numeric range of the following possible values 16-bit signed in-
teger: from -32,768 to 32,767
32 bits value an ASCII text string (the same as the text data type) or a list of
hexadecimal characters separated by colons Formatting to distin-
guish an ASCII text string from a hexadecimal string is important.
For details, see the following section.
Encapsulate <option- The Encapsulate option parameters allow to encapsulate a number
space> of different options and information. For instance, Encapsulate
MSFT, Encapsulate MSUCClient, etc. The list will vary. Keep in
mind that these encapsulated parameters are available only for
DHCPv4 servers managed through a smart architecture.

Keep in mind that the encapsulated options' type is binary but equivalent to the text format.
Its value is set in hexadecimal and looks as follows: \x01\xA2\x45\x12.

If you selected more than one Parameter counter, you need to repeat this step for each one
them.
12. In the Type is array section, tick the box if you want to specify an array of the parameters
you configured.

Note
The Type fields, sums up the selected parameters. Each letter that appears in
this field corresponds to a parameter. For instance, if you specify an array of IP
addresses the type will be IA, if you specify an array of repeated addresses plus
a boolean the type will be IfA.

13. Click on OK to commit your changes. The report opens and closes. The option is listed.

With DHCPv6, you also have the possibility to add custom options, however there are less
parameters available.

To add a custom DHCP option in DHCPv6

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All Options Definitions (v6). The list All options definitions
opens, i.e. the list of all the options defined at the DHCPv6 servers level.
4. In the menu, select Add > Option definition. The DHCP server configuration wizard opens.
5. In the DHCP server list, select the server on which you want to specify the custom option..
6. Click on NEXT . The next page of the wizard appears.
7. In the Option name field, name the custom option. The option will be named "option
youroptionname" in the Name column.
8. In the Option space field, you can fill in the option space parameter that will be used to build
encapsulated options.

434
 Configuring DHCP Options

9. In the Option code field, enter an option code. This is a number from 1 to 255.

Note
If you are creating a code within the dhcp space, you must define a code
greater than 128. The option codes included between 1 and 128 are usually
reserved: using a code included in that range of numbers would overwrite existing
options.

10. In the Parameter counter drop-down list, select the number of parameters you want to set
for that option. You can select up to 6 parameters, the corresponding number of fields will
appear. In each drop-down list, you will have to choose one of the parameters below:

Table 33.2. DHCPv6 options parameter types

Data type Description
IP address an IPv4 address.
Boolean a flag accepting a value of either true or false (or yes or no).
Text an ASCII text string (the same as the text data type) or a list of
hexadecimal characters separated by colons Formatting to distinguish
an ASCII text string from a hexadecimal string is important.
8 bits value a numeric range of the following possible values 8-bit unsigned in-
teger: from 0 to 255 or signed: from -128 to 127.
16 bits value a numeric range of the following possible values 16-bit signed integer:
from -32,768 to 32,767
32 bits value an ASCII text string (the same as the text data type) or a list of
hexadecimal characters separated by colons Formatting to distinguish
an ASCII text string from a hexadecimal string is important. For de-
tails, see the following section.
Encapsulate server With DHCPv6, only the Encapsulate server option is available to the
servers managed through a smart architecture.

11. In the Type is array section, tick the box if you want to specify an array of the parameters
you configured.

Note
The Type fields, sums up the selected parameters. Each letter that appears in
this field corresponds to a parameter. For instance, if you specify an array of IP
addresses the type will be IA, if you specify an array of repeated addresses plus
a boolean the type will be IfA.

12. Click on OK to commit your changes. The report opens and closes. The option is listed.

DHCP Vendor Class Identifier

The vendor class identifier option is used by DHCP clients to specify their vendor type and con-
figuration if need be. The information is a string of n octets, interpreted by servers. Vendors may
choose to define specific vendor class identifiers to convey particular configuration or other
identification information about a client. For example, the identifier may encode the client's

435
 Configuring DHCP Options

hardware configuration. Servers not equipped to interpret the class-specific information sent by
a client must ignore it (although it may be reported). On the contrary, the servers that respond
should only use option 43 to return the vendor-specific information to the client.

With DHCPv6, the RFC 3315 defines the Vendor-specific Information Option. SOLIDserver
provides it through the option dhcp6.vendor-opts (option 17) in the All options definitions list.

Option 82: Relay Agent Information

To put it simply, DHCPv4 Option 82 is the DHCP Relay Agent Information option. The DHCP
relay agent and Option 82 are defined in RFC 3046. Option 82 was designed to allow a DHCP
relay agent to insert circuit specific information into a request that is being forwarded to a DHCP
server. Specifically the option works by setting three sub-options: circuit ID, remote ID and GIAD-
DR.

• The circuit ID field generally contains information describing the port location that the DHCP
request is coming in from. It may contain additional information that helps describe which IP
address should be assigned out, such as the VLAN ID, a wireless modem or an ATM virtual
circuit. This value must be unique for a particular switch or router that is providing the Relay
Agent function. The value must also stay the same if modules are installed or removed in the
Switch or Router that implements the Relay Agent. Therefore, having subfields representing
the Module, Slot and Port is highly recommended.
• The remote ID field is intended to carry information describing the device at the remote end of
the link. However, in Ethernet systems, this is typically the MAC address of the Relay Agent.
This is not particularly useful since the MAC address would change if the Relay Agent was
ever replaced. Building a DHCP server database using the MAC address of the Relay Agent
would require that the table be rebuilt every time one of the relay agents was replaced. Some
vendors have modified this field to use the IP address of the Relay Agent or some other string
describing the relay agent. This field must be unique to the entire network.
• The GIADDR (or Gateway Address) field is part of the normal DHCP message. It contains the
IP address of the Relay Agent. Since IP addresses must be unique, this field is unique for the
entire network.

By combining the GIADDR and the circuit ID, a network wide unique string can be created. This
string can be used for table lookup in the DHCP server. We called this string a pseudo MAC ad-
dress, since most DHCP servers do a MAC to IP mapping in their databases.

In its default configuration, the DHCP Relay Agent Information option passes along port and
agent information to SOLIDserver DHCP server. It is useful in statistical analysis, as well as, in-
dicating where an assigned IP address physically connects to the network. It may also be used
to make DHCP decisions based on where the request is coming from or even which user is
making the request.

The following actions should be performed by the SOLIDserver DHCP when receiving a DHCP-
DISCOVER or DHCPREQUEST message with Option 82 set:

1. Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-
originated DHCP packets to a DHCP server.
2. Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-
originated DHCP packets to a DHCP server.
3. Servers recognizing the Relay Agent Information option may use the information to select the
IP address or other parameter assignment policies through the SOLIDserver ACL.

436
 Configuring DHCP Options

4. Switch or Router (as the DHCP relay agent) intercepting the DHCP requests, appends the
circuit ID with remote ID into the option 82 fields and forwards the request message to
SOLIDserver DHCP server.

The following procedure explains how to create an ACL rule allowing to restrict the IPv4 address
range to select or to send specific DHCP options according to the option 82 sent to the SOLID-
server DHCP server.

To create an ACL based on the option 82: Circuit ID within the leases user interface

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. Click on the name of the DHCPv4 server of your choice. The All scopes list of that server
opens.
4. In the menu, select Display > All ACLs. The All ACLs list of that server opens.
5. In the menu, select Add > ACL. The DHCP ACL parameters wizard opens.
6. In the ACL name field, name your ACL.
7. In the Predefined ACL drop-down list, select None.
8. In the ACL rule field, type in the command below highlighted in gray. It sets up an ACL that
filters the DHCP option 82 as long as the client remote id first letters match the keyword of
your choice, in the example "dslam1".

Example 33.1. A DSLAM ACL based on option 82

In that example all DHCP clients that pass the option 82 including the "dslam1" keyword in
the remote-id will trigger this ACL.
match if (substring(option agent.remote-id,0,6) = "dslam1");

9. Click on OK to commit the ACL addition. The report opens and closes. The ACL is listed.

Once the ACL is created, you can apply it to a DHCPv4 range to allow or restrict the access to
all clients that match this ACL rule. ACL can also be used to send specific DHCP options to the
clients that match this ACL rule. Edit the properties of the ACL to setup its DHCP option policies.

The Relay agent Information with DHCPv6

With DHCPv6, the client ID, circuit ID and remote ID are not supported. It is impossible therefore
to retrieve these pieces of information separately, much less display them in a listing template
on the leases page. This information might be delivered by the agent in DHCPv6 but the appliance
will not retrieve it at the server level.

The equivalent of the option 82 relay agent would be the DHCPv6 option 9 (relay message option)
and the option 47 (relay data option).

Option 43: Vendor Specific Information

Option 43 was designed to exchange vendor-specific information between DHCPv4 servers and
clients. It was defined in the RFC 2132 as part of the DHCP Options and BOOTP Vendor Exten-
sions.

437
 Configuring DHCP Options

Within SOLIDserver, the vendor-specific information is stored in an ACL. Any client matching the
vendor information is attributed a set of options that you can configure through option definitions.
To properly setup option 43 on a DHCPv4 server in the GUI you need to:

1. Retrieve the vendor-class identifier from the DHCP handshake.

2. Create a new ACL that contains the vendor-class identifier.
3. Create as many DHCP option definitions as needed using the the ACL as a option space.
4. Configure the server ACL DHCP options to:
a. set the Vendor option space that triggers the option 43 behavior on all the clients matching
the vendor-class identifier.
b. set the value of your choice on all the option definitions you created.

Once the configuration is complete, the clients matching the vendor-class identifier are automat-
ically attributed the option definitions specified.

To retrieve the vendor-class identifier

1. With a packet analyser, perform a network capture of the DHCP handshake.

2. Open the network capture.
3. In the Bootstrap Protocol section, look for the Vendor class identifier. It is listed between
double quotes among the options, as illustrated in the image below.

Figure 33.2. Example of the section Bootstrap Protocol

438
 Configuring DHCP Options

To create a new ACL that includes the vendor-class identifier

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All ACLs. The All ACLs list opens.
3. In the menu, select Add > ACL. The DHCP server selection wizard opens.
4. In the DHCP server list, select the DHCPv4 server of your choice.
5. Click on NEXT . The DHCP ACL parameters wizard opens.
6. In the ACL name field, name your ACL.
7. In the Predefined ACL drop-down list, select None.
8. In the ACL rule field, type in the command below.
match if option vendor-class-identifier = "<%found-value>";

To create a DHCP option definition with the new ACL

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Display > All option definitions. The All option definitions list of that
server opens.
3. In the menu, select Add > Option definition. The DHCP server selection wizard opens.
4. In the DHCP server list, select the DHCPv4 server for which you configured the ACL.
5. Click on NEXT . The DHCP option definition wizard opens.
6. Configure the option. The accepted code, parameter counter, and type should be mentioned
in your device documentation.

a. In the Option name field, name your option.

b. In the Option space field, type in the ACL name.
c. In the Option code field, type in a code following your device documentation.
d. In the Parameter counter drop-down list, select a value following your device document-
ation.
e. In the Parameter 1 drop-down list, select a value following your device documentation.
f. In the Type is array section, tick or untick the checkbox following your device document-
ation.

7. Click on OK to commit the creation. The report opens and closes. The option is listed as
follows: <option-space-name>.<option-name>.

Repeat this procedure for as many option definitions as needed: each definition creates a field
in the DHCP options configuration wizard which value you can set in the procedure below.

To configure the server with your DHCP option

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DHCP servers icon. The All servers list opens.
3. In the menu, select Display > All ACLs. The All ACLs list of that server opens.
4. Filter the list of need be.

439
 Configuring DHCP Options

5. At the end of the line of the ACL you created, click on . The ACL properties page opens.
6. Click on to expand all the panels.
7. In the DHCP options panel, click on EDIT . The Configure DHCP options wizard opens.
8. Configure the vendor-specific identifier match:

a. In the Option category drop-down list, select Basic. The wizard refreshes.
b. In the Vendor option space drop-down list, select your option, it is listed as follows
Vendor <your-option-name>.

9. Configure the value of your option definitions:

a. In the Option category drop-down list, select Vendor <your-option-name>. The wizard
refreshes.
b. Fill in all the option definition fields you created. They are all displayed as follows: <your-
option-defintion-name> (<your-option-code>). The value expected in each field depends
on what settings your configured when creating the option definition.

10. Click on OK to commit the changes. The report opens and closes. The option is listed in the
panel.

• In the Main properties panel, the Rule field contains the value of your ACL: the vendor-
specific identifier match conditions.
• In the DHCP options panel, you can see:
• the Vendor option space field that displays your option name.
• a field for each of your option definitions named as follows: <your-option-name>.<your-
option-defintion-name> followed by the value your just set in the DHCP option config-
uration wizard.

440
Chapter 34. Reporting and Monitoring
the DHCP
SOLIDserver provides a number of rules and options that allow to have an overview of the DHCP
usage or to be notified if a DHCP server is in timeout. Note that for own, all the procedures de-
scribed in this chapter only apply to DHCP objects managing IPv4 addressing.

Generating DHCP Reports

EfficientIP provides DHCP dedicated reports at server and scope level.

For more details regarding the reports generation possibilities, refer to the chapter Managing
Reports.

DHCP Server Reports

The server dedicated reports are available on the All servers page.

Server options comparison

Prerequisite: Selecting at least two servers.

Description: Compares one by one all the DHCP options configured on the selected servers.
For more details regarding DHCP options, refer to the chapter DHCP Options.

Server usage evolution charts

Prerequisite: Selecting at least one server.

Description: Contains lease and queries dedicated charts providing an overview of a server
usage evolution. The chart results are based on server usage a daily, monthly, semestrial and
yearly basis.

DHCP Scope Reports

The scopes dedicated reports are only available on the All scopes page. However, the server
dedicated reports are available on the All server page as well as the All scopes page of a specific
server.

Scopes options comparison

Prerequisite: Selecting at least two scopes.

Description: Compares one by one all the DHCP options configured on the selected scopes.
For more details regarding DHCP options, refer to the chapter DHCP Options.

Scopes summary

Prerequisite: Selecting at least one scope.

441
 Reporting and Monitoring the DHCP

Description: Provides detailed tables of the DHCP options activity and origin of the selected
scope(s). For instance, it indicates if the option was set at scope level or inherited from the
managing server.

Monitoring DHCP Servers

In order to monitor DHCP servers efficiently, SOLIDserver allows you to set some advanced rules
to check and send a trap, visualize the state of DHCP graphs, purge the history of the DHCP
embedded into the product, etc.

To monitor DHCP events, make sure the server is responding and so forth, you can set an alert
This alert can for instance send an SNMP trap to let you know if the DHCP server is still working
or if the server is in time out. For more details, refer to the chapter Managing Alerts of this guide.

Setting DHCP Monitoring Rules

The majority of rules that monitor resources check the status of some resources and then send
an alert to SOLIDserver or a TRAP to external monitoring tool. In the following procedures, we
are going to configure a monitoring process to add the rules 105 and 082 that respectively check
DHCP scope/range usage and send an alert if a DHCP scope is full.

To add the rule 105

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select DHCP.
5. In the Event drop-down list, select Execution of a scheduled rule.
6. In the Rule list, select (105) Check DHCP scope/range usage.
7. In the Rule name, name the rule. That name will be listed in the Instance column.
8. In the Comment field, you can type in a comment if you want.
9. Click on NEXT . The Rule filters page opens.

Set the schedule parameters:

Table 34.1. Scheduled Rules Parameters

Fields Description
Day(s) of the week Select a day or a period of days in the drop-down list. By default,
Every day is selected.
Date of the month Select a date in the drop-down list. By default, Every day is selected.
Month Select a month in the drop-down list. By default, Every month is se-
lected.
Hour Select a specific time or one of the available schedules in the drop-
down list. By default, Every hour is selected.
Minute Select a period of time, minutes-wise, in th drop-down list. By default,
Every minute is selected.

442
 Reporting and Monitoring the DHCP

10. Click on NEXT . The Rule parameters page opens.

11. In the Maximum scope usage field, type in the in percent the maximum scope usage of your
choice. By default, 90 is typed in.
12. Click on OK to commit your rule addition. The report opens and closes. The rule is listed.

Once rule 105 is added, add rule 082.

To add the rule 082

1. In the menu, select Add > Rule. The Add a rule wizard opens.
2. In the Module drop-down list, select DHCP.
3. In the Event drop-down list, select Event.
4. In the Rule list, select (082) Send an alert if a DHCP scope is full.
5. In the Rule name, name the rule. That name will be listed in the Instance column.
6. In the Comment field, you can type in a comment if you want.
7. Click on NEXT . The Rule filters page opens.
8. Click on NEXT . The Rule parameters page opens.
9. Fill in at least one of the rule parameters fields:

• In the IP address of the SNMP trap field, type in the IP address of the appliance that will
receive the SNMP trap. Needless to say another appliance than the one you are currently
working with.
• In the Send a mail to field, type in the email address that will receive the notification.

10. Click on OK to commit your rule addition. The report opens and closes. The rule is listed.

Thanks to these two rules, if scopes from your DHCP servers exceeds the percentage of usage
applied in the first configured rule, you will automatically receive an e-mail and a TRAP sent from
SOLIDserver to your monitoring software. Besides, you can display rule 105 history (Check DHCP
scope/range usage), through the scope properties page in the State log panel: click on to
display the content of the panel.

443
Chapter 35. Importing DHCP Data
SOLIDserver provides wizards to import data from legacy DHCP to all other DHCP servers
managed through SOLIDserver: these wizards are all the more useful during a migration. The
import wizards allow you to load configurations from:

• Spreadsheet files - Comma-Separated Values (CSV).

• ISC DHCP server.
• Alcatel-Lucent DHCP server.
• Microsoft DHCP server.
• Infoblox DHCP server.
• Meta IP DHCP server.
• Nortel NetID.

EfficientIP Recommendations for DHCP Migrations

EfficientIP recommends reducing all lease times to one hour before switching to the new DHCP
server in order to minimize the risk of duplicating IP address assignments during the transition
from the legacy DHCP server to SOLIDserver. This measure ensures that when you turn off your
legacy DHCP servers, the DHCP clients quickly move to SOLIDserver when their lease renewal
efforts fail: they broadcast their first DISCOVER message and get an answer within the hour.

Importing DHCP Data from a CSV File

SOLIDserver provides a simple tool to massively import data from CSV files. The CSV data file
must contain one line per record with the values separated by one special character that can be
a comma, a semi-colon or a tabulation.

The supported DHCP objects for the import are: DHCP scopes, DHCP ranges and DHCP statics
as well. There is no particular columns organization to import data and no data treatment is ne-
cessary before importing the file. During the import, the columns in your files will be selected and
associated with the appropriate DHCP objects.

For more details regarding IPv4 and IPv6 DHCP import, refer to the chapter Importing Data in
the Global Policies part of this guide.

Importing an ISC DHCP Configuration

SOLIDserver allows importing DHCP configuration coming from the ISC DHCP software in IPv4.
Through this import the whole DHCP server configuration will create within an EfficientIP DHCP
server: scopes, ranges, leases, statics, groups and DHCP options. However, there are some
restrictions:

• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.

444
 Importing DHCP Data

• DHCP options restriction: only standard options are supported during the import. If the
server was configured using non standard DHCP options, they will be imported only if they
were previously defined either in the configuration file or within the SOLIDserver appliance.
However, you can configure conditional options afterward using the DHCP ACLs.

The ISC DHCP loads its configuration from the file named dhcpd.conf. This file contains the whole
configuration of the DHCP server. SOLIDserver allows to import this file directly from its graphical
user interface at the scope level of the DHCP organization.

To import an ISC DHCP configuration

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > ISC DHCP. The Import an ISC dhcpd.conf file wizard
opens.
5. Click on BROWSE to find the ISC dhcpd.conf file. Once you clicked on Open, the file is visible
in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes. The file is listed.

This procedure also works within the scopes list of the server for which you want to import the
ISC configuration: at the servers level click on the name of the server concerned, once in the
scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.

Several ISC configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.

Importing an Alcatel-Lucent VitalQIP Configuration

SOLIDserver allows importing DHCP configuration coming from Alcatel-Lucent VitalQIP solution
in IPv4. The DHCP range concept does not exist in VitalQIP, each address identified as an object
in VitalQIP can become a dynamic assignment. SOLIDserver will import VitalQIP dynamic objects
as a DHCP range. If several VitalQIP contiguous dynamic objects are imported, SOLIDserver
will add only one dynamic DHCP range providing that VitalQIP dynamic objects share the same
DHCP option set. If not, several DHCP ranges will be created.

SOLIDserver supports the following VitalQIP configuration of DHCP:

• DHCP server options.

• Scopes.
• Scope options.
• Ranges.
• Range options.
• Address pools.

445
 Importing DHCP Data

• Static reservations.
• Static reservations options.
• DHCP options definitions.

The VitalQIP DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the VitalQIP DHCP server. SOLIDserver allows to import this file directly
from its graphical user interface at the scope level of the DHCP organization.

To import a VitalQIP DHCP configuration

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > QIP DHCP. The Import a QIP DHCP configuration file
wizard opens.
5. Click on BROWSE to find the VitalQIP dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.

Several VitalQIP configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.

Importing a Microsoft DHCP Configuration

SOLIDserver allows importing Microsoft DHCP server configuration in IPv4 from one file generated
by the Microsoft netsh command on your DHCP servers. The configuration files can be imported
from the following operating systems:

• Microsoft Windows NT 4.0.

• Microsoft Windows 2000.
• Microsoft Windows 2003.
• Microsoft Windows 2008.

Microsoft netsh commands for DHCP offer a command-line tool that helps administrating the
DHCP servers and provides an equivalent alternative to console-based management. You can
run these commands from the Windows Server command prompt or from the command prompt
for the netsh DHCP context. For these commands to work at the Windows Server command
prompt, you must type netsh dhcp before typing commands and parameters as they appear in
the syntax below.

Example 35.1. Microsoft Windows DHCP configuration file dump

C:\netsh dhcp server \\myservername dump > C:\dump_dhcp.txt

This command, generated from your Microsoft DHCP server, allows to import its whole configur-
ation including:

446
 Importing DHCP Data

• Definition of DHCP server options.

• Scopes.
• Scope options.
• Ranges.
• Address pools.
• Reservations.
• Reservation options.
• Exclusions.

Because several Microsoft DHCP configuration files can be imported into the same EfficientIP
DHCP server, DHCP options are not imported at the server level. They must be manually con-
figured.

Microsoft allows creating only one range per subnet (i.e. scope) and then excludes the ranges
of IP addresses you do not need. Unlike Microsoft, EfficientIP makes it possible to configure
several ranges in one scope. In the All ranges list, the result of an imported Microsoft DHCP
range will not translate the Microsoft range configuration and display the ranges defined through
that configuration rather than display exclusion ranges. See the example DHCP configuration:
IPMserver vs. Microsoft DHCP server in the chapter Managing DHCP servers for more details.

In the same way, when a Microsoft DHCP range contains a reservation, EfficientIP imports a
reservation wrapped around two DHCP ranges.

To import a Microsoft DHCP configuration

Caution
Keep in mind that with Win2008R2 it is impossible to create a static that is not in a
range.

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Microsoft DHCP. The Import a Microsoft DHCP server
dump wizard opens.
5. Click on BROWSE to find the Microsoft dump file. Once you clicked on Open, the file is visible
in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. In the Import global options section, tick the box if you want to apply options configured in
the Microsoft DHCP dump to the destination server.
8. Click on OK to commit the import the file. The report opens and closes.

Note
For large configurations, SOLIDserver runs the import process in background.
As it can take a while, the result will not be displayed immediately.

447
 Importing DHCP Data

Several Microsoft configuration files can be imported one after the other on the same target
DHCP server. It allows to merge different DHCP configurations on one unique DHCP server.
Through all the imports, no data is deleted: all differences will be added of course the configurations
conflict with each other. In the same way, if two configuration files have a scope in common but
named differently, the first scope name imported will be overwritten by the new scope name.

Importing an Infoblox DHCP Configuration

SOLIDserver allows importing DHCP configuration coming from Infoblox solutions in IPv4.Through
this import the whole DHCP server configuration will create within an EfficientIP DHCP server:
scopes, ranges, leases, statics, groups and DHCP options. However, there are some restrictions:

• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.
• DHCP options restriction: only standard options are imported. If the server was configured
using non standard DHCP options, they will be imported only if they were previously defined
either in the configuration file or within the SOLIDserver appliance.
• Failover restriction: Failover channels are not imported.
• Infoblox options restriction: all Infoblox options are ignored (these options usually include
"infoblox" in their name).

The Infoblox DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the DHCP server. SOLIDserver allows to import this file directly from its
graphical user interface at the scope level of the DHCP organization.

Note
When it comes to importing Infoblox DHCP configurations into a DHCP smart archi-
tecture, it must be a One-to-One, a One-to-Many or a Single-Server smart architec-
ture. It is impossible to import this configuration in a Split-Scope or a Stateless archi-
tecture.

To import an Infoblox DHCP configuration

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Infoblox DHCP. The Import an Infoblox dhcpd.conf file
wizard opens.
5. Click on BROWSE to find the Infoblox dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.

This procedure also works within the scopes list of the server for which you want to import the
ISC configuration: at the servers level click on the name of the server concerned, once in the

448
 Importing DHCP Data

scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.

Several Infoblox configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.

Importing a MetaIP DHCP Configuration

SOLIDserver allows importing DHCP configuration coming from the Meta Info DHCP software
solution in IPv4. Through this import the whole DHCP server configuration will create within an
EfficientIP DHCP server: scopes, ranges, leases, statics, groups and DHCP options. However,
there are some restrictions:

• Scopes restriction: if the server you are importing contains overlapping scopes, only the first
scope will be imported, the rest will be ignored.
• Statics restriction: statics associated to an IP address not included in one the scopes your
are importing will be ignored.
• Shared network restriction: shared network options will be ignored.
• DHCP options restriction: only standard options are imported. If the server was configured
using non standardDHCP options, they will be imported only if they were previously defined
either in the configuration file or within the SOLIDserver appliance.

The Meta IP DHCP loads its configuration from the file named dhcpd.conf. This file contains the
whole configuration of the DHCP server. SOLIDserver allows to import this file directly from its
graphical user interface at the scope level of the DHCP organization.

To import an MetaIP DHCP configuration

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > Meta IP DHCP. The Import a Meta IP dhcpd.conf file
wizard opens.
5. Click on BROWSE to find the Meta IP dhcpd.conf file. Once you clicked on Open, the file is
visible in the wizard File name field.
6. In the DHCP server drop-down list, select the target server.
7. Click on OK to commit the import the file. The report opens and closes.

This procedure also works within the scopes list of the server for which you want to import the
Meta IP configuration: at the servers level click on the name of the server concerned, once in the
scopes list follow the procedure from step 4. The server will be selected automatically in the
DHCP server drop-down list.

Several Meta IP configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict

449
 Importing DHCP Data

with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.

Importing a Nortel NetID Configuration

SOLIDserver allows to import DHCP configuration coming from Nortel NetID solution in IPv4.
SOLIDserver supports the following NetID configuration of DHCP:

• Scopes.
• Scope options.
• Ranges.
• Range options.
• Reservations.
• Reservations options.

The NetID DHCP loads its configuration from the file named dhcpcfg.cur. This file contains the
whole configuration of the NetID DHCP server. SOLIDserver allows importing this file directly
from its graphical user interface at the scope level of the DHCP organization.

To import a NetID DHCP configuration

1. Go to the DHCP tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Scopes icon. The DHCP All scopes list opens.
3. Next to the Logout button, click on IP4 to display the DHCPv4 scopes.
4. In the menu, select Add > Import > NetID DHCP. The Import a NetID DHCP dump file wizard
opens.
5. Click on BROWSE to find the NetID dump file. Once you clicked on Open, the file is visible in
the wizard File name field.
6. Click on NEXT . The Select DHCP server preferences page opens.
7. In the DHCP server drop-down list, select the target server.
8. Select the DHCP configuration you want to import from the configuration file:

Table 35.1. NetID DHCP import options

Option Description
Scopes In this Yes or No drop-down list, you can choose to import the scopes
from the configuration file.
Scopes options In this Yes or No drop-down list, you can choose to import the options
tied to the scopes from the configuration file.
Ranges In this Yes or No drop-down list, you can choose to import the ranges
from the configuration file.
Ranges options In this Yes or No drop-down list, you can choose to import the options
tied to the ranges from the configuration file.
Statics In this Yes or No drop-down list, you can choose to import the reser-
vations (statics) from the configuration file.
Statics options In this Yes or No drop-down list, you can choose to import the options
tied to the reservations (statics) from the configuration file.

450
 Importing DHCP Data

9. Click on OK to commit the file(s) import. The Report opens.

10. Click on CLOSE to go back to the All Scopes list.

Several NetID configuration files can be imported one after the other on the same target DHCP
server. It allows to merge different DHCP configurations on one unique DHCP server. Through
all the imports, no data is deleted: all differences will be added of course the configurations conflict
with each other. In the same way, if two configuration files have a scope in common but named
differently, the first scope name imported will be overwritten by the new scope name.

451
Part VII. DNS Management
Table of Contents
36. Introduction ............................................................................................................. 458
Overview .............................................................................................................. 458
DNS Structure ............................................................................................... 458
DNS Servers ................................................................................................. 459
DNS Zones and Resource Records ................................................................ 460
DNSSEC ...................................................................................................... 460
DNS Management within SOLIDserver ................................................................... 461
37. Deploying DNS Smart Architectures .......................................................................... 462
Master/Slave Smart Architecture ............................................................................ 463
Multi-Master Smart Architecture ............................................................................. 463
Stealth Smart Architecture ..................................................................................... 464
Single-Server Smart Architecture ........................................................................... 464
Farm Smart Architecture ........................................................................................ 465
38. Managing DNS Smart Architectures .......................................................................... 466
Understanding DNS Smart Architectures Statuses .................................................. 466
Locked Synchronization Status ...................................................................... 466
Adding a DNS Smart Architecture .......................................................................... 467
Master/Slave Smart Architecture .................................................................... 468
Multi-Master Smart Architecture ..................................................................... 470
Stealth Smart Architecture ............................................................................. 472
Single-Server Smart Architecture ................................................................... 474
Farm Smart Architecture ................................................................................ 476
Editing a DNS Smart Architecture .......................................................................... 479
Adding a DNS Server into a Smart Architecture .............................................. 479
Removing a DNS Server from a Smart Architecture ......................................... 480
Changing the DNS Servers Role within a Smart Architecture ........................... 480
Changing the Type of DNS Smart Architecture ................................................ 481
Deleting a DNS Smart Architecture ........................................................................ 482
Defining a DNS Smart Architecture as a Group Resource ........................................ 483
39. Managing DNS Servers ............................................................................................ 484
Browsing DNS Servers .......................................................................................... 484
Browsing the DNS Servers Database ............................................................. 484
Customizing the DNS servers Display ............................................................. 485
Understanding the DNS Servers Statuses ....................................................... 485
Managing an EfficientIP DNS Server ...................................................................... 485
Adding a SOLIDserver DNS Server ................................................................ 485
Editing the SNMP Configuration of a SOLIDserver DNS Server ........................ 487
Managing a Microsoft DNS Server .......................................................................... 488
Managing an Agentless Microsoft DNS Server ................................................ 489
Managing a Microsoft DNS Server via Active Directory .................................... 492
Managing a Microsoft DNS Server with Agent ................................................. 495
Managing a BIND DNS Server ............................................................................... 497
Managing EfficientIP BIND Linux Packages v4 ................................................ 498
Managing EfficientIP BIND Linux Packages v5 ................................................ 505
Adding a BIND DNS Server ........................................................................... 511
Managing a Generic DNS ...................................................................................... 517
Adding a Generic DNS Server ........................................................................ 517
Managing a Nominum ANS .................................................................................... 519
Adding a Nominum ANS Server ..................................................................... 519
Adding Zones to a Nominum ANS Server ....................................................... 520
Synchronizing a DNS Server .................................................................................. 521

453
 DNS Management

Editing a DNS Server ............................................................................................ 522

Deleting a DNS Server .......................................................................................... 522
Defining a DNS Server as a Group Resource .......................................................... 523
40. Configuring DNS Servers ......................................................................................... 524
Configuring DNS Forwarding at Server Level .......................................................... 524
Configuring a Forwarders List on a Smart Server ............................................ 524
Configuring Specific Forwarding for a Physical Server Managed Through a
Smart ........................................................................................................... 525
Configuring DNS Recursion at Server Level ............................................................ 526
Enabling and Disabling the Recursion ............................................................. 526
Limiting the Recursion at Server Level ............................................................ 527
Configuring DNS Notify Messages at Server Level .................................................. 528
Restricting DNS Queries at Server Level ................................................................. 530
Allow query ................................................................................................... 530
Allow query cache ......................................................................................... 531
Limiting Zone Transfers at Server Level ................................................................... 532
Configuring a Blackhole ......................................................................................... 533
Configuring Client Resolver Cache Options at Server Level ..................................... 534
Configuring EDNS Options at Server Level ............................................................. 535
Configuring a Sortlist at Server Level ...................................................................... 536
Configuring DNS Sources ...................................................................................... 538
Configuring Access Control Lists For a Server ......................................................... 540
Configuring DNS Keys ........................................................................................... 542
Configuring Dynamic Name Server Update ............................................................. 543
Editing the Dynamic Update Key .................................................................... 543
Configuring Anycast DNS ...................................................................................... 544
Prerequisites ................................................................................................. 544
Specificities .................................................................................................. 544
Configuring the Appliance for Anycast ............................................................ 544
Configuring the Quagga Package and OSPF Routing ...................................... 545
Making Sure DNS Anycast Was Properly Configured ....................................... 547
41. Managing DNS Views ............................................................................................... 548
Browsing DNS Views ............................................................................................. 548
Browsing the DNS Views Database ................................................................ 548
Customizing the DNS Views Display ............................................................... 549
Understanding the DNS Views Statuses ......................................................... 549
Adding DNS Views ................................................................................................ 549
Editing DNS Views ................................................................................................ 552
Editing a View Match Clients Configuration ..................................................... 553
Editing a View Match Destinations Configuration ............................................. 553
Editing the Order of the Views ........................................................................ 554
Deleting DNS Views .............................................................................................. 555
Defining a DNS View as a Group Resource ............................................................. 556
Going Back to Managing Zones Without Views ........................................................ 556
42. Configuring DNS Views ............................................................................................ 557
Configuring DNS Forwarding at View Level ............................................................. 557
Configuring a Forwarders List on a View ......................................................... 557
Configuring Specific Forwarding for a View on a Physical Server Managed
Through a Smart ........................................................................................... 558
Configuring DNS Notify Messages at View Level ..................................................... 559
Configuring DNS Recursion at View Level ............................................................... 560
Enabling and Disabling the Recursion on a View ............................................. 561
Limiting the Recursion at View Level ............................................................... 561
Restricting DNS Queries at View Level ................................................................... 562

454
 DNS Management

Allow Query .................................................................................................. 562

Allow Query Cache ........................................................................................ 564
Limiting Zone Transfer at View Level ....................................................................... 565
Configuring Client Resolver Cache Options at View Level ........................................ 566
Configuring EDNS Options at View Level ................................................................ 567
Configuring a Sortlist at View Level ......................................................................... 568
43. Managing DNS Zones .............................................................................................. 569
Browsing DNS Zones ............................................................................................ 569
Browsing the DNS Zones Database ................................................................ 569
Customizing the DNS Zones Display .............................................................. 571
Understanding the DNS Zones Statuses ......................................................... 571
Managing Master Zones ........................................................................................ 571
Adding a Master Zone ................................................................................... 572
Editing a Master Zone ................................................................................... 575
Configuring a Dynamic Update ....................................................................... 575
Using Multiple Masters .................................................................................. 575
Managing Slave Zones .......................................................................................... 576
Adding a Slave Zone ..................................................................................... 576
Editing Slave Zone Properties ........................................................................ 577
Managing Forward Zones ...................................................................................... 577
Adding a Forward Zone ................................................................................. 577
Editing Forward Zone Properties .................................................................... 578
Managing Stub Zones ........................................................................................... 579
Adding a Stub Zone ....................................................................................... 579
Editing Stub Zone Properties ......................................................................... 580
Managing Hint Zones ............................................................................................ 581
Adding a Hint Zone ........................................................................................ 581
Editing a Hint Zone Properties ....................................................................... 581
Managing Delegation-Only Zones .......................................................................... 582
Adding a Delegation-Only Zone ...................................................................... 582
Editing Delegation-Only Zone Properties ........................................................ 583
Hosting Active Directory Domain Zones .................................................................. 583
Synchronizing Zones ............................................................................................. 584
Deleting Zones ...................................................................................................... 584
Disabling and Enabling Zones ................................................................................ 584
Managing Zones Duplication and Migration ............................................................. 585
Defining a DNS Zone as a Group Resource ............................................................ 586
44. Configuring DNS Zones ........................................................................................... 587
Managing Zones Delegation .................................................................................. 587
Configuring Delegation at the Zone level ......................................................... 587
Automating the Zone Delegation .................................................................... 588
Using the Classless in-addr.arpa Delegation ................................................... 589
Configuring DNS Forwarding at Zone Level ............................................................. 590
Configuring a Forwarders List on a Zone ......................................................... 590
Configuring Specific Forwarding for a Zone on a Physical Server Managed
Through a Smart ........................................................................................... 591
Configuring DNS Notify Messages at Zone Level ..................................................... 592
Managing DNS Security ........................................................................................ 595
Modifying DNS Update Authorizations ............................................................ 595
Limiting Zone Transfers for a Zone .................................................................. 596
Restricting DNS Queries for a Zone ................................................................ 597
45. Managing DNS Resource Records ............................................................................ 599
Browsing DNS Resource Records .......................................................................... 599
Browsing the DNS Resource Records Database ............................................. 599

455
 DNS Management

Customizing the DNS Resource Records Display ............................................ 600

Understanding the DNS Resource Records .................................................... 600
Adding Resource Records ..................................................................................... 601
Adding an NS Record .................................................................................... 602
Adding an MX Record ................................................................................... 603
Adding an A Record ...................................................................................... 604
Adding a AAAA Record ................................................................................. 604
Adding a PTR Record .................................................................................... 605
Adding a CNAME Record .............................................................................. 606
Adding a TXT Record .................................................................................... 607
Adding an SRV Record .................................................................................. 607
Adding an HINFO Record .............................................................................. 608
Adding an MINFO Record .............................................................................. 609
Adding a DNAME Record .............................................................................. 609
Adding an AFSDB Record ............................................................................. 610
Adding an NAPTR Record ............................................................................. 611
Adding an NSAP Record ............................................................................... 611
Adding a DS Record ...................................................................................... 612
Adding a DNSKEY Record ............................................................................. 612
Adding a WKS Record ................................................................................... 613
Editing Resource Records ..................................................................................... 614
Editing records .............................................................................................. 614
Editing the SOA ............................................................................................ 615
Deleting Resource Records ................................................................................... 616
Configuring the Delegation at the RR Level ............................................................. 616
Managing RR Duplication and Migration ................................................................. 618
Changing the Hostname Convention ....................................................................... 619
Load Balancing with Round Robin .......................................................................... 619
SPF Record .......................................................................................................... 620
46. DNSSEC ................................................................................................................. 621
Introduction ........................................................................................................... 621
DNSKEY Resource Record ............................................................................ 621
RRSIG Resource Record ............................................................................... 622
NSEC/NSEC3 Resource Record .................................................................... 623
DS Resource Record ..................................................................................... 623
DNSSEC Chains of Trust ............................................................................... 623
Managing a DNSSEC Resolver .............................................................................. 624
Enabling a DNSSEC Resolver ........................................................................ 625
Managing DNSSEC Trust Anchors ................................................................. 625
Managing an Authoritative DNSSEC Server ............................................................ 626
Signing a Zone .............................................................................................. 626
Regenerating Keys ........................................................................................ 627
Managing the Delegation Signer .................................................................... 629
Disabling DNSSEC ................................................................................................ 632
Enabling and Disabling Keys .......................................................................... 632
Unsigning DNSSEC Zones ............................................................................ 633
Purging DNSSEC Zones ................................................................................ 633
Invalidating a Compromised KSK ................................................................... 633
Deleting Unused DNSSEC Keys ..................................................................... 635
47. HSM ....................................................................................................................... 636
Browsing the HSM Database ................................................................................. 636
Understanding the HSM Servers Statuses ...................................................... 638
Prerequisites ......................................................................................................... 638
Configuring the HSM ............................................................................................. 638

456
 DNS Management

Integrating the HSM to SOLIDserver ............................................................... 638

Configuring the HSM ..................................................................................... 640
Enabling the HSM Dedicated DNS Server ....................................................... 642
Managing the HSM ................................................................................................ 643
Using the HSM Service With DNS Servers ...................................................... 643
Using the HSM with DNSSEC ........................................................................ 644
Deleting an HSM Appliance ........................................................................... 644
Best Practices To Stop Using the HSM ........................................................... 645
HSM Limitations .................................................................................................... 645
48. DNS Firewall (RPZ) .................................................................................................. 647
Browsing RPZ Zones and Records ......................................................................... 647
Browsing the RPZ Database .......................................................................... 648
Customizing the RPZ Resource Records Display ............................................ 648
Managing RPZ Zones ............................................................................................ 649
Adding RPZ Zones ........................................................................................ 649
Editing RPZ Zones ........................................................................................ 650
Deleting RPZ Zones ...................................................................................... 651
Managing RPZ Records ......................................................................................... 651
Understanding the RPZ Policies Order ............................................................ 652
Configuring Policies Using Domain Names ..................................................... 653
Configuring Policies Using IP Addresses ......................................................... 656
Configuring Policies Using Name Servers ....................................................... 659
Configuring Other Policies ............................................................................. 663
Deleting Policies ............................................................................................ 663
49. Hybrid DNS Service ................................................................................................. 664
Checking the Compatibility with Hybrid ................................................................... 664
Matching Hybrid Basic Requirements ............................................................. 664
Making Sure the Server Configuration is Compatible with Hybrid ...................... 665
Generating the Hybrid Incompatibilities Report ................................................ 665
Switching to Hybrid DNS ........................................................................................ 667
The Server Switched to NSD ......................................................................... 668
The Server Switched to Unbound ................................................................... 669
Hybrid DNS Engines Limitations ..................................................................... 670
Forcing Compatibility with Hybrid ............................................................................ 670
Switching Back to BIND ......................................................................................... 671
Administrating the Backup and Restoration of Hybrid Configurations ........................ 672
Generating a Backup with Hybrid Servers ....................................................... 672
Restoring a Backup Containing Hybrid Servers ............................................... 672
50. Reporting and Monitoring the DNS ............................................................................ 673
Generating DNS Reports ....................................................................................... 673
DNS Server Reports ...................................................................................... 673
DNS Zone Reports ........................................................................................ 674
Monitoring DNS Servers ........................................................................................ 674
Monitoring a DNS Server ............................................................................... 674
Monitoring DNS Queries ................................................................................ 675
51. Importing DNS Data ................................................................................................. 677
Importing DNS Data from a CSV File ...................................................................... 677
Importing DNS Zones from a BIND Archive File ...................................................... 677
Importing DNS Zones from a VitalQIP Archive File .................................................. 678

457
Chapter 36. Introduction
Overview
DNS Structure
The Domain Name System is a hierarchical distributed naming system whose main function is
to resolve host queries, in other words, to convert a requested IP address - whether in IPv4 or
IPv6 - into an intelligible domain name. The DNS resolution can be configured either to find a
domain name using an IP address (name resolution) or vice versa, with an IP address to find a
domain name (reverse resolution).

This protocol offers many benefits since the domain names are easier to remember and remain
the same while IP addresses may change over time. When a host wishes to access a particular
domain, a website for instance, a query is sent to a DNS server that processes the resolution
and gives access to the website. Therefore, the name server takes on critical importance in a
network architecture as a failure would cause the unavailability of any domain resource, for in-
stance a web page. Hence the need for several name servers and for a clear organization of
these servers.

Figure 36.1. DNS Hierarchy: A Reverse Tree of Delegations

The hierarchical structure of the DNS namespace can be seen as a reversed tree of domains,
and each one of them is associated with at least one DNS server. The root of the structure is
represented by a silent dot ( . ) and is followed in order by the Top-Level Domains (TLD) and the
Second-Level Domains (SLD). The TLD is a key piece of information split into the generic TLD
(gTLD) such as .com, .org or .net and the country code TLD (ccTLD) such as .us, .ca, .fr or .uk.
The whole access path to a domain reads from right to left: SLD.TLD. To illustrate this structure,
let us take the example of the web site www.efficientip.com in which efficientip.com is a domain
name composed of the top-level domain com and of the second-level domain efficientip. In this
particular example, www is the domain hostname. However, any data put left of the domain name
might as well indicate a sub-domain like in support.efficientip.com: the label support is a sub-
domain of efficientip.com.

Nowadays, at the top of the reverse tree are 13 named (DNS) authorities listed alphabetically
from A to M spread out worldwide. They all delegate names and IP addresses and gather the
same information regarding the TLDs. These servers are going to be queried only on a few occa-
sions by a host: on the one hand during the first connection to the Internet, the information retrieved

458
 Introduction

is then saved not to have to query the server over and over again during Internet connections
and on the other hand when a TLD lifespan expires, to retrieve updated information.

Note
Considering that the worldwide organization depends on the root servers, it is on
very rare occasions that their IP address is modified. The first change occurred in
2007 when the L root server, operated by the ICANN, changed its IPv4 address to
199.7.83.42. In 2013, this change occurs again but this time it concerns the D root-
server, operated by the University of Maryland. On January 3rd of 2013, the D.ROOT-
SERVERS.NET will have a new IPv4 address: 199.7.91.13. For more details, refer
to http://d.root-servers.org/renumber.html or to http://www.root-servers.org/.

DNS Servers
The DNS server is here to resolve host queries and access specific areas of a network, like a
web site or web page. There are in three kinds of actions performed by servers:

• Authoritative: A server that has authority over a number of domain names and can delegate
them. See the following section DNS Zones and Resource Records for more details.
• Recursive: A server that might contain information, if not it directs the querying host toward
the relevant DNS server to solve the query.
• Cache: A server that retrieves information (query results) and keeps it saved in order not to
have to query the save information over and over again.

Keep in mind that a server can be set to be only authoritative, recursive or cache but they usually
combine the several functionalities. In theory, each time a host (e.g. a DNS client) wants to access
a domain name, it follows the steps below:

1. The DNS client host resolver sends a sequence of queries through a resolver (the host endpoint
of the DNS communication) to a recursive DNS server;
2. The recursive server contacts the authoritative servers of the root domain. One of them will
return the IP address (an NS record in reality) of the authoritative server over the concerned
TLD;
3. The recursive server uses the IP address to connect to the TLD authoritative server and obtain
the IP address of the authoritative server over the zone;
4. The recursive server uses the IP address to connect to the zone authoritative server and obtain
the queried results;
5. The recursive server sends the results back to the DNS client.

459
 Introduction

.
Root Iterative
Server

.com
TLD Iterative
1 Server
3
5

DNS Client DNS Recursive

(Resolver) Server 4

.efficientip.com
Domain Iterative
Server

Figure 36.2. Diagram of a DNS Query of www.google.com Via a Recursive Server

Obviously, such a mechanism would saturate the root zone, therefore recursive servers are
usually also cache servers and store DNS query results for a determined period of time (time-to-
live or TTL).

DNS Zones and Resource Records

To manage these domains, the DNS namespace is divided into zones, portions of the namespace
over which a DNS server is delegated an authority.The concepts of authority and zone delegation
lie at the core of the DNS hierarchical system. For instance, the TLDs are authoritatively admin-
istered by the ICANN, that delegates them to accredited registrars. Zone delegation may be almost
limitless and is decided by whoever has authority over the zone. It improves performance and
fault tolerance of the DNS environment through distributed DNS database management and
maintenance between several DNS servers.

A DNS server can have authority over several zones and several zones can belong to one domain,
for instance mail.google.com and maps.google.com both belong to the domain google.com. A
non-contiguous namespace cannot be a DNS zone. A zone is described through the zone file,
it contains Resource Records (RRs) that translate the domain name into operational entities
(hosts, services, mail servers...) for use by the DNS software. Zone files are stocked, distributed
and can be replicated towards DNS servers.

There are a lot of different RRs, like the Start of Authority (SOA) describing the zone authority,
the Address (A in ipv4 or AAAA in IPv6) listing all the hosts contained in the zones, the Name
Server (NS) describing the DNS servers authoritative for the domain (or subdomain in case of
delegation), etc. All the RRs of a zone are listed in the zone file (e.g. MX, CNAME, PTR...) as
well as directives (e.g. TTL), all this information defines the configuration particularities of a zone.

DNSSEC
The Domain Name System Security Extensions, DNSSEC, defines a cryptographic process
whereby a name server is configured to verify the authenticity and integrity of a query result from
a signed zone. Signing a zone with DNSSEC keys adds a specific set of RRs such as Resource
Records Signature (RRSIGs), DNSKEY and Next Secure (NSEC) that enables to authenticate
the origin zone of the data, verify its integrity and, in case of a negative response to a query,

460
 Introduction

provide a reliable answer regarding the existence of a record. The process is based on a chain
of trust that implies that every zone supports DNSSEC from the authoritative zone source (Master
and Slave) to the receiving DNS server. For more details, refer to the chapter DNSSEC of this
guide.

DNS Management within SOLIDserver

SOLIDserver interface allows the creation of DNS servers or the management of existing ones
through the DNS module. The module is divided into four levels represented in the GUI through
listing pages:

• Server: the highest level of the DNS hierarchy, where are listed the servers that contain the
zones and RRs, they can also contain views. There are 6 different types of servers that you
can create on this page: Efficient IP DNS, Microsoft DNS via AD, Microsoft DNS with agent,
Microsoft DNS Agentless, Generic DNS and Nominum ANS.
• View: an optional level between the DNS server and the DNS zones. It allows administrators
to limit users access through authorizations and restrictions, to differentiate external client vs
employee, administrator vs ordinary users... That way, a set of specific users has access to
all the data while the others receive different responses to the same DNS query.
• Zone: the second level of the DNS hierarchy where are listed the zones created and managed
through the SOLIDserver GUI. There are 6 different types of zones (Master, Slave, Forward,
Stub, Hint and Delegation-Only zones) that can be set to use the name or reverse resolution.
Creating a zone automatically adds three RRs: an SOA, an A in ipv4 or AAAA in IPv6 and an
NS.
• RR: the lowest level of the hierarchy that lists the database itself: the RRs of each or all zones
that define their characteristics.

Servers, zones and views can be added at will and all the changes made in this module can be
automatically updated in the IPAM.

Figure 36.3. DNS Tab Homepage

At the server level, EfficientIP allows you to manage your servers on your own or through DNS
smart architectures. The smart architecture technology offers a solution for a global management
of DNS servers. You can configure them either in Master/Slave, Multi-Master, Stealth or Single
Server architectures. The main advantage being that the smart architecture configuration will
provide a backup of a specific configuration that will allow you not to loose time or data if a
physical server crashes or stops responding. For more details, refer to the following chapters
Deploying DNS Smart Architectures and Managing DNS Smart Architectures.

461
Chapter 37. Deploying DNS Smart
Architectures
The current approach of DNS service management is mainly limited at the single server manage-
ment level, restricting service configuration and management with a server per server approach
even if it is done from a centralized platform. This approach is insufficient to ensure service reli-
ability, security and easiness of management. It could weaken your DNS architecture because:

• Increases the risk of misconfigurations.

• No Best Practices enforcement to ensure the high security of the network services architecture.
• No automation of architecture deployment and management.
• Difficult and risky architecture changes.

Indeed, even if the configuration has been simplified with the GUI, it is still complex, expensive
and requires experts to deploy and configure all servers in coherent architectures of DNS-DHCP
services. The smart architecture is a new approach to DNS services management to drastically
simplify deployment and administration of your network service.Thanks to the smart architecture,
SOLIDserver offers the capability of managing your DNS services not only at the server level but
at the architecture level.

The smart architecture offers a library of DNS architectures that are ready to apply on a set of
servers. The DNS smart architecture library includes:

• Master/Slave.
• Multi-Master.
• Stealth.
• Single server.
• Farm.

Note
Since version 5.0.2, all the DNS smart architectures designed for more than one
server can contain several Master servers. This sets up an even more secure
environment: if one Master server crashes or stops responding, the other one takes
over and ensures service availability.

Smart architecture supports EfficientIP SOLIDserver servers and legacy DNS servers such as:

• Microsoft Windows Server DNS.

• ISC BIND9.
• Nominum ANS.

Smart architecture allows managing other DNS servers supporting DDNS (RFC2136) with the
single ability of updating the domains and not the server configuration or the zone configuration.
In that way, the server configuration and the zone configuration must be done locally on the
server. This configuration is useful when you are only allowed to update zones on a DNS partner.

462
 Deploying DNS Smart Architectures

Master/Slave Smart Architecture

Master/slave DNS architecture is widely used on the Internet. SOLIDserver supports the mas-
ter/slave DNS architecture within as a smart architecture. A master DNS configuration contains
one or more zones files for which this DNS server is authoritative. The term master is related to
the location of the zone data rather than any other operational characteristics. A master is reques-
ted to transfer zone data to one or more slave servers whenever the zone file change. The
master DNS obtains the zone data locally as opposed to a slave DNS, which obtains its zone
data via a zone transfer operation from the master DNS.

DNS
Master
DNS DNS
Slave Slave

Figure 37.1. DNS Master/Slave Smart Architecture

Multi-Master Smart Architecture

The DNS multi-master architecture is usually selected to allow updates on all servers. Multi-
master smart architecture supports all DNS servers, including: Microsoft DNS servers integrated
or not in Active Directory, EfficientIP SOLIDserver appliances, ISC BIND servers, Nominum ANS
engines or all DNS servers supporting DDNS.

DNS
Master
DNS DNS
Master Master

Figure 37.2. DNS Multi-Master Smart Architecture

With the smart architecture, updating a DNS server can be done from the management console,
from a DHCP allocation or from Microsoft DNS clients that update themselves their names by
using the Dynamic DNS (DDNS) mechanism:

• When a multi-master smart architecture is updated from the management console, then all
configuration will be automatically pushed toward all DNS servers belonging to the smart archi-
tecture.

463
 Deploying DNS Smart Architectures

• When a DNS server receives a dynamic update from a DNS client, the multi-master smart ar-
chitecture will replicate the update to all DNS server it belongs. This replication is automatic
and need any manual operations.
• When a DHCP server offers a new IP address, the SOLIDserver IPAM appliance updates the
multi-master smart architecture to update all DNS server it contains.

A primary DNS server is eliminated as a single point of failure. Traditional DNS replication is
single-master; it relies on a primary DNS server to update all the secondary servers. Unlike tra-
ditional DNS replication, Directory Server Replication is multi-master. Changes made to a zone
can be replicated to one or more Directory Servers. (Note: Refer to the vendor specific information
regarding the Directory Server that you will be using, and its replication capabilities.)

Stealth Smart Architecture

A stealth DNS architecture is a set of visible DNS servers and a stealth DNS server. A stealth
DNS server is defined as a name server that does not appear in the list of the visible DNS servers,
which means that its NS resource record is not published among the zone and it does not answer
to queries from DNS clients and other name servers. Stealth architectures are used in contexts
that are sometimes called demilitarized zone (DMZ) or Split servers, and can be defined as
having the following characteristics:

• Your organization needs to deploy DNS servers on the Internet.

• Your organization does not want the world to see any of its internal hosts either by interrogation
(query or zone transfer) or in the event the DNS service or external servers are compromised.

DNS Hidden
Master

DNS Slave DNS

Pseudo Master
Slave

Figure 37.3. DNS Stealth Smart Architecture

The visible secondary DNS server contains only slave zones, then it is less exposed to DNS at-
tacks because the real authoritative primary server is hidden. Zone transfers can be allowed from
the secondary servers as required but they do not transfer or accept transfers from the stealth
server.

One of the main advantage of this architecture is that the primary server can be offline for main-
tenance without causing any interruption to DNS service within the expiration duration (30 days)
set for the validity of its zone data.

Single-Server Smart Architecture

A Single-Server architecture manages one single DNS server. This allows to keep the server
configuration file and data in case anything were to happen to the physical server: it would all be
saved on SOLIDserver and pushed back into the next server you add to the architecture.

464
 Deploying DNS Smart Architectures

DNS
Single

Figure 37.4. DNS Single-Server Smart Architecture

This architecture is therefore a backup in itself. Moreover, managing a physical server through
a Single server architecture will ease up any migration of change of architecture. If after a few
weeks, for instance, you want to set up a Master/Slave architecture, you will simply edit the smart
architecture, change it to Master/Slave, add another physical server and define which one acts
as a master and which one as a slave.

Farm Smart Architecture

The Farm architecture was introduced in version 5.0.2 of SOLIDserver and allows to control the
DNS service through one or several load balancers. The load balancer receives the DNS clients
requests and redirects each query to the least used DNS server at the time of the request. That
way, the DNS load is balanced and the service availability is heightened.The load balancer sends
the DNS queries to a set of known DNS servers that send back the information needed. The or-
ganization of the DNS servers in a Farm architecture is based on the principal of the Master/Slave
architecture with one Master server and as many Slave servers as needed. The Farm architecture
is especially useful for huge configurations where the use of load balancers is much appreciated.

DNS
Master
DNS
Slaves

Figure 37.5. DNS Farm Smart Architecture

465
Chapter 38. Managing DNS Smart
Architectures
Understanding DNS Smart Architectures Statuses
Within the SOLIDserver GUI, the smart architecture status provides useful information regarding
the configuration.

Table 38.1. Smart Architectures Statuses

Columns Description
OK The smart architecture is operational.
Invalid settings The smart architecture does not contain any physical server or is
missing one or several.

Moreover, the Sync (i.e. synchronization) column provides additional information regarding the
exchanges between the smart architecture and the physical server(s).

Table 38.2. Smart Architectures Synchronization Statuses

Columns Description
Synchronized The smart architecture has successfully synchronized the server(s)
it manages.
Busy The smart architecture is synchronizing the server(s).
Locked synchronization The smart architecture cannot send the configuration file to the
physical server.

Locked Synchronization Status

With SOLIDserver 5.0.1, EfficientIP introduced a new data consistency check for the smart archi-
tectures. Once you configured a smart architecture with the server(s) you want to manage, before
sending the new configuration to the physical server(s), there is a simple check of the data in
order to verify consistency in the configuration and avoid pushing useless information to the
server.

If the check is conclusive, the information is sent to the server and the Sync status is Synchronized.
However, if any error is found during that check the verification stops and the Locked Synchron-
ization status appears on the All servers page in the Sync column the next time the page refreshes.
To get a valid synchronization status again, you need to "undo" the latest changes, this will load
a new synchronization and uploads the status accordingly.

Once the server is in Locked synchronization, the corrupted configuration file is automatically
stored locally on the appliance and available for download in the Local Files Listing. It will be
named <server_name>-named.conf. We advice that you take a look at this file because after the
first found error, the check stops and returns the Locked synchronization status. So if there are
several errors, the status will be returned over and over again until the file is conclusive and can
be sent to the physical server.

The check for failure in the configuration file can be done though CLI (we recommend it) or through
the GUI.

466
 Managing DNS Smart Architectures

To check for failure in a DNS configuration file through CLI

1. Open an SSH session.

2. Use the following command to retrieve the list of corrupted files:
# ls -la /data1/exports/*-named.conf

3. Use the following command to get a precise list of all the errors:
# /usr/local/nessy2/bin/named-checkconf /data1/exports/<server_name>-named.conf

4. Adjust identified statements, once the check runs again, the Locked Synchronization status
will disappear if you now have a valid configuration.

To look for DNS errors on the syslog page of the local appliance

1. Go to the Administration page. If the homepage is not displayed click on . The homepage
appears.
2. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
3. In the SOLIDserver drop-down list, verify that the local appliance is selected. Only the host-
name will appear with no IP address.
4. In the Services drop-down list, select named. The logs appear.

Adding a DNS Smart Architecture

A smart architecture can be configured without DNS servers. It allows you to create the architecture
that suit your needs before applying it to one or more DNS servers. It also provides a backup of
the management configuration of the server it manages. If your DNS server crashes, you delete
it and add a new one on which you apply the same architecture, SOLIDserver will remember the
former server's configuration and apply it to the new one.

There are five different kinds of smart architectures: Master/Slave, Multi Master, Stealth, Farm
and Single-Server. Keep in mind that every DNS smart architecture sets up an active/active
configuration. In the procedures below, we are going to describe the configuration of the DNS
smart architectures with the DNS servers they manage, but you can go through the configuration
without adding any server and do it later, see part Adding a DNS Server into a Smart Architecture
for more details.

Note
Since version 5.0.2, the Farm, Master/Slave, Multi-Master and Stealth smart ar-
chitectures can manage several Master servers.This sets up an even more secure
environment: if one Master server crashes or stops responding, the other one takes
over and ensures service availability.

Once the configuration is completed, the DNS smart architecture appears in the All servers list
as a real server.

Figure 38.1. DNS Smart Architecture configuration not managing any DNS server

467
 Managing DNS Smart Architectures

As you can see, the column Type indicates the kind of smart architecture applied, the DNS smart
members column is marked N/A and for that reason, the server status is Invalid settings.

Master/Slave Smart Architecture

The Master/Slave smart architecture is designed to manage at least 2 DNS servers with one
DNS server as master and the other(s) as slave (i.e. backup).

To configure a DNS Master/Slave smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:

Table 38.3. DNS Smart Architecture Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. Please refer to the DNSSEC
chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DNS smart architecture list, select Master/Slave.

468
 Managing DNS Smart Architectures

DNS
Master
DNS DNS
Slave Slave

Figure 38.2. DNS Master/Slave Smart Architecture

7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:

a. In the Available DNS servers drop-down list, select the master server and click on +
MASTER . The server is moved to the Master DNS servers list. You can add several
master servers if you want, in which case if one crashes the other takes over. To remove
a server from the list, select it and click on .
b. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .

If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.

a. Click on NEXT . The Advanced settings page appears.

b. In the NS record field, type in the name server of your choice. It can also be the hostname
of an external load balancer.
c. Click on ADD . The name server is moved to the Published name servers list. Repeat
these actions for as many NS records as needed.

Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.

To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.

10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (master/slave) in the Type column. If your

469
 Managing DNS Smart Architectures

configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.

Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.

Multi-Master Smart Architecture

The DNS Multi-Master smart architecture is designed to manage at least 2 DNS servers: both of
them will be Masters, there is no Slave server in this configuration. From the management console,
a DNS client or a DHCP server will automatically replicate and update data on all the DNS servers
within this architecture.

To configure a DNS Multi-Master smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:

Table 38.4. DNS Smart Architecture Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. Please refer to the DNSSEC
chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.

470
 Managing DNS Smart Architectures

Fields Description
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard.For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DNS smart architecture list, select Multi-Master.

DNS
Master
DNS DNS
Master Master

Figure 38.3. DNS Multi-Master Smart Architecture

7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:

• In the Available DNS servers drop-down list, select a server and click on + MASTER . The
server is moved to the Master DNS servers list. You can add several master servers if
you want, in which case if one crashes the other takes over. To remove a server from
the list, select it and click on .

If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.

a. Click on NEXT . The Advanced settings page appears.

b. In the NS record field, type in the name server of your choice. It can also be the hostname
of an external load balancer.
c. Click on ADD . The name server is moved to the Published name servers list. Repeat
these actions for as many NS records as needed.

Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.

To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.

471
 Managing DNS Smart Architectures

e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.

10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (multi-master) in the Type column. If your
configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.

Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.

Stealth Smart Architecture

The Stealth smart architecture is designed to manage at least 3 DNS servers: a true Master
server hidden from the world, a visible Master server used as decoy and Slave server(s) that do
not transfer or accept transfers from the hidden Master server. The Master server can be offline
for maintenance without causing any interruption to DNS service within the expiration duration
(30 days) set for the validity of its zone data.

To configure a DNS Stealth smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:

Table 38.5. DNS Smart Architecture Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. Please refer to the DNSSEC
chapter.

472
 Managing DNS Smart Architectures

Fields Description
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DNS smart architecture list, select Stealth.

DNS Hidden
Master

DNS Slave DNS

Pseudo Master
Slave

Figure 38.4. DNS Stealth Smart Architecture

7. Click on NEXT . The next page of the wizard appears.

8. You can select the DNS servers that you want to manage through the smart architecture:

a. In the Available DNS servers drop-down list, select the master server and click on +
HIDDEN-MASTER . The server is moved to the Hidden-master DNS server(s) list. Repeat
this action for as many master servers as needed. To remove a server from the list,
select it and click on .
b. In the Available DNS servers drop-down list, select the slave server you want to use as
pseudo master and click on + PSEUDO-MASTER . The server is moved to the Pseudo-master
DNS server (slave server used as decoy) field. To remove the server from the field,
click on .
c. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .

If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.

a. Click on NEXT . The Advanced dettings page appears.

473
 Managing DNS Smart Architectures

b. In the NS record field, type in the name server of your choice. It can also be the hostname
of an external load balancer.
c. Click on ADD . The name server is moved to the Published name servers list. Repeat
these actions for as many NS records as needed.

Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.

To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.

10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (stealth) in the Type column. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner.

Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.

Single-Server Smart Architecture

The Single-Server smart architecture is designed to manage only one DNS server.

To configure a DNS Single-Server smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:

Table 38.6. DNS Smart Architecture Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network

474
 Managing DNS Smart Architectures

Fields Description
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. For more details, please refer
to the DNSSEC chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DNS smart architecture list, select Single-Server.

DNS
Single

Figure 38.5. DNS Single-Server Smart Architecture

7. Click on NEXT . The last page of the wizard appears.

8. You can select the DNS server that you want to manage through the smart architecture:

• In the Available DNS servers drop-down list, select the server and click on + MASTER .
The server is moved to the Master DNS servers list.You can add several master servers
if you want, in which case if one crashes the other takes over. To remove a server from
the list, click on .

If you do not want to configure any name server or load balancer for this architecture, go to
step 10.
9. If you want to publish one or several name servers or load balancers for this architecture,
tick the Expert mode box. The page reloads.

475
 Managing DNS Smart Architectures

a. Click on NEXT . The Advanced settings page appears.

b. In the NS record field, type in the name server of your choice. It can also be the hostname
of an external load balancer.
c. Click on ADD . The name server is moved to the Published name servers list. Repeat
these actions for as many NS records as needed.

Note
Each record will be saved for each zone and displayed on the All RRs list
of the physical servers managed by the smart architecture.

To perform changes on the records, select one in the list and click on UPDATE or DELETE .
When updating, you can discard any changes using CANCEL .
d. The Compatible with a Hybrid DNS Engine field is marked Yes.
e. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.

10. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (single-server) in the Type column. If your
configuration is managing DNS servers, you can display them in the All servers list using
the button in the upper right corner.

Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.

Farm Smart Architecture

The Farm architecture is essentially a master/slave architecture that allows to have a set of
master and slave servers accessible through one or several external load balancers that will re-
direct the clients toward the least used server and avoid overloading the service.

To configure a DNS Farm smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The All servers list opens.
3. In the menu, click on Add > Server > DNS smart architecture. The Add a DNS server wizard
opens.
4. Fill in the fields according to the table below:

Table 38.7. DNS Smart Architecture Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.

476
 Managing DNS Smart Architectures

Fields Description
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the smart from pushing any data to the DHCP. Keep
in mind that the smart architecture will still receive data if your network
configuration allows it. Any behavior set through the Mode drop-down
list will have to be applied to the smart architecture later on if you
tick this box, so make sure that the configuration you set suits your
needs before you untick the box.
Use DNS as DNSSEC Tick the box to activate DNSSEC validation. If you activate the
resolver DNSSEC parameters on a smart architecture, all the servers that
compose it will be DNSSEC compliant. For more details, please refer
to the DNSSEC chapter.
Description Type in a description if you want, it will appear in the Description
column of the All servers list. This field is optional.
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
chapter Default Behaviors of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the chapter Default Behaviors of this guide.

5. Click on NEXT . The next page of the wizard appears.

6. In the DNS smart architecture list, select Farm.

DNS
Master
DNS
Slaves

Figure 38.6. DNS Farm Smart Architecture

7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. You can select the DNS servers that you want to manage through the smart architecture:

a. In the Available DNS servers drop-down list, select the master server and click on +
MASTER . The server is moved to the Master DNS servers list. You can add several
master servers if you want, in which case if one crashes the other takes over. To remove
a server from the list, select it and click on .

477
 Managing DNS Smart Architectures

b. In the Available DNS servers drop-down list, select a slave server and click on + SLAVE .
The server is moved to the Slave DNS servers list. Repeat this action for as many slave
servers as needed. To remove a server from the list, select it and click on .

9. Click on NEXT . The Advanced settings page of the wizard appears.

10. Finish the Farm configuration.

a. In the NS record field, type in the hostname of your external load balancer if need be.
It can also be a name server.
b. Click on ADD . The name is moved to the Published name servers list. Repeat these
actions for as many load balancers or NS records as needed. The DNS clients will from
then on send their request to the specified load balancer(s) that will redirect the requests
to the least used server. Keep in mind that each NS record will be saved in each zone
and displayed on the All RRs list of the physical servers managed by the smart architec-
ture.

Note
To run properly, your load balancer must be configured to list all the DNS
servers managed by the smart architecture and should be manually updated
if you change the list of physical servers managed by the architecture.

To perform changes in the Published name servers list, select a record and click on
UPDATE or DELETE depending on your needs. When updating, you can discard any
changes using CANCEL .

11. If you want to display the Hybrid dedicated fields, tick the Export mode checkbox.

a. The Compatible with a Hybrid DNS Engine field is marked Yes.

b. You can tick the Force Hybrid DNS compatibility checkbox if you intend to manage
BIND servers that you might switch to Hybrid in the future. For more details, refer to the
chapter Hybrid DNS Service of this guide.

12. Click on OK to commit your configuration.The report opens and closes.The smart architecture
is listed as a DNS server and marked Smart (farm) in the Type column. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner.

Warning
During the first DNS smart architecture server addition, the allow-transfer option is
by default configured with the ACL admin. Within SOLIDserver admin corresponds
to any, so you might want to change the ACL and restrict the option use as it will be
inherited by the server zones. For more details, refer to the chapter Limiting Zone
Transfers at Server Level of this guide.

478
 Managing DNS Smart Architectures

Editing a DNS Smart Architecture

Adding a DNS Server into a Smart Architecture
Once the smart architecture is properly configured and applied, you can add DNS servers
whenever you want. First, to add a DNS server please follow the Managing DNS Servers section.
According to the chosen DNS smart architecture, if you do not complete the architecture with all
the necessary servers, the smart architecture may not work properly. Please check that you add
all the necessary DNS servers into the smart architecture.

Warning
When you add one or more DNS servers into a smart architecture, the data is replic-
ated from the smart architecture to the chosen DNS server(s). So if the smart archi-
tecture is empty (first use), the selected DNS server configuration will be totally
overwritten with nothing.

To add a DNS server into a smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. In the DNS server type list, make sure DNS smart architecture is selected. Click on NEXT .
The next page of the wizard appears.
6. If need be, modify the smart architecture basic parameters. For more details, refer to the
table DNS Smart Architecture Basic Parameters in this guide. Click on NEXT . The next page
of the wizard appears.
7. In the DNS smart architecture list, modify the type of DNS smart architecture if need be.
Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. In the Available DNS servers drop-down list, select the DNS server of your choice.
9. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding Hidden-master, Pseudo-master, Master or Slave DNS servers list.You can remove
the server from the list using . Repeat these actions for as many servers as needed.
10. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
11. Click on OK to commit your changes. The report opens and closes. You can display the
smart architecture physical servers on the All servers list using the button in the upper
right corner.

479
 Managing DNS Smart Architectures

Removing a DNS Server from a Smart Architecture

Whenever you want to, you can remove one or more DNS servers from a DNS smart architecture.
When you remove one, the configuration applied on this server is conserved on the previously
removed DNS server.

To remove a DNS server from a smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT . The next page of the wizard opens.
6. Click on NEXT . The next page of the wizard opens.
7. Click on NEXT . The next page of the wizard opens.
8. Select the server to remove and click on next to the corresponding list. The server has
been moved back to the Available DNS servers drop-down list. Repeat this action for the
other servers you want to remove.
9. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
10. Click on OK to commit your modifications. The report opens and closes. If your configuration
is still managing DNS servers, you can display them in the All servers list using the button
in the upper right corner.

Changing the DNS Servers Role within a Smart Architecture

You can easily modify the role of the DNS servers managed by any smart architecture. For in-
stance, you can change a master server into a slave server within a Master-Slave smart architec-
ture at any given time.

To change the role of a DNS server within a smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT . The next page of the wizard appears.
6. Click on NEXT . The next page of the wizard appears.
7. Click on NEXT . The DNS servers role configuration page of the wizard appears.
8. Select the server you want to modify and click on next to the corresponding list. The
server is moved back to the Available DNS servers drop-down list. Repeat this action for
any server whose role you want to change.

480
 Managing DNS Smart Architectures

9. In the Available DNS servers drop-down list, select the DNS server of your choice.
10. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding list. Repeat these actions for the other servers.
11. If you are editing a Farm architecture or if you configured NS records on another architecture,
click on NEXT . The Advanced settings page of the wizard appears. For more details regarding
this page, refer to the last steps of the relevant smart architecture addition procedure in the
section Adding a DNS Smart Architecture of this guide.
12. Click on OK to commit your modifications. The report opens and closes. If your configuration
is managing DNS servers, you can display them in the All servers list using the button in
the upper right corner. The Role column displays the server(s) new role.

Changing the Type of DNS Smart Architecture

The type of a DNS smart architecture can be easily changed while keeping all DNS configuration
and data you already set. For instance, you already have a DNS smart architecture configured
in Master-Slave that includes two DNS servers -one in master and the other in slave- and you
plan to change your DNS configuration type from Master-Slave to Multi-Master. By editing the
smart architecture, you can change its type and configure the role of servers.

To change the type of a DNS Smart Architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the smart architecture of your choice, click on . The properties
page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. In the DNS server type list, make sure DNS smart architecture is selected. Click on NEXT .
The next page of the wizard appears.
6. If need be, modify the smart architecture basic parameters. For more details, refer to the
table DNS Smart Architecture Basic Parameters of this guide. Click on NEXT . The next page
of the wizard appears.
7. In the DNS smart architecture list, modify the type of your DNS smart architecture. Click on
NEXT . The DNS servers role configuration page of the wizard appears.

8. Select the server you want to modify and click on next to the corresponding list. The
server is moved back to the Available DNS servers drop-down list. Repeat this action for
any server whose role you want to change.
9. In the Available DNS servers drop-down list, select the DNS server of your choice.
10. Define the role of the server using the + HIDDEN MASTER , + PSEUDO MASTER , + MASTER or + SLAVE
buttons depending on the smart architecture. The selected server is moved to the corres-
ponding list. Repeat these actions for the other servers.

If you selected the Master/Slave, Mutli-Master, Stealth or Single-Server architecture, go to

step 12.
11. If you selected the Farm architecture, click on NEXT . The Advanced settings page appears.

a. In the NS record field, type in the hostname of your external load balancer if need be.
It can also be a name server.

481
 Managing DNS Smart Architectures

b. Click on ADD . The name is moved to the Published name servers list. Repeat these
actions for as many load balancers or NS records as needed. The DNS clients will from
then on send their request to the specified load balancer(s) that will redirect the requests
to the least used server. Keep in mind that each NS record will be saved in each zone
and displayed on the All RRs list of the physical servers managed by the smart architec-
ture.

Note
To run properly, your load balancer must be configured to list all the DNS
servers managed by the smart architecture and should be manually updated
if you change the list of physical servers managed by the architecture.

To perform changes in the Published name servers list, select a record and click on
UPDATE or DELETE depending on your needs. When updating, you can discard any
changes using CANCEL .

12. Click on OK to commit your changes. The report opens and closes. The All servers listing
page is visible again. The Type column displays your changes.

Deleting a DNS Smart Architecture

At any time, you can decide to stop managing your DNS servers through the smart architectures.
Keep in mind that if you do decide to delete the smart architecture you will not loose any data
but simply stop managing the server through the smart architecture. Therefore, the configuration
backup that comes with the smart architecture will be deleted as well, if the server crashes after
that you will have to configure everything manually.

If you want to delete a smart architecture because you want to change the smart architecture,
note that you do not need to delete the smart architecture at all. See the part Changing the Type
of DNS Smart Architecture for more details.

Note
You cannot delete a smart architecture if it is still managing DNS servers.

To delete a DNS smart architecture

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. If the smart architecture is managing DNS servers, remove them according to the section
Removing a DNS Server from a Smart Architecture of this guide.
4. Tick the smart architecture you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The smart architecture is
no longer listed. All the servers that used to be managed are listed as DNS servers of
whatever kind in the Type list.

482
 Managing DNS Smart Architectures

Defining a DNS Smart Architecture as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a smart architecture as one of the resources of a specific group will allow the
users of that group to manage the architecture in question as long as they have the corresponding
rights and delegations granted.

Granting access to a smart architecture as a resource will also make every physical server it
contains available. For more details, refer to the section Assigning Objects as Resource in the
chapter Managing Groups of administrator of this guide.

483
Chapter 39. Managing DNS Servers
Within the DNS module, the server is the highest level of the hierarchy where you set the basis
of any DNS configuration. You can either manage servers independently or a within a smart ar-
chitecture that will allow you to configure a number of useful parameters. The smart architectures
also provide a backup of the configuration, which is very useful if your server were to crash. For
more information regarding the available smart architectures for DNS see the Deploying DNS
Smart Architectures and Deploying DNS Smart Architectures chapters of this documentation.

Browsing DNS Servers

server

view

zone

dns-navsrv
RR

Figure 39.1. The Server in the DNS Hierarchy

SOLIDserver displays the DNS servers it manages from a list.You can display the list of the DNS
servers by clicking on DNS servers navigation bar from the DNS tab.

Figure 39.2. DNS: All Servers

Browsing the DNS Servers Database

To list the DNS servers through the DNS homepage

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.

To list the DNS servers through the breadcrumb

1. Go to the DNS tab.

2. Click on All servers in the breadcrumb. The DNS All servers list opens.

To display the properties of a DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The server properties pages
opens.

On the properties page of a physical server, the DNS server statistics panel displays all queries
statistics in a set of graphs.

484
 Managing DNS Servers

Customizing the DNS servers Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

Understanding the DNS Servers Statuses

The statuses of the DNS servers provide a report on their operations. Servers statuses are dis-
played on the right end of the servers list. The table below explains the different statuses:

Table 39.1. DNS Servers Statuses

Status Description
OK The server is operational.
Timeout The server does not answer anymore due to a scheduled configuration
of the server.
License The license used in SOLIDserver is not compliant with the added server:
the license is invalid.
Invalid credentials The SSL credentials are invalid.
Syntax error The server configuration could not be parsed properly.
Invalid settings There was a setting error during the server declaration. For instance,
some settings were added to a server that does not support them or a
smart architecture is not managing any physical server.
ESC The ESC (Error SNMP Configuration) status indicates there was an
SNMP profile error during the server configuration.
Insufficient privileges The provided account does not have sufficient privileges to remotely
manage the MS server.
Unmanaged The server is not available due to a disabling operation.

Note that the Sync column will change in accordance with the Status column: while the server
synchronization is not OK yet, the Sync column might be Busy. In the same way, a physical
server can be in Locked Synchronization like a smart architecture. Refer to the Locked Synchron-
ization Status section of this guide for more details.

Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the server compatibility with Hybrid. For more details, refer
to the Multi-status Column section or the chapter Hybrid DNS Service of this guide.

Managing an EfficientIP DNS Server

SOLIDserver provides an EfficientIP DNS server that can be managed from a central SOLIDserver
platform. Therefore allowing you to configure these servers' options, views, zones and resources
records (RR) as well.

Adding a SOLIDserver DNS Server

The SOLIDserver management console allows you to manage any DNS you need. Once you
add a new SOLIDserver DNS in the DNS server list, you can manage all its DNS configuration
and its data.

485
 Managing DNS Servers

Warning
Before managing a new DNS server, make sure that the DNS service is correctly
started on the remote SOLIDserver, please refer to the Services Configuration chapter
of the SOLIDserver guide.

To add an EfficientIP DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS. The Add a DNS server wizard opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the following fields to set up the basic server configuration:

Table 39.2. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DHCP. Keep
in mind that the server will still receive data if your network configur-
ation allows it. Any behavior set through the Mode drop-down list will
have to be applied to the server later on if you tick this box, so make
sure that the configuration you set suits your needs before you untick
the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Management Protocol drop-down list, select SSL (the default value) or SNMP. De-
pending on your selection, the Configure SSL parameters or the Configure SNMP parameters
section is visible.

a. If you selected SSL, tick the box if you modified the SSH login and password: SSL and
SSH login and password need to match. Once, the box is ticked, the fields Login and
Password appear. By default, they are both filled with admin. You can edit them both.
b. If you selected SNMP, type in the SNMP protocol related parameters that were used to
configure the remote DNS server (by default set to Hide):

Table 39.3. SNMP parameters

Fields Description
SNMP port The port used to connect to the remote SOLIDserver. By default
the port is set to 1161. If you have to change it, do not forget to
modify it in the system configuration of the remote server.

486
 Managing DNS Servers

Fields Description
Use TCP transport Use the TCP protocol instead the UDP when the network link is
not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. By default, SOLIDserver con-
figures three SNMP security profiles with three levels of security
(SNMP v1, v2c and v3).
SNMP retries The number of SNMP retries on timeouts.
Timeout The SNMP timeout in seconds.

7. In the Mode drop-down list, you can set up the following parameters:

Table 39.4. DNS Server Mode parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

8. Click on OK to commit your creation. The report opens and closes. The server is listed. The
server might appear Busy in the status column. It will change to OK after a while.

Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.

Editing the SNMP Configuration of a SOLIDserver DNS Server

To edit the SNMP configuration of a SOLIDserver DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.
5. In the SNMP version drop-down list, select the SNMP version you wish to use.
6. In the SNMP Port field, fill in the SNMP service port number to be used.

487
 Managing DNS Servers

Note
By default, SOLIDserver defined the port number 1161 as the SNMP port used
for the DNS. Under certain configurations, when a server is already using this
port, you may modify its value.

Table 39.5. SNMP parameters

Fields Description
SNMP version Version of SNMP protocol
SNMP port The port used to connect to the remote SOLIDserver. By default the
port is set to 1161. If you have to change it, do not forget to modify
it in the system configuration of the remote server.
SNMP retry Number of connection attempts.
SNMP timeout The SNMP timeout in seconds.
Use Bulk Compact SNMP request method employed to accelerate transfers
(available in versions 2 and 3)
Use TCP transport This field allows to use the TCP protocol rather than the UDP protocol
when the network link is not considered reliable.

7. Click on NEXT . The SNMP profile page opens.

8. Choose the SNMP profile of this server by:

• Choosing an SNMP profile from the SNMP Profile list, or

1
• Creating a new profile on the SNMP profiles configuration page in the Profiles panel.

9. Click on OK to commit your changes or CANCEL to discard your changes. The properties
page is visible again.

Managing a Microsoft DNS Server

SOLIDserver supports the management of native Microsoft DNS servers using three methods:

• Agentless Microsoft DNS Server: SOLIDserver provides a way of managing your Microsoft
DNS server from the GUI. This method does not require the installation of a WinDNS agent
like it used to. For more details, refer to the section Managing an Agentless Microsoft DNS
Server below.
• Microsoft DNS Server via Active Directory: even if your server is integrated to Active Directory
you can manage it from SOLIDserver interface. For more details, refer to the section Managing
a Microsoft DNS Server via Active Directory below.
• Microsoft DNS Server with Agent: EfficientIP provides a dedicated agent to manage your
Microsoft DNS servers. This agent allows to remotely control Microsoft DNS servers, this way
you can configure DNS zones, DNS options, and resource records. This agent is provided as
a Microsoft Windows service, it can be monitored through the service management interface
provided by Microsoft. For more details, refer to the section Managing a Microsoft DNS Server
with Agent below.

1
This page is accessible from the Administration tab homepage, select in the menu System > SNMP profiles configuration.

488
 Managing DNS Servers

The remote management of Microsoft DNS servers still relies on Microsoft Management Console
(MMC). When you make changes directly from the MMC, SOLIDserver automatically detects it
and loads it in its database to make them available right away in the GUI.

Managing an Agentless Microsoft DNS Server

With version 5.0.1 of SOLIDserver, EfficientIP introduced the Agentless Microsoft DNS server.
Meaning that you do not need to install the WinDNS agent anymore to manage your Microsoft
DNS server if you do not want to. Through this Agentless server, you can remotely manage Mi-
crosoft DNS server Windows 2003, 2008 and upper but there are some limitations to this man-
agement listed in the section MS Agentless Servers Management Limitations below. This server
can be included into an Active Directory (AD) domain or not.

Understanding the Agentless Server Management

The Agentless Microsoft DNS server management through SOLIDserver is based on the Microsoft
Remote Procedure Calls (MSRPC). This inter-process communication technique provides an
efficient method to extend the notion of conventional, or local procedure calling, in such a way
that there is no need to have the called procedure and the calling procedure in the same space
of addresses anymore. The two processes can either be on the same system or on different
systems as long as they have a network connecting them. That way, programmers of distributed
applications avoid the details of the interface with the network. Plus, the transport independence
of RPC isolates the application from the physical and logical elements of the data communications
mechanism and allows the application to use a variety of transports.

Through MSRPC, the client first calls a procedure to send a data packet to the server. Upon re-
ception of the packet, the server calls a dispatch routine to perform the requested service, and
then sends back a reply. Finally, the procedure call returns to the client. That's how EfficientIP
offers a new way of managing your Microsoft DNS server and no longer requires the installation
of an agent. This simplifies drastically the Windows server management.

Adding an Agentless Microsoft DNS Server

The procedure to add an Agentless Microsoft DNS Server is fairly similar to the other Microsoft
DNS servers. Keep in mind that before proceeding you will need the credentials of a user with
sufficient privileges to manage the server.

Note that if your Microsoft DNS server is integrated to an AD with several forests, you can use
the Expert mode to display the AD domain field under the credentials fields and type the domain
of the AD that you want to manage through SOLIDserver:

To add an agentless Microsoft DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Microsoft DNS (agentless). The Add a DNS server wizard
opens.
4. If you or your administrator created classes at the all servers level, you can select one or
None. Click on NEXT . The next page of the wizard appears.
5. In the DNS server name field, name your server or type in an FQDN containing the Microsoft
DNS server followed by the domain as follows: servername.domain.

489
 Managing DNS Servers

6. In the Management IP address field, type in the IPv4 address of the Microsoft DNS server
you want to manage.

Tip
With the proper network configuration (Administration tab), if you enter the name
of your DNS server in this field and click on SEARCH , the IP address will be re-
trieved through the DNS and displayed.

7. In the Isolated section, tick the box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as it will prevent the server
from pushing any data to the DHCP. Keep in mind that the server will still receive data if your
network configuration allows it. Any behavior set through the Mode drop-down list will have
to be applied to the server later on if you tick this box, so make sure that the configuration
you set suits your needs before you untick the box.
8. In the Description field, you can type in a description if you want.
9. In the Mode drop-down list, you can set up the following parameters:

Table 39.6. DNS Server Mode Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

10. Click on NEXT . The last page of the wizard opens.

11. In the Users field, type in the name of a user with sufficient managing privileges over the
Windows DNS server.
12. In the Password field, type in the corresponding password.
13. In the Expert mode (AD) section, tick the box if your Windows DNS server is integrated to
Active Directory and contains several forests. The AD domain field appears.
14. In the AD domain field, type in the name of the domain you want to manage.
15. Click on OK to commit your creation. The report opens and closes. The server is listed, in
the Version column the Microsoft server version is indicated.

Warning
When configuring the MS Agentless DNS server, the zones allow-transfer ACL must
contain the management IP address.

MS Agentless DNS Server Limitations

The management of Microsoft DNS servers within SOLIDserver has some limitations closely
linked to the MS limitations themselves. For more details regarding the MS servers limitations
refer to the documentation provided by Microsoft.

490
 Managing DNS Servers

Server Limitations

Server Refresh Limitations

The DNS server parameters, the list of zones and their parameters have to be refreshed
manually. However, the content of the zones is still refreshed automatically every 3600
seconds (by default).
AD Integrated Server Limitations
The AD configuration of the AD integrated DNS servers often includes security settings that
prevent the creation or modification of the DNS zones.
Forward Parameter Limitations
If the Forward parameter is set to != none at the server level but a list of forwarders is provided
anyway, the forwarders will be pushed onto the MS DNS server.

ACL Limitations

Table 39.7. Allow-update ACL Configuration Limitations

Allow-update Set To MS Behavior
admin;any; The update rights are granted to anyone.
any; The update rights are granted to anyone.
admin; If the zone is AD integrated, the update is changed to Secure Only.
Any other parameter The update is impossible, the allow-update will be set to no update.

Table 39.8. Allow-transfer ACL Configuration Limitations

Allow-transfer Set To
any;
No parameter is set
none;
eip_ns_only;
Any other parameter
Any other parameter
MS Behavior
The transfer rights are granted to anyone.
The transfer rights are granted to anyone.
The transfer rights are not granted to anyone.
Only the transfer of the zone NS resource records is granted.
If ACLs are set, they are ignored.
If IP addresses are listed, the allow-transfer will be granted to the
Specified IP Address List and to the zone NS resource records.

Zone Limitations

Zone Reverse Addressing Limitations in IPv6

The zones e164.arpa (phone numbers dedicated reverse mapping domain suffix) and ip6.int
(deprecated reverse mapping name space) are not supported by Microsoft.
Zone Forwarding Limitations
Microsoft does not support the creation of Forward zones with the forwarding parameter set
to None.
Zone Notify Limitations
If nothing is specified during the Notify configuration then by default, the Notify is set to NS
only.

RR Limitations

The Agentless MS DNS server management supports the following resource records: SOA, A,
NS, PTR, MX, CNAME, SRV, TXT and AAAA.

491
 Managing DNS Servers

Managing a Microsoft DNS Server via Active Directory

Active Directory provides the ability to deploy multiple master DNS servers, that rely on it to
replicate their DNS data. Microsoft Active Directory is based on a replicated LDAP compliant
directory. In the architecture, Active Directory is used for the provisioning of all authentication
and network services, including DNS and DHCP for a small part.

SOLIDserver supports the management of Microsoft domains integrated in Active Directory even
with with zones stored on Domain Controllers (DC). To control Microsoft DNS servers, SOLID-
server uses the DDNS (RFC2136) protocol. In addition, it relies on the GSS-TSIG algorithm to
secure users authentication as it provides a modified form of TSIG authentication that uses the
Kerberos v5 authentication system (RFC3645). SOLIDserver connects directly on the Active
Directory to retrieve the Microsoft domains you already configured.

This management method does not need a remote agent to manage DNS domains integrated
within Active Directory. An account must be created for SOLIDserver to allow it to connect to the
Active Directory server and to the DNS server that authenticate on its local Domain Controller
(DC). The creation of this account and its configuration is detailed in the following sections. The
management capabilities of these servers are more restricted than others DNS servers like Effi-
cientIP ones. As long as Microsoft DNS servers run through Active Directory, the content of their
Master Zones is manageable by SOLIDserver.

Prerequisites

• A Microsoft server containing a configured Active Directory.

• A working DNS Microsoft Server.

Caution
The Microsoft DNS Agentless cannot create DNS zone.

The zone listing displays only AD zones.

Creating an Account in Active Directory

A user account with DNS administrator rights must be created in the Active Directory base to allow
SOLIDserver to perform updates on the Microsoft domains.

DNS Active Directory administrator account creation

1. On the Microsoft Active Directory server, launch the Active Directory user configuration
tool.
2. Create a new user account for SOLIDserver, validate it by clicking on OK.
3. Edit the new user account properties and make it a member of DnsAdmins group.
4. Close the tool, by clicking on OK.

Adding an Active Directory Microsoft DNS Server

To import an Active Directory server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.

492
 Managing DNS Servers

3. In the menu, select Add > Server > Microsoft DNS (via AD). The Add a DNS server wizard
opens.
4. If you or your administrator created classes at the all servers level, you can select one or
None. Click on NEXT . The next page of the wizard appears.
5. Fill in the following fields to set up the basic server configuration:

Table 39.9. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your Microsoft DNS server. This
field is compulsory.
Management IP ad- In this field, fill in the IPv4 address of your Microsoft DNS server.
dress This field is compulsory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DHCP. Keep
in mind that the server will still receive data if your network configur-
ation allows it. Any behavior set through the Mode drop-down list will
have to be applied to the server later on if you tick this box, so make
sure that the configuration you set suits your needs before you untick
the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Mode drop-down list, you can set up the following parameters:

Table 39.10. DNS Server Mode Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

7. Click on NEXT . The last page of the wizard opens.

8. In the Users field, type in the name of a user belonging to an administrators group that has
sufficient rights over the server; following the format user@domain.
9. In the Password field, type in the corresponding password.
10. In the AD Domain field, type in the chosen user's Active Directory Domain name in capital
letters.
11. Click on OK to commit your creation. The report opens and closes. The new server is listed.

493
 Managing DNS Servers

Caution
The Microsoft Server and SOLIDserver must be configured with the same time. In
addition, the zones that we want to handle must be configured to allow transfers.

The DNS resolver of SOLIDserver must be able to solve the name of the Microsoft
DNS server.

For more details regarding AD domains through the GUI, refer to the section Hosting Active dir-
ectory Domain Zones of this guide.

Editing the Properties of an Active Directory DNS Server

To modify the main properties of an Active Directory DNS server

1. Display the properties page of the DNS server. For more details, see To display the properties
of a DNS Server
2. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
3. If the DNS Server type field, change the type if need be.
4. Click on NEXT . The last page of the wizard opens.
5. Fill the requested fields:

Table 39.11. Active Directory DNS Server Parameters

Champs Description
Management IP ad- The IP address of the server to be imported.
dress
User The name of the administrator who has rights to update the DNS
server.
Password The administrator's password.
Domain The Microsoft Domain Name
Space The space to which the server belongs.

6. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.

Deleting an Active Directory Microsoft DNS Server

To delete an Active Directory server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the server(s) you want to delete and in the menu select Edit > Delete. The Delete wizard
opens.
4. Click on OK to commit your choice. The report opens and closes. The server(s) is no longer
listed.

494
 Managing DNS Servers

Managing a Microsoft DNS Server with Agent

As SOLIDserver is able to manage without an agent, the Microsoft DNS domains integrated in
Active Directory. EfficientIP also provides an agent allowing you to administer the entire Microsoft
DNS server which are not integrated in Microsoft Active Directory. WinDNSManager is the agent
used to remotely manage Microsoft DNS Windows 2000, 2003, and 2008 servers. This agent is
provided as a Microsoft Windows service, it can be monitored through the service management
interface provided by Microsoft.

Prerequisites

• An open TCP port (4001 by default) on the Windows server must be accessible from manage-
ment platform.
• A Windows 2000, 2003, or 2008 server with Microsoft DNS service already configured.
• The IP address of the EfficientIP management platform must be added in the allow-transfer
access list of each DNS servers to manage.
• To be connected on DNS server with the Windows administrator rights during the installation
of the service.

Modification, update or removal of the WinDNS Manager service requires stopping the DNS
service on the Windows server during this procedure. The WinDNS Manager installation needs
the Windows DNS server to restart. It is not recommended to use the WinDNS Manager service
competition with a non Microsoft DNS system control.

Installing WinDNSManager

To install the WinDNSManager service

1. Execute the installation file Setup-EIPWinDNSMgr-v_._._-w2k-i386.exe for Microsoft Windows

2000 or Setup-EIPWinDNSMgr-v_._._-w2k3-i386.exe for Microsoft Windows 2003 or Windows
2008.
2. In the Welcome WinDNS Manager Setup Wizard window click on Next to continue. The next
page of the wizard appears.

Figure 39.3. WinDNSManager installation

495
 Managing DNS Servers

3. After Ready to Install page, click on Next to install. The next page of the wizard appears.
4. In the Completing the WinDNSManager Setup Wizard page, click on Finish to finish the in-
stallation.

Description of the Installation on Windows 2000

The following operations will be done during the installation on Microsoft Windows 2000 server:

• Copy of eip-windns.exe in the directory C:\Program Files\eip\.

• Copy of eip-windns.cpl in the directory C:\Program Files\eip\.
• Copy of dnsschema.mof in the directory C:\system32\wbem\.
• Copy of dnsprov.dll in the directory C:\system32\wbem\.
• Registry update: Root: HKLM; Subkey: SOFTWARE\EfficientIP\WinDNS; ValueType: string;
ValueName: Datapath; ValueData: {app}\; Flags: createvalueifdoesntexist uninsdeletevalue
• Registry update: Root: HKLM; Subkey: SOFTWARE\Microsoft\Windows\CurrentVersion\Control
Panel\Cpls; ValueType: string; ValueName: eip-windns; ValueData: {app}\eip-windns.cpl; Flags:
createvalueifd

Description of the Installation on Windows 2003

The following operations will be done during the installation on Microsoft Windows 2000 server:

• Copy of eip-windns.exe in the directory C:\Program Files\eip\.

• Copy of eip-windns.cpl in the directory C:\Program Files\eip\.
• Registry update: Root: HKLM; Subkey: SOFTWARE\EfficientIP\WinDNS; ValueType: string;
ValueName: Datapath; ValueData: {app}\; Flags: createvalueifdoesntexist uninsdeletevalue
• Registry update: Root: HKLM; Subkey: SOFTWARE\Microsoft\Windows\CurrentVersion\Control
Panel\Cpls; ValueType: string; ValueName: eip-windns; ValueData: {app}\eip-windns.cpl; Flags:
createvalueifd

Defining a Microsoft DNS Server

To configure the WinDNSManager service

1. Open the configuration panel of the Windows server, from the Start > Parameters > Config-
uration Panel.
2. In the Configuration Panel window, double click on the WinDNSManager icon, the
WinDNSManager service open a new window.

496
 Managing DNS Servers

Figure 39.4. WinDNSManager configuration

3. In the IPMServer Address field, enter the IP address of the SOLIDserver platform.
4. Enter the port that the management platform will use to connect to the agent. The port
number 4001 is used by default.
5. Tick the Read only mode checkbox to refuse all changes made from the management plat-
form.
6. If you plan on using secure the connection between the management platform and the
WinDNSManager agent, you must tick the SSL Enabled checkbox.

Once you have selected the SSL mode, the Certificate file field appears. You have the
choice to set the SSL certificate:

• Click on Browse... to select a file containing the SSL certificate.

• Click on Generate certificate... to automatically generate a self signed certificate.

7. From the Logging level list, select the level of debugging you would display. This setting is
used to specify the type of severity is logging the message in the file C:\Program
Files\eip\windns.log.
8. Enter in the Max log size the maximum size of the log file.
9. Click on OK to apply the configuration.
10. The window will automatically close once WinDNS Manager has restarted.

Managing a BIND DNS Server

Efficient IP provides its software versions through native packages of operating system. There
are two versions of Linux packages supported with SOLIDserver from version 5.0.0. The legacy
version (v4) respects the SNMP protocol, whereas the latest version (v5) works with SSL. Thus,
the prerequisites before installing the packages and manage a BIND server differ.

Installing the DNS package allows you to use the DNS module of SOLIDserver at the best of its
potential on Linux, Unix, FreeBSD and Solaris: it allows you to manage your BIND server through
an EfficientIP DNS server, which incidentally provides all the options that come with it (DNS
statistics, etc.).

497
 Managing DNS Servers

Managing EfficientIP BIND Linux Packages v4

In the sections below are a set of procedures to successfully install the DNS packages on Debian,
FreeBSD, Redhat, Suse and Solaris. Once the installation that suits your needs is complete, you
can add your BIND server to the management following the steps in the section Adding a BIND
DNS server.

Prerequisite to Install the EfficientIP BIND Package

• The EfficientIP BIND package platform must have at least 8Mo of free memory space;
• EfficientIP BIND package may need certain libraries of your operating system, you must have
a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must have the media (CDROM) or access the operating system distribution of your server
by the network;
• You must install the native SNMP library of your Linux system;
• You must be sure not to interfere with an existing SNMP service on your server;
• You must make sure that SNMP ports (161, 162) are not blocked by a network filtering process
(firewall).

Installing the BIND Package on Debian System

The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.

Note
The results of the commands can be different according to the platform characteristics.

To install ipmdns package

• Execute under root login, the installation of ipmdns package:

# dpkg -i ipmdns-4.*-i386.deb

Selecting previously deselected package ipmdns.

(Reading database ... 18631 files and directories currently installed.)
Unpacking ipmdns (from ipmdns-4.0-i386.deb) ...
Setting up ipmdns (4.0) ...Setting rc. files
To configure iPmDns: /usr/local/nessy2/script/configure/configure_ipmdns.sh
To start iPmDns: /etc/init.d/ipmdns start

The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the management SOLIDserver changes or if the IP address (or name) of server
hosting the DNS service, it is recommended to re-execute the configuration script.

To configure ipmdns service

1. Execute the ipmdns configuration under root login:

#/usr/local/nessy2/script/configure/configure_ipmdns.sh

==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk

498
 Managing DNS Servers

+ checking for chown... /bin/chown

+ checking for ness-dns.conf... not found
+ checking for hostname... /bin/hostname
+ checking for sed... /bin/sed
+ checking for hardware architecture...i686
+ checking for processor architecture...unknown
+ checking for operating system name...Linux
+ checking for operating system release...2.2.20-idepci
+ checking for hostname...debian
==================================================
Configuration requests
==================================================

2. Fill in the IP address of the SOLIDserver management as IPMserver address:

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n":

Do you want to edit SNMP parameters ? (Y/N) ? [N]

==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done

The Debian init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdns because
it is standard and easy to use with Debian.

The Debian init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represent the six default runlevels configured by default under Debian. The
launch and halt scripts are located in these directories.

Table 39.12. Launch and halt scripts of IPMDNS on Debian

Script Description
/etc/init.d/ipmdns ipmdns launch and halt
/etc/rc2.d/K15ipmdns ipmdns halt
/etc/rc3.d/S15ipmdns ipmdns launch

To launch ipmdns

• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start

The process will be launched in background as a daemon.

To halt ipmdns

• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop

Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.

499
 Managing DNS Servers

Installing the BIND Package on FreeBSD System

The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.

Note
The results of the commands can be different according to the platform characteristics.

To install ipmdns package

• Execute under root login, the installation of ipmdns package:

# pkg_add ipmdns-4.*-freebsd*-intel.tgz
To configure iPmDns: /usr/local/nessy2/script/configure/configure_ipmdns.sh
To start iPmDns: /usr/local/etc/rc.d/ipmdns.sh start

The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.

To configure ipmdns service

1. Execute the ipmdns configuration under root login:

#/usr/local/nessy2/script/configure/configure_ipmdns.sh
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/sbin/chown
+ checking for ness-dns.conf... /usr/local/share/snmp/ness-dns.conf
+ checking for hostname... /bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... i386
+ checking for processor architecture... i386
+ checking for operating system name... FreeBSD
+ checking for operating system release... 4.9-STABLE
+ checking for hostname... dell.intranet
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []

2. Fill in the IP address of the SOLIDserver management as IPMserver:

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n":

Do you want to edit SNMP parameters ? (Y/N) ? [N]
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done

The FreeBSD init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdns because it is standard and easy to use with FreeBSD.

500
 Managing DNS Servers

The FreeBSD init files are located in the /usr/local/etc/rc.d/ et /usr/local/etc/init.d directories. Each
of the numbered directories /usr/local/etc/rc.d represent the six default runlevels configured by
default under FreeBSD. The launch and halt scripts are located in these directories.

Table 39.13. Launch and halt scripts of IPMDNS on FreeBSD

Script Description
/usr/local/etc/init.d/ipmdns.sh ipmdns launch and halt
/usr/local/etc/rc2.d/K15ipmdns.sh ipmdns halt
/usr/local/etc/rc3.d/S15ipmdns.sh ipmdns launch

To launch ipmdns

• Execute under root login the ipmdns script with the start parameter:
# /usr/local/etc/init.d/ipmdns.sh start

The process will be launched in background as a daemon.

To halt ipmdns

• Execute under root login the ipmdns script with the stop parameter:
# /usr/local/etc/init.d/ipmdns.sh stop

Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.

Installing the BIND Package on Redhat and Suse System

The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.

Note
The results of the commands can be different according to the platform characteristics.

To install ipmdns package

• Execute under root login, the installation of ipmdns package:

# rpm -ivh ipmdns-4.*-intel.i386.rpm

Setting rc. files

To configure iPmDns: /usr/local/nessy2/script/configure/configure_ipmdns.sh
To start iPmDns: /etc/init.d/ipmdns.sh start

The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.

To configure ipmdns service

1. Execute the ipmdns configuration under root login:

501
 Managing DNS Servers

#/usr/local/nessy2/script/configure/configure_ipmdns.sh

==================================================
Checking
==================================================
+ checking for awk... /bin/awk+ checking for chown... /bin/chown
+ checking for ness-dns.conf... /usr/local/share/snmp/ness-dns.conf
+ checking for hostname... /bin/hostname+ checking for sed... /bin/sed
+ checking for hardware architecture...i686
+ checking for processor architecture...unknown
+ checking for operating system name...Linux
+ checking for operating system release...2.4.20-28.7
+ checking for hostname...rh73.intranet
==================================================
Configuration requests
==================================================

2. Fill in the IP address of the management SOLIDserver as IPMserver:

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n":

Do you want to edit SNMP parameters ? (Y/N) ? [N]

==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done

The RedHat/Suse init runlevel provides a standard process for controlling which programs init
launches or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ip-
mdns because it is standard and easy to use with RedHat.

The RedHat/Suse init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the
numbered directories /etc/rc.d represent the six default runlevels configured by default under
RedHat/SUse. The launch and halt scripts are located in these directories.

Table 39.14. Launch and halt scripts of IPMDNS on RedHat/Suse

Script Description
/etc/init.d/ipmdns ipmdns launch and halt
/etc/rc2.d/K15ipmdns ipmdns halt
/etc/rc3.d/S15ipmdns ipmdns launch

To launch ipmdns

• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start

The process will be launched in background as a daemon.

To halt ipmdns

• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop

Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.

502
 Managing DNS Servers

Installing the BIND Package on Solaris System

The IPMDNS package contains all programs, libraries, and configuration scripts for the deployment
of Efficient IP DNS service.

Note
The results of the commands can be different according to the platform characteristics.

To install ipmdns package

1. Execute under root login, the installation of ipmsnmp package:

# pkgadd -d ./ipmsnmp-4.*-solaris*-sparc.pkg ipmsnmp

Processing package instance <ipmsnmp>

from </export/home/packages/ipmsnmp-4.0-solaris9-sparc.pkg>
EfficientIP IPM NET-SNMP 4.0(sparc) EfficientIP IPM NET-SNMP
EfficientIP
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing EfficientIP IPM NET-SNMP 4.0 as <ipmsnmp>
## Installing part 1 of 1./usr/local/nessy2/lib/libnetsnmp.so
<symbolic link>/usr/local/nessy2/lib/libnetsnmp.so.4
<symbolic link>/usr/local/nessy2/lib/libnetsnmp.so.4.0
/usr/local/nessy2/lib/libnetsnmpagent.so
<symbolic link>/usr/local/nessy2/lib/libnetsnmpagent.so.4
<symbolic link>/usr/local/nessy2/lib/libnetsnmpagent.so.4.0
/usr/local/nessy2/lib/libnetsnmphelpers.so
<symbolic link>/usr/local/nessy2/lib/libnetsnmphelpers.so.4
<symbolic link>/usr/local/nessy2/lib/libnetsnmphelpers.so.4.0
/usr/local/nessy2/lib/libnetsnmpmibs.so
<symbolic link>/usr/local/nessy2/lib/libnetsnmpmibs.so.4
<symbolic link>/usr/local/nessy2/lib/libnetsnmpmibs.so.4.0
[ verifying class <none> ]Installation of <ipmsnmp> was successful.

2. Execute the decompression of ipmdns package:

# gunzip ipmdns-4.*-solaris*-sparc.pkg.gz

3. Execute under root login, the installation of ipmdns package:

# pkgadd -d ./ipmdns-4.*-solaris*-sparc.pkg ipmdns

Processing package instance <ipmdns>

from </export/home/packages/ipmdns-4.0-solaris9-sparc.pkg>
EfficientIP IPM DNS 4.0(sparc)
EfficientIP IPM DNS
EfficientIP
## Processing package information.
## Processing system information.
6 package pathnames are already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
This package contains scripts which will be executed with super-user
per mission during the process of installing this package.
Do you want to continue with the installation of <ipmdns> [y,n,?]

4. Type 'Y' to validate the installation:

Installing EfficientIP IPM DNS 4.0 as <ipmdns>
## Executing preinstall script.
## Installing part 1 of 1.
/etc/init.d/ipmdns
/etc/rc0.d/K15ipmdns

503
 Managing DNS Servers

/etc/rc1.d/K15ipmdns
/etc/rc2.d/K15ipmdns
/etc/rc3.d/S51ipmdns
/etc/rcS.d/K15ipmdns
/usr/local/nessy2/bin/named
/usr/local/nessy2/bin/rndc
/usr/local/nessy2/script/configure/configure_ipmdns.sh
/usr/local/nessy2/share/named/named.conf.sample
/usr/local/nessy2/share/named/named.root.sample
/usr/local/nessy2/share/snmp/ness-dns.conf.sample
[ verifying class <none> ]
## Executing postinstall script.
To configure iPmDns: /usr/local/nessy2/script/configure/configure_ipmdns.sh
To start iPmDns: /etc/init.d/ipmdns startInstallation of <ipmdns> was successful.

The parameters setting of EfficientIP BIND package software is carried out thanks to a configur-
ation script provided in the package.This script can be executed after the installation if necessary.
The IPMDNS server configuration must be executed before the launching of service. If the IP
address of the SOLIDserver management or if the IP address (or name) of server hosting the
DNS service changes, it is recommended to re-execute the configuration script.

To configure ipmdns service

1. Execute the ipmdns configuration under root login:

#/usr/local/nessy2/script/configure/configure_ipmdns.sh
==================================================
Checking
==================================================
+ checking for awk... /usr/bin/awk
+ checking for chown... /usr/bin/chown
+ checking for ness-dns.conf... /usr/local/share/snmp/ness-dns.conf
+ checking for hostname... /usr/bin/hostname
+ checking for sed... /usr/bin/sed
+ checking for hardware architecture... sun4u
+ checking for processor architecture... sparc
+ checking for operating system name... SunOS
+ checking for operating system release... 5.9
+ checking for hostname... e250
==================================================
Configuration requests
==================================================
Enter the iPmServer address ? []

2. Fill in the IP address of the management SOLIDserver as IPMserver:

Enter the iPmServer address [] 10.0.0.41

3. Edit SNMP parameters, type "n":

Do you want to edit SNMP parameters ? (Y/N) ? [N]
==================================================
Updating
==================================================
+ update /usr/local/share/snmp/ness-dns.conf ...done
+ create /var/net-snmp/ness-dns.conf... done
+ delete tempory files... done

The Solaria init runlevel provides a standard process for controlling which programs init launches
or halts when initializing a runlevel. Efficient IP chose to use init to launch and halt ipmdns because
it is standard and easy to use with Solaris.

The Solaris init files are located in the /etc/rc.d/ et /etc/init.d directories. Each of the numbered
directories /etc/rc.d represent the six default runlevels configured by default under Solaris. The
launch and halt scripts are located in these directories.

504
 Managing DNS Servers

Table 39.15. Launch and halt scripts of IPMDNS on Solaris

Script Description
/etc/init.d/ipmdns ipmdns launch and halt
/etc/rc2.d/K15ipmdns ipmdns halt
/etc/rc3.d/S15ipmdns ipmdns launch

To launch ipmdns

• Execute under root login the ipmdns script with the start parameter:
# /etc/init.d/ipmdns start

The process will be launched in background as a daemon.

To halt ipmdns

• Execute under root login the ipmdns script with the stop parameter:
# /etc/init.d/ipmdns stop

Once the installation is complete, you can add your BIND server to the management following
the steps in the section Adding a BIND DNS server.

Managing EfficientIP BIND Linux Packages v5

In the sections below are a set of procedures to successfully install the DNS packages v5 on
Linux Debian/Ubuntu and CentOS/RedHat.

Installing the EfficientIP DNS Package for Linux Debian/Ubuntu 6 - 64 bits

Prerequisites

• The DNS package file, ipmdns-5.x.x-debianxx-amd64.deb, whose name provides you with a
number of information separated by hyphens: the type of package (ipmdns, so a DNS package),
the version of SOLIDserver (5.x.x); the version of Debian (debianxx where xx is x dot x) and
finally the Debian architecture (amd64). In the procedure below, this file will be referred to as
ipmdns*;
• The EfficientIP BIND package platform must have at least 20 Mo of free disk space;
• The EfficientIP BIND package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that Apache server is up-to-date and running.
• You must make sure that SOLIDserver and Debian/Ubuntu are set to the same time and date,
• You must make sure that HTTPS (port 443) and the DNS service (port 53) are not blocked by
a network filtering process (firewall).

Note
If your Apache configuration already uses the port 443, you have to create an ad-
ditional IP-based VirtualHost dedicated to the DNS management.

505
 Managing DNS Servers

Installing the EfficientIP DNS Package

You can install the EfficientIP DNS Package on both Debian and Ubuntu Linux.

If you have not installed the DHCP packages yet, you need to:

1. follow the procedure To install the EfficientIP DNS Package on Debian and Ubuntu.
2. follow the procedure To complete the DNS package installation on Debian/Ubuntu if the DHCP
package is not installed.

If you already installed the DHCP packages, you only need to follow the procedure To install
the EfficientIP DNS Package on Debian and Ubuntu below.

The procedure below includes the commands that make the webservices configurable.

To install the EfficientIP DNS Package on Debian and Ubuntu

1. Open an SSH session.

2. Stop and disable your DNS software, using the following commands:
# service bind9 stop
# update-rc.d -f bind9 remove

3. Install the dependency packages, ONLY if you have not installed the EfficientIP DHCP
package, using the following commands:
# apt-get install php5
# apt-get install sudo
# apt-get install snmpd

4. If you are using Ubuntu, install the package on Ubuntu using the following command (only
if you have not installed the DHCP package yet):
# aptitude install libssl0.9.8

5. Install the EfficientIP DNS package, using the following command:

# dpkg -i ipmdns*

6. Make the webservices configurable: in the directory /etc/sudoers.d, create the file ipmdns
containing the line below.
www-data ALL = NOPASSWD: /usr/local/nessy2/script/install_named_conf.sh, \
/usr/local/nessy2/script/push_default_zone_params.sh, \
/usr/local/nessy2/script/push_dnssec_keys_zones.sh, \
/usr/local/nessy2/script/move_dnszone_file.sh, \
/usr/local/nessy2/script/restore_named_conf.sh, \
/usr/local/nessy2/script/delete_zone_file.sh, \
/usr/local/nessy2/script/restore_zone_file.sh, \
/usr/local/nessy2/bin/rndc

7. Set the users access rights as follows:

# chmod 440 /etc/sudoers.d/ipmdns

Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dns/.htpasswd admin

506
 Managing DNS Servers

If you have not installed the DHCP package or are not planning on installing it, you must
follow the procedure below. Otherwise, if you already completed the basic configuration of the
DNS package on Debian or Ubuntu, you can add your BIND server following the package v5
dedicated procedure in the Adding a BIND DNS Server section of this guide.

To complete the DNS package installation on Debian/Ubuntu if the DHCP package

is not installed

1. Open an SSH session.

2. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440

3. Start the snmp daemon, using the following command:

# service snmpd start

4. Create a self-signed certificate for apache, using the following commands:

# cd /etc/apache2
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# openssl rsa -in server.key -out server.key.insecure
# mv server.key server.key.secure
# mv server.key.insecure server.key

5. Activate the SSL mode in Apache using the following command:

# a2enmod ssl

6. Make sure that there is a symbolic link from /etc/apache2/sites-available/default-ssl to

/etc/apache2/sites-enable/, if not, use the following command line:
# ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/

7. Configure the webservices. In the file /etc/apache2/sites-enabled/default-ssl, enter the con-

figuration below:
<VirtualHost *:443>

ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000

SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0
</VirtualHost>

8. Disable the default site in Debian Apache configuration using the following commands:

507
 Managing DNS Servers

# cd /etc/apache2/sites-enabled
# unlink 000-default

9. Restart Apache using the following command line:

# service apache2 restart

10. Make sure that the ipmdns package is running using the following command line:
# service ipmdns status

If it is not running, use the following command line:

# service ipmdns start

Once the configuration is complete, you can add and manage EfficientIP DNS servers, provided
that they also have the package installed, through SOLIDserver GUI. Refer to the package v5
dedicated procedure in the Adding a BIND DNS Server section.

Installing the EfficientIP DNS Package for Linux CentOS/RedHat 6 - 64 bits

Prerequisites

• The DNS package file, ipmdns-5.x.x-redhatx.x86_64.rpm, whose name provides you with a
number of information separated by hyphens or a point: the type of package (ipmdns, so a
DNS package), the version of SOLIDserver (5.x.x); the version of RedHat (redhatx) and finally
the Debian architecture (x86_64).
• The EfficientIP BIND package platform must have at least 20 Mo of free disk space;
• The EfficientIP BIND package may need certain libraries of your operating system, you must
have a shell access with root login in local, via telnet or ssh on the server to be installed;
• You must be sure not to interfere with an existing DNS/DHCP service on your server;
• You must make sure that SOLIDserver and RedHat/CentOS are set to the same time and date,
• You must make sure that HTTPS (port 443) and the DNS service (port 53) are not blocked by
a network filtering process (firewall).

Installing the EfficientIP DNS Package

You can install the EfficientIP DNS Package on both RedHat and CentOS Linux.

If you have not installed the DHCP packages yet, you need to:

1. follow the procedure To install the EfficientIP DNS Package on RedHat and CentOS.
2. follow the procedure To complete the DNS package installation on RedHat/CentOS if the
DHCP package is not installed.

If you already installed the DHCP packages, you only need to follow the procedure To install
the EfficientIP DNS Package on RedHat and CentOS below.

In the installation procedure below, we will also include the commands that make the webservices
configurable.

To install the EfficientIP DNS Package on RedHat and CentOS

1. Open an SSH session.

2. Stop and disable your DNS software, using the following commands:

508
 Managing DNS Servers

# service named stop

# chkconfig named off

3. If you already installed a DNS package on your system, remove it using the following com-
mand:
# yum remove bind

4. Install the dependency packages, ONLY if you have not installed the EfficientIP DHCP
package, using the following commands:
# yum install net-snmp php mod_ssl sudo php-pdo

5. Install EfficientIP DNS package, using the following command:

# rpm -ivh ipmdns*

6. If you do not have the /etc/sudoers.d/ directory on your system yet, create it using the following
command:
# mkdir /etc/sudoers.d/

7. Make sure that the etc/sudoers file contains the lines below:
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

If etc/sudoers does not contain these lines, add them.

8. Make the webservices configurable: in the directory /etc/sudoers.d, create the file ipmdns
containing the line below.
apache ALL = NOPASSWD: /usr/local/nessy2/script/install_named_conf.sh, \
/usr/local/nessy2/script/push_default_zone_params.sh, \
/usr/local/nessy2/script/push_dnssec_keys_zones.sh, \
/usr/local/nessy2/script/move_dnszone_file.sh, \
/usr/local/nessy2/script/restore_named_conf.sh, \
/usr/local/nessy2/script/delete_zone_file.sh, \
/usr/local/nessy2/script/restore_zone_file.sh, \
/usr/local/nessy2/bin/rndc

9. Set the users access rights as follows:

# chmod 440 /etc/sudoers.d/ipmdns

Note
You can change the webservice admin password using the command below:
# htpasswd -c /usr/local/nessy2/www/php/cmd/dns/.htpasswd admin

If you have not installed the DHCP package or are not planning on installing it, you must
follow the procedure below. Otherwise, if you already completed the basic configuration of the
DNS package on RedHat and CentOS, you can add your BIND server following the package v5
dedicated procedure in the Adding a BIND DNS Server section of this guide.

To complete the DNS package installation on RedHat/CentOS if the DHCP package

is not installed

1. Open an SSH session.

2. Configure or disable the firewall.

509
 Managing DNS Servers

a. To disable the firewall on the current session, use the following command:
# iptables -F

b. To disable it completely, use the following commands:

# service iptables save
# service iptables stop
# chkconfig iptables off

3. If Apache did not start automatically, start it using the following command:
# chkconfig httpd on

4. Disable selinux. In the file /etc/selinux/config, modify the line SELINUX=enforcing to match
the following one:
SELINUX=disabled

Note
Changing the selinux policy requires you to restart the system.

5. In the line /etc/sudoers, disable requiretty by making it a comment as follows:

#Defaults requiretty

6. Allow SNMP access to the DNS statistics. In the file /etc/snmp/snmpd.conf, enter the lines:
master agentx
view systemonly included .1.3.6.1.4.1.2440

7. Start the snmp daemon, using the following command:

# service snmpd start

8. Create a self-signed certificate for apache, using the following commands:

# cd /etc/httpd
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# openssl rsa -in server.key -out server.key.insecure
# mv server.key server.key.secure
# mv server.key.insecure server.key

9. Configure the webservices. In the file /etc/httpd/conf.d/ssl.conf, replace the FULL VirtualHost
section with the configuration below:
<VirtualHost *:443>
ServerName 127.0.0.1
DocumentRoot /usr/local/nessy2/www/php
php_admin_value include_path
/usr/local/nessy2/www/php/include:/usr/local/nessy2/lib/php:/usr/local/nessy2/www/site:/usr/local/share/pear
php_admin_value file_uploads 1
php_admin_value upload_max_filesize 300000000
php_admin_value post_max_size 300000000
php_admin_value memory_limit 150000000

SSLEngine on
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

510
 Managing DNS Servers

php_admin_value register_globals 0
php_admin_value short_open_tag 1
php_admin_value safe_mode 0
php_admin_value magic_quotes_gpc 0

<Directory /usr/local/nessy2/www/php>
AllowOverride All
</Directory>

</VirtualHost>

10. Check the apache configuration syntax using the following command:
[root@redhat5-64 conf.d]# apachectl configtest
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName
Syntax OK

11. Restart Apache using the following command line:

# service httpd restart

12. Make sure that the ipmdns package is running using the following command line:
# service ipmdns status

If it is not running, use the following command line:

# service ipmdns start

Once the configuration is complete, you can add EfficientIp DNS servers to manage your BIND
servers, provided that they also have the package installed, through SOLIDserver GUI. Refer to
the package v5 dedicated procedure in the Adding a BIND DNS Server section.

Adding a BIND DNS Server

Whether you installed EfficientIP BIND Linux packages v4 or v5, you will need to install an Effi-
cientIP DNS package and configure it according to your needs to manage BIND servers though
the GUI.

Adding a BIND DNS Server for a Linux Package v4

To add a BIND DNS server for a Linux package v4

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS Package. The Add a DNS server wizard
opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the following fields to set up the basic server configuration:

511
 Managing DNS Servers

Table 39.16. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. The name of the
DNS server is used as a default configuration for the primary DNS
server on each new zone you will create. This field is compulsory.
Management IP ad- In this field, fill in the IP address of your BIND server. This field is
dress compulsory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DHCP. Keep
in mind that the server will still receive data if your network configur-
ation allows it. Any behavior set through the Mode drop-down list will
have to be applied to the server later on if you tick this box, so make
sure that the configuration you set suits your needs before you untick
the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. If you installed a package v4:

a. In the Management Protocol drop-down list, select SNMP.

b. In the Configure SNMP parameters section, tick the checkbox. The SNMP related fields
appear.
c. Configure the SNMP following the table below:

Table 39.17. SNMP parameters

Fields Description
SNMP port The port used to connect to the remote SOLIDserver. By default
the port is set to 1161. If you have to change it, do not forget to
modify it in the system configuration of the remote server.
Use TCP transport Use the TCP protocol instead the UDP when the network link is
not reliable.
SNMP profile The SNMP profile that will be used for this configuration. SNMP
profiles enable the definition of a global security policy for every
server managed by SOLIDserver. By default, SOLIDserver con-
figures three SNMP security profiles with three levels of security
(SNMP v1, v2c and v3).
SNMP retries The number of SNMP retries on timeouts.
Timeout The SNMP timeout in seconds.

7. In the Mode drop-down list, you can set up the following parameters.

Table 39.18. DNS Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.

512
 Managing DNS Servers

Fields Description
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

8. Click on OK to commit the creation. The report opens and closes. The list is visible again.
The server appears in the list with status Busy. It will change to OK after a while.

Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.

Once the EfficientIP server is added, you will need to configure the SNMP and TSIG Keys in order
to manage your BIND server through the GUI.

Configuring the SNMP

With EfficientIP BIND Linux packages v4, you will need to configure the Simple Network Manage-
ment Protocol (SNMP) to control every aspect of the BIND server management.

To change the SNMP configuration of an EfficientIP server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the SNMP properties panel, click on EDIT . The SNMP parameters wizard opens.
5. In the SNMP version drop-down list, select the SNMP version you wish to use.
6. In the SNMP Port field, fill in the SNMP service port number to be used.

Note
By default, SOLIDserver defined the port number 1161 as the SNMP port used
for the DNS. Under certain configurations, when a server is already using this
port, you may modify its value. In this case, do not forget to modify it in the
system configuration of the remote server.

7. In the four remaining drop-down lists, select the needed values in accordance with the in-
formation below:

513
 Managing DNS Servers

Table 39.19. SNMP parameters

Fields Description
SNMP retry The number of times the SNMP server is going to try to connect to
the DNS server. It is closely linked to the timeout field below. By
default, there are 2 retries.
SNMP timeout The SNMP timeout in seconds. During the selected time, the SNMP
server is going to try to connect to the DNS server, if the connection
fails, the SNMP server is in timeout. By default, the timeout is set to
5 seconds. Following the default values of the retry and timeout fields,
the SNMP will try to connect to the DNS server twice every 5
seconds.
Use Bulk This field allows you to use a compact SNMP request method em-
ployed to accelerate transfers (available in versions 2 and 3).
Use TCP transport This field allows to use the TCP protocol rather than the UDP protocol
when the network link is not considered reliable.

8. Click on NEXT . The SNMP profile page opens.

9. Choose the SNMP profile of this server by:

• Choosing an SNMP profile from the SNMP Profile list, or

2
• Creating a new profile on the SNMP profiles configuration page in the Profiles panel.

10. Click on OK to commit your changes. The properties page is visible again.

Configuring the RNDC Command on BIND Servers

With EfficientIP BIND Linux packages v4, SOLIDserver uses Remote Name Daemon Control
(RNDC) to manage BIND servers. To establish the communication with the BIND server, you
need to configure specific TSIG (Transition SIGnatures) keys. These keys can also be used to
configure dynamic updates (DDNS).

Note
With EfficientIP BIND Linux packages v5, the RNDC configuration is useless as the
SSL will systematically over-write the changes made manually. To configure RNDC,
you will need to do so at server level on the smart architecture properties page.

DDNS Configuration on BIND Servers Using TSIG and HMAC-MD5 Keys

BIND mainly uses TSIG keys to establish a server to server communication including zones
transfer, recursive notification request messages. In SOLIDserver, TSIG can also be used for
dynamic updates (DDNS). A master server for a dynamic zone should use an access control for
commands updates. The IP-based access control is not sufficient, it is preferable to use TSIG
for dynamic updates as it uses the HMAC-MD5 keys to secure authentications.

HMAC is a secret-key authentication algorithm. The data integrity and data authentication used
with HMAC depend on range of secret-key distribution. If only source and destination know the
HMAC key, then the coding provides integrity of data and data authentication between both parts.
See RFC 2403.

2
This page is accessible from the Administration tab homepage, select in the menu System > SNMP profiles configuration.

514
 Managing DNS Servers

To generate HMAC-MD5 key

1. Execute under root login, the dnssec-keygen command provided in the IPMDNS package.
# /usr/local/nessy2/bin/dnssec-keygen -a hmac-md5 -b 256 -n user rndc
Krndc.+157+07659

This command generates 2 files:

# ls -la Krn*
-rw------- 1 admin wheel 66 Mar 26 12:07 Krndc.+157+07659.key
-rw------- 1 admin wheel 185 Mar 26 12:07 Krndc.+157+07659.private
#

2. Edit the private key file.

# cat *.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: Izq+POdZPRLqcCXoW6yBQWux4mDuQCvGuAw5jJXgN5E=
Bits: AAA=
Created: 20120326120709
Publish: 20120326120709
Activate: 20120326120709
#

Copy the value of the Key parameter.

3. Paste the key in the /etc/namedb/named.conf in the secret parameter of the key text block
as below.
## Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Izq+POdZPRLqcCXoW6yBQWux4mDuQCvGuAw5jJXgN5E=";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc; };
};

4. Paste the same key in the /etc/rndc.conf in the secret parameter of the key text block as
below.
key rndc {
algorithm "hmac-md5";
secret "Izq+POdZPRLqcCXoW6yBQWux4mDuQCvGuAw5jJXgN5E=";
};
options {
default-server localhost;
default-key rndc;
};

5. Restart the server.

Adding a BIND DNS Server for a Linux Package v5

To add a BIND DNS server for a Linux package v5

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > EfficientIP DNS Package. The Add a DNS server wizard
opens.
4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.

515
 Managing DNS Servers

5. Fill in the following fields to set up the basic server configuration:

Table 39.20. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. The name of the
DNS server is used as a default configuration for the primary DNS
server on each new zone you will create. This field is compulsory.
Management IP ad- In this field, fill in the IP address of your BIND server. This field is
dress compulsory.
Isolated Tick this box if you do not want your server configuration to update
any other module. It's mainly useful when dealing with migrations as
it will prevent the server from pushing any data to the DHCP. Keep
in mind that the server will still receive data if your network configur-
ation allows it. Any behavior set through the Mode drop-down list will
have to be applied to the server later on if you tick this box, so make
sure that the configuration you set suits your needs before you untick
the box.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

6. In the Management Protocol drop-down list, select SSL.

7. If you modified the SSH login and password, in the Configure SSL parameters section, tick
the checkbox. The fields Login and Password appear.
8. If need be, edit the SSH login and password to match those of the SSL. By default, they are
both filled with admin.
9. In the Mode drop-down list, you can set up the following parameters.

Table 39.21. DNS Server Default Behaviors

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

10. Click on OK to commit the creation. The report opens and closes. The list is visible again.
The server appears in the list with status Busy. It will change to OK after a while.

Warning
During the first DNS server addition, the allow-transfer option is by default con-
figured with the ACL admin. Within SOLIDserver admin corresponds to any, so
you might want to change the ACL and restrict the option use as it will be inher-
ited by the server zones. For more details, refer to the Limiting Zone Transfers
at Server Level chapter of this guide.

516
 Managing DNS Servers

Once the EfficientIP server is added, you can mange your BIND server in Linux v5 through the
GUI.

Managing a Generic DNS

SOLIDserver can manage generic DNS servers that are not: EfficientIP, Microsoft, or EfficientIP
BIND packages. However, the possibilities for managing such servers are more restricted than
they are for other DNS servers. If these DNS servers support dynamic DDNS updating as de-
scribed in RFC 2136, the contents of their zones can be administered by SOLIDserver manage-
ment console. The Generic DNS management imports the data through zone transfers from the
remote DNS server. The remote DNS server must allow zone transfers by configuring the IP
address of the SOLIDserver management to which the data will be imported.

Adding a Generic DNS Server

To fully configure and manage a Generic DNS server, you need to follow three procedures in
order to:

• Add a Generic server to the All servers list.

• Configure its TSIG parameters if need be.
• Add the DNS zones that will be managed through the server.

To add a generic DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Generic DNS. The Add a DNS server wizard appears.
4. Fill in the fields below:

Table 39.22. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.

5. Click on OK to commit the addition. The server is listed in the All servers page.

If you plan on using a TSIG key to authenticate the management console with the remote
SOLIDserver DNS, you need to edit the generic DNS server once added.

To configure the TSIG parameters of a generic DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the generic server of your choice, click on . The server properties
page opens.

517
 Managing DNS Servers

4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. If you or your administrator configured classes at the DNS server level, the DNS server class
list is visible. You can select a class if need be or None.
6. Click on NEXT . The DNS server type list is visible.
7. Click on NEXT . The last page of the wizard.
8. Tick the Configure TSIG parameters checkbox. The TSIG fields appear.
9. Fill in the fields according to the table below.

Table 39.23. TSIG parameters

Fields Description
TSIG key name In this field, type in the key name.
TSIG key method In this drop-down list, select an algorithm (either none or HMAC-
MD5).
TSIG key value In this field, type in the key itself.

10. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.

To add generic DNS server zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the Generic server. The All zones list opens.
4. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None.
6. Click on NEXT . The next page opens.
7. In the DNS zone type list, select Master.
8. In the DNS zone resolution list, select Name.
9. Click on NEXT , the next page opens.
10. Fill in the fields according to the table below:

Table 39.24. Fields to create a master zone

Fields Description
Name In this field, type in the zone name you chose. It should strictly con-
form with the syntax given in RFC1034.
Space In this drop-down list, select the space tied to that zone. Assigning
IP addresses in the selected space will update the DNS zone you
are creating.

11. Click on NEXT . The last page of the wizard appears.

12. The fields on that page are automatically filled. However you can edit them following the
table below. All the fields are compulsory.

518
 Managing DNS Servers

Table 39.25. DNS Zone Advanced Parameters

Fields Description
Primary server This field defines the primary Master server for the zone.
Responsible This field defines the administrator email address for the zone.
Serial number This field contains the zone serial number. It is automatically incre-
mented for each zone change.
Refresh This field/drop-down list contains a value that, once reached, forces
the slave server(s) to read the SOA record. If this record is higher
than the slave's one, a zone transfer will be triggered by the slave
to get the latest version of the zone. Typical values are 3 to 24 hours.
Retry This field/drop-down list defines the retry interval if the server fails
to reach the master during a refresh cycle. Typical values are 10 to
60 hours.
Expire This field/drop-down list indicates the period after which the records
are considered to be no longer valid/authoritative and the server
stops responding to queries for the zone. Typical values are 1 to 3
weeks.
Minimum This field/drop-down list indicates the period of time that negative
responses can be cached from the slave. For instance if a request
cannot be resolved, the server will answer with a NXDOMAIN result
(No such domain). The servers will continue returning this value until
the Minimum value expires, then it will retry the resolution. The value
has to be between 0 and 3 hours.
TTL This field/drop-down list indicates the default TTL (Time to Live)
duration for the SOA. Typical values are between 0 and 3 hours.

13. Click on OK to commit the creation. The report opens and closes. The report opens and
closes. The zone is listed and will be marked Delayed create before being marked OK.

Managing a Nominum ANS

In addition to traditional DNS servers, SOLIDserver allows you to manage Nominum authoritative
name servers (ANS).

To fully configure and manage a Nominum DNS server, you first need to prepare the ANS security
key, or password, related to said server and follow the procedures below in order to:

• Add a Nominum server to the All servers list.

• Add the DNS zones that will be managed through the server.

Adding a Nominum ANS Server

From the DNS All servers list you can add a Nominum ANS server.

To add a Nominum ANS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Server > Nominum ANS. The Add a DNS server wizard appears.

519
 Managing DNS Servers

4. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
5. Fill in the fields below:

Table 39.26. DNS Server Basic Parameters

Fields Description
DNS server name In this field, fill in a FQDN name for your server. This field is compuls-
ory.
Management IP ad- In this field, fill in the IP address of your server. This field is compuls-
dress ory.
Description Type in a description if you want, it will appear in the Description
columns of the All servers list. This field is optional.
ANS key Type in the security key, or password, configured on the Nominum
server. This field is compulsory.

6. Depending on the administrator configuration, the information in the Configurable behaviors

section might be editable and you will have the following choices:

Table 39.27. DNS Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

7. Click on OK to commit the addition. The server is listed on the All servers page.

Adding Zones to a Nominum ANS Server

Once you created a Nominum ANS server you can add your zones from its All zones list.

To add ANS server zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the Nominum ANS server. The All zones list opens.
4. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. In the DNS zone type list, select Master.
7. In the DNS zone resolution list, select Name.
8. Click on NEXT . The next page of the wizard opens.

520
 Managing DNS Servers

9. Fill in the fields according to the table below:

Table 39.28. Fields to create a master zone

Fields Description
Name In this field, type in the zone name you chose. It should strictly con-
form with the syntax given in RFC1034.
Space In this drop-down list, select the space tied to that zone. Assigning
IP addresses in the selected space will update the DNS zone you
are creating.

10. Click on NEXT . The last page of the wizard opens.

11. The fields on that page are automatically filled. However you can edit them following the
table below. All the fields are compulsory.

Table 39.29. DNS Zone Advanced Parameters

Fields Description
Primary server This field defines the primary Master server for the zone.
Responsible This field defines the administrator email address for the zone.
Serial number This field contains the zone serial number. It is automatically incre-
mented for each zone change.
Refresh This field/drop-down list contains a value that, once reached, forces
the slave server(s) to read the SOA record. If this record is higher
than the slave's one, a zone transfer will be triggered by the slave
to get the latest version of the zone. Typical values are 3 to 24 hours.
Retry This field/drop-down list defines the retry interval if the server fails
to reach the master during a refresh cycle. Typical values are 10 to
60 hours.
Expire This field/drop-down list indicates the period after which the records
are considered to be no longer valid/authoritative and the server
stops responding to queries for the zone. Typical values are 1 to 3
weeks.
Minimum This field/drop-down list indicates the period of time that negative
responses can be cached from the slave. For instance if a request
cannot be resolved, the server will answer with a NXDOMAIN result
(No such domain). The servers will continue returning this value until
the Minimum value expires, then it will retry the resolution. The value
has to be between 0 and 3 hours.
TTL This field/drop-down list indicates the default TTL (Time to Live)
duration for the SOA. Typical values are between 0 and 3 hours.

12. Click on OK to commit the creation. The report opens and closes. The report opens and
closes. The zone is listed and will be marked Delayed create before being marked OK.

Synchronizing a DNS Server

The synchronization of a server is automatic but administrators can synchronize servers manually
to integrate faster changes made to the zones or views databases.

521
 Managing DNS Servers

Some data, like the Sources panel of physical servers, is only visible once the server has been
successfully synchronized at least once.

To synchronize servers

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the zone(s) you want to synchronize.
4. In the menu, select Edit > Synchronize. The Synchronization wizard opens.
5. Click on OK to commit the synchronization. The report opens and closes. The page reloads.

Editing a DNS Server

To edit any kind of DNS server configuration, you need to open its properties page and edit the
panel(s) of your choice.

For more details regarding all the server configuration possibilities (forwarding, recursion, transfer,
blackhole, sortlist, etc.), please refer to the Configuring DNS Servers chapter of this guide.

To edit a DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Filter the list if need be.
4. At the end of the line of the server of your choice, click on . The properties page opens.
5. Open all the panels using .
6. In the panel of your choice, click on EDIT . The corresponding wizard opens. The panels that
do not contain the EDIT button cannot be edited.
7. Make the changes you need. Click on NEXT if need be until you get to the last page of the
wizard.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and refreshes.

Deleting a DNS Server

Granted that it is not managed by a smart architecture, you can at any time delete a DNS server
from the All servers page. This way, you stop managing it through SOLIDserver.

To delete a DNS server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Filter the list if need be.
4. Tick the server(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.

522
 Managing DNS Servers

6. Click on OK to commit the deletion. The report opens and closes. The server might be marked
Delayed delete until it is no longer listed.

Defining a DNS Server as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a server as one of the resources of a specific group will allow the users of that
group to manage the server(s) in question as long as they have the corresponding rights and
delegations granted.

Granting access to a server as a resource will also make every item it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

523
Chapter 40. Configuring DNS Servers
This chapter contains a set of procedures regarding the DNS servers possible configurations
from the forwarding, recursion, zone transfer to the restrictions and permissions for networks or
clients to query a server or its cache. Keep in mind that any configuration will be inherited by
every view, and zone managed through the server. However, most of these configurations can
be done at the view or zone level directly and will in this case override whatever parameters you
may set at the server level.

Considering these configurations are to be set from a DNS server properties page, whether
physical or not, the order of the sections will respect the order of the panel on the properties
page.

Note
At the DNS servers level, most options provide ACL configuration fields. Keep in
mind that the order of the elements listed in the ACL values field is important as each
restriction or permission will be reviewed following the order you set in the list.

Configuring DNS Forwarding at Server Level

A forwarder is a DNS server that is designated to facilitate forwarding of queries for other DNS
servers. By using a forwarder, you can manage name resolution for names outside of your network,
such as names on the Internet, and improve the efficiency of name resolution for the computers
in your network.

Without having a specific DNS server designated as a forwarder, all DNS servers can send
queries outside of a network using their root hints. As a result, a lot of internal, and possibly crit-
ical, DNS information can be exposed on the Internet. In addition to this security and privacy issue,
this method of resolution can result in a large volume of external traffic that is costly and inefficient
for a network with a slow Internet connection or a company with high Internet service costs.

The forwarding facility can be used to create a large site-wide cache on a few servers, reducing
traffic over links to external name servers. Forwarding is used only for queries for which the
server is not authoritative and does not have the answer in its cache.

Configuring a Forwarders List on a Smart Server

By default, SOLIDserver queries the forwarders first and if it does not receive an answer, it looks
for the answer itself. This behavior can be modified to only forward queries to the forwarders in
order to avoid an answer seeking.

To configure a forwarders list

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice (smart or physical), click on . The prop-
erties pages opens.
4. Open the Forwarding panel using .
5. Click on EDIT . The Forwarding configuration wizard opens.

524
 Configuring DNS Servers

6. In the Add a forwarder field, type in the address of a forwarder or its name and click on
SEARCH to retrieve its IP address.

7. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
8. In the Forward mode field, select the mode of your choice according to the table below.

Table 40.1. Forward mode options

Options Description
None The server does not send the queries to the forwarder. This option
is set by default. Selecting this option, clears the Forwarders list.
First The server sends the queries to the forwarder and, if not answered,
attempts to find an answer.
Only The server only forwards queries.

9. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.

SOLIDserver selects the best forwarder from the list of forwarders and sends the query to the
forwarder with the lowest round trip time (RTT). RTT is a measurement of how long a remote
name server takes to respond to queries. Each time a SOLIDserver sends a query to a forwarder,
it starts an internal clock. When it receives a response, it stops the clock and stores of how long
that the forwarder took to respond. When the SOLIDserver must choose which forwarder to query,
it simply chooses the one with the lowest RTT.

Configuring Specific Forwarding for a Physical Server Managed Through a

Smart
With version 5.0.3., SOLIDserver allows administrators to set a specific forwarding configuration
for physical servers managed through a smart architecture already configured with forward options.

The forwarding configuration set on a smart is automatically inherited by the physical servers it
manages, now you can choose to edit the type of forward option on a physical server. This option
is in turn inherited by the views, zones and records of the physical server and allows you to
customize the forwarding on your network.

Keep in mind that once the Forward option is set on a smart you cannot set it to none on the
physical servers it manages, but your can choose a different forward mode.

To configure a specific forward mode on a physical server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
5. Open the Forwarding panel using . The forward mode and forwarders list displayed the
smart architecture settings that were pushed to the physical server.
6. Click on EDIT . The Forwarding configuration wizard opens.

525
 Configuring DNS Servers

7. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
8. Set your forwarders list:

a. In the Add a forwarder field, type in the address of a forwarder or its name and click on
SEARCH to retrieve its IP address.

b. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forward-
ers as needed.

9. In the Forward mode field, select the mode of your choice: First or Only. You cannot set the
forwarding to None once it has been set on the smart. The page refreshes. For more details
regarding these modes, refer to the Forward mode options table in the previous section.
10. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.

At any time you can reverse you changes and use the configuration set on the smart architec-
ture: edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click on
OK to commit your changes.

Configuring DNS Recursion at Server Level

In principle, authoritative name servers are sufficient for the operation of the Internet. However,
with only authoritative name servers operating, every DNS query must start with recursive queries
at the root zone of the DNS and each user system must implement resolver software capable of
recursive operation. To improve performance, recursive servers cache the results of the lookups
they perform. The processes of recursion and caching are intimately connected, then the terms
recursive server and caching server are often used synonymously. The length of time for which
a record may be retained in the cache of a caching name server is controlled by the Time To
Live (TTL) field associated with each resource record. Typically, such caching servers, also called
DNS caches, also implement the recursive algorithm necessary to resolve a given name starting
with the DNS root through to the authoritative name servers of the queried domain. By default
the DNS recursion function is enabled in SOLIDserver DNS.

A recursive query requires the DNS server to return requested DNS data, or locate the data
through queries to remote DNS servers. When a DNS server receives a query for DNS data it
does not have, it first sends a query to any specified forwarders. If a forwarder does not respond
with any return, it resends the same query to the next configured forwarder until it receives an
answer. If it receives no answer or a negative answer, then it sends a non-recursive query to
specified internal root servers. If no internal root servers are configured, the DNS server sends
a non-recursive query to the Internet root servers.

Enabling and Disabling the Recursion

If the recursion is enabled, the server will always provide recursive query behavior if requested
by the client. If it is disabled, the server only provides iterative query behavior - normally resulting
in a referral. If the answer to the query already exists in the cache it is returned irrespective of
the value of this statement. This statement essentially controls caching behavior in the server.

The DNS properties page displays a Recursion panel that offers different DNS recursion config-
urations.

526
 Configuring DNS Servers

To enable the DNS recursion

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using . If the Recursion is set to No, click on EDIT .The Recursion
configuration wizard opens.
5. In the drop-down list, select Yes.
6. Click on NEXT . The Allow recursion page opens. For more details regarding the recursion
configuration, refer to the Limiting the Recursion at Server Level section below.
7. Click on OK to commit the recursion enabling.

To disable the DNS recursion

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using . If the Recursion is set to Yes, click on EDIT . The Recur-
sion configuration wizard opens.
5. In the drop-down list, select No.
6. Click on NEXT . The Allow recursion page opens.
7. Click on OK to terminate the recursion disabling.

Note
By default, the recursion is enabled on the DNS.

Limiting the Recursion at Server Level

By default, the EfficientIP DNS is allowed to serve all clients that send recursive queries. You
can restrict it by defining a match list defining IP address(es) which are allowed to issue recursive
queries to the server. Limiting the recursion allows to specify which hosts are allowed to make
recursive queries through the DNS server. If the restriction of the recursion (allow-recursion) is
not set then the restriction of caching (allow-query-cache) is applied if set, otherwise the restriction
of queries (allow-query) is used if set, otherwise the default (localnets; localhost;) is used. If the
answer to the query already exists in the cache it will be returned irrespective of this statement.

To set an allow-recursion match list at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Recursion panel using and click on EDIT . The Recursion configuration wizard
opens.
5. Click on NEXT to skip the first step of the wizard. The Allow recursion page opens. You can
grant or deny access through the Restriction field to networks, IP addresses, ACLs, and

527
 Configuring DNS Servers

keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:

Table 40.2. Allow-recursion Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created for the server, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

1
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
6. Click on OK to commit the recursion authorizations/restrictions configuration. The report
opens and closes. The properties page is visible again.

Configuring DNS Notify Messages at Server Level

The DNS notification promotes consistency between primary and secondary servers as it allows
to notify slave zones of changes performed on the master zone. Configuring the Notify at server
level allows to set the changes notification once, for all the master zones managed by the primary
server. It obviously implies that this primary server contains master zones already configured
2
with corresponding slave zones on the secondary server . Once the notification is sent to slave
zones, the administrator decides if a zone transfer is relevant, for more details refer to the Limiting
Zone Transfers at Server Level section of this guide.

Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :

• the notification type configured for the server,

• the slave zones that will receive the notify messages through their managing server (Also no-
tify),
• the allow-notify directive of the server slave zones. For instance, you can allow all the servers
of a network to notify the slave zones of your server or only a few.

1
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.
2
In this paragraph, to simplify the explanation, we work the assumption that one server, the master server, will contain only master
zones and another, the secondary one, will contain only slave zones. It is evidently not accurate: usually a server will manage both
master and slave zones. However, it is customary to configure corresponding slave and master zones that are managed by a different
server.

528
 Configuring DNS Servers

Caution
Any configuration of the Notify panel at view or zone level will override the configur-
ation set at server level.

Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.

To configure notify messages at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Notify panel using and click on EDIT . The Notifying configuration wizard opens.
5. In the Notify drop-down list, set the server notification type following the table below.

Table 40.3. DNS Server Notify Types

Fields Description
No With this option no notify message will be sent when changes are
performed in the master zones.
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.

6. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:

a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.

You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .

7. Click on NEXT . The Allow notify page opens. It allows to specify if the server slave zones
can receive master zones notification messages. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

529
 Configuring DNS Servers

Table 40.4. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created for the server, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on OK to commit the configuration. The report opens and closes. The properties page
is visible again. Your configurations are displayed in the Notify panel.

Restricting DNS Queries at Server Level

Allow query
SOLIDserver allows to specify which hosts are allowed to issue DNS queries. The allow query
properties can be configured for an entire server including all the zones it contains. By default,
queries are allowed from the local host (localhost) and the local networks (localnets).

Note
The allow query property may also be specified for a view or zone configuration. In
case of configuration at the zone level it overrides the allow query defined at the
server level.

To set an allow query match list at server level

You can apply the procedure below, at zone level as well.

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. On the Allow query page, set up the authorization. You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restric-

530
 Configuring DNS Servers

tions as you need using the three fields. The table below details the available options of the
Type field:

Table 40.5. Allow-query Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created for the server, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

3
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
7. Click on NEXT twice to skip the Allow query cache and Allow transfer pages.
8. On the Blackhole page, click on OK to commit the allow-query configuration. The report
opens and closes. The properties page is visible again.

Allow query cache

SOLIDserver allows to set a list of the IP addresses that are allowed to issue queries on the
local cache. The allow-query-cache properties are configured at the server level and apply to the
zones managed through the server.

Allow-query-cache statement particularities

The allow-query-cache is independent from the allow-query statement but closely linked to
the allow-recursion statement.

If the recursion is set to no, the cache cannot be queried, so it is useless to set an allow-
query-cache match list.

If the recursion is set to yes and the allow-recursion statement is not defined, by default the
localhost and localnets will be permitted to query the server cache.

If the recursion is set to yes and the allow-recursion statement is defined with a specific match
list, the local cache access will be granted to all the entries of the allow-recursion match list.

The match list defined will control recursive behavior as recursive queries would be useless
without access to the local cache. Typically, if a host is in the allow-recursion match list, it could
access the server the first time and get query result. However, if it is not part of the allow-query-
cache match list then it would not be able to make the same query a second time as it would be
saved on the cache to which it does not have access. On the contrary, if a host is in the allow-
query-cache match list but not in the allow-recursion match list, it would only get results for

3
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

531
 Configuring DNS Servers

queries already sent by another host with the proper access rights. Hence the need to configure
carefully both these statements to avoid conflicts and absurd access configurations.

To set an allow query cache match list at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT to skip the Allow-query page.
7. On the Allow query cache page, set up the authorizations and restrictions match list. You
can grant or deny access through the Restriction field to networks, IP addresses, ACLs,
and keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:

Table 40.6. Allow-query-cache Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created for the server, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

4
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on NEXT twice to skip the Allow transfer page and open the Blackhole page.
9. Click on OK to commit the allow-query-cache configuration. The report opens and closes.
The properties page is visible again.

Limiting Zone Transfers at Server Level

DNS zone transfer is a type of DNS transaction employed to replicate and synchronize all copies
of the zone used at each server configured to host the zone. SOLIDserver denies zone transfers
by default to all DNS server. SOLIDserver supports the allow-transfer server option that allows
to specify which hosts, networks, or TSIG keys are granted or denied the right to do transfers for
all the zones it maintains.

4
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

532
 Configuring DNS Servers

Note
The allow transfer property may also be specified in a zone configuration, in which
case it overrides the allow transfer property defined at the server level.

To set an allow transfer match list at server level

You can also apply the procedure below at zone level.

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT twice to skip the Allow-query and the Allow query cache pages.
7. On the Allow-transfer page, setup the authorizations.You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 40.7. Allow-transfer Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created for the server, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

5
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on NEXT . The Blackhole page opens.
9. Click on OK to commit the transfer authorization configuration. The report opens and closes.
The properties page is visible again.

Configuring a Blackhole
SOLIDserver allows to set a list of the IP addresses and network addresses you consider as
spam. The blackhole properties can be configured for an entire server including all the zones it
5
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

533
 Configuring DNS Servers

contains. By default, queries are allowed from the local host and the local networks: all the ad-
dresses listed in the list will not receive any response from the server or zones. The queries will
remain unanswered, in other words ignored.

To set a blackhole match list at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache, Allow-transfer and Blackhole.
5. Click on EDIT to change the configuration. The wizard opens, each page corresponds to an
option.
6. Click on NEXT to skip the Allow-query, the Allow query cache and Allow-transfer pages.
7. On the Blackhole page, set up the restrictions. You can deny access to network and IP ad-
dresses, they will all be listed in the ACL values list. The table below details the available
options of the Type field:

Table 40.8. Blackhole Parameters

Type Description
Network address Deny query responses to an entire network: type an IPv4 address/prefix
in the field.
IP address Deny query responses to the IPv4 or IPv6 address of an appliance, a
user, a host: type in one by one the IP addresses in the field.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

6
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on OK to commit the blackhole configuration. The report opens and closes. The prop-
erties page is visible again.

Configuring Client Resolver Cache Options at Server Level

From the properties page of an EfficientIP DNS server using the SSL protocol, you can edit the
two options dedicated to client resolver cache memory via the Options panel:

lame-ttl
This option defines the amount of time a client will keep in its cache the information sent bay
a lame server that has been queried directly. It allows to limit the time the information is kept
as, coming form a lame server, it might not be up-to-date and therefore potentially erroneous.
max-cache-size
This option limits the size of the cache memory of a server or view. When the cache memory
size reaches this threshold, the server will cause records to expire prematurely. The value
0 can be set to purge the cache only when the records TTL expires.

6
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

534
 Configuring DNS Servers

These options can be set at server or view level. For more details regarding the configuration on
views, refer to the Configuring Client Resolver Cache Options at View Level section of this guide.

To set the lame-ttl option at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Lame-ttl field, type in the value of your choice. This value is in seconds can be set
between 30 and 1800. The default value is 600, the maximum value is 1800 seconds.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

To set the max-cache-size option at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Max-cache-size field, type in the value of your choice to set the cache memory size.
This value is in bytes. The default value is 100m.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

Configuring EDNS Options at Server Level

The Extension Mechanisms for DNS allows to add information to DNS messages and therefore
expand the size of several parameters. The EDNS, also known as EDNS (0) was defined in RFC
6891.

Within SOLIDserver, two options can be configured at the server and view level on EfficientIP
DNS server using the SSL protocol:

edns-udp-size
This option will set the EDNS UDP buffer size advertised by the server when querying a remote
server. It is set in bytes and allows to specify the size of the packets that you receive.
Typically, you would set this option to enable UDP answers to pass through broken firewalls
that block fragmented packets and/or packets greater than 512 bytes. The value set for this
option is a preference.
max-udp-size
This option will set the maximum EDNS UDP message size sent by the server. It is set in
bytes and allows to specify the maximum size of the packets that you send to a remote
server. Typically, this option would be set to enable UDP answers to pass through broken
firewalls that block fragmented packets and/or packets greater than 512 bytes.

To set the edns-udp-size option

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.

535
 Configuring DNS Servers

2. Click on the DNS servers icon. The corresponding list opens.

3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Edns-udp-size field, type in the size of received packets of your choice. This value is
in bytes, and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

To add a DNS key

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Max-udp-size field, type in the maximum size of the packets you send. This value is
in bytes and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

Configuring a Sortlist at Server Level

The sortlist option is actually a statement that allows to set a preferential response order for equal
A resource records, forming an RRset. In other words, it modifies the response packet received
by the client resolver. It allows to put an end to cyclic round-robin responses to queries for the
subnets of you choice.You can define as many sortlist statements as you want on EfficientIP
DNS servers using the SSL protocol. For each subnet of client IP addresses, you can set the
order of the records of an A RRset: this list can contain all of the A records of the RRset if you
want. The server will check if the client resolver IP address matches the sortlist defined and
modify its response accordingly.

The way to set the statement in the GUI is closely linked to its syntax in the zone file. The example
below will illustrate this syntax.

536
 Configuring DNS Servers

Example 40.1. The sortlist statement in a zone file

In a zone file, the statement would look as follows for the zone many.example.com
// zone file example.com
$ORIGIN example.com.
many IN A 192.168.3.6
IN A 192.168.4.5
IN A 192.168.5.5
IN A 10.2.4.5
IN A 172.17.4.5

The client-side server has a sortlist statement, set as follows:

options {
....
sortlist {
{// 1st preference block start
192.168.4/24; // 1st client IP selection matches any of these
{10.2/16; // return any of these response IPs as 1st preference
172.17.4/24; // 2nd preference
};
}; // end first block
{ // second preference block
192.168.5/24; // 2nd client IP selection matches any of these
{192.168.4/24; // return any of these response IPs as 1st preference
172.18.4/24; // 2nd preference
10.2/16; // 3rd preference
};
}; // end second block
}; // end sortlist

};

As you can see after the client IP, the response preferences are defined one after the other and
separated by a semi-colon.

To define a sortlist statement at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The corresponding list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Client address field, type in the client IP address/subnet. It must be composed of an
IPv4 address containing 1 to 4 bytes followed by the prefix: <IP address>/<prefix>.
6. In the Sort address field, type in a list of IP addresses or subnets followed by a semi-colon.
These addresses correspond to the value of an A record of the RRset for which you create
the sortlist. The statement respects the order in which you typed in the addresses. The value
must respect the format <IP address>/<prefix>; even if you only type in one sort address.
7. Once both fields are filled, click on ADD to move the client and sort addresses to the Sortlist
field. Both values are displayed as follows: {<client-IP-address>/<prefix> {<sort-IP-ad-
dress>/<prefix>;};};.By default, this field is empty.
8. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays your sortlist as follows: {<client_address_field_value>;
{<first_sort_address>;<second_sort_address;<etc>};}; .There is one sortlist per client address
defined.

537
 Configuring DNS Servers

Configuring DNS Sources

Configuring DNS source allows to set physical interfaces at server level that will be systematically
used for all notify operations and zone transfer. This information can only be set on EfficientIP
DNS physical server using the SSL protocol and will be inherited by the server views and zones
and displayed accordingly on their properties page.

Through the Sources and Sources V6 panels, you can configure physical interfaces, through
their IP address, that will be used for the server transfer and notify options. These panels only
appear after the first synchronization of the physical server. When editing these panels, you will
be able to define the following statements:

transfer-source
This statement allows to determine the IPv4 address of the physical interface that will be
used to execute the zones transfer on the server. You can also specify a port for this state-
ment. It is only valid for slave zones and its configuration will therefore be displayed on the
physical server, views and slave zones properties page.
transfer-source-v6
This statement allows to determine the IPv6 address of the physical interface that will be
used to execute the zones transfer on the server. You can also specify a port for this state-
ment. It is only valid for slave zones and its configuration will therefore be displayed on the
physical server, views and slave zones properties page.
use-alt-transfer-source
This statement allows to set the use of an alternate interface IP address for the transfer if
the transfer-source or the transfer-source-v6 were to fail. This statement configuration will
be displayed on the physical server, view and slave zones properties page.

This statement definition is only configurable from the Sources panel but applies to interfaces
whether they were identified through an IPv4 or an IPv6 address.

Its default value is no if the server contains views and yes if the server does not contain any
view.
alt-transfer-source
This statement allows to determine the alternate IPv4 address of the interface that will be
used to execute the zones transfer on the server if the transfer-source fails and if the use-
alt-transfer-source is enabled.You can also specify a port for this statement. Its configuration
will be displayed on the physical server, views and slave zones properties page.
alt-transfer-source-v6
This statement allows to determine the alternate IPv6 address of the interface that will be
used to execute the zones transfer on the server if the transfer-source-v6 failed and if the
use-alt-transfer-source is enabled. You can also specify a port for this statement. Its config-
uration will be displayed on the physical server, views and slave zones properties page.
notify-source
This statement allows to define the IPv4 address of the physical interface that will be used
for all the server outgoing notify operations. You can also specify a port for this statement.
It is used by master zones and its configuration will therefore be displayed on the physical
server, views and master zones properties page.
notify-source-v6
This statement allows to define the IPv6 address of the physical interface that will be used
all the server outgoing notify operations. You can also specify a port for this statement. It is

538
 Configuring DNS Servers

used by master zones and its configuration will therefore be displayed on the physical server,
views and master zones properties page.

Warning
If you indicate the IP address of an interface that is not declared on SOLIDserver,
all the server notify and transfer operations will fail.

In the procedures below we will configure the transfer and notify statements separately but you
cans et them both at once: they use the same wizard.

To set DNS sources at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
4. Open the Sources panel using and click on EDIT . The Configuration: Sources wizard
opens.
5. Configure the transfer statements.

a. In the Transfer-source address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the zones transfer operations.
b. In the Transfer-source port field, you can type in which port on the interface will be
used.
c. In the Use-alt-transfer-source drop-down list, set the use of an alternate interface if
need be.

Table 40.9. Use-alt-transfer-source Parameters

Parameter Description
none This is the default value of the use-alt-transfer-source statement. If
your server contains views it corresponds to no. If your server does
not contain any view, it corresponds to yes.
no This value disable the use of an alternate interface if the transfer set
via transfer-source or transfer-source-v6 fails. Go to step 6 to set the
notify-source statements related fields.
yes This value enables the use of an alternate interface if the transfer set
via transfer-source or transfer-source-v6 fails. In this case, you need
to set the alternate interface IP address (and port if you want) through
the alt-transfer-source and alt-transfer-source-v6 statements in the
following steps.

d. If you enabled the use of an alternate interface, in the Alt-transfer-source address field,
type in the IPv4 address of the alternate interface. It must also be configured on the
appliance.
e. If you enabled the use of an alternate interface, in the Alt-transfer-source port field,
you can type in which port on the interface will be used.

6. Configure the notify statement.

539
 Configuring DNS Servers

a. In the Notify-source address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the outgoing notify operations.
b. In the Notify-source port field, you can type in which port on the interface will be used.

7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the values you defined.

Note
The use-alt-transfer-source statement applies to the alternate interfaces de-
clared through IPv4 and IPv6 addresses. Therefore editing the Sources V6 does
not allow to change this statement: you need to define or edit it through the Sources
panel edition wizard.

To set DNS sources V6 at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the physical server of your choice, click on . The properties pages
opens.
4. Open the Sources panel using and click on EDIT . The Configuration: Sources wizard
opens.
5. Configure the transfer statements.

a. In the Transfer-source-v6 address field, type in the IPv4 address of an interface that
you already configured on the appliance. It will be used for the zones transfer operations.
b. In the Transfer-source-v6 port field, you can type in which port on the interface will be
used.
c. If you enabled the use-alt-transfer-source in the Sources panel, in the Alt-transfer-
source-v6 address field, type in the IPv4 address of the alternate interface. It must also
be configured on the appliance.
d. If you enabled the use-alt-transfer-source in the Sources panel, in the Alt-transfer-
source-v6 port field, you can type in which port on the interface will be used.

6. Configure the notify statement.

a. In the Notify-source-v6 address field, type in the IPv4 address of an interface that you
already configured on the appliance. It will be used for the outgoing notify operations.
b. In the Notify-source-v6 port field, you can type in which port on the interface will be
used.

7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the values you defined.

Configuring Access Control Lists For a Server

The Access Control List (ACL) is a match list that allows to grant or deny access to a network
device, IP address, TSIG keys or even another ACL. On the DNS servers properties page, the
ACL panel is dedicated to creating them.

540
 Configuring DNS Servers

When set at server level, creating an ACL constitutes a powerful tool as it will allow you not to
set the same forwarding, recursion, notify... configurations for each view, or zone. You will create
one ACL that specifies which part of the network is denied access or the IP address of the server
that should always receive the notification messages, etc. Once created, you can reuse the
ACL when configuring the allow-recursion, allow-notify, allow-query, allow-query-cache,
allow-transfer, blackhole at any of the relevant levels of the DNS hierarchy.

To create an ACL at server level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers or DNS views icon. The corresponding list opens.
3. At the end of the line of the server or view of your choice, click on . The properties pages
opens.
4. Open the ACL panel using and click on ADD . The ACL configuration wizard opens.
5. In the ACL name field, name your ACL.
6. Using the Type and Restriction fields, constitute the content of your ACL. Following the table
below, you can grant or deny access through the Restriction field to as many networks, IP
addresses, ACLs, and keys as you need. The table below details the available options of
the Type field:

Table 40.10. ACL Configuration Available Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

7
visible in the ACL values list, you can organize the list using and . All the entries of
the ACL values will constitute the content of your ACL. In this list, denied hosts appear
preceded by an exclamation mark (!). If you want to remove an ACL from the list, select it
and click on DELETE .
7. Click on OK to commit your ACL configuration. The report opens and closes. The properties
page is visible again. The ACL panel lists your ACL.

Warning
Once created, an ACL includes permissions and restrictions that you strictly apply
when allowing access to the ACL. On the contrary if you deny access to an ACL,
any value denied in the ACL will be granted access and any value granted in the
ACL will be denied access.

7
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

541
 Configuring DNS Servers

You can add as many ACL as you want for a server, they will be listed among the ACL type of
restriction for any configuration that uses access control list at server level, at view level and zone
level: for any of the views and zones managed by the server.

Configuring DNS Keys

The DNS key feature defines a shared secret key for use with TSIG in order to control the access
from a DNS server. The Transaction SIGnatures (TSIG) in DNS use a technique called
HMAC—Keyed-Hashing for Message Authentication RFC 2104— which employs a shared secret
and a one-way cryptographic hash function to sign data. The shared secret is like a password
known only to the two parties involved in exchanging data.

To add a DNS key

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and click on ADD . The Add a DNS key wizard opens.
5. In the Key name field, name the key.
6. Click on NEXT . The TSIG Key configuration wizard opens.
7. A valid HMAC-MD5 key is automatically set in TSIG Key value field. If necessary, change it
to set your one valid HMAC-MD5 key.

Table 40.11. DNS Key Configuration Parameters

Fields Description
Key name The key name, is a string starting with a letter or underscore, followed
by any number of letters, numbers, or underscores.
TSIG Key value The key value is the secret to be used by the algorithm, and is treated
as a base-64 encoded string.

8. Click on OK to commit the creation of the key. The report opens and closes. The properties
page is visible again.

To edit a DNS key

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and select the key you want to edit.
5. Click on the EDIT . The TSIG Key configuration wizard opens.
6. In the TSIG Key value field, modify the data as needed.
7. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again.

To delete a DNS key

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.

542
 Configuring DNS Servers

2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. Open the Keys panel using and select the key you want to delete.
5. Click on DELETE . The Delete wizard opens.
6. Click on OK to commit the key deletion. The report opens and closes. The properties page
is visible again.

Configuring Dynamic Name Server Update

Dynamic Domain Name Server (DDNS) updating is the term referring to the addition or deletion
of domain zone records under certain specific circumstances. The EfficientIP implementation of
DDNS relies on the DNS protocol relying on the RFC2136. SOLIDserver uses the Transaction
SIGnature (TSIG) mechanism to create one update key per IPMDNS server. TSIG is the method
described in RFC 2845 and is based upon the use of a symmetrical key. Before setting the
parameters of a key in SOLIDserver, the key must be generated and configured on the DNS
server, see the installation guide of the DNS server. Dynamic updating is allowed zone by zone
in the allow-update statement of a zone.

Editing the Dynamic Update Key

SOLIDserver uses just one update key per server. Before setting the key's parameters in
SOLIDserver, you must generate and configure the key on the DNS server. Dynamic updating
is possible on a zone by zone basis by including an allow-update statement in your configuration
file.

If you have to use several update keys, or you decide to put in place more complex updating
systems, use ACLs.

To modify a server dynamic update key

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties pages opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS server wizard opens.
5. Click on NEXT until you get to the configuration page that displays the Configure TSIG para-
meters checkbox.
6. Tick the box if it not already the case.
8
7. In the TSIG key name and TSIG key method fields, select the values needed. If you are not
using an access key for this server, select None.
8. In the TSIG key value, change the value if needed.
9. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again.

8
The standardized protocol for key codes is HMAC-MD5.

543
 Configuring DNS Servers

Configuring Anycast DNS

Since version 5.0.3. SOLIDserver provides DNS anycast broadcasting for the OSPF routing
protocol. This methodology is especially useful if your deployment includes multiple geographically
dispersed sites. It improves the service high availability and reliability by improving the redundancy
of the DNS appliances. Your DNS clients always query the same management IP address but
their packets are systematically routed to the nearest server in the topology. The term "nearest"
does not apply to the servers geographical repartition: if the closest server is down, the clients
are redirected to the nearest running server in the topology. This avoids using remote servers
based on the IP address alone and ensures that DNS clients are querying their local servers first.

Anycast is supported by OSPF routing protocols and other dynamic protocols like BGP and RIP.
It can be implemented on recursive and authoritative DNS servers.

SOLIDserver relies on a host-based routing software, a Quagga package, already stored on the
appliance. A set of procedures must be followed to successfully use anycast on your network:

1. Configuring the appliance for anycast to make sure it uses the Quagga package that enables
anycast.
2. Configuring the Quagga package and OSPF routing to set the configuration that suits your
needs.

Prerequisites
To implement anycast a set conditions have to be met:

• Several servers in a pool must share 1 or several VIPs.

• The servers must advertise their VIP(s) to their neighboring routers.
• The routers exchange the routes information. That way if one server fails, the routers automat-
ically recompile the routing tables to redirect the DNS clients.
• The 3 step anycast configuration must be completed on all the appliances that manage a DNS
server that you intend to include to the anycast routing scheme. This applies whether the
servers are managed via a smart architecture or not.

With this type of topology, the anycast IP address is advertised from multiple locations and the
router ends up choosing the best path to that IP address, according to the metric in use by the
routing protocol. Once you finished the configuration detailed in the sections below, the DNS
servers managed via SOLIDserver use anycast.

Specificities
• Once anycast is implemented, the routers are able to redirect clients to the nearest server if
need be.
• The Quagga configuration is automatically saved in the appliance backup file.

Configuring the Appliance for Anycast

SOLIDserver contains a Quagga package that must be taken into account in the system config-
uration file to be used.

To successfully configure the package you must:

544
 Configuring DNS Servers

1. Edit the rc.conf file to make sure it takes into account the package.
2. Reboot the appliance. This action empties the directory /tmp that contains /tmp/run-
ning_conf.cf and /tmp/previous_conf.cf. After the reboot, both files are created
again and take into account the changes.

To configure the appliance for anycast DNS

1. Edit the system configuration file.

a. Open a shell session on your appliance.

b. Open the file /etc/rc.conf to edit it.
c. Enable Quagga and make sure the file is configured as follows:
defaultrouter="NO"
quagga_daemons="zebra ospfd"
quagga_enable="YES"

d. Add the following line to the file to specify the anycast dedicated IP address:
ifconfig_lo0_alias0="192.168.55.2 netmask 255.255.255.255"

e. Save your changes.

2. Reboot the appliance from the appliance GUI.

a. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
b. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
c. In the menu, select Maintenance > Reboot the system. The Reboot the system wizard
opens.
d. Click on OK to commit the appliance reboot.The report opens and closes.The appliance
closes and is unreachable until the operation is complete.

Now you need to configure the package following th section below.

Configuring the Quagga Package and OSPF Routing

The package configuration implies:

1. Making sure that the firewall rule 36 using the OSPF protocol is enabled. Basically, this ensures
that anycast management traffic and inbound messages are allowed.
2. Creating the Quagga and OSPF dedicated configuration files.
3. Restarting Quagga.
4. Checking the logs.

To make sure the anycast dedicated firewall rule is enabled

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.

545
 Configuring DNS Servers

2. Go to the Administration tab. If the homepage is not displayed, click on . In the breadcrumb,
click on Network configuration.
3. Click on the Firewall link. The Firewall rules page opens.
4. In the Protocol column, type in ospf. Only the anycast rule is listed.
5. In the Action column, make sure it is marked allow.

To create the quagga dedicated configuration files

1. Open a shell session on your appliance.

2. Open the directory /data1/etc/quagga
3. In this directory, create the zebra configuration file using the following commands:
# emacs zebra.conf

It should contain the appliance hostname, administrator passwords, anycast IP address,

anycast VIP(s) address and log file location like in the example below.
# more /data1/etc/quagga/zebra.conf| grep -v \!
hostname solidserver1
password toto
enable password toto

interface bge1
ip address 192.168.53.2/24
interface lo0
ip address 192.168.55.2/32

log syslog debugging

log facility syslog

4. In this directory, create the OSPF configuration file using the following commands:
# emacs ospfd.conf

It should contain the appliance hostname, authentication details, response time, interfaces
dedicated to OSPF, access list and log file location like in the example below.
## more /data1/etc/quagga/ospfd.conf | grep -v \!
hostname solidserver1

interface bge1
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 toto
ip ospf priority 0
ip ospf hello-interval 1
ip ospf dead-interval 5

router ospf
log-adjacency-changes
ospf router-id 192.168.53.2
area 20 authentication message-digest
area 20 nssa
network 192.168.53.0/24 area 20
redistribute connected metric-type 1
distribute-list ANYCAST out connected
!
access-list ANYCAST permit 192.168.55.2/32

log syslog debugging

log facility syslog

To restart quagga

1. Open a shell session on your appliance.

546
 Configuring DNS Servers

2. Check the Quagga status using the following command:

/usr/local/etc/rc.d/quagga status

3. Restart Quagga using the following command:

/usr/local/etc/rc.d/quagga restart

To check quagga log file

1. Open a shell session on your appliance.

2. In the file /var/log/zebra.log you can check the Quagga dedicated logs. If everything
went well you will have three lines similar to the ones below:
// example of a sussessfull configuration

Feb 25 09:46:02 dns1-anycast ospfd[18600]: Packet[DD]: Neighbor 192.168.53.1 Negotiation done

(Master).
Feb 25 09:46:02 dns1-anycast ospfd[18600]: AdjChg: Nbr 192.168.53.1 on bge1:192.168.53.2: Loading
-> Full (LoadingDone)
Feb 25 09:46:02 dns1-anycast ospfd[18600]: nsm_change_state(192.168.53.1, Loading -> Full):
scheduling new router-LSA origination

Making Sure DNS Anycast Was Properly Configured

You can make sure that DNS anycast is successfully implemented on the router itself: displaying
its routes allows you to ensure that the IP addresses used during the anycast configuration are
part of the available routes.

For instance, on Cisco router you can use the command show ip route to list all the IP ad-
dresses configured and to make sure the ones used during the anycast configuration are part of
the routes. Like on the image below.

Figure 40.1. Example or a Successful anycast Configuration on a Cisco Router

547
Chapter 41. Managing DNS Views
SOLIDserver allows the administration of views available on some DNS servers. DNS views
provide the ability to serve one version of a zone to one set of clients and a different version of
a zone to another set of clients. Views provide a different answer to the same DNS query, de-
pending on the IP source of the query or the IP where the client packet is received. You can
create multiple views of a given zone, with a different set of records in each of them. Same re-
source records can also exist in multiple zones in order to serve common records.

Browsing DNS Views

Within the DNS module, the view is the second level of the hierarchy. It allows you to manage
zones, and therefore in extension, resource records. Keep in mind that also this level of the
hierarchy is optional, once you create views, all the zones have to be managed via a view
whether all zones are managed through a unique view or several views.

server

view

zone

dns-navvw
RR

Figure 41.1. The View in The DNS Hierarchy

Here below, you can see the link to browse the DNS views database:

Figure 41.2. DNS: All DNS Views

Browsing the DNS Views Database

To display the list of DNS views

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.

To display the DNS views of a specific server through the breadcrumb

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The list of All zones of the server is displayed.
4. In the breadcrumb, click on All views. The list of views of the chosen server opens.

To display the DNS views of a specific server through the menu

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.

548
 Managing DNS Views

3. Click on the name of the server of your choice. The list of All zones of the server is displayed.
4. In the menu, select Display > All views. The list of views of the chosen server opens.

To display a view properties page

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.

Customizing the DNS Views Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

Understanding the DNS Views Statuses

The status of DNS views provides a report on the views' operations. Views' statuses are displayed
next to the right column of the list of the view. The table below explains all status values:

Table 41.1. DNS Views Statuses

Status Description
OK The view is operational.
Delayed create The view is being created.
Delayed delete The view is being deleted.

Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the compatibility with Hybrid. For more details, refer to the
Multi-status Column section or the chapter Hybrid DNS Service of this guide.

Adding DNS Views

SOLIDserver allows you to create as many views as you need. During the creation of the view
you will have to name the view and then specify:

• A match clients list that indicates which clients can access or not the view. It sets up a filter
based on the source IP address, i.e. the IP address of the client requesting a specific resource.
That way you can decide which particular IP address, or network can access the zone(s) you
are managing through a view.

549
 Managing DNS Views

Intranet View
interface 10.0.0.0
10.0.0.1 => pc1.mycomp
10.0.0.2 => pc8.mycomp
filtering on
10.0.0.0
Extranet View
interface 192.168.0.0
192.168.0.24 => pc1.mycomp
192.168.0.45 => sv8.mycomp
192.168.0.81 => pc8.mycomp
Intranet View
space

subnet 10.0.0.0

filtering on
192.168.0.0

Extranet View
space

subnet 192.168.0.0

Figure 41.3. A DNS Views Configuration Using Match clients

• A match destinations list that indicates toward which view is directed a client according to the
interface used to request the DNS request server. Obviously, this criteria is only useful if you
have several interfaces configured for one appliance.

Intranet View
interface 10.0.0.0
filtering on 10.0.0.1 => pc1.mycomp
interface 10.0.0.2 => pc8.mycomp
10.0.0.0
Extranet View
interface 192.168.0.0
192.168.0.24 => pc1.mycomp
192.168.0.45 => sv8.mycomp
192.168.0.81 => pc8.mycomp

Intranet VLAN filtering on

interface
192.168.0.0

Extranet VLAN

Figure 41.4. A DNS Views Configuration Using Match destinations

Keep in mind that if you create views after creating zones, all the zones will be put in that
view. If you need several views, you have to create a new view and then move the zones of your
choice into this new view. For more details regarding zones migration, refer to the Managing
Zones Duplication and Migration section of this guide.You cannot manage a set of zones through
the views and others zones without the created views.

To add a DNS view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. In the menu, select Add > DNS view. The DNS server selection wizard opens.
4. In the DNS server field, select the server on which you are adding a view.
5. Click on NEXT . The Add a DNS view page appears.
6. In the DNS view name field, type in an explicit name. This name cannot contain special
characters. It can contain letters and numbers, for instance external, internal1 and internal2
are correct view names.
7. In the Mode drop-down list, you can set up the following parameters:

550
 Managing DNS Views

Table 41.2. DNS View Mode parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

If you want to create a view and configure it later, click on NEXT until to get to the last page
of the wizard and then on OK to commit the creation. Refer to the step 11 of this procedure
for more details regarding the default configuration.
8. Click on NEXT . The Match clients page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 41.3. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

The order of the elements listed in the match-clients list is important as each restriction or
permission will be reviewed following the order you set in the list. Once a restriction/permission
is configured as needed, click on ADD . The configuration is visible in the ACL values list, you
can organize the list using and . In this list, denied hosts appear preceded by an exclam-
ation mark (!). If you want to remove an ACL from the list, select it and click on DELETE .
9. Click on NEXT . The Match destinations page appears. Once again, you can grant or deny
access through the Restriction field to networks, IP addresses, ACLs, and keys. Configure
as many restrictions as you need using the three fields. The table below details the available
options of the Type field:

Table 41.4. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.

551
 Managing DNS Views

Type Restriction
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
list: any, none, localhost and localnets. The ACL list will also include
specific ACL created at server level, for more details refer to the Config-
uring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.

The order of the elements listed in the match-destination list is important as each restriction
or permission will be reviewed following the order you set in the list. Once a restriction/per-
mission is configured as needed, click on ADD . The configuration is visible in the ACL values
list, you can organize the list using and . In this list, denied hosts appear preceded by
an exclamation mark (!). If you want to remove an ACL from the list, select it and click on
DELETE .

10. Click on NEXT . The DNS views order page opens.

11. In the DNS views order field, the view you are creating is listed. Once you created more than
one view, you can order the list using and . The match client and match destination
configurations of each view of your server are then reviewed following the views order set
in this field.
12. Click on OK to validate the creation of the view. The report opens and closes. The configur-
ation details are listed in the Match related columns.

By default, if you do not configure anything on the Match clients list a key named key view-
name is listed in the corresponding column. The key of any other view, existing or to be
created, is automatically denied access and listed for each view as follows: ! key otherview-
name. Besides, the Match destinations default value is always the any ACL. If you do not
edit or delete it, it grants access to anyone and is therefore listed in the corresponding column.

The views addition automatically edits the Match-clients column of the existing view(s) to ensure
that they deny access to each other and manage separate zones and RRs. Any time you add a
new view, all the views change status from OK to Delayed create during the Match-clients criteria
modification. Once it is done, they all change back to OK.

Once you added a view, any extra view is put at the bottom of the DNS views order list, unless
you change their order yourself.

Editing DNS Views

Once a view is created you can edit its configuration through its properties page. We will detail
on the one hand the Match clients edition and on the other hand the Match destinations modific-
ation. Considering that both are part of the same wizard, you can of course make changes on
both configurations at once.

Note
Considering that he match-clients and match-destinations lists are access control
lists in essence. The order of the elements listed in the both lists is important as each
restriction or permission will be reviewed following the order you set in the list.

552
 Managing DNS Views

Keep in mind that you cannot edit the name of a view.

Editing a View Match Clients Configuration

The Match-clients criteria allows to filter the source IP address of the incoming DNS request. Any
IP that matches the list respects the restrictions and permissions of the view match clients con-
figuration.

To edit the match clients ACL values list

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. In the Main properties panel, click on EDIT . The Add a DNS view wizard opens.
5. The DNS view name field is gray to indicate that it cannot be edited.
6. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
7. Click on NEXT . The Match clients page appears.
8. To edit an ACL value in the list.

a. In the ACL Value list, select the restriction / permission you want to edit.
b. Make the changes you need. For more details, refer to the To add a DNS view procedure.
c. Click on UPDATE to commit your changes or on CANCEL to discard them. The value is
modified accordingly in the list.

9. To reorganize the list order.

a. In the ACL Value list, select one by one the restriction / permission you want to move.
b. Click on or according to your needs. The order displayed in the final order.

10. To remove an ACL value from the list.

a. In the ACL Value list, select the restriction / permission you want to delete.
b. Click on DELETE to commit the value deletion or on CANCEL to discard them. The value
is not listed in the list once deleted.

11. Click on NEXT . The Match destinations page opens.

12. Click on NEXT . The DNS views order page opens.
13. Click on OK to commit the Match clients criteria changes. The report opens and closes. The
new list is displayed in the Match clients list of the Main properties panel.

Editing a View Match Destinations Configuration

The Match-destinations criteria allows to filter the destination address of the incoming DNS re-
quests. The destination address is actually the IP address of one of the DNS server interfaces.
Any IP that matches the list respects the restrictions and permissions of the view match destina-
tions configuration.

553
 Managing DNS Views

To edit the match destinations ACL values list

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. In the Main properties panel, click on EDIT . The Add a DNS view wizard opens.
5. The DNS view name field is gray to indicate that it cannot be edited.
6. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
7. Click on NEXT . The Match clients page appears.
8. Click on NEXT . The Match destinations page appears.
9. To edit an ACL value in the list.

a. In the ACL Value list, select the restriction / permission you want to edit.
b. Make the changes you need. For more details, refer to the To add a DNS view procedure.
c. Click on UPDATE to commit your changes or on CANCEL to discard them. The value is
modified accordingly in the list.

10. To reorganize the list order.

a. In the ACL Value list, select one by one the restriction / permission you want to move.
b. Click on or according to your needs. The order displayed in the final order.

11. To remove an ACL value from the list.

a. In the ACL Value list, select the restriction / permission you want to delete.
b. Click on DELETE to commit the value deletion or on CANCEL to discard them. The value
is not listed in the list once deleted.

12. Click on NEXT . The DNS views order page opens.

13. Click on OK to commit the Match destinations criteria changes. The report opens and closes.
The new list is displayed in the Match destinations list of the Main properties panel.

Editing the Order of the Views

Once you created several views on a server, you can order them. The Order set is displayed in
the Order column. If you only have one view on a server, its value is 0.

Ordering views on a server allows to specify in which order the match client and match destination
configurations of each view (ACL, networks, etc.) are reviewed. This in turn impacts the DNS
client queries responses. The order of the views you set is followed strictly: once a match is
found, the rest of the restrictions and permissions are ignored. The first view reviewed is 0, the
second on is 1, and so forth. This order is saved in the DNS configuration file.

To edit the match clients ACL values list

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.

554
 Managing DNS Views

2. Click on the DNS views icon. The All views list opens.
3. Click on the name of the smart server of your choice. Only the views of the selected server
are displayed.
4. Put your mouse over the name of any view, the Info Bar appears.
5. Click on . The Add a DNS view wizard opens.
6. The DNS view name field is gray to indicate that it cannot be edited.
7. In the Mode drop-down list, edit the value and corresponding fields if need be. For more
details, refer to the DNS section of the Default Behaviors chapter of this guide.
8. Click on NEXT . The Match clients page appears.
9. Click on NEXT . The Match destinations page opens.
10. Click on NEXT . The DNS views order page opens.
11. In the DNS views order field, order the views according to your needs using and .
12. Click on OK to commit the views order changes. The report opens and closes. The page
refreshes. The new order set is visible in the Order column.

Deleting DNS Views

At any moment you can delete a view. Before deleting a view keep in mind that:

• The views must be deleted one by one.

• Deleting one view deletes the zone(s) it manages, as well as all the RRs the zone(s) manage
on the physical server. So if you want to delete a view but not the zones it contains, migrate
the zones to a different view before deleting it. For more details regarding zones migration,
refer to the Managing Zones Duplication and Migration section of this guide.
• Deleting a view, removes it from the DNS views order list: the list is updated. This order is also
updated in the DNS configuration.
• If you only have one view, deleting it will not delete the zone(s) it manages but only the container
itself: the view is therefore no longer listed on the server All views page.

If you want get rid of all the views and manage zones via the DNS server itself, refer to the Going
Back to Managing Zones Without Views section.

To delete a view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. Filter the list if need be.
4. Tick the view you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the view deletion. The report opens and closes. The view is Delayed
delete before it is no longer listed. In the meantime, the zones and RRs it managed are deleted
as well if you had several created views.

555
 Managing DNS Views

Defining a DNS View as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a view as one of the resources of a specific group will allow the users of that
group to manage the view(s) in question as long as they have the corresponding rights and del-
egations granted.

Granting access to a view as a resource will also make every item it contains available. For more
details, refer to the section Assigning Objects as Resource in the chapter Managing Groups of
administrator of this guide.

Going Back to Managing Zones Without Views

At any time you might want to stop managing your zones with views. Considering that the way
you delete views has an impact on the database and different behaviors you need to be careful.
First, keep in mind that no matter how many views you created, the last view listed on the All
views page of a specific server can be deleted on its own: it will not deleting the zones it manages.

With that in mind, we recommend that you follow the steps below to successfully get rid of the
views when you no longer need them.
To Successfully Remove All Views

1. Choose the view that will be deleted last.

2. Migrate all the zones you want to keep in that view. For more details regarding zones migration,
refer to the Managing Zones Duplication and Migration section of this guide.
3. One by one, tick and delete the unwanted views. For more details, follow the To delete a view
procedure.
4. Once the only remaining view is the one that holds all the zones you want to work with, tick it
and delete it. The zones and RRs it contains are kept and still listed in the All zones and All
RRs pages of the server. Now you can manage them through the server directly.

556
Chapter 42. Configuring DNS Views
Like servers, views can be configured individually to set a series of behaviors for the zones they
contain. Any configuration set at view level overwrites what was set at server level (whether
physical or smart).

Configuring DNS Forwarding at View Level

At view level you can set forwarders and overwrite the configuration set at server level. All the
zones managed through the view inherit the new settings.

Configuring a Forwarders List on a View

From the All views list of a smart architecture you can edit the forward configuration of a view.
This configuration edition applies to the view on all the physical servers managed by the architec-
ture. If the view is managed on a server not managed via a smart architecture, it only applies to
the zones it manages on the server.

To configure a forwarders list for a view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the smart architecture of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the smart architecture opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Forwarding panel using and click on EDIT . The wizard opens.
7. Click on NEXT until the Forwarding configuration page appears.
8. In the Add a forwarder field, type in the address of a forwarder.
9. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
10. In the Forward mode field, select the mode of your choice according to the table below.

Table 42.1. Forward mode options

Options Description
None The view uses the forward configuration set at server level.
First The server sends the queries to the forwarders you just set and, if
not answered, attempts to find an answer.
Only The server only forwards queries.

11. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.

557
 Configuring DNS Views

Configuring Specific Forwarding for a View on a Physical Server Managed

Through a Smart
At view level, you can also set a specific forwarding configuration for views on physical servers
managed through a smart architecture already configured with forward options.

Just like for servers, the forwarding configuration set on a smart view is automatically inherited
by the views of the physical servers managed through that smart, but you can edit the type of
forward option for a view directly on the physical server. This option is in turn inherited by the
zones and records of the view and allows you to customize the forwarding on your network.

Keep in mind that once the Forward option is set on a smart you cannot unset it on the views of
the physical servers it manages. Setting the option to None means at view level that the view
inherits the server configuration.

To configure a specific forward mode on a physical server view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. Click on the name of the physical server of your choice. The All zones page of the physical
server opens.
5. In the breadcrumb, click on All views. The All views page of the physical server opens.
6. At the end of the line of the view of your choice, click on . The properties pages opens.
7. Open the Forwarding panel using . The forward mode and forwarders list displayed settings
inherited from the server.
8. Click on EDIT . The wizard opens.
9. Click on NEXT until the Edit a DNS view page appears.
10. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
11. Set your forwarders list:

a. In the Add a forwarder field, type in the address of a forwarder.

b. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forward-
ers as needed.

12. In the Forward mode field, select the mode of your choice: First or Only. You cannot set the
forwarding to None once it has been set on the smart. The page refreshes. For more details
regarding these modes, refer to the Forward mode options table in the previous section.
13. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.

At any time you can reverse you changes and use the configuration set at server level (smart of
physical): edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click
on OK to commit your changes.

558
 Configuring DNS Views

Configuring DNS Notify Messages at View Level

Configuring the Notify at server level allows to set the changes notification once, for all the master
zones managed by the view. Once the notification is sent to slave zones, the administrator decides
if a zone transfer is relevant, for more details refer to the Limiting Zone Transfer at View Level
section of this guide.

Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :

• the notification type configured for the view,

• the slave zones that will receive the notify messages through their managing view (Also notify),
• the allow-notify directive of the view slave zones. For instance, you can allow all the servers
of a network to notify the slave zones of your server or only a few.

Caution
Any configuration of the Notify panel at view level will override the configuration set
at server level. Any configuration set at zone level will however override the config-
uration set at view level.

Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.

To configure notify messages at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Notify panel using and click on EDIT . The wizard opens.
5. If you or your administrator created classes, the DNS view class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Do not edit the default behaviors configuration and click on NEXT . The Notify page opens.
7. In the Notify drop-down list, set the view notification type following the table below.

Table 42.2. DNS View Notify Types

Fields Description
No With this option no notify message will be sent when changes are
performed in the master zones.
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.

8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:

559
 Configuring DNS Views

a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.

You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .

9. Click on NEXT . The Allow notify page opens. It allows to specify if the view slave zones can
receive master zones notification messages. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 42.3. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
10. Click on OK to commit the configuration. The report opens and closes. The properties page
is visible again. Your configurations are displayed in the Notify panel.

Configuring DNS Recursion at View Level

the recursion settings at server level are inherited by the views. However, you can change these
settings at view level to customize the recursion configuration on the network: the changes oper-
ated on view are inherited by the zones managed through the view.

560
 Configuring DNS Views

Enabling and Disabling the Recursion on a View

The recursion statement essentially controls caching behavior in the view and the zones it man-
ages.

From the view properties page, you can edit its recursive behavior through the Recursion panel.
By default, its content is inherited from the server.

To enable the DNS recursion on a view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using .
7. Click on NEXT until you get to the Recursion configuration page.
8. Open the Recursion panel using . If the Recursion is set to no, click on EDIT . The wizard
opens.
9. Click on NEXT until you get to the Recursion configuration page.
10. In the drop-down list, select yes.
11. Click on NEXT . The Allow recursion page opens. For more details regarding the recursion
configuration, refer to the Limiting the Recursion at View Level section below.
12. Click on OK to commit the recursion enabling.

To disable the DNS recursion on a view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using . If the Recursion is set to yes, click on EDIT . The wizard
opens.
7. Click on NEXT until you get to the Recursion configuration page.
8. In the drop-down list, select no.
9. Click on OK to commit your changes. The report opens and closes. The page refreshes, in
the panel the recursion is disabled.

Limiting the Recursion at View Level

By default, the view inherits the server recursion settings (permissions and restrictions). Changes
these settings at view level overwrites the server configuration and applies to the zones managed
via the view.

561
 Configuring DNS Views

To set an allow-recursion match list at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page opens.
4. In the breadcrumb, click on All views. The All views page of the physical server opens.
5. At the end of the line of the view of your choice, click on . The properties pages opens.
6. Open the Recursion panel using and click on EDIT . The wizard opens.
7. Click on NEXT until you get to the Recursion configuration page.
8. Grant or deny access through the Restriction field to networks, IP addresses, ACLs, and
keys. Configure as many restrictions as you need using the three fields. The table below
details the available options of the Type field:

Table 42.4. Allow-recursion Parameters

Type Description
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created for the server, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

1
visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
9. Click on OK to commit the recursion authorizations/restrictions configuration. The report
opens and closes. The properties page is visible again.

Restricting DNS Queries at View Level

The DNS queries can be restricted through the allow-query and allow-query-cache options. They
both set an ACL list for IP addresses and/or network addresses, so keep in mind that the order
of the elements listed in the ACL values field is important as each restriction or permission
will be reviewed following the order you set in the list.

Allow Query
SOLIDserver allows to specify which hosts are allowed to issue DNS queries. The allow query
properties can be configured at view level and applies to all the zones it contains.

1
The order of the list is important: when a host or a given network is compared to a list of address authorizations, the list is reviewed,
in order, until an element is authorized.

562
 Configuring DNS Views

Note
At the view level, the allow-query configuration overrides the allow query defined at
the server level.

To set an allow query match list at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.
7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 42.5. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created at server level, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
9. Click on NEXT twice to skip the Allow query cache page and open the Allow-transfer page.
10. Click on OK to commit the DNS query restrictions on your view. The report opens and closes.
The properties page is visible again, your configuration is listed in the Allow-query list of the
Access control panel.

563
 Configuring DNS Views

Allow Query Cache

SOLIDserver allows to specify which hosts are allowed to issue DNS queries on the local view
cache. The allow query properties can be configured at view level and applies to all the zones it
contains.

Note
At the view level, the allow query cache configuration overrides the allow query cache
defined at the server level.

Allow-query-cache statement particularities

The allow-query-cache is independent from the allow-query statement but closely linked to
the allow-recursion statement.

If the recursion is set to no, the cache cannot be queried, so it is useless to set an allow-
query-cache match list.

If the recursion is set to yes and the allow-recursion statement is not defined, by default the
localhost and localnets will be permitted to query the server cache.

If the recursion is set to yes and the allow-recursion statement is defined with a specific match
list, the local cache access will be granted to all the entries of the allow-recursion match list.

The match list defined will control recursive behavior as recursive queries would be useless
without access to the local view cache. Typically, if a host is in the allow-recursion match list, it
could access the view the first time and get query result. However, if it is not part of the allow-
query-cache match list then it would not be able to make the same query a second time as it
would be saved on the cache to which it does not have access. On the contrary, if a host is in
the allow-query-cache match list but not in the allow-recursion match list, it would only get results
for queries already sent by another host with the proper access rights. Hence the need to configure
carefully both these statements to avoid conflicts and absurd access configurations.

To set an allow query cache match list at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.
7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens.
9. Click on NEXT . The Allow query cache page opens. You can grant or deny access through
the Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

564
 Configuring DNS Views

Table 42.6. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user, a host.
a
ACL Allow or deny an ACL defined at the server level in the drop-down: admin ,
any, none, localhost and localnets. The ACL list will also include specific
ACL created at server level, for more details refer to the Configuring Ac-
cess Control Lists For a Server section of this guide.
TSIG key Allow or deny a key defined at the server level.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
10. Click on NEXT . The the Allow-transfer page opens.
11. Click on OK to commit the DNS query restrictions on your view. The report opens and closes.
The properties page is visible again, your configuration is listed in the Allow query cache
list of the Access control panel.

Limiting Zone Transfer at View Level

DNS zone transfer is a type of DNS transaction employed to replicate and synchronize all copies
of the zone used at each server configured to host the zone. SOLIDserver denies zone transfers
by default to all DNS server but supports the allow-transfer property at view level to allow you to
specify which hosts, networks, or TSIG keys are granted or denied the permission to do transfers
for all the zones of the view.

The allow-transfer option configuration basically creates an ACL dedicated to controlling transfers
so keep in mind that the order of the elements listed in the ACL values field is important as
each restriction or permission will be reviewed following the order you set in the list.

Note
The allow-transfer property may also be specified in a zone configuration, in which
case it overrides the allow transfer property defined at the views level.

To set an allow transfer match list at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. At the end of the line of the view of your choice, click on . The view properties page opens.
4. Open the Access control panel using . This panel displays different options: Allow-query,
Allow query cache and Allow-transfer.
5. Click on EDIT . The Add a DNS view wizard opens.
6. In the DNS view name filed, the view name is displayed in gray to indicate you cannot edit
it.

565
 Configuring DNS Views

7. In the Mode drop-down list, you can select Configurable behaviors or All behaviors and
modify the configuration if need be. For more details, refer to the DNS section of the Default
Behaviors chapter of this guide.
8. Click on NEXT . The Allow-query page opens.
9. Click on NEXT . The Allow query cache page opens.
10. Click on NEXT . The Allow-transfer page opens. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 42.7. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
11. Click on NEXT . The the Allow-transfer page opens.
12. Click on OK to commit the DNS query restrictions on your view. The report opens and closes.
The properties page is visible again, your configuration is listed in the Allow-transfer list of
the Access control panel.

Configuring Client Resolver Cache Options at View Level

From the properties page of a view belonging to a smart architecture managing EfficientIP DNS
servers using the SSL protocol, you can edit the lame-ttl and max-cache-client options.
Editing them at view level overwrites the server level configuration and applies to the zones
managed by the view.

For more details regarding these two options, refer to the Configuring Client Resolver Cache
Options at Server Level section of this guide.

To set the lame-ttl option at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.

566
 Configuring DNS Views

4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Lame-ttl field, type in the value of your choice. This value is in seconds can be set
between 30 and 1800. The default value is 600, the maximum value is 1800 seconds.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

To set the max-cache-size option at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Max-cache-size field, type in the value of your choice to set the cache memory size.
This value is in bytes. The default value is 100m.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

Configuring EDNS Options at View Level

From the properties page of a view belonging to a smart architecture managing EfficientIP DNS
servers using the SSL protocol, you can edit the edns-udp-size and max-udp-size options.
Like any other configuration option, the settings defined at server level are edited by the view.
Editing them at view level overwrites the server level configuration and applies to the zones
managed by the view.

For more details regarding these options, refer to the Configuring EDNS Options at Server Level
section of this guide.

To set the edns-udp-size option at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Edns-udp-size field, type in the size of received packets of your choice. This value is
in bytes, and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

To add a DNS key at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

567
 Configuring DNS Views

5. In the Max-udp-size field, type in the maximum size of the packets you send. This value is
in bytes and must be set between 512 and 4096. The default value is 4096.
6. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays the value you defined.

Configuring a Sortlist at View Level

From the properties page of a view belonging to a smart architecture managing EfficientIP DNS
servers using the SSL protocol, you can edit the sortlist statement can be edited at view
level. Like any other configuration option, the settings defined at server level are edited by the
view. Editing them at view level overwrites the server level configuration and applies to the zones
managed by the view.

For more details regarding the sortlist statement, refer to the Configuring a Sortlist at Server Level
section of this guide.

To define a sortlist statement at view level

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The corresponding list opens.
3. At the end of the line of the view of your choice, click on . The properties pages opens.
4. Open the Options panel using and click on EDIT .The Options configuration wizard opens.

5. In the Client address field, type in the client IP address/subnet. It must be composed of an
IPv4 address containing 1 to 4 bytes followed by the prefix: <IP address>/<prefix>.
6. In the Sort address field, type in a list of IP addresses or subnets followed by a semi-colon.
These addresses correspond to the value of an A record of the RRset for which you create
the sortlist. The statement will respect the order in which you typed in the addresses. The
value must respect the format <IP address>/<prefix>; even if you only type in one sort ad-
dress.
7. Click on OK to commit your configuration. The report opens and closes. The properties page
is visible again and displays your sortlist as follows: {<client_address_field_value>;
{<first_sort_address>;<second_sort_address;<etc>};}; .There is one sortlist per client address
defined.

568
Chapter 43. Managing DNS Zones
When deploying a name server, it is important to understand the difference between a zone and
a domain. A zone is a delegated point within a DNS structure, and is made up of adjoining elements
of the domain structure, which are governed by a name server.

SOLIDserver allows you to create and manage 6 types of zones : Master, Slave, Forward, Stub,
Hint and Delegation-Only. Each type of zone provides a set of configurations that you can apply
among creation or edition.

Browsing DNS Zones

As far as the DNS hierarchy is concerned, the zone is the third level. It is compulsory to create
a zone to manage resource records.

server

view

zone

dns-navzn
RR

Figure 43.1. The Zone in the DNS Hierarchy

Here below, you can see the link to browse the DNS zones database:

Figure 43.2. DNS: All DNS Zones

Browsing the DNS Zones Database

To display the list of DNS zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.

To display the list DNS zones through the breadcrumb

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.

From the DNS homepage, you can access directly name (direct), reverse, master, slave, forward
and stub zones by clicking on their corresponding icons.

To use the DNS homepage zone filters

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.

569
 Managing DNS Zones

3. Click on the icon that suits your needs. The DNS All zones page opens automatically filtered
according to the chosen icon.

To display the list DNS zones for a specific server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the Server column, click on the name of the server of your choice to display the zones it
contains.

To display the list DNS zones for a specific view

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS views icon. The DNS All views list opens.
3. In the View column, click on the name of the view of your choice to display the zones it
contains.

To display a zone properties page

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.

On the DNS zone properties page of a physical server you will find the following information in
separate panels:

• Main properties: sums up the main information regarding the zone. In the case of our zone:
the zone name, type, resolution, server, view, IPAM space it is linked to, responsible user email
address, refresh frequency, lifespan, etc. In other words, everything there is to know about the
zone apart from specific configurations that are all displayed in dedicated panels.
• Default Behavior properties: displays the default behaviors set at the zone level (in the zones
listing page). You cannot edit them from this panel, to make any changes use the Main prop-
erties panel EDIT button and change them on the second page of the wizard.
• Name servers: displays the server(s) that have authority over the zone or over the domain sub-
zone(s).
• Forwarding: displays the servers toward which are redirected the DNS queries for that zone.
• Groups access: displays the groups that have the zone listed as a resource and the rights and
delegations the users have over it.
• Ticket: displays the users that issued a ticket through the Workflow module to modify or delete
the zone. This panel cannot be edited from the properties page.
• Notify: displays the IP addresses of the servers that will be notified of any change made on
the master zone. These servers contain slave zone(s) named after the current master zone.
• Access control: displays the allow-query, allow-transfer and allow-update access permissions
and restrictions to query the master zone, transfer the zone data or update the zone.
• Sources: displays the IPv4 interface(s) used to send the zone notifications.
• Sources V6: displays the IPv6 interface(s) used to send the zone notifications.

570
 Managing DNS Zones

• State log: displays the server status evolution log; OK or KO (i.e. Timeout) and at what time it
changed status. This panel cannot be edited, it simply provides information.
• Audit: displays every changes made on the zone, by whom and when. This panel cannot be
edited, it simply provides information.

Customizing the DNS Zones Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

Understanding the DNS Zones Statuses

The status of zone provides a report on the zone operations. Zones statuses are displayed next
to the right column of the list of the zones. The table below explains all status values:

Table 43.1. DNS Zone Statuses

Status Description
OK The zone is operational.
Busy The zone is synchronizing.
Delayed create The zone creation is delayed due to a server load or a server unavailab-
ility. The creation will be automatically pushed when the server will be
available.
Delayed delete The zone deletion is delayed due to a server load or a server unavailab-
ility. The deletion will be automatically pushed when the server will be
available.
Timeout The zone is not available. Probably an error was detected in the config-
uration file of the zone.
Unknown The zone is not synchronized yet.
Not authoritative The zone configuration is incorrect: in the SOA another server was set
as authoritative.
Refused The DNS server refuses the transfer between the current zone and the
management platform, check the allow-transfer parameter on the zone
or the server properties page.
No RR There is no RR to transfer for the zone. That status can be displayed
for a forward zone.
Unmanaged The zone is not available due to a disabling operation.

Since version 5.0.3, the Multi-status column provides you with emergency, warning, critical, error
or informational messages regarding the compatibility with Hybrid. For more details, refer to the
Multi-status Column section or the chapter Hybrid DNS Service of this guide.

Managing Master Zones

A master zone stocks the original zone important records for a certain name space and answers
the other name servers queries regarding this space name.

571
 Managing DNS Zones

Adding a Master Zone

Adding a master zone on a server can be done from the All Zones list, like in the procedure below,
or from the All Zones list of a specific server in which case some steps of the procedure below
will be skipped automatically.

To add a DNS master zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Master.
8. In the DNS zone resolution list, select Name (configuration in step 9) or Reverse (configur-
ation in step 10) and click on NEXT . The next page of the wizard appears.
9. Configure the name zone, using the fields listed in the table below and go to step 11.

Table 43.2. DNS Name Zone Basic Parameters

Fields Description
Name In this field, type in the zone name you chose. It should strictly con-
form to the syntax given in RFC1034 [http://tools.ietf.org/html/rfc1034]
(page 7). This field is compulsory.
View In this drop-down list, select the view in which the zone will be cre-
ated. If there are no views in the selected server, the list is empty.
Space In this drop-down list, select one of the IPAM spaces that will be tied
to that zone or None. The selected space will be updated by the DNS
zone your are creating.

10. Configure the reverse zone, using the fields listed in the table below and go to step 11.

Table 43.3. DNS Reverse Zone Basic Parameters

Fields Description
Name In this field, the name of the reverse domain auto-completes with the
address you type in the next field. The suffix displayed changes ac-
cording to the Reverse type selected.
IP address / IPv6 ad- In this field, type in the IP address for the zone. The address you
dress type in will complete the reverse domain name, it should be com-
posed of a maximum of three bytes (xxx.xxx.xxx). This field is com-
pulsory.
Reverse type In this drop-down list, select the reverse resolution method: IPv4 in-
addr.arpa, E164 arpa, IPv6 int or IPv6 arpa. Once selected, the ex-
tension is automatically displayed in the Name field. This field is
compulsory.
IPv4 in-addr.arpa You can select this field to configure IPv4 reverse-mapping.

572
 Managing DNS Zones

Fields Description
E164 arpa You can select this field to configure telephone number mapping for
the zone, it will use the phone numbers dedicated reverse mapping
domain suffix (e164.arpa).
IPv6 int You can select this field to configure IPv6 reverse-mapping. Note
that this extension is deprecated, so unless your IPv6 configuration
is older than 2001 we recommend that you use the IPv6 arpa exten-
s i o n . Fo r more details r e fe r to RFC 4159
[http://tools.ietf.org/html/rfc4159].
Ipv6 arpa You can select this field to configure IPv6 reverse-mapping.
View In this drop-down list, select the view in which the zone will be cre-
ated. If there are no views in the selected server, the list is empty.
Space In this drop-down list, select one of the IPAM spaces that will be tied
to that zone or None. The selected space will be updated by the DNS
zone your are creating.

11. If you are managing an Agentless MS DNS server through a smart architecture, you might
want to configure the Expert Mode parameters following the table below. If not, go to step
12.

Note
This mode is not available if you added a Microsoft DNS (via AD). If you created
a Microsoft DNS (with agent), you will be able to tick the AD replication box but
not configure it in details.

Table 43.4. DNS Expert Mode Parameters

Fields Description
Expert Mode Tick this box if your are adding the zone to an Active Directory integ-
rated Microsoft DNS server. Once ticked, the AD integrated checkbox
appears.
AD integrated Tick this box if your server in AD integrated. Once ticked, the AD
Replication drop-down list appears. This option is not available for
Hint zones.
AD replication In this drop-down list, you can configure the zone content and para-
meters replication. Ticking this either: All DC in the AD Domain (de-
fault), All DNS servers in the AD domain or All DNS servers in the
AD forest.
All DC in the AD do- Select this option to replicate the zone parameters and content to
main all the Domain Controllers of the AD domain. This option is selected
by default. This option is not available for Stub zones.
All DNS servers in the Select this option to replicate the zone parameters and content to
AD domain all the DNS servers of the AD domain.
All DNS servers in the Select this option to replicate the zone parameters and content to
AD forest all the DNS servers of the AD forest.

12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable and you will have the following choices:

573
 Managing DNS Zones

Table 43.5. DNS Default Behaviors Parameters

Fields Description
Mode You can select either Configurable behavior or All behaviors.
Configurable behavior This option is selected by default in the Mode drop-down list and
displays all the fields and options that have been ticked in the Default
behavior wizard at the server level. For more details, refer to the
DNS section of the Default Behaviors chapter of this guide.
All behaviors If you select this option, you will display all the fields and options that
can be ticked in the Default behavior wizard. For more details, refer
to the DNS section of the Default Behaviors chapter of this guide.

13. Click on NEXT . The last page of the wizard appears.

14. The fields on that page are automatically filled. However you can edit them following the
table below. All the fields are compulsory.

Table 43.6. DNS Zone Advanced Parameters

Fields Description
Primary server This field defines the primary Master server for the zone. When you
create a zone on a smart server, it is automatically filled and cannot
be edited.
Responsible This field defines the administrator email address for the zone.
Serial number This field contains the zone serial number. It is automatically incre-
mented for each zone change.
Refresh This field/drop-down list contains a value that, once reached, forces
the slave server(s) to read the SOA record. If this record is higher
than the slave's one, a zone transfer will be triggered by the slave
to get the latest version of the zone. Typical values are 3 to 24 hours.
Retry This field/drop-down list defines the retry interval if the server fails
to reach the master during a refresh cycle. Typical values are 10 to
60 hours.
Expire This field/drop-down list indicates the period after which the records
are considered to be no longer valid/authoritative and the server
stops responding to queries for the zone. Typical values are 1 to 3
weeks.
Minimum This field/drop-down list indicates the period of time that negative
responses can be cached from the slave. For instance if a request
cannot be resolved, the server will answer with a NXDOMAIN result
(No such domain). The servers will continue returning this value until
the Minimum value expires, then it will retry the resolution. The value
has to be between 0 and 3 hours.
TTL This field/drop-down list indicates the default TTL (Time to Live)
duration for the SOA. Typical values are between 0 and 3 hours.

15. Click on OK to commit the creation. The report opens and closes. The zone is listed and will
be marked Delayed create before being marked OK.

574
 Managing DNS Zones

Warning
During the first Master zone addition, the allow-update option is by default configured
with the ACL admin. Within SOLIDserver admin corresponds to any, so you might
want to change the ACL and restrict the option use. For more details, refer to the
Modifying DNS Update Authorizations chapter of this guide.

Editing a Master Zone

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon.

To edit a master zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zone procedure.
7. Click on NEXT . The last page of the wizard appears.
8. Modify the advanced parameters if need be, refer to the DNS Zone Advanced Parameters
table in the To add a master name zone procedure.
9. Click on OK to commit the modifications. The report opens and closes. The changes are
visible in the Main properties panel.

Configuring a Dynamic Update

Dynamic update enables DNS client computers to register and dynamically update their resource
records with a DNS server whenever changes occur. This reduces the need for manual adminis-
tration of zone records, especially for clients that frequently move or change locations and use
DHCP to obtain an IP address.

DNS Dynamic (DDNS) updating of a zone enables the configuration of delegation resource records
from an application using the protocol defined in RFC 2136 [http://tools.ietf.org/html/rfc2136].
EfficientIP zone management uses this mechanism to update the content of master zones. By
default for security reason, the SOLIDserver DNS service does not accept dynamic update, to
allow dynamic update refer to the Modifying DNS Update Authorizations section of this chapter.

Using Multiple Masters

If you are more concerned with having DNS available at all times rather than having the conveni-
ence provided by a master/slave configuration, you can use a multiple master configuration. This
concept is simple, all DNS servers are master servers for each zone. The most difficult part of
having multiple master DNS servers comes when a change is made to a zone file or the DNS
configuration: the change must be made to every master DNS server and is not automatically
propagated. To avoid this tedious management manipulation of each and every master DNS
server, we recommend that you manage your master servers through a DNS Multi-Master smart

575
 Managing DNS Zones

architecture. For more details refer to the DNS Multi-Master Smart Architecture section of this
guide. As for the configuration procedure, refer to the Multi-Master Smart Architecture of the
Adding a DNS Smart Architecture section of this guide.

Managing Slave Zones

The function of a slave zone is to respond to the other servers requests regarding the name
spaces for which it is considered to be the authority. Slave name servers receive their name
space information from master name servers through the intermediary of a transfer zone, via
which the slave zone sends a NOTIFY request to the master zone concerning a certain zone.
The master zone then provides information if the slave is authorized to receive the transfer. Note
that several master servers can be configured for one slave server.

Adding a Slave Zone

To add a slave zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Slave.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the slave zone basic parameters.

For a name zone, refer to the table DNS Name Zone Basic Parameters.

For a reverse zone, refer to the table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
12. Click on NEXT . The last page of the wizard appears.
13. Set up the list of master servers for the zone using the table below:

Table 43.7. DNS Slave Zone Parameters

Fields Description
Master IP address In this field, type in the master server IP address. This field is com-
a
pulsory.
Port In this field, you can type in the number of the port dedicated to
communicating with the slave zone. This field is optional.
TSIG key In this field, you can type in the TSIG key that identifies the zone
from the master server. This field is optional.
a
The master zones of the server you specify through this IP address will be automatically allowed to send notify
messages of any changes to the slave zone you are creating.

576
 Managing DNS Zones

Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
14. Click on OK to commit the slave zone creation. The report opens and closes. The zone is
listed and will be marked Delayed create before being marked OK.

Editing Slave Zone Properties

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon.

To edit a slave zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9, 10
and 12 of the To add a master zones procedure.
7. Click on NEXT . The last page of the wizard appears.
8. If you want to add another master server refer to the step 14 of the To add a slave zone
procedure.
9. If you want to edit a server, select it in the Masters list, the parameters configured appear
in the Master IP address, Port and TSIG key fields: modify the content of any field according
to your needs and click on UPDATE . The server is modified in the list.
10. If you want to delete a server, select it in the Masters list and click on DELETE . The server is
no longer listed in the list.
11. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties panel.

Managing Forward Zones

It is possible to configure a forward zone (or redirector) so that it redirects all recursive requests
for a zone towards a selected list of servers. The listed servers search local zones to look after
the resolution of the recursive requests to which they cannot respond. During the redirection
process, a forward zone behaves in the same way as would a DNS client in relation to its redir-
ectors.

Adding a Forward Zone

To add a forward zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.

577
 Managing DNS Zones

4. In the DNS server field, select the server of your choice.

5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Forward.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:

For a name zone, see table DNS Name Zone Basic Parameters.

For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. If you are managing an Agentless MS DNS server or a Microsoft DNS (with agent) through
a smart architecture, you might want to configure the Expert Mode parameters. Refer to the
table DNS Expert Mode Parameters.
12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
13. Click on NEXT . The last page of the wizard appears.
14. Configure the Forwarders list for the zone using the parameters, in order, described in the
table below:

Table 43.8. DNS Forward Zone Parameters

Fields Description
Add a forwarder (IP) In this field, type in the IP address of the master server to which the
queries will be forwarded. This field is compulsory.
Forward Mode In this field, select either First, Only or None. This field is compulsory.
First Select this option if you want the zone to first send a query to the
forwarder, if not answered, it will issue queries directly. This field is
selected by default.
Only Select this option if you only want the zone to forward queries.
None Select this option if you configured a forward at server level in which
case the forwarding is set by default.

Once the server IP address and the forward mode are configured, click on . The configur-
ation is listed in the Forwarders list. Repeat these actions for as many servers as needed.
The order of the servers in the list is not important. If you want to delete a server from the
list, select it and click on .
15. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and will be marked Delayed create before being marked OK.

Editing Forward Zone Properties

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon. The Main properties page of a forward zone only allows to modify
the zone classes, if any are configured, and the default behaviors. To edit the forwarding config-
uration, you need to edit the Forwarding panel like in the procedure below.

578
 Managing DNS Zones

To edit a forward zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Forwarding panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zones procedure.
6. Click on NEXT . The last page of the wizard appears.
7. If you want to add another forwarding master server refer to the step 14 of the To add a
forward zone procedure.
8. In the Add a forwarder (IP) and Forward Mode fields, fill in the address of the master server
and select if the zone will forward Only or send a query First.
9. If you want to delete a server, select it in the Forwarders list list and click on . The server
is no longer listed in the list.
10. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties and in the Forwarding panels.

Managing Stub Zones

A stub zone is similar to a slave zone, with the exception that it does more than simply replicate
the name servers of a master zone. Stub zones are not part of the DNS standard zone, they are
specific characteristic of BIND implementation. Stub zones can therefore be used to force the
resolution of a domain, particularly for a restrained collection of servers. Generic DNS servers
cannot contain Stub zones.

Adding a Stub Zone

To add a stub zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server of your choice.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Stub.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:

For a name zone, see table DNS Name Zone Basic Parameters.

For a reverse zone, see table DNS Reverse Zone Basic Parameters.

579
 Managing DNS Zones

11. If you are managing an Agentless MS DNS server or a Microsoft DNS (with agent) through
a smart architecture, you might want to configure the Expert Mode parameters. Refer to the
table DNS Expert Mode Parameters.
12. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
13. Click on NEXT . The last page of the wizard appears.
14. Set up the list of master servers for the zone using the table below:

Table 43.9. DNS Stub Zone Parameters

Fields Description
Master IP address In this field, type in the master server IP address. This field is com-
pulsory.
Port In this field, you can type in the number of the port dedicated to
communicating with the slave zone. This field is optional.
TSIG key In this field, you can type in the TSIG key that identifies the zone
from the master server. This field is optional.

Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
15. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and will be marked Delayed create before being marked OK. A stub zone will only
contain an SOA and NS RRs.

Editing Stub Zone Properties

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon.

To edit a stub zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Configurable behaviors and Mode fields if need be, refer to steps 9 and
12 of the To add a master zones procedure.
7. Click on NEXT . The last page of the wizard appears.
8. If you want to add another master server refer to the step 14 of the To add a stub zone pro-
cedure.
9. If you want to edit a server, select it in the Masters list, the parameters configured appear
in the Master IP address, Port and TSIG key fields: modify the content of any field according
to your needs and click on UPDATE . The server is modified in the list.
10. If you want to delete a server, select it in the Masters list and click on DELETE . The server is
no longer listed in the list.

580
 Managing DNS Zones

11. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Main properties panel.

Managing Hint Zones

The hint zone is a particular kind of zone that can only be used or required for a name server
that provides recursive services. It basically updates the local server cache with a list of the 13
root-servers saved in the form of A RRs (from a.root-servers.net to m.root-servers.net). So one
hint zone per server or view is enough. When the server starts up, it uses this hint zone to query
the root zone and obtain a complete list of the current authoritative root servers. A query to the
root zone will return this list, it will then be used by the name server as a starting point for any
domain query, if there is no locally defined zone (slave or master) or a cached answer. This hint
zone should be updated every 12 months or whenever there are log messages noting discrepan-
cies when the DNS server loads. The hint zone can also contain an internal list and be used
locally. In this case, the configuration is running an internal name service on a closed network,
or the name server is not defined but recursive queries are required. The hint zone cannot be
added into a Microsoft server.

Adding a Hint Zone

To add a hint zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server on which you are adding a zone.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Hint.
8. In the DNS zone resolution list, select Name or Reverse.
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:

For a name zone, see table DNS Name Zone Basic Parameters.

For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
12. Click on OK to commit the zone creation. The report opens and closes. The zone is listed,
named and marked OK.

Editing a Hint Zone Properties

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon. In the case of a hint zone, only the default behaviors can be
modified.

581
 Managing DNS Zones

To edit a hint zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.
7. Click on OK to commit the changes. The report opens and closes. The changes are visible
in the Default Behavior properties panel.

Managing Delegation-Only Zones

EfficientIP DNS servers support the delegation-only zones in caching/recursive name servers.
The delegation-only zone allows the resolution of non-existing domain names by sending a
nxdomain respond when non-existing names are queried. When a zone is declared as delegation-
only it will be limited to containing NS RRs for subdomains, but no actual data beyond its own
parent zone (for example, its SOA RR and parent zone NS RRset). This can be used to filter out
wildcard or synthesized data from NAT boxes or from authoritative name servers whose un-
delegated (in-zone) data is of no interest.

The Delegation-Only zone cannot be added into a Microsoft server.

Adding a Delegation-Only Zone

To add a delegation-only zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the menu, select Add > DNS zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select the server on which you are adding a zone.
5. Click on NEXT . The next page of the wizard appears.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the DNS zone type list, select Delegation-Only.
8. In the DNS zone resolution list, select Name or Reverse
9. Click on NEXT . The next page of the wizard appears.
10. Configure the zone basic parameters:

For a name zone, see table DNS Name Zone Basic Parameters.

For a reverse zone, see table DNS Reverse Zone Basic Parameters.
11. Depending on the administrator configuration, the information in the Configurable behaviors
section might be editable, refer to the table DNS Default Behaviors Parameters.

582
 Managing DNS Zones

12. Click on OK to commit the zone creation. The report opens and closes. The zone is listed
and marked OK.

Editing Delegation-Only Zone Properties

Once created, you can always edit the zone configuration parameters from its properties page
or through the Info Bar icon.

To edit the properties of a delegation-only zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a DNS zone wizard opens.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. Modify the Space, Mode fields if need be, refer to steps 9, 10 and 12 of the To add a master
zone procedure.
7. Click on OK to commit the changes. The report opens and closes, the properties page re-
freshes. The changes are visible in the Main properties and Default Behavior properties
panels.

Hosting Active Directory Domain Zones

As SOLIDserver is able to update native Microsoft's DNS servers, SOLIDserver is also capable
of hosting DNS zones coming from AD domains.

Dynamic DNS (DDNS) is the system through which updates to address assignments through
DHCP are reflected in the DNS records for the hosts. DDNS enables a DNS server to accept
updates regarding the IP addresses DHCP clients. The DNS server receives an update every
time a dynamic client changes its IP addresses. The DNS server then associates the IP address
with a DNS name for the client. Dynamic data for an address is maintained if the DDNS Updates
option is deployed in the DHCP range containing the address. Any records that are generated
dynamically are clearly marked as such when looking at the records for the zone. Dynamic updates
are always deployed immediately to the managed server where they were generated.

It is common for DNS on the internal side to allow dynamic updates to the DNS server. Dynamic
DNS eliminates the need for an administrator to manually enter large numbers of records. Rather
than using dynamic updates, authorized users, or DHCP servers themselves, can add, delete,
and change records on the fly. However, making use of DDNS does have the potential to open
your network up to certain vulnerabilities. In the wrong hands, dynamic updates can allow a user
to dynamically update some or many of the records on a DNS server organization with bogus
information. As such, dynamic updates should be restricted as much as possible. Generally,
SOLIDserver only uses DHCP servers for DDNS, as all of these transactions are automatically
TSIG protected.

Tip
SOLIDserver can reproduce the Microsoft's multi-master behavior by deploying Multi-
master smart architecture. The Multi-Master smart architecture supports Microsoft

583
 Managing DNS Zones

DNS server, SOLIDserver DNS, BIND server (on Linux, Solaris and FreeBSD) and
Nominum's ANS server as well.

Synchronizing Zones
This operation makes it possible to refresh the content of one or more zones in the management
database. Basically, this synchronization is done automatically after a while defined by the refresh
parameter of the zone (SOA). But the administrator can force a synchronization in order to speed
up the update.

To synchronize zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone(s) you want to synchronize.
4. In the menu, select Edit > Status > Synchronize. The Synchronization wizard opens.
5. Click on OK to commit the synchronization. The report opens and closes when the synchron-
ization is over. The page reloads.

Deleting Zones
The deletion procedure is the same for every type of zones. Deleting a zone will also delete all
the resource records of that zone.

To delete a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Filter the list if need be.
4. Tick the zone(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The zone is marked
Delayed delete until it is no longer listed.

Disabling and Enabling Zones

All existing zones can be enabled and disabled from the management console, providing a viable
option for stopping the availability of zones on one or several servers in one operation. This feature
is especially helpful when you have to move or repair servers for particular zones. When you
disable a zone, Unmanaged status appears next to the right listing in the zone view.

To disable a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zones you want do disable.
4. In the menu, select Edit > Status > Disable. The Disable wizard opens.

584
 Managing DNS Zones

5. Click on OK to commit the zone deactivation. The report opens and closes. The zone status
changes to Unmanaged.

To enable a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone(s) you want to enable.
4. In the menu, select Edit > Status > Enable. The Activate wizard opens.
5. Click on OK to commit the zone activation. The report opens and closes. The zone status
changes to OK.

Managing Zones Duplication and Migration

At some point you might need to migrate or copy zones from one DNS server or view to the
other. In this case, you will need to use the Migrate option. Note that this option has nothing to
do with the zones database replication of the DNS allow-transfer command. Duplication and mi-
gration of a zone includes the RRs it manages.

To copy a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone (s) you want to copy on another server or view.
4. In the menu, select Edit > Migrate. The Copy/Move a zone wizard opens.
5. In the Method drop-down list, select Copy.
6. In the Target server drop-down list, select the DNS server where you want to copy the se-
lected zone. The wizard refreshes.
7. If the selected server has views, the Target view drop-down list appears, select the view of
your choice. The wizard refreshes.
8. Click on OK to commit the zone duplication. The report opens and closes. The All zones list
is visible again and displays the duplicated zone. If you selected a view, the zone is also
listed in the All zones list of said view.

To move a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone (s) you want to copy on another server or view.
4. In the menu, select Edit > Migrate. The Copy/Move a zone wizard opens.
5. In the Method drop-down list, select Move.
6. In the Target server drop-down list, select the DNS server where you want to move the se-
lected zone. The wizard refreshes.
7. If the selected server has views, the Target view drop-down list appears, select the view of
your choice. The wizard refreshes.

585
 Managing DNS Zones

8. Click on OK to commit the zone migration. The report opens and closes. The All zones list
is visible again and displays the migrated zone. If you selected a view, the zone is also listed
in the All zones list of said view.

Defining a DNS Zone as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a zone as one of the resources of a specific group will allow the users of that
group to manage the zone(s) in question as long as they have the corresponding rights and del-
egations granted. Granting access to a zone as a resource will also make every item it contains
available. For more details, refer to the section Assigning Objects as Resource in the chapter
Managing Groups of administrator of this guide.

586
Chapter 44. Configuring DNS Zones
Like servers and views, zones can be configured individually to set a series of behaviors for the
records they contain. Any configuration set at zone level overwrites what was set at server
(whether physical or smart) and view level.

Managing Zones Delegation

DNS provides the option of dividing up the namespace into one or more zones, which can then
be stored, distributed, and replicated to other DNS servers. When considering dividing your DNS
namespace to make additional zones, take into account the following reasons to use additional
zones:

• A need to delegate management of part of your DNS namespace to another location or depart-
ment within your organization.
• A need to divide one large zone into smaller zones for distributing traffic loads among multiple
servers, improve DNS name resolution performance, or create a more fault-tolerant DNS en-
vironment.
• A need to extend the namespace by adding numerous subdomains at once, such as to accom-
modate the opening of a new branch or site.

If, for any of these reasons, you could benefit from delegating zones, it might make sense to re-
structure your namespace by adding additional zones. When choosing how to structure zones,
you should use a plan that reflects the structure of your organization. When delegating zones
within your namespace, be aware that for each new zone you create, you will need delegation
records (NS) in other zones that point to the authoritative DNS servers for the new zone. This is
necessary both to transfer authority and to provide correct referral to other DNS servers and clients
of the new servers being made authoritative for the new zone.

To make a server known to others outside of the new delegated zone, two RRs are needed in
the parent zone to complete delegation to the new zone. These RRs include:

• An NS RR to effect the delegation. This RR is used to advertise that the server named is an
authoritative server for the delegated subdomain.
• An A RR (also known as a glue record) is needed to resolve the name of the server specified
in the NS RR to its IP address. The process of resolving the host name in this RR to the deleg-
ated DNS server in the NS RR is sometimes referred to as glue chasing. In reality, the A record
is not compulsory when it comes to configuring zones delegation; however, if you add it, you
will save the DNS client some time as you will give in one query the authoritative server of the
child zone and IP address. That way, there is no need to query twice to first get the server and
then its IP address.

Configuring Delegation at the Zone level

At zone level, setting up the delegation implies editing the properties of the zone with the appro-
priate data.

To configure a name server for a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.

587
 Configuring DNS Zones

3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. in the Name Servers panel, click on EDIT . The Authoritative DNS servers wizard opens.
5. In the DNS server field, type in the name of the server of your choice. Repeat these actions
for as many servers as needed.
6. Click on . The server is listed in the Authoritative DNS servers list.
7. Click on NEXT . The Delegated data page opens.
8. In the Delegation field, type in the name of the RR and the server you want to delegate it
following the syntax: rrname > dnsserver.name.
9. Click on . The delegation is listed in the Delegated data list. Repeat these actions for as
many RRs and servers as needed.
10. Click on OK to commit the configuration. The report opens and closes. The configuration
parameters are visible in the panel.

Configuring delegation will only create the NS record. For more details regarding the A record
addition, refer to the section Configuring the Delegation At RR Level of this guide.

Automating the Zone Delegation

You can automate the NS record creation and deletion in and from the parent zone.

Automated NS Record Addition Rule

The rule 87 Create NS RR delegation will automatically create the name server record in the
parent zone of the child zone you create. So you simply need to add it to the Rules list in the
Administration tab before adding your child zones.

To add the rule 087 that automates the NS record creation

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. From the Module list, select DNS.
5. From the Event list, select Add: DNS zones.
6. From the Rule list, select (087) Create NS RR delegation (Create NS RR delegation for each
zone created)
7. In the Rule name field, type in the name of your choice, it will be listed in the Instance column.
8. Click on NEXT . The Rule filters page appears.
9. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.

Automated NS Record Deletion Rule

The rule 152 Delete NS RR delegation will automatically delete the name server record in the
parent zone of the child zone you delete. So you simply need to add it to the Rules list in the
Administration tab before deleting your child zones.

588
 Configuring DNS Zones

To add the rule 152 that automates the NS record creation

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. From the Module list, select DNS.
5. From the Event list, select DNS zone deletion.
6. From the Rule list, select (152) Delete NS RR delegation (Delete NS RR delegation for each
zone deleted)
7. In the Rule name field, type in the name of your choice, it will be listed in the Instance column.
8. Click on NEXT . The Rule filters page appears.
9. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.

Using the Classless in-addr.arpa Delegation

SOLIDserver allows you to configure a classless in-addr.arpa delegation for networks containing
less than 256 IP addresses, as defined in the RFC 2317. Typically, it is used to delegate reverse
DNS lookup for part of that network to other DNS servers.

In the parent master reverse zone, the classless in-addr.arpa delegation creates CNAME resource
records for each address you want to delegate. It also creates an NS RR for each delegated
server. For the reverse lookup to function properly, the delegated server(s) should contain the
PTR records associated to each address.

Note
The NS RR for each delegated server can be created in a domain different from in-
addr.arpa using a suffix for the CNAME RRs value.

To add a classless in-addr.arpa delegation

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Reverse zones icon. The DNS All zones list opens and displays all the reverse
zones.
3. In the Name column, click on the master reverse zone you want to delegate a part of. It
should be composed of a maximum of three bytes (xxx.xxx.xxx.in-addr.arpa). The All RRs
page opens and displays the RRs of the zone.
4. In the menu, select Add > Classless in-addr.arpa delegation. The Add a classless in-ad-
dr.arpa delegation wizard opens.
5. In the Start address field, type in the first address of the range you want to delegate. By
default, the first available address of the zone id displayed in this field.
6. In the Delegation range size field, type in the number of addresses you want to delegate.
7. In the Delegated NS field, type in the name of the DNS server) that will be authoritative over
the range of addresses. Use to add this server name the Delegated NS list.Repeat these
actions for as many servers as needed. Use to remove a server name from the list.

589
 Configuring DNS Zones

8. In the Delegated zone format drop-down list, select the concatenation format ([start]-
[end].c.b.a.in-addr.arpa, [start]-[size].c.b.a.in-addr.arpa, [start]-[prefix].c.b.a.in-addr.arpa) for
NS RR name.
9. Tick the Add a specific suffix checkbox if you want the NS RR to be created in a domain
different from in-addr.arpa. The Specific suffix field appears.
10. In the Specific suffix field, type in the suffix of your choice. This suffix corresponds to the
domain in which you want to create the NS RR. This suffix will be added at the end of each
of the CNAME RR you are creating.
11. Click on OK to commit the delegation configuration. The report opens and closes. The All
RRs page is visible again. There are as many CNAME RRs as delegated addresses and as
many a NS records as delegated servers. In the Value column, each address is listed accord-
ing to the format you chose, if you added a suffix, it is visible in that column as well.

Configuring DNS Forwarding at Zone Level

At zone level you can set forwarders and overwrite the configuration set at server or view level.
Unlike views, at zone level you can disable the forwarding.

You can edit the forwarding on master, slave, forward and stub zones.

Configuring a Forwarders List on a Zone

From the All zones list of a smart architecture you can edit the forward configuration of a zone.
This configuration edition applies to the zone on all the physical servers managed by the archi-
tecture. If the zone is managed on a server not managed via a smart architecture, it only applies
to that zone on the server.

Keep in mind that at zone level, unlike for the views, you can disable the forward.

To configure a forwarders list for a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the smart architecture of your choice. The All zones page opens.
4. At the end of the line of the zone of your choice, click on . The properties pages opens.
5. Open the Forwarding panel using and click on EDIT . The Edit a DNS zone wizard opens.
6. Click on NEXT until the Forwarding configuration page appears.
7. In the Add a forwarder field, type in the address of a forwarder.
8. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forwarders
as needed.
9. In the Forward mode field, select the mode of your choice according to the table below.

Table 44.1. Forward mode options

Options Description
None Selecting this option disables the forwarding on the zone.
Default The zone uses the forward configuration set at server or view level.

590
 Configuring DNS Zones

Options Description
First The server sends the queries to the forwarder you just set and, if not
answered, attempts to find an answer.
Only The server only forwards queries to the forwarder you just set.

10. Click on OK to commit the forwarders configuration. The report opens and closes. The
properties page refreshes and displayed the new settings.

Configuring Specific Forwarding for a Zone on a Physical Server Managed

Through a Smart
At zone level, you can set a specific forwarding configuration on physical servers managed
through a smart architecture already configured with forward options.

Just like for servers and views, the forwarding configuration set on a smart zone is automatically
replicated on the physical servers managed through that smart, but you can edit the type of forward
option for a zone directly on the physical server. This option applies in turn to the records of the
zone and allows you to customize the forwarding on your network.

Keep in mind that once the Forward option is set at server or view level, you can disable it on a
zone. To inherit the option from the server or view, you can set the Forward mode to Default.

To configure a specific forward mode on a physical server zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Next to the Logout icon, click on to display the physical servers managed by your smart
architectures.
4. Click on the name of the physical server of your choice. The All zones page of the physical
server opens.
5. At the end of the line of the zone of your choice, click on . The properties pages opens.
6. Open the Forwarding panel using . The forward mode and forwarders list displayed settings
inherited from the server or view.
7. Click on EDIT . The Edit a DNS zone page appears.
8. Tick the Overwrite the smart settings checkbox. The page refreshes and displays the forward
fields.
9. If you want to set the forwarding for the zone:

a. In the Add a forwarder field, type in the address of a forwarder.

b. Click on ADD to move it to the Forwarders list. Repeat these actions for as many forward-
ers as needed.
c. In the Forward mode field, select the mode of your choice: First or Only. The page re-
freshes. For more details regarding these modes, refer to the Forward mode options
table in the previous section.

10. If you want to disable the forward for the zone: in the Forward mode field, select None. The
page refreshes.

591
 Configuring DNS Zones

11. Click on OK to commit the forwarders configuration of the physical server. The properties
page is visible again. In the Forwarding panel, the message Smart configuration is overwritten
is displayed above your mode and forwarders configuration.

At any time you can reverse you changes and use the configuration set at server or view level:
edit the Forwarding panel, untick the Overwrite the smart settings checkbox and click on OK to
commit your changes.

Configuring DNS Notify Messages at Zone Level

Configuring the Notify at server level allows to set the changes notification once, for all the master
zones managed by the view. Once the notification is sent to slave zones, the administrator decides
if a zone transfer is relevant, for more details refer to the Limiting Zone Transfers at Server Level
and Limiting Zone Transfer at View Level section of this guide.

Within SOLIDserver, the notification configuration is done from the Notify panel of the properties
page. This panel will display :

• the notification type configured for the server,

• the slave zones that will receive the notify messages through their managing server,
• the allow-notify directive configuration of the slave zones. For instance, you can allow all the
servers of a network to notify the slave zones of your server or only a few.

Caution
Any configuration of the Notify panel at zone level will override the configuration set
at server and view level.

Keep in mind that there will be an implicit allow-notify directive set when you add a slave zone:
when you set the Master IP address of the slave zone you are allowing the master zones of this
server to send notify messages to your slave zone.

To configure notify messages for a master zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page of the server opens.
4. At the end of the line of the master zone of your choice, click on . The properties pages
opens.
5. Open the Notify panel using and click on EDIT . The wizard opens.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the Notify drop-down list, set the zone notification type following the table below.

Table 44.2. DNS View Notify Types

Fields Description
Inherited With this option the notify messages configuration is inherited from
the lowest container for which it was set (view or server). By default,
Inherited is selected for each zone.

592
 Configuring DNS Zones

Fields Description
No With this option no notify message will be sent when changes are
performed in the master zones.
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.

8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:

a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.

You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .

9. Click on OK to commit the configuration. The report opens and closes. The properties page
is visible again. Your notify and also-notify settings are displayed in the Notify panel.

To configure notify messages for a slave zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server of your choice. The All zones page of the server opens.
4. At the end of the line of the slave zone of your choice, click on . The properties pages
opens.
5. Open the Notify panel using and click on EDIT . The wizard opens.
6. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
7. In the Notify drop-down list, set the zone notification type following the table below.

Table 44.3. DNS View Notify Types

Fields Description
Inherited With this option the notify messages configuration is inherited from
the lowest container for which it was set (view or server). By default,
Inherited is selected for each zone.
No With this option no notify message will be sent when changes are
performed in the master zones.

593
 Configuring DNS Zones

Fields Description
Yes With this option the notify messages will be sent to the target of the
NS records of the master zone. It will also be sent to the IP ad-
dress(es) specified in the IP address field below.
Explicit With this option the notify messages will only be sent to the IP ad-
dress(es) specified in the IP address field below.

8. If you selected Yes or Explicit, you can set the IP address and port of the server(s) which
slave zones will receive the messages:

a. In the IP address field, type in the IP address of another server. The notify message
will be sent if you chose the notify type Yes or Explicit.
b. In the Port field, you can type in the port number that will receive the notify messages
on the server you specified in the previous field.
c. Click on ADD . The IP address and port number are displayed in the Also notify list as
follows: <ip-address> port: <port-number>. You can repeat these actions for as many
servers as needed.

You can edit the content of the list if need be. Click on the entry of your choice, the in-
formation is displayed again in the fields, you can change it and click on UPDATE or click
on DELETE to remove it from the list. If you made changes that you do not want to save,
click on CANCEL .

9. Click on NEXT . The Allow notify page opens. It allows to specify if the slave zone can receive
master zones notification messages. You can grant or deny access through the Restriction
field to networks, IP addresses, ACLs, and keys. Configure as many restrictions as you need
using the three fields. The table below details the available options of the Type field:

Table 44.4. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
10. Click on OK to commit the configuration. The report opens and closes. The properties page
is visible again. Your notify, also-notify and allow-notify settings are displayed in the Notify
panel.

594
 Configuring DNS Zones

Managing DNS Security

DNS Security can be configured through dynamic update, zone transfers configuration or DNS
queries restrictions configuration. All these methods will set ACL to allow or deny access to your
zones so keep in mind that the order of the elements listed in the ACL values field is im-
portant as each restriction or permission will be reviewed following the order you set in the list.

Modifying DNS Update Authorizations

Dynamic update is a method for adding, replacing or deleting records in a master server by
sending it a special form of DNS messages. The format and meaning of these messages is
specified in RFC 2136. Indicate which servers or clients are authorized to dynamically update
the DNS Master Zones. By default, all DNS update queries are rejected.

Caution
Allowing updates based on the requestor IP address is insecure, we strongly recom-
mend using the TSIG key protocol filtering rather than filtering based on IP address.

To secure updates for a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears.
6. Click on NEXT . The Allow-transfer page appears.
7. Click on NEXT . The Allow-update page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 44.5. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied

595
 Configuring DNS Zones

hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
8. Click on OK to commit the configuration. The report opens and closes. The parameters are
visible in the Access control panel Allow-update list.

Limiting Zone Transfers for a Zone

DNS zone transfer is a type of DNS transaction employed to replicate and synchronize all copies
of the zone used at each server configured to host the zone. SOLIDserver denies zone transfers
by default to all DNS server. SOLIDserver supports the allow-transfer zone property that allows
to specify which hosts, networks, or TSIG keys are granted or denied the right to do transfers for
a specified DNS zone.

Note
The allow transfer property may also be specified at the server level or at the view
level. In case of the allow transfer is configured at the zone level it overrides the allow
transfer property defined at the server level or at the view level.

To allow transfer access for a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears.
6. Click on NEXT . The Allow-transfer page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 44.6. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied

596
 Configuring DNS Zones

hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .
7. Click on NEXT . The Allow-update page appears.
8. Click on OK to commit the configuration. The report opens and closes. The parameters are
visible in the Access control panel Allow-transfer list.

Restricting DNS Queries for a Zone

SOLIDserver allows to specify which hosts are allowed to issue DNS queries for a specific zone.
By default, queries are allowed from the local host and the local networks. This property can be
configured for an entire server including all zones it contains. For more information about restricting
DNS queries for a server, please refer to the server management section.

Note
The allow query property may also be specified at the server level or at the view
level. In case of the allow query is configured at the zone level it overrides the allow
transfer property defined at the server level or at the view level.

To allow query access for a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the Access Control panel, click on EDIT . The Edit a DNS zone wizard opens.
5. Click on NEXT . The Allow-query page appears. You can grant or deny access through the
Restriction field to networks, IP addresses, ACLs, and keys. Configure as many restrictions
as you need using the three fields. The table below details the available options of the Type
field:

Table 44.7. Restrictions/Permissions Parameters

Type Restriction
Network address Allow or deny an entire network: type an IPv4 address/prefix in the Net-
work address field.
IP address Allow or deny the IP address of an appliance, a user or a host in the IP
address field
ACL Allow or deny an ACL defined at the server level in the ACL drop-down
a
list: admin , any, none, localhost and localnets. The ACL list will also in-
clude specific ACL created at server level, for more details refer to the
Configuring Access Control Lists For a Server section of this guide.
TSIG key Allow or deny a TSIG key defined at the server in the Keys drop-down
list.
a
The ACL admin is employed by the EfficientIP's management platform to configure and exchange data with DNS
servers.

Once a restriction/permission is configured as needed, click on ADD . The configuration is

visible in the ACL values list, you can organize the list using and . In this list, denied
hosts appear preceded by an exclamation mark (!). If you want to remove an ACL from the
list, select it and click on DELETE .

597
 Configuring DNS Zones

6. Click on NEXT . The Allow-transfer page appears.

7. Click on NEXT . The Allow-update page appears.
8. Click on OK to commit the configuration. The report opens and closes. The parameters are
visible in the Access control panel Allow-query list.

598
Chapter 45. Managing DNS Resource
Records
The resource record (RR) is the lowest level of the DNS hierarchy. RRs are contained in the
master zones and can be replicated to slave zones if need be. RRs are all manageable through
SOLIDserver GUI on the All RRs page.

If you created an RPZ zone, its RRs will be listed on the all RPZ rules page and not the All RRs
page. For more details, refer to the DNS Firewall (RPZ) chapter of this guide.

Browsing DNS Resource Records

server

view

zone

dns-navrr
RR

Figure 45.1. The Resource Records in the DNS Hierarchy

Here below, you can see the link to browse the DNS records database:

Figure 45.2. DNS: All DNS Records

Browsing the DNS Resource Records Database

To display the list of DNS RRs

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.

To display the list of DNS RRs through the breadcrumb

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All RRs. The DNS All RRs list opens.

To display the list of DNS RRs for a specific zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.

599
 Managing DNS Resource Records

To display the list of DNS RRs for a specific server

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Server column, click on the name of the server of you choice to display the RRs it
contains.

Customizing the DNS Resource Records Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

Understanding the DNS Resource Records

The resource record list provides useful information regarding their status as well as what you
can do with them (if they can be edited or not). Resource Records statuses are displayed in the
very last column. The table below explains all status values:

Table 45.1. DNS Resource Records Statuses

Status Description
OK The zone is operational.
Delayed create The zone creation is delayed due to a server load or a server unavailab-
ility. The creation will be automatically pushed when the server will be
available.
Delayed delete The zone deletion is delayed due to a server load or a server unavailab-
ility. The deletion will be automatically pushed when the server will be
available.

As for the resource records name display itself, it allows you to know if you can edit it or not.

Figure 45.3. DNS Resource Records Display in The List

1 Most resource records names are listed underlined in black. It means that you can edit them
from the listing itself: clicking on the name will open the Edit a DNS RR wizard.
2 The resource record name of the SOA RR is always listed in black and not underlined be-
cause you cannot edit them from the listing itself.
3 The resource record name of an SOA can be listed in gray. It means that you cannot edit it
at all because it belongs to a physical server managed through a smart architecture. It will
therefore possible to edit it through the smart server but not the physical one. It is listed as
a reminder if you click on on the All RRs list.

600
 Managing DNS Resource Records

Adding Resource Records

SOLIDserver supports 18 different types of resource records, all listed in the table below. Among
these records, 16 types can be added to a zone (including additional NS resource records) all
supported by SOLIDserver and listed in the table below:

Table 45.2. DNS Resources Records List

Type Description
SOA Start of Authority. Defines the zone name, an e-mail contact and various
time and refresh values applicable to the zone. It is automatically gener-
ated upon creation of a zone and cannot be added manually.
NS Name Server. Defines the authoritative name server(s) for the domain
(defined by the SOA record) or the subdomain. The NS record that in-
dicates which server has authority over a zone is automatically generated
upon the creation of a zone, one the server has been synchronized.
A IPv4 Address. An IPv4 address for a host.
PTR Pointer Record. Address Resolution, from an IP address (IPv4 or IPv6)
to a host. Used in reverse mapping.
AAAA IPv6 Address. An IPv6 address for a host.
CNAME Canonical Name. An alias name for a host.
MX Mail Exchange. The mail server/exchanger that will service this zone.
SRV Services record. Defines services available in the zone, for example,
ldap, HTTP etc..
DNAME Delegation of Reverse Names. Delegation of reverse addresses
primarily in IPv6. (Deprecated, use the CNAME RR instead)
TXT Text. Information associated with a name.
DS Delegation Signer, a DNSSEC related RR used to verify the validity of
the ZSK of a subdomain. For more details refer to the DNSSEC chapter.
DNSKEY DNS Key. It contains the public cryptographic key used to sign the zone
with DNSSEC. For more details refer to the DNSSEC chapter.
65534 A private type record automatically added to the zone once its signed
with DNSSEC. It cannot be added manually. For more details refer to
the DNSSEC chapter.
HINFO System Information. Information about a host: hardware type and oper-
ating system description.
MINFO Mailbox mail list Information. Defines the mail administrator for a mail
list and optionally a mailbox to receive error messages relating to the
mail list.
AFSDB AFS Database. Location of the AFS servers.
WKS Well-Known Service. Defines the services and protocols supported by
a host. (Deprecated, use the SRV RR instead)
NAPTR Naming Authority Pointer Record. General purpose definition of rule set
to be used by applications e.g. VoIP.
NSAP Network Service Access Point. Defines record (equivalent of an A record)
maps a host name to an endpoint address.

601
 Managing DNS Resource Records

When you create a master zone, it automatically contains an SOA record and an NS record. This
NS is not generated until the server is synchronized.

The addition of records must be carried out from the All RRs list of a master zone. Each record
will have a specific set of fields to fill in. The Add a DNS RR wizard will allow you to create all the
supported records to the relevant zone. Naming the record will only be required when creating
a CNAME record. Not naming an RR will create a record that has the same name than the zone
it belongs to.

Depending on the type of zone, name or reverse, the most common RRs are directly accessible
from the Add > RR menu:

Table 45.3. DNS Records Name In The Add Menu

GUI Name Corresponding Record Type
RR (record) All supported types. An RR type drop-down list is available in the wizard.
Address resolution PTR (only for reverse zones)
Host address v4 A
Host address v6 AAAA
Alias CNAME
Well Known Services WKS
NAPTR NAPTR
Service Localization SRV
Text TXT
Mail route MX
Name Server NS

Adding an NS Record
The Name Server (NS) record is used to list all the DNS name servers that have authority over
a zone. NS records must be declared both in the parent and the child zones. In the parent zone,
they indicate the zone authoritative server, in the child zone where they constitute the point of
delegation.

The requirement is that at least two name servers are defined for each public domain, so there
will be at least two NS records in each zone. The first NS record, named after the zone is created
automatically when you create zones through the GUI to indicate the authoritative server; all
other NS records must be added manually following the procedure below.

We strongly recommend that you create an A record for each NS server to provide detailed in-
formation to the domain name query. This process is called creating a glue record, that way once
your domain is queried, it will return its authoritative servers name and IP address.
1
RFC 2181 stipulates that the NS record can point to other records but never to a CNAME record
as the query answer will not return an address with the NS record and in some cases might make
the query fail altogether.

1
This information is provided in section 10.3 MX and NS records of the RFC 2181, available on the IETF website: ht-
tp://tools.ietf.org/html/rfc2181

602
 Managing DNS Resource Records

To add an NS record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Name Server. The Add a DNS RR wizard opens.
5. In the RR type field, NS is displayed.
6. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the DNS server field, type in the DNS server hostname.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an MX Record
The Mail Exchanger (MX) record allows to set the name and relative preference of your mail ex-
changers, in other words mail servers, for the zone.

Note
If the mail server stated in one of the MX records lies in the zone, you should
add an A record. This A record name will be the mail server and its value will be its
IP address.
2
Keep in mind that an MX record should not point to a CNAME record . Therefore if you have a
CNAME called mail for the zone example.com (its complete name would be mail.example.com),
if one of your mail exchangers name is mail.example.com, you will need to remove the alias from
the zone to be able to declare the mail exchanger name in the MX record. To make the answer
for the MX more efficient, you should also add an A or AAAA record pointing to the IP address
of the mail server.

To add an MX record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Mail route. The Add a DNS RR wizard opens.
5. In the RR type field, MX is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .

2
This information is provided in section 10.3 MX and NS records of the RFC 2181, available on the IETF website: ht-
tp://tools.ietf.org/html/rfc2181

603
 Managing DNS Resource Records

7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Preference field, type a number between 0 and 65535. It will define which server will
have priority if there are several MX records in the zone. The lowest the value has the priority
over the other server(s), it can be 0.
9. In the Mail server filed, type in the mail server hostname.
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

You can add as many MX records as you need in your master zones, it all depends on the
number of mail exchangers you want to declare.

Adding an A Record
The IPv4 Address (A) record is used to forward map a host name to an IPv4 address. It can be
added to any Master zone all RRs list. A single host can be mapped toward several A records,
or IP addresses, that create an RRset. In this case, the DNS server will respond to queries with
all the addresses defined but the order will depend on the rrset-order statement of the server
configuration file.

To add an A record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Host address v4. The Add a DNS RR wizard opens.
5. In the RR type field, A is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IP address field, type in the IPv4 Address of the host.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK. The RR name column displays its Complete name, the Value column
displays the host IP address you specified.

If you do not name an A record, it will have the same name as the zone it belongs to, this allow
DNS clients to find the IPv4 address of your host using only its domain name. This way, querying
the zone name example.com would be resolved immediately and provide access to your host
through its IP address.

Adding a AAAA Record

The IPv6 Address (AAAA) record, also called Quad A record, is used to forward map a host name
to an IPv6 address. It can be added to any Master zone all RRs list. A single host can be mapped
toward several A records, or IP addresses, that create an RRset. In this case, the DNS server

604
 Managing DNS Resource Records

will respond to queries with all the addresses defined but the order will depend on the rrset-order
statement of the server configuration file.

To add a AAAA record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Host address v4. The Add a DNS RR wizard opens.
5. In the RR type field, A is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IPv6 address field, type in the IPv6 Address of the host.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK. The RR name column displays its Complete name, the Value column
displays the host IP address you specified.

If you do not name a AAAA record, it will have the same name as the zone it belongs to, this will
allow DNS clients to find the IPv6 address of your host using only its domain name. This way,
querying the zone name example.com would be resolved immediately and provide access to
your host through its IPv6 address.

Adding a PTR Record

The Pointer (PTR) record is used to reverse map an IP address to a host name and can be used
both in IPv4 and IPv6. These record can only be added to reverse zones, they basically provide
the exact opposite information than the A and AAAA records.

The PTR name will always be displayed in the RR name column in reverse with the syntax
B4.B3.B2.B1.in-addr.arpa but it will be treated like a name. Which is why it is possible to set IP
addresses final section (B4) with a value that does not respect the IP protocol: a value greater
than 255 in IPv4 and greater than ffff in IPv6. This lack of limitation in the interface will provide
a additional tool for specific configurations.

The PTR being used for reverse host name look ups, it does not make sense to name multiple
PTR records with the same name, i.e. same IP address. However, to provide reverse round robin
configuration, you can set several IP addresses with different values. For more details, refer to
the Load Balancing with Round Robin section below.

To add a PTR record in a reverse zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master reverse zone of your choice to display
the RRs it contains.

605
 Managing DNS Resource Records

4. In the menu Add > RR > Address resolution. The Add a DNS RR wizard opens.
5. In the RR type field, PTR is displayed.
6. Set the IP address in reverse through the RR name field or the IP address field. You must
fill in one of the two fields:

a. If you want to use the RR name field, you can type a number corresponding to the re-
maining section of the IP address of your choice. Filling in this field will empty the IP
address field as only one of the two required. The Complete name field auto-completes
and displays the RR full name as follows: RRname.reversezonename .
b. If you want to use the IP address field, the first sections of the IP address that you set
for the reverse zone is displayed. It is not displayed in reverse to ease the configuration.
Type in the missing dot and final section of the IP address. The Complete name field
auto-completes and displays the RR full name as follows: RRname.reversezonename
.

7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Localization field, type in the hostname that will be returned when the IP address you
stated above is queried.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

All the addresses used to name your PTR records will provide as many entries toward the host
names of your choice in your reverse master zones.

Adding a CNAME Record

The Canonical Name (CNAME) record maps an alias to a real name, also called canonical name.
This name may lie inside or outside your zone but it generally exists elsewhere in your DNS. The
CNAME is mostly used if a host has several possible names, the alias will provide a way of saving
all the possible names in your zone to resolve more easily IP or domain name queries. The
CNAME always points to another record, usually an A record. During a query, the CNAME will
return the canonical name and IP address embedded in the A record. That's why a CNAME
should not point to another CNAME record, the DNS answer would take longer and could overload
the server: the first CNAME would point to another CNAME that would point to another CNAME
and so forth until finally getting the IP address from the A record.

Keep in mind that each CNAME RR name is unique: you cannot have several records named
www in the same zone. Their complete name would be www.example.com and as the CNAME
is an alias, it should provide a link toward a canonical name that has not been declared in the
zone yet.

To add a CNAME record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the master zone of your choice to display the RRs
it contains.
4. In the menu Add > RR > Alias. The Add a DNS RR wizard opens.

606
 Managing DNS Resource Records

5. In the RR type field, CNAME is displayed.

6. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Hostname field, type in the host of your choice canonical name.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

There will be as many hostname aliases as there are CNAME records in your zone.

Adding a TXT Record

The Text (TXT) record allows to associate text with a name in your zone. You can use the TXT
record value to describe a host, provide services contacts or even define the Sender Policy
Framework (SPF) information record.

To add a TXT record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Text. The Add a DNS RR wizard opens.
5. In the RR type field, TXT is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Text field, type in the text of your choice. This field text can contain a maximum of 255
characters, including spaces.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an SRV Record

The Services (SRV) record allows to associate a service with a hostname. That way, users can
locate a service via the relevant SRV record. The answer to a successful SRV query will provide
the user with a hostname, the port providing the service and the hostname priority. If there are
several hosts in the zone, their weight will define which one should be used..

This record only allows one piece of information per field, so if for instance you want to configure
a set of ports for one service, you can create several SRV records each with the same information
in all fields except the port, priority and weight.

607
 Managing DNS Resource Records

To add an SRV record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Service Localization. The Add a DNS RR wizard opens.
5. In the RR type field, SRV is displayed.
6. In the RR type drop-down list, select the RR type need be.
7. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
8. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
9. In the Priority field, type a number, between 0 and 65535, that will define which server will
have priority if there are several SVR RRs in the zone. The lowest the value has the priority
over the other server(s).
10. In the Weight field, type a number, between 0 and 65535, that will define the server weight.
If two SRV RRs have the same priority, the weight will define which server will be more used.
The greater the value is, the more the server is solicited. Basically, it gives priority to the
SRV RR with the greatest weight value. If you type in 0, there is no weighting.
11. In the Port field, type in the port number that delivers the service to the target.
12. In the Target field, type in the hostname of the server delivering the service.
13. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an HINFO Record

The System Information (HINFO) record allows to specify the server type of CPU and OS in use.
This record information can be used by some application protocols (like FTP). This record is
rarely used on public servers.

Keep in mind that if you name an HINFO record like an A or AAAA record, they will be linked to-
gether in the zone file and provide additional information when the domain name they share (an
identical Complete name in the GUI) is queried.

To add an HINFO record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select HINFO.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .

608
 Managing DNS Resource Records

7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the CPU section, select in the drop-down list the CPU description. If yours is not listed,
type it in the field and let the default value in the list (Other).
9. In the OS section, select in the drop-down list the OS. If yours is not listed, type it in the field
and let the default value in the list (Other).
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

The HINFO can also be used as a specific TXT record and contain other information.

Adding an MINFO Record

The Mailbox mail list Information (MINFO) record defines the mailbox administrator for a mail list
or even the mailbox that will receive error messages relating to mail list.

To add an MINFO record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select MINFO.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Responsible email field, type in the email address of the administrator of the mail list.
9. In the Error email field, type in the email address that will receive the error messages regard-
ing the mail list.
10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding a DNAME Record

The Delegation of Reverse Names (DNAME) record is used to map DNS subdomains with each
other. It does not redirects a query towards a subdomain: it rewrites the query. Technically, it
rewrites the subdomain query suffix and looks for a record within the zone matching this new
name. It is especially useful if a company has changed domain name or reorganizes its subdo-
mains management.

Keep in mind that a DNAME record rewrites the subdomain suffix and applies to all its subdomains.
A DNAME record rewriting a query for support.company.com to support.company.corp also applies
to queries for fr.support.company.com or es.support.company.com . The DNAME configuration
applies to any label located left of the specified domain name.

609
 Managing DNS Resource Records

A zone configured with a DNAME has records that send back the proper information to DNS clients.
If the value of the DNAME is support.company.corp, there should be an A record, for instance,
named support.company.corp providing an IP address clients can reach.

Keep in mind that unlike a CNAME, the DNAME points a name and not to a record within the
zone.

To add a DNAME record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DNAME.
6. In the RR name field, name your RR. The Complete name field auto-completes and displays
the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Domain field, type in the domain name of a subdomain of the zone.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an AFSDB Record

The Andrew File System Database (AFSDB) record maps a domain name to an AFS database
server. Its purpose is to allows to discover the host that provide AFS service within a domain. It
is not widely used, an SRV record could provide the same kind of information.

To add an AFSDB record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select AFSDB.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Preference field, type the version of AFS service used: 1 (AFS version 3.0) or 2 (OSF
DCE/NCA version).
9. In the AFS server field, type in the AFS hostname.

610
 Managing DNS Resource Records

10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an NAPTR Record

The Naming Authority Pointer (NAPTR) record is a Dynamic Delegation Discovery System (DDDS)
3
record used to define a rule that may be applied to private data owned by a client application .
The packet format of the NAPTR includes an order, a preference, flags, services, a regular ex-
pression and a replacement field.

To add an NAPTR record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > NAPTR. The Add a DNS RR wizard opens.
5. In the RR type field, NAPTR is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Order field, type a number between 0 and 65535 that will define which RR will have
priority if there are several NAPTR records in the zone. The lowest value has the priority
over the other record(s).
9. In the Preference field, type a number between 0 and 65535 that will define which RR will
have priority if several NAPTR records have the same Order in the zone. The lowest value
has the priority over the other record(s).
10. In the Flags field, type in the string that corresponds to the action you want your client applic-
ation to perform.
11. In the Service field, type in the services parameters needed according to your client applic-
ation syntax.
12. In the Regex field, type in the string that contains a substitution expression that will be applied
to the original string specified in the Flags field.
13. In the Replace field, type in the FQDN domain name that will be queried when looking for
the potential data specified in the Flags field.
14. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding an NSAP Record

The Network Service Access Point (NSAP) record maps a hostname to an endpoint address for
4
the ISO's Open Systems Interconnect (OSI) system , in that sense it is the equivalent of an A
record.

3
The NAPTR RR is described in the RFC 3403, available on the IETF website: http://tools.ietf.org/html/rfc3403
4
The NSAP RR is described in the RFC 1706, available on the IETF website: http://tools.ietf.org/html/rfc1706

611
 Managing DNS Resource Records

To add an NSAP record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select NSAP.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Name field, type in the NSAP address of the end system. It should start with 0x and
not exceed 255 hexadecimal characters separated by dots.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding a DS Record
The Delegation Signer (DS) record is a DNSSEC that creates the chain of trust or authority from
a signed parent to a child zone. It will be use to verify the validity of the ZSK of a subdomain. It
is composed of the parent zone key tag, key algorithm, digest type and digest itself.

For more details, refer to the DS Resource Record section of this guide. For the DS addition
procedure, refer to the Using the Delegation to Include Subdomains to Your Zone Chain of Trust
section.

Adding a DNSKEY Record

The Domain Name System KEY (DNSKEY) record is used in zones signed with DNSSEC and
contain the public cryptographic key (KSK or ZSK) used to validate signatures. If you signed a
zone through the GUI you will not need to add this record, SOLIDserver does it automatically.

If you manage through the GUI an external DNS server containing zone(s) already signed with
DNSSEC, you can add a DNSKEY record to the concerned zone(s). As the signature was not
performed using the appliance, SOLIDserver cannot push the DNSSEC keys to the server, so:
the DNSKEY record will merely be listed among the RRs; the zone keys will not be listed in the
Key Ring and the zone will not be displayed as DNSSEC compliant even though it is. The pos-
sibility to add a DNSKEY record is therefore simply available to ease up the zones management.
For more details, refer to the DNSSEC chapter of this guide.

To be able to successfully add a DNSKEY record through the GUI, you will need the DNSKEY
flags, protocol, algorithm and key; all of which are available in txt file generated after the zone
signature.

To add a DNSKEY record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.

612
 Managing DNS Resource Records

3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DNSKEY.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the Flags field, type in or paste the zone key flag.
9. In the Protocol field, type in or paste the protocol value.
10. In the Algorithm field, type in or paste the public key's cryptographic algorithm.
11. In the Key field, type in or paste the public key material.
12. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Adding a WKS Record

The Well-Known Services (WKS) record is used to define the services and protocols used by a
host.

Its use is DEPRECATED, the SRV record can provide the same information.

To add a WKS record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. In the menu Add > RR > Well Known Services. The Add a DNS RR wizard opens.
5. In the RR type field, WKS is displayed.
6. In the RR name field, you can name your RR. The Complete name field auto-completes and
displays the RR full name as follows: RRname.zonename .
7. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.
8. In the IP address field, type in the IPv4 Address of the host that contains the services listed
in the Services field.
9. In the Protocol drop-down list, select the protocol that suits your needs.
10. In the Service drop-down list, select the service that suits your needs.
11. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

613
 Managing DNS Resource Records

Editing Resource Records

Through the GUI, you can differentiate the ones you can or cannot edit, refer to the image DNS
Resource Records display in The List above. You can modify all the RRs contained in a master
zone except those pushed on a physical server managed by a smart architecture. In the same
way, the SOA cannot be edited as any other record, see the section Editing the SOA for more
details.

Editing records
In the RRs list of a specific zone, you can edit records one by one by clicking on their name.

To edit a resource record

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the records it
contains.
4. In the RR name column, click on the name of the RR of your choice. The Edit a DNS RR
wizard opens.
5. Modify, if need be, the values and TTL of the record following the table appropriate procedure
in the Adding a Resource Record section above. The default TTL for an RR is 1 hour.
6. Click on OK to commit your changes. The report opens and closes. The change is visible
on the page.

Note
If several RRs in a zone share the same name, modifying the TTL on one will modify
it as well on the RRs sharing that name.

If you want to edit several records at once, you can either edit their TTL at once or perform replace
the value or part of the value of several records at once (for instance a domain name stated in
all of them).

To replace the TTL of a set of resource record

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) for which you want to replace the TTL.
5. In the menu, select Edit > Replace > The TTL of an RR. The Replace the TTL of an RR wizard
opens.
6. In the TTL field, indicate the expiration time of the record in seconds or use the predefined
values from the drop-down list. The default TTL for an RR is 1 hour.
7. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
new TTL is visible.

614
 Managing DNS Resource Records

The replacement of a value of a record is a very powerful tool that can be configured in two dif-
ferent ways: either replace the specified value as a whole or as part of a longer set of characters.
Note that the wizard will return an error if you specify a value that does not exist or if you select
a replacement as a whole of part of an RR.

To replace the value of a set of resource record

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) for which you want to replace a value.
5. In the menu, select Edit > Replace > The value of an RR. The Replace the value of an RR
wizard opens.
6. In the Replace field, type in the value you want to replace.
7. In the By field, type in the new value that will replace the content of the Replace field.
8. In the Exact search drop-down list, you can either select Yes or No, refer to the table below.

Table 45.4. DNS Resource Records Replacement Options

Type Description
Yes Select this option if the value specified in the Replace field must be
replaced as a whole. Keep in mind that it will be then considered as
unique, so if the RR contains the same value several times, each of
them will have to be replaced individually. By default, Yes is selected.
No Select this option if every occurrence of the value specified in the
Replace field must be replaced every time it appears in the Value
column of the RR.

9. Click on OK to commit your changes. The report opens and closes. The page refreshes, the
changes as visible in the list.

Editing the SOA

Like the other records, you can modify the value of some information through the All RRs list.
However, editing an SOA can be done at zone level to have a clearer overview of all the para-
meters.

The SOA contains the zone serial number, administrator email and configuration information
(renewal or expiry of the zone), as well as the DNS server that has authority over the zone (primary
server). In other words, modifying it can have heavy consequences on a zone management. It
is automatically generated by SOLIDserver at the creation of a master of zone and have the
same name than the zone itself, you cannot edit that name.

Keep in mind that from the All RRs list zone, you can access the zone properties page through
the breadcrumb: left of All RRs you will find Zones: <zone.name>. Click on the <zone.name>,
the properties page opens.

To modify an SOA RR

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.

615
 Managing DNS Resource Records

2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The zone properties page opens.
4. In the Main properties panel, click on EDIT. The Edit a DNS zone wizard opens.
5. Click on NEXT until you get to the last page of the wizard.
6. Modify the SOA parameters fields, according to your needs, for more details refer to table
DNS Zone Advanced Parameters in the Managing DNS zones chapter.
7. Click on OK to commit your changes. The wizard closes. The page refreshes, the changes
are listed.

Deleting Resource Records

Except for the basic SOA and NS records generated during the creation of a zone, all the resource
records that you created within a zone can be deleted.

To delete a resource record

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. In the Zone column, click on the name of the zone of your choice to display the RRs it con-
tains.
4. Tick the record(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to validate the deletion. The RR is marked Delayed delete and is then no
longer listed.

Keep in mind that the NS record deletion in a parent zone can be automated upon child zone
deletion through the rule 152. For more details refer to the Automated NS Record Deletion Rule
section of this guide.

Configuring the Delegation at the RR Level

At RR level, the delegation parameters are managed through the Start of Authority (SOA), the
Name Server (NS) and the Address (A or AAAA) records.The SOA and NS records are generated
upon creation of a zone.

Note
The primary NS record of a zone is generated once the server is synchronized and
indicates the authoritative server of the zone.

Delegating a sub-domain simply consists of adding both NS and an A (or AAAA) RR in the parent
zone pointing to the sub-domain:

• The NS record indicates which servers are authoritative for the zone. You can also create ad-
ditional NS records to delegate authority for the zone to other DNS servers.
• The A / AAAA record indicates the IP address of the server that has authority over the sub-
domain and therefore needs to be added in the RRs list of the parent zone.

616
 Managing DNS Resource Records

Let's consider the zones efficientip.com and support.efficientip.com for the purpose of illustrating
the delegation configuration. The parent zone, efficientip.com, is managed through the server
ns1.efficientip.com and the child zone, support.efficientip.com, is managed through ns2.efficien-
tip.com . You will need to add the relevant records in the parent zone. On the one hand, you will
add the NS record, name it support (it will then be listed as support.efficientip.com as the RR
name auto-completes with the domain name at the end) and indicate the server that has authority
over it in the adequate field, in our case ns2.efficientip.com. On the other hand, you will add the
A record named ns2 (once again its name will auto-complete with the zone name and obtain the
server actual name) and indicate its IP address. That way, you will have two new records in the
parent zone: an NS RR, support.efficientip.com, pointing toward the delegated child zone and a
glue A record, ns2.efficientip.com.

Keep in mind that the NS record addition in the parent zone can be automated when adding a
child zone through the rule 87. For more details refer to the Automated NS Record Addition Rule
section of this guide.

To add an NS record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Name column, click on the name of the server containing the parent zone. The server
All zones list opens.
4. In the Name column, click on the name of the parent zone. The All RRs of the zone opens.
5. In the menu Add > RR > Name Server. The Add a DNS RR wizard opens.
6. In the RR type field, NS is displayed.
7. In the RR name field, name your RR after the sub-domain. Note that the Complete name
field auto-completes and displays the RR full name as follows: RRname.zonename .
8. In the DNS server field, type in the name of the server that has authority over the sub-domain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

To add an A record in a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Name column, click on the name of the server containing the parent zone. The server
All zones list opens.
4. In the Name column, click on the name of the parent zone. The All RRs of the zone opens.
5. In the menu Add > RR > Host address (v4). The Add a DNS RR wizard opens.
6. In the RR type field, A is displayed.
7. In the RR name field, name your RR after the server that has authority over the sub-domain
(the same one than the DNS server specified when adding the NS record). Note that the
Complete name field auto-completes and displays the RR full name as follows:
RRname.zonename and should match the server name.
8. In the TTL field, specify an expiration time of the record in seconds. The default TTL for an
RR is 1 hour *. You can edit it if need be using the field on the left or one of the values listed
in the drop-down list on the right.

617
 Managing DNS Resource Records

9. In the IP address field, type in the IP address of the authoritative server.

10. Click on OK to commit the creation. The report opens and closes. The record is now listed
and marked OK.

Managing RR Duplication and Migration

At some point you might need to migrate or copy RR(s) from one DNS server or view to the other.
In this case, you will need to use the Migrate option. Note that this option has nothing to do with
the zones database replication of the DNS allow-transfer command. Duplication and migration
of a zone includes the RRs it manages.

To copy an RR

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. Tick the record(s) you want to duplicate.
4. In the menu, select Edit > Migrate. The Copy/Move RRs wizard opens.
5. In the Method drop-down list, select Copy.
6. In the Target server drop-down list, select the server of your choice. The Target zone drop-
down list appears.
7. In the Target zone drop-down list, select the zone of your choice. If you created views in
your server, the zone will be named zone (view).
8. In the Existing records drop-down list, choose if you want to overwrite RRs with the same
name. The wizard refreshes.
9. Click on OK to commit the RR duplication. The report opens and closes. The All RRs list is
visible again and displays the migrated record. Note that the complete name of the RR(s)
in the RR name column is now RRname.newzonename.

To move an RR

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS RRs icon. The DNS All RRs list opens.
3. Tick the record(s) you want to move.
4. In the menu, select Edit > Migrate. The Copy/Move RRs wizard opens.
5. In the Method drop-down list, select Move.
6. In the Target server drop-down list, select the server of your choice. The Target zone drop-
down list appears.
7. In the Target zone drop-down list, select the zone of your choice. If you created views in
your server, the zone will be named zone (view).
8. In the Existing records drop-down list, choose if you want to overwrite RRs with the same
name.
9. Click on OK to commit the RR migration. The report opens and closes. The All RRs list is
visible again and displays the migrated record. Note that the complete name of the RR(s)
in the RR name column is now RRname.newzonename.

618
 Managing DNS Resource Records

Changing the Hostname Convention

At any time, you can change the RR naming convention to allow or prohibit the use of some
characters or patterns in the records full name. The naming convention can be set through the
GUI via one global regular expression (or regex) that will apply to the name of all the DNS zones
resource records. By default, this naming convention regex allows all characters including the
hyphen ("-"), the dot (".") and the underscore ("_"):

Example 45.1. SOLIDserver Default Naming Convention Regular Expression

(^([*][.])?[-_a-z0-9\u00c0-\uffff]+([.][-_a-z0-9\u00c0-\uffff]+)*$)|(^[*]$)|(^$)

You can change this regular expression from SOLIDserver registry database following the pro-
cedure below:

Note
The hostname naming convention stated in the RFC1034 only allows alphanumeric
characters and hyphens. It does not include other special characters, such as under-
score ("_"). Therefore, dynamic updates from Microsoft Active Directory controllers
might not be accepted.

To change the naming convention

1. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column search engine, type in the keyword rr_name. The list is filtered and
displays the item www.display.checktype.regex.js.rr_name.
4. In the Value column of www.display.checktype.regex.js.rr_name, click on the <regular_ex-
pression> listed. The Registry database Edit a value wizard opens.
5. In the Value field, type in the regular expression that suits your needs. Rather than replacing
the default regex with your own, you can always edit it.
6. Click on OK to commit your choice. The report opens and closes. The Registry database is
visible again.

Load Balancing with Round Robin

The load balancing or Round Robin functionality is useful if you have a number of equivalent
network resources, like mirrored FTP servers, Web servers, and would like to spread the load
among them. You establish one domain name that refers to the group of resources, configure
clients to access that domain name, and the name server inverse-multiplexes the accesses
between the IP addresses you list.

For example, if you have three WWW servers with network addresses of 10.0.0.1, 10.0.0.2 and
10.0.0.3, a set of A resource records means that clients will connect to each machine one third
of the time. When a resolver queries for these records, BIND will rotate them and respond to the
query with the records in a different order. In the example above, clients will randomly receive
records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Once the query is answered a first time with 1,
the next client querying the same name receives a different answer: 2; and so forth. There is no

619
 Managing DNS Resource Records

configuration needed, the balancing will automatically be activated if three different servers resolve
to the same domain name (to follow the example: www.yourdomain.com).

SPF Record
Sender Policy Framework (SPF) is an email validation system designed to prevent email spam
by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows
administrators to specify which hosts are, and are not authorized to send mail from a given domain
by creating a specific TXT record. Mail exchangers use the DNS to check that mail from a given
domain is being sent by a host sanctioned by that domain's administrators. The SPF record is a
single string of text found in the value of a single DNS TXT resource record.

Note
In 2003, when SPF was first being developed, the requirements for assignment of
a new DNS RR type were considerably more stringent than they are now. Additionally,
support for easy deployment of new DNS RR types was not widely deployed in DNS
servers and provisioning systems. As a result, developers of SPF found it easier and
more practical to use the TXT RR type for SPF records. In its review of the RFC4408,
the IETF SPFbis working group concluded that its dual RR type transition model was
fundamentally flawed since it contained no common RR type that implementers were
required to serve and required to check.

The Simple Mail Transfer Protocol permits any computer to send email claiming to be from any
source address. This is exploited by spammers who often use forged email addresses, making
it more difficult to trace a message back to its sender, and easy for spammers to hide their
identity in order to avoid responsibility. It is also used in phishing techniques, where users can
be duped into disclosing private information in response to an email purportedly sent by an or-
ganization such as a bank. SPF allows the owner of an Internet domain to specify which computers
are authorized to send mail with sender addresses in that domain. Receivers verifying the SPF
records may reject messages from unauthorized sources before receiving the body of the message.
The sender address is transmitted at the beginning of the SMTP dialog. If the server rejects the
sender, the unauthorized client should receive a rejection message, and if that client was a relaying
message transfer agent (MTA), a bounce message to the original sending address may be gen-
erated. If the server accepts the sender, and subsequently also accepts the recipients and the
body of the message, it should insert a Return-Path field in the message header in order to save
the sender address.While the address in the Return-Path often matches other originator addresses
in the mail header such as From or Sender, this is not necessarily the case, and SPF does not
prevent forgery of these other addresses.

Example 45.2. SPF Record Examples

example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 a -all"

example.com. 21600 IN SPF "v=spf1 +all"

IN TXT "v=spf1 mx –all"
IN TXT "v=spf1 redirect=_spf.example.com"
IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 a -all"
IN TXT "v=spf1 include:example.org -all"

620
Chapter 46. DNSSEC
Introduction
Domain Name System Security Extensions (DNSSEC) is used to strengthen DNS protocol security.
It is compatible with the existing DNS system and protects it against spoofing attacks among
other threats. DNSSEC provides origin authentication and integrity protection of DNS information
by protecting the data contained in specified zones rather than whole servers. DNSSEC allows
the recipient to validate the integrity of a DNS answer. A dependable DNS infrastructure is import-
ant for all Internet users. Two examples of use case scenarios where DNSSEC will come in
useful are Internet banking on the one hand and communicating new passwords over email on
the other hand.

Basically, three concepts emerge from the DNSSEC protocol:

1. DNS data in each zone is cryptographically signed with a couple of public and private Zone
Signing Keys (ZSK) that validate the integrity of the data of each zone. As a result, every RR
of said zone is assigned a new RRSIG record that includes its own signature. The public key
is then provided to the resolver or application that validates the integrity of the received RR.
The integrity is provided by a chain of trust starting with the public key of a trust anchor.
2. NSESC3 records are generated for each RR, thus creating an organized chain of all the RRs
of the zone that provides an authenticated denial of existence: if the data is supposed to be
located in an area of the zone where another RR is located, it means that it does not exist.
3. Delegated zones are part of a chain of trust that ensures that every zone is recognized as le-
gitimate by its parent zone. To implement the security of that relation, each delegated zone
ZSK is signed at the parent zone level thanks to a couple of cryptographic Key Signing Keys
(KSK).

DNSSEC introduces 5 new RRs that are all part of the DNSSEC chain of trust:

• DNSKEY: the public cryptographic key (KSK or ZSK) used to validate signatures.
• RRSIG: the cryptographic signature associated with each set of RR of a zone.
• NSEC3: the Next SECure is located behind each RR and points to the next valid host name
in the zone.
• NSEC3PARAM: the Next Secure 3 Parameter is an implementation record that determines
the information needed by authoritative servers in DNSSEC requests.
• DS: the Delegation Signer used to verify the validity of the ZSK of a subdomain.

All the RRs are automatically generated and will have to be signed to be DNSSEC-compliant.
Once signed, the zone file will order them automatically.

SOLIDserver can only manage DNSSEC on EfficientIP DNS server. It is not possible to manage
DNSSEC on DNS vendors features other than DNS resolvers and DNS servers using SSL protocol.

DNSKEY Resource Record

The Domain Name System KEY records uses public key cryptography to sign and authenticate
RRsets. To be more precise, it contains the public key data for the zone and is therefore used
in the DNSSEC authentication process. For instance, it can be used by resolvers to verify DNSSEC
signatures in the RRSIG records.

621
 DNSSEC

By definition the DNSKEY record is part of the Zone Signing Key (ZSK) and of the Key Signing
Key (KSK), the public cryptographic keys, as they are both composed of a pair of public and
private keys and part of the RRs generated when signing a zone.

The ZSK private key is used to sign all the RRs of the zone, whereas the KSK is here to sign the
ZSK(s).The DNSSEC client must have access to these public keys in order to perform the required
security validation.

The difference between the ZSK and the KSK is therefore one of usage not definition. It is
therefore a matter of operational choice whether a single DNSKEY resource record is used as
both the ZSK and the KSK or whether separate DNSKEY RRs are used as the ZSK and KSK.
SOLIDserver implements the use of separate ZSK and KSK keys (RFC 4641) for security reasons.
Generating several ZSKs makes it faster to secure the zone and replace a compromised key.
Plus it makes the key rollover easier as both keys have a limited lifetime and must be changed
on a regular basis. A ZSK will be changed every few months, whereas the KSK will be renewed
once a year.

RRSIG Resource Record

The Resource Record SIGnature records store the digital private signatures of every set of RRs
for each zone (CNAME RRs, DNSKEY records, NSEC, etc.). Thus, each answer to a DNS
lookup will significantly extend the zone file adding RRSIG records after each RRset.

That's why RRSIG records are a very useful verification material when securing DNS operations.
The verification process is quite simple: for starters, a private key is used to encrypt a hash of
an RRset and stored in an RRSIG record. Thanks to a public key stored in a DNSKEY-record
RRSIG a resolver can decrypt the RRSIG, compare the result with the hash of the corresponding
RRset and verify the RRset has not been changed.

It is important to understand that RRSIG records sign a set of RRs and not individual RRs. Indeed,
signing an RRSIG RR would add no value and would create an infinite loop in the signing process.
It is however possible to associate several RRSIG with one RRset.

There must be an RRSIG for each RRset using at least one DNSKEY of each algorithm in the
zone apex DNSKEY RRset. The apex DNSKEY RRset itself must be signed by each algorithm
appearing in the DS RRset located at the delegating parent (if any). The RRSIG and the RRset
it covers share the same name and the same class (the RRSIG being class independent). The
RRSIG RR type is 46.

Authoritative RRsets signing involves at least one RRSIG meeting the requirement listed below:

• the RRSIG Type Covered field is equal to the RRset type,

• the RRSIG Original TTL field is equal to the TTL of the RRset,
• the RRSIG RR's TTL is equal to the TTL of the RRset,
• the RRSIG Labels field is equal to the number of labels in the RRset owner name, not counting
the null root label or the leftmost label if it is a wildcard,
• the RRSIG Signer's Name field is equal to the name of the zone containing the RRset,
• the RRSIG Algorithm, Signer's Name, and Key Tag fields identify a zone key DNSKEY record
at the zone apex.

RRSIG records can also be created to verify the NSEC data.

622
 DNSSEC

NSEC/NSEC3 Resource Record

The Next SECure resource records provide authenticated denial of existence for DNS RRsets.
They map out the content of a zone by pointing to the next valid label thus creating a chain at
the end of which the last NSEC record points back to the zone root. That way, if a requested RR
is not listed in the response, it does not exist. On the contrary, when a resolver gets a positive
answer and the requested RR name and type are listed in the response, there is no doubt that
the record exists.

However, the main side-effect of NSEC RRs is that they can help enumerate the content of a
zone. That's why the NSEC3 record was designed, it is officially called DNSSEC Hashed Authen-
ticated Denial of Existence record. It is used as a proof of non-existence and uses a specific salt
to cryptographically hash each label to prevent enumeration. The NSEC3 record lists the RR
types present at the original owner name (before they were hashed) and includes the next hashed
owner name in the hash order of the zone.

The owner name for the NSEC3 RR is the base32 encoding of the hashed owner name prepended
as a single label to the name of the zone. The type value for the NSEC3 RR is 50. And like the
RRSIG, it is class independent so its class must be the same as the class of the original owner
name. Their TTL should have the same value as the SOA minimum TTL field. Only
NSEC3RSASHA1, RSASHA256 and RSASHA512 algorithms are NSEC3 capable.

To assist the requests, NSEC3PARAM was introduced. It contains the NSEC3 parameters needed
by authoritative servers to calculate hashed owner names. These parameters help choose which
set of NSEC3 records are included in the negative responses.

Thus, the zone file of a signed zone is significantly extended by the NSEC3 and the NSEC3PARAM
records. Note that the NSEC3 is automatically generated and located behind the RRs and the
RRSIG to point to the next record and signature of that record.

DS Resource Record
The Delegation Signer resource record is used to secure delegations. Indeed, a DS RR points
to a DNSKEY RR as it stores the key tag, algorithm number, and a digest of the DNSKEY RR.
With all this information, a resolver can authenticate the DNSKEY RR to which the DS record
points.

The DS RR and its corresponding DNSKEY RR have the same owner name, but they are stored
in different locations. The DS RR appears only on the parental side of a delegation and is author-
itative data in the parent zone, whereas the DNSKEY RR is stored in the child zone.

The type number for the DS record is 43. As the RRSIG and the NSEC RRs it is class independent.
Note that the DS RR has no special TTL requirements.

DNSSEC Chains of Trust

The DNSSEC chain of trust is the verified electronic signature at each DNS lookup node that
ensures that no rogue can be included into the lookup path and redirect the lookup to a bogus
IP address. In other words, it is a chain of lookups validated by the domain name digital signature
that secures the request through all lookup nodes by providing a validating resolver the correct
path to secured zones.

The starting point of this chain is the trust anchor configured with the validating resolver. The
trust anchor is a DNSKEY or DS record and should be securely retrieved from a trusted source
(not using DNS). This way, any single island of security can be joined to another secure (i.e.

623
 DNSSEC

signed) domain through its delegation point and can be authenticated using the final RR in the
DNSSEC set (remember that all the names in the zone have corresponding NSEC records listed
in order and that they create a chain of all the signed record sets).

To set up a proper chain of trust, a sub domain has to be secured and linked to the secured zone
it is a delegated from, this child zone is then linked to its secure parent zone. The trusted anchor
of the parent zone will then cover the secured zones and domains that are delegated from it.
This process is sometimes set up all the way up to the TLD.

KSK

"." root zone

com IN DNSKEY sv0LR4loi...4rew89ctb (KSK)

com IN DNSKEY du4tf3...4ss32DDS (ZSK)
com IN RRSIG DNSKEY KSK com ...
com IN RRSIG DNSKEY ZSK com ...
domain.com IN DS KSK sd6zf8q...8ze5d
domain.com IN RRSIG DS .... ZSK com ...

.com zone
security point of entry

domain.com IN DNSKEY r5e4d...7785dd5 (KSK)

domain.com IN DNSKEY t457uc7...4ss362552 (ZSK)
domain.com IN RRSIG DNSKEY KSK eip.com ...
domain.com IN RRSIG DNSKEY ZSK eip.com ...
support.domain.com IN DS KSK sd6zf8q...8ze5d
support.domain.com IN RRSIG DS .... ZSK eip.com ...

domain.com zone

support.domain.com IN DNSKEY 841qe...1d2edd5 (KSK)

support.domain.com IN DNSKEY 8c5dx...d45shc78 (ZSK)
support.domain.com IN RRSIG DNSKEY KSK support.eip.com ...
support.domain.com IN RRSIG DNSKEY ZSK support.eip.com ...
www.support.domain.com IN A 187.65.3.71
www.support.domain.com IN RRSIG A .... ZSK eip.com ...

support.domain.com zone

Figure 46.1. DNSSEC Chain of Trust From root to Subdomains

Maintaining a valid chain of trust is paramount because broken chains of trust will result in data
being marked as Bogus, which may cause entire (sub)domains to become invisible to verifying
clients. The administrators of secured zones have to realize that their zone is, to verifying clients,
part of a chain of trust.

Managing a DNSSEC Resolver

To create a DNSSEC resolver, you must have SOLIDserver in version 4.0.1 or higher. SOLID-
server DNS server must be managed using the SSL configuration.

The DNSSEC resolution will be activated through the server parameters edition.These parameters
generate a trust anchor to set up a chain of trust.

Note
When the DNSSEC Resolver receives a response from an unsigned zone that has
a signed parent, it must confirm with the parent that the zone was intentionally left
unsigned. This is done by verifying, via signed and validated NSEC/NSEC3 records,
that the parent zone contains no DS records for the child. If the DNSSEC resolver
can prove that the zone is secure, then the response is accepted. However if it cannot,
it must assume the response is insecure and probably a forgery; it rejects the re-
sponse and logs an error.

624
 DNSSEC

Enabling a DNSSEC Resolver

In a SOLIDserver, DNSSEC validation can either be activated on an existing server or during the
addition of a new server. It can also be applied to a server configured with a smart architecture.
If you activate the DNSSEC parameters on a smart architecture, all the servers that compose it
will be DNSSEC compliant.

To check the compatibility of your existing servers with DNSSEC, go to the DNS tab, then on the
breadcrumb click on All servers and look in the DNSSEC column to see if the DNS server is
DNSSEC enabled or not.

To enable DNSSEC

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.
4. In the DNSSEC panel, click on EDIT . The Edit DNSSEC properties wizard opens.
5. Tick the box Use DNS as DNSSEC resolver.
6. Make sure a trust anchor is listed among the Configured Trust Anchor list.

If not, or if you want to add a different trust anchor, select one among the Available Trust
Anchor and click on . The selected trust anchor is moved to the Configured Trust Anchors
list.

To remove a trust anchor, select it in the Configured Trust Anchors list and click on .
7. Click on OK to commit the configuration. The wizard closes. In the DNSSEC panel the
DNSSEC resolution is now Enabled and the the Trust Anchors list contains the chosen trust
anchor(s).

The Use DNS as DNSSEC resolver and the Trust Anchor fields are also available in the DNS
server addition and edition wizards.

Managing DNSSEC Trust Anchors

Once you configured a DNS server as a DNSSEC resolver, the generated trust anchor is access-
ible through the key ring module. This page allows you to have a look at every piece of information
related to the trust anchor.

To visualize a DNSSEC trust anchor

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key Ring page opens. The trust anchor
is listed.
3. Go to the trust anchor properties page through the properties button at the end of the line.
The trust anchor properties display the DNSSEC Keys, the Trust Anchor key and the DNS
servers using this Trust Anchor.

If you want to apply one trust anchor to several servers, see the procedure below.

625
 DNSSEC

To apply a DNSSEC trust anchor to several servers

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens. The trust anchor
is listed.
3. At the end of the line of the trust anchor, click on . The properties page opens.
4. In the DNS servers using this Trust Anchor panel, click on EDIT . The wizard opens.
5. In the DNS server list, select the servers one by one and click on . The servers are now
in the Selected list.
6. Click on OK to commit your changes. The servers are now listed in the DNS servers using
this Trust Anchor panel.

To delete a DNSSEC trust anchor

Caution
A trust anchor can only be deleted if it's no longer associated with any server.

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens. The trust anchor
is listed.
3. Tick the trust anchor you want to delete.
4. In the Menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The trust anchor is no longer listed on the key ring page.

Managing an Authoritative DNSSEC Server

To create a DNSSEC server, you need to sign at least one of the zones of an existing SMART
or EfficientIP DNS server. It will generate a KSK and a couple of ZSKs that you will be able to
configure yourself.

By signing zones you make them DNSSEC-compliant. You will be able to verify that they are
properly signed in the All zones list: go to the DNS tab > All zones in the breadcrumb and look
in the DNSSEC column for the red key.

Signing a Zone
Once you created a DNS server, you can make some or all of its zones DNSSEC-compliant. It
will automatically generate one KSK and two ZSKs. Only master zones can be signed. During
zone signing, you will be given the possibility to set up two types of alerts to help you with for the
key rollover. We strongly recommend that you set at least one type of alert considering that any
problem within a zone can invalidate a whole server.

To sign a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.

626
 DNSSEC

3. Tick the zone(s) you want to sign.

4. In the menu, select Tools > Sign zones. The DNSSEC - Sign Zones wizard opens.
5. Select your ZSK and KSK options. By default, the RSASHA1 algorithm encryption is selected
and we recommend that you keep it selected. However, your KSK value will probably be set
by your parent zone. Click on NEXT . The next page of the wizard appears.
6. Make sure that the Send Mail box and/or the Trap SNMP box is ticked. The corresponding
configuration fields will appear. In the following steps, we will detail the e-mail alert and SNMP
trap configuration. If you only want to set up an e-mail alert configuration, continue to the
next step. If you want to set up an SNMP trap, go to step 8. If you do not want to set up an
e-mail alert, untick the Send mail box. If you do not need to read the details of the alert
configuration, go straight to step 9.

Caution
If you set up an e-mail alert, make sure that you configured an e-mail address
for the users of the group you choose to send the alert to.

7. In the Additional Mail field, type in the email address that will receive the alert. Click on ADD .
The address is visible in the Additional Mail List field. You can add as many addresses as
you want, they will all receive the alert at the same time no matter in what order you list them.

To update an entry, select an e-mail address, change the needed data and click on UPDATE .

To delete an entry, select an e-mail address and click on DELETE .

To discard the latest modifications, click on CANCEL .

8. Tick the SNMP Trap box. The SNMP related fields appear. All the fields are compulsory.

Table 46.1. Zone Signing SNMP Alert Configuration Parameters

Parameters Description
SNMP version The version of SNMP, could be v1/v2c or v3.
SNMP Destination The IP address of the network management platform.
SNMP Community The community name.
SNMP ID The SNMP object ID (e.g.: 1.3.6.1.6.3.1.1.5).

9. Click on OK to commit the signature configuration for the zone(s). The report wizard opens
and closes. The zone(s) is marked Yes in the DNSSEC column.

Regenerating Keys
Regenerating your keys is compulsory to ensure the security of your DNSSEC system, it is part
of what is called the key rollover. In order to properly secure a zone, the ZSK needs to be regen-
erated approximately once a month and the KSK once a year.

627
 DNSSEC

KSK
ZSK t KSK t+1
ZSK t+1
ZSK t+2
ZSK t+3
ZSK t+4
ZSK t+5
ZSK t+6
ZSK t+7
ZSK t+8
ZSK t+9
ZSK t+10
ZSK t+11
ZSK t+n
1 2 3 4 5 6 7 8 9 10 11 12 13 14

months

Figure 46.2. DNSSEC Keys Rollover

ZSK Regeneration

The ZSK regeneration is automatic. The whole set of active keys is checked daily at noon. When
ZSKs are about to expire, new keys with the same parameters are generated. These keys will
then be enabled and added to the DNS and visible in the Key Ring listing page of the Administra-
tion tab if and only if the zone has only one active ZSK that has reached a third of its lifetime.
Expired ZSKs will automatically be deleted eventually.

Considering that you might need to enforce a key regeneration, it is possible to manually regen-
erate ZSKs in the Key Ring. However, keep in mind that forcing a refresh only works if a regen-
eration is necessary for the zone.

To manually generate a new ZSK

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. In the menu, select Expert > Force refresh DNSSEC keys. The report opens and closes.
The refresh operates only if necessary.

KSK Regeneration

KSK regeneration is manual as the parameters of this key entirely depend on what was assigned
by the Registrar or your parent zone. Some time before the scheduled end of the KSK lifetime,
you will receive an email alert or an SNMP trap (depending on the kind of alert you set up when
signing the zone).

To generate a new KSK

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server you want to generate a new KSK for. The All zones page
of the server opens.
4. Tick the zone for which you have to generate a new KSK.
5. In the menu, select Tools > Generate new KSK. The DNSSEC - Generate a new KSK wizard
opens.

628
 DNSSEC

6. Modify the Algorithm, Encryption and Validity parameters according to your needs.
7. Click on OK to commit the generation. The report wizard opens and closes.

After the KSK regeneration you have to transmit the new key-related information to your parent
zone to make sure the validation chain is still efficient. To get this information you have to access
the key properties.

To display the new KSK related information

1. To display the new KSK properties

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the System section, click on the Key Ring icon. The Key Ring page opens. In the list,
the Start Date and End date columns display of the two KSK has changed. The rest of
the key configuration is identical, in order to ensure the replacement.

2. To display the new DS

a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS zones icon. The DNS All zones list opens.
c. At the end of the line of the zone you just signed, click on . The properties page opens.
d. Open the DS Keys panel, in the DS list a new DS has been generated along with the
new KSK.

Managing the Delegation Signer

The Delegation Signer (DS) is used in two different ways: provide it to your DLV or to your parent
zone to be part of this zone Chain of Trust.

KSK

"." root zone

com IN DNSKEY sv0LR4loi...4rew89ctb (KSK)

com IN DNSKEY du4tf3…4ss32DDS (ZSK)
com IN RRSIG DNSKEY KSK com …
com IN RRSIG DNSKEY ZSK com …
domain.com IN DS KSK sd6zf8q…8ze5d
domain.com IN RRSIG DS …. ZSK com …

.com zone
Security point of entry

domain.com IN DNSKEY r5e4d…7785dd5 (KSK)

eip.com IN DNSKEY t457uc7…4ss362552 (ZSK)
eip.com IN RRSIG DNSKEY KSK eip.com …
eip.com IN RRSIG DNSKEY ZSK eip.com …
support.domain.com IN DS KSK sd6zf8q…8ze5d
support.domain.com IN RRSIG DS …. ZSK eip.com …

domain.com zone

support.domain.com IN DNSKEY 841qe…1d2edd5 (KSK)

support.eip.com IN DNSKEY 8c5dx…d45shc78 (ZSK)
support.eip.com IN RRSIG DNSKEY KSK support.eip.com …
support.eip.com IN RRSIG DNSKEY ZSK support.eip.com …
www.support.domain.com IN A 187.65.3.71
www.support.domain.com IN RRSIG A …. ZSK eip.com …

support.domain.com zone

Figure 46.3. The Delegation Signer Within Authoritative Zones

629
 DNSSEC

Providing the Delegation signer to a Parent Zone

If you are using a DLV, you will need to transmit the DS of each zone to your parent zone. To
this purpose, you can access the DS details through the zone properties page and copy/paste it
in order to send it.

To display the DS information

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. At the end of the line of the zone of your choice, click on . The properties page opens.
4. In the DS Keys panel, copy the information in the DS list field.
5. Paste it in the document of your choice in order to send it.

Note that the DS Keys panel is also available on the properties page of the zone KSK.

Using the Delegation to Include Subdomains to Your Zone Chain of Trust

If your are managing a domain and its subdomains, you might want to include them to your zone
Chain of Trust rather than create a Trust anchor for each subdomain. In this case, you need to
retrieve the DS information (see procedure To display the DS information above) and then add
it to your subdomains zones RRs list.

630
 DNSSEC

Example 46.1. Where to Find The DS Information Needed When Adding a DS To A Child Zone

To successfully integrate a subdomain into your parent zone Chain of Trust you will need four
different pieces of information: the key tag, the algorithm key, the digest type and the digest.

To illustrate the way to decompose the DS information into the four pieces of information, repres-
ented by fields in the DS RR addition wizard, let's imagine that we created the zone domain.com
and signed it. Now, we need to add the DS RR to our zone sub.domain.com. For starters, we
need to retrieve the domain.com DS List (found in the DS Keys panel).

The DS list of domain.com is the following:

Figure 46.4. Example of The DS Keys Panel on domain.com Properties Page

The only information you need is the underlined set of numbers in the example above: everything
on the first line located right after "DS". Now you simply need to have a look at the space between
each set of numbers and letters to divide the needed data into the four fields of the wizard. In the
list below you will find the content of each field for the zone domain.com:

• Key Tag: 59469

• Key Algorithm: 7
• Digest Type: 1
• Digest: 0050863196B80A2C52D30DBE64BA10FF6D42AEC6

Now you can add the DS RR into the child zone.

To add a DS to a zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Click on the name of the zone where you want to add your DS. The All RRs list of the zone
appears.
4. In the menu, select Add > RR > RR (record). The Add a DNS RR wizard opens.
5. In the RR type drop-down list, select DS.
6. In the RR name field, type in the DS name that will be displayed on the RR name column as
follows: dsname.zonename .
7. In the TTL field and drop-down list, you can edit the default value. Changing one field will
automatically edit the other. By default, the TTL is of 3600 seconds (1 hour).
8. In the Key Tag field, paste the parent zone key tag. For more details, see the example above.
9. In the Key Algorithm field, paste the parent zone algorithm key. For more details, see the
example above.
10. In the Digest Type field, paste the parent zone digest type. For more details, see the example
above.
11. In the Digest field, paste the parent zone digest. For more details, see the example above.

631
 DNSSEC

12. Click on OK to commit the DS RR creation. The report opens and closes. The RR is listed
on the All RRs page, its value corresponds to the content of the fields Key Tag, Algorithm
Key, Digest Type and Digest separated by a comma.

Disabling DNSSEC
DNSSEC keys are manageable from the key ring (accessible through the Administration tab):
you can enable, disable or invalidate KSKs. As for their deletion, you can only delete used
DNSSEC Keys (KSKs and ZSKs).

Disabling a key is not recommended at all as it is a very risky operation if not handled properly.
Disabling the wrong key could affect the zone and all it subdomains, it could make it a dark zone
for instance.

Enabling and Disabling Keys

Within SOLIDserver, enabling or disabling a key means deleting or regenerating the DNSKEY
RR of the corresponding DNS zone. This modification is very fast and easy as it does not have
any effect on the data stored in the zone file.

Keep in mind that disabling a key does not delete it. If you disable an active key, it is marked as
Delayed Delete in the Status column of the All RRs list (DNS tab > All RRs in the breadcrumb)
but still marked as Enabled in the key ring (Administration tab > Key ring).

Enabling a Key

Enabling a key is a simple procedure that you can undo at any time.

To Enable a Key

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick the disabled ZSK or KSK you want to enable.
4. In the menu, select Expert > Enable. The Enable / Disable DNSSEC keys wizard opens.
5. Click on OK to commit your changes. The selected keys will be marked as Enabled in the
Status column.

Disabling a Key

Disabling a key is very easy to do. However, disabling a valid key will delete the corresponding
DNSKEY RR and therefore make the validation impossible as the zone would be unavailable for
query.

To Disable a Key

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick the ZSK or KSK you want to disable.
4. In the menu, select Expert > Disable. The Enable / Disable DNSSEC Keys wizard opens.

632
 DNSSEC

5. Click on OK to commit your choice. The selected keys will be marked as Disabled in the
Status column.

Note
If you disable one or several active keys, the corresponding zone will appear as
Broken in the DNS tab zones list.

Unsigning DNSSEC Zones

Unsigning a DNSSEC zone means disabling every key of a zone. It will also unsign all the children
zones it was associated with, thus breaking any previously created chain of trust.

To unsign DNSSEC zones

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. Tick all the keys you wish to unsign.
4. Make sure that the trust anchor is not selected as you cannot disable or unsign a trust anchor.
5. In the menu, select Expert > Disable. The Enable / Disable DNSSEC keys wizard opens.
6. Click on OK to commit your changes. The keys are marked Disabled in the Status column
in the key ring and, as it is no longer DNSSEC-compliant, the zone is marked No in the
DNSSEC column of the All zones list (DNS tab).

Purging DNSSEC Zones

This functionality allows you to verify that DNSSEC records have been removed from the server
and that the keys have been deleted from the key ring. It only applies to unsign zones. Purging
DNSSEC zones ensures that both the key ring and the DNS server store the same data. Indeed,
it allows you to delete the keys stored in the key ring from the DNS tab.

To purge DNSSEC zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Tick the zone you wish to purge.
4. In the menu, select Tools > Expert > Purge DNSSEC Records. The Purge zones from
DNSSEC records wizard opens.
5. Click on OK to commit the purge. The key ring is now key-less and the DNSSEC keys have
also been removed from the All RRs list.

Invalidating a Compromised KSK

The invalidation functionality should only be used to get rid of a compromised KSK. You should
never invalidate a KSK considering that is has heavy consequences and cannot be undone. At
a technical level, invalidating a KSK means modifying its DNSKEY RR: by changing the bit mask
of that record, you invalidate the key. In SOLIDserver, you have to invalidate a KSK before dis-
abling it.

633
 DNSSEC

Note
Invalidating the KSK protects your zone from attacks and allows you to replace safely
this key.

Once you invalidated a KSK, do not forget to transmit the DS or Public Key of the old KSK and
new KSK. There are four main steps to follow to properly invalidate your zone:

1. Generating a new KSK to make sure that you do not invalidate the whole zone once you inval-
idated the compromised one.
2. Invalidating the compromised KSK to replace it with the new one.
3. Disabling the compromised KSK to update its RRs. This will change its value in the zone list.
Then you have to enable it again to ensure that the compromised key cannot be used again
by anyone.
4. Notifying the changes. Once you invalidated your KSK, you have to transmit a copy of the in-
validated DS set to your DLV or a copy of the Public Key to your Registrar.

To safely protect a zone while getting rid of a compromised KSK

1. To generate a KSK

a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS servers icon. The DNS All servers list opens.
c. Click on the name of the server you want to generate a new KSK for. The list of its zones
opens.
d. Tick the zone for which you have to generate the KSK.
e. In the menu, select Tools > Generate new KSK. The DNSSEC - Regenerate key wizard
opens.
f. Change the Algorithm, Encryption and Validity options according to your needs.
g. Click on OK to commit the generation. The report wizard opens and closes.

Note
The new KSK is automatically Enabled and visible in the key ring (Administration
tab > Key Ring).

2. To invalidate a KSK

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the System section, click on the Key Ring icon. The Key ring page opens.
c. Tick the KSK you wish to invalidate.
d. In the menu, select Expert > Invalidate Keys. The Invalidate Keys wizard opens.
e. Click on OK to commit the key invalidation. The invalidated KSK is now marked as (in-
validated) in the list but is still marked as Enabled in the Status column.

634
 DNSSEC

3. To disable the compromised KSK

a. Tick the invalidated KSK.

b. In the menu, select Expert > Disable. The Enable/Disable keys wizard opens.
c. Tick the same invalidated KSK again.
d. In the menu, select Expert > Enable. The Enable/Disable keys wizard opens. In the All
RRs list the invalidated zone the value of the DNSKEY RR has been modified.

4. To notify the DS and Public Key changes

a. At the end of the line of the invalidated key, click on . The properties page opens.
b. Copy the content of the DS and Public Key fields.
c. Paste it in the file of your choice and send it.

Deleting Unused DNSSEC Keys

To enhance the keys management EfficientIP provides an automatic check of their validity. Every
night at midnight, the rule will check that each and every KSK or ZSK listed in the Key Ring is
actually being used. This check involves finding DNSKEY RRs in the relevant zone RRs list. If
none is found, the corresponding key is deleted and therefore removed from the Key Ring list.

However, you might want to remove the unused keys to clean up the system. That's why,
SOLIDserver provides you with an option that will manually execute the automatic check rule.

To manually remove unused DNSSEC keys

Before following this procedure, make sure you unsigned the zones properly.

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Key Ring icon. The Key ring page opens.
3. In the menu, select Expert > Remove unused DNSSEC keys. The Remove unused DNSSEC
keys wizard opens.
4. Click on OK to commit the unused keys deletion. The report opens and closes. The relevant
keys are deleted.

635
Chapter 47. HSM
The Hardware Security Module (HSM) is a secure crypto processor, usually a device or an appli-
ance, dedicated to generating and managing encryption keys. Typically, it provides strong authen-
tication through accelerated cryptographic operations (involving these keys) and even multiple
levels of security.

The HSM relies on a Remote File System (RFS) and the Security World that will hold all the
critical information. Basically, the RFS will hold the encryption keys and the Security World, that
actually describes the cryptographic environment. The communication between the HSM and
any server depends on both elements. Indeed, to ensure a secure communication between the
HSM and a server, the first step will be to create a Security World on the HSM, then create an
RFS that will retrieve a copy of the Security World and therefore be recognized by the HSM.
From then, every key will be generated on the RFS, sent to the HSM to be encrypted, once en-
crypted it is sent back to the RFS for storage. Any time the server needs a key, the encrypted
key is sent by the RFS to the HSM to be decrypted and sent straight to the server. The commu-
nication between any server and the HSM being completely secure, this key will be invisible on
the network to anyone but the HSM and the server. Obviously, the RFS storage being remote in
essence, you need to choose a server that offers enough data security to store the RFS outside
of the HSM.

The HSM encryption can be purely based on a software or on chip cards (one or several). It is
recommended to use an encryption on chip cards to enhance the security.

The encrypted communication between a server and an HSM implies that for each server that
needs encrypted data communication you need a unique RFS. Each RFS needs to store the
keys needed by each server. Consequently, one HSM can be used to secure the communication
with several servers, provided that there are as many servers as there are remote file systems.
The HSM will synchronize the RFS on each server separately.

EfficientIP makes it possible to store the Security World either on a SOLIDserver appliance or
any other server.

The goal of this chapter is to detail the basics of the interaction between a Thales nShield 500
HSM and the DNSSEC signing process. In other words, the procedures toward signing zones
with a SOLIDserver used as a manager, a DNS server and a host for the RFS. All the limitations
of the HSM use with SOLIDserver are all listed at the end of this chapter.

Browsing the HSM Database

Except for the integration of the HSM to SOLIDserver (see the Integrating the HSM to SOLIDserver
section in this chapter), all the actions related to the HSM will be performed through the All HSM
Servers listing page. The columns on this page provide you with information on the name, IP
address and description you have set for your HSM module(s) as well as the electronic serial
number (ESN) and hash of the KNETI key (KNETI HASH) in use.The KNETI key is the encryption
integrity key.

The All HSM Servers page always displays the Hardserver embedded in SOLIDserver. By default,
the HSM is not configured and its status is ! Hardserver is not running.

636
 HSM

Figure 47.1. All HSM Servers Listing Page

To display the HSM servers list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.

To display the Hardserver properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
3. At the end of the line of the Hardserver, click on . The properties page opens.

The Hardserver properties page is composed of the panels below:

• Main properties: sums up the main information regarding the server: its Name and IP address,
localhost daemon as it is embedded in SOLIDserver appliance.
• Status: displays the server statuses. On the one hand the Configuration status, and on the
hand the Hardserver, or operational status, that can be Not running or Running, once the service
is enabled.
• Module: contains information regarding the server. This panel appears once the service is
running. It displays the Module Number, Version, Version Information, Product Name, Mode
and Remote port. The Module number will always be set to #0 on that page.

To display an HSM server properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
3. At the end of the line of the server of your choice, click on . The properties page opens.

Any HSM properties page is composed of the panels below:

• Main properties: sums up the main information regarding the server: its Name and IP address,
localhost daemon as it is embedded in SOLIDserver appliance.
• Status: displays the server statuses. On the one hand the Configuration status, and on the
hand the Hardserver, or operational status, that can be Not running or Running, once the service
is enabled.
• Module: contains information regarding the server. This panel appears once the HSM has
been detected by the Hardserver. It lists the Module Number, Serial number, Connection
Status, Version, Version Information, Product Name, and Mode.The Module number will always

637
 HSM

be set to #<number> that corresponds to the order in which the server has been detected by
the Hardserver: the first detected is #1, the second is #2, etc.

Understanding the HSM Servers Statuses

The status column of the HSM modules provides a report on the server's operations. The table
below explains all the HSM module statuses:

Table 47.1. HSM Servers Statuses

Status Description
OK The HSM module or service is operational.
Missing RFS The RFS is missing and the HSM server is not operational.
Not identified The HSM module is not identified and therefore not operational.
Not enrolled The HSM module is not enrolled and therefore not operational.
! Hardserver is not The Hardserver service is not running and therefore, not any module is
running operational.

Prerequisites
Before using the HSM with SOLIDserver, your appliance and HSM module must comply with a
set of prerequisites without which the HSM cannot run properly:

• Your HSM module must be supported by SOLIDserver. Nowadays, only the Thales nCypher
HSM module is supported.
• Your license must be valid and include the DNS module.
• The communication with the HSM is only authenticated by a smart card.
• Only an administrator with the proper ACS rights over the smart card can manage the
HSM module through SOLIDserver.

Configuring the HSM

The HSM configuration follows a set of steps:

1. Integrating the HSM to SOLIDserver,

2. Configuring the HSM,
3. Enabling the HSM dedicated DNS server.

Integrating the HSM to SOLIDserver

To use the HSM with SOLIDserver you will need to add a new registry key and then enable the
HSM services in the Administration module.

Adding The HSM Registry Key

By default, the use of an HSM is not enabled on SOLIDserver, so you have to create a new Re-
gistry key to make the DNS server (HSM) and nFast Hardserver services appear on the Services
configuration listing page.

638
 HSM

To add the HSM key in the registry database

1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
4. In the Name field, type in module.dns.hsm_enabled .
5. In the Value field, type in 1 .
6. Click on OK to commit the addition. The report opens and closes. The Registry database
page is visible again.

Note
If you use a different slot than the default one (492971158) to communicate with
your HSM appliance, create another Registry item, named module.dns.hsm_slot
with the value of your own slot. All the commands called to create new DNSSEC
keys will use this value instead of the default one.

Enabling The Service

The registry key(s) was added to allow the management of two new services to the Services
Configuration page. Now, under the DNS server line, you will find the DNS server (HSM) and
nFast Hardserver services.

To properly integrate the HSM to SOLIDserver management, you need to enable the nFast
Hardserver service before configuring the HSM.

To enable the nFast Hardserver service

1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the System section, click on the Services icon. The Services configuration page opens.
3. In the Name column, locate the nFast Hardserver service.
4. In the Enabled column, click on Disabled. The Enable a service wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.
6. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
7. Click on OK to commit your choice. The report opens and closes. The page refreshes, the
nFast Hardserver service is marked Enabled.

Once the service is running, the Hardserver status will be OK on the All HSM servers page.
You can now configure the HSM, i.e. add the HSM server(s) to secure your authentication pro-
cesses.

639
 HSM

Configuring the HSM

To configure you HSM, you can use an existing Security World (kmdata) or declare your
SOLIDserver as the RFS, in which case it will contain the Security World.

In both cases, the procedure is automated. However, an error might occur and the result you
hoped for might be let, in this case, you will need to complete the configuration manually as detailed
in the Completing the Configuration Manually If an Error Occurred section.

Configuring the HSM Using an Existing Security World

If you already have a Security world, you simply need to generate it and import through SOLID-
server GUI.

To configure your RFS and Security World

1. Add your SOLIDserver to the authorized clients list on your HSM appliance.
2. You can edit your RFS if you want to declare SOLIDserver as your RFS.
3. Generate your Security World archive file:

a. Go to the folder where the kmdata directory is located.

b. Tar the folder. The folder is now an archive file that you will import through SOLIDserver
GUI.

To set up the HSM with an existing Security World

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. In the menu, select Tools > Import Security World. The HSM Security World Import wizard
opens.
5. Click on BROWSE to select the .tar file to import.
6. Double-click on the name of the needed .tar file.
7. In the File name field, the file is displayed once selected.
8. Click on OK to commit your import. The report opens and closes. The All HSM Servers listing
page is visible again.

Configuring the HSM With a New Security World

If you do not have a Security World, you can declare SOLIDserver as your RFS. It will therefore
contain the Security World needed to authenticate your data exchanges.

To set up the communication between your HSM and SOLIDserver

1. Add your SOLIDserver to the authorized clients list on your HSM appliance.
2. Declare SOLIDserver as your RFS on your appliance.

640
 HSM

To set up the HSM with no existing Security World

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. In the menu, select Add > Add HSM Server. The Add an HSM server wizard opens.
5. In the Name field, type a name for your HSM server.
6. In the IP address field, type in the IP address of your HSM server.
7. In the Description field, you can type in a description for the server.
8. You can set a number of RFS and Enrollment related parameters upon addition: tick the
Override default parameters checkbox. The HSM RFS and HSM Enrollment sections appear.

a. If you want to force the cleanup of the RFS repository (remove old entries sharing the
same ESN value): in the HSM RFS section, tick the Force box.
b. If you want to force the reconfiguration of already known HSM appliances RFS when
enrolling a new HSM appliance: in the HSM Enrollment section, tick the Force box.
c. If you want to force the Hardserver to request a privileged connection to the HSM: in
the HSM Enrollmentsection, tick the Privilege box. By default, this box is unticked.

9. Click on OK to commit your addition. The report opens and closes. The All HSM Servers
listing page is visible again.

On the All HSM Servers listing page, the HSM modules status should be OK. Besides, the
Hardserver properties page will now display the Module panel.

If the Status is not OK, refer to the section Completing the Configuration Manually If an Error
Occurred below.

Completing the Configuration Manually If an Error Occurred

If the HSM servers status is not OK, you may have to manually identify your HSM, create the
RFS or trigger the enrollment manually depending on the status. For more details, refer to the
HSM Servers Statuses table above.

To identify the HSM manually

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for you want to identify.
5. In the menu, select Tools > Identify. The Identify the HSM wizard opens.
6. Click on OK to commit your identification. The report opens and closes. The server is visible
in the All HSM Servers listing page.

641
 HSM

To create the RFS manually

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for which you want to create the RFS.
5. In the menu, select Tools > Create the RFS. The Create the RFS wizard opens.
6. Tick the Force checkbox to remove old entries sharing the same ESN value from the HSM
RFS.
7. Click on OK to commit your creation. The report opens and closes. The server is visible in
the All HSM Servers listing page.

To enroll the HSM manually

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.
4. Tick the HSM module(s) for you want to enroll.
5. In the menu, select Tools > Enroll. The Enroll the HSM with SOLIDserver wizard opens.
6. Tick the Force checkbox to force the reconfiguration of already known HSM appliances RFS.
7. Tick the Privilege checkbox to force the Hardserver to request a privileged connection to
the HSM. By default, this box is unticked.
8. Click on OK to commit your enrollment. The report opens and closes. The server is visible
in the All HSM Servers listing page.

Enabling the HSM Dedicated DNS Server

Now you need to disable the DNS server before enabling the DNS server (HSM) as both instances
cannot be running at the same time.

To disable the DNS server

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
3. In the System section, click on the Services icon. The Services configuration page opens.
4. In the Name column, locate the DNS server service.
5. In the Enabled column, click on Enabled. The Disable a service wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.

642
 HSM

7. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
8. Click on OK to commit your choice. The report opens and closes. The service is marked
Disabled.

To enable the HSM dedicated DNS server

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
3. In the System section, click on the Services icon. The Services configuration page opens.
4. In the Name column, locate the DNS server (HSM) service.
5. In the Enabled column, click on Disabled. The Enable a service wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The service starts automat-
ically but is listed in red because the configuration is still pending.
7. In the menu, select Tools > Apply configuration. The Commit the system configuration
changes wizard opens.
8. Click on OK to commit your choice. The report opens and closes. The service is marked
Enabled.

Note
If you enable the DNS server (HSM) service before adding any HSM server, the
service Status will be ! No HSM found. In which case you will need to add the
HSM server and restart the HSM DNS service. For more details regarding how
to start and stop a service refer to the section Handling Services of this guide.

Keep in mind that using the HSM DNS implies a specific configuration of your servers that
uses the Enable HSM box, for more details refer to the Using the HSM Service With DNS Servers
below.. Once the service is running, you will be able to sign your zones using the HSM.

Managing the HSM

Once the HSM is properly integrated and configured, using it within SOLIDserver DNS module
is quite simple.

Using the HSM Service With DNS Servers

Once the DNS server (HSM) service is up and running, you can use it with any EfficientIP DNS
server upon addition or edition.

The addiction of the registry database entry also adds a dedicated checkbox that you need to
tick, otherwise SOLIDserver does not query the HSM when generating DNSSEC keys for this
server. The procedure below simply emphasizes the HSM configuration of the server, for more
details regarding the configuration of a DNS server refer to the procedure To add an EfficentIP
DNS server of this guide.

643
 HSM

To add an EfficientIP DNS server that uses HSM

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
3. Click on the DNS servers icon. The DNS All servers list opens.
4. In the menu, select Add > Server > EfficientIP DNS. The Add a DNS server wizard opens.
5. If you or your administrator created classes, the DNS server class list is visible. Select a
class or None and click on NEXT . The next page of the wizard opens.
6. Fill in the DNS server name, Management IP address to set up the basic server configuration.
7. In the Management Protocol drop-down list, select SSL or SNMP and configure the protocol
according to your needs.
8. Click on NEXT . The last page of the wizard opens.
9. Tick the Enable HSM box.
10. In the Mode drop-down list, you can set up the parameters of your choice.
11. Click on OK to commit your creation. The report opens and closes. The server is listed and
using HSM to authenticate DNSSEC keys.

Note
You can tick or untick the Enable HSM box upon edition of an EfficientIP server
as well.

Using the HSM with DNSSEC

Now that the setup is complete, you can sign your zones with DNSSEC using the HSM appliance.
All the procedures remain exactly the same as signing zones without an HSM appliance, except
that now the keys will be stored on the RFS in an encrypted fashion. Besides, all the zones
managed through the local DNS server will be signed through the HSM as long as the Enable
HSM box was ticked.

For more details regarding DNSSEC zone signing, refer to the chapter DNSSEC of this guide.

Deleting an HSM Appliance

At any time you can delete an HSM server from the list. This action will purge all the configuration
files of the HSM server thus preventing all communication between the HSM appliance and
SOLIDserver. It will also force a cleanup of all the related files. The HSM module will no longer
be listed in the All HSM Servers page.

To delete an HSM appliance

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > HSM Servers. The All HSM Servers listing page opens.

644
 HSM

4. Tick the HSM module(s) for you want to delete.

5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Tick the Force checkbox to force the reconfiguration.
7. Click on OK to commit your deletion. The report opens and closes. The server is no longer
visible on the All HSM Servers listing page.

Best Practices To Stop Using the HSM

At any time, you can stop using the HSM appliance(s) for good. To do so, you will need to follow
the following steps:

1. Connected to SOLIDserver yet, log in using a superuser account login and password.
2. Delete all HSM appliances from the list. For more details, refer to the Deleting an HSM Appli-
ance section above.
3. Disable the nFast Hardserver service. For more details, refer to the Handling Services section
this guide.
4. Disable the DNS server (HSM) service. For more details, refer to the Handling Services section
this guide.
5. Remove the HSM dedicated registry key following the procedure below.

To delete the HSM dedicated key from the registry database

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Registry database. The Registry database page
opens.
4. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
5. In the Name field, filter the list to find the module.dns.hsm_enabled .
6. Tick the key.
7. In the menu, select Edit > Delete. A pop up window opens.
8. Click on OK to commit your deletion. The page refreshes. The key is no longer listed.

To use an HSM appliance again follow the sections of this chapter again to integrate, configure
and manage the appliance.

HSM Limitations
There are a number of limitations to the HSM use with SOLIDserver:

• The HSM slot is common to all the HSM queries; you cannot set it per DNS server.

• Keys deletion does not trigger a deletion of the corresponding key on the HSM RFS.
• You cannot use several chip cards with your HSM.
• The chip card needs to be inserted in the HSM for the encryption to work.

645
 HSM

• You can neither use a pin code nor a K/N quorum (only 1/N supported).

• There is no automated replication of the Security World for DNS servers managed remotely.

• The HSM tokens are not supported.

• Once you start using the HSM for DNSSEC zone signing, all the zones will be signed through
the HSM encryption: you cannot sign some zones with the HSM and other without it.

646
Chapter 48. DNS Firewall (RPZ)
Recursive DNS server Response Policy Zone (RPZ) is based on domain data feeds provided by
an external service, manually created by network administrators... Using this information,
SOLIDserver allows to set up a granular approach for RPZ zone management. Instead of
blocking an entire domain, you can set exceptions for subdomains and even configure individual
response policies for each subdomain. In this sense, the RPZ is basically a DNS firewall option
that you can configure on the server to set up a filter for recursive queries of domain names or
IP addresses through the resource records of a zone and provide an alternate response to this
query. This mechanism is similar to an email anti-spam blacklist. In other words, it allows you to
prevent DNS clients from accessing certain websites.

Syslog
server
Malware Data
Feed
DNS Firewall
Multi-vendor

Dynamic policy
update
Alert Forbidden
request

Botnet attack
Malwares
Viruses
Management
Appliance

Figure 48.1. The DNS Firewall

From the zone level, you can decide which requests are redirected and where, as well as set a
NODATA or even an NXDOMAIN response. The main benefit of such mechanism is that you
can set up a filter using either a domain name or an IP address using the CNAME, A and AAAA
records of the RPZ zone.

Browsing RPZ Zones and Records

Within the GUI, the RPZ zones are simply preceded by a specific icon. These zones contain
RRs gathered and listed on the All RPZ rules page.

Figure 48.2. RPZ Dedicated Icons and Page

647
 DNS Firewall (RPZ)

1 This orange rectangle allows to differentiate regular DNS zones and records from RPZ DNS
zones. Clicking on an RPZ zone name will opens the All RPZ rules page and displays the
records it contains.
2 The All RPZ rules page is dedicated to all the records of an RPZ DNS zone. To ease up
records management, even the SOA and NS records of an RPZ zone are gathered on this
page.

Through the GUI, the RPZ configuration of a zone is quite simple. Once you added your BIND
server to the DNS All servers list, you simply need to add RPZ zones from the All zones page
and add your RPZ rules through the addition of CNAME, A and AAAA records on the All RPZ
rules page.

Browsing the RPZ Database

The RPZ zones are displayed on the all zones page whereas the RPZ records are managed
on the All RPZ rules page.

To display the list of RPZ DNS zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens, the RPZ zones are preceded
by an orange rectangle.

To display the list DNS zones through the breadcrumb

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens, the RPZ zones are
preceded by an orange rectangle.

The RPZ zone statuses are identical to regular zones. For more details, refer to the Understanding
the DNS Zones Statuses section of this guide.

To display the list of RPZ resource records

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All RPZ rules. The All RPZ rules list opens.

To display the list of records of a specific RPZ DNS zones

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens, the RPZ zones are preceded
by an orange rectangle.
3. click on the name of the RPZ zone of your choice. The All RPZ rules page opens. By default,
it lists at least the SOA and NS record of the zone. Any additional records will be listed and
preceded by the same orange rectangle than the zone.

Customizing the RPZ Resource Records Display

SOLIDserver enables you to modify the columns display in the All RPZ rules list. You can add,
or modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

648
 DNS Firewall (RPZ)

Managing RPZ Zones

Through the GUI, the RPZ configuration of a zone is quite simple:

1. Add a BIND server to the DNS All servers list. For more details, refer to the Managing a BIND
DNS Server section of this guide.
2. Add an RPZ Zone, see the Adding RPZ Zones section below.
3. Add your policies through records addition, see the Managing RPZ Policies section below.

Adding RPZ Zones

Once you added your a BIND server to the DNS All servers list, you simply need to add RPZ
zones from the All zones page. Keep in mind that the RPZ configuration is possible only for:

• Name zones. The RPZ configuration does not work on reverse zones.
• Master or Slave zone. Any other type of zone is irrelevant to the RPZ configuration.

To add an RPZ Master zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the menu, select Add > RPZ zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select a BIND server and click on NEXT . The next page of the wizard
appears.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.
6. In the DNS zone type list, select Master.
7. Click on NEXT . The last page of the wizard appears.
8. In the Name field, name your zone following the syntax given in RFC1034
[http://tools.ietf.org/html/rfc1034] (page 7).
9. In the View drop-down list, select a view if you created any. If there are no views in the se-
lected server, the list is empty.
10. The DNS firewall (RPZ) checkbox is automatically ticked and displayed in gray.
11. Click on OK to commit the creation. The report opens and closes. The RPZ zone is listed,
preceded by an orange rectangle and marked Delayed create before being marked
OK.

To add an RPZ Slave zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the menu, select Add > RPZ zone. The Add a DNS zone wizard opens.
4. In the DNS server field, select a BIND server and click on NEXT . The next page of the wizard
appears.
5. If you or your administrator created classes, the DNS zone class list is visible. Select a class
or None and click on NEXT . The next page of the wizard opens.

649
 DNS Firewall (RPZ)

6. In the DNS zone type list, select Slave.

7. Click on NEXT . The next page of the wizard appears.
8. In the Name field, name your zone following the syntax given in RFC1034
[http://tools.ietf.org/html/rfc1034] (page 7).
9. In the View drop-down list, select a view if you created any. If there are no views in the se-
lected server, the list is empty.
10. The DNS firewall (RPZ) checkbox is automatically ticked and displayed in gray.
11. Click on NEXT . The last page of the wizard appears.
12. Set up the list of master servers for the zone using the table below:

Table 48.1. DNS Slave Zone Parameters

Fields Description
Master IP address In this field, type in the master server IP address. This field is com-
pulsory.
Port In this field, you can type in the number of the port dedicated to
communicating with the slave zone. This field is optional.
TSIG key In this field, you can type in the TSIG key that identifies the zone
from the master server. This field is optional.

Once the IP, port and key are configured, click on ADD . The configuration is listed in the
Masters list. Repeat these actions for as many servers as needed. You can select a master
in the list to DELETE or UPDATE it once created.
13. Click on OK to commit the creation. The report opens and closes. The RPZ zone is listed,
preceded by an orange rectangle and marked Delayed create before being marked
OK.

Once you added the needed zones, you can configure their policies through records addition in
the All RPZ rules page.

Editing RPZ Zones

Once you created an RPZ zone:

• you cannot rename it,

• you cannot reset its configuration and use it as a regular zone.

An RPZ zone can be edited on some level:

• you can edit its content and add as many RPZ records as you please. For more details, refer
to the Managing RPZ Records section below.
• you can edit some panels from an RPZ zone properties page:
• From the Main properties panel, you can edit the zone applied class. At any time, you can
decide to apply a class, no class or a different class to your RPZ zone. For more details,
refer to the Class Studio chapter of this guide.
• From the Name servers panel, you can edit the Authoritative DNS servers. For more details,
refer to the Configuring Delegation at the Zone level section of this guide.

650
 DNS Firewall (RPZ)

• From the Forwarding panel, you can edit the zone forwarding parameters. For more details
regrading the available parameters, refer to the Configuring DNS Forwarding section of this
guide.
• From the Notify panel, you can edit IP addresses that will be notified of any changes on the
master zone.
• From the Access control panel, you can set or edit allow-query, allow-transfer and allow-
update options on your zones. For more details, refer to the Managing DNS Security section
of this guide.
• From the Groups access panel, the members of the admin group, can set and edit which
groups will have or not the RPZ zone in their resources list.

Deleting RPZ Zones

Like any other zone, deleting an RPZ zone can be done from the All zones page.

To delete an RPZ zone

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. Filter the list if need be.
4. Tick the RPZ zone(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The zone is marked
Delayed delete until it is no longer listed.

Managing RPZ Records

Within an RPZ zone the RPZ rules, or records, set policies through the addition RPZ: <policy>
records. In fact, they create CNAME, A and AAAA records which syntax set the filters.

SOLIDserver provides the configuration of four different policies that you can configure using
requested domain names (QNAME) or IP addresses:

• Redirection is set through the creation of an RPZ: REDIRECT record on the All RPZ rules
page. It allows to define which domain or IP address will be redirected toward which domain
or IP address:
Domain name > domain name redirection
This redirection creates a CNAME record which name and value depend on the domain
names stated during configuration.
Domain name > IP address redirection
This redirection creates an A record if you redirect the domain name toward an IPv4 address
or a AAAA record if you redirect the domain name toward an IPv6 address. This IP address
can be the IP address of any equipment or even an entire subnet start address. Its name
and value depend on the domain name and IP address stated during configuration.
IP address > domain name redirection
This redirection creates a CNAME record which name and value depend on the IP address
and domain name stated during configuration.

651
 DNS Firewall (RPZ)

IP address > IP address redirection

This redirection creates a CNAME record which name and value depend on the IP address
stated during configuration.
• NODATA is set through the creation of an RPZ: NODATA record on the All RPZ rules page.
It allows to set a NODATA response to any requested domain name or IP address. It basically
creates CNAME record named after the domain name or IP address triggering this response.

Keep in mind that you can also set an NODATA policy using a Name Server Domain Name
(NSDNAME) or Name Server IP address (NSIP).
• NXDOMAIN is set through the creation of an RPZ: NXDOMAIN record on the All RPZ rules
page. It allows to set an denial of existence response to any requested domain name or IP
address. It basically creates CNAME record named after the domain name or IP address trig-
gering this response.

Keep in mind that you can also set an NXDOMAIN policy using a Name Server Domain Name
(NSDNAME) or Name Server IP address (NSIP).
• PASSTHRU is set through the creation of an RPZ: PASSTHRU record on the All RPZ rules
page. It allows to set an exception for the redirection or NODATA or NXDOMAIN response
you set. It creates a CNAME record that will, for instance, redirect domain.com towards you
company website but still grant access to the page www.domain.com.

Each policy is created with a TTL of 3600 seconds. Once applied, the policy TTL automatically
drops to 5 seconds, following BIND behavior.

At server level, adding a policy to a zone will add the response-policy option in the named.conf
file. SOLIDserver will simply state in this option the RPZ zones managed by the server. In each
of the RPZ zone zone file, the records will be listed as CNAME, A and AAAA records respecting
the RPZ syntax.

Understanding the RPZ Policies Order

The RPZ is considered as the DNS firewall as the policies are taken into account and implemented
like firewall rules: once a match is found in the list, the policy will return the configured alternate
responses and stop looking for other matches. Therefore, when a user queries an RPZ zone,
the data queried are compared to the RPZ policies list, the first match found is respected; any
other policy set on the very same requested data is ignored.

When adding RPZ policies, you must keep in mind that the triggers or records that encode the
triggers (the policies) of a given DNS query or DNS response will follow a specific order that allow
you to set various RPZ rules for a single RPZ zone. The queries are compared to all RPZ policies
in following the order below:

1. The RPZ ordering matters

Policies encoded in the first response-policy defined zone in the server configuration are
matched first. In other words, the first policies created are the first used to provide alternate
responses to user queries.
2. Within a single RPZ zone, policies respect a specific precedence

QNAME policies (i.e. domain name based polices) are preferred over IP based policies; IP
policies are preferred over NSDNAME policies; NSDNAME policies are preferred over NSIP
policies.
3. Within a single RPZ zone, name based policies follow a specific order

652
 DNS Firewall (RPZ)

Among applicable QNAME or NSDNAME policies, the policy with the smallest name is preferred.
4. Within a single RPZ zone, IP based policies follow a specific order
a. Among applicable IP or NSIP policies, the policy with the longest prefix length is preferred.
b. Among IP or NSIP policies with the same prefix, the smallest IP address is preferred.

Configuring Policies Using Domain Names

A domain name (QNAME) can be used to set up a redirect, nodata, nxdomain and/or passthru
response-policy through the addition of CNAME, A and AAAA records via the Add an RPZ Rule
wizard.

Configuring a Redirection Using a Domain Name

The RPZ redirection policy can be configured using domain names. There are as many domain
redirections as there are RPZ: REDIRECT records configured. You can either use a full domain
name or specify some parts as variable, to include all the subdomains of a particular domain for
instance.

To configure a redirection using a domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.

Table 48.2. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain is redirected
towards a domain name (refer to step 8) or towards an IP
address (refer to step 9).
a
*.domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain is redirected towards a domain name (refer to
step 8) or towards an IP address (refer to step 9).
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name is
redirected towards a domain name (refer to step 8) or to-
wards an IP address (refer to step 9).
a
The * (asterisk) is called the wildcard when used in front of a domain name.

7. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 8) or towards an IP address (refer to step 9).
8. Set the redirection towards the domain name of your choice:

653
 DNS Firewall (RPZ)

a. In the Redirection target drop-down list, select Domain.

b. In the Target domain field, type in target domain name of the redirection.

9. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select IPv4 or IPv6.

b. In the Target address field, type in the target IP address of the redirection, respecting
the selected protocol version syntax.

10. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source domain name,
its Value is the target domain name or IP address depending on your configuration.

Configuring a NODATA Response Using a Domain Name

You can configure a NODATA response policy for clients requesting certain domain names.
There is a NODATA response for as many domains as there are RPZ: NO DATA records con-
figured.

To configure a NODATA response policy using a domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.

Table 48.3. Domain Name Possible Syntax When Configuring an RPZ Policy
Value
domain.extension
*.domain.extension
<value>.domain.extension
Description
If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets a nodata
response.
If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain gets a nodata response.
If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
a nodata response.

7. In the Policy drop-down list, select Nodata.

8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the source domain name, its
Value is * following the BIND RPZ syntax in the zone file.

654
 DNS Firewall (RPZ)

Configuring an NXDOMAIN Response Using a Domain Name

You can configure an NXDOMAIN response policy for clients requesting certain domain names.
There is an NXDOMAIN response for as many domains as there are RPZ: NXDOMAIN records
configured.

To configure a NXDOMAIN response policy using a domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.
6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details.

Table 48.4. Domain Name Possible Syntax When Configuring an RPZ Policy
Value
domain.extension
*.domain.extension
<value>.domain.extension
Description
If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets an
nxdomain response.
If you name the RR with a domain name following this
syntax, the DNS client requesting this domain or any of its
subdomain gets an nxdomain response.
If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
an nxdomain response.

7. In the Policy drop-down list, select Nxdomain.

8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source domain name,
its Value is . following the BIND RPZ syntax in the zone file.

Configuring a PASSTHRU Exception Using a Domain Name

Once you configured redirection and specific request responses, you can always configure a
PASSTHRU exception for a particular domain name, subdomain, etc. There are as many domain
name exceptions as there are RPZ: PASSTHRU records configured.

To configure a PASSTHRU response policy using a domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Domain.

655
 DNS Firewall (RPZ)

6. In the Domain field, type in the domain name. It can be a full domain name or a partial one,
follow the table below for more details. Keep in mind that you cannot use the wildcard * when
configuring a passthru from a domain name.

Table 48.5. Domain Name Possible Syntax When Configuring an RPZ Policy
Value Description
domain.extension If you name the RR with a domain name following this
syntax, the DNS client requesting this domain gets a regular
response.
<value>.domain.extension If you name the RR with a domain name following this
structure, the DNS client requesting this specific name gets
a regular response.

7. In the Policy drop-down list, select Passthru.

8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source domain name,
its Value is rpz-passthru following the BIND RPZ syntax in the zone file.

Configuring Policies Using IP Addresses

An IP address can be used to set up a redirect, nodata, nxdomain and/or passthru response-
policy through the addition of CNAME records via the Add an RPZ Rule wizard.

The RPZ follows a specific syntax similar to the reverse mapping (in-addr.arpa) in the zone file:

IPv4 policies display

Once created, the RPZ policies from an IPv4 address will display the source IP address in
reverse: <prefixlength.B4.B3.B2.B1>. In the zone file, the source IP address will follow the
RPZ syntax: <prefixlength.B4.B3.B2.B1.rpz-ip>.
IPv6 policies display
Once created, the RPZ policies from an IPv6 address will display the source IP address in
reverse: <prefixlength.W8.W7.W6.W5.W4.W3.W2.W1>. In the zone file, the source IP address
will follow the RPZ syntax: <prefixlength.W8.W7.W6.W5.W4.W3.W2.W1.rpz-ip>.

Note
In the context of reverse IPv6 address notation, you might see ".zz." in the Partial
RR name column once the RPZ records are created. It corresponds to "::" and allows
you not to type in full the omitted 0000: groups of the address.

Configuring a Redirection Using an IP Address

The RPZ redirection policy can configured using a specific IPv4 or IPv6 address or range of ad-
dresses. There are as many IP addresses redirections as there RPZ: REDIRECT records con-
figured.

Keep in mind that even though you can redirect a single address or a range of IP addresses (a
subnet address for instance), the redirection target can only be one IP address.

To configure a redirection using an IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.

656
 DNS Firewall (RPZ)

2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 9) or towards an IP address (refer to step 10).
9. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select Domain.

b. In the Target domain field, type in target domain name of the redirection.

10. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select IPv4 or IPv6.

b. In the Target address field, type in the target IP address of the redirection, respecting
the selected protocol version syntax.

11. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source IPaddress and
prefix displayed in reverse, its Value is the target domain name or IP address depending on
your configuration.

Configuring a NODATA Response Using an IP Address

The RPZ NODATA policy can configured using a specific IPv4 or IPv6 address or range of ad-
dresses.There are as many IP addresses redirections as there RPZ: NODATA records configured.

To configure a NODATA response policy using an IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Nodata.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the source IP address and
prefix displayed in reverse, its Value is * following the BIND RPZ syntax in the zone file.

657
 DNS Firewall (RPZ)

Configuring a NXDOMAIN Response Using an IP Address

The RPZ NXDOMAIN policy can configured using a specific IPv4 or IPv6 address or range of
addresses. There are as many IP addresses redirections as there RPZ: NODATA records con-
figured.

To configure an NXDOMAIN response policy using an IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Nxdomain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source IP address and
prefix displayed in reverse, its Value is . following the BIND RPZ syntax in the zone file.

Configuring a PASSTHRU Exception Using an IP Address

Once you configured the redirection and responses policies of your choice, the RPZ allows you
to configure PASSTHRU exceptions for the IPv4 and IPv6 addresses or ranges of addresses of
your choice. There are as many IP addresses exceptions as there are RPZ: PASSTHRU records.

To configure a PASSTHRU response policy using an IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select IPv4 or IPv6.
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select a prefix in the list. Your prefix might correspond to one
IP address or to a range of IP addresses.
8. In the Policy drop-down list, select Passthru.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: PASSTHRU named after the source IP address and
prefix displayed in reverse, its Value is rpz-passthru following the BIND RPZ syntax in the
zone file.

658
 DNS Firewall (RPZ)

Configuring Policies Using Name Servers

In addition to filters through domain names and IP addresses, the RPZ filtering provides specific
policy syntax that allows to provide alternate responses to queries made to authoritative name
servers.You can set policies based on Name Server IP Address (NSIP) or Name Server Domain
Name (NSDNAME). These filters add a extra suffix to the RPZ syntax and loook as follows in
the zone file: <source-value>.rpz-nsip or <source-value>.rpz-nsdname .

These records allow you to configure a redirection, an NXDOMAIN, a NODATA or a PASSTHRU

response-policy to any query made to any zone managed by a Name Server whether you identified
it through its IP address (NSIP) or through its domain name (NSDNAME).

Keep in mind that any of the zone managed by that authoritative Name Server are returned a
NODATA or NXDOMAIN response if queried EXCEPT if you set a passthru exception for a par-
ticular zone or IP address managed by said Name Server. Indeed, as the NSDNAME and NSIP
based policies are looked at last, if you set up a passthru based on a domain name (QNAME)
or IP address, the passthru match will be found before the name server domain name or IP address
NODATA or NXDOMAIN policy. For more details, refer to the Understanding the RPZ Policies
Order section.

Configuring Policies using a Name Server Domain Name

A name server domain name can be used to set a NODATA or NXDOMAIN response to any
query made to the zones it manages. This server name is usually embedded in the NS value of
a domain name, once you retrieved it you simply need to add specify it as a Source Domain in
the Add an RPZ Rule wizard.

To configure a redirection using a name server domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 8) or towards an IP address (refer to step 9).
8. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select Domain.

b. In the Target domain field, type in target domain name of the redirection.

9. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select IPv4 or IPv6.

b. In the Target address field, type in the target IP address of the redirection, respecting
the selected protocol version syntax.

659
 DNS Firewall (RPZ)

10. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the name server domain
name followed by the suffix rpz-nsdname, its Value is the target domain name or IP address
depending on your configuration.

To configure a NODATA response policy using a name server domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Nodata.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the name server domain
name followed by the suffix rpz-nsdname, its Value is * following the BIND RPZ syntax in
the zone file.

To configure an NXDOMAIN response policy using a name server domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Nxdomain.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named named after the name server
domain name followed by the suffix rpz-nsdname, its Value is . following the BIND RPZ
syntax in the zone file.

To configure a PASSTHRU response policy using a name server domain name

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSDNAME (domain name).
6. In the Domain field, type in the name server domain name.
7. In the Policy drop-down list, select Passthru.

660
 DNS Firewall (RPZ)

8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source domain name
followed by the suffix rpz-nsdname, its Value is rpz-passthru following the BIND RPZ syntax
in the zone file.

Configuring Policies using a Name Server IP Address

The IP address of a name server can also be used to set a NODATA or NXDOMAIN response
to any query made to the zones it manages. This server name IP address is usually embedded
in the A glue record of the domain name NS record, once you retrieved it you simply need to add
specify it as the Source Address with the prefix /32 in IPv4 and /128 in IPv6 in the Add an RPZ
Rule wizard.

To configure a redirection using a name server IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Redirection. You can set a redirection towards a domain
name (refer to step 9) or towards an IP address (refer to step 10).
9. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select Domain.

b. In the Target domain field, type in target domain name of the redirection.

10. Set the redirection towards the domain name of your choice:

a. In the Redirection target drop-down list, select IPv4 or IPv6.

b. In the Target address field, type in the target IP address of the redirection, respecting
the selected protocol version syntax.

11. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: REDIRECT named after the source IPaddress and
prefix in reverse followed by the suffix rpz-ip, its Value is the target domain name or IP address
depending on your configuration.

To configure a NODATA response policy using a name server IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.

661
 DNS Firewall (RPZ)

4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Nodata.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NODATA named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is * following the BIND RPZ
syntax in the zone file.

To configure an NXDOMAIN response policy using a name server IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Nxdomain.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: NXDOMAIN named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is . following the BIND RPZ
syntax in the zone file.

To configure a PASSTHRU response policy using a name server IP address

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select NSIP (IPv4) or NSIP (IPv6).
6. In the Address field, type in the IP address following the appropriate syntax.
7. In the Prefix drop-down list, select /32 for IPv4 or /128 for IPv6, if it was not automatically
selected.
8. In the Policy drop-down list, select Passthru.
9. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: PASSTHRU named after the source IP address and
prefix displayed in reverse followed by the suffix rpz-ip, its Value is rpz-passthru following
the BIND RPZ syntax in the zone file.

662
 DNS Firewall (RPZ)

Configuring Other Policies

An administrator might need to configure policies that do not use a domain name, IP address,
name server domain name or IP address as a source; in which case, you will need to specify
yourself the partial RR name, as the full name is automatically created as follows: <partial-rr-
name>.<zone-name>. Keep in mind that the procedure below is an advanced configuration as
the consistency of the Value field in the wizard will not be checked. So if the syntax does not
comply with RPZ, the filter it sets will obviously not work.

For these sources, the available policies are the same: redirection, Nodata, Nxdomain or Passthru.

To configure an RPZ policy using a specific source

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on All zones. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. In the menu Add > RPZ rule. The Add an RPZ Rule wizard opens.
5. In the Source drop-down list, select Other.
6. In the Value field, type in the source identification following the RPZ syntax (with the appro-
priate values and suffixes).
7. In the Policy drop-down list, select the policy that suits your needs. If you select Redirection,
you will need to specify a domain name or an IP address.
8. Click on OK to commit the creation. The report opens and closes. The record is now listed.
The RR name column displays an RPZ: <policy> named after the content of the Value field
in the wizard, its Value will depend on your configuration.

Deleting Policies
At any time, you can delete a policy. In other words, you can delete an RPZ record. In the pro-
cedure below, the deletion is done from a specific zone All RPZ rules page but you can also delete
records from the global All RPZ rules.

To delete an RPZ policy

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS zones icon. The DNS All zones list opens.
3. In the Name column, click on the name of the RPZ zone of your choice. The All RPZ rules
page opens.
4. Filter the list if need be.
5. Tick the RPZ record(s) you want to delete.
6. In the menu, select Edit > Delete. The Delete wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The record is marked
Delayed delete until it is no longer listed.

663
Chapter 49. Hybrid DNS Service
SOLIDserver version 5.0.3 introduces a Hybrid DNS service to reduce risks of corruption of BIND
DNS engines. Hybrid DNS incorporates an alternative DNS engine based on NLnetLabs Unbound
and NSD that provides an automated switch from the regular BIND service to a service that as-
sociates BIND and one of the two NLNetLabs engines depending on your configuration.

Once the switch is complete, the DNS engine footprint is more complex to analyze and less prone
to malicious attacks as it does not take on BIND security flaws: it avoids them altogether as the
DNS mechanism is different. Therefore, in the event of an attack or important security issue, the
switch to Hybrid ensures data security and avoids its potential corruption.

From SOLIDserver GUI you can switch BIND engines to a Hybrid engine if their configuration
compatible with Unbound or NSD. However, you cannot decide to switch to NSD or Unbound,
SOLIDserver automatically decides which engine is relevant based on your DNS configuration:
authoritative engines switch to BIND/NSD hybrid and recursive engines switch to
BIND/Unbound hybrid.

Keep in mind that Hybrid engines have some limitations compared to BIND engines. For more
details refer to the Hybrid DNS Engines Limitations section below.

Checking the Compatibility with Hybrid

Checking the compatibility with Hybrid implies to:

1. Match the basic Hybrid requirements.

2. Check that no parameter set at server or zone level is incompatible with Hybrid.
3. Generate the incompatibility report, if need be.
4. Edit the server configuration to make sure that none of the parameters set are incompatible
with Hybrid.

Before switching, you need to understand that you cannot decide if your physical server switches
to BIND/NSD or BIND/Unbound. As a general rule, if your server is compatible with Hybrid, the
following switch will occur:

• If the smart server recursion is set to yes, a Hybrid compliant server can switch to
BIND/Unbound.
• If the smart server recursion is set to no, a Hybrid compliant server can switch to BIND/NSD.

Matching Hybrid Basic Requirements

The first step toward switching to Hybrid is to match the following Hybrid basic requirements:

• You can only convert servers to Hybrid from SOLIDserver hardware or software appliance.
• The servers you want to switch must be EfficientIP DNS servers.
• The servers you want to switch must be managed through a smart architecture. The changes
are pushed to the physical server.
• The smart architecture cannot be compatible with Hybrid if it does not manage only BIND
servers.
• The physical server status must be OK, you cannot switch a server in Timeout.

664
 Hybrid DNS Service

On the DNS All servers list, the Hybrid DNS compatibility and Forced Hybrid DNS compatib-
ility columns allow you to to see if you can switch your BIND physical servers.

In addition, the Multi-status column at server, view, zone and RR level provides you with all the
potential incompatibilities with Hybrid. For more details, refer to the Multi-status Column section
of this guide. For more details regarding how to change a page listing template, refer to the
Customizing the List Layout section of this guide.

This information is also provided on the smart architecture edition wizard: the Compatible with a
Hybrid DNS Engine field indicates the Hybrid compatibility of the physical servers managed.

Making Sure the Server Configuration is Compatible with Hybrid

If the smart architecture managing your physical server, is marked No in the Hybrid DNS compat-
ibility column, the physical server cannot be switched to Hybrid. If the server is set with one of
the following options and configurations, it cannot be switched to Hybrid:

• The DNS server type is different from a SOLIDserver Hardware or Virtual Appliance EfficientIP
DNS server (for instance a server using packages, an agentless server, a generic server, etc.).
• The server contains views.
• The server contains zones other than master, slave, forward or stub.
• the server contains master and/or slave zones as well as forward and/or stub zones. With
Hybrid, the server is either only authoritative or only recursive.
• One or more server zones are RPZ compliant.
• One or more server zones are signed with DNSSEC.
• The server configuration combines authoritative and recursive zones:
• If the DNS recursion set to yes and the server contains master and/or slave zones, the
server cannot switch to Hybrid.
• If the DNS recursion set to no and the server contains forward and stub zones, the server
cannot switch to Hybrid.
• If the DNS recursion set to yes with TSIG keys.

You must change your configuration to match Hybrid requirements if you want to switch to Hybrid.
During the switch, SOLIDserver checks once more all the parameters to make sure that your
server is compatible once more.

If you want to to have a complete list of all the parameters and options that need to be edited,
refer to the Generating the Hybrid Incompatibilities Report section below.

Generating the Hybrid Incompatibilities Report

If the smart architecture managing your BIND servers is not compatible with Hybrid, you can
generate the List Hybrid DNS Engine incompatibilities report to have a detailed list of al the
parameters that do not comply with hybrid following the procedure below.

To generate the Hybrid DNS Engine incompatibilities report

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the smart server managing the physical server you intend to switch to Hybrid.

665
 Hybrid DNS Service

4. In the menu, select Report > Hybrid DNS Engine incompatibilities. The Hybrid incompatib-
ilities report wizard opens.
5. In the Report format list, select HTML or PDF.
6. Click on NEXT . The last page of the report opens.
7. In the Action drop-down list, select the kind of report to want to generate.

Table 49.1. Available Report Related Actions

Fields Description
Generate new data This action generates a report that lists all to the incompatibilities
with Hybrid at the moment you create it. Once generated, this report
is available in the list named as follows: <date time>.
Schedule the report This action generates a graph as regularly as you need.

8. If you chose to Schedule the report, configure the reports using these fields.

Table 49.2. Schedule the Report Parameters

Field Description
Day(s) of the week Select a day or a period of days in the drop-down list. By default,
Every day is selected.
Date of the month Select a date in the drop-down list. By default, Every day is selected.
Month Select a month in the drop-down list. By default, Every month is se-
lected.
Hour Select a specific time or one of the available schedules in the drop-
down list. By default, Every hour is selected.
Minute Select a period of time, minutes-wise, in th drop-down list. By default,
Every minute is selected.
Name A default name is already filled in, you can edit this scheduled export
name if you want.
Mail to In this drop-down list, select the group which users will receive the
export notification email. This email will not be sent if the users email
address is not valid or if your SMTP relay is not configured, refer to
the Configuring the SMTP Relay section for more details. By default,
the first of your groups, in the ASCII alphabetic order, is selected.
Rights as Select a user, his/her rights and limitations will be applied in the re-
port: only the items this user has access to will be listed in the export.

9. Click on OK to validate the generation. The report opens, click on DOWNLOAD to visualize the
report or CANCEL to close the wizard.

Once you generated the report, all the parameters that are not compatible with Hybrid are listed
and you need to correct them all until your smart server is marked compatible. You can generate
as many reports as you want, every report is available on the Reports page of the Administration
module.

To find the generated reports

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

666
 Hybrid DNS Service

2. In the menu, select Monitoring > Reports. The Reports page opens.
3. In the list, the Hybrid DNS incompatibilities report are listed.

Once the physical server is Hybrid compliant, the All servers page Hybrid DNS compatibility
column is marked Yes and the smart architecture edition wizard Compatible with a Hybrid DNS
Engine field is also marked Yes.

Switching to Hybrid DNS

Once your smart architecture is compatible with Hybrid, you can switch it. If your server is not
compatible with Hybrid, you need to change its configuration as some parameters might prevent
the switch, see to the Checking the Compatibility with Hybrid section above for more details.

The architecture can contain one or several BIND servers that you can all switch. Keep in mind
that if you only switch one server, the other servers will share the same limitations that the Hybrid
servers. So, before switching to Hybrid you should probably make sure that none of its limitations
prevent you from using your server with all the parameters you usually need. For more details,
refer to the Hybrid DNS Engines Limitations section.

The switch to Hybrid actually follows this order:

1. All the Hybrid incompatibilities checks are made again.

2. If the server is actually compatible, the relevant Hybrid configuration is pushed to the physical
server.
3. Once the whole configuration is successfully pushed, BIND service is disabled and stopped
and the relevant Hybrid service (NSD or Unbound) is enabled and started.

In some rare cases, you might have a Hybrid server listed among your servers outside a smart
architecture. As you cannot manage a Hybrid server outside a smart architecture, you need to
switch it to BIND, add it to your smart architecture and then switch it again to Hybrid. For more
details refer to the To switch a physical server from Hybrid to BIND DNS and To switch a physical
server from BIND to Hybrid DNS procedures.

To switch a physical server from BIND to Hybrid DNS

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Make sure the server status is OK.
5. Tick the physical server you want to switch.
6. In the menu, select Tools > Expert > Switch DNS Engine > To NSD / Unbound. The
Switching the DNS Engine wizard opens.
7. Click on OK to commit the switch to Hybrid. The report opens and works until the relevant
DNS service restarts.The physical server Status is OK and its Version indicates the engine
name it switched to.

Your server configuration switches to Unbound or NSD on its own, based on its configuration.
Once the switch is complete, the compatibility with Hybrid is forced: this implies that a set of
configurations can no longer be set. For more details regarding NSD or Unbound specificities

667
 Hybrid DNS Service

and limitations, refer to the The Server Switched to NSD and The Server Switched to Unbound
sections below. As for the Hybrid limitations in general, refer to the Hybrid DNS Engines Limitations
section.

To display the Hybrid engine the server switched to from the All servers page

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the Version column, the engine and version are displayed.

Like any other server, you can check on a Hybrid server through the Status and Sync columns.
For instance, make sure that the server smart architecture can push your configuration on the
physical server, if not the smart server is marked Locked synchronization. For more details re-
garding this status, refer to the Locked Synchronization Status section of this guide.

To display the Hybrid engine the server switched to in the Administration module

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Services icon. The DNS Services configuration list opens.
3. The DNS server indicates between brackets the engine currently running.

From the Services configuration page, you can enable, disable, stop and start the Hybrid DNS
server. For more details, refer to the Handling Services section of this guide.

In the same way, from this page you can download the NSD or Unbound configuration file de-
pending on which one is running. For more details refer to the Downloading the DNS/DHCP/DH-
CPv6 Configuration File section of this guide.

The Server Switched to NSD

NSD Engines are designed to manage authoritative DNS configurations. Once the switch was
successfully performed, a set of BIND options and configurations are emulated to suit NSD re-
quirements.

However, you should be aware of a set of NSD engines specificities and limitations that shape
the configuration that you can or cannot set through the GUI.

NSD engines specificities

• NSD servers are exclusively authoritative: only master and slave zones are supported.
• Every night at 3 a.m. a scheduled rule ensures the maintenance of NSD files. SOLIDserver
keeps the zones database up to date using one of NSD checks every night. To take into account
all the changes performed: merge zone transfer are changed back to zone files, the NSD and
IXFR databases are read and any changes found overwrite the current zone text files.
• All records handled by BIND are handled by NSD, except DNSSEC records.
• Each change made to the server or zones creates a new NSD configuration or zone file, copies
the former files and pushes the new configurations on the physical server.
• Every change made to the records database rebuilds the NSD database and creates a new
zone to ensure that the changes are pushed to the physical server as soon as possible.

668
 Hybrid DNS Service

NSD engines limitations

• You cannot create forward, stub, hint or delegation-only zones on an NSD server.
• Not all ACLs are supported:
• none, any, localhost and all the access control lists based on IP or network addresses are
supported.
• The localnets ACL is ignored.
• The allow-transfer and allow-notify clauses set on your BIND server are converted as follows
after a switch to NSD:
• If the allow-transfer clause is not specified at server or zone level, a default configuration is
pushed on the NSD server to allow any user to transfer master and slave zones via AXFR.
• If the allow-notify clause is not specified at server or zone level, the clause value on the NSD
server is set to respect BIND default behavior and allow proper synchronization of the master
and slave zones.

The Server Switched to Unbound

Unbound Engines are designed to manage recursive DNS configurations. Once the switch was
successfully performed, a set of BIND options and configurations are emulated to suit Unbound
requirements. However, you should be aware of a set of Unbound engines specificities and lim-
itations that shape the configurations that you can or cannot set through the GUI.

Unbound engines specificities

• Unbound servers are exclusively recursive: only forward and stub zones are supported.
• BIND statements are interpreted as follows:
• If the allow-recursion is specified on BIND, its value is used to set the allow-query statement
on Unbound.
• If the allow-recursion is not specified on BIND, the localhost is set on Unbound.
• ACLs are only supported to configure the allow-recursion statement only at server level. For
more details regarding ACLs, refer to the Unbound engines limitations below.
• On forward zones, the forward parameter can only be set to first.
• If the BIND server is configured with the forward parameter (set to any value but none) and
forwarders, the switch to Hybrid DNS creates a forward zone named "." that emulates all spe-
cified parameters. Keep in mind that if a "." forward zone already exists, the list of forwarders
of both zones are merged into one. Other parameters of the existing "." forward zone are ignored.

Unbound engines limitations

• You cannot create master, slaver, hint or delegation-only zones on an Unbound server.
• Not all ACLs are supported:
• none, any, localhost and all the access control lists based on IP or network addresses are
supported.
• The localnets ACL and TSIG keys are not supported.
• Stub zones cannot be configured with:
• forward and forwarders parameters.
• stub-first and stub-prime parameters: they do not have any equivalent in BIND.

669
 Hybrid DNS Service

• Forward zones cannot be configured with the forward parameter set to only.
• Unbound handles the edns-udp-size option in a unique way:
• If the option was set before switching, the specified value is set on the Unbound ipv4-edns-
size and ipv6-edns-size options. Keep in mind that in this case, ipv4-edns-size has precedence
over ipv6-edns-size.

Hybrid DNS Engines Limitations

Once you switched your DNS service to Hybrid, you can configure and manage it through a smart
architecture. However, Hybrid has some limitations:

• It is impossible to import a Hybrid configuration.

• No statistics regarding Hybrid servers are retrieved, therefore the server properties page does
not contain any graph.
• It is impossible to switch a physical server from BIND to Hybrid outside a smart architecture.
• After a fresh installation, the service default type is BIND. You need to manage the server
through a smart architecture and then switch it.
• Only the options compatible with BIND are supported: any hybrid vendor option that does not
have any counterpart in BIND cannot be set through SOLIDserver.
• The rncd commands are not supported: you cannot perform the command querylog and flush
cache on Hybrid compliant servers.
• The options inheritance is not supported per se. However, after switching to Hybrid, your
server configuration will be set directly at zone level.
• SOLIDserver does not retrieve data from a Hybrid server. However, if you manage a Hybrid
server via a smart you can synchronize the architecture to push any changes made through
the GUI to the server (content or configuration file) from the smart to the physical server.
• Any change made to a Hybrid server restarts the service.
• DynDNS is not supported by Hybrid.
• ACL use is limited:
• All ACLs based on IP and network addresses are supported.
• The any, localhost and none ACL are supported in their IP address form.
• The localnet ACL is not supported.
• Views are not supported.
• RPZ zones are not supported.
• DNSSEC is not supported.

Forcing Compatibility with Hybrid

To provision a switch to Hybrid, you can force the compatibility with Hybrid on smart architectures.
This action allows you to make sure that all the parameters and configurations you set on your
server (at server and/or zone level) respect Hybrid requirements for BIND/NSD or BIND/Unbound.
That way, you wan switch your engine right away and do not need to perform any configuration
changes, whether you were planning to on a particular day or because a CVE release impacts
your BIND servers security.

670
 Hybrid DNS Service

To force the compatibility with Hybrid

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Put your mouse over the name of the smart architecture that manages this server. The Info
Bar appears.
5. Click on . The Edit a DNS server wizard opens.
6. If you are editing a Master/Slave, Stealth, Multi-Master or Single-Server architecture follow
the steps below:

a. Click on NEXT until you get to the DNS servers role configuration page of the wizard.
b. Tick the Expert mode checkbox.
c. Click on NEXT . The Advanced settings page opens.
d. Tick the Force Hybrid DNS compatibility checkbox.

7. If you are editing a Farm architecture follow the steps below:

a. Click on NEXT until you get to the Advanced settings page of the wizard.
b. Tick the Force Hybrid DNS compatibility checkbox.

8. Click on OK to commit your changes. The report opens and closes. The smart architecture
is marked Yes in the Forced Hybrid DNS compatibility.

Switching Back to BIND

As Hybrid engines imply a set of limitations that might prevent you from configuring your DNS
server according to your needs, mixing authoritative and recursive zone for instance, you can
switch back to BIND. As all the NSD and Unbound options that you can set through the GUI have
an equivalent in BIND, switching the engine back to BIND can be performed at any time.

To switch a physical server from Hybrid to BIND DNS

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure the BIND physical server you want to switch to Hybrid belongs to a smart archi-
tecture compatible with Hybrid.
4. Make sure the server status is OK.
5. Tick the physical server you want to switch.
6. In the menu, select Tools > Expert > Switch DNS Engine > To BIND. The Switching the
DNS Engine wizard opens.
7. Click on OK to commit the switch to BIND. The report opens and works until the relevant
DNS service restarts. The physical server Status is OK and its Version indicates it switched
to BIND.

671
 Hybrid DNS Service

Once you switched a Hybrid server engine to BIND, the Force Hybrid DNS compatibility options
is still set to Yes. To be able to configure the BIND server without the Hybrid limitations, you need
to untick the checkbox on the smart architecture edition wizard.

To remove the forced compatibility with Hybrid

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Make sure that the smart architecture you want edit does not manage any Hybrid server.
4. Put your mouse over the smart architecture name. The Info Bar appears.
5. Click on . The Edit a DNS server wizard opens.
6. If you are editing a Master/Slave, Stealth, Multi-Master or Single-Server architecture follow
the steps below:

a. Click on NEXT until you get to the DNS servers role configuration page of the wizard.
b. Tick the Expert mode checkbox.
c. Click on NEXT . The Advanced settings page opens.
d. Untick the Force Hybrid DNS compatibility checkbox.

7. If you are editing a Farm architecture follow the steps below:

a. Click on NEXT until you get to the Advanced settings page of the wizard.
b. Untick the Force Hybrid DNS compatibility checkbox.

8. Click on OK to commit your changes. The report opens and closes. The smart architecture
is marked No in the Forced Hybrid DNS compatibility.

Administrating the Backup and Restoration of Hybrid

Configurations
Considering that Hybrid DNS uses engines that differ from the BIND named engine usually used
by SOLIDserver, there are a set of actions to perform whenever you restore a backup or upgrade
an appliance configured with Hybrid DNS.

Generating a Backup with Hybrid Servers

Whenever you generate an appliance backup, the Hybrid DNS configuration is automatically
retrieved. For more details regarding backups, refer to the sections Creating an Instant Backup
and Scheduling the Backup of this guide.

Restoring a Backup Containing Hybrid Servers

When you restore the backup of an NSD or Unbound server, you must to tick the "Restore
the system configuration" box. Otherwise, BIND service will be started and the smart architec-
ture might push an outdated DNS configuration to your physical server instead of your Hybrid
configuration. For more details regarding the restoration of a backup, refer to the Restoring a
Configuration section of this guide.

672
Chapter 50. Reporting and Monitoring
the DNS
Generating DNS Reports
EfficientIP provides dedicated DNS reports at server and zone level.The reports on inconsistencies
or misconfiguration details might be empty if the server or zone configuration is correct.

For more details regarding the reports generation possibilities, refer to the chapter Managing
Reports.

DNS Server Reports

The server dedicated reports are available on the All servers page.

Compare DNS data with IPAM data

Prerequisite: Selecting at least one server.

Description: Contains the replication inconsistencies from DNS to IPAM and vice versa. The
concerned DNS records and the IP addresses are divided into 6 tables: A record without IP ad-
dress, CNAME record without A record, CNAME record with A record without IP address, CNAME
record with A record with IP address without IP alias, PTR record without A record and PTR record
with A record without IP address. In each table, only the objects with inconsistent configurations
are listed.

Servers configuration

Prerequisite: Selecting at least one server.

Description: Contains all the server configuration details divided into 4 tables: Settings (all the
options), ACLs (all the access control lists), Keys (all the DNS keys configured) and Groups (all
the group of users that have access to the server).

Hybrid DNS Engine incompatibilities

Prerequisite: Selecting at least one physical server.

Description: Contains the list of all the options and configuration that make the server incompatible
with Hybrid. For more details, refer to the section Generating the Hybrid Incompatibilities Report
of this guide.

Servers configuration comparison

Prerequisite: Selecting at least two servers.

Description: Contains tables that allow to compare the selected servers configurations: DNS
server parameters, DNS server ACLs and DNS server keys.

Server usage charts

Prerequisite: Selecting at least one server.

673
 Reporting and Monitoring the DNS

Description: Contains usage evolution charts for the selected server: queries over the past week,
last 6 months, last month and past year at the time of the generation of the report.

DNS Zone Reports

The zones dedicated reports are only available on the All zones page. However, the server
dedicated reports are available on the All server page as well as the All zones page of a specific
server.

Zones missing RRs

Prerequisite: Selecting at least one zone.

Description: Contains the list of all the misconfigured records within the selected zones divided
into 5 tables: PTR without A, A without PTR, CNAME without A, NS without A and MX without
A.

Zones configuration comparison

Prerequisite: Selecting at least two zones.

Description: Contains tables detailing the allow-transfer, allow-update, forward, masters and
notify parameters configuration for the selected zone(s). Each parameter value is listed with the
zone name it is configured for and the server it belongs to.

Monitoring DNS Servers

SOLIDserver provides a set of tools to monitor DNS servers. First, on the server properties page,
a set of panel allow to monitor queries and changes on servers. Second, from the All Servers
page, you can send the querylog command for any of your physical servers (EfficientIP or BIND).

Monitoring a DNS Server

On the properties page of a DNS server, physical or smart, you will find two panels: the State
log that displays the server logs and Audit that lists all the changes in the DNS database.

To display a DNS server state log

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.
4. Open the State log using . The lists it contains will indicate the server logs: OK or KO and
the corresponding time.

To display a DNS server audit

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.

674
 Reporting and Monitoring the DNS

4. Open the Audit using . The panel displays the latest changes in the database: the date
and time, service used, the user and the server basic information (name, type and architec-
ture). Typically, if you display the panel after adding a physical server, the latest change will
be the server addition.

As for physical servers, except Hybrid ones, their properties page will contain a statistics panel
that displays query dedicated graphs.

To display a DNS physical server query statistics

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. At the end of the line of the physical server of your choice, click on . The properties page
open.
4. Open the DNS Server statistics <physical-server-name> using .The graphs are displayed,
you can zoom in and out on any graph using your mouse or the icons.

Monitoring DNS Queries

At any time you have the possibility to display all the DNS queries of an EfficientIP or a BIND
DNS server. You can execute the querylog command from the All servers page and then display
the whole list of logs in the Logs visualization page of the Administration module.

With that command you will be able to have an overview of all the DNS queries in IPv4 and IPv6.
Each log will contain the IP address and port number of the requesting client, the name queried,
the type of the name queried, the class, the RR type requested (+ is recursive, - is iterative), and
some more detailed information: whether it is EDNS0 (E), whether TCP was used (T), whether
DNSSEC OK (DO bit) set = query validated (D), whether Checking Disabled (CD bit) set (C), or
whether it is signed (S).

To execute the DNS querylog command

1. Activating the querylog command

a. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the DNS servers icon. The DNS All servers list opens.
c. Tick the server of your choice.
d. In the menu, select Edit > Command > Querylog. The Toggle the querylog command
wizard opens.
e. Click on OK to send the command. The report opens and closes. The All servers list is
visible again and the server is marked Enabled in the Querylog column.

2. Displaying all the logs

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the Monitoring section, click on the Logs Visualization icon. The Syslog page opens.
For more details regarding this page, see the section Logs visualization of this guide.
c. Under the menu, in the SOLIDserver drop-down list, select the SOLIDserver of your
choice.

675
 Reporting and Monitoring the DNS

d. In the Services drop-down list, select named.

e. Tick the Automatic refresh box if you want the syslog page to refresh the log display
every 10 seconds.
f. Filter the list through the Time column. Within the logs list, the two first lines in the Log
column are received control channel command 'querylog' and query logging is now on;
all the logs are listed below.

Figure 50.1. Example of a Querylog Sent In The Syslog Page

Keep in mind that all the logs will be displayed in the Syslog page of the Administration module
in real time. They can slow this page down consistently as the querylog command can generate
a substantial volume of data very quickly. To stop sending the querylog command, see the pro-
cedure below.

To stop the DNS querylog command

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Tick the server of your choice. It will be marked Enabled in the Querylog column.
4. In the menu, select Edit > Command > Querylog.The Toggle the querylog command wizard
opens.
5. Click on OK to send the command. The report opens and closes. The All servers list is visible
again and the server is marked Disabled in the Querylog column.

Figure 50.2. Example of a querylog stopped in the Syslog page

676
Chapter 51. Importing DNS Data
EfficientIP offers several ways of importing zones and RRs from legacy DNS servers to EfficientIP
DNS servers. The DNS data can be downloaded or transferred from the GUI without having to
install any tools on the remote system. The import wizards allow you to load configurations from:

• Comma-Separated Values (CSV) files.

• Vital QIP backups.
• BIND archive files.

Tip
When you import both forward and reverse mapping zone data, the IP addresses
are automatically created if a rule has been configured to synchronize it in that way.
You can then modify the IP address objects to add MAC addresses. In any case if
you had not configured the rule to apply the synchronization with the IP addresses
database, you could make it later by initializing the rule. The IP address object pre-
vents costly errors because you only maintain a single object for multiple DNS records
and a DHCP fixed address. Therefore, it is advantageous to use host records instead
of separate A, PTR, and CNAME records.

Importing DNS Data from a CSV File

Zones and RRs can be imported using a CSV file.The CSV file can be generated from spreadsheet
tool or from a database dump. Each import object will be defined in each line of the CSV file.
There is no particular columns organization to import data and no data treatment is necessary
before importing the file. During the import, the columns in your files will be selected and associated
with the appropriate DNS objects.

For more details regarding DNS import, refer to the chapter Importing Data in the Global Policies
part of this guide.

Importing DNS Zones from a BIND Archive File

The DNS module supports the BIND archives import. BIND archive packaged configuration files
including named.conf and all other zone files. Bind archive can be build by saving the entire dir-
ectories of your BIND configuration including the named.conf file and all other necessary files
from the same directory or including other sub directories. Import wizard support various types
of file packaging, such as: tar, gzip (tgz), zip and rar. It is not necessary to change the directory
paths of your zone files from your named.conf file if you are not able to provide the whole directory
organizations in the archive file, the system is smart enough to retrieve the files in the archive
(several zone files may use the same name in different directories).

Note
You cannot use the characters "_", "@" and ":" when importing a BIND file.
Make sure you did not use any of these characters in zone names, RR names... as
it would trigger either parsing errors (and not import the file) or import everything but
the line containing the character. For more details, refer to the RFC 1034 Domain
Names - Concepts and Facilities.

677
 Importing DNS Data

To import zones from a BIND archive file

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. Click on the name of the server in which you want to import the BIND archive file. It must be
an EfficientIP DNS server.
4. In the menu, select Add > Import > BIND archive file. The Importing a named.conf and zone
files wizard opens.
5. Click on BROWSE to select the BIND archive file to import.
6. In the File name field, the file is displayed once selected.
7. In the DNS Server drop-down list, select the server that will receive the configuration. The
server you click on is automatically selected.
8. In the Action drop-down list, you can either Import data or Check file.
9. In the Import global configuration section, tick the box to import the global configuration
settings that apply to all the zones.
10. Click on OK commit your import configuration. The report opens and works for a while before
displaying the import result and potential errors.
11. Through the Export format section, you can download the import result report in TEXT , HTML
or EXCEL .
12. Click on CLOSE to go back to the All servers list.

Importing DNS Zones from a VitalQIP Archive File

The DNS module supports the VitalQIP archives import. Keep in mind that the import will only
work if all the .qef files are saved at the root of a directory that you compressed in .zip or .rar
before importing it to SOLIDserver. Also, the QIP's audit files (ending with _aud.qef) are not
needed in the import file. Removing them from the archive will drastically speed up the import
process.

To import zones from a VitalQIP archive file

1. Go to the DNS tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the DNS servers icon. The DNS All servers list opens.
3. In the menu, select Add > Import > QIP backup. The Importing a QIP file wizard opens.
4. Click on BROWSE to select the QIP archive file to import.
5. In the File name field, the file is displayed once selected.
6. Click on NEXT . The last page of the wizard opens.
7. In the DNS Server drop-down list, select the server that will receive the configuration.
8. Click on OK to commit your choice. The report opens and works for a while before displaying
the import result and potential errors.
9. Through the Export format section, you can download the import result report in TEXT , HTML
or EXCEL .
10. Click on CLOSE to go back to the All servers list.

678
Part VIII. NetChange
Table of Contents
52. Introduction ............................................................................................................. 682
Objectives of NetChange ....................................................................................... 682
Optimizing the Discovery Efficiency ........................................................................ 683
Configuring CDP (Cisco devices) ................................................................... 683
Configuring Auto-topology NDP (Nortel devices) ............................................. 683
Listing Network Devices ................................................................................. 683
Configuring the SNMP ........................................................................................... 684
Increasing the SNMP Performance ................................................................. 684
NetChange Licenses ............................................................................................. 684
53. Managing Network Devices ...................................................................................... 685
Browsing Network Devices ..................................................................................... 685
Browsing the Network Devices Database ........................................................ 685
Customizing the Network Devices Display ....................................................... 686
Adding Network Devices ........................................................................................ 687
Importing Network Devices .................................................................................... 687
Importing Network Devices Using a CSV File .................................................. 687
Importing Network Devices Using Discovery Protocols .................................... 688
Enabling or Disabling the 802.1X Authentication Protocol ......................................... 689
Refreshing the Network Devices Database ............................................................. 690
Refreshing a Device Manually ........................................................................ 690
Scheduling a Refresh .................................................................................... 691
Connecting to a Network Device Via a Console ....................................................... 692
Making a Network Device Snapshot ....................................................................... 692
Creating Network Devices in Device Manager ......................................................... 693
Deleting Network Devices ...................................................................................... 693
Defining a Network Device as a Group Resource .................................................... 694
54. Managing Routes ..................................................................................................... 695
Browsing the Routes Database .............................................................................. 695
Customizing the Routes Display ............................................................................. 695
55. Managing VLANs ..................................................................................................... 696
Browsing VLANs ................................................................................................... 696
Browsing the VLANs Database ....................................................................... 696
Customizing the VLANs Display ..................................................................... 697
Adding a VLAN ..................................................................................................... 697
Editing a VLAN ...................................................................................................... 698
Deleting a VLAN .................................................................................................... 698
56. Managing Ports ....................................................................................................... 699
Browsing Ports ...................................................................................................... 699
Browsing the Ports Database ......................................................................... 700
Customizing the Ports Display ........................................................................ 700
Enabling or Disabling a Port ................................................................................... 701
Editing a Port Interconnection ................................................................................ 701
Editing a Port Speed and Duplex Mode ................................................................... 702
Updating a Port Description ................................................................................... 703
Managing the 802.1X Authentication on a Port ........................................................ 703
Restricting Access to a Port Using Port-security Protocol ......................................... 704
Configuring VLAN Tagging on a Port ....................................................................... 706
Configuring the Tagging Mode ........................................................................ 706
Associating a Port With a VLAN ...................................................................... 707
Refreshing the Ports Database ............................................................................... 708
57. Managing Discovered Items ...................................................................................... 709

680
 NetChange

Browsing Discovered Items .................................................................................... 709

Browsing the Discovered Items Database ....................................................... 709
Customizing the Discovered Items Display ...................................................... 710
Refreshing the Discovered Items Database ............................................................. 710
Populating Device Manager ................................................................................... 710
Creating the IP Address of a Discovered Item in the IPAM ........................................ 711
Using the History View to Track the Movements a Specific Device ............................ 711
58. Managing Statistics .................................................................................................. 712
Displaying NetChange Statistics ............................................................................. 712
Displaying Network Devices Statistics ..................................................................... 712
Displaying Ports Statistics ...................................................................................... 712
Enabling the Rule That Retrieves Ports Information ......................................... 712
Displaying a Port Charts ................................................................................ 713
59. Monitoring, Configuring and Tuning ........................................................................... 714
Generating NetChange Reports ............................................................................. 714
Network Device Reports ................................................................................ 714
Keeping NetChange Data Up-to-date ...................................................................... 714
Synchronizing the Network Devices with a CSV File ................................................ 716
Managing NetChange Advanced Configurations ...................................................... 717

681
Chapter 52. Introduction
Since version 5.0.3, IPLocator has been renamed. It is now called NetChange. Along with this
new module name comes a new licence that goes beyond the regular use of former IPLocator
and offers, among other options, the possibility to add VLANs on your network devices and asso-
ciate your physical ports with these VLANs provided that the SNMP agent of the devices support
the port edition. For more details regarding the two NetChange licences, refer to the NetChange
Licenses section of this guide.

Objectives of NetChange
Usual network discovery products only offer a logical level 3 representation of the network. Today,
we can't rely on the hypothesis that all contiguous addresses of a subnet are on the same phys-
ical segment of the network. In fact, the concept of VLAN and level 3 routing in the switches have
completely transformed the network architectures and opened new possibilities of network seg-
mentation at level 2. Consequently, IP addresses belonging to the same subnet can be physically
connected to two physical networks hundreds of kilometers apart, and the IP address is not only
linked to a network segment, it is also subject to specific security constraints or even performance.

IP address connection tracking

- Switch number
- Port number
- MAC address
- VLAN ID
- DNS name

Local
discoveries
Remote
discoveries
Local
Data Center discoveries Small Office

Head Quarter

Figure 52.1. NetChange architecture

NetChange uses the SNMP protocol to query the devices and gather information. The quantity
and the quality of the collected information depends on the implementation in every network
device of specific SNMP MIBs and on how NetChange supports these MIBs. The experience
showed that the specific information of each device manufacturer requires a good knowledge of
the devices configuration to find them in the SNMP MIBs. That's why NetChange has been de-
signed on a modular internal architecture to provide a unique tool of administration, whatever the
device manufacturer.

NetChange can either allow to retrieve information regarding the network devices on your network
or configure them partially. For more details, refer to the NetChange Licenses section.

682
 Introduction

Optimizing the Discovery Efficiency

Through SNMP, NetChange can collect the network information at a given moment or can be
scheduled. To keep the information database up to date, it is necessary to regularly query the
devices. The best way is to set up a scheduling policy on all network devices and let NetChange
query them automatically.

The discovery products generally have a bad reputation on the bandwidth consumption, and on
the load of the network devices. EfficientIP have developed discrete algorithms to reduce to the
maximum the queries on the network devices. Different parameters can also lead to an optimiz-
ation of the discovery process.

Configuring CDP (Cisco devices)

CDP (Cisco Discovery Protocol) is a protocol implemented in Cisco devices allowing the devices
to share information on the network, and especially on its topology. Each compatible CDP device
periodically sends advertisement packets on the network to a multicast address. Compatible
devices listen to the periodically sent CDP packets to learn the network topology and determine
the status of the interfaces.

NetChange also uses the CDP protocol to detect the interconnections between the Cisco devices
quicker. The activation of CDP on the Cisco devices will significantly increase the efficiency of
NetChange discoveries. By default, the CDP protocol is activated on Cisco devices. To get more
information on this protocol, refer to the Cisco documentation.

Configuring Auto-topology NDP (Nortel devices)

AutoTopology is a protocol implemented in Nortel devices allowing the devices to share information
on the network, and especially on its topology. This protocol is relatively similar to the CDP protocol
in Cisco devices.

NetChange also uses the Nortel protocol to detect the interconnections between the Nortel devices
quicker. The activation of AutoTopology on the Nortel devices will significantly increase the effi-
ciency of NetChange discoveries. To get more information on AutoTopology, refer to the Nortel
documentation;

Listing Network Devices

NetChange performs different correlations to detect the level 2 interconnections between network
devices. The more complete the database is, the more precise the management is. Consequently,
it is recommended to import all possible devices in NetChange, either level 2 (switches), or level
3 (routers). If some network devices do not support SNMP, or have not been validated by
NetChange, it is possible to force the analysis of the interconnection ports to gather more inform-
ation.

To have an overview of all the network devices supported by SOLIDserver, please refer to Effi-
cientIP Knowledge Base: https://kb.efficientip.com/index.php/Main_Page. Access the NetChange
Category to display the pages dedicated to the module. You will find a list of all the network
devices supported for each version of SOLIDserver, each list is named NetChange <version_num-
ber> Supported Devices.

683
 Introduction

Configuring the SNMP

NetChange uses the SNMP protocol to collect the configuration of the imported network devices.
To be able to retrieve this information, the SNMP service and SNMP communities (SNMP v1,
v2c, v3) must be configured prior to the import. To configure the SNMP service and profiles, refer
to the Managing the SNMP Service section of this guide. To configure the SNMP communities,
refer to the Managing SNMP Profiles chapter.

Increasing the SNMP Performance

SOLIDserver provides the SNMP protocol in version 1, 2c and 3. Version 1 is largely deployed
in companies networks; versions 2c and 3 of the protocol allow a better SNMP performance by
making multiple requests in a single query (Bulk mode). Network use can be divided by 10 to 30,
significantly improving performance and reducing network load. However, some network devices
may not properly run with these protocols. In case of any problem with the discovery, check first
that SNMPv1 is used.

NetChange Licenses
There are two NetChange licenses available:

1. NetChange-IPL is a light version that provides basic management options of your network
devices.
2. NetChange is the full license that allows advanced management of your network devices as
it provides configuration options for VLANs and ports properties, 802.1X authentication...

Table 52.1. NetChange-IPL and NetChange Licenses Differences

Options NetChange-IPL NetChange
Adding and listing Network devices Yes Yes
Discovering and listing routes Yes Yes
Listing VLANs Yes Yes
Listing ports Yes Yes
Listing discovered items Yes Yes
Adding and deleting VLANs No Yes
Configuring the speed of a port No Yes
Configuring the duplex of a port No Yes
Configuring the VLAN of a port No Yes
Configuring access VLANs No Yes
Enabling or disabling 802.1X authentication No Yes

684
Chapter 53. Managing Network Devices
NetChange uses the SNMP protocol to query network devices and centralize all collected inform-
ation in its database.You can add, import and delete network devices from the All network devices
list. There are several ways to integrate new network devices in NetChange database :

• Adding one of several network devices using their IP address;

• Importing network devices through discovery protocols (like CDP, DP or LDAP) once you added
a device;
• Importing network devices using a CSV file. For more details regarding CSV imports, refer to
the Importing Data to NetChange section of the Importing Data chapter.

To use NetChange at the maximum of its potential, we strongly suggest that you add at least
once device using its IP address and then use the discovery protocols to add all your network
devices to the All network devices list.

Browsing Network Devices

The Network device is the highest level of organization in NetChange. It merely contains all the
devices that you want to manage and work with on your network. Afterward, you will have the
possibility to define, check or discover how they are all related to each other through the All
VLANs, All ports and All discovered items pages.

Here below, you can see the breadcrumb link to browse the network devices database:

Figure 53.1. NetChange: Network Devices

Browsing the Network Devices Database

To list the network devices from NetChange homepage

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.

To list the network devices through the breadcrumb

1. Go to the NetChange tab.

2. In the breadcrumb, click on All network devices. The All network devices list opens.

To display a network device properties page

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.

685
 Managing Network Devices

The properties page of a network device describes all the configured data in a set of panels:

• Main properties sums up the main information regarding the device.

• Refreshment properties displays the refreshment configuration of the device.
• Additional information lists all the information gathered that are not displayed in the other
panels such as the stack identifier, serial number, MAC address, number of ports etc.
• SNMP properties displays all the SNMP related data of the device: profile, version, port, number
of retries, etc.
• Network device ports status displays a graph representing the active, inactive and disabled
ports of the device.

In the Main properties panel, some information is very specific. The available properties depend
on the device supported MIBs. For more details, see the table below, the emphasized properties
are specific to certain models.

Table 53.1. Network Devices Main Properties Panel Description

Properties Description
Name The network device name.
IP address The IP address of the network device management interface.
Type The network device type and model.
Analysis The network device current analysis status : Being analyzed (in progress)
or time necessary to collect information during last refresh.
Description The network device description and operating system.
CPU Load The network device CPU Load.
Last updated The network device last refresh date and time.
Serial Number The network device serial number.
Uptime The network device uptime.
sysLocation The network device sysLocation.
Product type The network device type (level 2 switch, level 3 router...).
Status The network device status (up, timeout, misconfigured, unmanaged).
System ID The network device internal system ID (its MAC address generally).
Temperature The network device temperature.
Class The network device class.

Customizing the Network Devices Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Some columns provide vendor information regarding the devices listed: Complete description
retrieves all available the vendor information (SysDescr) and Version provides the device OS
version only for Cisco equipment.

686
 Managing Network Devices

Adding Network Devices

The network devices addition uses the device IP address but you can type in a range of IP ad-
dresses to add several devices at once.

To add a network device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Add > Network device. The Add network devices wizard opens.
4. In the IP address field, type in either the IP address of the device of your choice or the start
address of a range of addresses that contains several or all of your network devices.
5. In the Ending IP address field, you can type in the last address of the range containing net-
work devices.
6. Choose the version of the SNMP profile to retrieve the network device(s) information if you
know it.

Table 53.2. SNMP Profile Information Fields

Fields Description
SNMP profiles configura- This field lists the available versions of the SNMP protocol. If
tion you know the version, select it and click on to move it to the
Selected profiles list.
Selected profiles This field lists the versions of the SNMP protocol you chose to
use to retrieve the network information. To remove a version
from the list, select it and click on .

If you do not know it, NetChange will automatically detect it, so refer to see step 7.
7. In the Target space drop-down list, select the IPAM space that will list the IP address of the
discovered items of the network device(s).
8. Click on OK to add the network device(s). The report opens and works for a while before
closing. The list is updated.

Once you added one device, you can retrieve all the devices it is directly connected (plugged)
to using the discovery protocols option. For more details, refer to the Importing Network Devices
Using discovery Protocols section below.

Importing Network Devices

Importing Network Devices Using a CSV File
SOLIDserver provides wizards to import network devices lists in CSV format to the All network
devices page. The devices order in the list does not matter, you will be able to sort and filter them
once imported. For more details, refer to the chapter Importing Data in the Global Policies part
of this guide.

Keep in mind that the discovery protocols help you extend the list of network devices with the
devices connected to the ones you imported through CSV. For more details, refer to the Importing
Network Devices Using discovery Protocols section below.

687
 Managing Network Devices

Importing Network Devices Using Discovery Protocols

NetChange provides a powerful option to discover the network devices connected to each other.
It retrieves all the information via three layer 2 protocols: the Cisco Discovery Protocol (CDP),
the Nortel Discovery Protocol (NDP) and the Link Layer Discovery Protocol (LLDP). the information
gathered through these protocols is then retrieved using SNMP, among this information are the
devices neighbors i.e. the devices connected to the devices listed on the All network devices list.

The Cisco Discovery Protocol (CDP)

The CDP is a proprietary Data Link Layer network protocol developed by Cisco Systems. It
is used to share information about other directly connected Cisco equipment, such as the
operating system version and IP address. NetChange uses CDP to discover the Cisco network
devices.
The Nortel Discovery Protocol (DP)
The DP is a Data Link Layer (OSI Layer 2) network protocol for discovery of Nortel devices.
NetChange uses DP to automatically discover the Nortel, Avatar and Siena network devices.
The Link Layer Discovery Protocol (LLDP)
The LDAP is a vendor-neutral Link Layer protocol in the Internet Protocol Suite used by
network devices for advertising their identity, capabilities, and neighbors on a IEEE 802 local
area network, principally wired Ethernet. LDAP is supported by the following switch vendors:
HP, H3C, Nortel, Extreme Networks, Cisco and Juniper, Dell and Entreats.

To import network devices using the discovery protocols

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the device(s) for which you want to discover neighbors.
4. In the menu, select Add > Import > Using CDP/NDP/LLDP. The Add network devices wizard
opens.
5. In the Target space drop-down list, select the IPAM space that will list the IP addresses of
the discovered device(s).
6. Click on OK to execute the discovery. The report opens and works for a while before closing.
The devices found are listed.

The LLDP being the only vendor-neutral protocol, you will need to enable it on your devices, es-
pecially if the devices connected are from different vendors or i you connected a Nortel or Cisco
device with a device from a different vendor.

Enabling LLDP on HP Devices

LLDP is enabled by default on HP Procure switches and routers. There is nothing to do. If you
want to see LLDP neighbors from your HP switch, use the following command.
show lldp info remote-device

Enabling LLDP on Nortel Devices

Nortel switch 425 and 55x0 series support LLDP with a 5.x firmware.This is not enabled by default.
Here is the set of command to enable LLDP:
5510-24T(config)#interface FastEthernet ALL
5510-24T(config-if)#lldp tx-tlv port ALL port-desc

688
 Managing Network Devices

5510-24T(config-if)#lldp tx-tlv port ALL sys-name

5510-24T(config-if)#lldp tx-tlv port ALL sys-desc
5510-24T(config-if)#lldp tx-tlv port ALL local-mgmt-addr
5510-24T(config-if)#lldp tx-tlv port ALL dot1 vlan-name ALL
5510-24T(config-if)#lldp tx-tlv port ALL dot3 link-aggregation
5510-24T(config-if)#lldp tx-tlv port ALL dot3 mac-phy

Depending on your firmware version, some options may be unrecognized. For VLAN, unfortunately,
you need to issue the command each time you add a VLAN. When using MT, EAST or SMELT,
you may want to disable ingress filtering:
vlan ports ALL filter-unregistered-frames disable

For Nortel RES 8600, there is no support for LLDP. For Nortel Switch for IBM Blade canter (Nortel
Layer 2-3 and 2-7), you need version 5.1 or more recent.

Enabling LLDP on Extreme Networks Devices

ExtremeOS and ExtremeWare supports LLDP with recent firmware's. You need to enabled it
with:
enable lldp ports all
configure lldp ports all avertise management-address
configure lldp ports all avertise port-description
configure lldp ports all avertise system-capabilities
configure lldp ports all avertise system-description
configure lldp ports all avertise system-name
configure lldp ports all avertise vendor-specific dot1 vlan-name
configure lldp ports all avertise vendor-specific dot3 link-aggregation
configure lldp ports all avertise vendor-specific dot3 mac-phy

Enabling LLDP on Cisco Devices

Starting from IS 12.2(33)SCH, LLDP is supported. Use the following command to enable it:
lldp run

On each interface, you may need to accept LLDP:

interface GigabitEthernet1/7
lldp enable

Enabling LLDP on Juniper Devices

Numerous platforms from Juniper support LLDP and LLDP-MED.The Juniper supported platforms
are: EX, MX, M, J and SEX. Use the following command to enable it:
set protocols lldp

On capable and configured devices, you can see LLDP information with:
show lldp <detail>

Enabling or Disabling the 802.1X Authentication Protocol

As long as a device supports the 802.1X authentication, you can enable or disable it from the
GUI. We recommend that you display the 802.1X column, it allows to rapidly see if the authentic-
ation is supported on a device and if it is, if it is enabled or disabled.

Keep in mind that even if the authentication is enabled for the device, you can choose to disable
it on the ports individually. For more details, refer to the Enabling or Disabling the 802.1X Authen-
tication on a Port section of this guide.

689
 Managing Network Devices

To enable the 802.1X authentication on a device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the device you want to edit. The Info Bar appears.
5. Click on . The Edit a network device wizard opens.
6. In the 802.1x authentication drop-down list, select Enable.
7. Click on OK to commit your changes. The report opens and closes. The device is marked
Enabled in the 802.1X column.

To enable the 802.1X authentication on a device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the device you want to edit. The Info Bar appears.
5. Click on . The Edit a network device wizard opens.
6. In the 802.1x authentication drop-down list, select Enable.
7. Click on OK to commit your changes. The report opens and closes. The device is marked
Disabled in the 802.1X column.

Refreshing the Network Devices Database

After each network device import, a discovery is automatically carried out to fill NetChange
database. It includes ports, VLANs, routes, IP addresses and MAC addresses information. Fol-
lowing this initial discovery, it is necessary to periodically refresh the database to keep it up to
date. Two methods are available : a manual refresh or a scheduled refresh of network devices.

Refreshing a Device Manually

The manual refresh allows to get the latest information available regarding a network device. For
instance, you should use it if its configuration or architecture have been modified.

To manually refresh a device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) you want to refresh.
4. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
5. Click on OK to refresh the device(s). The report opens and works for a while.

690
 Managing Network Devices

When the refreshment is over, a report might appear and list the created IP addresses (Notice)
and existing ones (Error). This list regards only the device addition or import selected Target
space. You can download this report in the format of your choice: TEXT , HTML or EXCEL .
6. Click on CLOSE to go back to the All network devices page. The page refreshes.

Scheduling a Refresh
The scheduled refresh allows to plan ahead the update of the NetChange database. You can
specify different schedules depending on the devices. Typically, edge switches are queried more
often than backbone routers.

Setting up a Scheduled Refresh

The device refresh frequency can be common to several devices or specific to a device. Do not
hesitate to tick one or several devices before setting up a refresh schedule.

To schedule a refresh

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) for which you want to schedule the refresh.
4. In the menu, select Edit > Scheduling > Configure refresh. The Set refresh parameters
wizard opens.
5. Configure the refresh frequency using the table below.

Table 53.3. Scheduled Refresh Parameters

Fields Description
Minute In this drop-down list, select the moment (o'clock, quarter past, half
past or quarter to) or the frequency (in minutes) of the refresh.
Hour In this drop-down list, select a frequency (over the whole day or for
a limited period of time each day), a set of hours or a specific hour
per day for the refresh.
Date of the month In this drop-down list, select a specific day of the month or a fre-
quency (every day) for the refresh.
Month In this drop-down list, select a specific month or a frequency (every
month) for the refresh.
Day(s) of the week In this drop-down list, select a frequency (over the whole week or for
a specific set of days) or a specific day of the week.

6. Click on OK to commit the refresh configuration. The report opens and closes. The list is
visible again.

Disabling a Scheduled Refresh

Any scheduled refresh can be disabled for one or several devices at once.

691
 Managing Network Devices

To disable a scheduled refresh

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) for which you want to disable the scheduled refresh.
4. In the menu, select Edit > Scheduling > Disable. The Disable Schedule wizard opens.
5. Click on OK to commit the refresh configuration. The report opens and closes. The list is
visible again.

Connecting to a Network Device Via a Console

From the properties page you can connect to a network device via a telnet or web console.

To connect to a network device via a telnet console

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.
4. In the menu, select Tools > Connect > Via telnet.
5. The telnet console connected to your device opens.

To connect to a network device via a web console

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. At the end of the line of the network device of your choice, click on . The properties page
opens.
4. In the menu, select Tools > Connect > Via web.
5. A new tab connecting to your device opens.

Making a Network Device Snapshot

SOLIDserver allows you to retrieve information regarding a specific network device, whether it
is already managed by NetChange or not, through its IP address.

EfficientIP support team might ask for a device snapshot in case of missing or distorted information
on an equipment you want to add to NetChange. The snapshot will be generated in .pcap format
and stored in the Local files listing.

To make a network device snapshot

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.

692
 Managing Network Devices

2. Click on the Network devices icon. The All network devices list opens.
3. In the menu, select Tools > Make a snapshot. The Configure a network device snapshot
wizard opens.
4. In the Interface drop-down list, select the network interface through which you want to make
the snapshot.
5. In the SNMP profile drop-down list, select the SNMP protocol version of the snapshot gen-
eration. By default, standard v1 is selected.
6. If you are generating a Cisco device snapshot, tick the Cisco device checkbox.
7. In the IP address field, type in the device IP address.
8. Click on OK to commit the creation. The report opens and works for a while before closing.
The All network devices list is visible again.The snapshot (<chosen_interface>_<chosen_SN-
MP_profile>_snapshot.pcap file) is available on the Local files listing page. To download
this file, refer to the procedure below.

To download a network device snapshot through the GUI

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. In the Name column, the snapshot is listed and named following the following format:
<chosen_interface>_<chosen_SNMP_profile>_snapshot.pcac.
4. Filter the list if need be. Once you found the snapshot, click on its name to download it.

Creating Network Devices in Device Manager

SOLIDserver allows you to manage your network devices through NetChange and Device Man-
ager. With a simple automated manipulation you will be able to create, within Device Manager
module, the network devices of your choice as well as the ports and interfaces they contain.

For more details, refer to the Adding Network Devices in Device Manager section of this guide.

Deleting Network Devices

If you no longer want to manage a network device or no longer use it, you can delete it from the
GUI. Deleting a device from the list also deletes all references to its interfaces and discovered
items.

To delete network devices

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network devices you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the device deletion. The report opens and closes. The devices is no
longer listed.

693
 Managing Network Devices

Defining a Network Device as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a network device as one of the resources of a specific group will allow the users
of that group to manage the network device(s) in question as long as they have the corresponding
rights and delegations granted.

Granting access to a network device as a resource will also make every item it contains available.
For more details, refer to the section Assigning Objects as Resource in the chapter Groups of
this guide

694
Chapter 54. Managing Routes
Both NetChange licenses provide the All routes page. It is dedicated to the network devices
routing tables. The page displays the existing routes on the layer 3 network devices you manage
using the module. All the information displayed is retrieved using the SNMP protocol. Each route
correspond to subnet and has a unique IP address and prefix. The prefix can be any number
between /8 to /32. You cannot edit, add or delete these routes.

Here below, you can see the breadcrumb link to browse the VLANs:

Figure 54.1. NetChange: Routes

Browsing the Routes Database

To list the routes from NetChange homepage

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Routes icon. The All routes list opens.

To list the routes through the breadcrumb

1. Go to the NetChange tab.

2. Click on the All routes in the breadcrumb. The All routes list opens.

To list the routes of a specific network device

1. Go to the NetChange tab.

2. Click on the Network devices icon. The All network devices list opens.
3. In the Name column, click on the name of the device of your choice. The All ports page
opens.
4. In the menu, select Display > All routes. The All Routes list of the device you chose opens.

In the list, the routes are color coded according to their prefix. The routes with a prefix located
between /8 and /24 all have a green icon. The /30 routes are represented with a red icon, /31
with an orange icon and finally the /32 routes with a blue icon.

Customizing the Routes Display

SOLIDserver enables you to modify the columns display in the All routes list. You can add, or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

695
Chapter 55. Managing VLANs
The All VLANs page simply provides an overview of the amount of existing of Virtual Local Area
Networks of each network device and there ID if you purchased the license NetChange-IPL. If
you have the NetChange license, it also allows add, edit and delete VLANs on your devices. For
more details regarding the two available NetChange licenses, refer to the NetChange Licenses
section.

Browsing VLANs
The VLANs are, along with the discovered items, the third level of the organization of the
NetChange module.

Here below, you can see the breadcrumb link to browse the VLANs:

Figure 55.1. NetChange: VLANs

Browsing the VLANs Database

To list the VLANs from NetChange homepage

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.

To list the VLANs through the breadcrumb

1. Go to the NetChange tab.

2. Click on the All VLANs in the breadcrumb. The All VLANs list opens.

To list the VLANs of a specific network device

1. Go to the NetChange tab.

2. Click on the VLANs icon. The All VLANs list opens.
3. In the Network device column, click on the name of the device of your choice to display only
its VLANs.

To display a VLAN properties page

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. At the end of the line of the VLAN of your choice, click on . The VLAN properties page
opens.

696
 Managing VLANs

Customizing the VLANs Display

SOLIDserver enables you to modify the columns display in the All VLANs list. You can add, or
modify the order of columns. For more details, see the Customizing the List Layout section of
the Understanding the SOLIDserver User Interface part of this documentation.

With version 5.0.3, the Port list column was added to the All VLANs page. It contains the number
of all the ports associated with each VLAN.You can edit this list if you purchased the NetChange
license, otherwise this list is merely informative.

Adding a VLAN
With the NetChange license you can add VLANs to the All VLANs page and then associate them
with existing ports. Using 802.1q VLAN Trunking protocol, a VLAN can cover a network area on
multiple switches.

To add a VLAN from the All VLANs page

1. Go to the NetChange tab.

2. Click on the VLANs icon. The All VLANs list opens.
3. In the menu, select Add > VLAN. The Add a VLAN wizard opens.
4. In the Name field, name the VLAN.
5. In the VLAN ID field, type in an ID between 1 and 1005 for your VLAN.
6. In the Network device drop-down list, select the network device where you want to add your
VLAN.
7. Click on OK to commit your creation. The report opens and closes. The VLAN is listed.

You can also add a VLAN from the All VLANs list of a specific device, in this case the Network
device drop-down list will not appear.

In addition, you can use existing VLANs ID and name and add them to another device. That way,
you only need to specify a device and the VLAN name and ID are used automatically upon cre-
ation. Obviously, the ports configuration of the selected VLAN is not created in the target network
device.

To add a VLAN from the All VLANs page using an existing name and ID

1. Go to the NetChange tab.

2. Click on the VLANs icon. The All VLANs list opens.
3. Put your mouse over the name of the VLAN of your choice. The Info Bar appears.
4. Click on . The Add a VLAN wizard opens.
5. In the menu, select Add > VLAN. The Add a VLAN wizard opens.
6. In the Name and VLAN ID fields, are displayed in the grey the name ID of the chosen VLAN.
7. In the Network device drop-down list, select the device of your choice.
8. Click on OK to commit your creation. The report opens and closes. There are now two VLAN
with the same name and ID listed, only their device differs.

697
 Managing VLANs

Editing a VLAN
Editing a NetChange VLAN means renaming it. However, with the NetChange license you can
decide to use it with one or several of your network ports. For more details regarding the port
and VLAN interaction, refer to the Associating a Port With a VLAN section.

To rename a VLAN

1. Go to the NetChange tab.

2. Click on the VLANs icon. The All VLANs list opens.
3. Filter the list of need be.
4. In the Name column, put your mouse over the VLAN you want to rename. The Info Bar ap-
pears.
5. Click on . The Add a VLAN wizard opens.
6. In the Name field, rename the VLAN.
7. In the VLAN ID field, the ID is displayed but cannot be edited.
8. Click on OK to commit your changes. The report opens and closes. The list refreshes, the
new VLAN name is listed.

Deleting a VLAN
With the NetChange license you can delete any VLAN from any network device as long as it is
not used on any port.

To delete a VLAN

1. Go to the NetChange tab.

2. Click on the VLANs icon. The All VLANs list opens.
3. In the Network device column, click on the name of the device of your choice to display only
its VLANs.
4. Tick the VLAN(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the VLAN deletion. The report opens and closes. The VLAN is no
longer listed.

698
Chapter 56. Managing Ports
The ports are physical interfaces of the network devices. NetChange discovers the network
devices ports using a discovery algorithm that automatically analyzes each port and displays the
ports type and status. It also allows to know which MAC or IP addresses will be looked for and
the devices connection on the network. Typically the listed ports can be:

• Edge or terminal ports: used to connect the terminal network devices of the network (servers,
workstations, printers, ...);
• Interconnection ports: used to link the network devices between them (the backbone).

Depending on your network devices, some ports can actually be both. Some columns on the
page provide all this information:

• Interco (for interconnection) is purely informative even if you can manually force its value to
Yes, No or Autodetect in the GUI
• Trunking/Tagging mode provides the actual port type, edge ports are marked Access and
interconnection ports are marked Trunk or Tagged.

NetChange module allows to edit a port and associate it with existing VLANs on your device
(existing by default or that your added). To be able to edit a port, you must meet the following
prerequisites:

1. The SNMP community used with network device must be a read/write community.
2. You have the NetChange licence. NetChange-IPL does not provide ports edition options.
3. The network device on which you edit the port supports MIBs that allows ports edition.

Once these prerequisites are met, you can edit your ports This allows to associate them with any
VLAN on your network or even use them in a tagged or untagged mode and influence their be-
havior on the network. As a general rule, when choosing to tag or not a port you should take into
account the following:

• The untagged mode (called Access on Cisco devices) uses the ID of the tagged VLAN the port
is associated with when sending and receiving data. That way packages are identified
throughout the transfer on the network from the sending port to the receiving one. Once the
package is received, the tag number is dismissed, in other words untagged. This transfer mode
is based on terminal, or edge, ports as packages always reach their destination thanks to their
tag once sent.
• The tagged mode (called Trunk on Cisco devices) uses the ID of the VLANs associated with
the port only when sending packages. The tag identifies the target port. Once the package is
received, the tag number is kept. This transfer mode is based on interconnection ports as it
allows to send out data all over the network.

Browsing Ports
The ports are the second level of organization in NetChange. Here below, you can see the
breadcrumb link to browse the ports database:

699
 Managing Ports

Figure 56.1. NetChange: Ports

Browsing the Ports Database

The list is customizable, meaning that it contains several columns that you can display, hide or
sort at your will. You can add or modify the order of the columns. For more details, see the Cus-
tomizing the List Layout section of the Understanding the SOLIDserver User Interface part of this
guide.

To list the ports from NetChange homepage

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.

To list the ports through the breadcrumb

1. Go to the NetChange tab.

2. Click on All ports in the breadcrumb. The All ports list opens.

To list the ports of a specific network device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Click on the name of the network device of your choice. The All ports list opens and displays
only the ports of the selected device.

To display a port properties page

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. At the end of the line of the port of your choice, click on . The network port properties page
opens.

Customizing the Ports Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

With version 5.0.3 comes a set of new columns that provide a more complete overview of the
ports configuration: Trunking/Tagging mode, Configured speed, Configured duplex, VLAN
name list...

The columns Speed and Duplex are now called Operating speed and Operating duplex.

700
 Managing Ports

Enabling or Disabling a Port

As an experiment, NetChange offers a function to disable or enable ports of any network device,
as soon as it has been validated. This functions allows you to disable directly through the web
interface any port, typically when a workstation has been detected as infected by a virus or when
a user has not been authorized on the network. To work properly, you must have defined the
Write community of the SNMP profile used by the network device.

Caution
You should never disable interconnection ports as you take the risk to loose access
to your network device. It is possible that this function will be impossible in the future.

To disable a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the status.
4. In the menu, select Edit > Port status > Disable.The Change the status of a port wizard
opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again.

To enable a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the status.
4. In the menu, select Edit > Port status > Enable. The Change the status of a port wizard
opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again.

Note
On some devices, especially Cisco Catalyst, the configuration is not written after the
modification has been done, so if no write configuration command is made through
CLI, modifications will be lost in case of reload of the switch.

Editing a Port Interconnection

Interconnection ports are used to link the network devices (the backbone) between them. Most
of the network traffic is done through these ports. NetChange discovery algorithm automatically
isolates interconnection ports: they are marked Yes in the Interco column. However, if the number
of discovered items in a port is greater than a defined limit (3 by default), the port will not be
analyzed.

701
 Managing Ports

The value of the Interco column is merely a way of filtering the ports in the list. If you force the
interconnection to Yes, the port is not dedicated to interconnection and vice versa.

To tag a port using the Yes (forced) interconnexion status

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) you want to use as an interconnection.
4. In the menu, select Edit > Interconnection > Force to yes. The Manually force ports inter-
connection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will switch to Yes (forced) on selected ports.

To tag a port using the No (forced) interconnexion status

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) you want to stop using as interconnection.
4. In the menu, select Edit > Interconnection > Force to no. The Manually force ports inter-
connection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will switch to No (forced) on selected ports.

To tag a port using the Autodetect interconnexion status

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which to automatically discover the interconnections on the network.
4. In the menu, select Edit > Interconnection > Autodetect. The Ports interconnection auto-
detection wizard opens.
5. Click on OK to commit your modification. The report opens and closes. The list is visible
again. The value of the Interco column will be updated after the next refresh of the device.

Editing a Port Speed and Duplex Mode

You can edit the port speed and duplex on each port individually. In some cases you might only
be able to edit the speed. During the configuration, the available values depend on the port
possible speed and duplex configuration. We recommend that you display the Configured speed,
Configured duplex, Operating speed and Operating duplex columns to rapidly see the speed
and duplex configuration of the ports.

Keep in mind that you can only see the speed and duplex changes of active ports. If you edit the
port and speed of an inactive port, the changes are never visible in the GUI.

702
 Managing Ports

To edit a port speed and duplex mode

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Speed and duplex mode drop-down list, select the port <speed> <duplex> of your
choice.
7. Click on OK to commit your changes. The report opens and closes. The ports list is visible
again.

Once you edited the port speed and duplex, you need to refresh the port to see your changes in
the Configured speed and Configured duplex columns. For more details, refer to the Refreshing
the Ports Information section below.

Updating a Port Description

Even though the name of a switch port cannot be edited, it is possible to modify its description
through NetChange to help you recognize it instantly from the graphical interface. The description
is directly updated on the port itself and is visible by any user that discovers the device. To work
properly, you must have defined the Write community of the SNMP profile used by the network
device.

To update a port description

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Tick the port(s) for which you want to change the description.
4. In the menu, select Edit > Update port description.The Update port description wizard
opens.
5. In the Port name field, type in the description of this port.
6. Tick the Refresh NetChange checkbox if you want to refresh the ports list immediately after
your modification.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again
and displays the new value in the Description column.

Managing the 802.1X Authentication on a Port

With the NetChange license, you can individually enable or disable the 802.1X authentication on
a port as long as:

1. the network device the port belongs to a device that supports the 802.1X authentication;
2. the 802.1X authentication has been enabled on the network device the port belongs to;
3. the requirements and limitations listed below have been taken into account or met.

703
 Managing Ports

802.1X requirements at port level

• The 802.1x must be activated on the device to be managed from the GUI;
• Port-security must be disabled.
802.1X limitations at port level
• On HP devices, only the HP-DOT1X-EXTENSIONS-MIB is supported;
• On Cisco devices, the interface vlanTrunkPortDynamicState should not be set to "auto"
or "desirable".

Keep in mind that the 802.1X configuration has to be done on each port individually.

Display the 802.1X column on the All network devices and All ports page. For more details regard-
ing the page listing templates, refer to the Customizing the List Layout section.

To disable the 802.1X authentication on a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device marked Active in the 802.1X column. The All ports of the
device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, untick the 802.1X checkbox. The page refreshes. If
the device supports Port-security, you can now enable it. For more details refer to the Con-
figuring the Port-security Option section.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Disabled in the 802.1X column.

To enable the 802.1X authentication on a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device marked Active in the 802.1X column. The All ports of the
device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the 802.1X checkbox. The page refreshes. If the
Port-security checkbox was ticked, it no longer is.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Enabled in the 802.1X column.

Restricting Access to a Port Using Port-security Protocol

With the NetChange license, you can use the Port-security protocol to restrict input to an interface
by limiting and identifying MAC addresses that are allowed to access the port. By default, the

704
 Managing Ports

protocol is enabled on the devices that support it and you can enable or disable it individually on
each port. To configure the protocol on your ports, you need to meet the requirements and be
aware of the limitations listed below:

Port-security requirements at port level

• The 802.1x must be disabled on the port.
• On Cisco devices, the port Trunking/Tagging mode (i.e. the switchport mode) is set to
Access or Trunk.
Port-security configuration limitations at port level
• Only HP devices supporting the HP-ICF-GENERIC-RPTR MIB can be configured.
• On Cisco devices, only the CISCO-PORT-SECURITY-MIB is supported.

When editing a port, you can enable or disable the option as well as set the maximum number
of MAC addresses to be secured on the interface, thus limiting access to it. We recommend that
you display the two columns of the All ports page that provide an overview of the Port-security
option configuration: Port-security and MAC number limit. For more details regarding the columns
display, refer to the Customizing the List Layout section of this guide.

To disable the Port-security option on a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, untick the Port-security checkbox. The page refreshes.
If the device supports 802.1X authentication, you can now enable it. For more details refer
to the Managing the 802.1X Authentication on the Ports section.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Disabled in the Port-security column. In the MAC number limit column, the number of secured
MAC addresses is set back to the default value 1.

To enable the Port-security option on a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the Port-security checkbox. The page refreshes.
If the 802.1X checkbox was ticked, it no longer is.
7. Click on OK to commit your changes. The report opens and closes. The port is marked
Enabled in the Port-security column.

705
 Managing Ports

To set a maximum number of MAC addresses that can access a port

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All ports list opens.
3. Click on the name of a device of your choice. The All ports of the device opens.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Security configuration section, tick the Port-security checkbox. The page refreshes.
If the 802.1X checkbox was ticked, it no longer is.
7. In the Maximum number of secured MAC addresses field, type in the number of MAC ad-
dresses that can access the port. This number depends on your device. By default, Port-
security is configured with 1 MAC address.
8. Click on OK to commit your changes. The report opens and closes. The number of MAC
addresses is edited in the MAC number limit column.

Configuring VLAN Tagging on a Port

With the NetChange license, you can edit the ports configuration on the network according to
your needs. For instance, set a port with a specific access VLAN.

Configuring the Tagging Mode

When configuring VLAN tagging at ports level, you must choose the relevant tagging mode before
associating a port of specific VLANs. For this reason, we recommend that you display the
Trunking/Tagging mode column to rapidly see your ports configuration.

There are different tagging modes available depending on the network device vendor: Cisco or
others.

Cisco devices tagging modes

Cisco devices offer three tagging modes: Trunk (i.e. tagged), Access (i.e. not tagged) and
auto (the port mode is automatically one or the other). Setting a port to Trunk mode sets its
tag encapsulation mode to 802.1Q .
Other vendors tagging modes
Non-Cisco devices offer two tagging modes: tagged or mixed.

Keep in mind, that you can only edit a device Trunking/Tagging mode if the SNMP configuration
set at device level allows to retrieve the MIBs.

To edit a port tagging mode on a non-Cisco network device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.

706
 Managing Ports

6. In the Trunking/Tagging mode drop-down list, select the mode of your choice: Tagged or
Mixed.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again.

Once you edited the port tagging mode, you need to refresh the port to see your changes in the
Trunking/Tagging mode column. For more details, refer to the Refreshing the Ports Information
section below.

To edit a port tagging mode on a Cisco network device

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the Trunking/Tagging mode drop-down list, select the mode of your choice: Trunk, Access
or Auto.

If you set the trunking/tagging mode to auto, the 802.1X authentication must be inactive.
7. Click on OK to commit your changes. The report opens and closes. The list is visible again.

Once you edited the port tagging mode, you need to refresh the port to see your changes in the
Trunking/Tagging mode column. For more details, refer to the Refreshing the Ports Information
section below.

Associating a Port With a VLAN

Though the port edition wizard you can associate a port with a set of VLANs. These VLANs can
be tagged or untagged depending on the port tagging mode.

We recommend that you display the VLAN # list and VLAN name list columns to rapidly see your
port/VLAN association.

Associating a Port with an Untagged VLAN

To associate a port with an untagged VLAN, its mode must be Access or Auto (on Cisco devices)
or Mixed (on any other device vendor). To edit the port tagging mode, refer to the Configuring
the Tagging Mode section above.

You can only associate one untagged VLAN with a port.

To associate a port with an untagged VLAN

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.

707
 Managing Ports

6. In the VLAN addition section, the Access/Untagged VLAN drop-down list displays the un-
tagged VLAN associated with your port. Select the VLAN of your choice. By default, the 1 -
default VLAN is selected.

If you port mode is Mixed or Auto, the previously selected VLAN is moved to the Available
VLANs list.
7. Click on OK to commit your changes. The report opens and closes. The untagged VLAN
associated with the port is followed by a * in the VLAN # list and VLAN name list columns.

Associating a Port with a Tagged VLAN

To associate a port with tagged VLANs, its mode must be Trunk or Auto (on Cisco devices) or
Tagged or Mixed (on any other device vendor). To edit the port tagging mode, refer to the Con-
figuring the Tagging Mode section above.

You can add as many untagged as you want with a port.

To associate a port with a tagged VLAN

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list if need be.
4. Put the mouse over the name of the port you want to edit. The Info Bar appears.
5. Click on . The Edit a port wizard opens.
6. In the VLAN addition section, the Trunk/Tagged VLAN list field displays all the tagged VLANs
associated with your port. You can add or remove VLANs from the list using the and
buttons. Any VLAN removed is listed in the Available VLANs list.
7. Click on OK to commit your changes. The report opens and closes. The VLAN associated
with the port are displayed in the VLAN # list and VLAN name list columns.

Refreshing the Ports Database

SOLIDserver allows the scheduled refresh of network devices (see the Scheduling a refresh
section above). Still, you have the possibility to manually refresh the information for a selection
of ports of a specific device directly from the All ports list.

To refresh the ports information manually

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All ports list opens.
3. Filter the list through the Network device column if need be.
4. Tick the port(s) you want to refresh.
5. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
6. Click on OK to commit the refresh. The report opens and closes. The list is visible again.

708
Chapter 57. Managing Discovered Items
The discovered items are devices connected to the network devices, and usually edge devices
(workstations, servers, printers, ...). These devices are inserted in the database automatically
after each discovery, and put in the history. This allows the administrator to know where a device
(IP or MAC address) has been connected at a specific time and on which port of which device,
in which VLAN...

Browsing Discovered Items

The discovered items are, along with the VLANs, the third level of the organization of the
NetChange module.

Here below, you can see the breadcrumb link to browse the discovered items:

Figure 57.1. NetChange: Discovered Items

Browsing the Discovered Items Database

To list the discovered items through the NetChange homepage

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.

To list the discovered items through the breadcrumb

1. Go to the NetChange tab.

2. Click on the All discovered items in the breadcrumb. The All discovered items list opens.

To list the discovered items of a specific network device

1. Go to the NetChange tab.

2. Click on the Discovered items icon. The All discovered items list opens.
3. In the Network device column, click on the name of the device of your choice to display only
its discovered items.

To display an discovered item properties page

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. At the end of the line of the item of your choice, click on . The item properties page opens.

709
 Managing Discovered Items

Displaying the Physical Location of a Device

The localization of an edge device can be very fastidious on a network with a large number of
network devices and ports. NetChange search engine allows to access very quickly all the inform-
ation collected. You can look for a workstation using its IP address, MAC address, port or date
and time. Whatever the chosen criteria is, filters will be applied using the columns search engines.

To find items using an IP address

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. In the IP Address column search engine, type the IP address you are looking for and hit
Enter to only display the discovered items matching this IP address on the network.

Note
By clicking on the Last seen column name, it is possible to sort the results in a
chronological order, from more recent to the oldest record. You can click on it
again to change the sorting order.

Customizing the Discovered Items Display

SOLIDserver enables you to modify the columns display in the All Discovered Items list. You can
add, or modify the order of columns. For more details, see the Customizing the List Layout section
of the Understanding the SOLIDserver User Interface part of this documentation.

Refreshing the Discovered Items Database

SOLIDserver allows the scheduled refresh of network devices (see the Scheduling a refresh
section of this guide). Still, you have the possibility to manually refresh a selection of discovered
items directly from the All discovered items list.

To refresh the discovered items manually

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network ports icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to refresh.
4. In the menu, select Edit > Refresh. The Refresh a network device wizard opens.
5. Click on OK to commit the refresh. The report opens and closes. The list is visible again.

Populating Device Manager

The same you way you can create a discovered network device into Device Manager, you can
populate Device Manager with a selection of discovered items. This will create the corresponding
device and interface in Device Manager, the MAC address will differentiate each interface.

For more details, refer to the Adding Discovered Items in Device Manager section of this guide.

710
 Managing Discovered Items

Creating the IP Address of a Discovered Item in the IPAM

NetChange offers the possibility to create the IP address of a discovered item, if it is available,
in the IPAM. The reason why the IP address of an item might not be available is that the router
has not found any equivalence between the MAC and IP address, neither from the equipment
nor from the DHCP.

Note
For the address creation to work properly, make sure that a subnet is available for
the address(es) in the space specified upon addition of the device. For more details
refer to the Adding Network Devices section of this guide.

To create the IP address of a discovered item in the IPAM

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to create in Device Manager.
4. In the menu, select Tools > Create IP address in the IPAM. The Create IP addresses in the
IPAM wizard opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The IP address is listed in the All addresses page in the IPAM.

Using the History View to Track the Movements a Specific

Device
NetChange database is not erased automatically and allows you to have an overview of the
movements of a specific edge device during previous discoveries.That way, using a MAC address,
you can see the different IP addresses an edge device had, at different periods of time, which
switch and port it was connected and which VLAN it belonged to. This function also allows to
track laptops on the network and see on which switches and ports they have been successively
connected. NetChange columns search engine help you filter your query and get the most precise
results. You are also able to look on all switches of all your network.

To display the discovered items history view of all the network devices

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. In the menu, select Display > History view.
4. Type in the MAC address or the IP address of the device you are tracking, in the appropriate
search engine and press Enter to display the history of discoveries for this MAC or IP address
on the whole network..

To narrow your search, you can also display the History view from the All discovered items of a
specific device, port or VLAN.

711
Chapter 58. Managing Statistics
NetChange can provide a set of specific statistics. These statistics are all displayed as pie and
bar charts that can present vendors, speed, usage, etc.

Displaying NetChange Statistics

By default, NetChange dashboard displays four gadgets (pie charts) that present the database
network devices vendors, number of ports per device, ports status and ports speed.

To display NetChange gadgets

1. From anywhere in the appliance, through the menu, select Preferences > My Dashboards
> Gadgets Library. The Gadgets Library page opens.
2. In the list, tick the gadget(s) of your choice: Number of NetChange ports per device,
NetChange network devices vendor, NetChange active ports speed (bps) and/or NetChange
ports status.
3. In the menu, select Edit > Assign Gadget(s). The gadget configuration wizard opens.
4. In the Available list, select a module and click on .
5. The module name is moved to the Configured list. The gadget(s) will be displayed on the
selected module dashboard.
6. Click on OK to commit your choice. The report opens and closes. The gadgets are displayed
on the selected modules homepage and the Dashboard column is updated with the selected
module(s).

In addition to these holistic charts, NetChange provides specific charts on the network devices
and port properties pages.

Displaying Network Devices Statistics

The properties page of the network devices contains a chart summing up the device ports status.

To display the statistics of a network device

1. Go to the NetChange tab.

2. In the breadcrumb, click on All network devices. The All network devices page opens.
3. At the end of the line of the device of your choice, click on . The properties page opens.
4. Open the Network device ports status panel to display the graph.

Displaying Ports Statistics

The ports properties page provides a set of charts that display accurate data is you enable the
rule 067.

Enabling the Rule That Retrieves Ports Information

The rule 067 allows to retrieve ports information and display it on the ports properties page. By
default, it is listed among the Rules but disabled, so you have to activate it to retrieve data.

712
 Managing Statistics

To activate the collection of data rule

1. Go to the Administration tab homepage.

2. In the menu, select System > Expert > Rules. The Rules page opens.
3. Through the columns filters, look for the rule 067 called Charts of NetChange ports bandwidth
usage.
4. Tick the rule.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to activate the rule. Graphing will now start.

Displaying a Port Charts

On the port properties page, you can display four different charts: NetChange port traffic,
NetChange port broadcast traffic, NetChange port unicast traffic and NetChange port error
packet traffic.

To display the statistics of a port

1. Go to the NetChange tab.

2. In the breadcrumb, click on All network devices. The All network devices page opens.
3. Click on the name of the device of your choice. The All ports of the device opens.
4. At the end of the line of the port of your choice, click on . The properties page opens.
5. Click on in the upper right corner of the page to open all the panels.

The charts contain In and Out parameters. To better understand them, refer to the table below.

Table 58.1. NetChange Ports Charts Information

Information Description
In octets The total number of octets received on the port, including framing char-
acters.
Out octets The total number of octets transmitted out of the port, including framing
characters.
In broadcast The number of non-unicast (i.e., subnetwork- broadcast or subnetwork-
multicast) packets delivered to a higher-layer protocol.
Out broadcast The total number of packets that higher-level protocols requested be
transmitted to a non- unicast address, including those that were dis-
carded or not sent.
In unicast The number of unicast packets delivered to a higher-layer protocol.
Out unicast The total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were
discarded or not sent.

713
Chapter 59. Monitoring, Configuring and
Tuning
Generating NetChange Reports
EfficientIP provides NetChange dedicated reports at devices level. The reports on inconsistencies
might be empty if the devices configuration is correct.

For more details regarding the reports generation, refer to the chapter Managing Reports.

Network Device Reports

The server dedicated reports are available on the All servers page.

Network devices properties

Prerequisite: Selecting at least one device

Description: Contains basic information regarding the selected device(s): the Device name,
Device type, Ports usage (%) and Ports used.

NetChange/IPAM/DHCP data comparison

Prerequisite: No need to select any device. The report automatically takes into account all the
devices.

Description: Contains inconsistencies between the network devices managed via NetChange
and their use across the modules. All the found inconsistencies are listed in 5 tables: NetChange
devices not listed in the IPAM / DHCP ranges, IP addresses associated with a different MAC
address in the IPAM, MAC addresses associated with a different IP address in the IPAM, IP ad-
dresses with a different MAC address in the DHCP leases list and MAC addresses with a different
IP address in the DHCP leases list. In each table, the objects concerned are detailed through
the columns IP address, MAC address, DNS name, IPAM MAC address and/or Device/Slot/port.

Network devices summary

Prerequisite: No need to select any device. The report automatically takes into account all the
devices.

Description: Contains information regarding all the network devices you manage through
SOLIDserver divided into four sections: Summary that contains all the network devices dedicated
pie charts available by default on NetChange home page, Network devices model by vendor that
contains charts displaying your devices vendors and models, Top 50 most used network devices
that contains a table listing the most used devices with the percent of port usage and the total
number of used ports and finally Top 50 most unused network devices that contains a table listing
the least used devices with the percent of port usage and the total number of used ports.

Keeping NetChange Data Up-to-date

To always have an up-to-date data, you should periodically refresh the network devices using
scheduling, as explained in the Network Devices chapter. You should also remove old data from

714
 Monitoring, Configuring and Tuning

the history to speed up the processes and have only the relevant information when looking for a
specific IP or MAC address. The choice of periodicity depends completely on your environment
and what you intend to do with NetChange: you may need to have a history of all movements
(so you might need to purge the database every month or trimester), or you may need only the
most relevant data when looking for a host (so you might want to purge every week). To configure
the purge frequency of the data listed in the All discovered items, follow the procedure below.

To set the rule Purge NetChange history

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the Name column, type in the rule name Purge NetChange history.
4. At the end of the line, click on . The properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a rule wizard opens.
6. Click on NEXT . The Rule filters page opens.
7. Define the frequency of execution of the rule. The default frequency is every 5 minutes.
8. Click on NEXT . The Rule parameters page opens.
9. Fill in the following fields:

Table 59.1. Rule Parameters

Fields
Purge MAC/port history
Purge MAC/IP history
Number of days to keep
Description
In this Yes/No drop-down list, you can decide to purge the history
data regarding the MAC addresses and their corresponding
switch ports. By default, this field is set to Yes.
In this Yes/No drop-down list, you can decide to purge history
of associations of MAC addresses to IP addresses. By default,
this field is set to Yes.
In this field, type in the number of days from which you want to
keep NetChange history.

10. Click on OK to commit your configuration. The properties page is visible again. By default,
the rule is not enabled. Follow the procedure below to enable it.

Once the rule is configured, you have to enable It. Before following the procedure below, check
in the Status column if the rule is marked Disabled or OK. Note that if you enable it before config-
uring the rule, no action will be performed for lack of specifications (as there are no Numbers of
days to keep defined by default the list of discovered items cannot be purged).

To enable the rule Purge NetChange history

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the Name column, type in the rule name Purge NetChange history.
4. Tick the rule.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The Rule page is visible
is visible again and the rule is marked OK in the Status column.

715
 Monitoring, Configuring and Tuning

Synchronizing the Network Devices with a CSV File

It is possible to automatically synchronize the list of network devices with a local file containing
on each line the IP address of a network device to be managed in NetChange. If the CSV file
contains devices that are not managed by NetChange yet, they will automatically be imported
during the synchronization.

To activate the automated retrieval of devices from a specific CSV import

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the Name column, type in the rule name Synchronize the network devices of NetChange
with a CSV file.
4. At the end of the line, click on . The properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a rule wizard opens.
6. Click on NEXT . The Rule filters page opens.
7. Define the frequency of execution of the rule. The default frequency is every 5 minutes.
8. Click on NEXT . The Rule parameters page opens.
9. Fill in the following fields:

Table 59.2. Rule Parameters

Fields Description
Local CSV file In this field, type in the path towards the CSV file containing the
list of addresses. This CSV file must already be part of the local
SOLIDserver file system.
Devices missing in CSV In this drop-down list, you can Delete or perform No action over
file the devices already listed in the All network devices page but
not present in the CSV file you will import.
Site id In this drop-down list, select the space where you want the IP
address of the devices to be imported. This field is required.
Delimiter In this drop-down list, select the delimiter that separates the data
in your CSV file: It can be a comma, a semicolon or a tab. By
default, the comma is selected. This field is optional.

10. Click on OK to commit your configuration.

Once the rule is configured, you have to enable It. Before going following the procedure below,
check in the Status column if the rule is marked Disable (i.e It is disabled) or OK (i.e. It is enabled).
Note that if you enable the rule before configuring It, no action will be performed for lack of spe-
cifications (without a path towards a CSV file the options were configured with no file to perform
them on).

To enable the devices synchronization rule

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Rules. The Rules page opens.

716
 Monitoring, Configuring and Tuning

3. In the Name column, type in the rule name Synchronize the network devices of NetChange
with a CSV file.
4. Tick the rule.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The Rule page is visible
is visible again and the rule is marked OK in the Status column.

Managing NetChange Advanced Configurations

In SOLIDserver, a number of parameters may be changed to improve performance or remove
unwanted functionalities. All these advanced configurations can be made through the registry
database of SOLIDserver. As far as NetChange is concerned, only one key can be modified:
module.iplocator.rules.create_ip_registry. This key allows you to create or overwrite discovered
IP addresses in the IPAM using their MAC address. By default It is not activated, to enable It
follow the procedure below.

To access It, use the following steps :

To enable a key in the registry database

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in module.iplocator to filter the list. Only the key module.iplocat-
or.rules.create_ip_registry is listed.
4. In the Value column, click on 0. The Registry database Edit a value wizard opens.
5. In the Name field, the key name is displayed in a read-only gray field.
6. In the Value field, delete the 0 and replace it with a 1. This value means the key is enabled.
7. Click on OK to commit your changes. The report opens and closes. In the Value column, a
1 is displayed.

717
Part IX. Workflow
Table of Contents
60. Introduction ............................................................................................................. 720
Workflow Pages .................................................................................................... 720
Workflow Requests ............................................................................................... 720
Workflow Management Best Practices .................................................................... 720
61. Granting Access to Workflow Classes ....................................................................... 722
62. Managing Outgoing Requests ................................................................................... 724
Browsing Outgoing Requests ................................................................................. 724
Browsing the Outgoing Requests Database .................................................... 724
Customizing the Outgoing Requests Display ................................................... 725
Adding Requests for Creation ................................................................................ 725
Adding Requests for Edition ................................................................................... 726
Adding Requests for Deletion ................................................................................. 727
Editing Requests ................................................................................................... 729
Editing a Request Details ............................................................................... 729
Adding Information to a Request .................................................................... 729
Cancelling Requests .............................................................................................. 730
63. Managing Incoming Requests ................................................................................... 732
Browsing Incoming Requests ................................................................................. 732
Browsing the Incoming Requests Database .................................................... 732
Customizing the Incoming Requests Display ................................................... 733
Managing the Requests Content ............................................................................ 733
Administrating Requests Using the Default Statuses and Options ............................. 733
Handling Requests ........................................................................................ 734
Accepting Requests ...................................................................................... 735
Rejecting Requests ....................................................................................... 735
Finishing Requests ........................................................................................ 735
Archiving Requests ....................................................................................... 736
Administrating Requests Using Your Own Settings ................................................... 736
64. Executing Requests ................................................................................................. 737
Executing Requests Using the Execute Option ........................................................ 737
Executing Requests Using Classes ........................................................................ 738
Configuring a Workflow Request association Class .......................................... 739
Applying a Workflow Request Association Class .............................................. 740
65. Customizing the Requests Administration .................................................................. 742
Editing the Workflow Statuses ................................................................................ 743
Editing the Email Notifications Details ..................................................................... 745
Adding a Workflow Status ...................................................................................... 746
Customized Statuses Best Practices ...................................................................... 747
Status Addition Best Practices ....................................................................... 747
Status Edition Best Practices ......................................................................... 748
Status Deletion Best Practices ....................................................................... 748

719
Chapter 60. Introduction
The Workflow is a requests-based module that allows standard users to ask for changes in the
IPAM and DNS database.The administrator can configure classes that shape the requests addition
wizard or use the available default classes if they already suit their needs.

Workflow Pages
Outgoing requests: from this page users - requestors - can create requests. For more details,
refer to the chapter Managing Outgoing Requests.

Incoming requests: from this page request managers and administrators can deal with the user
requests. For more details, refer to the chapter Managing Incoming Requests.

Both pages contain the same requests, only their status varies until they are archived. Users that
were only granted requesting rights can see their requests on the Outgoing page.

Workflow Requests
Not all SOLIDserver resources can be subject to a request, you can add requests regarding:

• DNS zones addition, edition or deletion.

• IPAM blocks addition, edition or deletion.
• IPAM subnets addition, edition or deletion.
• IPAM pools addition, edition or deletion.
• IPAM IP addresses addition, edition or deletion.

For more details, refer to the chapter Managing Outgoing Requests.

Workflow Management Best Practices

The Workflow module can be customized to suit your needs but to use the Workflow at the best
of its potential you must:

1. Grant sufficient rights to requestors and request managers: the group they belong to
needs to be granted the appropriate IPAM and DNS or Workflow rights. For more details, refer
to the Managing the Permissions of a Group section of the Rights Management part of this
guide.
2. Grant users access to request classes, existing ones or classes you created. For more
details, refer to the chapter Granting Access to Workflow Classes.
3. Customize the Incoming requests page if need be. For more details, refer to the chapter
Customizing the Requests Administration.
4. Grant relevant users access to the Workflow pages, that way they can create or deal with
the requests.
5. Executing the action required in the requests if they are accepted.

Once the Workflow is configured according to your needs, there are several ways of executing
the accepted requests:

720
 Introduction

• You can use the Execute option if you plan on using the Workflow default classes.
• You can use a class object to associate pending requests with the addition, edition and deletion
operations you are performing in the IPAM and DNS modules.

For more details regarding the requests execution possibilities, refer to the chapter Executing
Requests.

721
Chapter 61. Granting Access to Workflow
Classes
As every request is based on a specific Workflow class, users need to be granted access to the
relevant ones. That way, they can select a class when adding a request and fill in the fields
defined through the class.

There are five classes dedicated to Workflow requests. They define all the fields required when
asking for the addition, edition or deletion of the object they are named after:

• request_dns_zone is dedicated to requests regarding DNS zones.

• request_ip_block is dedicated to requests regarding IPv4 blocks.
• request_ip_subnet is dedicated to requests regarding IPv4 terminal subnets.
• request_ip_pool is dedicated to requests regarding IPv4 pools.
• request_ip_address is dedicated to requests regarding IPv4 addresses.

The users that do not have access to Workflow request classes are not able to properly complete
the request addition wizard: the request addition wizard is still available, but it is impossible to
define the needed containers or resources to apply the requested changes to.

Obviously, you can add your own Workflow request classes. These classes must be dedicated
to the Module Workflow and the Type Request. For more details, refer to the Class Studio section
of the Administration part of this guide.

Keep in mind that in this case, the Execute option is not available in the Incoming requests page.
For more details, refer to the section Executing Requests Using the Execute Option.

To add an existing request class as group resource

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
1
4. Click on the name of the group of your choice . The Resources page opens.
5. In the menu, select Add > Resources > Classes.The Administration: Classes wizard opens.
6. In the Type column search engine, type in request to filter the list.
7. Tick the class(es) you want to grant the group access to. Keep in mind that the default
Workflow classes are request_dns_zone, request_ip_block, request_ip_subnet, re-
quest_ip_pool and request_ip_address.
8. Click on ADD to grant access to the users of your group to the selected classes. A confirmation
pop-up window opens.
9. Click on OK . In the wizard, the selected classes are no longer listed.
10. Click on OK to close the wizard. The report opens and closes. The page refreshes, the list
of resources now includes the selected class(es).

1
Any group EXCEPT the admin group as, by default, it has authority over all the resources of SOLIDserver database.

722
 Granting Access to Workflow
Classes

Once the classes of your choice are part of the resources of a group, its users can choose from
one of them when requesting the addition, edition or deletion of objects in the DNS or IPAM
database.

723
Chapter 62. Managing Outgoing
Requests
From the Outgoing requests page, users with sufficient Workflow rights can:

• add requests for addition/edition/deletion.

• edit the requests they created.
• cancel the requests they created.

The requests management respects the groups hierarchy by default. Therefore, once created if
the user belongs to a group that has a parent group, then by default the request can be dealt
with by all the users of the parent group as well as the users of the admin group. If the users
want the request to be dealt with by specific users, they can set a managing group when creating
or editing the request.

Browsing Outgoing Requests

The Outgoing requests page is one of the two pages of the module. Requestors use this page
to add, edit and cancel requests. Here below, you can see the breadcrumb link to browse the
Outgoing requests database:

Figure 62.1. Workflow: Outgoing requests

Browsing the Outgoing Requests Database

To display the list of outgoing requests

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.

To display the list of outgoing requests through the breadcrumb

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Outgoing requests icon. The Outgoing requests list opens.

To display an outgoing request properties page

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. To display a request properties page you can:

a. Click on the name of the request of your choice. The properties page opens.
b. At the end of the line of the incoming request of your choice, click on . The properties
page opens.

724
 Managing Outgoing Requests

4. Click on to expand all the panels.

Customizing the Outgoing Requests Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the section Customizing the List Layout of
this guide.

Adding Requests for Creation

Users with sufficient rights can add requests asking for objects creation. This request can only
contain basic information regarding the object, the default behaviors can only be configured by
administrators and request managers when they execute the request.

In the procedure below we will use the request_dns_zone class as an example.

Reminder
To add a DNS zone creation request, the group of the user must have at least be granted
the following rights:
• In the Workflow panel, all the rights that suit your needs
• In the DNS panel, the right Display: DNS servers list.

To add a DNS zone creation request, the group of the user must include among its resources:
• At least one server, this will grant access to all the objects it contains.

To add a request for creation

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_dns_zone .
5. Click on NEXT . The Requesting: Zone page appears.
6. In the Action requested drop-down list, select New (Create). The page refreshes.
7. In the DNS Server drop-down list, select the server of your choice.
8. If your server contains views, in the DNS view drop-down list, select the view of your choice.
9. In the DNS zone field, name your zone.
10. In the Zone type drop-down list, you can select either master, slave, stub or forward. By
default, master is selected.
11. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the zone addition request.
12. Click on NEXT . The last page of the wizard opens.
13. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.

725
 Managing Outgoing Requests

Table 62.1. Group of Users Administrating the Request Dedicated Fields

Parameter Description
Set a group to man- This Yes or No drop-down list allows you to choose a group of users
age the request that can manage your request. By default, it is set to No.
No If you select this option, only the users from the requesting user
parent group or the users belonging to the admin group can manage
your request.
Yes If you select this option, you can select an existing group of users to
manage your request. Once Yes is selected, the Managing group
drop-down list appears.
Managing group In this drop-down list, select an exiting group. This action allows the
request managers of the group to accept and deal with your request
or deny it.

14. Click on OK to commit the request creation. The report opens and closes. The request is
listed and marked as New in the Status column.

Each request is named as follows: <request-number>-<requestor>, where <request-number>

corresponds to the number of requests in the Workflow database and not the number of requests
of a particular requestor.

On the request properties page, the Main properties and Request parameters sum up the request
details.

Adding Requests for Edition

Users with sufficient rights can add requests asking for objects edition. This request can only
contain basic information regarding the object, the default behaviors can only be configured by
administrators and request managers when they execute the request.

The edition request only applies to the values that you can edit on the object management page
which why:

• you cannot ask for the edition of anything configured for DNS zones.
• you can only ask for the edition of the name of the blocks, subnets, pools and addresses.

In the procedure below we will use the default request_ip_address class as an example.

Reminder
To add an IPv4 address edition request, the group of the user must have at least be granted
the following rights:
• In the Workflow panel, all the rights that suit your needs
• In the IPAM panel, the right Display: spaces list.

To add an IPv4 address edition request, the group of the user must include among its re-
sources:
• At least one space, this will grant access to all the objects it contains.

To add a request for edition

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.

726
 Managing Outgoing Requests

2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_ip_address .
5. Click on NEXT . The Requesting: IP address page appears.
6. In the Action requested drop-down list, select Modify. The page refreshes.
7. Click on NEXT . The next page opens.
8. In the Choose a subnet list, select the subnet containing the IP address you want to edit.
Once selected, the subnet line is highlighted in blue.
9. Click on NEXT . The next page of the wizard opens.
10. In the IP address name field, type in the first letter(s) of the IP name. The auto-completion
provides a list of addresses matching these letters, select the one you want to edit.
11. In the IP address name field, type in the new name that you want for the address.
12. In the IP address grey field, the IP address is displayed as a reminder.
13. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the IP address edition request.
14. Click on NEXT . The last page of the wizard opens.
15. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.

Table 62.2. Group of Users Administrating the Request Dedicated Fields

Parameter Description
Set a group to man- This Yes or No drop-down list allows you to choose a group of users
age the request that can manage your request. By default, it is set to No.
No If you select this option, only the users from the requesting user
parent group or the users belonging to the admin group can manage
your request.
Yes If you select this option, you can select an existing group of users to
manage your request. Once Yes is selected, the Managing group
drop-down list appears.
Managing group In this drop-down list, select an exiting group. This action allows the
request managers of the group to accept and deal with your request
or deny it.

16. Click on OK to commit the request creation. The report opens and closes. The request is
listed. It is marked New in the Status column and Modified in th Action column.

Each request is named as follows: <request-number>-<requestor>, where <request-number>

corresponds to the number of requests in the Workflow database and not the number of requests
of a particular requestor.

On the request properties page, the Main properties and Request parameters sum up the request
details.

Adding Requests for Deletion

Users with sufficient rights can add requests asking for objects deletion.

727
 Managing Outgoing Requests

In the procedure below we will use the default request_ip_subnet class as an example.

Note that to ask for the deletion of a non-terminal subnet you can use the request_ip_block class.

Reminder
To add a subnet deletion request, the group of the user must have at least be granted the
following rights:
• In the Workflow panel, all the rights that suit your needs
• In the IPAM panel, the right Display: spaces list.

To edit an IP address related request, the group of the user must include among its resources:
• At least one space, this will grant access to all the blocks it contains.

To add a request for deletion

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. In the menu, select Add > Request. The Add a request wizard opens.
4. In the Workflow request class list, select request_ip_subnet .
5. Click on NEXT . The Requesting: Subnet page appears.
6. In the Action requested drop-down list, select Delete. The page refreshes.
7. Click on NEXT . The next page opens.
8. In the Choose a subnet list, select the subnet you want to delete. Once selected, the subnet
line is highlighted in blue.
9. Click on NEXT . The next page of the wizard opens.
10. The Subnet name, Subnet address, Netmask, Prefix and Comments fields display the se-
lected subnet information as a reminder.
11. In the Motivation field, type in a text or a maximum of 3000 characters explaining the reason
for the subnet deletion request.
12. Click on NEXT . The last page of the wizard opens.
13. If you want, you can select a group to manage your request as described in the table below.
Otherwise, users of the admin group can manage it.

Table 62.3. Group of Users Administrating the Request Dedicated Fields

Parameter Description
Set a group to man- This Yes or No drop-down list allows you to choose a group of users
age the request that can manage your request. By default, it is set to No.
No If you select this option, only the users from the requesting user
parent group or the users belonging to the admin group can manage
your request.
Yes If you select this option, you can select an existing group of users to
manage your request. Once Yes is selected, the Managing group
drop-down list appears.
Managing group In this drop-down list, select an exiting group. This action allows the
request managers of the group to accept and deal with your request
or deny it.

728
 Managing Outgoing Requests

14. Click on OK to commit the request creation. The report opens and closes. The request is
listed. It is marked New in the Status column and Delete in th Action column.

Each request is named as follows: <request-number>-<requestor>, where <request-number>

corresponds to the number of requests in the Workflow database and not the number of requests
of a particular requestor.

On the request properties page, the Main properties and Request parameters sum up the request
details.

Editing Requests
Once you created a request, you can edit its details or provide additional information via a note
and/or file upload.

Editing a Request Details

Once created, the details of a request can be edited to a certain point: you cannot edit the action
required or the object it applies to.

To edit a request from the outgoing request page

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The wizard opens.
5. Edit the fields as needed. Only the fields with a white background can be edited.
6. Once you get to the last page of the wizard, click on OK to commit the request edition. The
report opens and closes.The changes are visible on the properties page Request parameters
panel.

To edit a request from its properties page

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. Edit the fields as needed. Only the fields with a white background can be edited.
7. Once you get to the last page of the wizard, click on OK to commit the request edition. The
report opens and closes. The changes are visible in the Request parameters panel.

Adding Information to a Request

From a request properties page, users can add information to a request via notes and files upload.

Uploading a File

Requestors can add up to 10 files to their request. They cannot upload more than 5mo of files.

729
 Managing Outgoing Requests

To upload a file to a request properties page

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Upload file panel, click on EDIT . The Upload file wizard opens.
6. Click on BROWSE to select the file of your choice on your local computer.
7. Once selected, it is displayed in the File name and Final value field.
8. Click on to add the file to the Attached files list. Repeat these actions for as many files
as you want.
9. Click on OK to commit the file(s) upload. The report opens and closes. The Upload file
panel contains the file(s).

Adding a note

Requestors can add notes to their request in addition to the Motivation expressed when creating
the request.

To add a note to a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Note panel, click on EDIT . The Enter a note wizard opens.
6. Click on ADD . In the List field, the line new_<number> appears.
7. In the Note field, type in your note. The note must not include special characters or exceed
3993 characters.
8. Click on ADD to save it. The note is saved. In the List field, the note is now displayed as fol-
lows: <date> <time> <beginning-of-note> [author]. Repeat these actions for as many notes
as needed.
9. Click on OK to save all the notes. The report opens and closes. The Note panel displays the
note(s).

Cancelling Requests
At any time, you can cancel a request you created. By default, this action is only possible is the
request status is New. Once it is handled or accepted, you can no longer cancel it.

Once cancelled, you no longer see it on the page, only request managers can still see it.

To cancel a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.

730
 Managing Outgoing Requests

3. Tick the request you want to cancel.

4. In the menu, select Edit > Cancel. The Status edition wizard opens.
5. In the enter an note field, you can type in a text of maximum 3000 characters explaining why
you want the request cancelled.
6. Click on OK to commit the request cancellation.The report opens and displays the cancellation
report status.
7. You can click on CSV (DATA) , TEXT , HTML or EXCEL to download the cancellation report in the
corresponding format.
8. Click on CLOSE to close the wizard. The page refreshes. The request is no longer listed on
the page.

731
Chapter 63. Managing Incoming
Requests
From the Incoming requests page, administrators or request managers can:

1. deal with pending requests using the default Edit menu options: handle, edit, execute, reject,
finish and finally delete the requests.
2. deal with pending requests using custom options. The available options would then depend
on the administrator configuration and intern use of the module.

Keep in mind that by request managers, we mean users belonging to a group with sufficient rights
and resources. Make sure they belong to a group configured with:

• all the Workflow rights, to be able to manage completely the requests.

• all the DNS and IPAM objects that regular users can create requests for among the group re-
sources.
• all the relevant IPAM and DNS rights that allow them to comply with the request.

Browsing Incoming Requests

The Incoming requests page allows the request managers and administrators to deal with the
requests. Here below, you can see the breadcrumb link to browse the Incoming requests database:

Figure 63.1. Workflow: Incoming requests

Browsing the Incoming Requests Database

To display the list of incoming requests

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Incoming requests icon. The Incoming requests list opens.

To display the list of incoming requests through the breadcrumb

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.

To display an incoming request properties page

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Incoming requests icon. The Incoming requests list opens.
3. To display a request properties page you can:

a. Click on the name of the request of your choice. The properties page opens.

732
 Managing Incoming Requests

b. At the end of the line of the incoming request of your choice, click on . The properties
page opens.

4. Click on to expand all the panels.

Customizing the Incoming Requests Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or
modify the order of columns. For more details, see the section Customizing the List Layout of
this guide.

Managing the Requests Content

Once a request is created, it is listed on both pages of the module. Administrators and request
managers deal with them from the Incoming requests.

On the request properties page are displayed all the request details as well as the requestor
notes and uploaded files. In the Request history are listed all the administrators and request
managers notes added when editing the request status.

To download an uploaded file

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. Click on to expand all the panels.
6. In the Upload file panel, click on the name of the file you want to download.

To display notes

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Outgoing requests icon. The Outgoing requests list opens.
3. Put your mouse over the name of the request you want to edit. The Info bar appears.
4. Click on . The request properties page opens.
5. In the Note panel, all the notes are displayed under the Date and User. You can scroll down
if there are several notes.

The administrators and request managers can also add notes and upload files. For more details,
refer to the section Adding information to a Request.

Administrating Requests Using the Default Statuses and

Options
There are 6 default statuses on the Incoming requests page of the Workflow module. They allow
administrators and request managers to see what requests need to be dealt with. All these
statuses can be set from the Incoming requests page Edit menu. Except cancelled that has to
be set from the Outgoing requests page.

733
 Managing Incoming Requests

Every time a request status is edited, it sends an email to the user who requested it to inform
them of the request evolution. Therefore, make sure your requesting users profile is set up
properly. For more details, refer to the chapter Managing Users of this guide.

Only the Archive option does not correspond to any status as it basically deletes the request from
the page and stores it on the Local Files Listing page.

Table 63.1. Request Statuses

Status Description
New The request was created on the Outgoing requests page and has
not been dealt with yet.
Handled The request was acknowledged by a request manager or admin-
istrator, it still has to be accepted or rejected. This status can only
be set from the Incoming requests page.
Accepted The request was accepted by the request manager or administrat-
or handling it: the creation, edition or deletion requesting will be
performed. This status can only be set from the Incoming requests
page.
Rejected The request was denied by the request manager or administrator
handling it. Whatever it requested will not be performed. This
status can only be set from the Incoming requests page.
Cancelled The request was cancelled by the requestor. This status can only
be set from the Outgoing requests page.
Finished The requested creation, edition or deletion was performed. This
status can only be set from the Incoming requests page.

By default, the requests managers can set these statuses as long as they respect the following:

• New requests can be handled, accepted, rejected and cancelled.

• Handled requests can be accepted, rejected and cancelled.
• Accepted requests can only be dealt with and finished.
• Rejected requests can only be archived.
• Cancelled requests can only be archived.
• Finished requests can only be archived.

Using the default options and statuses is useful as it allows to use the Execute option. This option
allows to execute a request from the Incoming requests directly. For more details, refer to the
section Executing Requests Using the Execute Option.

Handling Requests
The request managers and administrators can at any point handle New requests.

You cannot handle Accepted, Rejected or Finished requests.

To handle a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.

734
 Managing Incoming Requests

3. Tick the request(s) you want to handle.

4. In the menu, select Edit > Handle. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.

Accepting Requests
The request managers and administrators can at any point accept New and Handled requests.

You cannot accept Rejected and Finished requests.

To accept a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to accept.
4. In the menu, select Edit > Accept. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.

Rejecting Requests
The request managers and administrators can at any point reject New and Handled requests.

You cannot reject Accepted and Finished requests.

To handle a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to reject.
4. In the menu, select Edit > Reject. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.

Finishing Requests
Once the request has been dealt with, when the object has been added, edited or deleted, the
request managers and administrators can set the requests Finished. It will

Only Accepted requests can be finished

735
 Managing Incoming Requests

To finish a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to finish.
4. In the menu, select Edit > Finish. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.

Archiving Requests
Archiving a request actually means moving it to the Local Files Listing. This means that it is no
longer listed on the Incoming requests and Outgoing request pages.

Archiving a request is useful for requests that have been dealt with, have been cancelled or that
were rejected. In any of these cases, once the requesting user has been informed, it is probably
useless to keep the request in the list.

The request managers and administrators can archive Cancelled, Rejected and Finished requests.

To handle a request

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. Tick the request(s) you want to remove from the list.
4. In the menu, select Edit > Reject. The Status edition wizard opens.
5. In the Enter a note field, you can type in a reason for accepting or the user performing the
task. This text is available on the request properties page Request history module.
6. Click on OK to commit your choice. The report opens and indicates the operation success.
7. Click on CLOSE to go back to the Incoming requests page.

Administrating Requests Using Your Own Settings

You can customize the Workflow administration methods by editing some Workflow dedicated
registry database entries. For more details, refer to the chapter Customizing the Requests Admin-
istration.

Once you customized these entries, the restrictions detailed in the section Administrating Requests
Using the Default Statuses and Options might not apply anymore. However, requests managers
and administrators may still rely on the procedures detailed in said section to administer the re-
quests from the Incoming requests page.

736
Chapter 64. Executing Requests
There are different ways of executing requests:

1. Use the Execute option from the Incoming requests page if you are using the Workflow default
classes. For more details regarding this option, refer to the section Executing Requests Using
the Execute Option.
2. Use classes to integrate the requests to the addition, edition or deletion wizard. This method
can be used if you use the default Workflow classes or if you use customized ones. For more
details, refer to the section Executing Requests Using Classes.
3. Go to the IPAM or DNS module and add, edit or delete the requested objects and change the
status to Finished once the request was executed.

Executing Requests Using the Execute Option

If you are using the Workflow default classes listed in the chapter Granting Access to Workflow
Classes, you can use the Execute option to perform the action requested in the New, Handled
and Accepted requests directly from the Incoming requests page.

To execute an addition request using the Execute option

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. In the Action column, filter the list to display only requests for addition using the key word
new.
4. At the end of the line of the request for addition you want to execute, click on Execute. The
wizard opens.
5. Depending on the classes configured you might have class dedicated pages. Select a class
or none and click on NEXT .
6. On the object addition page, the object name and details are in a grey field as a reminder.
7. If need be, you can fill in the optional object details fields and configure default parameters.
Click on NEXT . The Workflow dedicated page opens.
8. In the Ticket drop-down list, the request you are executing is selected by default. The list
can also contain other request numbers if other requests for addition of a similar resource
were created.
9. Under this field, the Requested <object> name and Requestor motivation fields contain the
request original details as a reminder.
10. The requests for IP address addition have an extra page: the Aliases configuration page.
You can add aliases if need be. Then click on NEXT to display the last page of the wizard.
11. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now created.

To execute an edition request using the Execute option

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.

737
 Executing Requests

3. In the Action column, filter the list to display only requests for edition using the key word
modify.
4. At the end of the line of the request for edition you want to execute, click on Execute. The
wizard opens.
5. Depending on the classes configured you might have class dedicated pages. Select a class
or none and click on NEXT .
6. On the object edition page, the object name and details are in a grey field as a reminder.
7. If need be, you can fill in the optional object details fields and configure default parameters.
Click on NEXT . The Workflow dedicated page opens.
8. In the Ticket drop-down list, the request you are executing is selected by default. The list
can also contain other request numbers if other requests for edition of a similar resource
were created.
9. Under this field, the Requested <object> name and Requestor motivation fields contain the
request original details as a reminder.
10. The requests for IP address edition have an extra page: the Aliases configuration page. You
can add aliases if need be. Then click on NEXT to display the last page of the wizard.
11. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now edited.

To execute a deletion request using the Execute option

1. Go to the Workflow tab. If the homepage is not displayed, click on . The homepage opens.
2. In the breadcrumb, click on Incoming requests icon. The Incoming requests list opens.
3. In the Action column, filter the list to display only requests for deletion using the key word
delete.
4. At the end of the line of the request for edition you want to execute, click on Execute. The
Delete wizard opens.
5. The object Name, Address, Space name and/or DNS server name fields contain the objects
details as a reminder.
6. Click on OK to commit the request execution. The report opens and closes. The request
status is now Finished, the object is now deleted.

Once the request is executed, the requestor receives a notification email. The administrator or
request manager can archive the request. For more details, refer to the section Archiving Requests.

On the request properties pages Attached objects panels are listed all the object configuration
details if the request concerned an addition or an edition. For instance, if a specific class or default
parameters were set by the administrator or request manager.

Executing Requests Using Classes

Since version 5.0.3, you can uses classes to automate the addition and edition requests execution.
You cannot use them to automate the deletion requests. Using classes for the automation implies:

1. From Class Studio:

• Creating a class applying to IPAM block, subnet, pool, address or DNS zone.
• Adding the corresponding Pre-defined variable object to the class.

738
 Executing Requests

2. From the IPAM or DNS module:

• Applying the class when adding or editing the object.
• at the end of the wizard, selecting the request matching the operation performed.
3. Archiving the request. For more details, refer to the section Archiving Requests.

Configuring a Workflow Request association Class

The classes that can automate the request execution apply to IPAM blocks, subnets, pools, ad-
dresses or DNS zones.

If you do not already use a class for which you would like to add the Pre-defined variable, create
a class. Otherwise, directly follow the procedure To add a Workflow request association pre-
defined variable.

To add a class to automate the Workflow request association

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the menu, select Add > Class. The Add a new class wizard opens.
4. In the Filename field, name your class. The name cannot contain any special characters.
This field is compulsory.
5. In the Sub directory field, you can fill in the directory where you want to save your class. If
it does not exist, it will be created. On the wizards class selection page, classes placed in a
directory will be displayed as such: <directory>/<class>. This field is optional.
6. In the Module drop-down list, select the DNS or IPAM.
7. In the Type drop-down list, select the resource of your choice: DNS zone, Block, Subnet,
Pool or Address.
8. In the Enable class section, tick the checkbox.
9. Click on OK to commit your creation. The report opens and closes. The class is listed.

To add a Workflow request association pre-defined variable

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Pre-defined variable . The Pre-defined variable wizard opens.
6. In the Name drop-down list, select the variable that suits yours needs:

• WORKFLOW_ADD_TICKET_SPACE to associate the class with space addition and/or

edition requests.
• WORKFLOW_ADD_TICKET_BLOCK to associate the class with block addition and/or
edition requests.

739
 Executing Requests

• WORKFLOW_ADD_TICKET_SUBNET to associate the class with subnet addition and/or

edition requests.
• WORKFLOW_ADD_TICKET_POOL to associate the class with pool addition and/or edition
requests.
• WORKFLOW_ADD_TICKET_ADDRESS to associate the class with address addition
and/or edition requests.
• WORKFLOW_ADD_TICKET_DNSZONE to associate the class with zone addition and/or
edition requests.

7. In the Value field, type in the value 1 (one) to enable the variable.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

Once the class is configured, you can apply it from the DNS and/or IPAM module to automate
the addition or edition of objects.

Applying a Workflow Request Association Class

To apply the Workflow request association class, it must be enabled and then selected in the
addition or edition wizard.

To apply the Workflow request association class when adding an object

1. Go to the IPAM or DNS tab.

2. Display the page the suits your needs: All blocks, All subnets, All pools, All addresses or All
zones.
3. If you are applying the class for in the IPAM, click on IP4 to display the IPv4 list.
4. In the menu, select Add > <object>. The corresponding wizard opens.
5. On the <Object> class page, select the class configured for the Workflow request association.
6. Configure the object according to your needs and click on NEXT until you get to the Workflow
related page.
7. In the Ticket drop-down list, select an existing request for addition of the chosen object.
8. If your are adding an IP address, the Aliases configuration page opens.You can add aliases
if need be. Then click on NEXT to display the last page of the wizard.
9. Click on OK to commit your creation. The report opens and closes. The object is listed. On
the Workflow pages, the selected request is now Finished.

To apply the Workflow request association class when editing an object

1. Go to the IPAM or DNS tab.

2. Display the page the suits your needs: All blocks, All subnets, All pools, All addresses or All
zones.
3. If you are applying the class for in the IPAM, click on IP4 to display the IPv4 list.
4. Put you mouse over the object you want to edit. The Info bar appears.
5. Click on . The corresponding wizard opens.
6. On the <Object> class page, select the class configured for the Workflow request association.

740
 Executing Requests

7. Edit the object according to your needs and click on NEXT until you get to the Workflow related
page.
8. In the Ticket drop-down list, select an existing request for addition of the chosen object.
9. If your are editing an IP address, the Aliases configuration page opens.You can add aliases
if need be. Then click on NEXT to display the last page of the wizard.
10. Click on OK to commit your creation. The report opens and closes. The object is listed. On
the Workflow pages, the selected request is now Finished.

Once the request is executed, the requestor receives a notification email. The administrator or
request manager can archive the request. For more details, refer to the section Archiving Requests.

741
Chapter 65. Customizing the Requests
Administration
Depending on your needs, you can entirely customize the Edit menu of the Incoming requests
page as well as the restrictions associated with the status edition. As detailed in the section Ad-
ministrating Requests Using the Default Statuses and Options, you cannot set all the statuses
to the requests as you please. As you can see in the figure below.

Executed request Rejected request Cancelled request

Full default cycle By a requestor

1 New

2 Handle

Request
3 Accept execution 4 Reject 5 Cancel

6 Finish

Archive

Figure 65.1. Workflow Default Status Cycle

These default status edition restrictions are all set in the registry database. The default configur-
ation of the Workflow in the registry database is the following.

Figure 65.2. Workflow Registry Entries Default Configuration

742
 Customizing the Requests Adminis-
tration

You can edit default statuses, remove default statuses from the GUI and add new statuses.
Whatever the customization you have in mind, we recommend that you take into consideration
the section Customized Statuses Best Practices.

Editing the Workflow Statuses

All the entries of the registry database dedicated to the Workflow configuration can be identified
and filtered.You can edit these entries to suit internal processes, for instance skip some statuses
that are obsolete to your organization or even grant more permissions to requestors and request
managers.

Whether you decide to edit an existing status or hide it from the GUI, to make sure the request
cycle is complete, we recommend that you follow, the sections Status Edition Best Practices and
Status Deletion Best Practices.

To edit the Workflow request statuses

1. Edit the status entries value:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Registry data. The Registry database page
opens.
c. Filter the list to only display the Workflow status related entries using the keyword:
module.workflow.state.
d. In the Value column, click on the value settings of the entry you want to edit. The Registry
database Edit a value wizard opens.
e. Edit the Value field content following the Description of the Workflow Status Entries
String below.
f. Click on OK to save your changes. The report opens and closes. The Registry database
list is visible again.

2. Register your changes:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Register new macros/rules. The Register all
the latest macros and rules wizard opens.
c. Click on OK to commit your choice. The report opens and works for a while. A notification
pop-up appears in the lower right corner of the GUI when the operation is over.

The Workflow configuration entries are all named module.workflow.state<detail>. There are
seven entries dedicated to the default statuses.

1. module.workflow.state.accept
2. module.workflow.state.archive
3. module.workflow.state.cancel
4. module.workflow.state.finish

743
 Customizing the Requests Adminis-
tration

5. module.workflow.state.handle
6. module.workflow.state.new
7. module.workflow.state.reject

Each entry is important as it sets the permissions and restrictions related to the status edition.The
status key value is a string in which the order matters. They must be separated by a coma as
follows: <page> , <icon> , <visibility> , <callback> , <attribute_1 , attrribute_2, ..., attribute_n> .

As an example, the Accept status is detailed in the figure below:

Figure 65.3. Structure of the Value of a Workflow Status Registry Entry

1 Page where the status can be set.

2 Icon preceding the Accepted status in the listing page.
3 Visibility in the menu configuration.
4 This section of the value is obsolete.
5 Attributes defines who can set the Accept status and in what conditions.

In this example, the Accept status is displayed (t) on the page Incoming requests (incoming) and
is preceded by the green icon. Any user with sufficient rights can accept New requests (new-
target) and only the request manager who Handled or Rejected the the request can accept it
(accept-operator, reject-operator).

Each element of the string has a set of acceptable values that define the request status logic and
organization that suits your needs:

Page
incoming specifies that the status is available on the Incoming requests page.

outgoing specifies that the status is available on the Outgoing requests page.
Icon
wf-accept allows to display the icon 3, before the status name.

wf-archive does not display any icon as archiving means removing the request from the list.

wf-cancel allows to display the icon 5, before the status name.

wf-finish allows to display the icon 6, before the status name.

wf-handle allows to display the icon 2, before the status name.

wf-new allows to display the icon 1 , before the status name.

wf-reject allows to display the icon 4 , before the status name.

Visibility
t stands for true and indicates that the status is available in the Edit menu of the specified
<page>.

744
 Customizing the Requests Adminis-
tration

f stands for false and indicates that the status is not displayed in the Edit menu of the specified
<page>.
Callback parameters
This parameter is obsolete. You can find in the keys the values: callback, nocallback,
archive_callback and cancel_callback. Do not edit them, they are part of the string.
Attributes
This last part of the string sets which user can set the status described in the string. This
permission depends on who set the previous status: the user who set the status listed can
now set the status described in the string.

The permissions structure follows the format: <action>-<user> in which action can be: accept,
archive, cancel, finish, handle, new and reject, each one corresponds to the default
statuses.

The users are:

• admin that is to any user in the admin group, including ipmadmin.
• operator the user that deals with the request.The other users belonging to the same group
cannot perform the actions associated with operator: only the user who performed the action
detailed in the status entry Value is the operator.
• source the user who created the request, i.e. the requestor.
• target any user with sufficient Workflow permissions, including ipmadmin.

Therefore, only the users specified in the Value field of the status entry can set the status
described and only if the previously set one of the statuses associated with their <user>
name.

Editing the Email Notifications Details

In addition to the status dedicated entries, there is one key dedicated to the requestors email
notification: module.workflow.state_mail .

By default, it is configured to send an email to the requestors whenever the status request they
created is edited, that's why by default is contains new,handle,accept,reject,finish .

The requestors only receive an email if their User profile was set properly. For more details, refer
to the chapter Managing Users, in the section Adding Users or Editing Users.

To edit the Workflow status edition email notification

1. Edit the status entries value:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Registry data. The Registry database page
opens.
c. Filter the list to only display the entry module.workflow.state_mail.
d. In the Value column, click on the value settings of the entry you want to edit. The Registry
database Edit a value wizard opens.
e. Edit the Value field according to your needs. An email is sent to the requestor if the
status attributed to a request they created is listed in the field.

745
 Customizing the Requests Adminis-
tration

f. Click on OK to save your changes. The report opens and closes. The Registry database
list is visible again.

2. Register your changes:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Register new macros/rules. The Register all
the latest macros and rules wizard opens.
c. Click on OK to commit your choice. The report opens and works for a while. A notification
pop-up appears in the lower right corner of the GUI when the operation is over.

Adding a Workflow Status

You can add new statuses to the Incoming and Outgoing requests pages. This implies:

1. Adding the registry database entry following the Workflow entries format.
2. Translating the related menu option and status in the listing page.
3. Follow the Status Addition Best Practices.

To add a Workflow request status

1. Add the status entry:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Registry data. The Registry database page
opens.
c. Filter the list to only display the Workflow status related entries using the keyword:
module.workflow.state.
d. In the menu, select Add > Registry item. The Registry database Add an item wizard
opens.
e. In the Name field, type in the status name following the format: module.work-
flow.state.<your-status-name> .
f. In the Value column, type in the characteristics if the new status following the format
<page>, <icon>, <visibility>, nocallback, <attribute_1>, <attribute_2>, <attribute_n> .
For more details, refer to the Description of the Workflow Status Entries String.
g. Click on OK to commit your creation. The report opens and closes. The new entry is
listed.

2. Register your changes:

a. Go to the Administration tab. If the homepage is not displayed, click on . The

homepage opens.
b. In the menu, select System > Expert > Register new macros/rules. The Register all
the latest macros and rules wizard opens.

746
 Customizing the Requests Adminis-
tration

c. Click on OK to commit your choice. The report opens and works for a while. A notification
pop-up appears in the lower right corner of the GUI when the operation is over.

Once the entry is created and registered, the new status is visible in the Edit menu of the selected
page as followed: rq_<your-status-name>. Once you attributed the status to a request, the request
Status is rq_in_<your-status-name>. You can translate both using the page Language editor.

To translate the name of your Workflow statuses

1. From any page or wizard within SOLIDserver, copy the name of a field, page, column or
menu that you want to replace with your label.
2. Go the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Language editor. The Language editor page opens.
4. In the menu, select Add > Entry. The wizard opens.
5. In the Key field, paste the status name. We recommend that you copy/paste the label name
because Language editor is case sensitive.
6. If your appliance is displayed in English, in the English field, type in the new label value.
7. Click on OK to commit your creation. The entry is listed. Go back to the page where you
copied the label to see the new name.

Customized Statuses Best Practices

Whether you decide to add statuses, edit statuses or remove them from the GUI, to complete
the status customization we recommend that you follow the best practices below.

Status Addition Best Practices

Once you created a new status, you should:

• Edit the attributes list in the entries describing the statuses you do use. For instance, if you
want to add a Postpone status that can be set after a request is accepted, you should add the
postpone-<user> attribute in the value of the finish entry as well as the accept-<user> in the
1
value of the postpone entry . For more details, refer to the Description of the Workflow Status
Entries String below.
• Edit all the statuses icons to make sure that the GUI respects your new request cycle.
• Add the status in the email notification entry. For more details refer to the section Editing the
Email Notifications Details.
• The new status cannot be executed using the Execute option as it only applies to New, Handled
and Accepted requests. For more details, refer to the section Executing Requests Using the
Execute Option.
• The restrictions detailed in the Administrating Requests Using Default statuses and Options
no longer apply to your request status cycle.
• The request execution automation using the pre-defined variables class object can still be
configured. For more details, refer to the section Executing Requests Using Classes.

1
This example is only valid if you still use the default statuses cycle.

747
 Customizing the Requests Adminis-
tration

Status Edition Best Practices

Once you decided to edit statuses or add new ones, keep in mind that:

• Once you edited the registry database entries the Execute option still only applies to New,
Handled and Accepted requests. For more details, refer to the section Executing Requests
Using the Execute Option.
• The restrictions detailed in the Administrating Requests Using Default statuses and Options
no longer apply to your request status cycle.
• The request execution automation using the pre-defined variables class object can still be
configured. For more details, refer to the section Executing Requests Using Classes.

Status Deletion Best Practices

To remove a status from the GUI, you recommend that you edit the status registry entry Value
and set its visibility attribute to f (false). From then on the status is no longer visible in the Edit
menu, and can no longer be used by users. Keep in mind that:

• Edit the attributes list in the entries describing the statuses you do use. For instance, if you
want to remove the Handle status from the request management steps, you should remove
all the handle-<user> attributes from the other statuses value field. For more details, refer to
the Description of the Workflow Status Entries String below.
• Edit all the statuses icons to make sure that the GUI respects your new request cycle.
• Remove the status from the email notification entry. For more details refer to the section
Editing the Email Notifications Details.
• Keep in mind that if the status was already set before you remove it from the menu, it is still
displayed in the list.

748
Part X. Device Manager
Table of Contents
66. Introduction ............................................................................................................. 751
Objectives of Device Manager ................................................................................ 751
Devices ................................................................................................................ 752
Ports and Interfaces .............................................................................................. 752
67. Managing Devices ................................................................................................... 754
Browsing Devices .................................................................................................. 754
Browsing the Devices Database ..................................................................... 754
Customizing the Devices Display .................................................................... 755
Managing the Devices Visibility ...................................................................... 755
Adding Devices ..................................................................................................... 756
Adding Devices Automatically ........................................................................ 756
Adding Devices Manually ............................................................................... 759
Duplicating Devices ............................................................................................... 760
Merging Devices ................................................................................................... 761
Deleting Devices ................................................................................................... 761
Importing Devices ................................................................................................. 762
68. Managing Ports and Interfaces ................................................................................. 763
Browsing Ports and Interfaces ................................................................................ 763
Browsing the Devices Database ..................................................................... 763
Customizing the Devices Display .................................................................... 764
Managing the Ports and Interfaces Visibility .................................................... 764
Adding Ports and Interfaces ................................................................................... 765
Adding Ports and Interfaces Automatically ...................................................... 765
Adding Ports and Interfaces Manually ............................................................. 766
Editing Ports and Interfaces Properties ................................................................... 770
Changing a Port or Interface Name ................................................................. 770
Editing a Port ................................................................................................ 771
Editing an Interface ....................................................................................... 772
Tracking Changes in the All ports & interfaces List ................................................... 774
The Reconciliation Column ............................................................................ 774
The Reconciliation Option .............................................................................. 774
Deleting Ports and Interfaces ................................................................................. 775
Importing Ports and Interfaces ............................................................................... 775
69. Managing the Interaction with the IPAM ..................................................................... 776
Assigning IP Addresses to an Interface Using their MAC Address ............................. 776
Assigning IPv4 Addresses to an Interface ....................................................... 777
Assigning IPv6 Addresses to an Interface ....................................................... 778
Managing the IP Addresses/Interfaces Link from the IPAM Module ........................... 779
Using Default Behaviors to Associate IP Addresses with Interfaces .................. 780
Using the Menu to Manage the IP Addresses/Interfaces Link ........................... 781
Editing the Devices Topology from the IPAM Module ................................................ 783
70. Rules Impacting Device Manager .............................................................................. 785
Other Modules Rules Impacting Device Manager .................................................... 785
DHCP Rules ................................................................................................. 785
NetChange Rules .......................................................................................... 785
Adding Device Manager Rules ............................................................................... 785
Enabling or Disabling Device Manager Rules .......................................................... 786

750
Chapter 66. Introduction
Objectives of Device Manager
Device Manager module provides an overview of the stock of equipment and enhances its
management using all the information recorded in SOLIDserver. It allows you to better understand
the interaction between the equipment (routers, network switches, etc.), interfaces and ports.
Relying on both manual and automatic management options, it minimizes any error or distortion
between what is really connected to the network and what is listed in the all devices list and the
all ports & interfaces list.

To ease up the management, Device Manager offers a options that piece together the information
registered in other modules like NetChange, the IPAM or the DHCP. These options allow you to
retrieve automatically the whole NetChange database or pick the IPAM addresses that you want
to manage as interfaces.

Network device: local.switch

Port name: FastEthernet 0/10

Hostname: local.computer
MAC address: a0:12:34:56:78:90

NetChange DHCP

Device Manager View

Device name: local.switch
Port name: FastEthernet 0/10

Device name: local.computer

Interface name: eth1
MAC address: a0:12:34:56:78:90

Figure 66.1. Information Retrieved From NetChange and the DHCP

Obviously, all the data managed in the module can be manually added and modified. Note that
automatic options allow you to double-check the consistency between what you added in the
lists and the actually configuration of your network. This action is called the reconciliation. It is
available through an option and visible thanks to a column that tracks and reports any changes
regarding the links between devices in the all ports & interfaces list.

There is a number of device-related options in Device Manager that make it a powerful provisioning
tool. For instance, if you know that a new network switch will be added to the network, you can
duplicate a similar existing device. It will save you quite some time, you will simply need to
manually change the number of ports and interfaces if needed and link them to the correct
device(s). Once NetChange has discovered the new equipment, it updates the information in
Device Manager and you have the possibility to compare the data you filled in with what was
found automatically. In addition, a number of rules can be enabled to ease the management of

751
 Introduction

newly added data. This way, any changes made in NetChange or even the DHCP modules can
automatically create devices and interfaces.

Finally, note that all data saved within the module is not deleted unless you delete it yourself.
Therefore, you can save a lot of information regarding users or pieces of equipment through the
MAC address or IP address that will not be impacted by any changes made in the IPAM module,
the DHCP module or even NetChange unlike what could happen once a user disconnects in say
the DHCP module due to the lease deletion parameters.

Device Manager is a thorough management tool for devices, ports and interfaces that puts together
information retrieved from four different modules, organizes them and tracks any changes made
especially if the data saved in other modules was as detailed as possible. Besides, it offers a
unique Manage/Unmanage options that will only display the items you want in both lists.

Note
The items are listed in device Manager's lists following the ASCII code, therefore the
first the digits will be listed, then the uppercase letters, and finally the lowercase let-
ters.

Devices
The device is the highest level of hierarchy in Device Manager. It is a container that allows you
to manage ports and/or interfaces. It is named after existing equipment when retrieved automat-
ically but can also be created. Devices can be added ( i.e. created), duplicated, merged, edited,
hidden from the list and deleted (with the data they contain) in that list. Note that devices cannot
be renamed.

Device Manager offers a unique option that allows to choose the devices you want to display
and work with: the Manage option described in the section Managing Devices Visibility.

Finally, Devices can also be exported in a CSV, HTML, XML or EXCEL file, for more details refer
to the chapter Exporting Data of the Global Policies part of this guide.

Ports and Interfaces

The port and the interface are the lowest level of hierarchy in Device Manager. They belong to
a device. Ports allow to link devices together: you can link a port to a another port or a port to an
interface. Interfaces have a MAC address and can use IP addresses, that is mainly what differ-
entiates them from the ports. If you do not add a MAC address, Device Manager generates one
automatically but will not display it. As for IP addresses, interfaces usually use only one but it
can be one IPv4 address and one IPv6 address.

Both ports and interfaces can be added ( i.e. created), edited, hidden from the list and deleted
(with the data they contain) in that list. Note that unlike devices, ports and interfaces can be re-
named. The All ports & interface list also provides the reconciliation column to track any distortion
between what was automatically found and which devices were manually connected to the network
through the listed ports and interfaces.

The main particularity of this list in comparison with most lists in the appliance is that you can
display both IPv4 and IPv6 addresses.They can of course either be used on one interface together
or simply listed one after the other and be used on separate interfaces. You have the possibility
to assign the IP addresses to the interfaces through their MAC address through the IPAM for
IPv6 addresses or automatically for IPv4 addresses: adding them to the IPAM module creates

752
 Introduction

devices containing interfaces using these newly added addresses. If you want to assign them to
interfaces, simply edit the IP addresses in the IPAM module.

Moreover, and just like for devices, Device Manager offers a unique option that allows to choose
the ports and/or interfaces you want to display and work with: the Manage option described in
the section Managing Ports and Interface Visibility.

Finally, Ports and interfaces can be exported in a CSV, HTML, XML or EXCEL file. For more
details refer to the chapter Exporting Data of the Global Policies part of this guide.

753
Chapter 67. Managing Devices
The devices are composed of interfaces and/or ports so you have the possibility to configure the
structure of each device when manually adding them. However you also have the possibility to
automatically fill in the devices list. In this case, most of the time you are going to add devices
containing only interfaces or only ports corresponding to discovered MAC and IP addresses.
Very often these devices contain only one port or interface.

Note that once you added devices, you will not be able to rename them. Editing them will only
involve modifying their content (ports and interfaces) and their class parameters. However, you
can merge devices, duplicate or delete them.

Browsing Devices
Within Device Manager module, the devices are the highest level of the hierarchy. It is compulsory
to create devices to manage ports and interfaces. Here below, you can see the link to browse
the devices database:

Here below, you can see the link to browse the devices database:

Figure 67.1. Device Manager: All devices

Browsing the Devices Database

To display the list of devices

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.

To display the list of devices through the breadcrumb

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All devices. The All devices list opens.

To display the list of port and interfaces of a specific device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the Name column, click on the name of the device of your choice. The All ports & interfaces
list opens and displays the ports and interfaces of the chosen device.

To display a device properties page

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.

754
 Managing Devices

2. Click on the Devices icon. The All devices list opens.

3. At the end of the line of the device of your choice, click on . The properties page opens.

Customizing the Devices Display

SOLIDserver enables you to modify the columns display in the list. By default, all the columns
are displayed on the list but you can remove some columns or change their order if need be. For
more details, see the Customizing the List Layout section of the Understanding the SOLIDserver
User Interface part of this documentation.

With the version 5.0.2, a new set of columns was introduced to provide a clear of the devices
content, with three column types for interfaces and ports:

• Interfaces usage and Ports usage: the total portion, in percent of used interfaces/ports on a
device, along with a progression bar,
• Number of Interfaces and Number of Ports: the total number of interfaces/ports on the device,
• Free Interfaces and Free Ports: the number of available interfaces/ports on the device.

To make the management of the devices easier, you can use these columns to sort or filter the
list.

Managing the Devices Visibility

Device Manager offers a unique option that allows to display or not the devices of your choice.
It has nothing to do with the listing template. Consider it as a way to see more easily the items
you intend to operate on.

Therefore you can use the Status column to filter only the Managed items. As there are three
statuses, to display the imported and managed devices, filter the column with the value != Un-
managed (different from Unmanaged).

To manage a device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device you want to display. You can tick more than one.
4. In the menu, select Edit > Manage > Yes. The Items management wizard opens, with the
message "Do you really want to manage the selected item(s) ?".
5. Click on OK to commit your choice. The report opens and closes. The device is marked
Managed in the Status column.

On the contrary, if you want to hide one or several devices from the list, keeping in mind that the
Status column must be filtered accordingly, the procedure is the following.

To unmanage a device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device you want to hide. You can tick more than one.

755
 Managing Devices

4. In the menu, select Edit > Manage > No. The Items management wizard opens, with the
message "Do you really want to unmanage the selected item(s) ?".
5. Click on OK to commit your choice. The report opens and closes. The device is marked
Unmanaged in the Status column.

Note
You cannot unmanage a device associated with an IP address of the IPAM.

Adding Devices
You can automate the whole process of devices addition or do it manually. Keep in mind that
you can automatically look for existing devices in SOLIDserver after manually adding devices or
the other way around.

Besides, you have the possibility to add devices from Device Manager and the IPAM modules.

Adding Devices Automatically

Device Manager offers a set of automatic addition options that allow to create devices, ports and
interfaces from Devices Manager, NetChange and the IPAM modules.

Note
Keep in mind that the automatic retrieval of items often uses MAC address. Only the
MAC addresses that have been assigned a DNS name and an IP address will be
managed via Device Manager interfaces.

Any device added to Device Manager will be marked as Imported. To Manage the devices of
your choice, refer to the Managing the Device Visibility section of this guide.

Automatically Adding Devices from the All Devices Page

From the All devices page, you can use the Automatic discovery option to retrieve perform a
sweep of the other modules database and use the relevant data to create devices, ports and in-
terfaces and name them following the steps below:

1. The information retrieval starts in NetChange, Device Manager identifies all the network devices,
then the ports and how they link the network devices and finally all the discovered items to
provide a clear overview of the devices organization of your network.
2. Device Manager will use NetChange MAC addresses to obtain information within the IPAM
module, both in IPv4 and IPv6, and save each MAC address and corresponding IP address
as an interface.
3. Device Manager gathers the name of each item through NetChange All discovered items list
using the DNS name column. If it is empty, Device Manager will search within the IPAM via
the MAC address or within NetChange through the IP addresses DNS A RR. If no name is
found, the devices will be named generic_#, vw_# or wm_ware_# depending on their type.

To ensure the consistency of the data, we recommend that you configure Device Manager. This
will compare data based on the way you linked it to Device Manager. That is to say, check if the
data has been linked to the other modules manually or automatically and then overwrite the

756
 Managing Devices

content of the Manually linked to column with the content of the Automatically linked to column,
if the Manually linked to column was empty.

To configure automatic data check

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Tools > Configure Device Manager. The Configure Device Manager
wizard opens.
3. Tick the box.
4. Click on OK to commit the automation. The wizard closes. The devices, as well as the ports
and interfaces attached to them, will be automatically retrieved.

This option has to be ticked once. Afterwards, the data checking will be done each time an interface
is added or edited. As for the automatic addition of devices, interfaces and ports, it requires the
automatic discovery option.

To automatically add devices

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery.The Device Manager: Automatic Discovery
wizard opens.
4. Click on OK to commit the automatic retrieval of data. The report opens and closes. The
devices are all listed and named after their DNS name, IP address name or NetChange
name and contain interfaces and/or ports depending on the module they are retrieved from.
In the Status column, they are marked as Imported.

Once you have all the NetChange items saved in devices, ports and interfaces, you can manually
manage them as you want and expand each device, or edit interface or port information as
needed.

Automatically Adding Devices from NetChange

From the All network devices and the All discovered items pages of NetChange you can tick
items to create the devices of your choice as well as the ports and interfaces they contain.

Adding Network Devices in Device Manager

With a simple automated manipulation you can create the network devices of your choice in
Device Manager. These devices will contain all the ports listed in the All ports page of NetChange
and only the interfaces from the All discovered items that have a DNS name and an IP address.

To create a network device in Device Manager

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Network devices icon. The All network devices list opens.
3. Tick the network device(s) you want to create in Device Manager.

757
 Managing Devices

4. In the menu, select Tools > Create in Device Manager. The Create NetChange devices in
Device Manager wizard opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The devices are listed in the All devices page of Device manager tab. In the Status column,
they are marked as Imported.

Adding Discovered Items in Device Manager

From the All discovered items page, you can populate Device Manager with a selection of dis-
covered items of your choice.

To populate Device Manager with a discovered item

1. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Discovered items icon. The All discovered items list opens.
3. Tick the discovered item(s) you want to create in Device Manager.
4. In the menu, select Tools > Populate Device Manager. The Populate device manager wizard
opens.
5. Click on OK to commit the creation. The report opens and closes and the list is visible again.
The discovered item is listed in the All devices page of Device manager. In the Status
column, they are marked as Imported.

Automatically Adding Devices from the IPAM Module

From the All addresses list of the IPAM you can also automatically add devices composed of the
used IP addresses of your choice. The device will be named after the IP address or following
Device Manager naming logic explained in the introduction of this section.

The selected IPv4 and IPv6 addresses will create interfaces in one or several devices. Each
device will be named after the address populating Device Manager and associated with the rel-
evant space. The interfaces will be named generic_# and associated with the relevant MAC ad-
dress.

To create devices and interfaces from the All addresses list

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 addresses or IP6 to display the
IPv6 addresses.
4. Tick the Used IP addresses for which you want to create devices and interfaces.
5. In the menu, select Tools > Populate Device Manager. The Populate Device Manager wizard
opens.
6. Click on OK to commit your choice. The report opens and works for a while. Once the report
closes, the list is visible again. On Device Manager All devices list, the devices are named
after the IP address and marked as Imported in the Status column. On the All port & in-
terfaces list, the interfaces are listed as well, you can find interfaces through their MAC ad-
dress.

758
 Managing Devices

Adding Devices Manually

In addition to the automatic addition of devices, you can create new devices from the All devices
page or even from the IPAM module.

Adding Devices from the All devices List

The manual addition of devices can be done from the All devices list or the All ports & interfaces
list. In the following procedure, we will assume you do it from the devices list.

To manually add a device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. In the Description field, you can add a description.
6. Click on OK to commit the addition. The report opens and closes. The device is listed.

Note that as devices are composed of interfaces and/or ports, you will have the possibility to
configure the composing items of each device when adding a device. In this case, check the Add
port(s)/interface(s) box and refer to the Adding Ports and Interfaces Manually section below.

Even if you choose to manually add devices, you can use the Configure device manager option
to check the consistency of the data you add.

Adding Devices from the IPAM Module

With version 5.0.2, from the All addresses list you assign an IP address and can create a device
and the interface associated with it at the same time.

First, you need to configure the corresponding behavior in the Default behavior wizard. Then,
you will be able to add new devices upon creation or edition of any IP address. The two procedures
below detail the steps to follow.

To configure the device addition default behavior

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to create devices from
the IPAM.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.

759
 Managing Devices

Once you ticked the default behavior box, the Create a device box is available on the address
edition and addition wizards both in IPv4 and IPv6. When you tick the latter box, two fields appear:

Table 67.1. IPAM/Device Manager Configurable Behaviors

Configurable behaviors Related fields in the add/edit wizard
Enable to create devices from the IPAM Create a device
Device name
Interface name

To add a device when creating an IP address

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit an IP address to display the Device Manager dedicated fields. For more details
regarding the first steps of addition or edition, refer to the Managing IP Addresses chapter.
The corresponding wizard opens.
5. On the Add/Edit IP address page, configure the device addition dedicated fields:

a. Tick the Create a device box, the Device name and Interface name fields appear. They
are both compulsory.
b. In the Device name field, type in the name of your new device.
c. In the Interface name field, type in the name of your new interface.

6. Click on NEXT . The Aliases configuration page opens.

7. Configure aliases if need be. For more details, refer to the Configuring IP Address Aliases
chapter.
8. Click on OK to commit your changes/configuration.The report opens and closes.The changes
are visible on the IP address properties page Default Behaviors properties panel and in the
Device name and Interface name columns. Click on the device or interface name to access
the object properties page in Device Manager.

Once added from the IPAM module, you can edit the device and interface from Device Manager
module. You can create as many devices as you want from the IPAM All addresses page.

Duplicating Devices
The device duplication option allows you to copy the content and class parameters of a whole
device. It basically saves a considerable amount of time if you are managing a several servers
that are similar or adding a new switch identical to the ones you are already working with. The
duplication can only be done one device at a time.

Note that you will still have to update the MAC address of your interfaces and link your ports to
existing devices.

To duplicate a device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.

760
 Managing Devices

2. Click on the Devices icon. The All devices list opens.

3. Tick the device you want to duplicate.
4. In the menu, select Edit > Duplicate. The Duplicate device wizard opens.
5. In the Device name field, type in the name of the new device.
6. Click on OK to commit the duplication. The report opens and closes. The device is listed. It
contains the same ports and/or interfaces, however the link from ports to device has to be
set manually and interfaces MAC addresses are automatically generated.

Once you duplicated the selected device you will have to update the MAC address of the interfaces
it contains as well as the links between ports and devices. For more details, refer to the Editing
Ports and Interfaces properties section of this guide.

Merging Devices
Merging devices is especially useful when it comes to manually correct what was automatically
found on the network. Say you retrieved all the information found in NetChange discovered items
and you now have a long list of ports and interfaces, many of which are separately saved in
devices. If it turns out that you have a port and an interface that both belong to one laptop, say
an Ethernet connection and a wifi port, you can merge both devices under one device: the device
that corresponds to the laptop in question.

To say it in other words, it allows you to reorganize yourself the automatically retrieved information
to then manage it on your own terms.

To merge devices

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the devices you want to merge.
4. In the menu, select Edit > Merge. The Merge device wizard opens.
5. In the Name drop-down list, select the device that will include all the ports and interfaces.
The other device(s) will be emptied and deleted.
6. Click on OK to commit your choice. The report opens and closes. The device is listed, the
other devices are no longer listed.

Deleting Devices
Like for most items in SOLIDserver, the deletion of an item is non-reversible. There is only one
way to delete devices.

Deleting a device will delete the ports and interfaces it contains as well.

To delete a device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the device(s) you want to delete.

761
 Managing Devices

4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The device and the ports
and interfaces it contains are no longer listed.

Importing Devices
Like most modules in SOLIDserver, Device Manager provides the possibility to import devices
on the All devices page from a CSV file. From then on, you will be able to add or import the ports
and interfaces it contains and organize your network as you please. For more details, refer to
the chapter Importing Data in the Global Policies part of this guide.

762
Chapter 68. Managing Ports and
Interfaces
The ports and interfaces always belong to a device. You can either add them manually to a
specific device or add them along when creating a new device. Just like with the devices, you
have the possibility to automatically retrieve them from the other modules, they will be added to
the devices they are linked to in these modules. Therefore there is a great chance that most in-
terfaces or ports individually belong to one device, most of the devices will only contain one port
or interface.

Like in any other list within SOLIDserver, you can order and filter the items through the relevant
columns. However, there is an exception in the All ports & interfaces list: the data listed in the IP
Address column cannot be filtered. Indeed, this column is merely here as a side note to help you
manage interfaces, you will be able to order the items through that column but will not be able
to filter its data.

Browsing Ports and Interfaces

Within Device Manager module, the ports and interfaces are the lowest level of the hierarchy,
they belong to a device.

Here below, you can see the link to browse the ports and interfaces database:

Figure 68.1. Device Manager: All ports & interfaces

Browsing the Devices Database

To display the list of ports & interfaces

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.

To display the list of ports & interfaces through the breadcrumb

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All ports & interfaces. The All ports & interfaces list opens.

To display the list of port and interfaces of a specific device

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the Name column, click on the name of the device of your choice to display the ports and
interfaces it contains.

763
 Managing Ports and Interfaces

To display a port properties page

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the Type column to display only the ports.
4. At the end of the line of the port of your choice, click on . The properties page opens.

To display an interface properties page

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the Type column to display only the interfaces.
4. At the end of the line of the interface of your choice, click on . The properties page opens.

Customizing the Devices Display

SOLIDserver enables you to modify the columns display in the list. By default, all the columns
are displayed on the list but you can remove some columns or change their order if need be. For
more details, see the Customizing the List Layout section of the Understanding the SOLIDserver
User Interface part of this documentation.

With the version 5.0.2, a new column was introduced to the All ports & interfaces list, to ease up
the management: the Addition date column now provides extra information regarding the devices
content. You can use this column to sort or filter the list.

Managing the Ports and Interfaces Visibility

Device Manager offers a unique option that allows to display or not the ports and interfaces of
your choice. It has nothing to do with the listing template. Consider it as a way to see more easily
the items you intend to operate on.

Therefore you can use the Status column to filter only the Managed items. As there are three
statuses, to only display the imported and managed devices, filter the column with the value !=
Unmanaged (different from Unmanaged).

To manage a port and/or an interface

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the port and/or interface you want to display. You can tick more than one of each.
4. In the menu, select Edit > Manage > Yes. The Items management wizard opens, with the
message Do you really want to manage the selected item(s) ?.
5. Click on to commit your choice. The report opens and closes. The port/interface is marked
OK
Managed in the Status column.

On the contrary if you want to hide one or several ports and interfaces from the list, set the Status
column filter to Managed or different from Unmanaged and follow the procedure below.

764
 Managing Ports and Interfaces

To unmanage a port and/or an interface

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. Tick the port and/or interface you want to hide. You can tick more than one of each.
4. In the menu, select Edit > Manage > No. The Items management wizard opens, with the
message Do you really want to unmanage the selected item(s) ?.
5. Click on OK to commit your choice. The report opens and closes. The port/interface is marked
Unmanaged in the Status column and therefore no longer visible in the list as it is filtered by
Managed in the column.

Adding Ports and Interfaces

You can automate the whole process of devices addition or do it manually. Keep in mind that
you can automatically look for existing devices in SOLIDserver after manually adding devices to
double check the truthfulness of what is on the network.

Adding Ports and Interfaces Automatically

Automatically Adding Ports and Interfaces from the All Devices page

The Automatic discovery option described in the Managing Devices section above, also retrieves
the ports and interfaces for each created device.

Simply remember that this automatic addition of ports and interfaces follows a specific logic that
will in term help you differentiate the ports location and the interfaces role:

1. The automatic sweep of the ports relies on the information recorded in the NetChange module:
if the ports are not listed in NetChange, they are not retrieved. All found ports will be named
after their original NetChange name and gathered into the corresponding NetChange devices.
These devices keep the same name than in Device Manager but you can manage them in
Device Manager.
2. The automatic sweep of the interfaces relies on the information found in the IPAM, DNS and
DHCP modules. For every MAC address found, an interface is created into a new device. The
interface name depends on the name of the port it is linked to; therefore you will find a number
of interfaces named "eth#", "wifi#" and "vw_interface_#", # being a number to differentiate
them. If no data is found regarding the port-interface link, the interface is named generic_#.

For these reasons, it is fairly easy to understand which kind of ports and interfaces you will be
dealing with after an automatic addition of items. To ensure the consistency of the data, we re-
commend that you configure Device Manager. This will compare data based on the way you
linked it to Device Manager. That is to say, check if the data has been linked to the other modules
manually or automatically and then overwrite the content of the Manually linked to column with
the content of the Automatically linked to column if the Manually linked to column is empty.

To configure automatic data check

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.

765
 Managing Ports and Interfaces

2. In the menu, select Tools > Configure Device Manager. The Configure Device Manager
wizard opens.
3. Tick the box.
4. Click on OK to commit the automation. The wizard closes. The devices, as well as the ports
and interfaces attached to them, will be automatically retrieved.

This option has to be ticked once. Afterwards, the data checking will be done each time an interface
is added or edited. As for the automatic addition of devices, interfaces and port it involves the
automatic discovery option.

To automatically add ports and interfaces

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery.The Device Manager: Automatic Discovery
wizard opens.
4. Click on OK to commit the automatic retrieval of data. The report opens and closes. The
devices are all listed and named after their DNS name, IP address name or NetChange
name. The All ports & interfaces page lists all the interfaces and/or ports retrieved. In the
Status column, they are marked as Imported.

One of the main advantages of Device Manager is therefore to retrieve automatically a great
number of items based on what other modules contain. However, once you have all the NetChange
items saved in devices, ports and interfaces, you can manually manage them as you want and
expand each device, or edit interface or port information as needed.

Automatically Adding Interfaces from the IPAM Module

From the All addresses list of the IPAM you can also automatically add interfaces. They will be
added to the devices created after the used IP addresses you selected. No ports will be added
as the interfaces will be created using the MAC address of the selected IP addresses. Each in-
terface will therefore have a specific MAC address and a name assigned following Device Manager
naming logic explained in the section above.

For more details regarding the automated addition procedure from the IPAM, refer to the Auto-
matically Add Devices from the IPAM Module section of this guide.

Adding Ports and Interfaces Manually

Manual addition of ports and interfaces allows to correct what was found in NetChange or simply
manage devices in accordance to your needs. Indeed, you can add as many ports and interfaces
as you want to a device to virtually link your devices.

The MAC address being the main difference between ports and interfaces when it comes to
adding (i.e. creating) them, we will describe separately the different ways to add them.

Adding Ports Manually

The manual addition of ports is possible from the All devices list and the All ports & interfaces
list. As ports are part of devices, you can create a device and add a number of ports to it. Adding
a device and ports at the same time actually allows to add as many ports as you want at once.

766
 Managing Ports and Interfaces

All these ports will have the same name and be numbered. If you add ports to a specific device,
you will have to add them one by one.

To manually add a device and the ports it contains

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. Tick the Add port(s)/interface(s) box. The ports and interfaces section opens.
6. In the Type drop-down list, select Port. The port related fields open.
7. Configure the port(s) addition:

Table 68.1. Port Addition Fields

Fields Description
Name In this field, type in the port name. If you use a # in its name, it will
be replaced by a number, no matter how many ports you want the
add at once, and number each one of them.
Number of ports In this field, type in the number of ports you want to add in the device
you are creating. Each port will be numbered in accordance with the
chosen number.

8. Click onADD . The port is listed as such: port: <number of ports> <port name> in the Inter-
faces/Ports list. If you want to add more ports to the device. Repeat these actions for as
many ports as needed.
9. In the Interfaces/Ports list, you can set in which order the ports and interfaces will be displayed
selecting the items name and using the and buttons.

This field also allows to update the ports and interfaces parameters: select the item, modify
the data in the fields and click on UPDATE . Note that if you want to add a new set of ports
while your are interfering with the newly added once, click on CANCEL to display again the
empty creation fields. You can also select any item and click on DELETE .
10. Click on OK to commit the creation. The report opens and closes. The device is listed and
contains all the ports, filter the list to find the device name if needed. Both the device and
the ports are marked Managed in the Status column.

The procedure below details the port addition on the all ports & interfaces page, however you
can obviously add ports on the All ports & interfaces list of a specific device.

To manually add a port in the all ports & interfaces list

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. In the menu, select Add > Port/Interface. The Add port/interface wizard opens.
4. In the Device drop-down list, select one of your existing devices.

767
 Managing Ports and Interfaces

5. Click on NEXT . The next page opens.

6. In the Name field, name the port.
7. In the Type drop-down list, select Port.
8. You can link the port you are creating with another device port or interface. This is not
compulsory, if you do not want to link your port go to step 10.

Table 68.2. Linking a Port to Another Device Upon creation

Fields Description
Link with device In this field, type in the name of the device you want to link the port
with. The auto-completion will retrieve a list of existing devices
matching this name that you can choose from.
Link with port/interface In this field, type in the name of the port or interface you want to link
the port with. The auto-completion will retrieve a list of available ports
and interfaces matching this name that you can choose from.

9. Click on OK to commit your configuration. The report opens and closes. The port is listed
and marked marked Managed, filter the list to see it if needed.

Adding Interfaces Manually

The manual addition of interfaces is also possible from the All devices list and the All ports & in-
terfaces list. As interfaces are part of devices, you can create a device and add all the interfaces
you want to it at once. Like for the ports, adding interfaces from the All ports & interface list of a
device implies that you add them one by one.

Tip
You can add interfaces from the IPAM module when adding and editing IP addresses.
For more details, refer to the To add a device when creating an IP address procedure.

To manually add a device and the interfaces it contains

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Add > Device. The Add Device wizard opens.
4. In the Device field, name your device.
5. Tick the Add port(s)/interface(s) box. The ports and interfaces section opens.
6. In the Type drop-down list, select Interface.
7. In the Name field, type in the interface name.
8. You can link the interface with an IP address. This step is optional.

Table 68.3. Linking a Port to Another Device Upon creation

Fields Description
MAC address In this field, type in the MAC address if you know it. You will then
have to type in the corresponding IP address.

768
 Managing Ports and Interfaces

Fields Description
IP Address In this field, type in an IP address known to the IPAM module, the
corresponding MAC address will be deduced and entered in the MAC
a
Address field .
a
If the MAC address is already listed within the All ports & interfaces list, this interface addition will be impossible.

9. Click on ADD . In the Interfaces/Ports list, the interface is listed as such: interface: <interface
name> <MAC address> <IP Address>. Repeat these actions for as many interfaces as you
need.
10. In the Interfaces/Ports list, you can set in which order the ports and interfaces will be displayed
selecting the items name and using the and buttons.

This field also allows to update the ports and interfaces parameters: select the item, modify
the data in the fields and click on UPDATE . Note that if you want to add a new set of ports
while your are interfering with the newly added once, click on CANCEL to display again the
empty creation fields. You can also select any item and click on DELETE .
11. Click on OK . The report opens and closes. The device is listed and contains all the interfaces,
filter the list to find the device name if needed. Both the device and the ports are marked
Managed in the Status column.

The procedure below details the interface addition on the all ports & interfaces page, however
you can obviously add interfaces on the All ports & interfaces list of a specific device.

To manually add an interface to the all ports & interfaces list

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. In the menu, select Add > Port/Interface. The Add port/interface wizard opens.
4. In the Device drop-down list, select one of your existing devices. You can use your keyboard
to find the device you are looking for.
5. Click on NEXT . The next page, regarding port and interfaces, opens.
6. In the Name field, name the interface.
7. In the Type drop-down list, select Interface. The interface related fields open.
8. You can link the interface with an IP address. This step is optional.

Table 68.4. Linking a Port to Another Device Upon creation

Fields Description
MAC address In this field, type in the MAC address if you know it. You will then
have to type in the corresponding IP address.
IP Address In this field, type in an IP address known to the IPAM module, the
corresponding MAC address will be deduced and entered in the MAC
a
Address field .
a
If the MAC address is already listed within the All ports & interfaces list, this interface addition will be impossible.

9. In the Space drop-down list, you can select one of the existing IPAM spaces. It is not com-
pulsory.

769
 Managing Ports and Interfaces

10. You can link the interface you are creating with another device port or interface. This is not
compulsory, if you do not want to link your port go to step 10.

Table 68.5. Linking a Port to Another Device Upon creation

Fields Description
Link with device In this field, type in the name of the device you want to link the inter-
face with. The auto-completion will retrieve a list of existing devices
matching this name that you can choose from.
Link with port/interface In this field, type in the name of the port you want to link the interface
with. The auto-completion will retrieve a list of available ports and
interfaces matching this name that you can choose from.

11. Click on OK to commit your configuration. The report opens and closes. The interface is listed,
filter the list to see it if needed.

Editing Ports and Interfaces Properties

You have the possibility to edit the ports and interfaces. That way you can change their name,
the devices they are linked to or the MAC address if needed. The procedures in this part are
detailed to assist a successful modification of ports and interfaces in the event of a device duplic-
ation. However, each procedure can be followed individually if you know exactly what you are
looking for.

The edition is particularly useful if you are about to add new devices that have a similar structure
to the devices you already manage within Device Manager. Say you are about to add a new
network device in NetChange, you duplicate one of devices with a similar structure, name it like
the coming network device and add or delete the ports and interfaces as needed. Then you
manually link them to the needed device before performing an automatic discovery to automatically
retrieve all the data and be able to check it.

There are a couple of information that you can edit on a port: its name and its link to another
device port or interface. As for the interface, you can change its name, MAC address and its link
to another device interface.

Changing a Port or Interface Name

There are two different ways to change a port or interface name. You might need to do so to
avoid handling a number of ports or interfaces with a similar name or correct a misprint.

You can change a name through the Info Bar in the list.

To change a port or interface name through the Info Bar

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the list if needed.
4. Put your mouse over the port/interface you want to edit. The Info Bar appears.
5. Click on . The Edit a port or interface wizard opens.
6. In the Name field, type in the new name of the port/interface.

770
 Managing Ports and Interfaces

7. Click on OK to commit your edition. The report opens and closes. Your modified port name
is listed, its former name is no longer visible.

You can also change the name from the properties page of a port or interface.

To change a port or interface name from its properties page

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the list if needed.
4. Click on the name of the port/interface you want to edit. The properties page opens.
5. In the Main properties panel, click on the EDIT button. The Edit a port or interface wizard
opens.
6. In the Name field, rename the item.
7. Click on OK to commit your edition. The report opens and closes. In the Main properties
panel, the name is modified.

Note
Any port can be renamed. As NetChange ports had a name before you chose
to manage them through Device Manager, once you renamed them both names
will be displayed on the port properties page. The Name field will display your
name, the NetChange port name will display the original name of the port.

Editing a Port
The ports links towards devices can be modified. There is one situation when you will need to
do so: the device duplication. Once a device is duplicated, the newly created device ports are
not linked to any other device. In this case, you have to create the link between the ports and the
needed device port of interface.

Therefore, after a device duplication we recommend that you first link the ports to another device
manually and then check the truthfulness of the manual link with an automatic discover once the
new device is added in NetChange.

To link a port to another device interface

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the names to display the port name if needed.
4. Click on the name of the port you want to link to another device interface. The port properties
page opens.
5. In the Main properties panel, click on EDIT . The Edit a port or interface wizard opens.
6. Specify the other device port or interface.

771
 Managing Ports and Interfaces

Table 68.6. Linking a Port to Another Device

Fields Description
Link with device In this field, type in the name of the device you want to link the port
with. The auto-completion will retrieve a list of existing devices
matching this name that you can choose from.
Link with port/interface In this field, type in the name of the port or interface you want to link
the port with. The auto-completion will retrieve a list of available ports
and interfaces matching this name that you can choose from.

7. Click on OK to commit the edition. The report opens and closes. The device you selected is
visible in the Main properties panel in the Manually linked to line, the selected interface is
between brackets. If you go back to the All ports & interfaces list, you will have the same
information in the Manually linked to column.

Once you linked the ports to another device interface and added the device in NetChange, run
the automatic discovery as follows. If you also have interfaces in that device, modify their links
as well (see the section Modifying an interface below for more detail) before running the automatic
discovery.

To automatically add ports and interfaces

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.
3. In the menu, select Tools > Automatic Discovery. The report opens and closes. The notify
pop up window host_auto_discover.php appears. The devices are all listed and contain one
or more ports and interfaces depending on the links between network devices and ports
found in NetChange or through the MAC address.

You can now go back to the duplicated device list of ports & interfaces and compare the Manually
linked to and Automatically linked to column to make sure there is no drift in the reconciliation
column (see the section Tracking changes in the All ports & interfaces list for more details about
the reconciliation).

Editing an Interface
Like the ports, the interfaces can be linked to other devices interfaces. However they also
have a MAC address.Therefore, if you duplicated a device you will need to add a new link towards
the newly created device interfaces and update its MAC address.

Therefore, after a device duplication we recommend that you first link the interfaces to another
device manually, then update the MAC address and finally check the truthfulness of the manual
link with an automatic discover once the new device is added in NetChange.

To link an interface to another device's interface

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Filter the names to display the interface name if needed.

772
 Managing Ports and Interfaces

4. Click on the name of the interface you want to link to another device interface. The port
properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a port or interface wizard opens.
6. Specify the other device port or interface.

Table 68.7. Linking a Port to Another Device

Fields Description
Link with device In this field, type in the name of the device you want to link the inter-
face with. The auto-completion will retrieve a list of existing devices
matching this name that you can choose from.
Link with port/interface In this field, type in the name of the interface you want to link the in-
terface with. The auto-completion will retrieve a list of available ports
and interfaces matching this name that you can choose from.

7. Click on OK to commit the edition. The report opens and closes. The device you selected is
visible in the Main properties panel in the Manually linked to line, the selected interface is
between brackets. If you go back to the All ports & interfaces list, you will have the same
information in the Manually linked to column.

Once you linked the interfaces to another device interface, update its MAC address.

To update a MAC address

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the interface which MAC address you want to update. Filter the data if needed.
4. In the menu, select Edit > Update MAC. The Update mac address wizard opens.
5. In the MAC address field, type in the new MAC address.
6. Click on OK to commit the edition. The report opens and closes. The interface is listed with
the new MAC address. The MAC address is also updated within the IPAM module.

Note
Once you updated a MAC address, the former MAC address is deleted and the
IP address(es) it is linked to are saved whether it is an IPv4 or an IPv6 address.

Now that the links are saved and the MAC address is added, if you have added the new device
in NetChange you can run the automatic discovery. If you also have ports in that device, modify
their links as well (see the section Modifying a Port for more details) before running the automatic
discovery.

To automatically add ports and interfaces

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Devices icon. The All devices list opens.

773
 Managing Ports and Interfaces

3. In the menu, select Tools > Automatic Discovery. The report opens and closes. The notify
pop up window host_auto_discover.php appears. The devices are all listed and contain one
or more ports and interfaces depending on the links between network devices and ports
found in NetChange or through the MAC address.

You can now go back to the duplicated device's list of ports & interfaces and compare the
Manually linked to and Automatically linked to column to make there is no "drift" in the reconciliation
column (see part #### for more details about the reconciliation).

Tracking Changes in the All ports & interfaces List

The All ports & interfaces list provides what we call the reconciliation. It comes in the two flavours,
a column in the listing and an option. It allows you to compare the links between devices through
the ports and interfaces whether it was entered manually or retrieved automatically and therefore
minimises the risk of saving inaccurate information in the module.

The Reconciliation Column

This column compares the data entered in the Automatically linked to and the Manually linked to
columns.

There are three different values displayed in this column: OK, N/A and Drift.

OK is displayed when there is similar data in both Automatically linked to and Manually linked
to columns.

N/A is displayed when there is no data in either columns.

! Drift is displayed when there is a different between the two columns. This value is interesting

when you automatically retrieved the list of devices, interfaces and ports from the NetChange.

This column works in close relation with the reconciliation option. Note that the data retrieved
automatically always has the upper hand in Device Manager so do not use the reconciliation
option if you know that what you entered manually does not correspond to the way you want to
manage your items.

Note
Editing the devices topology from the IPAM will change the content of the Manually
linked to column. For more details refer to the Editing the Devices Topology from the
IPAM Module section of this guide.

With version 5.0.3, a new default Top List tracks the Reconciliation column Drift status: Alert on
ports/interfaces reconciliation drift. For more details, refer to the section The Default Gadgets.

The Reconciliation Option

The reconciliation option is here to proofread the link created manually versus the data entered
automatically. The first way to make you do not get any Drift is to configure Device Manager before
adding any items to it. Indeed, with this option both Automatically linked to and Manually linked
to will basically contain the exact same data.

774
 Managing Ports and Interfaces

However, if you decided to enter some data manually, you can reconcile both link related columns
with the Reconciliation option. That is to say, the content of the Manually linked to column will
overwrite the content of the Automatically linked to column.

To reconcile automatically and manually entered links

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All Ports & interfaces list opens.
3. Filter data if needed. For instance through Drift in the Reconciliation column.
4. Tick the port(s) and/or interface(s) you want to reconcile.
5. In the menu, select Edit > Reconcile. The Reconciliation wizard opens.
6. Click on OK to commit the reconciliation. The report opens ans closes. The items disappear
from the list if the Reconciliation column was filtered by Drift as the value of the selected
items is now OK.

Deleting Ports and Interfaces

The deletion of ports and interfaces is non-reversible and manual.You will have to delete interfaces
and ports through the All ports & interfaces list.

To delete a port or an interface

1. Go to the Device Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
3. Tick the port(s) and/or interface(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The selected item(s) is/are
no longer listed.

Note
If you delete interfaces linked with the IPAM, the link between the IP addresses and
the device will be broken.

Importing Ports and Interfaces

Like most modules in SOLIDserver, Device Manager provides the possibility to import ports and/or
interfaces on the All ports & interfaces page from a CSV file. From then on, you will be able to
import them in the device of your choice and organize your network as you please. For more
details, refer to the chapter Importing Data in the Global Policies part of this guide.

775
Chapter 69. Managing the Interaction
with the IPAM
Device Manager offers the possibility to display IPv4 and IPv6 addresses on the same list. Like
the IPAM and the DHCP modules, it uses the Dual Stack protocol. Which is why you have the
possibility to assign IP addresses in both versions of the Internet Protocol to one interface.

The automatic discovery option provides an automated assignment and display of both IPv4 and
IPv6 addresses. It requires the IP address and interface MAC address to be associated in the
IPAM module prior to running the option. Note that the MAC address in question should be part
of NetChange discovered items list. Once you made changes in either module, you can run the
option again following the To automatically add devices procedure.

From version 5.0.2, the interaction between the IPAM and Device Manager as been enhanced
drastically providing the possibility to edit Device Manager from from the IPAM module. Now you
can:

• add devices from the All addresses page when assigning an IP (refer to the Adding Devices
from the IPAM Module section for more details),
• associate IP addresses to existing interface or remove that link (see Managing the IP
Addresses/Interfaces Link from the IPAM Module section below),
• edit from the All addresses page the link between devices (see the Editing the Devices
Topology From the IPAM Module section below).

Obviously, you can still assign IP addresses to existing interfaces using their MAC address, like
detailed in the section below.

Tip
Two columns were added to All addresses list listing template to display the device
and interface linked to the IP addresses: Device manager name, that displays the
device name, and Device manager interface, that displays the interface name. For
more details regarding columns display, see the Customizing the List Layout section
of this guide.

Assigning IP Addresses to an Interface Using their MAC

Address
At any time you can manually assign the IPv4 and IPv6 addresses to existing interfaces provided
that any relevant piece of information is already saved in SOLIDserver database (in the IPAM
and NetChange).

Note
Adding, removing or editing an IP address MAC address might change or remove
an existing IP address/interface link.

776
 Managing the Interaction with the
IPAM

Assigning IPv4 Addresses to an Interface

The IP addresses of newly added blocks and subnets are not be taken into account by Device
Manger unless you assign them. Therefore, you will have to manually assign the MAC addresses
to the IP addresses.

To assign an IPv4 address to an interface using its MAC address

1. Within Device Manager

a. Go to the Device Manager tab. If the homepage is not displayed, click on . The
homepage opens.
b. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
c. Order the list by MAC address. The interfaces are listed first.
d. Put your mouse over the name of the interface of your choice. The Info Bar appears.
e. Click on . The interface properties page opens.
f. In the Main properties panel, copy the MAC address.

2. Within the IPAM module

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on the Addresses icon. The All addresses list opens. The IP4 button in the upper
right corner is blue.
c. Click on an available address. The pop up message This address is free, do you want
to assign it? opens.
d. Click on OK . The Add an IPv4 address wizard opens.
e. If you or your administrator created classes, the IP address class list is visible. Select
a class or None and click on NEXT . The next page of the wizard opens.
f. The IP address name field is gray and empty.
g. The IP address field displays the IP address.
h. In the MAC address field, paste your MAC address.
i. In the Shortname field, name your IP address: it is automatically displayed in the IP
address name field.
j. In the Mode drop-down list, make sure Configurable behaviors is selected.
k. Click on NEXT . The Aliases configuration page opens. There is nothing to set up in this
page when simply assigning an IP address to an interface, see section Configuring IP
Aliases for more details.
l. Click on OK to commit your assignment. The IPv4 addresses list opens again and the
IP address is listed as used, named and has a MAC address.

Note
If the report page displays the Warning message MAC address already
used. (Space: ..., Address: ....), on as many lines as IP address(es) used
on the interface, click on OK to commit the addition of the extra IP address
on the interface. To cancel the assignment, click on CLOSE. To modify the
MAC address, click on PREVIOUS. The Aliases configuration page opens

777
 Managing the Interaction with the
IPAM

first, click on PREVIOUS again to open the Add an IPv4 address page
where you can make the needed changes.

Assigning IPv6 Addresses to an Interface

With IPv6 addresses, the interface assignment also has to go through the IPAM module and then
edit the interface within Device Manager. We recommend that you make sure that the MAC ad-
dress of the interface using this IPv6 address is among the NetChange discovered items, that
way it is directly detected by Device Manager.

To assign an IPv6 address to an interface using its MAC address

1. Within Device Manager

a. Go to the Device Manager tab. If the homepage is not displayed, click on . The
homepage opens.
b. Click on the Ports & interfaces icon. The All ports & interfaces list opens.
c. Order the list by MAC address. The interfaces are listed first.
d. Put your mouse over the name of the interface of your choice. The Info Bar appears.
e. Click on . The interface properties page opens.
f. In the Main properties panel, copy the MAC address.

2. Within NetChange

a. Go to the NetChange tab. If the homepage is not displayed, click on . The homepage
opens.
b. Click on Discovered items. The All discovered items list opens.
c. Click on Unset Filters to remove the Interco column default filter.
d. Paste your address in the MAC Address column to make sure that it is part of NetChange
items.
e. On your keyboard, hit Enter. If the MAC address is listed follow the procedure. If it not
listed, go back to step 1 and find an interface that is part of the All discovered items list.

3. Within the IPAM module

a. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
b. Click on Addresses (v6). The All addresses list opens. The IP6 button in the upper right
corner is blue.
c. Click on an available address. The pop up message This address is free, do you want
to assign it? opens.
d. Click on OK . The Add an IPv6 address wizard opens.
e. If you or your administrator created classes, the IP address class list is visible. Select
a class or None and click on NEXT . The next page of the wizard opens.
f. The IP address name field is gray and empty.
g. The IP address field displays the IP address.

778
 Managing the Interaction with the
IPAM

h. In the MAC address field, paste your MAC address.

i. In the Shortname field, name your IP address: it is automatically displayed in the IP
address name field.
j. Click on NEXT . The Aliases configuration page opens. There is nothing to set up in this
page when simply assigning an IPv6 address to an interface, see section Configuring
IP Aliases for more details.
k. Click on OK to commit your assignation. The report opens and closes. The IPv6 ad-
dresses list opens again and the IP address is listed as used, named and has a MAC
address.

Note
If the report page displays the Warning message MAC address already
used. (Space: ..., Address: ....), on as many lines as IP address used on
the interface, click on OK to commit the addition of the extra IP address on
the interface. To cancel the assignment, click on CLOSE. To modify the
MAC address, click on PREVIOUS. The Aliases configuration page opens
first, click on PREVIOUS again to opens the Add an IPv6 address page
where you can make the needed changes.

4. Within Device Manager

a. Go back to the Device Manager tab. The interface properties page opens.
b. Click on EDIT . The Edit a port/interface wizard opens.
c. Click on OK to update the information. The report opens and closes. In the Interface
attachments panel, the IPAM section regarding v6 addresses is updated and display
the new IP address information. The address is visible in the All Ports & interfaces list.

Obviously, you can use the procedure above for as many IP addresses as needed for one inter-
face. Beyond one IPv6 address, the addition wizard will display a report step listing the IP ad-
dresses already used on this interface to make sure that you actually want to use an extra IP
address.

Managing the IP Addresses/Interfaces Link from the IPAM

Module
With version 5.0.2, from the All addresses list you can associate IP addresses to existing interfaces.
You can either use default behaviors to provide a link between them or a dedicated option in the
Edit menu. This menu also provides an easy way to break the link between an IP address and
an interface.

Note
Any ports and interfaces changes made from the IPAM will change the content their
Manually linked to column. For more details, refer to the Tracking Changes in the
All ports & interfaces List section of this guide.

779
 Managing the Interaction with the
IPAM

Using Default Behaviors to Associate IP Addresses with Interfaces

First, you need to configure the corresponding behavior in the Default behavior wizard. Then,
you will be able to specify an existing interface upon creation or edition of any IP address. The
two procedures below detail the steps to follow:

To configure address/interface association default behaviors

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to link IP addresses with
existing devices.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.

Once you ticked the default behavior box, two fields are available on the address edition and
addition wizards both in IPv4 and IPv6:

Table 69.1. IPAM/Device Manager Configurable Behaviors

Configurable behaviors Related fields in the add/edit wizard
Enable to link IP addresses with existing devices Device name
Interface name

To link an IP address with an interface using default behaviors

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit an IP address to display the Device Manager dedicated fields. For more details
regarding the first steps of addition or edition, refer to the Managing IP Addresses chapter.
The corresponding wizard opens.
5. On the Add/Edit IP address page, configure the device addition dedicated fields:

a. In the Device name field, type in the name or part of the name of an existing device.
The auto-completion will retrieve a list of device matching this name that you can choose
from.
b. In the Interface name field, type in the name or part of the name of an exiting interface.
The auto-completion will retrieve a list of interfaces matching this name that you can
choose from. Once you selected an interface, its name will be displayed as follows:
<interface name> (<device name> - <number of IP addresses associated with the inter-
face>).

If you do not specify an interface, the IP address is only associated with the device and
displayed on the address properties page.

780
 Managing the Interaction with the
IPAM

6. Click on NEXT . The Aliases configuration page opens.

7. Configure aliases if need be. For more details, refer to the Configuring IP Address Aliases
chapter.
8. Click on OK to commit your changes/configuration.The report opens and closes.The changes
are visible in the dedicated columns, the IP address properties page and in Device Manager.

Using the Menu to Manage the IP Addresses/Interfaces Link

Through the All addresses page menu, you can set up, edit or remove links between your IP
addresses and an existing Device Manager interface.

Linking IP Addresses with Existing Interfaces

Once you assigned IP addresses, you can link them to the existing device and interface of your
choice through the menu. The wizard also allows you to edit, i.e. overwrite, an existing link
between the IP address and an interface.

Note
The auto-completion provided in the device name and interface name will only list
the device and interfaces marked as Managed and Imported. The Unmanaged items
will not be listed.

To link an IP address and an interface using the menu

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Tick the IP address(es) of your choice.
5. In the menu, select Edit > Link IP addresses to Device Manager interfaces. The Link IP
addresses to Device Manager interfaces wizard opens.
6. Set the link following the table below.

Table 69.2. IP Address/Interface Link Configuration

Fields Description
Device name In this field, type in the name or part of the name of an existing device.
The auto-completion will retrieve a list of device matching this name
that you can choose from.
Interface name In this field, type in the name or part of the name of an exiting inter-
face. The auto-completion will retrieve a list of interfaces matching
this name that you can choose from. Once you selected an interface,
its name will be displayed as follows: <interface name> (<device
name> - <number of IP addresses associated with the interface>).
Overwrite Tick this this box to edit an existing link and overwrite it with a link
to the device and interface you specified in the above fields.

7. Click on OK to commit the link configuration. The report opens and closes. The All addresses
list is visible again. The changes are visible in the dedicated columns, the IP address prop-
erties page and in Device Manager.

781
 Managing the Interaction with the
IPAM

Removing the Link Between IP Addresses and Interfaces

Once you set a link between an IP address and an interface, you can remove it using the menu
provided that no MAC address was used when assigning the IP address.

To remove an IP address/interface using the menu

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Tick the IP address(es) of your choice.
5. In the menu, select Edit > Remove the IP addresses/Device Manager interfaces link. The
Link IP addresses to Device Manager interfaces wizard opens.
6. Set the link following the table below.

Table 69.3. IP Address/Interface Link Configuration

Fields Description
Device name In this field, type in the name or part of the name of an existing device.
The auto-completion will retrieve a list of device matching this name
that you can choose from.
Interface name In this field, type in the name or part of the name of an exiting inter-
face. The auto-completion will retrieve a list of interfaces matching
this name that you can choose from. Once you selected an interface,
its name will be displayed as follows: <interface name> (<device
name> - <number of IP addresses associated with the interface>).
Overwrite Tick this this box to edit an existing link and overwrite it with a link
to the device and interface you specified in the above fields.

7. Click on OK to commit the link configuration. The report opens and closes. The All addresses
list is visible again. The changes are visible in the dedicated columns, the IP address prop-
erties page and in Device Manager.

If your IP address was assigned a MAC address, you need to edit the IP address, remove the
MAC address and then follow the procedure above to remove the link with the interface. For more
details regarding IP address edition refer to the Editing an IP Address section of this guide.

Editing the Link Between IP Addresses and Interfaces

Once you set up a link between an IP address and an interface, you can edit it to link the IP ad-
dress with a different interface.

First, as we detailed in the Linking IP addresses with Interfaces section above, you can simply
specify a device and interface and tick the Overwrite box.

Second, if the IP address was assigned a MAC address, you can simply edit the MAC address
to link the IP address with another interface. For more details regarding IP address edition refer
to the Editing an IP Address section of this guide.

782
 Managing the Interaction with the
IPAM

Editing the Devices Topology from the IPAM Module

With version 5.0.2, you can manage the devices topology from the IPAM All addresses list. Now
you can edit the link between an interface, provided it is linked to the IP address you are editing,
with another device port. As for the addition of IP addresses, unlike the two Device Manager
dedicated behaviors, you will need to tick the device addition or the device association behavior
to provide or display a device and then define which other device you want to link it with.

First, you need to configure the corresponding behavior in the Default behavior wizard. Then, if
your IP address is already linked to an interface, you will be able to link it with another existing
interface upon edition of any IP address. The two procedures below detail the steps to follow:

To configure address/interface association default behaviors

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / Device Manager interaction section, tick the Enable to link IP addresses with
existing devices.
6. Click on OK to commit the configuration. The report opens and closes. The All addresses
list is visible again. Your configuration is now available in the IP address addition and edition
wizards along with the Configurable behaviors value in the Mode field.

Once you ticked the default behavior box, two fields are available on the address edition and
addition wizards both in IPv4 and IPv6:

Table 69.4. IPAM/Device Manager Configurable Behaviors

Configurable behaviors Related fields in the add/edit wizard
Enable to edit the devices topology from the Link with device
IPAM Link with port

Tip
If only tick this behavior, the related fields will be displayed upon edition of an IP
address only if the IP address is already associated with a device and an inter-
face. As for the IP address addition, you will need to tick the device addition or asso-
ciation behavior to allow users to first set the link between the IP address and the
interface and then see the Link with device and Link with interface fields.

To link devices from the IPAM

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Addresses icon. The All addresses list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Edit an IP address already associated with an interface to display the Device Manager
dedicated fields. For more details regarding the first steps of IP address edition, refer to the
Managing IP Addresses chapter. The edition wizard opens.

783
 Managing the Interaction with the
IPAM

5. On the Edit IP address page, configure the devices topology dedicated fields:

a. In the Link with device field, type in the name of an existing device. The auto-completion
will retrieve a list of device matching this name.
b. In the Link with port field, type in the name of an exiting port. The auto-completion will
retrieve a list of ports matching this name. Once you selected an interface, its name is
displayed in the field along with the device.

6. Click on NEXT . The Aliases configuration page opens.

7. Configure aliases if need be. For more details, refer to the Configuring IP Address Aliases
chapter.
8. Click on OK to commit your changes/configuration.The report opens and closes.The changes
are visible on the All ports & interfaces page and in the Manually linked to column.

Note
Editing the devices topology from the IPAM will change the content of the Manually
linked to column. To reconcile the content of the Automatically linked to and Manually
linked to columns, refer to the Tracking Changes in the All ports & interfaces List
section of this guide.

784
Chapter 70. Rules Impacting Device
Manager
There are a number of Device Manager related rules that you can manage through the adminis-
tration tab. The organization of the rules is very particular as they are ordered per module, module
referring here to where the whole behavior is triggered and does not refer to the module where
the behavior is implemented.

Other Modules Rules Impacting Device Manager

There are two modules that interact directly with Device Manager if the right rules are enabled:
DHCP and NetChange. Any of the Device Manager related rules will automatically create devices
or refresh Device Manager altogether. These rules make the update easier and more efficient.
This way, every time you interact with the items in question, you do not need to modify all the
Device Manager items one by one manually.

DHCP Rules
Within the DHCP module, two events can trigger changes in Device Manager: adding statics and
adding leases.

Rule 221
If you enable this rule, every time you add a static in the DHCP module, a new interface is
created. It is named after the static and belongs to a device also named after the static. To
add this rule, select the DHCP module and the Add: DHCP statics event when you follow
the To add a rule procedure.
Rule 225
If you enable this rule, every time a lease is generated in the DHCP module, a new device
is created. It is named after the host name associated with the lease in DHCP and contains
an interface with a generic_# name. To add this rule, select the DHCP module and the Add:
DHCP leases event when you follow the To add a rule procedure.

NetChange Rules
Within the NetChange module, refreshing NetChange can trigger Device Manager to refresh al-
together if you enable the right rule.

Rule 227
If you enable this rule, every time NetChange is refreshed, Device Manager will consequently
be refreshed and updated. To add this rule, select the NetChange module and the NetChange
refresh event when you follow the To add a rule procedure.

Adding Device Manager Rules

From the Rules page, you can add the rule of your choice. By default, none of Device Manager
related rules are added to the listed.

785
 Rules Impacting Device Manager

To add a rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select the module that triggers the needed behavior.
5. In the Event drop-down list, select the action in the selected module that triggers the beha-
vior.
6. In the Rule list, select the rule of your choice. Each rule is listed as follows: (<rule-number>)
<rule-name>.
7. In the Rule name, name the rule. This name will be displayed in the Instance column and
help you filter the list without using the rule number.
8. In the Comment field, you can type in a comment.
9. Click on NEXT . The last page of the wizard opens.
10. Click on OK to commit the rule addition. The report opens and closes. The rule is listed and
marked OK in the status column.

Enabling or Disabling Device Manager Rules

For the purpose of this part, we will quickly go through the procedures to enable or disable the
Device Manager rules. By default, upon addition, the rules are enabled. You can disable them
at any time and enable them again later if need be.

To disable a rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. Filter the list through the Rule # column: type in the rule number.
4. Tick the rule you want to disable.
5. In the menu, select Edit > Disable. The Are you sure, you want to disable this entry? wizard
opens.
6. Click on OK . The report opens and closes. In the Status column, the rule is marked Dis-
abled.

If you want to enable a disabled rule, the procedure is as follow.

To enable a rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules page opens.
3. Filter the list through the Rule # column: type in the rule number.
4. Tick the rule you want to enable.

786
 Rules Impacting Device Manager

5. In the menu, select Edit > Enable. The Are you sure, you want to enable this entry? wizard
opens.
6. Click on OK . The report opens and closes. In the Status column, the rule is marked OK .

787
Part XI. VLAN Manager
Table of Contents
71. Introduction ............................................................................................................. 790
Objectives of VLAN Manager ................................................................................. 790
VLAN Domains ..................................................................................................... 790
VLAN Ranges ....................................................................................................... 791
72. Managing VLAN Domains ......................................................................................... 792
Browsing VLAN Domains ....................................................................................... 792
Browsing the VLAN Domains Database .......................................................... 792
Customizing the VLAN Domains Display ......................................................... 793
Adding VLAN Domains .......................................................................................... 793
Editing VLAN Domains .......................................................................................... 793
Deleting VLAN Domains ........................................................................................ 794
Importing VLAN Domains ....................................................................................... 794
Defining a VLAN Domain as a Group Resource ....................................................... 794
Creating Classes at VLAN Domain Level ................................................................ 795
73. Managing VLAN Ranges .......................................................................................... 796
Browsing VLAN Ranges ......................................................................................... 796
Browsing the VLAN Ranges Database ............................................................ 796
Customizing the VLAN Ranges Display ........................................................... 797
Adding VLAN Ranges ............................................................................................ 797
Editing VLAN Ranges ............................................................................................ 798
Changing a Range Properties ........................................................................ 798
Changing a Range Size ................................................................................. 798
Deleting VLAN Ranges .......................................................................................... 799
Importing Ranges .................................................................................................. 799
Defining a VLAN Range as a Group Resource ........................................................ 800
Creating Classes ................................................................................................... 800
74. Managing VLANs ..................................................................................................... 801
Browsing VLANs ................................................................................................... 801
Browsing the VLANs Database ....................................................................... 801
Customizing the VLANs Display ..................................................................... 802
Understanding the VLANs Statuses ................................................................ 802
Adding VLANs ....................................................................................................... 802
Editing VLANs ....................................................................................................... 803
Deleting VLANs ..................................................................................................... 803
Importing VLANs ................................................................................................... 804
75. Managing the IPAM / VLAN Interaction ...................................................................... 805
Configuring the IPAM / VLAN Interaction ................................................................. 805
Applying the IPAM / VLAN Interaction ..................................................................... 806

789
Chapter 71. Introduction
Objectives of VLAN Manager
With version 5.0.2, EfficientIP introduces a new module: VLAN Manager. This module allows you
to create and handle Virtual Local Area Networks (VLANs) through the GUI. The virtual networks
will enable a level 2 data exchange between networks and devices: communication through their
MAC address. Therefore, whatever the devices and networks IP address, they can be connected
through VLAN Manager.This module will allow you to connect through the GUI the virtual networks
of your choice and organize your subnets according to your needs between spaces and blocks.
This way, you can control and set up the interaction between all the subnets of your network or-
ganization.

There are three levels of hierarchy within the module: the domains, ranges and VLANs themselves.
You can either add manually or import existing VLANs. In each domain, or range, the management
of your VLANs is simplified through the use of the VLAN Identifier (ID) to differentiate each VLANs.
Once created, you can assign a name to each VLAN to set up the interaction between VLAN
and your IPAM subnets more easily.

Keep in mind that the VLANs that you create and configure within VLAN Manager are completely
different from the VLAN interfaces that you can set up on the network configuration page of
SOLIDserver. VLAN interfaces will simply use a VIF to provide several IP addresses to connect
to SOLIDserver but not connect your IPAM subnets together through the GUI. For more details
regarding VLAN interfaces, refer to the section Setting up a VLAN interfaces in the Network
configuration chapter of this guide.

VLAN ID: 100

VLAN Name: DC

Subnet Name: floor2

Subnet Address: 10.34.15.0/24

Subnet Name: DC1

Subnet Address: 10.88.122.0/24

Subnet Name: floor1

Subnet Address: 10.34.2.0/24 VLAN ID: 1
VLAN Name: Atrium

Figure 71.1. Example of a VLAN Associating two subnets

VLAN Domains
To manage your VLANs, you will need to create at least one domain. It can contain from one to
4096 virtual networks. Each VLAN will be given an ID that corresponds to the range of VLAN IDs
that you will have specified. From then on, each VLAN is created in the domains and you can
then organize them among ranges if need be or simply assign it an name to set up an interaction
between the subnets of your choice. Once created, a domain can be deleted as long as it does
not contains any range or used VLANs (i.e. VLANs that were assigned a name and therefore

790
 Introduction

potentially connecting subnets). Like many other objects within SOLIDserver, you can import
domains. For more details, refer to the Importing Data chapter of this guide.

VLAN Ranges
Through VLAN Manager, the range level is optional. It simply provides an extra level or organiz-
ation for your VLANs that will only manage IDs that have already been specified in the domain
they belong to. Once created, a range can be deleted as long as it does not contain used VLANs.
Like the VLAN domains, ranges can be imported. For more details, refer to the Importing Data
chapter of this guide.

791
Chapter 72. Managing VLAN Domains
Within VLAN Manager, the domains constitute the highest level of the hierarchy. They can be
composed of VLAN ranges and VLANs or exclusively of VLANs depending on your organizational
needs.

To organize your VLANs you need at least one domain but you can add as many as you want.
A domain can contain between 1 and 4094 VLANs, this number corresponds to the VLAN ID.
Each domain then contains a set of VLANs listed through their identifier.

Every time you add a domain, you can set the same set of IDs. They will be duplicated in the All
VLANs list, even if you have let's say 10 VLANs with the ID 1, they are different as they do not
belong to the same domain or range and finally might be assigned different names.

Browsing VLAN Domains

To manage your VLANs it is compulsory to have at least one domain.

domain

range

vlan-navdomain
VLAN

Figure 72.1. The Domains within VLAN Manager Hierarchy

Here below, you can see the breadcrumb link to browse the domains database:

Figure 72.2. VLAN Manager: All domains

Browsing the VLAN Domains Database

To display the list of VLAN domains

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.

To display the list of VLAN domains through the breadcrumb

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All domains. The All domains list opens.

To display a VLAN domain properties page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.

792
 Managing VLAN Domains

3. At the end of the line of the domain of your choice, click on . The properties page opens.

Customizing the VLAN Domains Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Adding VLAN Domains

Adding a domain sets the number of VLANs that you will manage. You can set the start and end
VLAN ID of your choice; for instance, you can choose to manage the VLANs 25 to 500.

To add a VLAN domain

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the menu, select Add > Domain. The Add a VLAN domain wizard opens.
4. In the Domain field, name your VLAN domain.
5. In the Description field, you can add a description. This field is optional.
6. In the Start VLAN ID field, type in a the number of your choice (between 1 and 4094) that
will set the ID of the first VLAN managed through the domain. By default, 1 is displayed in
the field.
7. In the End VLAN ID field, type in a the number of your choice (between 1 and 4094) that will
set the ID of the last VLAN managed through the domain. This will also define the number
of VLANs in the domain, depending on the Start VLAN ID you just chose. By default, 4094
is displayed in the field.
8. Click on OK to commit the addition. The report opens and closes. The domain is listed, in
the Start ID and End ID fields you can see the ID of first and last VLANs of the domain.

Editing VLAN Domains

Editing a domain means renaming it or changing its description field (modify, add or remove the
description).

Once created, you cannot change its start and end ID, if it does not match your needs anymore.
In this case, create a new one, assign the same name to the VLANs it contains if need be, and
finally delete the obsolete domain; or export the VLANs and reimport them in the new domain.

To delete a VLAN domain from the list

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. Put your mouse over the name of the domain you want to edit. The Info bar appears.
4. Click on . The Add a VLAN domain wizard opens.
5. Edit the Domain and/or Description field according to your needs.

793
 Managing VLAN Domains

6. Click on OK to commit the changes. The report opens and closes. The domain is listed with
the changes you just made.

To delete a VLAN domain from the properties page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. At the end of the line of the domain of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VLAN domain wizard opens.
5. Edit the Domain and/or Description field according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The domain is listed with
the changes you just made.

Deleting VLAN Domains

Deleting a domain is only possible if the domain does not contain any range and if none of the
VLANs is contained was assigned a name, and is therefore Used.

To delete a VLAN domain

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. Tick the domain(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the domain(s) deletion. The report opens and closes. The domain is
no longer listed, the VLANs it contained are deleted as well.

Importing VLAN Domains

Like most modules in SOLIDserver, VLAN Manager provides the possibility to import domains
on the All domains page from a CSV file. From then on, you will be able to add or import the
ranges and VLANs it contains and organize your network as you please. For more details, refer
to the chapter Importing Data in the Global Policies part of this guide.

Defining a VLAN Domain as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a VLAN domain as one of the resources of a specific group will allow the users
of that group to manage the VLAN domain(s) in question as long as they have the corresponding
rights and delegations granted.

Allowing access to a domain as a resource will also make every items it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

794
 Managing VLAN Domains

Creating Classes at VLAN Domain Level

Like many other objects within SOLIDserver, you can add classes for the VLAN domains. From
the All domains page, you can modify the VLAN domains user fields (Settings > Customize user
fields). In the same way, from the Administration tab Class Studio page, you can create the
classes of your choice and apply them to the VLAN domains.

795
Chapter 73. Managing VLAN Ranges
Within VLAN Manager, the ranges constitute the second level of the hierarchy. They are optional.
Contrary to the domains, the ranges start and end ID can be modified.

You can add ranges in your VLAN domains to polish your VLANs organization. A VLAN range
can contain as many VLANs as the domain it belongs to, as long as the VLAN IDs match. A
range contains a number of the VLANs of a specific domain, these VLANs will be identified
through their ID. Therefore, you cannot create a range with the start and end ID 5-10 if your domain
start and end IDs are 6-10.

Within a domain, you can create as many ranges as you want.The first range created will manage
VLANs of the domain. You can add extra ranges managing the same VLAN IDs: the VLANs will
be different as they belong to different ranges.

Browsing VLAN Ranges

You can create ranges to set up an extra level of management for your VLANs.

domain

range

vlan-navrange
VLAN

Figure 73.1. The Ranges within VLAN Manager Hierarchy

Here below, you can see the breadcrumb link to browse the ranges database:

Figure 73.2. VLAN Manager: All ranges

Browsing the VLAN Ranges Database

To display the list of VLAN ranges

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.

To display the list VLAN ranges through the breadcrumb

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All ranges. The All ranges list opens.

To display the list of ranges of a specific domain

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.

796
 Managing VLAN Ranges

2. Click on the Domains icon. The All domains list opens.

3. In the Name column, click on the name of the domain of your choice to display the VLANs
it contains.
4. In the breadcrumb, click on click on All ranges. The All ranges list of the selected domain
opens.

To display a VLAN range properties page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. At the end of the line of the range of your choice, click on . The properties page opens.

Customizing the VLAN Ranges Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Adding VLAN Ranges

You can create as many ranges as you need, keep in mind that if you set several ranges with
common VLANs, the VLAN IDs will be replicated in the All VLANs list, only their range and potential
assigned name will differ.

If you want to create range with unique sets of VLAN ID, you can use the prevent the No ID
overlapping checkbox when adding the range. Keep in mind that the overlap restriction applies
whether it was set on existing ranges or ranges you are trying to create. Therefore, if a range
manages the VLAN IDs 1-512 already exists and you try to create the range 512-550: an error
message appears on the wizard Report page whether the checkbox was ticked on the existing
range or on the new range creation wizard.

To add a VLAN range

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the menu, select Add > Range. The Add a VLAN range wizard opens.
4. In the Domain list, select the domain of your choice.
5. Click on NEXT . The last page of the wizard opens.
6. In the Range field, name your VLAN range.
7. In the Description field, you can add a description. This field is optional.
8. In the Start VLAN ID field, type in a the number of your choice (between 1 and 4094) that
will set the ID of the first VLAN managed through the domain. By default, 1 is displayed in
the field.
9. In the End VLAN ID field, type in a the number of your choice (between 1 and 4094) that will
set the ID of the last VLAN managed through the domain. This will also define the number

797
 Managing VLAN Ranges

of VLANs in the domain, depending on the Start VLAN ID you just chose. By default, 4094
is displayed in the field.
10. The No ID overlapping checkbox is ticked by default, you can untick it if you want to create
the same VLAN ID in several ranges.
11. Click on OK to commit the addition. The report opens and closes. The range is listed, in the
Start ID and End ID columns you can see the ID of first and last VLANs of the range.

Editing VLAN Ranges

Like for the VLAN domains, a range can be renamed and its description can be changed. However,
you can also decide to manage more or less VLANs in a range through the Resize ranges option.

Changing a Range Properties

You can rename a range and/or change its description field: modify, add or remove the description.

To edit a VLAN range from the listing page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Put your mouse over the name of the range you want to edit. The Info bar appears.
4. Click on . The Add a VLAN range wizard opens.
5. Edit the Domain, Description and/or No ID overlapping fields according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The range is listed with
the changes you just made.

To edit a VLAN domain from the properties page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. At the end of the line of the range of your choice, click on . The properties page opens.
4. In the Main properties panel, click on EDIT . The Add a VLAN range wizard opens.
5. Edit the Domain, Description and/or No ID overlapping fields according to your needs.
6. Click on OK to commit the changes. The report opens and closes. The range is listed with
the changes you just made.

Changing a Range Size

VLAN Manager provides an option only at range level that allows to change the number of VLANs
managed. You can decide to manage more or less VLANs, i.e. VLAN IDs. This option basically
shifts the VLAN identifier number to add IDs to the VLAN range or remove some IDs.

This option respects a set of rules:

1. You cannot reduce the size of a range if it contains Used VLANs (i.e. VLAN that were assigned
a name and might therefore be linked to a subnet in the IPAM)

798
 Managing VLAN Ranges

2. You can extend the size of a range as much as you want provided that:
• the new range size is not greater than the domain it belongs to.

If you want a range to manage the IDs 10-20, instead of the 10-15 it is currently managing,
this will not work if the domain manages the 1-15. You would be asking to manage IDs that
do not exist in the domain.
• the shift in ID that you set does not include Used VLAN belonging to another range: the
overlap is impossible.

In case of overlap, you can either delete the used VLAN and recreate it in the new range or export
it and reimport it in the new range.

To resize a VLAN range

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Tick the range(s) that you want to resize.
4. In the menu, select Edit > Resize ranges. The Resize ranges wizard opens.
5. In the Start ID shift, type in the shift value. Any number typed in will be added to the current
range Start ID. If you want to extend the number of IDs managed, type in - before the number.
If you do not want to change the Start ID, type in 0.
6. In the End ID shift, type in the shift value. Any number typed in will be added to the current
range Start ID. If you want to reduce the number of IDs managed, type in - before the number.
If you do not want to change the End ID, type in 0.
7. Click on OK to commit the changes. The report opens and closes. The range is listed with
the new start and end ID.

Deleting VLAN Ranges

Deleting a range is only possible if the VLANs it contains were not assigned a name and are
therefore Used.

To delete a VLAN range

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. Tick the range(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the domain(s) deletion. The report opens and closes. The range is
no longer listed, the VLANs it contained are deleted as well.

Importing Ranges
Like most modules in SOLIDserver, VLAN Manager provides the possibility to import ranges on
the All domains or All ranges page from a CSV file. From then on, you will be able to add or import

799
 Managing VLAN Ranges

the VLANs it contains and organize your network as you please. For more details, refer to the
chapter Importing Data in the Global Policies part of this guide.

Defining a VLAN Range as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a VLAN range as one of the resources of a specific group will allow the users of
that group to manage the VLAN range(s) in question as long as they have the corresponding
rights and delegations granted.

Allowing access to a range as a resource will also make every VLAN it contains available. For
more details, refer to the section Assigning Objects as Resource in the chapter Managing Groups
of administrator of this guide.

Creating Classes
Like many other objects within SOLIDserver, you can add classes for the VLAN domains. From
the All domains page, you can modify the VLAN ranges user fields (Settings > Customize user
fields). In the same way, from the Administration tab Class Studio page, you can create the
classes of your choice and apply them to the VLAN ranges.

800
Chapter 74. Managing VLANs
Within VLAN Manager, once you created one or several domains or even a set of ranges, the
VLANs are the lowest level of the hierarchy. They are identified through their ID and can be as-
signed a name. This name will be used to interact with the IPAM module at subnets level to set
up a channel of communication between several subnets or devices. Which is why, once they
have a name, the range and/or domain they belong to cannot be deleted.

Managing VLANs implies assigning them a name that will be used in the IPAM module to help
you organize the interaction between several networks or devices within a network.

Browsing VLANs
domain

range

vlan-navvlan
VLAN

Figure 74.1. The VLANs within VLAN Manager Hierarchy

Here below, you can see the breadcrumb link to browse the VLANs database:

Figure 74.2. VLAN Manager: All VLANs

Browsing the VLANs Database

To display the list of VLANs

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.

To display the list VLANs through the breadcrumb

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the breadcrumb, click on All VLANs. The All VLANs list opens.

To display the list of VLANs of a specific VLAN domain

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Domains icon. The All domains list opens.
3. In the Name column, click on the name of the domain of your choice to display the VLANs
it contains.

801
 Managing VLANs

To display the list of VLANs of a specific VLAN range

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Ranges icon. The All ranges list opens.
3. In the Name column, click on the name of the range of your choice to display the VLANs it
manages.

To display a VLAN range properties page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. At the end of the line of the VLAN of your choice, click on . The properties page opens.

Customizing the VLANs Display

SOLIDserver enables you to modify the columns display in the list. You can add, or modify the
order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Understanding the VLANs Statuses

On the All VLANs page, a VLAN can have one of two statuses. They are displayed on the right
end of the servers list. The table below explains the different statuses:

Table 74.1. VLANs Statuses

Status Description
Free The VLAN can be assigned a name.
Used The VLAN already has a name and can therefore interact with the IPAM.

Adding VLANs
Considering that the list of VLANs of a specific domain are added at the same time as the domain
itself, and that the ranges will only manage VLANs within that domain, the Add option on the All
VLANs page is not an addition per se. It allows to set as Used the VLAN and assign it a name if
need be.

To add a VLAN from the menu

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. In the menu, select Add > VLAN. The Add a VLAN wizard opens.
4. In the Domain list, select the domain of your choice.
5. Click on NEXT . The next page of the wizard opens.
6. In the Range list, select the range of your choice or none.
7. Click on NEXT . The last page of the wizard opens.

802
 Managing VLANs

8. In the VLAN name field, name the VLAN. This field is optional.
9. In the VLAN ID column, type in the VLAN ID of the VLAN to which you want to assign this
name.
10. Click on OK to commit the name assignation. The report opens and closes. The page re-
freshes and the VLAN is now listed and marked as Used. If you gave it a name, it is dis-
played in the Name column.

If you are assigning a VLAN within a domain or a range, this procedure will obviously be shorter
as the Domain and/or Range list will not be displayed.

To add a VLAN from the listing page

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Filter the list if need be.
4. In the VLAN ID column, click on the VLAN of your choice. The Add a VLAN wizard opens.
5. In the VLAN name field, name the VLAN. This field is optional.
6. In the VLAN ID field, the VLAN ID of the VLAN you chose is displayed in grey.
7. Click on OK to commit the changes.The report opens and closes.The VLAN is listed, marked
as Used and has a name in the Name column if you gave it one.

Editing VLANs
You can change a VLAN name from its properties pages. Keep in mind that changing the VLAN
name breaks the IPAM / VLAN interaction.

To assign a name to a VLAN

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Filter the list if need be.
4. Click on the name of the Used VLAN you want to edit. The properties page opens.
5. In the Main properties panel, click on EDIT . The Add a VLAN wizard opens.
6. In the VLAN name field, rename the VLAN.
7. Click on OK to commit the changes. The report opens and closes. The new VLAN name is
displayed in the panel.

Deleting VLANs
Considering that the VLAN are merely listed on the All VLANs page, you cannot delete them in-
dividually. Deleting the range and/or domain they belong to will remove them from the list.

However, once created and marked as Used in the status column, you can delete their status
and name.

803
 Managing VLANs

To delete a VLAN name

1. Go to the VLAN Manager tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the VLANs icon. The All VLANs list opens.
3. Tick the VLAN(s) which assigned name you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the VLAN assigned name deletion. The report opens and closes. The
VLAN is listed but no longer has a name in the Name column and its status is now Free.

Importing VLANs
Like most modules in SOLIDserver, VLAN Manager provides the possibility to import VLANs on
the All domains, All ranges or All VLANs page from a CSV file. For more details, refer to the
chapter Importing Data in the Global Policies part of this guide.

804
Chapter 75. Managing the IPAM / VLAN
Interaction
The purpose of VLAN Manager is to create and control the interaction between virtual local area
networks and your IPAM subnets. Within the IPAM module, this interaction is managed at subnet
level through the default behaviors and can be set both from IPv4 and IPv6 networks.

Configuring the IPAM / VLAN Interaction

There are two behaviors that the administrators (members of the admin user group) can configure
and make visible to standard users:

• Associate a subnet with an existing VLAN.

• Create the VLAN that will be associated with a subnet.

Like any default behavior, you need select them from the Default behaviors configuration wizard
to make them available on the addition and edition wizards and configure them upon creation
and modifications of your subnets (v4 and v6).

To configure VLAN default behaviors

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. In the menu, select Settings > Default behaviors. The Default behaviors configuration
wizard opens.
5. In the IPAM / VLAN interaction section, tick the Display the VLAN association fields box.
The Display the field "Create a VLAN" checkbox appears.
6. Tick the Display the field "Create a VLAN" checkbox.
7. Click on OK to commit the configuration. The report opens and closes. The All subnets list
appears. Your configuration is now available in the Add/Edit a Subnet wizards along with
the Configurable behaviors value in the Mode field.

Note
To tick the Display the field "Create a VLAN" behavior, you need to tick it only will
be displayed on the wizards if you ticked the Display the VLAN association fields
as well.

If you want to set it up for IPv4 and IPv6 terminal subnets, you will need to follow the procedure
on both pages. Once you ticked both boxes, you will have a set of drop-down list and fields
available on the subnet edition and addition wizards both in IPv4 and IPv6:

Table 75.1. VLAN Configurable Behaviors

Configurable behaviors Related fields in the add/edit wizard
Display the VLAN association fields VLAN domain
VLAN range

805
 Managing the IPAM / VLAN Interac-
tion

Configurable behaviors Related fields in the add/edit wizard

VLAN ID
Display the field "Create a VLAN" Create a VLAN

Applying the IPAM / VLAN Interaction

Once the behaviors are ticked, the corresponding fields will be available in the subnets addition
and edition wizards. The subnet/VLAN interaction can be set between a terminal or a non-
terminal subnet and a VLAN. You simply need to apply a common VLAN to the subnets you
want to associate. This will allow them to communicate (send/receive packets, etc) no matter
what block they belong to.

Note
If a non terminal subnet contains terminal subnets, linking it to a VLAN will not link
the subnets it contains to the VLAN.

To link a subnet to an existing VLAN

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit a subnet, whether it is terminal or not. For more details regarding the first steps
of addition or edition, refer to the Managing IP subnets chapter. The corresponding wizard
opens.
5. On the last page of the wizard, in the IPAM / VLAN interaction section, set the behaviors to
link your subnet to a VLAN:

a. In the VLAN domain drop-down list, select the VLAN domain containing the VLAN you
want to associate with your subnet.
b. In the VLAN range drop-down list, select the option that suits you needs. They are de-
tailed in the table below:

Table 75.2. VLAN Range Drop-down List Available Options

Option Purpose
Range name Select the name of an existing range to narrow down the auto-
complete search of the VLAN ID field.
None Use this option if there is no range in the domain or if the VLAN
you are looking for is not managed by a range.
All Use this option if you do not know in which range is the VLAN
you are looking for. This option will not work if there are several
ranges in your domain that have the same VLAN ID assigned,
even if they have a different name.

c. In the Create vlan section, do not tick the checkbox. For more details regarding this
section, refer to the procedure To create and link a VLAN to a subnet below.
d. In the VLAN ID field, type in the first digit(s) of the ID of the VLAN you are looking for.
This field auto-completes and displays the matching VLAN in the field or provides a list

806
 Managing the IPAM / VLAN Interac-
tion

of the matching VLAN IDs (partially or entirely). The VLAN will be displayed as follows:
<VLAN_ID> (<VLAN_name> - <range_name>). Where <range_name> can be replaced
by #, if there is no range.

6. Click on OK to commit your changes/configuration. The report opens and closes. The VLAN
configuration is visible on the subnet properties page Default Behaviors properties panel.

To create and link a VLAN to a subnet

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 or IP6 depending on your needs.
4. Add or edit a subnet. For more details refer to the Managing IP Subnets chapter. The corres-
ponding wizard opens.
5. On the last page of the wizard, in the IPAM / VLAN interaction section, set the behaviors to
link your subnet to a VLAN:

a. In the VLAN domain drop-down list, select the VLAN domain of your choice.
b. In the VLAN range drop-down list, select a VLAN range; none if there is no range in the
domain; or all if you don't want to pick a range.
c. In the Create a VLAN section, tick the checkbox. The VLAN name field appears.
d. In the VLAN ID field, type in the ID of the VLAN you want to create or type in the first
digit of the ID: the field auto-completes and provides you with the list of all the available
IDs in the domain or range you selected. The VLAN ID will be displayed as follows:
<VLAN_ID> (<range_name>). Where <range_name> can be replaced by #, if the VLAN
is not managed through a range.
e. In the VLAN name field, you can name the VLAN.

6. Click on OK to commit your changes/configuration. The report opens and closes. The VLAN
configuration is visible on the subnet properties page Default Behaviors properties panel.

Once the association is set, you can display it in the All subnets page in IPv4 and IPv6 using the
Listing template wizard: the columns VLAN Domain, VLAN Range, VLAN name and VLAN ID
can be displayed in any listing template. For more details, refer to the Customizing the List Layout
section of this guide.

807
Part XII. Rights Management
Table of Contents
76. Introduction ............................................................................................................. 810
77. Managing Groups .................................................................................................... 811
Browsing Groups of Users ..................................................................................... 811
Browsing the Groups Database ...................................................................... 811
Customizing the Groups Display ..................................................................... 812
Adding Groups of Users ......................................................................................... 812
Editing Groups of Users ......................................................................................... 813
Managing the Resources of a Group of Users ......................................................... 813
Understanding Resources .............................................................................. 813
Assigning Resources to a Group .................................................................... 817
Removing Resources from a Group ................................................................ 819
Managing the Permissions of a Group of Users ....................................................... 819
Configuring the Groups Permissions ............................................................... 821
Editing a Group of Users Permissions ............................................................. 821
Managing the Users of a Group of Users ................................................................ 822
Adding a User to a Group .............................................................................. 822
Removing a User from a Group ...................................................................... 822
Disabling or Enabling Groups of Users .................................................................... 823
Deleting Groups of Users ....................................................................................... 824
Importing Groups of Users from a CSV File ............................................................ 824
78. Managing Users ...................................................................................................... 825
Browsing Users ..................................................................................................... 825
Browsing the Users Database ........................................................................ 825
Customizing the Groups Display ..................................................................... 826
Adding Users ........................................................................................................ 826
Editing Users ........................................................................................................ 827
Editing the User Details ................................................................................. 827
Editing the User Group .................................................................................. 828
Changing the User Password ......................................................................... 828
Configuring User Sessions ..................................................................................... 829
Configuring Users Login Session Time ........................................................... 829
Redirecting Users After They Log Out or Their Session Expires ........................ 829
Disabling or Enabling User ..................................................................................... 830
Deleting Users ...................................................................................................... 830
Importing Local Users from a CSV File ................................................................... 831
79. Managing Authentication Rules ................................................................................. 832
Browsing Authentication Rules ............................................................................... 832
Browsing the Authentication Rules Database .................................................. 833
Adding Authentication Rules .................................................................................. 833
Relying on Active Directory Authentication ...................................................... 833
Relying on LDAP Authentication ..................................................................... 836
Relying on Radius Authentication ................................................................... 837
Editing an Authentication Rule ................................................................................ 839
Enabling or Disabling an Authentication Rule .......................................................... 839
Deleting an Authentication Rule ............................................................................. 840

809
Chapter 76. Introduction
Managing users rights and their authentication process is an essential part of network management
as it enhances security. Within SOLIDserver, three pages are dedicated to rights management,
all of which are accessible through the Administration modules homepage Users, Groups &
Rights button.

Figure 76.1. The Users, Groups & Rights button is dedicated to Right Management

Groups
This page lists all the groups of users created and allows to manage each group resources.
Among these resources are listed the users. At groups level you can manage the users access
and rights over modules, pages and objects.
Users
This page lists and details the users that can access SOLIDserver. Once created, you can
set them as resource of a group to manage their access rights and restrictions.
Authentication rules
This page allows to add rules related to users specific authentication: AD, Radius and LDAP.
Adding these rules will allow SOLIDserver to retrieve user credentials stored in the corres-
ponding remote directory and provide secure remote authentications.

810
Chapter 77. Managing Groups
The groups of users define users profiles. Once a set of rights are granted to a group, the users
belonging to that group will be able to perform tasks on the resources of the group (subnets,
address blocks, DNS zones, DNS servers...) and nothing else. In other words, the group of users
delegate administrative rights to users. Typically, you would create a group, add resources to
the group and grant it a set of services, also called rights or permissions. These steps would
create a profile that will apply to the users you manage through the group.

The number of groups is unlimited. You can therefore create as many groups as user profiles as
you want. For more details regarding users addition, refer to the Users chapter.

From the Groups page you can have full control over the groups of users (users, resources and
rights) except to the admin group as it has access to everything by default and cannot be edited.

The groups can manage remote users which authentication is based Radius, Microsoft Active
Directory or LDAP directory. For more details regarding users secure authentication, refer to the
Authentication rules chapter.

Browsing Groups of Users

As far as the right management is concerned, the groups of users constitute the highest level
and most important element of the rights delegation management.

Here below, you can see the link to browse the groups database:

Figure 77.1. User, Groups & Rights : Groups

By default, the admin group is listed on the page. It manages ipmadmin, also called a superuser
or super-admin as it has all the rights over all the resource available to management in SOLID-
server.

Browsing the Groups Database

To display the list of groups

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.

To display the resources of specific groups

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page opens.

811
 Managing Groups

To display a group properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The group properties page
opens.

Customizing the Groups Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or edit
the order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Adding Groups of Users

You can add as many groups as you need. For each group you will then define users, resources
and rights.

We strongly suggest that you configure your group of users profiles before enabling the remote
authentication rules. Once the authentication rules are enabled, the corresponding users can log
in SOLIDserver. This goes especially for AD authentication: once the rule is enabled, any AD
user can log in the appliance. If you created a group of users named after the AD group the users
belong to, SOLIDserver will automatically create a user in the GUI and put it in the corresponding
group of users. For more details, refer the Authentication Rules chapter of this guide.

To add a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. In the menu, select Add > Group. The Add a group wizard opens.
5. If you or your administrator created classes, the Group class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Name field, name the group. If you want users to be authenticated via AD, do not
hesitate to name it after an existing AD group.
7. In the Description field, you can type in a description of the group that will be displayed in
the corresponding column.
8. In the Copy rights from group drop-down list, you can select any other group, except admin.
The rights of the selected group will be granted to the group you are creating.
9. Click on NEXT . The last page of the wizard opens.
10. In the Parent group list, select the parent group of your choice or None. The selected parent
group will be able to add users to the group you are creating.
11. Click on OK to commit your creation. The reports opens and closes. The group is listed.

812
 Managing Groups

Note
The Copy rights from group option can be used as a template of standard rights and
permissions for regular end users that you can simply use when creating a group
and then adapt to each new group (adding or removing rights).

Editing Groups of Users

Editing a group means editing the group main properties as well as the group access and restric-
tions. For more details regarding user rights, see the section Managing the Permissions of a
Group of Users below.

To edit a group main properties

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group you want to edit, click on . The properties page opens.
5. In the Main properties panel, click on EDIT . The Edit a group wizard opens.
6. If you or your administrator created classes, the Group class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
7. Edit the fields according to your needs. For more details, refer to the procedure in the Adding
Groups of Users section above.
8. Click on OK to commit your changes. The report opens and closes. The properties page is
visible again and includes the changes in the panel.

Managing the Resources of a Group of Users

In SOLIDserver, the resources represent various objects used in the DNS, DHCP, IPAM and
NetChange modules on which delegation right can be applied. Assigning a resource to a group
allows to display in read-only mode the objects set as resource for the users of a group.

Following each module internal hierarchy, once an object is set as a resource the whole path in
the internal hierarchy of the module is available for display. For instance, if you set an IPv4 block
as resource for a group, once a user of that group connects to SOLIDserver the space containing
the block will be listed, clicking on the space name will display the block set as resource and only
that one no matter how many blocks the space contains. Going down in the hierarchy, the user
will be able to display all the subnets of the block as well as all the pools and all the addresses
it contains. From that point on, and to continue with the example above, the group can be given
a set of rights on IPv4 blocks that will allow its users to edit, delete or add new blocks. The users
will be able to add edit or delete the block they have in their list of resources as well as the ones
they added but not any other block. Hence the importance of checking in detail the resources of
a group and the rights they are granted.

Understanding Resources
As explained above, setting an object as resource will grant access to its container and the objects
it contains in read-only. This provides a clear overview of the object within the network.

813
 Managing Groups

Here below you will find for each object set as group resource the resources that come with it,
following the internal hierarchy of each module. Keep in mind that the complete path toward
the object is also available in read-only: if you set a subnet as resource, you will see its con-
taining block and containing space as well. However, if the space contains ten block you will only
see the block that contains the subnet.

IPAM Resources

The resources of the IPAM module can be applied to a group in order to design a delegation right
according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a block among its resource, its
users will be able to display the objects it contains: subnets, pools, addresses.

For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.

Table 77.1. Resources of the IPAM Module

Resource Provides access to
Space Block
Subnet
Pools
Address
Block (v6)
Subnet (v6)
Pool (v6)
Address (v6)
Block Subnet
Pool
Address
Block (v6) Subnet (v6)
Pool (v6)
Address (v6)
Subnet Pool
Address
Subnet (v6) Pool (v6)
Address (v6)
Pool Address
Pool (v6) Address (v6)

DNS Resources

The resources of the DNS module can be applied to a group in order to design a delegation of
right according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a zone among its resources, it
gives its users access the objects it contains: resource records.

814
 Managing Groups

For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.

Table 77.2. Resources of the DNS Module

Resource Provides access to
Server Option (all) including forwarding, allow transfer, allow query, also notify,
...
View
Zone
Resource record
Key
Access control List
RPZ rules
View Option (all) including forwarding, allow transfer, allow query, also notify,
...
Zone
Resource record
Access control List
RPZ rules
Zone Zone options
Access Control List
Resource record
RPZ rules

DHCP Resources

The resources of the DHCP module can be applied to a group in order to design a delegation of
right according to an organizational scheme. The hierarchy of the resource allows to simplify the
configuration of the delegation. For instance, if a group contains a block among its resources, it
gives its users access the objects it contains: subnets, pools, addresses.

For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.

Table 77.3. Resources of the DHCP Module

Resource Provides access to
Server Scope
Range
Static
Group
Failover channel
Option configuration
Option definition

815
 Managing Groups

Resource Provides access to

ACL
Server (v6) Scope (v6)
Range (v6)
Static (v6)
Group (v6)
Failover channel (v6)
Option configuration (v6)
Option definition (v6)
Scope Range
Static included in the scope
Option configuration
Scope (v6) Range (v6)
Static included in the scope (v6)
Option configuration (v6)

NetChange Resources

The resources of the NetChange module can be applied to a group in order to design a delegation
of right according to an organizational scheme. The hierarchy of the resource allows to simplify
the configuration of the delegation. For instance, if a group contains a network device among its
resources, it gives its users access the objects it contains: ports, VLANs and discovered items.

For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.

Table 77.4. Resources of the NetChange module

Resource Provides access to
Network device Ports
VLANs
Discovered items

VLAN Manager Resources

The resources of the VLAN Manager module can be applied to a group in order to design a del-
egation of rights according to an organizational scheme. The hierarchy of the resource allows to
simplify the configuration of the delegation. For instance, if a group contains a domain among its
resources, it gives its users access the objects it contains: ranges and VLANs.

For each resource, the users of the group also have access to the properties page. In the Group
access panel, you will find a list of all the groups that have the object listed as a resource followed
by the permissions of the group over the resource.

Table 77.5. Resources of VLAN Manager

Resource Provides access to
VLAN domain VLAN ranges

816
 Managing Groups

Resource Provides access to

VLANs
VLAN range VLANs

Administration Resources

In the Administration module, Class Studio classes can be set as resources for the users of the
admin group. Once assigned, the classes objects will be available for display to the users of the
group.

Table 77.6. Resources of Class Studio

Resource Provides access to
Class Class objects (Class Editor)

Assigning Resources to a Group

Any of the objects listed in the tables above can be used as a resource and assigned to a group.
All the objects, except the classes, will follow the addition procedures below.

Once an object is set as a resource, keep in mind that its properties page Groups access panel
will display all the other groups that list it among their resources. In the same way, each group
Resources list will list the users and resources of the group.

Keep in mind that even through objects and classes are listed among the resources of a group,
if the corresponding management rights (or permissions) are not granted to the group, its users
will be able to see them at most and not be able to edit, delete them or even add similar objects.
For more details, refer to the Configuring the Groups Permissions section of this guide.

Assigning Objects as Resource

You can assign objects as resource of a group from the Administration tab Resources page, the
All <object> listing page or the properties page of an object.

To add resources to a group from the group resources list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
1
4. Click on the name of the group of your choice . The Resources page opens.
5. In the menu, select Add > Resources > resource of your choice. The object wizard opens.
6. Tick the resources you want to attribute to the group and click on ADD . A confirmation pop-
up window opens.
7. Click on OK to commit the resource(s) addition. The selected resources are no longer listed
in the wizard.
8. Click on CLOSE to get back to the Resources page. The selected resources are listed on the
page.

1
Any group EXCEPT the admin group as, by default, it has authority over all the resources of SOLIDserver database.

817
 Managing Groups

To add resources to a group from a listing page

1. From the listing page of your choice, tick the object(s) you want to set as a resource to a
group.
2. In the menu, select Edit > Rights > Add as group(s) resource(s).The Resources Management
wizard opens.
3. In the Available group(s) list, select a group and click on to add the selected resources
to its Resource list. The group is moved to the Add to the resources of the group(s) list.
Repeat these actions for as many groups as needed.
4. In the Add to the resources of the group(s) list, the groups that have the selected objects
are resource are listed. You can remove one (or several) group from that list if you do not
want it to have the selected objects as a resource anymore: select the group and click on
. The group is listed back in the Available group(s) list.
5. Click on OK to commit your resource addition. The report opens and closes. The listing page
refreshes.

To add resources to a group from a resources properties page

1. From the listing page of your choice, display the object of your choice properties page using
.
2. In the Group access panel, you can see all the groups that have the object among their re-
sources and the actions what actions they can perform over it. Click on EDIT to add a group
to the list. The Groups wizard opens.
3. In the Available group(s) field, select a group and click on to move it to the Selected
group(s) list. Repeat this action for as many groups as needed. All the existing groups of
users are listed except admin as all the objects of the database are a resource of the group
by default.
4. In the Selected group(s) field are listed the groups that have the object as a resource.
5. Click on OK to commit the resource(s) addition. The repoty opens and closes. The page re-
freshes and the panel is updated. If you add a group that was already listed, the panel content
stays the same.

Assigning Classes as Resource

Contrary to other objects, the classes can only be added from the group Resources page.

To add classes to a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page appears.
5. In the menu, select Add > Resources > Classes. The wizard opens.
6. Select the class(es) to apply to this group and click on ADD . A pop-up window opens.
7. Click on OK to commit the class(es) addition. The selected classes are no longer listed in
the wizard.

818
 Managing Groups

8. Click on CLOSE to get back to the Resources page. The selected classes are listed on the
page.

Removing Resources from a Group

At any time you can remove objects from a group list of resources. This will prevent the users of
the group from accessing them unless a container or lower object of the same hierarchy is listed
among the resources.

For instance, if your Local space contains a local-subnet, and you decide that you no longer want
your users to have the Local space as resource, removing it from the list will not prevent users
from accessing it in read-only as the local-subnet is still listed. Therefore the complete path from
the space level to the subnet level will obviously include Local, local-block, local-subnet and
everything it contains.

To remove a resource from a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group for which you want to remove resources. The Resources
page opens.
5. Tick the box of the resource(s) you want to delete.
6. In the menu, select Edit > Delete. The Delete resources wizard opens.
7. Click on OK to commit the resource(s) deletion. The report opens and closes. The selected
resources are no longer listed.

Managing the Permissions of a Group of Users

Except for the admin group, the permissions, or rights, are applicable to all the groups and are
classified per module. By default, the admin group has full administration rights so you cannot
edit any panel.

On the group properties page of every group you will find the following panels:

Table 77.7. Group Properties Page Available Panels

Panel name Description
Main properties This panel contains the group settings that you configured upon creation.
Report This panel contains a list of all the reports that can be generated in the
GUI. Once moved to the Authorized services list in the wizard, you allow
users of the group to generate the selected reports.
Rights & delegation This panel contains all the rights & delegation related rights. To ease
up their management, they are precede by a specific page name; if not;
the permission granted applies to any page of SOLIDserver.
DHCP This panel contains all the DHCP related permissions that you can grant
end users.
DNS This panel contains all the DNS related permissions that you can grant
end users.

819
 Managing Groups

Panel name Description

VLAN Manager This panel contains all the VLAN Manager related permissions that you
can grant end users.
Workflow This panel contains all the Workflow related permissions that you can
grant end users.
Device Manager This panel contains all the Device Manager related permissions that you
can grant end users.
IPAM This panel contains all the IPAM related permissions that you can grant
end users.
NetChange This panel contains all the NetChange related permissions that you can
grant end users.
RIPE This panel contains all the RIPE related permissions that you can grant
end users.
Administration This panel contains all the permissions that can be granted on the Ad-
ministration module pages. To ease up the management, each service
is preceded by the name of the page it applies.
VRF This panel contains all the VRF related permissions that you can grant
end users.

In each panel you will an EDIT button that will allow you to set the permission one module at a
time. All the services (also called rights or permissions) listed that you can delegate to groups of
users as follows: <action-granted>: <object-concerned>. You will therefore find a set of verbs
corresponding to the action in the menu or wizard preceding the object it applies to.

Table 77.8. Groups Properties Page Most Used Permissions

Verb Description
Display This service allows the users of the group to display the complete list of
objects.
Add This service allows the users of the group to add an object.
Edit This service allows the users of the group to edit an object.
Delete This service allows the users of the group to delete an object.
List This service allows administrators to delegate other administrators rights
over group of users: rights of groups to add or edit specific objects,
groups that can access specific levels of hierarchy, etc.

Among the permissions you will also find other actions as: Remove, Copy, Copy/Move, Convert,
Split, Migrate, Find, Perform, etc. As well as a set of very specific actions, notably for HSM or
RIPE dedicated operations.

In the Rights & delegation and Administration panels, the verb is preceded by the module or page
concerned as both panels gather rights from everywhere in the appliance.

Permission Particularities
Within the admin group:
• Only ipmadmin has all the existing permissions and rights granted by default. It is the only
superuser.
• Other users from the group cannot perform all the advanced administrating tasks even if
they are granted all the rights and permissions.

820
 Managing Groups

Specific access details:

• All the users have access to User tracking where they can display in a list all the operations
they performed in every module they have access to. Granting the User tracking related
right in the Administration panel actually allows the users of a particular group display the
operations performed by all SOLIDserver users.

Configuring the Groups Permissions

From a group properties you can set the permissions that will shape the users of the group profile.
By default upon creation, a group of users will have all read permissions. The other rights, to
add, edit, delete... objects must be granted specifically in each module panel of the properties
page.

Keep in mind that if you set rights but do not assign actual resources to the group, its users will
not be able to benefit from their rights. For instance, if you grant a group the right to edit subnets
but did not assign them any subnets, they will have access to the All subnets page and Edit menu
but will not see any subnet listed. Hence the need to grant right AND assign resource. For more
details regarding resources assignation, refer to the Assigning Resources to a Group section
above.

To grant permissions to a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The properties page opens.
5. In the panel of your choice, click on EDIT . The Edit group access wizard opens.

Note
When resources are assigned to a group, users of this group have, by default,
read-only access to the resources. Access control is only carried out on the "Add
" or "Delete" rights (read-only access was preserved on certain, specific rights,
such as those relating to the admin group).

6. In the Unauthorized services list are displayed the services that are not granted to the group.
Select one by one the services you want to grant and click on . The service is moved to
the Authorized services list.
7. In the Authorized services list are displayed the services that the group has access to. Select
one by one the services you want to deny to a group and click on . The service is moved
to the Unauthorized services list.
8. Once all the services you wanted to grant are listed in the Authorized services, click on OK .
This will commit your configuration. The report opens and closes. The page refreshes. In
the panel, the Permissions list displays the services granted.

Editing a Group of Users Permissions

At any time, you can grant more access or deny access to a group. You simply need to display
the group properties page and edit the panel of you choice.

821
 Managing Groups

Just like for the configuration, make sure that the services you add or remove correspond to a
resource in the group Resource list, otherwise granting the service might be useless.

To modify a group administrative rights

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. At the end of the line of the group of your choice, click on . The properties page opens.
5. Open the panel you want to edit.
6. Click on EDIT . The Edit group access wizard opens.
7. Edit the rights to fit your needs.
8. Click on OK to commit your changes. The report opens and closes. The Permissions list
displays the module granted services.

Managing the Users of a Group of Users

The purpose of a group is to define a set of rights and resources for the users it contains. So
once you configured the group, you will add the existing users that fit the group profile.

Adding a User to a Group

Once you created a user, you can add it to any group. It can also belong to several groups with
different resources and rights. The user credentials will be the same but their access will corres-
pond to the group they belong to.

For more details regarding user creation, refer to the Users chapter of this guide.

To add a user to a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page of that group opens.
5. In the menu, select Add > Users. The Rights & delegation: Users wizard opens.
6. Tick the user(s) you want to add to the group and click on ADD . A pop-up window opens.
7. Click on OK to confirm the addition. The user is no longer listed in the wizard.
8. Click on CLOSE . The wizard closes and the page refreshes. The user is listed among the re-
sources of the group.

Removing a User from a Group

To restrict user permissions, you can remove them from a group. If they do not belong to a group,
their credentials will open SOLIDserver GUI but they will not be able to display or edit any module
or resource.

822
 Managing Groups

To remove a user from a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Click on the name of the group of your choice. The Resources page of that group opens.
5. Filter the list if need be.
6. Tick the user(s) you want to remove from the group.
7. In the menu, select Edit > Delete. The Delete wizard opens.
8. Click on OK to commit the resource deletion. The report opens and closes. The user(s) is
no longer listed in the resources so can no longer benefit from the group permissions. The
user is still listed on the Users page.

Disabling or Enabling Groups of Users

By default when you add groups, they are enabled. To ease up the groups management, you
can enable or disable groups of users.

Note
If you disable a group, the users its contain will still be able to connect to SOLIDserver
but will not have access to any module or resource.

To disable a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to disable.
5. In the menu, select Edit > Status > Disable. The Disable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The group(s) is marked
Disabled in the Status column.

To enable a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to disable.
5. In the menu, select Edit > Status > Enable. The Enable wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The group(s) is marked
OK in the Status column.

823
 Managing Groups

Deleting Groups of Users

At any time you can delete a group.

Note
If you delete a group, the users its contain will still be able to connect to SOLIDserver
but will not have access to any module or resource.

To delete a group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Groups. The Groups page opens.
4. Tick the group(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The group is no longer
listed.

Importing Groups of Users from a CSV File

The Groups page is one of the few pages of the Administration module where you can import
data. From a CSV file, you can import a list of groups and then organize their rights and resources.
For more details, refer to the chapter Importing Data in the Global Policies part of this guide.

824
Chapter 78. Managing Users
The notion of a user allows the definition of administrator accounts vs. standard user accounts.
This allows you to set up different profiles and levels of management.

If you want to manage RIPE persons, refer to the appendix SPX at the end of this guide.

By default, users authentication will be performed using the local database. If you want to use
local authentication only, you must configure a group and add local user accounts in it. If you
plan on authenticating users remotely using LDAP, Active Directory and RADIUS directory in
addition to local authentication, then you must configure those services on SOLIDserver. A local
user and a remote user cannot share the same login account. It means that if a user is already
declared in the local database, an external authentication will never be performed for him.
SOLIDserver comes with an authentication subsystem that manages authentications to securely
log in to its WEB user interface. For more details, refer to the Authentication Rules chapter of
this guide.

Warning
If you are using remote authentication, you must always have at least one local admin
user in a local group to ensure connectivity to SOLIDserver in case of the remote
directory becoming unreachable.

By default, SOLIDserver authenticates users against its local database. Therefore, if you want
to use local authentication, you must configure a group and manually add this local user
into the group. Once added to a group, a user is considered as a resource of the group, for
more details refer to the Managing the Users of a Group of Users in the Groups chapter.

As for the authentication of remote users via LDAP, Radius or AD, refer to the Authentication
Rules chapter of this guide.

Browsing Users
As far as the right management is concerned, the users constitute, along with the objects, the
second level of the rights delegation management. Users are merely created and configured to
be managed by one or several groups that will set their profile and permissions.

Here below, you can see the link to browse the users database:

Figure 78.1. User, Groups & Rights : Users

By default, the ipmadmin super user is listed on the page. It belong to the admin group and has
all the rights over all the resource available to management in SOLIDserver.

Browsing the Users Database

To display the list of users

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

825
 Managing Users

2. Click on the Users, Groups & Rights icon. The Users list opens.

To display a user properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. At the end of the line of the user of your choice, click on . The user properties page opens.

Customizing the Groups Display

SOLIDserver enables you to modify the columns display in the list. You can add, remove or edit
the order of columns. For more details, see the Customizing the List Layout section of the Under-
standing the SOLIDserver User Interface part of this documentation.

Adding Users
In the section, we describe the addition of local users, that is to say users to the Users page, or
local SOLIDserver database.

You can add as many users as you want. Their profile depend on the group(s) they belong to.
Keep in mind that the user permissions are closely liked to the resources available in the group.
If a group has edition rights over a scope but no scope assigned as a resource, this permission
is useless.

To add a local user

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > User. The Add a user wizard opens.
4. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
5. You can either only configure credentials for a user (step 6) or configure completely a user
1
(step 7) .
6. Configure the new user credential following the steps below.

a. In the Login field, type in the user login. This login cannot be an email address.
b. In the Password field, type in the user password.
c. In the Confirm password field, type in the user password again.

7. Configure the new user credential and details following the steps below.

a. Tick the Expert mode box.

b. In the First name field, type in the user first name.
c. In the Last name field, type in the user last name.

1
If the user is of Unix type and the password is not printable, the system password is used.

826
 Managing Users

d. In the Pseudonym field, the user last and first name are automatically displayed. You
can replace them by a shortname or shorter name if you want.
e. In the Login field, type in the user login.
f. In the Password field, type in the user password.
g. In the Confirm password field, type in the user password again.
h. In the Email field, type in the user email address.
i. In the Login URL field, type in the URL to which the user will be directed after being
authenticated.
j. In the Maintainer group drop-down list, select the group of users that will be able to edit
the user information (names, credentials, email...) and classes.

8. Click on OK to commit the creation. The report opens and closes. The user is listed among
the users with its Login, Official name and Origin in the corresponding columns.

Connected users can edit their session time and date or listing page display, interface language
or password. For more details, refer to the section Connected User Account Configuration of this
guide.

Editing Users
At any time an administrator can edit a user details, group or password.

Note
If users do not belong to any group, they can connect to SOLIDserver will not see
the modules or be able to perform any action as no permissions are granted to indi-
vidual users.

Editing the User Details

Editing the user details means modifying the user Main properties panel. Keep in mind that in
the procedure below, the changes are performed from the properties panels EDIT button, but
you can also make these changes from the Edit menu.

To edit a local user information

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the Login column, click on the user name. The user properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The Edit a user page opens.
6. Edit the user information according to your needs. For more details, refer to the procedure
To add a local user.

827
 Managing Users

Note
If you type in a different password than the original one, you will overwrite the
user former password. Said user could be logged out after your changes or not
be able to log in anymore.

7. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again and includes the changes in the panel.

Editing the User Group

Editing the user details means modifying the user Groups access panel. Keep in mind that in the
procedure below, the changes are performed from the properties panels EDIT button, but you
can also make these changes from the Edit menu.

To edit a local user group

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the Login column, click on the user name. The user properties page opens.
4. In the Groups access panel, click on EDIT . The Groups wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Available group(s) list, you can select a group and click on . The group is moved to
the Selected group(s).
7. In the Selected group(s) list are displayed the group(s) the user belongs to. In other words,
the user profiles. You can remove a group from the list clicking on , the group is moved to
the Available group(s) list.
8. Click on OK to commit your modifications. The report opens and closes. The properties page
is visible again and includes the changes in the panel.

Changing the User Password

An administrator can change a user password from its properties page.

To change a user password

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. In the Login column, click on the user name. The properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. If you or your administrator created classes, the User class list is visible. Select a class or
None and click on NEXT . The next page of the wizard opens.
6. In the Password field, type in the new password.
7. In the Confirm password field, type the password again.

828
 Managing Users

8. Click on OK to validate modifications. The report opens and closes. The properties page is
visible again.

Configuring User Sessions

SOLIDserver provides the possibility to set an automated session logout of any user if they do
not do anything on the server after a certain period of time. Since version 5.0.3, you can even
redirect users after their session expires or when they log out.

Configuring Users Login Session Time

By default, the session is set to 0, in other word the user session does not end unless you click
on the logout icon. You cannot set the login session to less than 1 minute.

To set up a time limit on the login session

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in session.
4. Click on SEARCH . The www.login.session_timeout key is listed.
5. In the Value column, you can see the session time in seconds. By default, it is set to 0.
6. Click on the value of the key. The Registry database Edit a value wizard opens.
7. In the Value field, replace the current value with the value of your choice. This value can be
0 or anything above 60.
8. Click on OK to commit your change. The report opens and closes. The new value is visible
in the list and now the user is automatically logged out if no actions are performed above
the number of seconds you just set.

Redirecting Users After They Log Out or Their Session Expires

By default, once a user session expires of they log out, SOLIDserver login page appears and
they can reconnect. Now you have the possibility to redirect them toward the website of your
choice using its URL as value of the dedicated registry database entry. By Default, this key it
<empty>.

To set up a time limit on the login session

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in logout.
4. Click on SEARCH . The logout.session.redirect.url key is listed.
5. In the Value column, click on the value of the key. The Registry database Edit a value wizard
opens.

829
 Managing Users

6. In the Value field, time in the URL of your choice following the format http://<website-of-your-
choice>.
7. Click on OK to commit your change. The report opens and closes. The new value is visible
in the list and now all users are automatically redirected to the website specified as value
once they log out.

Disabling or Enabling User

By default when you add users, they are enabled. Disabling users prevents them from connecting
to SOLIDserver. It also allows not to delete a local user entirely as you can enable them again
at any time.

To disable a user

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. Tick the user(s) you intend to disable.
4. In the menu, select Edit > Status > Disable. The Disable wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The user(s) is marked
Disabled in the Status column.

To enable a user

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users icon. The User list opens.
3. Tick the user(s) you intend to disable.
4. In the menu, select Edit > Status > Enable. The Enable wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The user(s) is marked OK
in the Status column.

Deleting Users
Deleting local users prevents them from connecting to SOLIDserver. As for users connecting
remotely, AD users for instance, deleting users will not prevent them from connecting to the ap-
pliance, once the rule is enabled, users are created locally upon connection and placed in an
existing group of users if it name matches th name of the group they belong to in the Active Dir-
ectory.

To delete a local user

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.

830
 Managing Users

5. Click on OK to commit the user deletion. The report opens and closes. The user(s) is no
longer listed.

Importing Local Users from a CSV File

The Users page is one of the few pages of the Administration module where you can import data.
If you decide to use internal user accounts, you can create them manually or import them from
a CSV file. This file must include each user login. For more details, refer to the chapter Importing
Data in the Global Policies part of this guide.

831
Chapter 79. Managing Authentication
Rules
The authentication rules page is dedicated to adding and managing users authentication rules.
Once added, these rules provide secure remote authentication of users. In reality, these rules
will also be created on the Rules page of the Administration page.

SOLIDserver comes with a subsystem that manages remote authentications to securely log in
to the GUI. The appliance supports three methods of remote authentication:

• Remote users based on LDAP directory.

• Remote users based on Microsoft Active Directory.
• Remote users based on RADIUS server.

Once you added the rules that suit your needs, the remote authentication is enabled: SOLIDserver
can retrieve user credentials stored on Microsoft Active Directory, LDAP and Radius. You can
use any combination of these authentication methods to manage users connections. If the sev-
eral remote authentications are configured, SOLIDserver will challenge all remote authentications
when a user connects with a login and a password: the first authentication rule will be used to
authenticate the user. If the authentication fails, SOLIDserver tries the next authentication rule.
Each configured authentication rule is tried and used, whether it relies on AD, LDAP or Radius,
until it is successful or all rules fail. If all rules fail, then SOLIDserver denies access to the GUI.

If the authentication succeeds, SOLIDserver defines the rights of the users based on the group
the user belongs to in the remote directory. It tries to match the local appliance database group
names to any groups received from the remote directory. If matching group names are found,
SOLIDserver applies the privileges of all matching group to the user and allows their rights. If no
default group matches, SOLIDserver denies the connection.

You can add remote authentication rules, delete, disable or enable them again. The Authentication
rules only displays the Active Directory, LDAP and Radius dedicated authentication rules once
added. These rules are actually added to the Rules page that gathers all SOLIDserver rules.
After adding the rules you will be able to edit their configuration from the Authentication rules
page, however to disable/enable the authentication rules or delete them you will need to go the
Rules page.

Browsing Authentication Rules

As far as rights management is concerned, the authentication are optional and to be used only
if you intend to allow authentication of remote users through AD, LDAP or Radius.

Here below, you can see the link to browse the authentication rules database:

Figure 79.1. User, Groups & Rights : Authentication rules

By default, the list is empty.

832
 Managing Authentication Rules

Browsing the Authentication Rules Database

To display the list of rules

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.

To display a user properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. At the end of the line of the rule of your choice, click on . The rule properties page opens.

Adding Authentication Rules

From the Authentication rules page you can add three rules dedicated to remote users authentic-
ation whether your authentication relies on Active Directory, LDAP or Radius. As we saw in the
introduction, if your users credentials are saved on several or all of these remote servers, you
can add several or all rules as SOLIDserver will compare the user credentials to any identified
remote server configure when adding the rules to provide the secure authentication of the user
or deny it if the user is not found anywhere.

Keep in mind that thanks to this systematic check of all the remote authentication possible con-
figurations, you can add as many rules as you want. They will be all checked against the user
credentials. This will allow you to set different configuration for LDAP, RADIUS or AD authentic-
ation of the remote users.

Relying on Active Directory Authentication

From the Authentication rules page, you can add the AD authentication rule that configure the
users authentication through a Microsoft Active Directory server. Active Directory (AD) is a
technology created by Microsoft that provides a variety of network services, including LDAP like
directory services and other network information. SOLIDserver supports remote authentication
with any AD running on Microsoft Window Server 2000, 2003 and 2008.

In order to use the AD authentication successfully the following prerequisites must met:

1. At least one group exists both on the AD server and in SOLIDserver database. They must
have exactly the same name and this name is case sensitive: so the name of the group in
SOLIDserver must respect the AD group name.
2. The user you will use for testing the authentication has to be part of the group mentioned
above.

To add the AD users authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

833
 Managing Authentication Rules

2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:

Table 79.1. Authentication Rule Fields

Fields Content
Module In this drop-down list Rights & delegation is displayed.
Event In this drop-down list External user login is displayed.

5. In the Rule drop-down list, select (000) AD authentication.

6. In the Rule name field, name the rule.
7. In the Comment field, you can add a comment regarding that rule.
8. Click on NEXT . The Rule filters page opens.
9. Click on NEXT . The Rule parameters page opens. To configure basic authentication, refer
to the step 10. If you want to configure the authentication is more details, refer to step 11.
10. Configure the basic AD authentication parameters following the table below:

Table 79.2. Active Directory Basic Parameters

Fields Description
AD server IP address The IP address of the Active Directory server.
Domain of DC The domain of the Domain Controller. Fully Qualified Domain Name
(FQDN) of your AD, for instance mydomain.corp
Default user domain The default domain of the user who connects through AD. This do-
main will be concatenated to the user name. For instance, the user
login jdoe will be concatenated with mydomain.corp to produce
jdoe@mydomain.corp. If you let this field empty, you have to connect
with jdoe@mydomain.corp. If you configure mydomain.corp in this
field then you only have to connect with jdoe.

11. Configure the advanced AD authentication parameters following the steps below:

a. Configure the basic parameters following the table above.

b. Tick the Expert mode box. The remaining configuration fields appears.
c. Finish the configuration following the table below.

Table 79.3. Active Directory Expert Mode parameters

Fields Description
Deny if not in a group Select Yes or No. Select Yes if you only want members of an AD
group to be able to connect to SOLIDserver. By default, No is
selected. This field is optional.
Manage imbricated Tick this box if to allow SOLIDserver to look for members in sub-
groups groups of the specified top group on the AD server during the
authentication challenge.

834
 Managing Authentication Rules

Fields Description
Use secure LDAP Tick this box to use secure LDAP during the authentication chal-
lenge. SOLIDserver will use LDAP and SSL to connect to the AD
server.

12. Click on NEXT . The last page of the wizard opens.

13. In the Synchronize drop-down list, you can choose to synchronize or not SOLIDserver
database with the AD database: this will automatically put users in the local group of user
that matches the AD group name they belong to. This will grant them the permissions of said
local group.

If you select Yes, the Expert mode box appears. You can tick it to configure specific syn-
chronization parameters. These parameters are described in the table below.

Table 79.4. Active Directory Parameters for the Groups Synchronization

Fields Description
AD group associated Type in this field the name of the AD group that the users logging in
with the group "admin" belong to. All the users of the specified group will be granted access
to SOLIDserver with the same permissions than the users of the
admin group.
Login In this field, specify an account that will be used to browse AD attrib-
utes. If your AD is configured in a very strict manner, standard users
might not be able to browse their own attributes. Filling this field en-
ables SOLIDserver to retrieve the groups the user belongs to using
the account specified. This fields is optional, as the AD user accounts
might have the sufficient privileges to browse their own attributes
and retrieve the groups it belongs to.
Password If you specified an account in the Login field above, type in this field
the account password. This fields is compulsory if you specified a
login.
Base DN In this field, type in the name of the top of the AD tree. The level
specified will be the starting point of the search for a matching user
account on the server. You can customize this field in order to look
in specific location(s) of the AD. This fields is optional.
Use sAMAccount- In this drop-down list, you can select Yes or No and decide to you
Name field as login or not the sAMAccountName field as user login. This parameter is
used for pre-AD installation (basically NTDS) and will accept 8-
characters long login names instead of regular longer names. This
fields is optional

14. Click on OK to commit your configuration. The report opens and closes. The rule is listed.
In the Instance column, the Rule name you chose is displayed.

Once the rule is added, AD users can connect to SOLIDserver. This connection automatically
creates the user and puts in the corresponding group if you chose to synchronize the groups.

If some users connections fail, here below are some useful guidelines to follow.

835
 Managing Authentication Rules

How to troubleshoot a remote AD authentication

1. Log out of the system then try to logging in again. It should work, if not:
2. Check the Syslog page and look for any AD related information. Most of the time, the
problem is coming from:

a. The AD connection is not possible: you will see messages telling you the ldap_bind
was not possible.
b. The AD user credentials are not recognized as a member of any group SOLIDserver
knows.

Relying on LDAP Authentication

From the Authentication rules page, you can add the LDAP authentication rule that configures
the users authentication through LDAP (version 2 or 3). Lightweight Directory Access Protocol
(LDAP) is an application protocol over TCP/IP for querying and modifying directory services that
might hold passwords, addresses, groups, public encryption keys and other exchange-facilitating
data.

To add the LDAP users authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:

Table 79.5. Authentication Rule Fields

Fields Content
Module In this drop-down list Rights & delegation is displayed.
Event In this drop-down list External user login is displayed.

5. From the Rule list, select (018) LDAP authentication.

6. In the Rule name field, name the rule.
7. In the Comment field, you can add a comment regarding that rule.
8. Click on NEXT . The Rule filters page opens.
9. Click on NEXT . The Rule parameters page opens.
10. Configure the rule parameters following the table below:

Table 79.6. LDAP Parameters

Fields Description
LDAP URL In the field, type in the URL of the LDAP server. This field is
compulsory.
Base DN In the field, type in the top level of the LDAP directory tree is the
base. This field is compulsory.

836
 Managing Authentication Rules

Fields Description
Group attribute In the field, type in the name of the attribute in LDAP that matches
one or several groups in SOLIDserver. The names must be
separated by a comma. This fields is optional.
LDAP admin group name In the field, type in the name of the LDAP administrating group.
This fields is optional.
Login In the field, type in the login of an account that has sufficient
privileges to retrieve user attributes during the authentication. If
your LDAP standard users cannot browse their attributes, they
will not be able to connect to SOLIDserver on their own. This
fields is optional.
Password In the field, type in the password of the account specified in the
Login field above. This fields is optional.
a
Use LDAP v3 Tick the box to use LDAP in version 3 . This fields is optional.
Use secure LDAP Tick this box to use secure LDAP during the authentication
challenge. SOLIDserver will use LDAP and SSL to connect to
the LDAP directory.
a
Not ticking this box means using LDAP in version 2.

11. Click on OK to commit the rule creation. The report opens and closes. The rule is now listed.
In the Instance column, the Rule name you chose is displayed.

Relying on Radius Authentication

From the Authentication rules page, you can add the RADIUS authentication rule that configure
the users authentication through RADIUS. Remote Authentication Dial In User Service (RADIUS)
is a networking protocol that uses access servers to provide centralized access management to
large networks. Nowadays, SOLIDserver improved further the use of the Radius protocol. When
a user connects to SOLIDserver but does not have an account yet in the database, SOLIDserver
will trigger all the external authentication rules that have been configured. The Radius rule will
authenticate the user on the Radius server that was specified in the parameters. All the information
regarding the user will be sent to SOLIDserver, i.e. the user login, password and all the parameters
needed to connect to Radius: the NAS-server, NAS_port, NAS_port_type, ...

Note that if the user is not granted access to Radius cannot access SOLIDserver either.

Once the server has accepted Radius users, it sends the name of the group of administrators
the user belongs to. Thanks to that piece of information SOLIDserver will allocate these users
the corresponding administrators rights. The group name sent by Radius has to be exactly the
same than the one configured in SOLIDserver, note that the case has to be identical and that
accents are taken into account as well. Radius return value can hold multiple values, i.e. several
groups, separated by a comma.

By default, Radius is not enabled on SOLIDserver, you have to add a rule to use it (see procedure
below). During the rule addition, a number configuration parameters will be required including a
number of IP addresses. They correspond to the appliances (or radius clients) that will connect
through the Radius server.

837
 Managing Authentication Rules

To add the RADIUS users authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. In the menu, select Add > Authentication rule. The Add a rule wizard opens. The authentic-
ation rule fields are already filled:

Table 79.7. Authentication Rule Fields

Fields Content
Module In this drop-down list Rights & delegation is displayed.
Event In this drop-down list External user login is displayed.

5. In the Rule list, select (017) RADIUS authentication.

6. In the Rule name field, name the rule.
7. In the Comment field, you can add a comment regarding that rule.
8. Click on NEXT . The Rule filters page opens.
9. Click on NEXT . The Rule Parameters page opens.
10. Configure the rule parameters following the table below:

Table 79.8. Radius Authentication Rule Parameters

Fields Description
RADIUS server IP address In this field, type in the IPv4 address of the host server.
In this field, type in the port number of the UDP port
used to contact the Radius server. If you type in the
port 0, the library will look up the radius/udp or the ra-
RADIUS server port
dacct/udp service in the network services database
and use the port found there. By default, the Radius
server port used for authentication is 1812.
In this field, type in your RADIUS password. This
RADIUS secret passphrase password is necessary to grant SOLIDserver access
to RADIUS.
In this field, set up the timeout parameters. In other
words, choose after how many seconds you want your
RADIUS request timeout (seconds) radius server to switch to timeout status if no reply is
received past this period of time. By default, the number
of seconds is 3.
In this field, set the maximum number of requests to
be sent before the server stops trying to connect and
RADIUS max tries before giving up
switches to failure state. By default, the number of re-
tries is 3.
In this field, type in the IP address that SOLIDserver
RADIUS NAS IP address
needs to connect to RADIUS.

838
 Managing Authentication Rules

11. Click on OK to commit the addition. The report opens and closes. The rule is now listed. In
the Instance column, the Rule name you chose is displayed.

For more details regarding the configuration of FreeRadius and the Cisco Radius, refer to the
corresponding sections of the Configuring Radius appendix.

Editing an Authentication Rule

You might need to change the rules parameters. In the procedure below we will detail the process
from the Authentication rules page but you can also do it from the rule properties page Main
properties panel.

To edit a user authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Filter the list if need be.
5. Put your over the Name or the Instance of the rule you want to edit. The infobar appears,
click on . The Edit a rule wizard opens.
6. Edit the Rule name, Comment fields and any other fields and configurations according to
your needs. For more details, refer to each authentication rule addition procedure in the
Adding Authentication Rules section above.
7. Click on OK to commit your configuration. The report opens and closes. The rule is listed.
In the Instance column, the Rule name you chose is displayed.

Enabling or Disabling an Authentication Rule

Once added, the authentication rules are automatically enabled. You can disable and disable
them back as you please.

To disable a user authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Disable. The Disable wizard opens.
6. Click on OK to commit your changes. The report opens and closes. The rule is listed and
marked Disabled in the Status column.

To enable a user authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.

839
 Managing Authentication Rules

3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OKto commit your changes. The report opens and closes. The rule is listed and
marked OK in the Status column.

Deleting an Authentication Rule

If you no longer need an authentication rule, you can delete it.

To delete a user authentication rule

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the breadcrumb, click on Authentication rules. The Authentication rules page opens.
4. Tick the rule of your choice.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit your deletion. The report opens and closes. The rule is no longer listed.

840
Part XIII. Administration
Table of Contents
80. High Availability Management ................................................................................... 845
Introduction ........................................................................................................... 845
Definition ...................................................................................................... 845
HA Management Concepts ............................................................................ 845
The All SOLIDserver Page ............................................................................. 847
Configuring SOLIDserver for HA Management ........................................................ 849
Configuring your Master Appliance Locally ...................................................... 849
Adding an Appliance to the All SOLIDserver List ............................................. 850
Configuring HA Management ......................................................................... 850
Upgrading Appliances in High Availability ................................................................ 852
Automatically Upgrading both Appliances ....................................................... 852
Upgrading One Appliance at a Time ............................................................... 853
Switching the HA Configuration .............................................................................. 854
Monitoring the HA Logs ......................................................................................... 855
Disabling the HA Configuration ............................................................................... 855
Disabling HA by Modifying the Appliances Role ............................................... 855
Disabling HA by Deleting an Appliance from the All SOLIDserver List ............... 856
High Availability Advanced Options and Troubleshooting Solutions ........................... 857
If the Network is Unreliable ............................................................................ 857
In the Event of a Network Disruption ............................................................... 859
In the Event of a Split-brain ............................................................................ 860
If an Appliance Needs to be Replaced ............................................................ 861
High Availability Limitations .................................................................................... 862
81. Remote Management of Other Appliances ................................................................ 863
Introduction ........................................................................................................... 863
Configuring SOLIDserver to Remotely Manage Other Appliances ............................. 863
Configuring the Management Appliance ......................................................... 863
Configuring the Remote Management ............................................................ 864
Managing Other Appliances Remotely .................................................................... 864
Managing Remote Appliances Network Configuration ...................................... 865
Managing Remote Appliances Services Configuration ..................................... 865
Upgrading Remote Appliances through the All SOLIDserver list ....................... 865
Removing Remote Appliances from the All SOLIDserver list ............................ 866
Remote Management Advanced Options ................................................................ 866
If an Appliance Needs to be Replaced ............................................................ 866
82. Monitoring Tools ....................................................................................................... 867
Logs ..................................................................................................................... 867
Logs Visualization ......................................................................................... 867
Configuration of Network Logs ....................................................................... 868
Statistics ............................................................................................................... 869
Session Tracking ................................................................................................... 870
Last User Connected ..................................................................................... 870
All Users Connections ................................................................................... 871
User Tracking ........................................................................................................ 871
Tracking Users Through the Filters ................................................................. 871
Tracking Users Through the Columns ............................................................. 872
Allowing Users to Display All the Operations Performed ................................... 873
Using the Extended User Tracking Display ...................................................... 874
Netstat .................................................................................................................. 875
Database Tables Size ............................................................................................ 875
Vacuum The Database .................................................................................. 876

842
 Administration

Reports ................................................................................................................ 876

Statistics Reports .......................................................................................... 877
User Reports ................................................................................................ 877
83. Managing SNMP Profiles ......................................................................................... 878
Adding an SNMP Profile ........................................................................................ 878
Editing an SNMP Profile ........................................................................................ 879
Deleting an SNMP Profile ...................................................................................... 879
84. Maintenance Tools ................................................................................................... 881
Using the Maintenance Mode ................................................................................. 881
Updating the Macros and Rules ............................................................................. 881
Clearing the Appliance Cache ................................................................................ 882
85. Local Files Listing .................................................................................................... 883
Understanding the Local Files Listing ..................................................................... 883
Understanding the Page Display ..................................................................... 883
Local Page .................................................................................................... 883
TFTP Page ................................................................................................... 884
Logs Page .................................................................................................... 884
Config files Page ........................................................................................... 884
Custom images Page .................................................................................... 884
Custom WSDL Page ...................................................................................... 884
Managing Local Files Listing Files .......................................................................... 884
Uploading Files ............................................................................................. 884
Downloading Files ......................................................................................... 885
Deleting Files ................................................................................................ 885
86. Troubleshooting ....................................................................................................... 886
Before Troubleshooting .......................................................................................... 886
Troubleshooting Guidelines .................................................................................... 886
Troubleshooting Tools ............................................................................................ 887
Network Capture ........................................................................................... 887
Troubleshooting Dump ................................................................................... 888
87. Backup and Restoration ........................................................................................... 889
Browsing the Backup Database .............................................................................. 889
Creating an Instant Backup .................................................................................... 890
Scheduling the Backup .......................................................................................... 891
Archiving the Backup Files on FTP ......................................................................... 891
Restoring a Configuration ...................................................................................... 892
88. Upgrading ............................................................................................................... 894
Upgrading a SOLIDserver ...................................................................................... 894
Running the Post-Migration to Update the Database ................................................ 895
89. Custom DB .............................................................................................................. 896
Browsing Custom DB ............................................................................................ 896
Browsing Custom DB Database ..................................................................... 896
Browsing Custom Data .................................................................................. 897
Adding a Custom DB ............................................................................................. 897
Editing a Custom DB ............................................................................................. 898
Deleting a Custom DB ........................................................................................... 898
Configuring a Custom DB with Custom Data ........................................................... 899
Adding Data in a Custom DB ......................................................................... 899
Editing the Data of a Custom DB .................................................................... 899
Deleting Data From a Custom DB ................................................................... 900
Importing Custom Data .................................................................................. 900
90. Class Studio ............................................................................................................ 901
Browsing Class Studio ........................................................................................... 901
Browsing Class Studio Database .................................................................... 902

843
 Administration

Browsing the Classes Database ..................................................................... 902

Understanding Class Studio ................................................................................... 903
Understanding Classes .................................................................................. 904
Understanding Class Objects ......................................................................... 905
Adding Classes ..................................................................................................... 907
Editing Classes ..................................................................................................... 908
Duplicating Classes ....................................................................................... 908
Renaming Classes ........................................................................................ 909
Moving Classes ............................................................................................. 909
Changing or Stop Using Classes .................................................................... 910
Using Classes ....................................................................................................... 910
Deleting Classes ................................................................................................... 911
Configuring Classes with Class Objects .................................................................. 911
Adding Class Objects .................................................................................... 912
Editing Class Objects .................................................................................... 935
Organizing Class Objects .............................................................................. 936
Deleting Class Objects .................................................................................. 936
Managing Class Studio Syntax ............................................................................... 937
Basic Regular Expressions ............................................................................ 937
Defining a Class as a Group Resource ................................................................... 938
91. Packager ................................................................................................................. 939
Browsing the Packages Database .......................................................................... 939
Uploading Packages .............................................................................................. 940
Creating Packages ................................................................................................ 940
Editing Packages ................................................................................................... 942
Installing Packages ................................................................................................ 943
Uninstalling Packages ........................................................................................... 943
Downloading Packages .......................................................................................... 944
Deleting Packages ................................................................................................ 944

844
Chapter 80. High Availability
Management
Introduction
High availability (HA) is a system network design that ensures that your network continues to
work even if one or more of its components fail. This architecture provides integrated disaster
recovery management features for transparent and efficient service continuity. It also prevents
you from losing any data if anything were to happen to your managing platform.

Note
The HA management can only be configured from and with appliances using an IPv4
address.

Definition
With SOLIDserver, high availability implies that you connect together two appliances in a unique
management topology in which you set up one appliance as a Master and the other one as a
Hot Standby appliance, basically a read-only backup server that replicates the content of the
Master's database.

The Hot Standby replicates the Master database

Hot Standby
Master

Figure 80.1. High Availability Representation

The HA has to be configured and managed from the SOLIDserver centralized management page
of the administration tab and lists all the SOLIDserver appliances used on the network. This list
can help you know with certainty what is on your network at all times of even help you remotely
manage other appliances. For more details, see the chapter Remote Management of Other Ap-
pliances.

HA Management Concepts
The new HA architecture in SOLIDserver comes with three role-related key concepts. The appli-
ance can now be a Standalone, a Master or a Hot Standby. The Standalone is the default role.
Once you configured the local appliance IP address it is set as a Standalone that is configured
to run on its own and has no backup. However it can become a Master or a Hot Standby when
configured for HA.

The Master and Hot Standby appliances work together to make sure that if the Master
crashes or encounters any problem, the Hot Standby can replace it immediately. The Hot
Standby would then become a Master and vice versa. Which is why the Hot Standby must replicate
the Master database as often as possible. If the Hot Standby has not replicated the Master
database in the last 60 seconds, it will check the Master status three times in a row, every 4
seconds. If there is no response (timeout, etc), the Hot Standby switches to Master.

845
 High Availability Management

1 The Replication Stopped

Master Hot Standby

2 The Hot Standby

Becomes the Master
Hot Standby Init Master recovered

3 The database replication starts again

Hot Standby Master

Figure 80.2. If the Replication Stops the Hot Standby Becomes the Master

If your network is unreliable or experiences frequent disruptions, we strongly recommend that

you take a look at the section High Availability Advanced Options and Troubleshooting Solutions
to modify the HA number of retries or configure automatic switch parameters that suit your needs.

To set up an efficient HA configuration, both appliances should be set at the same time
to ensure there is no shortage of data in the Hot Standby appliance in case it needs to become
a Master. We strongly recommend that you configure their time and date through the NTP server.
See chapter Services configuration for more details.

Keep in mind that as the Hot Standby is a replication of the Master appliance database, you
cannot modify its database. However, a few actions can be undergone from the Hot Standby
and/or the Master:

• The All SOLIDserver page of the Hot Standby appliance allows to switch the Master and Hot
Standby appliances roles. See section Switching the configuration for more details.
• The All SOLIDserver page contains an option that breaks up the high availability between the
two appliances: if you switch an appliance to Standalone, you erase its database entirely
whether it is a Master or a Hot Standby. See section Disabling the HA configuration for more
details.
• The Network configuration page is independent from the database and can therefore be con-
figured differently on the Master and Hot Standby appliances. See chapters Remote Manage-
ment of other Appliances and Network Configuration for more details.
• The System configuration page is independent from the database and can therefore be con-
figured differently on the Master and Hot Standby appliances. See chapters Remote Manage-
ment of other Appliances and Services Configuration for more details.

846
 High Availability Management

• It is possible to save a backup of an appliance no matter its role in a HA configuration.

Warning
Even though you can save a backup of any appliance while it is configured in high
availability, you cannot restore a backup of an appliance in high availability. You
need to disable the high availability, restore the backup and then configure the
high availability again.

The All SOLIDserver Page

High Availability is managed and configured from the Administration tab All SOLIDserver page.
It is accessible from the Administration homepage SOLIDserver centralized management icon.
By default, it contains 14 columns described hereafter.

Table 80.1. All SOLIDserver Default Listing Template

Columns Description
Name This column contains the appliance hostname.
Local This column marks every appliance listed. The one you are oper-
ating on is marked Yes. All the other ones are considered remote
and marked No.
Manufacturer This column indicates the appliance manufacturer. It can therefore
tell you if you are working on or remotely managing virtual appli-
ances.
Product This column lists the appliances model. It will indicate the type of
appliance you are working with and its size if it not a virtual appli-
ance (e.g. SOLIDserver-250).
Serial # This columns will display the serial number i.e. the unique appli-
ance number, if two appliances have the same name you can
differentiate them thanks to this piece of information.
Version This column indicates the SOLIDserver version: current is the
latest.
IP address This column will display the IP address of each of the managed
appliance. The local one is the only one to be configured consid-
ering that you will need the IP address used to access all the ap-
pliance that you want to add to the All SOLIDserver list.
Master address This column displays the IP address of the Master appliance of
the Hot Standby appliances. Master and Standalone appliances
will display None in this column.
Role There is a number of different appliance roles that can be dis-
played in this column:

• Master: an appliance running in association with a Hot Standby

appliance. It has a HA UID.
• Master (hot standby init): an appliance that used to be the
Master in the HA configuration and is currently becoming the
Hot Standby.

847
 High Availability Management

Columns Description
• Hot Standby: an appliance replicating the content of the Master
appliance database it is associated with. It has the same HA
UID as its master.
• Hot Standby (init): a Hot Standby appliance is being enrolled
again with the same Master in case of replication failure.
• Standalone: an appliance configured and running on its own,
with no HA configuration.
• Standalone (hot standby init): an appliance becoming the Hot
Standby of a Master appliance. It will not be accessible for a
few minutes, until the replication of the entire database is
complete. During this time, the Hot Standby database will be
erased and replaced with the replication of the Master appliance
database.
• Master (recovered): A Hot Standby appliance set as a Master
will be marked as such during the role switch, it is immediately
operational.

HA UID This column displays the key that identifies the machine when HA
is configured.
Last write period This column displays the last time the Hot Standby replicated the
Master database.
Time drift This column displays the difference in seconds between the
Master NTP and the Hot Standby NTP. It is important that the
difference is minimal, if the difference is greater than a minute (60
[seconds] in the column), it could have consequences on the
DHCP failover replication.
Replication offset This column displays the difference in kilobytes between the
Master database and the Hot Standby database. As the replication
is almost in real time, the difference should be minimal. A great
value in this column could indicate a network disruption. If the
Replication offset in Unknown, the remote SOLIDserver is in
Timeout.
Status This columns indicates if the appliance is running properly. You
will find the following statuses:

• OK: this status is displayed when the appliance is up and run-

ning.
• Not configured: this status is displayed when the local appliance
has not be configured yet.
• Upgrading...: this status is displayed when the Hot Standby
appliance is being upgraded from the Master appliance All
SOLIDserver list.
• Switching to Hot Standby: this status is displayed when an ap-
pliance is switching to Hot Standby role.
• Invalid credentials: this status is displayed when the appliance
is restored and the password has been changed.

848
 High Availability Management

Columns Description
• Managed (remote): this status is displayed when an appliance
is being managed remotely, i.e. listed on another appliance All
SOLIDserver page.
• Timeout: this status is displayed when the appliance is not re-
sponding.
• Split-brain: this status is displayed when two appliances are in
Restricted mode due to a split-brain. For more details refer to
the In the Event of a Split-brain section.

In addition to these 13 columns, if you were to modify the display of the columns listed on the All
SOLIDserver page, you will find 3 others columns:

Table 80.2. All SOLIDserver Additional Columns

Columns Description
Firmware date This column indicates the software image release date.
Last write time This column indicates the exact time of the last database replica-
tion.
Remote time This column indicates the time of the remote appliance(s) man-
aged through the local appliance.
Time This column indicates each appliance date and time.

Configuring SOLIDserver for HA Management

The HA configuration follows three critical steps:

1. Configuring locally your future Master appliance,

2. Adding the future Hot Standby to the All SOLIDserver page of the Master appliance,
3. Enrolling the Hot Standby.

Configuring your Master Appliance Locally

The Configure Local SOLIDserver option sets the grounds for the Master/Hot Standby configur-
ation: it basically assigns the IP address you are currently working to the Master appliance.

To configure the local SOLIDserver

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens. In the Local column, your appliance is marked Yes; in the
Status column, it is marked as Not configured. It does not have an IP address yet.
3. In the menu, select Tools > Configure local SOLIDserver. The Configure local SOLIDserver
wizard opens.
4. In the SOLIDserver IP address drop-down list, select the IP address of the appliance.

849
 High Availability Management

5. Click on OK to commit the configuration. The report opens and closes. The All SOLIDserver
page opens again. The local appliance details are now completed with the Name (the host-
name), serial number, version, IP address, Role (Standalone) and Status (OK).

Adding an Appliance to the All SOLIDserver List

Once you configured your future Master appliance locally, you can add other appliances. These
appliances can be either listed to have an overview of all the appliances running on your network
or listed to configure the high availability through the local Master appliance.

To add an appliance to the Master All SOLIDserver list

1. Connect to the future Master appliance through its IP address.

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
4. In the menu, select Add > Remote SOLIDserver. The Add/modify remote SOLIDserver
wizard appears.
5. In the SOLIDserver IP address field, fill in the IPv4 address of the appliance you want to add
to the list.
6. In the 'admin' user password field, type in the default SSH password (admin) if it is not
already entered.
7. Click on OK to commit the addition. The report opens and closes. The new appliance is listed
and marked Standalone in the Role column and Managed (remote) in the Status column.

You can add as many appliances as you need on the All SOLIDserver page, only two of them
will be configurable in HA, the rest of them will be listed for remote management purposes. Once
you added all the appliances you need, they are listed in the Services and Network configuration
SOLIDserver drop-down list to ease the remote management from the Master appliance. For
more details regarding remote management of other appliances, refer to the Remote Management
chapter. Otherwise, the list can simply provide an overview of all the SOLIDserver appliances
used on your network (their name, type, status, etc.).

Note
You can display as many remote appliances as you want on the All SOLIDserver
page, however you can only display one HA configuration. You cannot display
several high availability configuration pairs on the All SOLIDserver page.

Configuring HA Management
The HA configuration is quite simple, it has to be undergone from the future Master appliance,
you cannot configure HA management from the Hot Standby appliance. Once you configured
the local SOLIDserver and added the Hot Standby appliance to the Master appliance All
SOLIDserver list, you can configure the HA settings.

Keep in mind that for the configuration to be viable and effective, the two appliances must:

• be set at the same time;

• be in the same version of SOLIDserver.

850
 High Availability Management

That way, in the event of a switch, the former Hot Standby has retrieved all the database inform-
ation and can actually provide the same performance and efficiency as the original Master.

To configure high availability between two appliances

1. Connect to the future Master appliance through its IP address.

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
4. Tick the appliance you want to set up as a Hot Standby appliance.
5. In the menu, select Edit > Enroll SOLIDserver as Hot Standby. The Enroll SOLIDserver as
Hot Standby wizard opens.
6. Click on OK to commit the configuration. The Hot Standby appliance database is erased and
replaced by the Master appliance database which is why the report is open and working for
a while before it finally closes. The appliance set as Hot Standby is unavailable for a while.
Each appliance role is modified according to the configuration, they both get the same HA
UID.

After the HA configuration, the content of the All SOLIDserver page columns will be modified.
Note that the Hot Standby appliance will replicate the content of the Master appliance database,
that is to say provide an efficient backup that will become the Master if anything were to happen
to the current Master appliance. From this point on you will need to take special attention to the
Time drift and Replication offset columns in the Master All SOLIDserver list, to make sure that
the Hot Standby appliance properly replicates the database. The Master appliance information
stays the same and is also listed on the local Hot Standby appliance All SOLIDserver page.

The Hot Standby appliance is now in read-only mode. Every modification made on the Master
appliance will be copied in the Hot Standby database almost in real-time. You will therefore not
be able to modify the remote appliance data, to the exception of the Master/Hot Standby config-
uration that you will be able to switch in the All SOLIDserver list. See part Switching the configur-
ation for more details.

Tip
If at some point the replication stops, you can enroll again the Hot Standby appliance.
Simply follow the To configure high availability between two appliances procedure.

Different Configurations Possible

The High Availability has to be configured with two appliances that:

• should be in the same version;

• should be set at the same time (using the NTP server, refer to the section Configuring the NTP
Server for more details);
• should have the same performance rate, to ensure a smooth transition in case of a switch.

Both these appliances can be configured on layer 2 or 3 of the network.

Layer 2 configuration
If the appliances are configured on layer 2, they belong to the same LAN. Therefore you can
set up a VIP interface that would allow you to access the current Master appliance of the

851
 High Availability Management

configuration through the IP address you set (the original master if it is acting as a master,
or the Hot Standby if the configuration was switched). For more details, refer the Network
Configuration chapter, in the section Configuring a VIP Interface.
Layer 3 configuration
If the appliances are configured on layer 3, they do not belong to the same LAN. The HA is
still configurable and running perfectly through the routers that connect them but it is impossible
to set a VIP to access the Master appliance.

For more details, regarding the customization of the communication between the Master and the
Hot Standby, please refer to the High Availability Advanced Options and troubleshooting Solutions
section.

Upgrading Appliances in High Availability

Since version 5.0.2, upgrading appliances configured in high availability can be done from the
Master appliance directly. It is no longer required to upgrade the Hot Standby appliance and then
the Master appliance as upgrading the Master appliance automatically upgrades its Hot
Standby.

You can still first upgrade the Hot Standby and then the Master if you want to.

Automatically Upgrading both Appliances

To automatically upgrade the two appliances configured in high availability you must upgrade
your Master appliance. This process ensures that:

1. the Hot standby appliance is upgraded first.

As the upgrade requires to stop and restart an appliance that would imply switching the appli-
ances role, if the Hot Standby is upgrade first, the Master appliance database is still available
and no switch is required.
2. the Master appliance is upgraded once the Hot Standby upgrade is complete.

Once the Hot Standby is upgraded, the Master appliance can be stopped and restarted and
no switch is performed.

The upgrade process of appliances in HA always follows this order because upgrading an appli-
ance stops and restarts it. This ensures that the appliances do not switch roles and that the
database is available even during the upgrade.

Therefore, from the Master appliance you can safely upgrade both appliances as detailed in the
procedure below.

To upgrade the Master and Hot Standby appliances automatically

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
4. Click on BROWSE to select the file containing the SOLIDserver image in the version of your
choice.

852
 High Availability Management

5. in the File name field, the file is displayed once retrieved.

6. Click on UPGRADE to commit the upgrade. During the upgrade:

1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
Before stopping the Master appliance, the Hot Standby is stopped, upgraded and restarted.
3. The Master is upgraded once the Hot Standby upgrade is complete. The last step of the
Master upgrade is Upgrade finished. Rebooting SOLIDserver.

7. Click on CLOSE to go back to the Administration homepage. The appliance reboots. Once
done, you can access it again.

The Master appliance keeps its Master role unless you or your administrator changed the advanced
configuration registry database entries and set a quicker response time. For more details, refer
to the advanced options section If the Network is Unreliable below.

Upgrading One Appliance at a Time

Even though the upgrade is automated since version 5.0.2, you can still upgrade manually. Keep
in mind that to ensure that the database is available throughout the upgrades you must:

1. locally upgrade the Hot Standby appliance.

The Hot standby must be upgraded first to make sure the Master database is available.
2. locally upgrade the Master appliance.

Once the Hot Standby appliance upgrade is complete, you can upgrade the Master. This
avoids a switch end ensures the database is available.

To upgrade two appliances in High Availability one after the other

1. Upgrade the Hot Standby appliance:

a. Using the browser of your choice, type in the IP address of your Hot Standby appliance
in the address bar to access it.
b. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
c. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
d. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
e. Click on BROWSE to select the file containing the SOLIDserver image in the version of
your choice.
f. in the File name field, the file is displayed once retrieved.
g. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a
progression bar that informs you of the tasks being performed. The last step is Upgrade
finished. Rebooting SOLIDserver.

1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
The last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.

853
 High Availability Management

h. Click on CLOSE to go back to the Administration homepage. The appliance reboots.

i. Once the appliance reboots, you can log in again. A message informs you that your Hot
standby and Master appliances versions do not match. You must now upgrade the
Master as well.

2. Upgrade the Master appliance:

a. Using the browser of your choice, type in the IP address of your Master appliance in
the address bar to access it.
b. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
c. Go to the Administration tab. If the homepage is not displayed, click on . The
homepage opens.
d. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
e. Click on BROWSE to select the file containing the SOLIDserver image in the version of
your choice.
f. in the File name field, the file is displayed once retrieved.
g. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a
progression bar that informs you of the tasks being performed. The last step is Upgrade
finished. Rebooting SOLIDserver.

1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed.
The last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.

h. Click on CLOSE to go back to the Administration homepage. The appliance reboots.

i. Once the appliance reboots, you can log in again.

Switching the HA Configuration

This switch is automatic if the Master, for any reason, is not accessible (timeout, crash...). However,
at any time you can invert the appliances role in the configuration and make the Hot Standby
appliance a Master. It is impossible to make a Master change its role to Hot Standby. Note that
the manual switch has to be undergone from the Hot Standby appliance.

To switch Master/Hot Standby appliances role

1. Using the browser of your choice, type in the IP address of your Hot Standby appliance in
the address bar to access it.
2. Type in the login and password and click on
OK to enter. The message This SOLIDserver
is a Hot Standby: Database is in READ-ONLY mode is present on every page.
3. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
4. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
5. In the menu, select Tools > Manually switch local SOLIDserver to master. The report opens.

854
 High Availability Management

6. Click on CLOSE to commit the modification. The All SOLIDserver list opens again.
7. Click on the SEARCH button to refresh the page. The former Hot Standby appliance Role is
marked Master (recovered). The former Master appliance is marked Master (Hot Standby
init). Refer to the table in the section Configuring HA Management for more details. The Hot
Standby appliance is unavailable for a few instants, the time it takes to replicate the Master
database.

Note
If you upgrade the Master appliance, the HA configuration would automatically switch
the two appliances role and make the Hot Standby the Master so that the database
is available at all times even during the upgrade. You will then have to switch back
the configuration manually.

Monitoring the HA Logs

SOLIDserver allows you to monitor the HA configuration through the syslog page. That way, you
can know in details what happened with your configuration: did the appliances switch? At what
time? etc.

To display the HA related logs

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Logs visualization icon. The Syslog page opens.
4. In the SOLIDserver drop-down list, select the appliance for which you want to display the
HA related logs.
5. In the Services, select impserver.
6. Filter the list using the Log column. You can:

• type in the field HA* to display all the HA related logs;

• double-click in the field to display the filter constructor: select contains in the drop-down
list and type in HA* in the field. Click on APPLY .

The list is filtered. All the HA related logs respect the format HA <event>.

Disabling the HA Configuration

Disabling HA can be done at any point either through the modification of the appliances role or
through the remote appliance deletion from the All SOLIDserver list of the Master appliance.

Disabling HA by Modifying the Appliances Role

Once the high availability is configured, you can disable it. That is to say, let an appliance run on
its own with no backup or Master like it did before you configured HA.

855
 High Availability Management

Note
It is impossible to switch a Master appliance to Standalone if it is configured
with a Hot Standby.You need to switch the Hot Standby to Standalone first or delete
it from the All SOLIDserver list before going further. For more details, see the section
Disabling HA by Deleting an Appliance from the All SOLIDserver list.

The switch an appliance to standalone behaviors

Whether you switch from a Master or a Hot Standby to Standalone the database behaves
as follows:
• The appliance database is erased entirely.You will need to configure the Internal Module
setup when opening it again.
• The database is saved in a backup file available on the local appliance Backup paramet-
ers page.
• The appliance is now in Standalone. You need to configure the local appliance once
again.
• The All SOLIDserver page lists the appliance as a Standalone. If you did not erase the
Hot Standby from the Master appliance list but switched it to Standalone before switching
the appliance role, the former Hot Standby is also listed as a Standalone.

Keep in mind that this modification has to be done locally. If you want an appliance to become
a Standalone, you have to make the modification from the All SOLIDserver list connecting to the
appliance through the browser of your choice using its IP address.

To disable HA configuration by putting an appliance in standalone

1. Connect to your Hot Standby appliance through its IP address.

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
4. In the menu, select Tools > Switch local SOLIDserver to Standalone. The Switch local
SOLIDserver to standalone wizard opens.
5. Click on OK to commit the switch. The report opens and works for a while, saving a backup
of the database before deleting the content of the appliance. If need be, click on CLOSE . The
selected appliance changes its role to Standalone. During the switch, the appliance might
be unavailable.

Disabling HA by Deleting an Appliance from the All SOLIDserver List

The Edit menu of the Master appliance All SOLIDserver list provides a Delete option. When it
comes to a HA configuration, deleting the Hot Standby appliance from the list will revoke its role
in the configuration. Keep in mind that it is impossible to delete the local appliance from this list.

Note
Deleting a Hot Standby appliance from the All SOLIDserver page will change the HA
UID of the Master appliance.

856
 High Availability Management

To revoke the Hot Standby role

1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the Hot Standby appliance.
4. In the menu, select Edit > Delete. The Delete wizard opens and displays a warning message.
5. Click on OK to commit the deletion. The report opens and works for a while, saving a backup
of the database before deleting the content of the Hot Standby, and finally closes. The Hot
Standby is not listed anymore, it will not be accessible for a few minutes and will basically
be reset. The former Master appliance keeps its Master role.

This operation can take some time as the Hot Standby will wipe out the database content when
you revoke its role in the HA configuration and delete it from the list. The former Master appliance
keeps its Master role as well as its HA UID for two reasons:

1. to prevent any other appliance from managing it as it would delete its database;
2. because the HA UID will be used again during the next HA configuration with this appliance
as a Master.

If you access the former Hot Standby appliance, you will see the following changes:

• The appliance is no longer in read-only mode.

• If you go to the All SOLIDserver list, you will see that:
1. The appliance itself is the only one listed, the former master appliance is no longer part of
that list.
2. The appliance role is now Standalone.
3. The appliance has a new HA UID, to prevent any Master vs. Master (recovered) conflict if
you deleted the Hot Standby from the list because of the network crashed.
4. The appliance needs to configured again (Tools > Configure local SOLIDserver).

High Availability Advanced Options and Troubleshooting

Solutions
Note
Do not hesitate to set an alert on the All SOLIDserver page to be informed of any
change via email or SNMP trap. For instance, filter the appliances through the Status
column to detect split-brain or any status different from OK. You will simply need to
tick the Expert mode checkbox, type in the email address of your choice or configure
the SNMP.

If the Network is Unreliable

If your network is unreliable, the Offset replication column can help you monitor the Hot standby
database reliability.

857
 High Availability Management

Besides, there are some keys in SOLIDserver registry database that you can modify to have a
better control over the HA appliances switch. By default, if the Hot Standby has not replicated
the Master database in the last 60 seconds and the Master is not responding, it automatically
switches to Master. You can control the automatic switch parameters if and only if the Master is
not responding.

These advanced configurations of the replication are all the more useful if your network is unreli-
able: it will avoid flapping and ensure that the switch occurs only if the there is a problem on the
Master side.

• A key allows to control the maximum time a switch should take whether you are enrolling
an appliance or switching roles.

By default, module.system.init_hot_standby_timeout is set to 300 seconds: if the Hot standby

initialization stage has not evolved after 5 minutes, the enrollment or switch stops and the ap-
pliance keeps it current role as Standalone or Master. So you might want to set up a higher
value if the Master database is very large or if your network is not reliable.
• A key allows to control the automatic switch itself and potentially prevent it.

By default, module.system.max_hot_standby_time_skew is set to 3600 seconds: if the Last

write period is older than an hour, the two appliances cannot switch automatically.

You can set the value of this key between -1 and 2^31. Setting it to 0 or -1 will prevent the
automatic switch.
• A key allows to control the number of retries before automatically switching the appliances
role.

By default, module.system.hot_standby_switch_retry is set to 3 attempts: if the Hot Standby

appliance cannot connect to the Master and check its role and status, it will try to get an answer
3 times in a row. If after the 3 attempts there is still no answer, it takes over the Master role.

Note
The retries check frequency is defined by the module.sys-
tem.hot_standby_switch_sleep key. By default, it is set to 4 seconds: if the Hot
Standby does not get an answer from the Master, it will try every 4 seconds n times
(depending on the number of retries you set). The use of this key is now deprec-
ated. We strongly recommend that you configure the module.sys-
tem.hot_standby_replication_lag instead.

• A key allows to control the lack of database replication period before automatically
switching the appliances role..

By default, module.system.hot_standby_replication_lag is set to 60 seconds: if the Hot Standby

has not replicated the database in the last 60 seconds, it tries to contact the Master appliance
n times (depending on the number of retries configured through the module.sys-
tem.hot_standby_switch_retry key). If the Master is not responding, i.e sending its role and
status, the Hot Standby switches to Master.

So if you want to prevent the automatic switch, you should set very high replication lag value and
a very low automatic switch value (time_skew) for instance -1 or 0. If a high replication lag is not
enough, you can always set a higher retry value but keep in mind that a large number of retries
might overload the network.

858
 High Availability Management

To add the registry key that controls the switch based on time drift

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
4. In the Name field, type in module.system.max_hot_standby_time_skew.
5. In the Value field, type in the value of your choice. The default value is set to 3600 seconds
of drift between the appliances that triggers an automatic switch. Setting the value to -1 or
0 will prevent the switch.
6. Click on OK to commit your addition. The report opens and closes. The Registry database
page refreshes, the key is listed.

To add the registry key that sets the number of retries

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
4. In the Name field, type in module.system.hot_standby_switch_retry.
5. In the Value field, type in the value of your choice. The default value is set to 3 attempts
(retries) before the switch if there is no response.
6. Click on OK to commit your changes. The report opens and closes. The Registry database
page refreshes.

To add the registry key that controls the switch based on data replication

1. Go to the Administration homepage.

2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the menu, select Add > Registry item. The Registry database Add an item wizard opens.
4. In the Name field, type in module.system.hot_standby_replication_lag.
5. In the Value field, type in the value of your choice. The default value is set to 60 seconds
without replication before the switch if there is no response.
6. Click on OK to commit your changes. The report opens and closes. The Registry database
page refreshes.

In the Event of a Network Disruption

You might need at some point to shut down the network (for potential repairs, equipment changes,
etc.). In this case, we strongly recommend that you disable the HA configuration. Indeed,
in the event of a network disruption, voluntary or not, the appliances configured in HA will go in
Timeout or switch their roles but might not successfully go through with it. In this case, when the
appliances start again you might have two Masters, the original Master will keep its role and Hot
Standby will switch to Master (recovered), with no Hot Standby configured and potentially a case
of split-brain. In which case, there is no accurate way of knowing which appliance should become
a Hot Standby. For more details, refer to the In the Event of a Split-brain section below.

859
 High Availability Management

To prevent any lose of data, if you plan on disrupting the network, we suggest that you disable
the HA following the procedure in the section Disabling HA by Deleting an Appliance from the
All SOLIDserver list. When the network is back on, you simply need to configure the HA again.

In the Event of a Split-brain

Like mentioned in the section above, In the Event of a Network Disruption, the Split-brain is a
very specific case that might occur when two appliances are configured in High Availability. Once
configured, both appliances will share the same HA UID but in the event of a network disruption
they might end up sharing the same role instead of keeping the two roles on which the configur-
ation relies: one Master and one Hot Standby. This configuration, as we saw along this chapter,
implies that the Master appliance makes all the changes in the database and the Hot Standby
simply backs up the database to be ready for a potential switch of the configuration. With two
Masters, whether they are both Master or one is Master and the other Master (recovered), there
is no backup and both appliances can potentially overwrite each other's changes.

To help you in the prevention of the Split-brain, SOLIDserver follows a simple set of checks, when
the two appliances communicate once again, to detect it right away:

1. SOLIDserver starts up in restricted mode and will run in normal mode if and only if no HA
conflicts were detected.
2. SOLIDserver checks if both appliances share the same version. If not, a message will be dis-
played under the menu on every page of the appliance with the latest version.
3. SOLIDserver checks if both appliances share the same role.

If it turns out that both appliances are Master, there is set of resolutions that SOLIDserver will try
and execute on its own to avoid staying in restricted mode.

Automated Detection

In HA, the moment one Master realizes that the other appliance is also a Master, SOLIDserver
will have the following options to avoid a case of split-brain:

1. No appliance has been edited since the last synchronization

In this case, the last appliance that switched to Master remains Master and enrolls the other
appliance in Hot Standby.
2. One appliance has been edited since the last synchronization

In this case, the last appliance that was modified becomes Master and enrolls the other appli-
ance in Hot Standby.
3. Both appliances have been edited since the last synchronization

In this case, SOLIDserver puts them in Restricted mode with the status Split-brain and the
split-brain red message displayed right under the menu on every page of both appliances. To
configure the HA again, you will have to execute a Manual resolution as detailed in the section
below.

Manual Resolution

The manual resolution is only needed when the appliances in HA are in a case of split-brain that
puts them in Restricted mode. This mode implies two behaviors:

860
 High Availability Management

• The synchronization between the appliances stops, so basically it is like having two Standalone
SOLIDserver appliances that have the same HA UID.
• Through the GUI, you can still edit the database from both appliances but no changes will ac-
tually be pushed on the physical server(s).

To go back to viable configuration, you have two possibilities:

1. Disable the High Availability configuration as described in the procedure in the section Disabling
HA by Modifying the Appliances Role.
2. Force the configuration and choose which appliance becomes the Master as described in the
procedure in the section Switching the HA Configuration.

If an Appliance Needs to be Replaced

At some point, you might need to replace one of the appliances configured in High Availability.

Note
To prevent any loss of data, the appliance in Hot Standby is the one that will be re-
placed.

There are two scenarios possible: you replace one appliance for which you have a backup or
you replace one appliance and no backup is available.

Replacing an Appliance With Backup

If you generated a backup of the appliance you need to replace, you must follow the steps below.

1. Put the appliance that needs to be replaced in Hot Standby role, if is currently the Master.
For more details, refer to the procedure in the section Switching the HA Configuration.
2. Disable the High Availability configuration by deleting the Hot Standby from the All
SOLIDserver list. For more details, refer to the procedure in the section Disabling HA by
Deleting an Appliance from the All SOLIDserver list.
3. Restore the backup of the future Hot standby appliance. For more details, refer to the
procedure To restore a backup configuration in the Restoring a configuration section.
4. On the future Hot standby appliance, go the All SOLIDserver page and delete all the
remote appliances if there is any. For more details, refer to the procedure To remove an
appliance from the all SOLIDserver list in the Removing Appliances section of this guide.
5. Add the new appliance to the All SOLIDserver list of the Master appliance and enroll it:
• First, you need to add the new appliance to the Master appliance All SOLIDserver list. For
more details, refer to the procedure in the section Adding an Appliance to the All SOLIDserver
List.
• Second, you need to enroll the new appliance as Hot Standby. For more details, refer to
the procedure To configure high availability between two appliances in the section Configuring
HA Management.
6. Manually switch the configuration if the new appliance is supposed to be the Master in
the configuration. For more details, refer to the procedure in the section Switching the HA
Configuration.

861
 High Availability Management

Replacing an Appliance Without Backup

The replacement of appliance in HA with no backup must follow the steps below:

1. Put the appliance that needs to be replaced in Hot Standby role, if is currently the Master.
For more details, refer to the procedure in the section Switching the HA Configuration.
2. Disable the High Availability configuration by deleting the Hot Standby from the All
SOLIDserver list. For more details, refer to the procedure in the section Disabling HA by
Deleting an Appliance from the All SOLIDserver list.
3. Set the network and services configuration of the future Hot Standby appliance according
to your needs. For more details, refer to the sections Network configuration and Service
Configuration of this guide.

We strongly recommend that you use an NTP server to set both appliances at the time.
4. Add the new appliance to the All SOLIDserver list of the Master appliance and enroll it:
• First, you need to add the new appliance to the Master appliance All SOLIDserver list. For
more details, refer to the procedure in the section Adding an Appliance to the All SOLIDserver
List.
• Second, you need to enroll the new appliance as Hot Standby. For more details, refer to
the procedure To configure high availability between two appliances in the section Configuring
HA Management.
5. Manually switch the configuration if the new appliance is supposed to be the Master in
the configuration. For more details, refer to the procedure in the section Switching the HA
Configuration.

High Availability Limitations

There are some limitations related to the High Availability configuration:

• The database high availability is configurable only for two appliances.

• We strongly advice against displaying on one All SOLIDserver page several HA config-
urations. If you add an appliance to this list, it means that you want to manage it. Therefore,
if you decide to add to your managing appliance two appliances configured in High Availability,
it means that you intend to manage them from the managing appliance. The All SOLIDserver
page of the appliances in HA, the appliance Status will change from OK to Invalid credentials
because the local 'admin' management password will overwrite the management password
locally set on the Master appliance of this other HA configuration.

862
Chapter 81. Remote Management of
Other Appliances
Introduction
With a SOLIDserver appliance you can manage other SOLIDserver appliances remotely. The
configuration offers many advantages when it comes to dealing with a large number of appliances.
For instance, you can enable or disable DNS or DHCP servers on other appliances.

Thanks to the all SOLIDserver list, you have the possibility to configure high availability of an
appliance (see part High Availability Management above for more details) or manage other appli-
ances remotely. From one SOLIDserver, you can add other appliances and manage them from
that list.

The remote management includes the management of all the options available on the Network
configuration and Services configuration pages, that is to say all the services or network specificit-
ies of the appliances added via the All SOLIDserver list.

Note
The remote management of other appliances can only be configured from and with
appliances using an IPv4 address.

Configuring SOLIDserver to Remotely Manage Other

Appliances
Before managing remote appliances you have to configure your management appliance locally.

Configuring the Management Appliance

The management appliance configuration is a simple option that will assign an IP address to the
appliance on which you are currently working.

To configure the management SOLIDserver

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens. Your appliance is listed and marked Yes in the Local column.
It does not have an IP address.
3. In the menu, select Tools > Configure local SOLIDserver. The Configure local SOLIDserver
wizard opens.
4. In the SOLIDserver IP address drop-down list, select the IP address of the appliance you
are currently configuring.
5. Click on OK to commit the configuration. The report opens and closes. The All SOLIDserver
page opens again. The local appliance details are now completed with the Name (the host-
name), serial number, version, IP address, Role (Standalone) and Status (OK).

863
 Remote Management of Other Appli-
ances

From then on you simply need to add other appliances and remotely manage them from the All
SOLIDserver list and the Network configuration and Services configuration pages.

Configuring the Remote Management

Once you configured your local appliance, you can add other appliances. These appliances will
be listed and you will be able to remotely manage them and make your local appliance a central-
ized management platform.

To add an appliance to the all SOLIDserver list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. In the menu, select Add > Remote SOLIDserver. The Add/modify remote SOLIDserver
wizard opens.
4. In the SOLIDserver IP address field, fill in the IP address of the appliance you want to add
to the list.
5. In the 'admin' user password field, type in the default SSH password (admin) if it is not
already filled in.
6. Click on OK to commit the addition. The new appliance is listed and marked Standalone in
the Role column and Remote (managed) in the Status column.

You can add as many appliances as you need. Once you added them, they are listed in the All
SOLIDserver page as well as in the Services and Network configuration drop-down list to ease
the remote management of both lists from the central management appliance.

Note
If you were to locally access the All SOLIDserver page of an appliance managed
remotely, the status of the local appliance would not be OK but Invalid credentials.
Theses credentials refer to the 'admin' user password of the managing appliance.
As it remotely manages, i.e. takes over the control, of the appliance with a single
administrative password. If you configure again the remote appliance locally, the In-
valid credentials status will appear in the All SOLIDserver page of the managing
appliance: the last appliance that modifies a service or the list takes over the control.

Managing Other Appliances Remotely

From the appliance of your choice you can manage other appliances once you added them to
the All SOLIDserver list. You will be able to manage all the services and network configuration
remotely.

Note
You can remotely modify all the services to the exception of one: the source email
address of the alert. The noreply@efficientip.com address that sends you the alert
notifications has to be modified locally.

864
 Remote Management of Other Appli-
ances

Managing Remote Appliances Network Configuration

From the managing platform you can remotely manage the network configuration of other appli-
ances.

To remotely manage another appliance network configuration

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Network icon. The Network configuration page opens.
3. In the SOLIDserver drop-down list located under the menu, select one of your remote appli-
ances. The page refreshes.
4. Click on any of the listed settings to modify the network configuration. See the Network
configuration chapter for more details regarding these settings.

Managing Remote Appliances Services Configuration

From the managing platform you can remotely manage the services configuration of other appli-
ances as well.

To remotely manage another appliance services configuration

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the System section, click on the Services icon. The Services configuration page opens.
3. In the SOLIDserver drop-down list located under the menu, select one of your remote appli-
ances. The page refreshes.
4. Click on any of the listed servers to modify their service configuration. See the Service con-
figuration chapter for more details regarding these settings.

Upgrading Remote Appliances through the All SOLIDserver list

One of the main advantages of the remote management is the remote upgrade of the managed
appliances. Through the remote management, you will upgrade the appliances you manage with
the same version of SOLIDserver than the version of the managing appliance.

To upgrade one or several remote appliances

1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the appliance(s) you want to upgrade.
4. In the menu, select Edit > Upgrade remote SOLIDserver. The Upgrade selected remote
appliances wizard opens.
5. Click on OK to commit the upgrade. The report opens and works for a while, upgrading the
appliance(s) version to match the managing appliance's version, and finally closes. The ap-
pliance(s) are not accessible for a few minutes.

865
 Remote Management of Other Appli-
ances

Removing Remote Appliances from the All SOLIDserver list

In the All SOLIDserver list, the deletion of an appliance is merely a way to remove an appliance
from the list, that is to say stop managing it. It does not have any impact on the appliance itself
if it is not part of high availability configuration. Keep in mind that it is impossible to delete the
local appliance from the this list.

To delete an appliance from the all SOLIDserver list

1. From the Master appliance, go to the Administration tab. If the homepage is not displayed,
click on . The homepage opens.
2. In the System section, click on the SOLIDserver centralized management icon. The All
SOLIDserver page opens.
3. Tick the appliance you want to stop managing and delete from the list. You can tick as many
as needed.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The appliance is not listed
anymore.

Remote Management Advanced Options

If an Appliance Needs to be Replaced
At some point, you might need to replace one of the appliances that you are remotely managing.
The replacement of appliances is quite simple, you need to:

1. Remove the appliance from the ALL SOLIDserver list of the managing appliance

For more details, refer to the procedure in the section Removing Appliances.
2. Add the new appliance to the All SOLIDserver list of the managing appliance
• First, you need to configure locally the new appliance. For more details, refer to the procedure
in the section Configuring your Local Server.
• Second, you need to add the new appliance to the managing appliance All SOLIDserver
list. For more details, refer to the procedure in the section Configuring the Remote Manage-
ment.

866
Chapter 82. Monitoring Tools
SOLIDserver provides a set of pages in the Administration module dedicated to monitoring the
operations performed at different levels.

Logs
The Administration allows to monitor and manage logs from two different pages.

Logs Visualization
In the Administration module you will find the Syslog page that provides a list of the logs of all
the services embedded into SOLIDserver.You can locate a specific action using the filters located
under the menu. This page provides the list of the logs separated per services. You can display
logs from the DHCP module, the DNS module, the internal transactional engine and all the other
logs separately.

To display the logs of your choice in the Syslog page

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Logs visualization button. The Syslog page opens.
4. Under the menu, you will find two drop-down list filters and a checkbox:

Table 82.1. Syslog Filters

Parameters Description
SOLIDserver In this drop-down list you can select the SOLIDserver of your choice. If
you are not managing any remote appliance, the list will only display
local. However if you are managing remote appliances, you will need to
select the relevant appliance, whether it is your local appliance (simply
named after its hostname) or a remote SOLIDserver (named after its
hostname and IP address as such: hostname (IP address)). For more
details regarding remote management, see the chapter Remote Manage-
ment of Other Appliances.
Services In this drop-down list you can select the service of your choice, either
named (DNS), dhcpd (DHCP), ipmserver (the internal transactional en-
gine) or messages (all the other logs queried).
Automatic refresh This check box allows to automate the refresh of all the logs. By default,
the refresh is scheduled to be executed every 10 seconds. To change
the refresh frequency, see next paragraph.

5. In the list, you will find two columns:

867
 Monitoring Tools

Table 82.2. Syslog Columns

Parameters Description
Time This column displays the date and time of execution of the service. You
can modify the time format (you can choose the local time or the UTC-
GMT) and date format (mm/dd/yyyy or dd/mm/yyyy) of the logs through
the menu Preferences > My Account > Set Time/Date format.
Log This column displays the log description.

6. Filter the data according to your needs.

At any time, you can change the Automatic refresh frequency through the registry database.

To change the automatic refresh frequency

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name filter, type in the syslog.refresh. The list is filtered and the registry key
www.system.syslog.refresh is listed.
4. In the Value column of that key, click on the value listed. The default value is 10. The Registry
database Edit a value wizard opens.
5. In the Value field, replace the current value with the value of your choice (in seconds).
6. Click on OK to commit your modification. The report opens and closes. The list is visible
again and now the automatic refresh will happen at the frequency you just configured.

Configuration of Network Logs

Members of the admin group can choose to redirect logs of several appliances toward a remote
syslog server to monitor them from one centralized point. This redirection can be configured to
send the logs of a particular service (ipmserver, named or dhcpd), above a particular severity
level. The syslog severity levels are listed in the table below:

Table 82.3. Syslog Severity Levels

Code Severity Description
level
0 (maximum severity level) Emergency The system has completely crashed and is no
longer functioning.
1 Alert The system is unstable and a crash is imminent.
Action must be taken immediately.
2 Critical Critical conditions. Should be corrected immedi-
ately.
3 Error Error conditions. Non-urgent failures that should
be relayed to administrators.
4 Warning Warning conditions. Indicates that an error will
occur if action is not taken
5 Notice Unusual situation or significant event that is typ-
ically part of normal day-to-day operations.

868
 Monitoring Tools

Code Severity Description

level
6 Information Normal operational messages - may be harves-
ted for reporting, measuring throughput, etc - no
action required.
7 (minimum severity level) * (Debug) Useful messages to developers for debugging,
not useful during operations

Selecting a log level automatically includes logs with a higher severity (i.e. with a smaller code
number). For instance, if you select Warning, the logs from levels 4 to 0 will be redirected; leaving
aside the Debug, Information and Notice logs.

To add a syslog redirection

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Monitoring > Configuration of Network Logs. The Configuration of
Network Logs page opens.
3. In the menu, select Add > Syslog configuration. The Syslog configuration wizard opens.
4. In the Services drop-down list, select the service (ipmserver, named or dhcpd) for which you
want to redirect the logs.
5. In the Priority drop-down list, set the redirection threshold through the logs severity levels.
For instance, if you select Warning, the logs from levels 4 to 0 will be redirected; leaving
aside the Debug, Informational and Notice logs.
6. In the Type drop down-list, the Network value is selected by default.
7. In the Target server field, type in the IP address and port (e.g. 10.0.0.45:4432) of the Syslog
server you want the logs to be redirected to.
8. Click onOK to commit your logs redirection. The report opens and closes. The Configuration
of Network Logs page is visible again and displays the list of logs redirections.

Statistics
SOLIDserver provides a powerful tool to visualise each service and SOLIDserver's state in a
simple windows. Thanks to this tool, user can be informed about traffic from embedded services
and visualise them easily with explicits charts. The system stores data during a year.

To access the statistics page

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Statistics icon. The Statistics page opens.

The Statistics page displays all the charts available within SOLIDserver.To understand the purpose
of each chart, please refer to the table below:

869
 Monitoring Tools

Table 82.4. Statistics Page Charts Description

Chart Name Description Unit of Measurement
DNS traffic This chart displays the rate of DNS requests Bytes per second
sent and received.
DHCP traffic This chart displays the rate of DHCP requests Bytes per second
sent and received
HTTP traffic This chart displays the rate of HTTP requests Bytes per second
sent and received
SNMP traffic This chart displays the rate of SNMP requests Bytes per second
sent and received
Database replication This chart displays the input and output ex- Bytes per second
traffic changes during the database replication
between two appliances set in a high availability
configuration
Memory This chart displays the system memory usage Bytes
Disk usage This chart displays the disk usage Percent
CPU per process This chart displays the percentage of CPU used Percent
by each enabled service
Process memory usage This chart displays the memory usage of each Bytes
enabled service
IOs per process This chart displays the total data input and out- IO per second
put of each process
SQL queries This chart displays the number of SQL queries Queries per second
made by the system
Threads This chart displays the number of threads ex- Threads per second
ecuted by the system
User sessions This chart displays the number of users connec- Connections count
ted at any time
Processes state This chart displays the state of every service Checked every minute
embedded into SOLIDserver

Keep in mind that every chart is a gadget in essence and can be displayed on any dashboard.
For more details, see the chapter Dashboards and gadgets of this guide. In addition, you can
export all these charts. For more details, refer to the chapter Managing Reports.

Session Tracking
The session tracking page allows to display the list of the users currently connected to SOLID-
server. The user connection is checked every 300 seconds.

Last User Connected

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

870
 Monitoring Tools

3. In the Monitoring section, click on the Session tracking icon. The Session tracking page
opens.
4. You can filter columns in order to display more specific information if needed.

All Users Connections

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Monitoring section, click on the Session tracking icon, a new page is displayed.
4. In the menu, click on Display > log session list. The Sessions logs page opens.
5. You can filter columns in order to display more specific information if needed.

User Tracking
The User tracking provides a list of all the operations carried out by every user. It allows to track
operations from what was performed to who performed it through:

• two filters that help narrow down the search for operations:
• Rule filter allows to include or exclude the operations carried out by rules
• Services filter allows to search specific operations related to DHCP, IPAM, DNS, Rule,
Group, User, System or Class.
• four columns that help look for specific operations:
• Date to look for operations using their date and time.
• Service to look for operations: an object addition, edition, deletion, etc.
• User to look for the login of the user who performed the operation.
• Description to look for an operation details. For instance, if you edited a subnet name, this
column includes the subnet start and end IP address, its former and new name and all its
containers up the space level.

There are therefore two search methods: through the filters or through the columns. You can
obviously combine them/

In addition, keep in mind that you can grant full access to your groups of users. For more details,
refer to the section Allowing Users to Display All the Operations Performed.

Finally, with version 5.0.3, a new registry database entry provides an Extended User Tracking
version of the page that includes in the Description columns the objects class parameters name
and value. For more details, refer to the section Using the Extended User Tracking Display.

Tracking Users Through the Filters

The page provides different levels of data filtering, you can use the two dedicated drop-down list
to include every operation or only the ones that suit your needs.

871
 Monitoring Tools

Rule Filter

You can carry out searches through the rules. You can either include them to or remove them
from the search result or even only the rule related operations according to your needs.

To list all operations through the rules execution

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on User tracking. The User tracking page opens.
3. Under the menu, in the Rule filters drop-down list select the filter that suits your needs:

• No rules: the result excludes the executed rules. This filter is selected by default.
• All: the result includes the rules related operations.
• Only rules: the result includes only the rules related operations.

4. Click on SEARCH to execute the search.

Once you used this filter, you can use the Service filter to narrow down you search or sort and
filter the columns directly.

Services Filter

You can carry out searches regarding specific services in addition to the Rule filter or separately.
Select the service you want to display in the Services drop-down list and click on SEARCH .

To list all operations related to a specific service

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Monitoring section, click on User tracking. The User tracking page opens.
3. Under the menu, in the Services drop-down list select the service of your choice. For more
details, refer to the appendix User Tracking Services Filter.
4. Click on SEARCH to execute the search.

Tracking Users Through the Columns

The page columns allow to sort and filter all the operations. The Service

Searching for Users

The User column provides a search engine and filter constructor to find users.

To list the operations carried out by a specific user

1. Go to the Administration tab homepage. In the Monitoring section, click on User tracking.
The User tracking page opens.
2. In the User column search engine, type in the name of the user(s) you want to track. You
can also double-click in the field to open the filter constructor and set a filter for several users
at once.
3. Click on SEARCH to display the corresponding user(s).

872
 Monitoring Tools

Searching for Periods of Time

The Date column provides a search engine and filter constructor to find specific dates and periods
of time.

To list the operations carried out at a certain time

1. Go to the Administration tab homepage. In the Monitoring section, click on User tracking.
The User tracking page opens.
2. In the Date column search engine, type in the date or period of time that suites your need.
For more details regarding the possible combinations in this field, refer to the table Available
Commands on Date Related Columns.
3. Click on SEARCH to display the corresponding user(s).

Searching for Specific Data

The Description column provides a search engine that allows you to type in any data. If the said
piece of information has been added, edited or deleted, the filter returns the matching results.
For instance, you can look for a specific IP address as detailed in the procedure below.

To list executed services by an IP address

1. Go to the Administration tab. In the Monitoring section, click on User tracking. The User
tracking page opens.
2. In the Description column filtering field, type in the IP address needed.
3. Click on SEARCH to execute the search.

Searching for Services

The Service column provides a search engine that allows you to type in any service name if you
do not want to use the Services drop-down list filter.

To list executed services by an IP address

1. Go to the Administration tab. In the Monitoring section, click on User tracking. The User
tracking page opens.
2. In the Service column filtering field, type in the service of your choice.
3. Click on SEARCH to execute the search.

Allowing Users to Display All the Operations Performed

By default, the User Tracking page can be accessed by any user. Once logged in, users can see
all the changes they performed.

If you want a user to see the changes performed by all the users, including ipmadmin, you can
grant their group of users the permission User Tracking Display: changes from all the users.

To grant access to all the changes performed on the appliance to a group of users

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.

873
 Monitoring Tools

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the System section, click on the Users, Groups & Rights icon. The Users list opens.
4. In the breadcrumb, click on Groups. The Groups page opens.
5. At the end of the line of the group of your choice, click on . The properties page opens.
6. In the Administration panel of your choice, click on EDIT . The Edit group access wizard
opens.
7. In the Unauthorized services list are displayed the services that are not granted to the group.
Select User Tracking Display: changes from all the users and click on . The service is
moved to the Authorized services list.
8. Click on OK to commit the group permission addition. The report opens and closes. The
page refreshes. In the panel, the Permissions list displays the service.

Once this permission is granted to a group of users, all the users of the group can see the changes
performed by anyone who logged in SOLIDserver and performed operations.

Using the Extended User Tracking Display

You might want to display the class parameters details of your operations on the User Tracking
page, this is called the Extended User Tracking display. To do so, the administrators (ipmadmin
or any member of the group admin) can enable a registry database key dedicated to this display.

To add the extended user tracking display registry key

1. Go the Administration tab homepage. If the homepage is not displayed, click on . The
homepage opens.
2. In the menu, select System > Expert > Registry database. The Registry database page
opens.
3. In the Name column, type in usertracking.show to filter the list. Only the key usertrack-
ing.show.class.parameters is listed.
4. In the Value column, click on 0. The Registry database Edit a value wizard opens.
5. In the Name field, the key name is displayed in a read-only gray field.
6. In the Value field, delete the 0 and replace it with a 1. This value means the key is enabled.
7. Click on OK to commit your changes. The report opens and closes. In the Value column, a
1 is displayed.

Once usertracking.show.class.parameters is enabled, in the User Tracking Description columns

is displayed a new field: Class Parameters .

To display the class parameters details configured for the object you can:

• put your mouse over Class Parameters, an information pop up windows displays all the class
parameters details.
• click on Class Parameters, all the class parameters and their value is displayed on the descrip-
tion field along with all the other object details.

874
 Monitoring Tools

Netstat
SOLIDserver provides a page listing Netstat data. This tool allows to display the open TCP and
UDP ports to monitor active connections on the management appliance. This page displays
several columns:

• Protocol: the protocol name, TCP or UDP.

• Local address: the local appliance IP addresses. That is to say any IP addresses configured
for your physical interfaces (refer to the Network configuration chapter for more details) and
the loopback IP address.
• Local port: the number of the local appliance port through which the connection is made. If
the port is not yet established, an asterisk (*) is displayed.
• Foreign address: the IP address and port number of the remote computer to which the
socket is connected.
• Foreign port: the number of the remote appliance port through which the connection is made.
If the port is not yet established, an asterisk (*) is displayed.
• State: the state of the TCP connection. The different statuses are listed in the table below:

Table 82.5. Netstat Statuses

Status Description
LISTEN The socket is listening for incoming connections.
ESTABLISHED The socket has an established connection.
SYN_SENT The socket is actively trying to establish a connection.
TIME_WAIT The socket is waiting after close to handle packets still in the net-
work.

To access the Netstat listing page

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on System > Expert > Netstat. The Netstat listing page opens.

Database Tables Size

SOLIDserver provides a page that lists the size of all the tables in the database. This list gives
you all the information in one glance as it includes the Table name, Total size (including the index),
Table size and Tuple size columns to even provide you with the size of the data and tuples they
contain.

To access the database tables size listing page

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

875
 Monitoring Tools

3. In the menu, click on System > Expert > Database tables size. The Database tables size
listing page opens.

Vacuum The Database

Members of the admin group can add a rule to periodically vacuum the database. The vacuum
rule reclaims storage occupied by dead tuples to increase performances of the processes related
to users queries.

To add the rule 180

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the menu, select Add > Rule. The Add a rule wizard opens.
4. In the Module drop-down list, select Administration.
5. In the Event drop-down list, select Execution of a scheduled rule.
6. In the Rule list, select (180) Defragmentation DB.
7. In the Rule name, name the rule. That name will be listed in the Instance column.
8. In the Comment field, you can type in a comment if you want.
9. Click on NEXT . The Rule filters page opens.

Set the schedule parameters:

Table 82.6. Scheduled Rules Parameters

Fields Description
Day(s) of the week Select a day or a period of days in the drop-down list. By default,
Every day is selected.
Date of the month Select a date in the drop-down list. By default, Every day is selected.
Month Select a month in the drop-down list. By default, Every month is se-
lected.
Hour Select a specific time or one of the available schedules in the drop-
down list. By default, Every hour is selected.
Minute Select a period of time, minutes-wise, in th drop-down list. By default,
Every minute is selected.

10. Click on NEXT . The Rule parameters page opens.

11. In the Max. wasted space (MB) field, type in the maximum size of wasted space beyond
which a table in the database will be vacuumed.
12. Click on OK to commit your rule addition. The report opens and closes. The rule is listed.

Reports
Within the Administration module, two pages provide the possibility to export a report. For more
details regarding the reports generation, refer to the chapter Managing Reports.

876
 Monitoring Tools

Statistics Reports
From the Statistics page you can generate a report that includes all the charts on this page. For
more details regarding the available charts, refer to the section Statistics.

Statistics chart

Prerequisite: N/A.

Description: Contains all the charts available on the Statistics page. Their content depends on
the time of the generation.

User Reports
From the Users page you can generate a permissions dedicated report. For more details regarding
the Users page, refer to the chapter Managing Users in the part Rights Management of this guide.

Users rights in each group

Prerequisite: N/A.

Description: Contains table displaying all the permissions granted to the selected user(s) through
four columns: the user name, the group(s) of user they belongs to, the objects they have access
to and the actions they can perform on the objects listed.

877
Chapter 83. Managing SNMP Profiles
SNMP profiles are used to collect SNMP data from hosts or other devices running an SNMP or
proxy SNMP agent. SNMP profiles allows you to manage remotely DHCP and DNS services
through the SNMP protocols. For more details, refer to the Managing SNMP services section of
this guide.

By default, SOLIDserver already contains 3 SNMP profiles (standard v1, standard v2c and
standard v3). To edit these profiles, refer to the Edit an SNMP profile section.

Only members of the admin group can manage SNMP profiles.

Adding an SNMP Profile

To add an SNMP profile

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, click on ADD . The Add an SNMP profile wizard opens.
5. In the SNMP profile name field, name the profile.
6. In the Description field, you can type in a description.
7. In the SNMP version drop-down list, select the SNMP version you want to use.
8. Click on NEXT . The next page opens.
9. If you selected the v1 or v2c version of SNMP:

a. In the Read community field, type in the read-only community string that would act as
a password for this profile reading requests. For the preexisting profiles standard v1
and standard v2, the default value is public.
b. In the Write community field, you can type in a write community string that would act
as a password for this profile reading and writing requests. For the preexisting profiles
standard v1 and standard v2, the default value is private.

10. If you selected the v3 version of SNMP, fill in the Read access parameters and Write access
parameters fields according to the table below:

Table 83.1. SNMP v3 Profiles Access Parameters

Parameters Description
User name In this field, type in the user name. This field is compulsory for read
access parameters. For the preexisting profile standard v3, the default
value is default_ipm_user.
Authentication key In this field, type in a key to ensure the authentication of the source.
This field is compulsory for read access parameters. For the preexist-
ing profile standard v3, the default value is default_auth_key.

878
 Managing SNMP Profiles

Parameters Description
Authentication In this field, select the cryptographic hash function used for authentic-
ation: either MD5, SHA or None. This field is compulsory for read ac-
cess parameters. For the preexisting profile standard v3, the default
value is MD5.
Privacy key In this field, if need be, type in the encryption key to prevent snooping
from unauthorized sources.
Privacy In this field, if need be, select the encryption type: either DES or None.
For the preexisting profile standard v3, the default value is DES.

11. Click on OK to commit your creation. The SNMP profiles configuration page is visible again,
your profile is listed in the panel.

Editing an SNMP Profile

To edit an SNMP profile

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, select the SNMP profile configuration you want to edit.
5. Click on EDIT . The Edit an SNMP profile wizard opens.
6. In the Description field, you can type in a description.
7. In the SNMP version drop-down list, select the SNMP version you want to use.
8. Click on NEXT . The next page opens.
9. If you are editing a profile in SNMP v1 or v2c: edit the Read community and/or Write com-
munity fields as needed.
10. If you are editing a profile in SNMP v3, edit the Read access parameters and Write access
parameters as needed.
11. Click on OK to commit your changes. The SNMP profiles configuration page is visible again.

Deleting an SNMP Profile

To delete an SNMP profile

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > SNMP profile configuration. The SNMP profiles configuration
page opens.
4. In the Profiles panel, select the SNMP profile configuration you want to delete.

879
 Managing SNMP Profiles

5. Click on DELETE . A "Do you really want to delete this profile?" message box appears.
6. Click on OK to commit your deletion. The SNMP profiles configuration page is visible again.
The profile has been removed from the SNMP profiles configuration list..

880
Chapter 84. Maintenance Tools
As any other product, SOLIDserver needs to be correctly maintained over time to run smoothly
and reach its maximum performance. Therefore, members of the admin group can use different
advanced tools for precise maintenance purposes. They can for instance, enable or disable the
Maintenance mode to work without interferences on their infrastructures, and they may have to
implement internal changes to the code itself.

Using the Maintenance Mode

The Maintenance mode allows members of the admin group to disconnect non-admin users from
SOLIDserver during maintenance work. Enabling the Maintenance mode can be useful when
reorganizing the network infrastructure or modifying services configuration as users intervention
may affect the administrators actions.

Note
Enabling the maintenance mode does not interrupt network services.

Keep in mind that once enabled, the users that are not part of the admin group will not able to
log in and that a red banner message will be displayed above the menu of every page of
SOLIDserver. Only one wizard allows you to enable or disable the mode.

To enable/disable the maintenance mode

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Maintenance Mode. The Enabled/Disabled mainten-
ance mode wizard opens.
4. Click on OK to enable or disable the Maintenance mode. The report opens and closes. The
Administration tab homepage is visible again.

If you just enable the mode, an alert message appears in red under the menu bar. All the
users that are not members of the admin group have been disconnected.

If you just disabled the mode, the alert message disappears and standard users can connect
to SOLIDserver again.

Updating the Macros and Rules

Upon addition of macros and rules, mostly for customization purposes, the appliance must take
the new files into account . Therefore, members of the admin group might have to register the
new macros and rules into the system. This action is usually supervised by the EfficientIP support
team.

To update the macros and rules

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.

881
 Maintenance Tools

2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Register new macros/rules. The Register all the
latest macros and rules wizard opens.
4. Click on OK to commit the update. The report opens and closes. The Administration tab
homepage is visible again.

Clearing the Appliance Cache

In case of internal changes in SOLIDserver code, the application of hotfixes for instance, members
of the admin group may be brought to reload the file system cache. This action is usually super-
vised by the EfficientIP support team.

To activate the maintenance mode

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select System > Expert > Clear SOLIDserver cache. The Clear SOLIDserver
cache wizard opens.
4. Click on OK to commit the clearing of the cache. The report opens and closes. The Admin-
istration tab homepage is visible again. Any internal modification of the code has been taken
into account.

882
Chapter 85. Local Files Listing
The Local Files Listing page is a powerful tool that displays all types of files uploaded or simply
stored locally on the appliance. All the files are separated among 6 categories: Local, TFTP,
Logs, Config files, Custom images and Custom WSDL. This diaplay allows to ease up their
management.

From each of these pages, you can upload, download and delete local files. For more details,
refer to the Managing Local Files Listing Files section below.

Understanding the Local Files Listing

All six filters share a common set of columns even though the files they contain are all different.

Understanding the Page Display

The Local Files Listing page is composed of the same set of columns for all filters except the
Custom WSDL.

Table 85.1. Local Files Listing Page Columns

Column Description
Name Displays the entry name and extension if relevant. It is underlined
as you can display a directory content or download a file.
Type Displays if the entry listed in a File or Directory.
Mode Displays the entry permissions.
Owner Displays the entry owner i.e. the user logged when the entry was
generated.
Group Displays the file or directory group.
Size Displays the file or directory size in B, kB or MB.
Last Modified Displays the month, day, date and time of the last update of the
entry or its upload date.

Local Page
This list displays all the files stored locally in the appliance. It includes:

• the files exported from the Export > Report menu. Their extension will depend on the chosen
export file: .csv, .html, .xml, .xls or .pdf. For more details, refer to the Exporting Data chapter
of this guide.
• the reports generated from the GUI. Their extension will depend on the chosen file format:
either .html or .pdf.
• the sysaudit.log file that stores in real time all the appliance system information (memory use,
partition, netstats, etc). To download this file, refer to the Downloading Files section below.
• the network devices captures. The captures extension is .pcap. For more details, refer to
the Making a Network Device Snapshot section of this guide.
• the corrupted configuration files that triggered a Locked synchronization. For more details,
refer to the DNS Locked Synchronization Status section of this guide or to the DHCP Locked
Synchronization Status section of this guide.

883
 Local Files Listing

• the troubleshooting dump files generated from the Administration homepage. The dump
extension is .tar, for more details refer to the Troubleshooting Dump section of this guide.

TFTP Page
This list displays all the files uploaded locally, available for download, and the files uploaded re-
motely via TFTP. For more details, refer to the Managing the TFTP Upload Authorizations section
of this guide.

Logs Page
This list displays all the appliance log files in alphabetical order. To browse their content, go to
the Logs visualization page. For more details, refer to the Logs Visualization section of this guide.

Config files Page

This list displays all the servers configuration files generated from the Services configuration
page. For more details, refer to the Downloading the DNS/DHCP/DHCPv6 Configuration File
section of this guide.

Custom images Page

This list displays all the images that you uploaded to customize SOLIDserver login and home
pages. For more details, refer to the Uploading an Image to SOLIDserver section of this guide.

Custom WSDL Page

This list displays all the WSDL files available for the webservices management of the appliance.
For more details, refer to the Custom WSDL File Configuration section of SOAP Reference Guide.

Managing Local Files Listing Files

From all the lists of the Local Files Listing page you can download, upload and delete files. The
Custom WSDL page contains set of specific options that are all detailed in SOAP Reference
Guide.

Uploading Files
From any page of the Local files Listing you can upload files. This upload is updating the appliance
local database from the GUI.

To upload a file to the local files listing page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. In the menu, select Tools > Upload file. The Import a file wizard opens.
5. Click on BROWSE to select the file to upload from your local file system.

884
 Local Files Listing

6. Click on OK to commit the import. The report opens and closes. The file has been imported
to the Local files listing.

Downloading Files
Any file listed on the Local Files Listing can be downloaded to your local computer from the GUI.

To download a file from the local files listing page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. In the Name column, filter the list if need be.
1
5. Click on the name of the file of your choice to download it .

Deleting Files
From any page of the Local files Listing you can delete files from the appliance local database.

To delete a file from the local files listing page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Maintenance > Local files listing. The Local files listing page opens
filtered through the Local bullet under the menu.
3. Under the menu bar, tick the bullet of your choice. The corresponding list appears.
4. Filter the list if need be.
5. Tick the file(s) you want to delete.
6. In the menu, select Edit > Delete file(s). The Delete file wizard opens.
7. Click on OK to commit the deletion. The report opens and closes. The file is no longer listed.

1
Depending on your browser, you might download the file right away or be offered the possibility to open the file or save it.

885
Chapter 86. Troubleshooting
Troubleshooting is a logical and systematic search for the source of a problem. It is needed to
develop and maintain complex systems where symptoms can have many possible causes.

Before Troubleshooting
There is set of simple checks that might help you avoid a troubleshooting. These checks are often
overlooked in times of functional problems when they should be an administrator reflex.

1. Make sure that the appliance and the objects its manages are at the time, if not set the
appliance time through the interface.

Typically, if your appliances and the servers it manage are not the same time, you will encounter
management problems: the DHCP will be the first impacted with the leases, the DNS will in
time be impacted as well especially if you set time check keys for the zones. We recommend
that you set the Time & Date through the interface Preferences menu or through the NTP
server. We strongly advice against setting the time through CLI because it might make
SOLIDserver crash, disrupt your services, trigger errors in the logs... If you do it anyway, restart
SOLIDserver to make sure that all the services impacted by the time change are restarted and
all at the same time.
2. Make sure there is no Multi-Managemenet of your DNS and DHCP physical servers.

Through the smart architectures, you can manage the servers of your choice so make sure
you did not add and manage twice the same server in two different smart architectures. Every
minute the smart architecture will check that its configuration is pushed to the physical server,
if not it pushes it again. So if one physical server is managed through two different architectures
every minute a configuration is pushed and then overwritten by the other smart architecture.

Troubleshooting Guidelines
Determining what might be the causes of a dysfunction is often a process of elimination.
Troubleshooting also requires confirmation that the solution restores the system to its working
state.

The following guidelines give a generic overview of troubleshooting, and since each case is dif-
ferent, you might need to vary your approach to the problem.

How to troubleshoot your system

1. Confirm the presence of a backup in case of service interruption. You might need the
backup file to restore the previous stable version of your system. However, restoration will
overwrite the changes made between the time of the backup and the time of the crash, so
this would be the very last resort. For more details, refer to the Backup and restoration
chapter.
2. Isolate the malfunctioning behavior to pinpoint what services or components are affected.
3. Inspect the status indicators that can highlight a dysfunction.
4. Inspect connections to any attached devices and check their power sources.
5. Review the network and services configuration. For more details, refer to the System
configuration part.

886
 Troubleshooting

6. Check if the issue is not due to the customer background, i.e the customer's use of the
services, operating system, network topology components and levels of software that were
running when the incident occurred.
7. Check the product logs. Do not hesitate to check the DNS logs, DHCP logs, PostgreSQL
logs, the management logs as well as the system logs. For more details, refer to the Logs
visualization section.
8. Check the system logs. Do not hesitate to check the sysaudit.log file, available on the
Local Files Listing page. For more details, refer to the Local Files Listing chapter of this
guide.
9. Use the troubleshooting tools described in the section below.
10. Check for any improvement until complete restoration of the system after every step
in the troubleshooting process.

If the problem remains, do not hesitate to contact the support team with all the information you
will have collected. The set of files that will be needed include: the network capture file, the
troubleshooting dump file and the last system backup.

Troubleshooting Tools
SOLIDserver provides members of the admin group with two ways of analyzing the system in
case of a crash. The troubleshooting dump tool allows to retrieve DNS, DHCP and system debug
information while making a network capture that indicates the DHCP or DNS traffic on a given
duration. Both methods are complementary.

Network Capture
The network capture tool allows to capture packets on a given duration, i.e the actions made
through the appliance interface(s), to analyze DHCP and DNS traffic. When you run this utility,
the archive file containing all the traffic information will be available in the directory listing module
in the .pcap format.

To perform a network capture

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, click on Tools > Network capture. The Perform a network capture wizard
opens.
3. In the Predefined drop-down list, you can select one of three options described in the table
below:

Table 86.1. Predefined Field Available Options

Option Description
Custom Select this option to scan both the DNS and DHCP traffic. Custom is se-
lected by default.
DHCP traffic Select this option to scan the DHCP traffic. The Port field will be automat-
ically filled with 67.
DNS traffic Select this option to scan the DNS traffic. The Port field will be automat-
ically filled with 53.

887
 Troubleshooting

4. In the Interface drop-down list, select the interface for which you want to capture packets.
It can either be DEFAULT_INTERFACE or the DHCP_INTERFACE.
5. In the Port field, you can specify the port for which you want to capture packets.
6. In the IP address field, you can specify the IP address for which you want to capture packets.
7. In the Protocol drop-down list, you can specify the protocol, either udp, tcp or both (Any).
8. In the Duration drop-down list, you can specify the duration of the capture, either 10s, 30s,
1mn, 2mn or 5mn.
9. Click on OK to perform the network capture you just configured. The report opens and closes.
The Administration homepage is visible again.

The .pcap file containing all the traffic information is available on the Local files listing page ac-
cessible through the menu Maintenance > Local files listing on the Administration homepage.

Troubleshooting Dump
The troubleshooting dump tool allows to retrieve DNS, DHCP and system debug data. When you
run this utility, the archive file containing all the debug information will be available in the directory
listing module in the .tar format.

Only members of the admin group have access to the troubleshooting dump tool.

To run the troubleshooting dump tool

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, click on Tools > Troubleshooting dump. The Troubleshooting dump wizard
opens.
4. Tick the checkbox(es) of your choice: Retrieve DNS information, Retrieve DHCP information
or Retrieve system information to copy the corresponding debug information in the
troubleshooting dump file.
5. Click on OK to commit your file configuration. The report opens and closes. The Administra-
tion homepage is visible again.

The archive containing the debug data is available on the Local files listing page accessible
through the menu Maintenance > Local files listing on the Administration homepage.

888
Chapter 87. Backup and Restoration
EfficientIP recommends that you regularly backup SOLIDserver. In order to help you perform
this maintenance operation, SOLIDserver includes automatic backup and version management
mechanism. The backup process can either be scheduled or triggered on demand.

The backup files will be stored on the appliance itself, but you can also decide to store the backup
files on a remote FTP server. For ease of use and to prevent confusion, binaries, system and
log files are not included in the backup stored on the appliance. Still, they can be restored separ-
ately either when you reinstall SOLIDserver or when you update the system.

DNS, DHCP and System logs can be included in the backup created on the remote archive.

Note
SOLIDserver automatically generates a new backup before each upgrade thus allow-
ing you to revert back its data and configuration.

Browsing the Backup Database

To display the list of backup files

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.

The Local backup files panel displays the following details:

• The list of the backup files available on the appliance.

• Hour of backup : time of the daily backup if the process has been scheduled.
• Retention duration : number of days beyond which a backup is automatically deleted from
the database.

The Remote archive panel displays the following details:

• FTP server: displays the address or hostname of the remote FTP server storing the backup
files.
• FTP directory: displays the remote FTP server directory where the backup files are stored.
• FTP login: displays the login used to connect to the remote FTP server.
• Mode: displays the mode used to connect to the remote FTP server, either Active or Passive.
• Log DNS: indicates if the DNS logs are included in the remote backup. The value can be either
yes or no.
• Log DHCP: indicates if the DHCP logs are included in the remote backup. The value can be
either yes or no.

889
 Backup and Restoration

• System Log: indicates if the System logs are included in the remote backup. The value can
be either yes or no.
• Retention duration : displays the number of days beyond which a backup is automatically
deleted.

Creating an Instant Backup

You can create an instant backup of the whole system configuration on demand. An image of
the system will be generated and stored on the appliance. Each image can be then used to store
the configuration of a SOLIDserver, which allows you to reload a previous backup in case of a
revert back procedure.

Caution
Creating an instant backup during the enrollment of a Hot Standby appliance in High
Availability may trigger an error.

To create an instant backup on demand

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the menu, select Tools > Create instant backup.The Create instant backup wizard opens.
5. Tick the Exclude all the reports box if you only want to save the configuration and certification
files.
6. Click on OK to commit the backup generation. The report opens and works for a while. Once
the backup is generated, it is listed in the Local backup file panel and named solid-<host-
name>-<year><month><day>- <hour><minutes>.gz.

Once generated, you can download your backup if need be.

To download a backup file

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the Local backup file panel, select the backup file of your choice.
5. Click on DOWNLOAD . Depending on your browser, you might have an instant download of the
backup file (in the Download folder of your browser) or a window might open to allow you to
choose the target folder.

890
 Backup and Restoration

Scheduling the Backup

The backup process can easily be scheduled to run everyday at the same hour and the backup
files can be stored for a limited or unlimited number of days. This allows you to maximize the
disk space of your appliance by scheduling the automatic deletion of obsolete backup files.

To schedule a daily backup and a backup rotation

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon. The Backup parameters page opens.
4. In the menu, select Edit > Local backup files or in the Local backup files panel, click on
EDIT . The Archive backup parameters wizard opens.

5. In the Hour of backup drop-down list, select the hour when you want to generate the daily
backup.
6. In the Retention drop-down list, select the number of days beyond which a backup should
be automatically deleted.
7. Click on OK to commit your changes.

Archiving the Backup Files on FTP

In addition to the backups stored on the appliance, SOLIDserver allows you to archive a copy of
these files on a remote FTP server. Backups saved on an FTP server can also be set to include
the DNS, DHCP and System logs. Finally, SOLIDserver is able to clear the backup files directly
from your FTP server if you specify a number of days beyond which they should be automatically
deleted.

To configure the remote FTP archive

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon, a new page is displayed.
4. In the menu, select Edit > Remote archive or in the Remote archive panel, click on EDIT .
The Archive server parameters wizard opens.
5. Configure the remote FTP archive using the table below:

Table 87.1. Backup Archiving Parameters

Fields Description
FTP server Defines the address or the host name of the FTP server.
FTP directory Defines the directory where the backup files will be stored.
FTP login Defines the login account used to connect to the FTP server.
FTP password Defines the password used to connect to the FTP server.

891
 Backup and Restoration

Fields Description
Mode Defines if the FTP works in Active or Passive mode.
DNS/DHCP/System Tick the related box if you want to save the DNS, DHCP and/or
System logs on the FTP server.
Retention In this drop-down list, select the number of days beyond which a
backup should be automatically deleted from the FTP server.

6. Click on OK to commit your changes. The report opens and closes. The Backup parameters
refreshes and displays the FTP server you just configured.

Restoring a Configuration
You can restore a backed up configuration through SOLIDserver GUI. Before going further, you
need to know the name of the backup file and its version number. That's why each new backup
generates an increment number that concatenates the date and hour as follows: solid-<hostname>-
<year><month><day>- <hour><minutes>.gz.
1
Keep in mind that a backup file contains both the appliance data and the appliance system con-
2
figuration . You can choose to restore only the data if you want.

Warning
You cannot restore a backup on an appliance set in high availability. You need to
disable the high availability, restore the backup on a Standalone appliance and then
configure the high availability again.

To restore a backup file

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the Maintenance section, click on the Backup / Restore management icon. The Backup
parameters page opens.
4. In the Local backup files panel, select the backup file you want to restore.
5. Click on RESTORE . The Restore a backup file wizard opens.
6. If you want to restore the backup system configuration, tick the Restore the system config-
3
uration box . If you do not tick this box, the backup data will be restored but the current
system configuration of the appliance will be kept.
7. Click on OK to commit your restoration.

In order to restore a backup configuration from a backup configuration file located outside
SOLIDserver, you have to upload it first on the local SOLIDserver file system, and then restore
it.

1
This data includes all the rules: they are collected during the backup generation.
2
The system configuration includes your network configuration (hostname, DNS resolver, firewall configuration, default gateways, de-
fault/static route configuration) and services configuration (services status, xfer account settings, SNMP communities) at the time of
the backup generation.
3
Tick the box if you are restoring a backup using an NSD or Unbound Hybrid server.

892
 Backup and Restoration

To upload a backup file

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Backup / Restore management icon,. The Backup parameters page opens.
4. In the menu, select Tools > Upload a backup file. The Upload SOLIDserver backup wizard
opens.
5. Click on BROWSE to select the image to upload from your local file system.
6. Click on OK to commit your upload. The backup file is now listed in the Local backup files
panel.

893
Chapter 88. Upgrading
You can manually perform software upgrades for your SOLIDserver appliance. To get the latest
upgrades you need a network access to Internet and an account to the EfficientIP download
portal: http:\\downloads.efficientip.com. Before upgrading your SOLIDserver, check that your li-
cense key allows you to run the new version of the upgrade you are applying. The current version
of a SOLIDserver is displayed on the Licenses page. To open it, go the Administration homepage
and in the menu, select System > Licenses.

Note
SOLIDserver automatically generates a new backup before going through with any
upgrade. For more information on backup, please refer to the Backup and Restore
chapter below.

Upgrading a SOLIDserver
The upgrade can take a while as it performs the following:

1. save a backup of the appliance database at the time of the upgrade.

2. reboot the appliance.
3. upgrade the appliance version and database schema.
4. restart the appliance.

If you are upgrading an appliance in High availability, refer to the section Upgrading Appliances
in High availability of this guide.

If you are upgrading a remotely managed appliance, refer to the section Upgrading Remote
Appliances through the All SOLIDserver list of this guide.

To upgrade a SOLIDserver appliance

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. Click on the Upgrade icon, the Upgrade SOLIDserver wizard opens.
4. Click on BROWSE to select the file containing the SOLIDserver image in the version of your
choice.
5. in the File name field, the file is displayed once retrieved.
6. Click on UPGRADE to commit the upgrade. The wizard will work for a while: it displays a pro-
gression bar that informs you of the tasks being performed. The last step is Upgrade finished.
Rebooting SOLIDserver.

1. Do not stop the appliance and the process during the upgrade.
2. The wizard displays a progression bar that informs you of the tasks being performed. The
last step of the Master upgrade is Upgrade finished. Rebooting SOLIDserver.

894
 Upgrading

7. Click on CLOSE to go back to the Administration homepage. The appliance reboots. Once
done, you can access it again.

Running the Post-Migration to Update the Database

After a migration, we strongly recommend that the members of the admin group run the post-
migration macro to update the database entries. This will format their content to be compatible
with the new version of the system.

To ensure a clean migration, the macro should be run until no error is found. Each error will have
to be corrected by the administrator.

To update the database entries after an upgrade

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Maintenance > Post-Migration. The Migration - Update DB entries wizard
opens.
4. Click on OK to run the macro. The report opens and displays any error found in the database
entries.
5. Click on CLOSE to go back to the Administration homepage.

Correct each error, and rerun the post-migration procedure until no error remains, as many time
as needed.

895
Chapter 89. Custom DB
CustomDB is a tool of the Administration module that allows members of the admin group to
create as many custom databases as you want. They are directly embedded in SOLIDserver
and will contain a maximum of 10 pieces of information named Label in the GUI.

Customized databases can be created, deleted and edited at any time.

By default, a custom DB named Vendor is already installed.This database is used by SOLIDserver

in order to link MAC address and the Vendor of the Ethernet card together. It cannot be modified.
This is an example of what a customDB could be.

Keep in mind that the Custom databases can come in very handy when it comes to configuring
in a number of classes through the addition of select, multiple select or Autocompletion class
objects for instance. For more details, refer to the chapter Class Studio.

Browsing Custom DB
Custom DB is divided into two pages: one displaying the databases themselves and the other
displaying the data of each custom database.

Browsing Custom DB Database

To display the list of custom databases from the icon

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.

To display the list of custom databases from the menu

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select Customization > Custom DB. The Custom database page opens.

To display a custom database properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. At the end of the line of the custom database of your choice, click on . The properties page
opens.

On the properties page, the Main properties panel displays the Custom database name, Type,
Description and labels it contains.

896
 Custom DB

Note
The default Vendor custom database is the only database in Read only. It cannot
be edited at all.

Browsing Custom Data

To display the list of custom data

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. In the breadcrumb, click on Custom data. The Custom data page opens.

To display the list of custom data of a specific Custom DB

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. In the Name column, click on the name of the custom database of your choice to display the
data it contains.

To display a custom data entry properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Custom DB icon. The Custom database listing
page opens.
3. At the end of the line of the entry of the custom data of your choice, click on .The properties
page opens.

On the properties page, the Main properties panel displays the name of the Custom database
it contains along with the defined labels and their value.

Adding a Custom DB
To add a custom db

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the menu, select Add > Custom database. The Create a custom DB wizard opens.
5. Fill in each field as describe below:

897
 Custom DB

Table 89.1. CustomDB creation parameters

Fields Description
Database name Choose a name for the custom DB you are creating. This field
is compulsory.
Type Define the database type.
Description Describe the database. This field is optional.
Label 1 to Label 10 Name the columns of your custom database.

6. Click on OK to commit the database creation.

Editing a Custom DB
Warning
Do not edit a database name if it is already used.

To edit a custom db

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the Name column, put your mouse over the name of the database you want to edit. Click
on . The Edit custom database wizard opens.
5. Edit each field according to your needs following the table below:

Table 89.2. CustomDB parameters

Fields Description
Name Choose a name for the custom DB you are editing. This field
is compulsory.
Type Define the database type.
Description Describe the database. This field is optional.
Label 1 to Label 10 Name the columns of your custom database.

6. Click on OK to commit your changes. The wizard refreshes and closes. The changes are
displayed in the list.

Deleting a Custom DB
To delete a custom db

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.

898
 Custom DB

3. In the list, tick the custom database that you want to delete.
4. In the menu, select Edit > Delete. The wizard opens.
5. Click on OK to remove the selected custom db.

Configuring a Custom DB with Custom Data

Once a custom database is created, it is empty and you must add custom data. You can add
and create it or import it. When your database contains everything you need, you can use it
within classes and apply it to the resource that suits your needs. For more details,n refer to the
chapter Class Studio.

Adding Data in a Custom DB

To add data in a custom db

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.
3. In the list, click on the name of the custom database in which you want to add data. A new
list appears.
4. In the menu, select Add > Custom data. The Add custom data wizard opens.
5. Fill the Value field   there are 9 other fields, all optional.
6. Click on OK to add the new entry to the current custom data list.

Editing the Data of a Custom DB

Warning
Do not edit a database name if it is already used.

To edit custom data

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
3. In the menu, select Customization > Custom DB. The Custom database page opens.
4. In the Name column, click on the name of the custom database of your choice to display the
data it contains.
5. In the Name column, put your mouse over the data you want to edit. Click on . The Edit
custom data wizard opens.
6. Edit the value of the labels you already set if need be.
7. Click on OK to commit your changes. The wizard refreshes and closes. The changes are
displayed in the list.

899
 Custom DB

Deleting Data From a Custom DB

To remove data from a custom db

1. If you are not connected to SOLIDserver yet, log in using a superuser account login and
password.
2. Go to the Administration tab. If the homepage is not displayed, click on . In the Customiz-
ation section, click on the Custom DB icon.
3. In the list, click on the name of the custom database in which you want to delete data. A new
list appears.
4. In the list, tick the entries that you want to remove from the custom database.
5. In the menu, select Edit > Delete. The wizard opens.
6. Click on OK to remove the selected entries.

Importing Custom Data

Once you created a custom DB, you can import its content through a CSV file import. For more
details, refer to the chapter Importing Data in the Global Policies part of this guide.

900
Chapter 90. Class Studio
Class Studio is a powerful customization tool of the Administration module that allows members
of the admin group to create classes that will tailor SOLIDserver to their needs when it comes to
provisioning their network.

In SOLIDserver, every type of resource (IPAM pools, VLAN domains, DHCP ranges...) is associ-
ated with a default and a global class. Default classes can neither be deleted nor edited, while
global classes can be edited but not deleted.

In addition to these preexisting classes, members of the admin group can also add customized
classes. Just as global classes, they allow tailoring the Add/Edit wizards but also offer more
management possibilities. For instance, several customized classes can be created for a same
type of resource. They can also be renamed, duplicated and moved from a directory to another,
or most notably, from a resource to another.

Classes can be applied to the following types of resources:

Table 90.1. Class Applicable Resources

Module Types of resources
Administration Members (SOLIDserver appliances).
DHCP Servers, scopes, ranges, groups and statics; both in IPv4 and IPv6.
DNS Servers, views and zones.
Device Manager Devices and Ports & interfaces.
IPAM Spaces, Blocks, Subnets, Pools and Addresses; both in IPv4 and
IPv6.
NetChange Network devices and ports.
Rights & delegation (Admin- Groups and users.
istration)
SPX (IPAM) Autnums.
VLAN manager VLAN domains and ranges.
VRF (IPAM) VRFs.
Workflow Requests (Outgoing requests).

Browsing Class Studio

SOLIDserver displays its classes in a list. You can only display Class Studio listing page from
the Administration tab homepage.

Figure 90.1. Class Studio listing page

Every class listed contains its own database: a set of objects that define its behavior.

901
 Class Studio

Browsing Class Studio Database

To display the list of classes

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.

By default, Class Studio displays as many global and default classes as there are resources
within SOLIDserver. The page columns are described in the table below:

Table 90.2. Class Studio Columns

Column Description
Name This column displays the class name. It might be set to default,
global, or defined by the user in the case of customized classes.
Only customized classes can be renamed. For more details refer to
the Understanding Classes chapter of this guide.
Directory This column displays the directory in which the class is located. A
directory can only be created upon addition of a class. Still, a class
can be moved from one directory to another at any given time.
Module This column displays the module of the resource for which the class
is set. A class can only be moved from a module to another when
not in use.
Type This column displays the type of resource for which the class is set
(DHCP groups, DNS servers, etc...). A class can only be moved
from a type of resource to another when not in use.
Template This column displays whether the class is enabled as a template or
not. Its value can be yes or no. For more details refer to the Man-
aging IPAM Templates chapter of this guide.
Last modified This column displays the time and date of the last modification made
on the class.
Status This column displays whether the class is Enabled or Disabled.
When disabled, a class is neither applied nor proposed for applica-
tion.

To display a class properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. At the end of the line of the class of your choice, click on . The class properties pages
opens.

Browsing the Classes Database

The classes database is available through a pop-up window that allows to add and edit the various
class objects used to configure classes. It basically is, in essence, a class configuration tool.

902
 Class Studio

This pop-up window, named Class Editor, opens when clicking on any of the class name listed
on Class Studio listing page. It is divided vertically to display: on the left a creation panel and
on the right the list of class objects. You can sort these objects using the drop-down list.

Figure 90.2. Class Editor Pop-up Window

To access Class Editor from Class Studio listing page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the name of the class you want to edit. Class Editor pop-up
window opens: it is named Class Editor (<hostname>/<user>). The class name is displayed
at the end of the URL field as such: <class_name>.class

Accessing Class Editor through Class Studio listing page allows you to edit any customized or
global class. You can also load the global class of a specific resource straight from its All <re-
sources> listing page.

To access Class Editor from a resource listing page

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the icon of the resource of your choice. The related listing page opens.
3. In the menu, select Settings > Customize user fields. Class Editor opens and displays the
chosen resource global class objects.

Understanding Class Studio

Class Studio is a page of the Administration module dedicated to creating and managing highly
personalized classes for SOLIDserver.

A class can be seen as a profile for the Add/Edit wizards of SOLIDserver resources (IPAM subnets,
DNS zones, DHCP servers, etc...). Once a class is applied to a resource or type of resource, the
related wizards will include new fields that can be used to specify additional information. For ex-
ample, members of the admin group can add a field called "City", that can be prefilled or not, to
some or all the Add/Edit a subnet wizards. In the example below, the class data of the
"Headquarter" subnet refers to the user defined field "City" and the object value "Chicago".

903
 Class Studio

Figure 90.3. Example of the User defined Field "City"

Besides simple input fields, Class Studio offers various options to customize managed resources.
Class Editor includes a large library of class objects (formerly WDOM objects) ranging from
checkboxes to multi-entries drop-down lists and hidden data, which values can be manually set
or automatically retrieved.

Classes can even be combined using the Include class object, for more details refer to the Con-
figuring Classes with Class Objects section of this chapter.

Finally, members of the admin group can add columns to any listing page in order to display
which classes or class parameters are applied on certain resources. For more details refer to the
Customizing the List Layout section of this guide.

Caution
To edit classes, your browser must allow pop-up windows.

Understanding Classes
Classes are of three kinds, default, global and customized classes and can be applied to any
resource or type of resource provisioned in SOLIDserver. These do not include non-editable re-
sources such as VRF Route Targets, RRs, VLANs or discovered items.

• Default classes are associated with every type of resource by default and correspond to default
behaviors. They are always running and cannot be edited nor deleted. For more details, refer
to the Default behaviors chapter of this guide.
• Global classes are by default associated with each type of resources as well. Class objects
defined for a global class are automatically integrated to all the items of the resource it is set
for. For instance, user defined fields configured for the global class of subnets will automatically
appear in the Add/Edit wizards of every subnet. Unlike the other classes, the global classes
does not need to be selected manually at the beginning of the addition and edition wizards of
a resource: this class configuration is automatically displayed.
• Customized classes refer to all the classes created by members of the admin group. Once
set and enabled, you will need to select the classes you want to apply to a type of resource.
Indeed, a class dedicated page will appear in the addition and edition wizards and allow you
to select manually and individually in the <resource> class list, the class of your choice. Of
course, applying a class to a resource is not compulsory and you can always select None.

904
 Class Studio

Figure 90.4. Example: "Subnet Class" Page From the Add a Subnet Wizard

Understanding Class Objects

Class Studio provides a set of class objects that allow the members of the admin group to configure
the classes and therefore customize the addition and edition wizards with pages, comments,
lines, images, checkboxes, drop-down lists and/or input fields. These objects can be prefilled
with manually set or automatically retrieved values.

Note
Object values set for a resource are automatically inherited by the objects it contains.
For instance, if the value "Chicago" is set for a block through an input field "city", it
is automatically inherited by the subnets it contains if said subnet also possess an
input field named "city".

For each class, Class Editor gathers class objects in groups that correspond to their level of use.
These groups can be selected one by one through the drop-down list, each group is briefly de-
scribed in the tables below. Keep in mind that each object fields described in these tables is
displayed in the addition and edition wizard of the resource of your choice only and only if they
were configured in an enabled class that has been selected on the class dedicated page of said
wizard.

Most used objects refers to the most frequently used objects that are embedded into classes by
members of the admin group, independently of the module they are used in.

Table 90.3. Most Used Objects

Fields Description
Input Displays an input field that allows users to add data on one line.
Select Displays a drop-down list that allows users to add data from a list of
manually set or automatically retrieved values. These values can come
from a CSV file, a service list or a custom DB.
Comment Displays a Notice, Warning or information message that will contain the
information of your choice.
Text area Displays a large input field that allows users to add data on several lines,
it can contain up to 3600 characters.

905
 Class Studio

Fields Description
Horizontal separator Displays a colored line, either red, green or blue, that allows to separate
and organize the class fields according to your needs.
Jump to page Splits the wizard in several pages, it therefore adds a NEXT button at
the bottom of the page.

Classes and class objects can be applied to any resource, but some objects might prove more
useful in certain modules. For instance, some objects are more specific to the IPAM resources
and gathered in the IP address management group, they are listed in the table below:

Table 90.4. IP address Management Objects

Fields Description
Hide IP alias Allows to hide the alias request page when assigning an IP address.
For more details, refer to the Configuring IP Address Aliases section of
this guide.
Subnet gateway Allows to set a positive or negative offset to automatically configure the
gateway from an IP address when adding or editing a subnet.
Force prefix Allows to force a prefix on a subnet.

Like the IPAM, the DHCP comes with a set of DHCP management objects that allows to associate
DHCP resources between them and set more advanced options:

Table 90.5. DHCP Management Objects

Fields Description
Select DHCP server Displays a drop-down list containing all the DHCP servers managed by
SOLIDserver.
Select DHCP scope Displays a drop-down list containing all the DHCP scopes managed by
SOLIDserver.
Select DHCP range Displays a drop-down list containing all the DHCP ranges managed by
SOLIDserver.
Select DHCP static Displays a drop-down list containing all the DHCP statics managed by
SOLIDserver.
DHCP options Displays a large set of DHCP options. For more details, refer to the
DHCP Options appendix of this guide.

DNS management objects also aim at customizing the DNS resources wizards, especially asso-
ciate them with other resources whether they come from the same module or not:

Table 90.6. DNS Management Objects

Fields Description
Select DNS server Displays a drop-down list containing all the DNS servers managed by
SOLIDserver.
Select DNS zone Displays a drop-down list containing all the DNS zones managed by
SOLIDserver.
Select DNS domain Displays a drop-down list containing all the DNS domains managed by
SOLIDserver.

906
 Class Studio

Class Editor provides members of the admin group with other useful class objects. Selecting All
Objects in the drop-down list displays all the objects described in the tables above plus the fol-
lowing ones:

Table 90.7. All Objects Remaining Objects

Fields Description
Autocompletion Displays an input field that can be configured to provide suggestions or
automatic data completion through predefined values.
Checkbox Displays a customizable checkbox.
Counter Displays an incremental counter.
Force class Forces a class on every resource of a container.
Force VLSM Allows to force the VLSM status of all subnets created to non-terminal.
This class object can be applied to spaces, blocks or subnets.
Hidden data Allows to hide one of your class objects when configuring a class. The
value of the field will be set for the resource but not displayed in the
addition and edition wizards.
Icon Allows to associate an icon to a class. This icon appears next to the
class name when displayed in the Class column of a listing page.
Include class Allows to embed another class objects to your class.
Multiple input Displays a text area allowing to store several values defined through a
preexisting Input field placed above it.
Multiple select Displays a drop-down list and a text area to select and store multiple
values at the same time. These can be fixed values or value automatic-
ally imported from a CSV file, a service list or a custom DB.
Objectname Sets some naming convention rules for a resource (E.g. Block name =
<country>-<block_number>).
DHCP shared network Displays a drop-down list containing all the scopes that can be used as
shared networks.
Predefined variable Predefined variables can be seen as full-fledged class objects with only
one value and purpose.
Upload file Displays a button and a field that allows uploading a files stored on a
local computer to the tmp folder of the appliance.

For more details on a class object, refer to the Adding Class Objects procedure that suits your
needs.

Adding Classes
Given that editing a global class automatically affects all the objects the class is set for, members
of the admin group can create specific customized classes that will be applied individually and
manually to any set of resources through the addition and edition wizards.

To add a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.

907
 Class Studio

3. In the menu, select Add > Class. The Add a new class wizard opens.
4. Fill in the following fields:

Table 90.8. Class Addition Parameters

Fields Description
Filename In this field, name your class. The name cannot contain any special
characters. This field is compulsory.
Sub directory In this field, you can fill in the directory where you want to save your
class. If it does not exist, it will be created. On the wizards class se-
lection page, classes placed in a directory will be displayed as such:
<directory>/<class>. This field is optional.
Module In this drop-down list, select the module of the resource for which
you want to set the class. This field is compulsory.
Type In this drop-down list, select the resource for which you want to set
the class. This field is compulsory.
Enable class Tick this check box if you want to enable the class upon creation. If
a class is not enabled, it will neither be integrated nor proposed in
the related wizards. This field is optional as you can enable it later
on, for more details refer to the Using Classes below.

5. Click on OK to commit your creation. The report opens and closes. The class is listed.

Once a class is configured for a resource, it must be enabled to function properly. For global
classes, this results in their class objects automatically integrated to the resources they are set
for. For customized classes, enabling a class makes it available in the class selection page of
the resource addition and edition wizards. For more details, refer to the Using classes section of
this chapter.

A class is empty by default, whether it is a global or a customized one. Once created, members
of the admin group can click on a class name to add and configure class objects for these classes
through Class Editor . For more details, refer to the Configuring Classes section of this chapter.

Caution
To edit classes, your browser must allow pop-up windows.

Editing Classes
Classes can be duplicated, renamed or moved from a type of resource to another or from a dir-
ectory to another.

Duplicating Classes
SOLIDserver allows to duplicate customized classes. These duplicates can then be edited and
renamed to manage them more easily, for instance you might need to apply them to other types
of resource or even move them.

Duplicating classes can be useful since object values set for a resource are automatically inherited
by the resources it contains. For instance, if the value "Chicago" is set for a block through an input
field "city", it is automatically inherited by the subnets it contains if said subnet also possesses
an input field named "city".

908
 Class Studio

To duplicate a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to duplicate.
4. In the menu, select Edit > Duplicate. The Duplicate class wizard appears.
5. Click on OK to commit your configuration. The duplicated class is listed and named as such:
copy_<original class name>.

Renaming Classes
A customized class can be renamed at any time from its properties page. Renaming a class does
not affect the class objects it contains. Once a class has been renamed, it will be updated on the
properties page of the concerned resources.

To rename a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. At the end of the line of the class of your choice, click on . The class properties page opens.
4. In the menu, select Edit > Rename. The Rename class wizard appears.
5. In the Old field, the current class name is displayed.
6. In the New Name field, type in the new name for the class.
7. Click on OK to commit your changes. The class new name is displayed in the panel and
modified in the list.

Moving Classes
In contrast with the default and global classes, that are hard linked to the resources they are set
for, customized classes can be moved from a directory to another or even from a type of resource
to another. For instance, a class created for DNS servers can be moved and made available for
a completely different type of resource, like the DHCP ranges.

To move a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to move.
4. In the menu, select Edit > Move. The Move class wizard opens.
5. In the Sub-directory field, type in a directory if need be. It can be a new directory for the
class or an existing one.

909
 Class Studio

6. In the Module drop-down list, select a module for the class. It can be the same one or a new
one.
7. In the Type drop-down list, select a resource to which the class will be applied. It can be the
same one or a new one.
8. Click on OK to commit your changes. The report opens and closes. The data is updated in
the list.

Changing or Stop Using Classes

At any time, you can decide not to use a particular class on a resource of your choice. For instance,
you might decide not to use a class that you want to delete or need to use another class for a
particular resource.

As classes must not be used at all in SOLIDserver to be deleted, the following procedure might
come in handy. Keep in mind that the listing page columns layout can help you find the resources
using a class. For more details, refer to the Customizing the List Layout section of this guide.

To change or stop using a class on a specific resource

1. Go to the tab of your choice. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the icon of the resource of your choice. The related listing page opens.
3. At the end of the line of the object of your choice, click on . The resource properties page
opens.
4. In the Main properties panel, click on EDIT . The related edition wizard opens.
5. Click on NEXT until you reach the <Resource> class page of the wizard.
6. In the <Resource> class list, select None or a class different from the one you intend to delete.
7. Click on NEXT until you reach the last page of the wizard.
8. Click on OK to commit your changes. The report opens and closes. The class has been
dissociated from the resource.

Using Classes
Upon addition, a customized class can either be enabled straight away or left disabled. Once
enabled, a <resource> class selection page appears in the Add/Edit wizards of the resources it
was set for. This page allows to select manually a customized class but it is not mandatory and
the choice can be left to None.

Since deleting classes may result in unwanted complications, disabling classes allows to store
them, rather than deleting them, for future use.

Note
Default and global classes cannot be disabled and are automatically applied on the
resources they are set for.

To enable a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

910
 Class Studio

2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to enable.
4. In the menu, select Edit > Enable class. The Enable class wizard opens.
5. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The class is marked as Enabled in the Status column.

To disable a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to disable.
4. In the menu, select Edit > Disable class. The Disable class wizard opens.
5. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The class is marked as Disabled in the Status column.

Deleting Classes
Only customized classes can be deleted. Keep in mind that they can be deleted only and only if
they are not used by any SOLIDserver resource. Therefore, you might need to stop using the
class before deleting it. For more details, refer to the Changing or Stop Using Classes section.

Warning
Deleting a class will delete the class objects it contained and displayed on the re-
sources properties page.You might simply want to disable a class and enable it later
to use it again.

To delete a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. Tick the class(es) you want to delete.
4. In the menu, select Edit > Delete. The Delete class wizard opens.
5. Click on OK to commit your deletion.The report opens and closes.The class has been deleted
is no longer listed.

Configuring Classes with Class Objects

As every new class is empty, it does not applies any changes to the resource it applies to. You
need to add class objects within a class to configure its behavior. They can be added to global
and customized classes via Class Editor. For more details refer to the Browsing the Classes
Database section of this chapter.

911
 Class Studio

Caution
To edit classes, your browser must allow pop-up windows.

Adding Class Objects

Even though class objects can be added to any class regardless of the class intended resource,
some will only prove useful for certain modules, for more details refer to the Understanding Class
Objects section of this chapter.

Configuration parameters differ from one object to the other: some are compulsory (marked by
an asterisk *), others only available in Expert mode. The table below describes the most frequent
parameters when adding and editing class objects:

Table 90.9. Class Objects Key Parameters

Parameter Description
Expert mode In this drop-down list, select Yes to display advanced configuration
parameters for the class object.
Name Type in this field the class object name as it will be saved in SOLIDserver
database. This name must contain hexadecimal characters with no
space, you can however use underscores "_". To prevent GUI conflicts,
avoid names that are already used in the code such as: site, mac-addr,
gateway, vlan, domain, user, port, password...
Label Type in this field the class object name as it will appear in the resource
addition and edition wizards. Only this name will be seen by the user.
In the Multi-select class object, both lists will be named like the label.
Required Tick this box to make the field compulsory in the resource addition and
edition wizards.
Not editable Tick this box if you want to prevent users from editing the class object
value in the addition and edition wizards: it will displayed in gray.
Translate the label Tick this box if you want the label of the field to be translated when
changing language preferences. The corresponding alternate values
must exist in Language editor (accessible through the Administration
homepage menu: Customization > Language Editor).
Constructor Type in this field the parameter(s) to construct the name of a field using
variables. For example, you can type %v{city}, %v{state} where city and
state will use the value of other class objects of the same class. This
will result in the Name field to be automatically filled in a <City, State>
format, for example, Chicago, Illinois.
Default value Type in this field the value prompted by default in the wizard for a class
object.
Regex match Type in this field a regular expression to check the syntax of the value
typed in the related field. For more details, refer to the Managing Class
Studio Syntax section in this chapter.
Show if... Type in this field, in the form of an "if" statement, a condition for the class
object to be applied in the wizard, for example $object_value > 0 or
$city=="Washington'". Multiple conditions can be set but they must be
separated by boolean connectors. An object value can be checked by

912
 Class Studio

Parameter Description
the Show if... condition only if it has been saved in the wizard, either by
class inheritance or using the Jump to page class object.

Input

An input field allows the association of a simple, yet highly customizable, data string to a resource
when provisioning SOLIDserver.

To add an input field

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Input . The Input wizard opens.
5. Configure it using the key parameters described in the Class Objects Key Parameters table
above.
6. In the Input field maximum length field, type in the maximum number of characters, spaces
included, that users can type in the field. By default, the maximum field length is 64.
7. If you selected the Expert mode, in the Predefined format drop-down list, you can select a
format for the Name to be valid. It can either be an IP address (v4), IP address (v6), Text,
Unsigned integer, Signed Integer, Domain name, FQDN Host, MAC address or Email address.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select

The Select class object allows to create drop-down lists that users can choose from. These drop-
down lists can be set from fixed values, added to the list directly from the wizard, or automatically
retrieved values. For instance, they can be imported to the list from a CSV file, a service list or
a custom DB. All the services and related parameters can be found in the SOAP reference guide
a va i l a b l e on the suppor t page of the Efficient IP website
[http://www.efficientip.com/support/support]. As for SOLIDserver Custom DB, for more details
refer to the Custom DB chapter of this guide.

Note
To configure a Select we strongly recommend using the Custom DB feature rather
than to retrieve data from a CSV file.

The Select class object should not be mistaken with the Multiple select. For more details, refer
to the Multiple select section below.

To add a select drop-down list using fixed values

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

913
 Class Studio

2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Fixed values. The wizard refreshes.
10. Click on NEXT . The next page of the wizard appears.
11. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password... The La-
bel/Key field autopopulates.
12. In the Label field, type in the word string, corresponding to the key, as it will be displayed in
the list. The Label/Key field autopopulates following the format <Label>#<Key>.
13. Next to the Label/Key field, click on . The value is listed in the Options list.
14. Repeat these actions for as many values as needed. You can use to remove one by one
values from the list, or and to reorganize them.
15. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add a select drop-down list using a CSV file

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select CSV values. The wizard refreshes.

914
 Class Studio

10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the CSV file field, type in the complete path of the file stored in the appliance.
12. In the Value column field, type in the number of the column in the CSV file containing the
values to retrieve.
13. In the Label column field, type in the number of the column in the CSV file containing the
labels corresponding to the values to retrieve.
14. In the Filter column field, type in the number of the column used to match certain rows.
15. Next to the Filter column field, click on . The value of the filter column field is moved to
the Filter list. You can use to remove one by one values from the list, or and to reor-
ganize them.
16. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add a select drop-down list using service list values

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Service list values or Manual. The wizard refreshes.
10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the Services field, start typing in the name of service to call, the matching services will be
listed. Select the one that suits your needs. All the services and related parameters can be
found in the SOAP reference guide available on the support page of the Efficient IP website
[http://www.efficientip.com/support/support].
12. In the Key field, type in the name of the input parameter corresponding to the values to re-
trieve.
13. In the Label field, type in the name of the input parameter corresponding to the labels asso-
ciated to these values.
14. In the Where field, type in an SQL condition to filter the retrieved values if need be.
15. In the Order by field, type in an SQL condition to sort the results if need be.
16. In the Limit field, type in the maximum number of results to display.

915
 Class Studio

17. In the Tags field, type in an SQL conditions to filter the retrieved class parameters if need
be. You might need assistance from Efficient IP support team to fill in this field.
18. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add a select drop-down list using Custom DB values

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Select . The Select wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
7. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
8. If you set the Expert mode to Yes, tick the Reload on change checkbox if you want the wizard
page to reload when a value is selected.
9. In the Select type drop-down list, select Custom DB. The wizard refreshes.
10. Click on NEXT . The next page of the wizard, allowing to set the values of the list, appears.
11. In the Custom DB name field, type in the name of the Custom DB of your choice. For more
details on SOLIDserver Custom DB, refer to the Custom DB chapter of this guide. The field
autocompletes.
12. In the Key column drop-down list, select the column from the Custom DB containing the
objects names as they will be saved in SOLIDserver database (string of characters: _a-z0-
9 only). To prevent GUI conflicts, avoid names that are already used in the code such as:
site, mac-addr, gateway, vlan, domain, user, port, password...
13. In the Label column drop-down list, select the column from the Custom DB containing the
values as they will be displayed in the list.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Comment

Just like the Horizontal separator, Jump to page, Icon and Counter class objects, a Comment is
not a user defined field and does not allow users to associate class data to a resource. Comments
allow members of the admin group to display information, a notice or a warning in the Add/Edit
wizards.

916
 Class Studio

To add a comment

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Comment . The Comment wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Comment text area, type in the comment you want to display in the wizard.
7. In the Style drop-down list, select the type of comment. It can either be the content of the
Comment field in a gray area (None), a Notice or a Warning.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel. The selected comment style is displayed in the panel.

You can close Class Editor or keep adding other class objects to the same class.

Text Area

Classes allow users associate complete chunks of text to specific resources using the Text area
object. Text area are input fields that can contain until 3900 characters.

To add a text area

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Text area . The Text area wizard opens.
5. If you set the Expert mode to Yes, fill the Rows if you want the text area to display a certain
number of rows.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Full width checkbox if you want the text area to be large, centered and placed under
the label. Leave it unticked to have a smaller text area, placed right of the label.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Horizontal Separator

Just like the Comment, Jump to page, Icon and Counter class objects, a Horizontal separator is
not a user defined field and does not allow users to associate class data to a resource. A hori-
zontal separator is a red, green or blue line that allows structuring Add/Edit wizards through which
the class data is set.

917
 Class Studio

To add a horizontal separator

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Horizontal separator . The Horizontal separator wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Line style drop-down list, select a color for the separator. It can be either Red, Green
or Blue.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Jump to Page

Just like the Comment, Horizontal separator, Icon and Counter class objects, a Jump to page is
not a user defined field and does not allow users to associate class data to a resource. The Jump
to page class object appears in the creation panel in the form of a dotted line and allows to divide
wizards into several pages, it adds a NEXT button at the bottom of the wizard page.

Adding a page can be useful to validate and save values to display conditional class objects. In-
deed, an object value can only be checked by a Show if... condition if it has been saved by said
wizard.

To add a page to a wizard

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects list, click on Jump to page . The Jump to page wizard opens.
5. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
6. In the Title field, you can name the page of the wizard you are adding.
7. In the Comment text area, you can type in a comment that will appear in the lower left-hand
corner of the wizard, beneath the title.
8. Click on NEXT . The last page of the wizard appears.
9. In the Image drop-down list, you can select a predefined image to place on the new page.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

918
 Class Studio

Hide IP Alias

When set on container, the Hide IP alias variable allows to skip the alias request page when as-
signing an IP address. For more details, refer to the Configuring IP Address Aliases section of
this guide.

This object can also be set as the Predefined variable, it corresponds to HIDE_IP_ALIAS.

To hide the IP alias request page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Hide IP alias . The Hide IP alias wizard opens.
6. In the Name field, the class object name is displayed: HIDE_IP_ALIAS.
7. In the Value field, the class object is enabled: it is true.
8. If you set the Expert mode to Yes, fill in the Show if... field if need be according to the Class
Objects Key Parameters table of this section.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Subnet Gateway

The Subnet gateway object allows to specify an offset for the gateway of all subnets. It overwrites
the offset computed by the subnets default behavior, for more details refer to the Subnet Default
Behaviors section of this guide.

To specify the offset of a gateway

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Subnet gateway . The Subnet gateway wizard opens.
6. In the Name field, type in the name of the user defined field you want to add. By default, it
is gateway.
7. In the Label field, type in the label of the user defined field you want to add. By default, it is
Gateway.

919
 Class Studio

8. In the Offset gateway field, type in the positive or negative offset to automatically configure
the gateway from the subnet IP address. By default, SOLIDserver sets the default gateway
offset to -1.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Force Prefix

Force prefix allows to force a specific prefix on a subnet and can be applied on the subnet itself
or on the block or space it is belongs to.

Note
Forcing a prefix on a preexisting subnet may cause an error.

This object can also be set as the Predefined variable, it corresponds to FORCE_SUBNET_PRE-
FIX.

To force a prefix on an address

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select IP address management. The class objects list
refreshes.
5. In the class objects list, click on Force prefix . The Force prefix wizard opens.
6. In the Value field, type in the prefix you want to force for the resource. By default, it is 24.
7. If you set the Expert mode to Yes, fill in the Show if... field if need be according to the Class
Objects Key Parameters table of this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select DHCP Server

The Select DHCP server class object is a Select drop-down list that retrieves and displays all the
DHCP servers managed by SOLIDserver.

To add a DHCP server drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.

920
 Class Studio

4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP server . The Select DHCP server wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select DHCP Scope

The Select DHCP scope class object is a Select drop-down list that retrieves and displays all the
DHCP scopes managed by SOLIDserver.

To add a DHCP scope drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP scope . The Select DHCP scope wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select DHCP Range

The Select DHCP range class object is a Select drop-down list that retrieves and displays all the
DHCP ranges managed by SOLIDserver.

To add a DHCP range drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP range . The Select DHCP range wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

921
 Class Studio

You can close Class Editor or keep adding other class objects to the same class.

Select DHCP Static

The Select DHCP static class object is a Select drop-down list that retrieves and displays all the
DHCP statics managed by SOLIDserver.

To add a DHCP static drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on Select DHCP static . The Select DHCP static wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

DHCP Options

You can configure a wide range of additional DHCP options at the server, group, scope, range
and statics level. For more details, refer to the DHCP Options appendix of this guide.

Applying such options through a class avoids wasting time in editing each DHCP resource from
their respective properties page.

To embed additional DHCP options

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DHCP management.The class objects list refreshes.
5. In the class objects list, click on DHCP options . The DHCP options wizard opens.
6. In the Expert mode drop-down list, select Yes.
7. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

922
 Class Studio

Select DNS Server

The Select DNS server class object is a Select drop-down list that retrieves and displays all the
DNS servers managed by SOLIDserver.

To add a DNS server drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS server . The Select DNS server wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select DNS zone

The Select DNS server class object is a Select drop-down list that retrieves and displays all the
DNS zones managed by SOLIDserver.

To add a DNS zone drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS zone . The Select DNS zone wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Select DNS domain

The Select DNS server class object is a Select drop-down list that retrieves and displays all the
domains, or DNS Master Name zones, managed by SOLIDserver.

923
 Class Studio

To add a DNS domain drop-down list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select DNS management. The class objects list refreshes.
5. In the class objects list, click on Select DNS zone . The Select DNS zone wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Order by fields, type in a value to filter the selected domain by a key. This key must
respect the format : dz.{your_value}.
8. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
9. Tick the Reload on change checkbox if you want the wizard page to reload once a domain
is selected.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Autocompletion

An Autocompletion field is an input field that autopopulates when typing the first symbols of a
value and clicking on the related SEARCH button. A drop-down list then appears to present values
retrieved from a service list or a custom DB.

Keep in mind that all the services and related parameters can be found in the SOAP reference
guide available on the suppor t page of the Efficient IP website
[http://www.efficientip.com/support/support]. For more details on SOLIDserver Custom DB, refer
to the Custom DB chapter of this guide.

To add an Autocompletion input field using services

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Autocompletion . The Autocompletion wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Select type drop-down list, select Manual.
8. Click on NEXT . The next page of the wizard appears.

924
 Class Studio

9. In the Service name field, type in the name of the listing service to call, for example ip_sub-
net_list.
10. In the Parameter name field, type in the name of the input parameter that will be used to
pass the searched value. By default, it is WHERE.
11. In the Search condition field, type in a search condition, i.e. a variable, to display in the
Autocompletion drop-down list followed by like '%#%' . In our example, you can type in
subnet_name like '%#%' to format the display of all the IPv4 subnets name. You can also
filter the list by replacing the hash symbol (#) by a specific matching value.
12. In the Parameter name for reverse search field, type in the input parameter name, used to
do reverse searches. Indeed, if a user chose a subnet name for instance, the system will
only have its ID. With this parameter you can pass the ID of the object instead of a string-
like parameter. By default, the parameter name is WHERE.
13. In the Reverse search condition field, type in a second variable, a reverse search condition,
to associated with the one to display in the drop-down list, in our example subnet_id='#' .You
can also filter the list by replacing the hash symbol (#) by a specific matching value.
14. In the Key field, type in the key of the second variable, in our example subnet_id .
15. In the Display format field, type in the value that corresponds to the final display of the data
in the autocompletion drop-down list. You can format this value with as many variables
(preceded by $) or literal symbols as needed. For instance, the $subnet_name (in
$block_name > $site_name) - id = $subnet_id value will display the selected subnets in the
following format: subnet_name (in block_name > site_name) - id = subnet_id.
16. Tick the Allow non-matching values checkbox if you want to allow the input field to accept
values that are not part of the database.
17. Tick the Automatic accept checkbox if you want the field to provide a list of matching Custom
DB entries when the user types in values.
18. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add an Autocompletion input field using Custom DB

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Autocompletion . The Autocompletion wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the Select type drop-down list, select Custom DB.
8. Click on NEXT . The next page of the wizard appears.
9. In the Custom DB name field, type in the name of the Custom DB from which you want to
retrieve the data to display. The wizard refreshes.
10. In the Key column drop-down list, select the column containing the values to display.

925
 Class Studio

11. In the Label column drop-down list, select the column containing the labels associated to
the values to display.
12. Tick the Allow non-matching values checkbox if you want to allow the input field to accept
values that are not part of the database.
13. Tick the Automatic accept checkbox if you want the field to provide a list of matching Custom
DB entries when the user types in values.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Checkbox

The principle of a Checkbox is quite simple as it allows only two choices that can be associated
to any value, TRUE when it is ticked and FALSE when it is left unticked. Chechboxes can either
be used alone or in combination with other class objects and parameters to validate complex
regular expression.

To add a checkbox

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Checkbox . The Checkbox wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. In the "TRUE" value field, type in the value you want to set for checkbox when it is ticked
(value yes or 1).
8. In the "FALSE" value field, type in the value you want to set for checkbox when it is not
ticked (value no or 0).
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Counter

SOLIDserver offers the possibility to place a Counter on any page of the wizards the class can
be applied to. A counter increments its value every time said page is accessed, but not necessarily
modified. Returning on a page without closing the wizard, using the PREVIOUS and NEXT buttons,
will not cause the counter to increment.

To add a counter

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

926
 Class Studio

2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Counter . The Counter wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Padding checkbox if you want to display all the digits of the counter, zeros included.
8. In the Number of digits field, type in the number of digits for your counter.
9. In the Min value field, type in the counter start value. It will displayed when the page is ac-
cessed for the first time.
10. In the Max value field, type in the maximum value you want to set for your counter.
11. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Force class

This class object allows to force classes on any lower level resources. For instance, a Force
class can be configured on a class dedicated to DHCP servers in order to force certain classes
applying to the DHCP scopes, ranges or statics the server contains and will contain.

Classes forced on resources should be configured and enabled for the resources in Class Studio.
In other words, to force a class on a scope, the class meant to set the behavior of this scope
must be configured and enabled.

Note
You can force several classes on the same resource, in which case, beware of
conflicting object names.

To force a class on a lower level

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit, provided that this class was not set
for the lowest level of any module hierarchy. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Force class . The Force class wizard opens.
6. In the Type drop-down list, select one of the lower levels of objects displayed according to
your needs. The wizard refreshes.
7. In the Class list, double-click on the class you want to force. The class is moved to the
Classes list.

927
 Class Studio

8. If you set the Expert mode to Yes, you can set the value of the Required and Show if... fields
according to the Class Objects Key Parameters table of this section.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Force VLSM

The Force VLSM object is used to force a value for the Terminal subnet checkbox in the subnets
addition wizard. When applied on a space or a block, this value is set by default for all the subnets
that they will contain. In this case, the checkbox will not appear anymore in the subnet addition
wizard. Forcing a subnet to be non-terminal enables the VLSM since it allows to create it to
contain other subnets, for more details on VLSM, refer to the Using VLSM to Manage Your Network
chapter of this guide.

This object can also be set as the Predefined variable, it corresponds to NO_VLSM_SUBNET.

To force VLSM on a subnet

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Force VLSM . The Force VLSM wizard opens.
6. Tick the Force non terminal subnets creation checkbox if you want the class to force subnets
to be non-terminal upon creation and edition. In other words, the class will automatically
untick the Terminal subnet checkbox when adding/editing subnets as well as it will not tick
or display the field at all if set at the spaces or blocks level.
7. If you set the Expert mode to Yes, you can set the value of the Required and Show if... fields
according to the Class Objects Key Parameters table of this section.
8. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Hidden data

Allows to associate a resource to a customizable data, not displayed in the wizard. This data
string can be for example be used as a hidden signature for a class.

It can also be used to populate other fields when associated to the constructor class object
parameter (see the Class Objects Key Parameters table) and regular expressions (see the
Managing Class Studio Syntax section in this chapter). A default value can be set for this data,
which can be used when the related field to fill is empty, as well as another value that can be
forced to overwrite the preexisting content.

928
 Class Studio

To add hidden data

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Hidden data . The Hidden data wizard opens.
6. In the Name field, type the name of another class object. Once the Hidden data is fully con-
figured, the class object will no longer be displayed in the wizard.
7. If you set the Expert mode to Yes, you can set the value of the Constructor and Show if...
fields according to the Class Objects Key Parameters table of this section.
8. In the Default value field, type in the value you want to set for a related field using this hidden
data when empty.
9. In the Force value field, type in a value if you want to overwrite the content of a related field
using this hidden data.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Icon

The Icon object allows to associate an image with a new device in Device Manager.

To associate an icon to a device

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Icon . The Icon wizard opens.
6. In the Icon path field, type in the complete path of the icon on the local appliance.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Include class

Include class allows to embed another class and the objects it contains. For example, a class X
including a class Y, which already includes a class Z, will include the objects of the three classes.

929
 Class Studio

To include a class

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Include class . The Include class wizard opens.
6. In the Module drop-down list, select the module associated to the class you want to include.
7. In the Type drop-down list, select the type of resources associated to the class you want to
include.
8. In the Class name drop-down list, select the class you want to include.
9. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.
10. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Multiple input

The Multiple input object allows to store several values defined through a preexisting Input field
placed above it. It must be placed right under an Input class object in the class creation panel.
For more details regarding the classes object order, refer to the Organizing Class Objects section
of this chapter.

The Multiple input will actually appear as a list on the addition/edition wizard of the selected re-
source.

To add a Multiple input field

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. Make sure an Input field is available, it will associated with the Multiple Input you are creating.
For more details, refer to the Add an input field procedure of this section.
6. In the class objects list, click on Multiple input . The Multiple input wizard opens.
7. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
8. In the Input object name field, type in the name of the Input class object used to populate
the multiple input list.
9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

930
 Class Studio

Once the Multiple input class object is configured, a button will appear next to the Input field
placed above it in class creation panel, it allows to add the values typed in the Input field to the
Multiple input list.

You can close Class Editor or keep adding other class objects to the same class.

Multiple select

Multiple select drop-down lists allow to select and store multiple values at the same time. These
can be fixed values, added to the list directly from the wizard, or automatically retrieved values.
For instance, they can be imported to the list from a CSV file or a service list. All the services
and related parameters can be found in the SOAP reference guide available on the support page
of the Efficient IP website [http://www.efficientip.com/support/support].

Once the Multiple select class object is configured, two lists are available on the wizard: the first
one comes with a button next to it, to select the needed values and the second list displays
the values selected in first list.

Note
Like the Select class object, you can use the content of a Custom DB in the Multiple
select. However, to properly implement this feature you need advanced knowledge
as it requires using custom database services (through the Service type Service list
values). In this case, the Where field can help narrow down the list of values available
in the multiple select drop-down list.

To add a multiple select drop-down list using fixed values

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select Fixed values. The wizard refreshes.
10. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password... The La-
bel/Key field autopopulates.
11. In the Label field, type in the word string, corresponding to the key, as it will be displayed in
the list. The Label/Key field autopopulates following the format <Key>#<Label>.
12. On the right of the Label/Key field, click on . The value is listed in the Options list.

931
 Class Studio

13. Repeat these actions for as many values as needed. You can use to remove one by one
values from the list, or and to reorganize them.
14. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add a multiple select drop-down list using CSV values

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select CSV values. The wizard refreshes.
10. In the CSV file field, type in the complete path of the file stored in the appliance.
11. In the Value column field, type in the number of the column in the CSV file containing the
values to retrieve.
12. In the Label column field, type in the number of the column in the CSV file containing the
labels corresponding to the values to retrieve.
13. In the Filter column field, type in the number of the column used to match certain rows.
14. Next to the Filter column field, click on . The value of the filter column field is moved to
the Filter list. You can use to remove one by one values from the list, or and to reor-
ganize them.
15. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

To add a multiple select drop-down list using the service list

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Multiple select . The Multiple select wizard opens.

932
 Class Studio

6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Tick the Have none label checkbox if you want the drop-down list to display the default value
None in addition to those it will contain.
8. Tick the Full width checkbox if you want the drop-down list to be large, centered and placed
under the label. Leave it unticked to have a smaller list, placed right of the label.
9. In the Select type drop-down list, select Service list values. The wizard refreshes.
10. In the Services field, start typing in the name of service to call, the matching services will be
listed. Select the one that suits your needs. All the services and related parameters can be
found in the SOAP reference guide available on the support page of the Efficient IP website
[http://www.efficientip.com/support/support].
11. In the Key field, type in the object name as it will be saved in SOLIDserver database (string
of characters: _a-z0-9 only). To prevent GUI conflicts, avoid names that are already used
in the code such as: site, mac-addr, gateway, vlan, domain, user, port, password...
12. In the Label field, type in the name of the input parameter corresponding to the labels asso-
ciated to these values.
13. In the Where field, type in an SQL condition to filter the retrieved values if need be.
14. In the Order by field, type in an SQL condition to sort the results if need be.
15. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.
16. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Objectname

Objectname allows to build an automatic naming rule for a resource, such as %v{city}-%v{store
code} where city and store code are the names of objects belonging to the same class. By con-
vention, an Objectname and the class objects used to build it should be placed in the first page
of the wizard.

To name automatically a resource

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Objectname . The Objectname wizard opens.
6. Configure the Not editable checkbox according to your needs. For more details, refer to the
Class Objects Key Parameters table of this section.
7. In the Constructor field, use the name of class objects to set the Objectname format. For
more details, refer to the Class Objects Key Parameters table of this section.
8. If you set the Expert mode to Yes, you can set the value of the Show if... field according to
the Class Objects Key Parameters table of this section.

933
 Class Studio

9. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

DHCP shared network

Members of the admin group can also add a drop-down list that retrieves and displays all the
scopes that can be used as shared networks.

To associate a shared network to a resource

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on DHCP shared network . The DHCP shared network wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Pre-defined variable

Predefined variables can be seen as fully fledged class objects with only one value and purpose.
To set up a pre-defined variable, refer to the appendix Class Studio Pre-defined Variables to
understand the purpose of each variable and use the Value field appropriately.

To insert a pre-defined variable to a resource

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Pre-defined variable . The Pre-defined variable wizard opens.
6. Configure the variable, following the details in the appendix Class Studio Predefined Variables.

a. In the Namedrop-down list, select the predefined variable of your choice.

b. In the Valuefield, type in the value that suits your needs.
c. If you set the Expert mode to Yes, you can set the value of the Show if... field according
to the Class Objects Key Parameters table of this section.

934
 Class Studio

7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Upload file

In addition to the fields, checkboxes and drop-down lists, Class Studio also allows the integration
of an upload tool to the addition and edition wizards. Once added to the class, the related wizards
is added a File name field and a BROWSE button. Clicking on the latter opens a window that allows
to upload any file to SOLIDserver database.

Note
Uploaded files cannot excess 300 MB.

Uploaded files are stored temporarily in the /tmp folder of the appliance and deleted shortly after.
The upload tool can therefore be used to import CSV files or other types of files to be processed
straight away by other class objects.

To add an upload file field

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the class objects drop-down list, select All Objects. The class objects list refreshes.
5. In the class objects list, click on Upload file . The Upload file wizard opens.
6. Fill in the object key parameters according to the Class Objects Key Parameters table of
this section.
7. Click on OK to commit your addition. The object is now embedded into the class and listed
in the creation panel.

You can close Class Editor or keep adding other class objects to the same class.

Editing Class Objects

Class objects can be edited at any time even if the class they belong to is already in use.

Warning
Renaming an object already used by a resource will delete all the class data it is
associated with. It can only be retrieved by renaming the object back, before filling
any new class data through the newly edited object..

To edit a class object

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.

935
 Class Studio

2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to edit. Class Editor opens.
4. In the creation panel, click on the gray box displaying the name of the class object to edit.
The corresponding object class wizard opens.
5. Edit the class object according to your needs following the Adding Class Objects correspond-
ing procedure.
6. Click on OK to commit your configuration. The object is updated in the creation panel.

Organizing Class Objects

The way user defined fields are displayed on the Add/Edit wizards of a resource depends on the
organization of the class objects when configuring the class. SOLIDserver simplifies this process
by allowing members of the admin group to drag & drop the objects of their choice.

Note
A Multiple select can only be effective if placed underneath an Input object.

To organize class objects

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to organize. Class Editor opens.
4. In the creation panel, drag and drop the class objects to change their display order once the
the class is use don a resource.

Deleting Class Objects

At any time, you can remove a class object from a class. Keep in mind that deleting a class object
will remove the related user defined fields and data form all the resources wizards it is applied
to.

To delete a class object

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Name column, click on the class you want to delete. Class Editor opens.
4. In the creation panel, right of the class object to delete, click on the garbage icon. The wizard
opens.
5. Click on OK to commit your deletion. The object is no longer listed in the creation panel.

936
 Class Studio

Managing Class Studio Syntax

Class Studio is a powerful tool to help members of the admin group in provisioning SOLIDserver
through classes that act as automated rules. Configuring these classes requires knowledge of
the regular expression (regex) syntax. Regex being as powerful as complex, this section will
present only the basic information to help you configure simple class parameters. For more details
on regular expressions, you can visit the regular-expressions.info
[http://www.regular-expressions.info/] or regexlib.com [http://regexlib.com/] websites.

Basic Regular Expressions

regex stands for "regular expression". Regular expressions are used by the administrator to en-
force the format of the data input in the user defined fields. For instance, it can be used to set a
maximum string length, allow only alpha characters a-z or A-Z or numbers in the range [1-99].

For instance, in the following example of regex: ^[a-zA-Z]{1, 10}$

^ means "begin matching at start of string"

[a-zA-Z] means "match lower case and upper case letters a-z"

{1,25} means "match the previous item (the letters which format was explained in the previous
line) 1 to 25 times"

$ means "only match if cursor is at end of string"

Basic regular expression symbols are described in the table below:

Table 90.10. Basic Regex Symbols

regex sym- Description
bol
. Matches any single character. If put between bracket, the dot symbol matches a
literal dot. For example, a.c matches "abc", etc., but [a.c] matches only "a", ".", or
"c".
[] A bracket expression. Matches a single symbol contained within the brackets.
For example, [abc] matches "a", "b", or "c". [a-z] specifies a range matching any
lowercase letter from "a" to "z". These forms can be mixed: [abcx-z] matches "a",
"b", "c", "x", "y", or "z", as does [a-cx-z]. The - symbol is treated as a literal symbol
if it is the last or the first (after the ^) symbol within the brackets: [abc-], [-abc].
Note that backslash escapes are not allowed. The ] symbol can be included in a
bracket expression if it is the first (after the ^) symbol: []abc].
[^ ] Matches a single symbol that is not contained within the brackets. For example,
[^abc] matches any symbol other than "a", "b", or "c". [^a-z] matches any single
symbol that is not a lowercase letter from "a" to "z". Likewise, literal symbols and
ranges can be mixed.
^ Matches the starting position within the string. In line-based tools, it matches the
starting position of any line.
$ Matches the ending position of the string or the position just before a string-ending
newline. In line-based tools, it matches the ending position of any line.
() Defines a marked subexpression.

937
 Class Studio

regex sym- Description

bol
* Matches the preceding element zero or more times. For example, ab*c matches
"ac", "abc", "abbbc", etc. [xyz]* matches "", "x", "y", "z", "zx", "zyx", "xyzzy", and
so on. (ab)* matches "", "ab", "abab", "ababab", and so on.

Defining a Class as a Group Resource

In SOLIDserver, only the superuser (ipmadmin) can manage and modify the items of every
module. Adding a class as one of the resources of a specific group will allow the users of that
group to apply it as long as they have the corresponding rights and delegations granted. Granting
access to a class as a resource will also make every item it contains available. For more details,
refer to the section Assigning Classes as Resource in the chapter Managing Groups of adminis-
trator of this guide.

938
Chapter 91. Packager
From the Administration module, Packager allows to import a set of customized functionalities
via an archive file directly from the GUI. Once uploaded, installing packages can affect interfaces,
databases, system files, etc. depending on what they contain. These functionalities can take the
form of classes, services (also called macros), reports or rules.

Packager is composed of two pages: All Packages and All package files. From the All Packages
page you can import or create, install, uninstall and delete your packages. The All package files
page simply provides the content of the packages.

Packager reuses the principle of the module of the same name in 3.0.1 however it uses different
services. Therefore, packages created or used in previous versions of SOLIDserver cannot be
used with the current version.

Browsing the Packages Database

The packages and their content are displayed on two different pages. The packages management
options are only available on the All packages page.

Figure 91.1. Administration: All Packages

To list the packages

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.

The All packages page contains seven columns: Name, Description, Version, Vendor, Creation
time, Install time and Status. The columns allow to filter and sort the packages database. You
cannot edit the page listing template. To display all this information in one panel, you can go to
the package properties page.

To display a package properties page

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. At the end of the line of the package of your choice, click on . The server properties pages
opens.

As for the packages content, it is listed on the All package files page.

Figure 91.2. Administration: All Package Files

939
 Packager

To list the content of all the packages

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the breadcrumb, click on All package files. The All package files page opens.

To display the content of a specific package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Click on the name of the package of your choice. The All package files page of the selected
package opens.

The All package files page contains five columns: filename, Directory, Type, Package version
and Version. You cannot edit the page listing template.

Uploading Packages
From the All packages page you can upload your own packages in a .tar archive file.

Keep in mind that:

• uploading a package simply stores it locally on the appliance. Once uploaded, you need to install
it to push the files it contains. For more details, refer to the section Installing Packages.
• each package has a unique name, version and content, so you cannot upload a package if it
is already listed on the page unless the version or name differs. If at least one of the files it
contains is already installed, you will not be able to install your package.
• packages from previous versions of SOLIDserver are not compatible and therefore not suppor-
ted.

To upload a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the menu, select Add > Upload package. The Upload a package wizard opens.
4. Click on BROWSE to search for the .tar file to import. A window opens to help you browse
through folders.
5. Double-click on the needed file. The window closes and the file is visible in the File name
field of the wizard.
6. Click on OK to commit the upload. The report opens and closes. The All Packages opens
again, the package is listed but it is not installed yet.

Creating Packages
If you want you can create your own packages from the All packages page. In this case, you can
configure it with existing rules, services, reports and classes.

940
 Packager

Keep in mind that:

• creating a package does not install it. Once created, you need to install it to push the files it
contains. For more details, refer to the section Installing Packages.
• each package has a unique name, version and content, so you cannot upload a package if it
is already listed on the page unless the version or name differs. If at least one of the files it
contains is already installed, you will not be able to install your package.
• you cannot include system files to your package. If you include any of SOLIDserver system
files during the creation, you will not be able to install the package.

To create a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. In the menu, select Tools > Expert > Create a package. The Create a package wizard opens.
4. In the Package name field, name the package.
5. In the Version field, type in a version for your package following the format <number>.<num-
ber> .
6. In the Description field, you can describe the package.
7. In the Vendor field, you can type in a vendor name.
8. Click on NEXT . The Package files selection page opens.
9. Configure the content of your package.

a. You can add classes using to the table below.

Table 91.1. Class Addition Details

Fields Description
Files type Select Class in the drop-down list.
Module Select in the drop-down list the module of your choice: Adminis-
tration, DHCP, DNS, Device Manager, IPAM, NetChange, Rights
& delegation, SPX, VLAN Manager, VRF or Workflow.
Type Select in the drop-down list the object within the selected module
the class applies to.
Available files Select in the drop-down list an existing class. If it belongs to a
specific directory it is listed as follows: <directory-name>/<class-
name>. For more details regarding classes, refer to the chapter
Class Studio.

Once you selected the class that suits your needs, click on ADD . The class is moved to
the Selected files list. You can add as many classes as needed.

To remove a class, select it the Selected files list and click on DELETE .

b. You can add services using to the table below.

941
 Packager

Table 91.2. Services Addition Details

Fields Description
Files type Select Macro in the drop-down list.
Module Select in the drop-down list the module of your choice: Adminis-
tration, DHCP, DNS, Device Manager, IPAM, NetChange, Rights
& delegation, SPX, VLAN Manager, VRF or Workflow.
Available files Select the service of your choice.

Once you selected the class that suits your needs, click on ADD . The service is moved
to the Selected files list. You can add as many services as needed.

To remove a class, select it the Selected files list and click on DELETE .

c. You can add reports using to the table below.

Table 91.3. Reports Addition Details

Fields Description
Files type Select Report in the drop-down list.
Available files Select in the drop-down list the report of your choice. For more
details regarding the reports refer to the chapter Managing Re-
ports.

Once you selected the class that suits your needs, click on ADD . The report is moved
to the Selected files list. You can add as many services as needed.

To remove a class, select it the Selected files list and click on DELETE .

d. You can add rules using to the table below.

Table 91.4. Rules Addition Details

Fields Description
Files type Select Rule in the drop-down list.
Module Select in the drop-down list the module of your choice: Adminis-
tration, DHCP, DNS, Device Manager, IPAM, NetChange, Rights
& delegation, SPX, VLAN Manager, VRF or Workflow.
Available files Select in the drop-down list an existing rule applying to the selec-
ted module.

Once you selected the class that suits your needs, click on ADD . The rule is moved to
the Selected files list. You can add as many services as needed.

To remove a class, select it the Selected files list and click on DELETE .

10. Click on OK to commit the package creation with all the files listed in the Selected files field.
The report opens and closes. The All Packages opens again, the package is listed but it is
not installed yet.

Editing Packages
You cannot edit a package. If one of your packages contains files than you no longer require
or if it misses files, you need to replace it.

942
 Packager

1. Uninstall the useless package.

2. Upload the package that replaces it or create another package. To make sure you do not forget
any file, you can look at the All package files list of the package you want to replace.
3. Delete the useless package.
4. Install the new package.

Installing Packages
Installing a package pushes its files to the relevant parts of the appliances. When uploading or
creating a package, it is simply listed in the GUI. If you do not install it, the files it contains are
simply stored locally but not used.

Keep in mind that:

• you cannot install a package containing SOLIDserver system files.

• you cannot install a package if it contains one or several files that were already installed with
another package.
• once you installed a package you cannot delete it, you must uninstall it before being able to
delete it.

To install a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to install.
4. In the menu, select Edit > Install. The Install a package wizard opens.
5. Click on OK to commit the package installation. The report opens and works until all the files
are pushed. The All Packages opens again, in the Status column the package is marked
installed.

Uninstalling Packages
Uninstalling a package allows to revert all the changes that the files it contains were performing.
It also allows to delete a package: you cannot delete a package if it is installed, that is to say
used.

To uninstall a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to uninstall.
4. In the menu, select Edit > Uninstall. The Uninstall a package wizard opens.
5. Click on OK to commit your changes. The report opens and closes. The All Packages opens
again, in the Status column the package is marked uninstalled.

943
 Packager

Downloading Packages
At any time you can download a package, whether it is installed or not.

Keep in mind that you can only download one package at a time.

To download a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package you want to download.
4. In the menu, select Edit > Download . The Downloading a package wizard opens.
5. Click on OK to commit your choice. The report opens, the package is now stored in an archive
.tar file on the Local files listing page (Administration tab homepage > Maintenance > Local
files listing). If you do not want to download the file on your computer, go to step 7.
6. Click on DOWNLOAD to save the package locally or open and save it depending on your
browser.
7. Click on CLOSE . The wizard closes and the All packages page is visible again.

Deleting Packages
Once you no longer need a package you can delete it as long as it is no longer used. This means
that if the package you want to delete is currently installed, you need to uninstall it before following
the procedure below. For more details, refer to the section Uninstalling Packages.

To delete a package

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Packager icon. The All packages page opens.
3. Tick the package(s) you want to delete.
4. In the menu, select Edit > Delete . The Delete wizard opens.
5. Click on OK to commit the package deletion. The report opens and closes. The package is
no longer listed.

944
Appendix A. DHCP Options
Table of Contents
Basic Options ................................................................................................................ 945
Server Parameters ........................................................................................................ 946
Lease Information Options ............................................................................................. 947
WINS/NetBIOS Options ................................................................................................. 947
Host IP Options ............................................................................................................. 947
Interface Options ........................................................................................................... 948
Servers Options ............................................................................................................ 949
BOOTP Compatibility Options ........................................................................................ 951
DHCP Packet Fields Options .......................................................................................... 952
Microsoft DHCP Client Options ...................................................................................... 953
NetWare Client Options ................................................................................................. 954
NIS/NISplus Options ...................................................................................................... 954
Miscellaneous ............................................................................................................... 955
Vendor MSFT Options ................................................................................................... 955
Vendor Nwip Options ..................................................................................................... 955

This appendix describes all the DHCP options that you can configure through the Configure
DHCP options wizard at server, group, scope range and statics level (from the object properties
page through the DHCP options panel EDIT button). You will find sets of options that follow each
of the available categories in the wizard.

Basic Options
Table A.1. The Basic DHCP Options
Name Code Value type Description
broadcast address 28 IP address specifies the broadcast address for the inter-
face's subnet.
domain name 15 text (name) domain name which client will use when
resolving name via DNS.
domain-name-servers 6 list of IP addresses list of Domain Name Servers (DNS) available
for this client These servers are listed by order
of preference.
host name 12 text (name) client host name.
routers 3 list of IP addresses list of routers for client subnet. These servers
are listed by order of preference.
Authoritative N/A boolean allocation and checking of IP addresses ac-
cording to network segment where the DHCP
client is connected.
Default lease time N/A duration (in default lease duration.
seconds)
Max lease time N/A duration (in maximum lease duration (unavailable for
seconds) BOOTP lease).

945
 DHCP Options

Name Code Value type Description

Min lease time N/A duration (in minimum lease duration.
seconds)
Ping check N/A boolean permit to check by an ICMP request if the
target address is not used.
Ping time out N/A duration (in maximum timeout answer for a ping from the
seconds) DHCP server.
Vendor option space N/A text define specific option space used for encap-
sulated options.
Subnet mask 1 IP address the subnet mask of the connected interface.

Server Parameters
These options concern the technical parameters on the server side.

Table A.2. The Available Server Parameters

Name Code Value type Description
Authoritative N/A boolean allocation and checking of IP addresses ac-
cording to network segment where the DHCP
client is connected.
Ping check N/A boolean permit to check by an ICMP request if the
target address is not used.
Ping timeout N/A duration (in maximum timeout answer for a ping from the
seconds) DHCP server.
Storm detection check N/A number Specifies the number of request that have to
request be received in order to trigger the MAC ad-
dress black listing. Only MAC address associ-
ate with an IP address is take in account in
the black list. It means that the client have to
make a DHCP request first with an IP ad-
dress. Has to be used in conjunction with
'storm detection check sec' as well as 'Storm
detection ignore sec' parameters. The value
has to be between 1 and 65535.
Storm detection check N/A duration (in Specifies the period during which the system
sec seconds) allows requests. It then checks if it has more
than X requests in this time lap, then if it is
over, it blacklists the MAC for X seconds. Has
to be used in conjunction with 'storm detection
check request' as well as 'Storm detection
ignore sec' parameters. The value has to be
between 1 and 65535.
Storm detection check N/A duration (in number of seconds during which any DHCP
ignore sec seconds) request from the blacklisted device will be ig-
nored. Has to be used in conjunction with
'storm detection check request' as well as
'Storm detection check sec' parameters. The
value has to be between 1 and 65535.

946
 DHCP Options

Lease Information Options

These options concern the technical mechanisms on the client side of SOLIDserver DHCP protocol.

Table A.3. The Lease Information Options

Name Code Value type Description
dhcp-renewal-time 58 duration (in time interval from address assignment until
seconds) the client transitions to the RENEWING state.
dhcp-rebinding-time 59 duration (in time interval from address assignment until
seconds) the client transitions to the REBINDING state.

WINS/NetBIOS Options
Table A.4. The WINS/NetBIOS Options
Name Code Value type Description
netbios-name-servers 44 list of IP addresses list of WINS servers or of Net-BIOS name
servers (NBMS) defined by RFC1001 and
a
RFC1002. These servers are sorted by order
of preference.
netbios-dd-server 45 list of IP addresses list of NetBIOS datagram distribution servers
(NBDD), defined by RFC1001 and RFC1002.
These servers are sorted by order of prefer-
ence.
netbios-node-type 46 number type of NetBIOS knot described in RFC1001
and RFC1002. The value is represented by
a numerical code: 1 for B-node, 2 for P-node,
4 for M-node, 8 for H-node.
netbios-scope 47 text (name) netbios-scope name value of NetBIOS scope
specified in RFC1001 and RFC1002.
a
For more details, refer to the IETF website: RFC1001 is at http://tools.ietf.org/html/rfc1001 and RFC1002 at ht-
tp://tools.ietf.org/html/rfc1002.

Host IP Options
Table A.5. The Host IP Options
Name Code Value type Description
Default-ip-ttl 23 duration (in default lifetime that the client must use to send
seconds) a datagram on the network. Valid values
between 1 and 255.
Ip-forwarding 19 boolean this option specifies whether the client should
configure its IP layer for packet forwarding
a
(RFC1533) .
Max-dgram-reas- 22 number maximum size of datagram which the client
sembly must prepare to assemble.
non-local-source-rout- 20 boolean allow the source-routing forwarding if the next-
ing hop is on a different physical interface from
b
that crossed by the datagram RFC1122 .

947
 DHCP Options

Name Code Value type Description

path-mtu-aging- 24 second aging time for the Path MTU Discovery
c
timeout defined for the client in the RFC1191 .
path-mtu-plateau- 25 list of numbers list of MTU sizes for the PMTU RFC1191.
table MTU sizes are prioritized by the order and do
not have to be lower than 68.
policy-filter 21 2 IP addresses specifies the filtering policy for the non-local-
source-routing. These filters are defined by a
list of destination and netmask IP address
couplets which specify the destination of en-
tering routes. Any "routedsource" datagram
not figuring in the list of filters is destroyed.
Subnet selection 118 IP address the DHCP server determines the subnet from
which the request originated (RFC 3011
d
[http://tools.ietf.org/html/rfc3011]) .
a
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc1533.
b
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc1122.
c
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc1191.
d
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc3011.

Interface Options
Table A.6. The Interface Options
Name
All-subnets-local
Arp-cache-timeout
Auto configure
Broadcast-adress
Classeless static route 121 list of IP addresses this option allows to use the routers used by
Default-tcp-ttl
Ieee802-3-encapsula-
tion
Code Value type Description
27 boolean specifies if the IP interface must demand that
all subnets with which it communicates use
the same MTU as that used by the physical
interface.
35 duration (in this option specifies the timeout in seconds
seconds) for ARP cache entries.
116 boolean this option code is used to ask whether, and
be notified if, auto-configuration should be
disabled on the local subnet.
28 IP address specifies the broadcast address for the inter-
face's subnet.
the IP protocol to set up a packet transmission
path between two IP hosts (one source and
one destination host) through the router IP
address, listed in the routing table. This option
obsoletes the Static Route option (option 33),
a
refer to RFC3442 for more details .
37 duration (in this option specifies the default TTL that the
seconds) client should use when sending TCP seg-
ments.
36 boolean specifies if the client must use Ethernet Ver-
sion 2 encapsulation or IEEE 802.3 on its in-
terface if it is ethernet.

948
 DHCP Options

Name Code Value type Description

Interface-mtu 26 number size of MTU to use for this interface, it should
be minimum 68 bytes.
Mask-supplier 30 boolean specifies if the interface must declare its net-
mask during an ICMP echo.
Perform-mask-discov- 29 boolean specifies if, for this interface, the client should
ery attempt an ICMP discovery to find its net-
b
mask.
Router-discovery 31 boolean Specifies if, for this interface, the client should
solicit routers by the "Router Discovery"
c
mechanism of RFC1256 .
Router-solicitation-ad- 32 IP address Specifies the address by which, for this inter-
dress face, the client must emit its solicitation re-
quests to the routers.
Static-routes 33 2 IP addresses In the route interface's cache, the first entry
in the list is the destination address and the
second is the router's address. The default
route (0.0.0.0) is not tolerated here. This op-
d
tion was introduced in RFC2132 but was
obsoleted by the Classless Static Route Op-
tion (option 121).
Subnet-mask 1 IP address The subnet mask for the network segment to
which the client is connected.
Tcp-keepalive 39 boolean Specifies if the client must send a garbage
garbage byte with a keepalive message.
Tcp-keepalive-interval 38 duration (in The time to wait before sending a keep alive
seconds) message on a TCP connection.
Trailer-encapsulation 34 boolean Specifies if the client must negotiate the use
e
of trailers with ARP defined in RFC893 .
a
Available on the IETF website: http://tools.ietf.org/html/rfc3442.
b
The usage of this parameter is not advised, as the first response received is taken into account and is not necessarily
correct.
c
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc1256.
d
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc2132.
e
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc893.

Servers Options
Table A.7. The Server Options
Name Code Value type Description
a
Cookie-servers 8 list of IP addresses Lists the cookie servers (RFC865) available
for this client. These servers are listed by or-
der of preference.
Finger-servers 73 list of IP addresses List of Finger servers. These servers are
sorted by order of preference.
Font-servers 48 list of IP addresses Lists the system-X Windows font servers
available for this client. These servers are
sorted by order of preference.

949
 DHCP Options

Name Code Value type Description

Ien116-name-servers 5 list of IP addresses IEN 116 name servers list for this client.
These servers must be sorted by preference
order.
Impress-server 10 list of IP addresses Lists the Imagen Impress servers available
for this client. These servers are listed by or-
der of preference.
Irc-servers 74 list of IP addresses List of Internet Relay Chat server.
Log-servers 7 list of IP addresses Lists the UDP log servers (MIT-LCS syslog),
available for this client. These servers are
listed by order of preference.
b
Lpr-servers 9 list of IP addresses Lists the printer servers (RFC1179) available
for this client. These servers are listed by or-
der of preference.
Mobile-ip-home-agent 68 list of IP addresses List the mobile IP home agent.
Nis-servers 41 list of IP addresses Lists the IP of NIS servers available for the
client. The servers can be sorted by order of
preference.
Nis-plus-servers 65 list of IP addresses Lists the IP addresses of NIS+ servers avail-
able for the client. The servers can be sorted
by order of preference.
Ntp-servers 42 list of IP addresses Lists the NTP news servers. These servers
are sorted by order of preference.
Nntp-servers 71 list of IP addresses Lists the NNTP news servers. These servers
are sorted by order of preference.
Pop3-servers 70 list of IP addresses Lists the POP3 message servers. These
servers are sorted by order of preference.
c
Ressource-location- 11 list of IP addresses Lists the resource servers (RFC887) avail-
servers able for this client. These servers are listed
by order of preference.
Smtp-servers 69 list of IP addresses Lists the SMTP message servers. These
servers are sorted by order of preference.
Streettalk directory 76 list of IP addresses Lists the IP addresses in order of preference
assistance server for STDA servers available to the client.
Street-talk-servers 75 list of IP addresses Lists the StreetTalk servers. These servers
are sorted by order of preference.
Tftp-server-name 66 list of IP addresses Name of the TFTP server to use when the
Sname field is used to carry Options.
www-servers 72 list of IP addresses Lists the WEB servers.
X-display-manager 49 list of IP addresses Lists the X Window XDM system servers.
These servers are sorted by order of prefer-
ence.
a
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc865.
b
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc1179.
c
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc887.

950
 DHCP Options

BOOTP Compatibility Options

Table A.8. The BOOTP Compatibility Options
Name Code Value type Description
Boot-size 13 number Length in block of 512 bytes of the boot image
file for this client.
Boot-filename 67 number Name of the boot file to use when the File
field is used to carry options.
a
Cookie-servers 8 list of IP addresses List the Cookie servers (RFC865) available.
These servers are sorted by order of prefer-
ence.
Domain-name-servers 6 list of IP addresses Lists the domain name servers (DNS), avail-
able for this client. These servers are listed
by order of preference.
Extensions-path 18 path Name of the file containing additional options
b
to be interpreted according to the RFC2132
format.
Impress-server 10 list of IP addresses Lists the Imagen Impress servers available
for this client. These servers are listed by or-
der of preference.
Merit-dump 14 path Path of file in which the client must copy the
memory image in the event of a crash. This
path is constituted by a set of NVT ASCII
characters.
c
Ressource-location- 11 list of IP addresses Lists the resource servers (RFC887) , avail-
servers able for this client. These servers are listed
by order of preference.
Root-path 17 path Path of the disk route for this client. This path
is constituted by a set of NVT ASCII charac-
ters.
Filename N/A file name Name of the boot file to use when the field is
used to carry options.
Next-server N/A hostname or IP ad- this options allows to specify the host address
dress of the server from which the initial boot file
(specified in the filename statement) has to
be loaded. Server-name should be a numeric
IP address or a domain name. If no next-
server parameter applies to a given client, the
DHCP server's IP address is used. Some cli-
ents prefer to receive the server name in the
server-name option.
Server-name N/A text (name) this statement can be used to inform the client
of the name of the server from which it is
booting. This name should be the same than
the one provided to the client.
Swap-server 16 IP address Swap server.

951
 DHCP Options

Name Code Value type Description

Time-offset 2 duration (in Time offset from UTC (Coordinated Universal
seconds) Time).
Time-servers 4 IP address Time server available for this DHCP client.
a
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc865.
b
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc2132.
c
For more details, refer to the IETF website: http://tools.ietf.org/html/rfc887.

DHCP Packet Fields Options

Table A.9. The Packet Fields Options
Name
DHCP client identifier
DHCP parameter re-
quest list
Dhcp-rebinding-time
Dhcp-renewal-time
Dhcp-server-identifier
User-class
Vendor-class-identifier
Vendor-encapsulated-
options
Code Value type Description
61 text For client that want uses the different identifi-
er, DHCP defines the client identifier option.
This option tells the server to use the value
in the option to identify the client, rather than
using the client MAC address.
55 list of numbers Used by a DHCP client to request specific
option type values from the DHCP server.
Each option type is requested and listed by
a number value containing a valid or recog-
nized DHCP option code for the server.
59 duration (in Specifies the time interval from address as-
seconds) signment until the client transitions to the
REBINDING state.
58 duration (in Specifies the time interval from address as-
seconds) signment until the client transitions to the
RENEWING state.
54 IP address The identifier is the IP address of the selected
server.
77 text Information on the client class.
60 text This option is used by DHCP clients to option-
ally identify the vendor type and configuration
of a DHCP client.
63 provided by the this options allows to use encapsulated op-
vendor tions provided by your vendor and can contain
either a single vendor-specific value or one
or more vendor-specific sub-options. This
option is not normally specified in the DHCP
server configuration file - instead, a vendor
class is defined for each vendor, vendor class
sub-options are defined, values for those sub-
options are defined, and the DHCP server
makes up a response on that basis. The value
type and options will depend on the vendor.

952
 DHCP Options

Microsoft DHCP Client Options

Table A.10. Microsoft DHCP Client Options
Name Code Value type Description
dhcp-lease-time 51 duration (in This option is used in a client request (DHCP-
seconds) DISCOVER or DHCPREQUEST) to allow the
client to request a lease time for the IP ad-
dress.
dhcp-rebinding-time 59 duration (in specifies the time interval from address assign-
seconds) ment until the client transitions to the REBIND-
ING state.
dhcp-renewal-time 58 duration (in specifies the time interval from address assign-
seconds) ment until the client transitions to the RENEW-
ING state.
dhcp-server-identifier 54 address the identifier is the IP address of the selected
server.
domain name 15 name specifies the domain name that client should
use when resolving hostnames via the Do-
main Name System.
domain-name-servers 6 list of IP addresses specifies a list of Domain Name System name
servers available to the client. Servers should
be listed in order of preference.
Domain search list 135 list of domains In some circumstances, it is useful for the
DHCP client to be configured with the domain
a
search list.
b
netbios-name-servers 44 list of IP addresses the NetBIOS name server (NBNS) option
specifies a list of RFC1001 and RFC1002
NBNS name servers listed in order of prefer-
ence.
netbios-node-type 46 hexadecimal the NetBIOS node type option allows NetBIOS
over TCP/IP clients which are configurable to
be configured as described in RFC1001 and
RFC1002. Available values are: 0x1 = B-
node; 0x2 = P-node; 0x4 = M-node; 0x8 = H-
node
netbios-scope 47 name specifies the NetBIOS over TCP/IP scope
parameter for the client as specified in
RFC1001 and RFC1002.
Routers 3 list of IP addresses specifies a list of IP addresses for routers on
the client's subnet. Routers should be listed
in order of preference.
WWW proxy server 252 URL this option is used to automatically configure
proxy settings for the client's browser. Type
in the URL of the server that stores the inform-
ation.
a
Microsoft Windows 200x, XP do not support a list of domain search.
b
For more details, refer to the IETF website: RFC1001 is at http://tools.ietf.org/html/rfc1001 and RFC1002 at ht-
tp://tools.ietf.org/html/rfc1002.

953
 DHCP Options

NetWare Client Options

Table A.11. The NetWare Client Options
Name Code Value type Description
Nds-context 87 text Specifies the initial NDS context the client
should use.
Nds-servers 85 IP address specifies one or more NDS servers for the
client to contact for access to the NDS data-
base. Servers should be listed in order of
preference.
Nds-tree-name 86 name specifies the initial NDS context the client
should use.
Nwip-domain 62 name This option code is used to convey the Net-
Ware/IP domain name used by the Net-
Ware/IP product.
Slp-directory-agent 78 address IP Specifies the location of one or more SLP
Directory Agents.
Slp-service-scope 79 scope Indicates the scopes that a SLP Agent is
configured to use.

NIS/NISplus Options
Table A.12. The NIS/NISplus Options
Name Code Value type Description
Nis-domain 40 name Specifies the name of the client's NIS domain.
The domain is formatted as a character string
consisting of characters from the NVT ASCII
character set.
Nis-servers 41 list of IP addresses Lists the IP of NIS servers available for the
client. The servers can be sorted by order of
preference.
Nis-plus-domain 64 name Specifies the name of the client's NIS+ do-
main. The domain is formatted as a character
string consisting of characters from the NVT
ASCII character set.
Nis-plus-servers 65 list of IP addresses Specifies a list of IP addresses indicating
NIS+ servers available to the client. Servers
should be listed in order of preference.
Autoretries 8 provided by the This option specifies a list of Quote of the Day
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Autoretry secs 9 provided by the This option specifies a list of LPR servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Nearest nwip server 7 provided by the This option specifies a list of MIT-LCS UDP
vendor servers available to the client. The servers
SHOULD be listed in order of preference.

954
 DHCP Options

Name Code Value type Description

Nsq broadcast 5 provided by the This option specifies a list of Name servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Nwip 1 1 10 provided by the This option specifies a list of Imagen Impress
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Preferred dss 6 provided by the This option specifies a list of DNS servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Primary dss 11 provided by the This option specifies a list of RLP servers
vendor available to the client. The servers SHOULD
be listed in order of preference.

Miscellaneous
Table A.13. Other DHCP Options
Name Code Value type Description
Domain search 119 list of domains DNS domain search list.
Name service search 117 Name Service Search.

Vendor MSFT Options

Table A.14. The Vendor MSFT Options
Name Code Value type Description
Default routers TTL 3 list of IP addresses This option specifies a list of 32 bit IP ad-
dresses for routers on the client's subnet. The
routers SHOULD be listed in order of prefer-
ence.
Disable netbios 1 provided by the The subnet mask for the network segment to
vendor which the client is connected.
Release on shutdown 2 provided by the This option specifies the offset of the client's
vendor subnet in seconds from Coordinated Universal
Time (UTC).

Vendor Nwip Options

Table A.15. The Vendor Nwip Options
Name Code Value type Description
Autoretries 8 provided by the This option specifies a list of Quote of the Day
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Autoretry secs 9 provided by the This option specifies a list of LPR servers
vendor available to the client. The servers SHOULD
be listed in order of preference.

955
 DHCP Options

Name Code Value type Description

Nearest nwip server 7 provided by the This option specifies a list of MIT-LCS UDP
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Nsq broadcast 5 provided by the This option specifies a list of Name servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Nwip 1 1 10 provided by the This option specifies a list of Imagen Impress
vendor servers available to the client. The servers
SHOULD be listed in order of preference.
Preferred dss 6 provided by the This option specifies a list of DNS servers
vendor available to the client. The servers SHOULD
be listed in order of preference.
Primary dss 11 provided by the This option specifies a list of RLP servers
vendor available to the client. The servers SHOULD
be listed in order of preference.

956
Appendix B. MAC Address Types
References
This appendix lists all the MAC address types used in SOLIDserver that you can display on the
DHCP All statics page both in IPv4 and IPv6. There is a set of 31 different types of MAC addresses
that you can specify when adding or editing DHCP statics. Each type corresponds to a protocol
that has been assigned a reference number defined in the IANA Address Resolution Protocol
(ARP). In the GUI, this reference will add an extra byte at the beginning of the MAC addresses
listed in the default MAC address column of the All statics page. Typically, the MAC addresses
listed in this column will look as follows: <1_byte_MAC_type_reference>:<6_bytes_MAC_address>.

The different types of MAC addresses can be listed separately from the MAC address itself using
the DHCP static MAC type column. This column will display two columns: the MAC type column
that will display the MAC type code (except for Ethernet that will be listed in full letters) and the
MAC address column that will display the MAC address in its traditional format.

Note
Every reference is listed in hexadecimal form in the wizard. Therefore, the ARP
parameter 10 (for Autonet) is listed as 0a and so forth.

Table B.1. Supported MAC Address Types References

MAC type Reference
Unknown You can use any hexadecimal reference number, as long as it is
not already listed below.
Ethernet 01
Experimental ethernet 02
Amateur radio AX25 03
Proteon ProNET Token Ring 04
Chaos 05
Token Ring 06
ARCNET 07
FDDI 08
Lanstar 09
Autonet 0a
LocalTalk 0b
LocalNet 0c
Ultralink 0d
SMDS 0e
Frame Relay 0f
ATM 15
HDLC 11
Fibre Channel 12

957
 MAC Address Types References

MAC type Reference

Serial Line 14
MIL-STD-188-220 16
Metricom 17
IEEE 1394.1995 18
MAPOS 19
Twin Axial 1a
EUI-64 1b
HIPARP 1c
IP/ARP over ISO 7816-3 1d
ARPSec 1e
IPSec tunnel 1f
InfiniBand 20

958
Appendix C. DNS Resource Records
Related Fields
This appendix simply provides a table listing, record per record, the different fields to configure
when adding a resource record to a zone. For more details regarding each record specificities
and addition procedure, refer to the Adding a Resource Record section of this guide.

Table C.1. DNS Resources Records Related Fields Upon Addition

RR Type Related field(s) Syntax
NS DNS server Type in the DNS server hostname.
MX Preference Type a number, between 0 and 65535, that will define which
server will have priority if there are several RRs in the zone.
The lowest the value has the priority over the other server(s).
Mail server Type in the mail server hostname.
A IP address Type in the IPv4 Address of the host.
AAAA IPv6 address Type in the IPv6 Address of the host.
PTR Localization Type in the hostname that will be returned when the address
is queried.
CNAME Hostname Type in the hostname.
TXT Text Type in the description of your choice (max. 255 characters
including spaces).
SRV Priority Type a number, between 0 and 65535, that will define which
server will have priority if there are several SVR RRs in the
zone. The lowest the value has the priority over the other
server(s).
Weight Type a number, between 0 and 65535, that will define the
server weight. If two SRV RRs have the same priority, the
weight will define which server will be more used. The greater
the value in the weight field is, the more the server is solicited.
Basically, it gives priority to the SRV RR with the greatest
weight value. If you type in 0, there is no weighting.
Ports Type in the port number that delivers the service to the target.
Target Type in the hostname of the server delivering the service.
HINFO CPU Select in the drop-down list the CPU description. If yours is
not listed, type it in the field and let the default value in the list
(Other).
OS Select in the drop-down list the OS. If yours is not listed, type
it in the field and let the default value in the list (Other).
MINFO Responsible email Type in the email address of the administrator of the mail list.
Error email Type in the email address that will receive the error messages
regarding the mail list.
DNAME Domain Type in the domain name of a subdomain of the zone.
AFSDB Preference Type the version of AFS service used: 1 (AFS version 3.0) or
2 (OSF DCE/NCA version).

959
 DNS Resource Records Related
Fields

RR Type Related field(s) Syntax

AFS server Type in the AFS hostname.
a
NAPTR Order Type a number, between 0 and 65535, that will define which
RR will have priority if there are several NAPTR RRs in the
zone. The lowest the value has the priority over the other re-
cord(s).
Preference Type a number, between 0 and 65535, that will define which
RR will have priority if there are several NAPTR RRs have the
same order in the zone. The lowest the value has the priority
over the other record(s).
Flags Type in the string that corresponds to the action you want your
client application to perform.
Services Type in the services parameters needed according to your
client application syntax.
Regex Type in the string that contains a substitution expression that
will be applied to the original string specified in the field Flags.
Replace Type in the FQDN domain name that will be queried when
looking for the potential data specified in the Flags field.
NSAP Name Type in the NSAP address of the end system. It should start
with 0x and not exceed 255 hexadecimal characters separated
by dots.
DS Key Tag Type in the parent zone DS key tag.
Key Algorithm Type in the parent zone DS algorithm key.
Digest Type Type in the parent zone DS digest type.
Digest Type in the parent zone DS digest.
DNSKEY Flags Type in or paste the zone key flag.
Protocol Type in or paste the protocol value.
Algorithm Type in or paste the public key's cryptographic algorithm.
Key Type in or paste the public key material.
WKS IP address Type in the IPv4 Address of the host that contains the services
listed in the Services field.
Protocol Type in TCP or UDP.
Services Type in the list of needed services.
a
The NAPTR RR is described in the RFC 3403, available on the IETF website: http://tools.ietf.org/html/rfc3403.
[http://tools.ietf.org/html/rfc3403]

960
Appendix D. User Tracking Services
Filter
This appendix provides a list of the available filters in the Services drop-down list of the page
User Tracking. For more details regarding this page, refer to the section User Tracking.

Table D.1. The Services Drop-down List Available Filters

Services Description
DHCP All the DHCP services
DHCP server All the DHCP server related operations
Add: DHCP servers All the DHCP server additions and editions
Add: DHCPv6 servers All the DHCPv6 server additions and editions
Delete: DHCP servers All the DHCP server deletions
Delete: DHCPv6 servers All the DHCP server deletions
DHCP scope All the DHCP scope related operations
Add: DHCP scopes All the DHCP scope additions and editions
Add: DHCPv6 scopes All the DHCPv6 scope additions and editions
Delete: DHCP scopes All the DHCP scope deletions
Delete: DHCPv6 scopes All the DHCPv6 scope deletions
DHCP range All the DHCP range related operations
Add: DHCP ranges All the DHCP range additions and editions
Add: DHCPv6 ranges All the DHCPv6 range additions and editions
Delete: DHCP ranges All the DHCP range deletions
Delete: DHCPv6 ranges All the DHCPv6 range deletions
DHCP static All the DHCP static related operations
Add: DHCP static All the DHCP static additions and editions
Add: DHCPv6 static All the DHCPv6 static additions and editions
Delete: DHCP statics All the DHCP static deletions
Delete: DHCPv6 statics All the DHCPv6 static deletions
DHCP option All the DHCP option related operations
Add: DHCP options All the DHCP option additions and editions
Add: DHCPv6 options All the DHCPv6 option additions and editions
Delete: DHCP options All the DHCP option deletions
Delete: DHCPv6 options All the DHCPv6 option deletions
IPAM All the IPAM services
Space All the IP space related operations
Add: spaces All the IP space additions and editions
Delete: spaces All the IP space deletions
Block All the block related operations

961
 User Tracking Services Filter

Services Description
Add: IPv4 blocks All the IPv4 block additions and editions
Add: IPv6 blocks All the IPv6 block additions and editions
Delete: IPv4 blocks All the IPv4 block deletions
Delete: IPv6 blocks All the IPv6 block deletions
Subnet All the subnet related operations
Add: IPv4 subnets All the IPv4 subnet additions and editions
Add: IPv6 subnets All the IPv6 subnet additions and editions
Delete: IPv4 subnets All the IPv4 subnet deletions
Delete: IPv6 subnets All the IPv6 subnet deletions
Pool All the pool related operations
Add: IPv4 pools All the IPv4 pool additions and editions
Add: IPv6 pools All the IPv6 pool additions and editions
Delete: IPv4 pools All the IPv4 pool deletions
Delete: IPv6 pools All the IPv6 pool deletions
Address All the IP address related operations
Add: IPv4 addresses All the IPv4 address additions and editions
Add: IPv6 addresses All the IPv6 address additions and editions
Delete: IPv4 addresses All the IPv4 address deletions
Delete: IPv6 addresses All the IPv6 address deletions
Alias All the aliases related operations
Add: aliases to IPv4 addresses All the IPv4 alias additions and editions
Add: aliases to IPv6 addresses All the IPv6 alias additions and editions
Delete: Pv4 addresses aliases All the IPv4 alias deletions
Delete: IPv6 addresses aliases All the IPv6 alias deletions
DNS All the DNS services
DNS server All the DNS server related operations
Add: DNS servers All the DNS server additions and editions
Delete: DNS servers All the DNS server deletions
DNS zone All the DNS zone related operations
Add: DNS zones All the DNS zone additions and editions
Delete: DNS zones All the DNS zone deletions
DNS RR All the DNS record related operations
Add: DNS RRs All the DNS record additions and editions
Delete: DNS RRs All the DNS record deletions
Rule All the rule related operations
Add: rules All the rule additions and editions
Delete: rules All the rule deletions
Group All the group of users related operations

962
 User Tracking Services Filter

Services Description
Add: groups All the group of users additions and editions
Delete: groups All the group deletions
Users Add: user as group resource All the additions of users as resource of a group
Users Remove: user from group re- All the deletions of users from the resources of a group
source
User All the users related operations
Users Add: users All the user additions and editions
Users Delete: users All the user deletions
System All the system related operations
Install: Packages All the operations related to package installation
Uninstall: Packages All the operations related to package uninstallation
Class All the Class Studio related operations
Add: classes All the class additions and editions
Delete: classes All the class deletions

963
Appendix E. Class Studio Pre-defined
Variables
This appendix provides a list of the available Class Studio pre-defined variables. For more details
regarding the addition details, refer to the section Pre-defined variable of the chapter Class Studio.

Table E.1. Predefined Variables Classes

Name The variable must be used in
USER_SOURCE_TYPE Rights & delegation user classes.
USER_HIDE_PARAM Rights & delegation user classes.
IP_MANDATORY_MAC_ADDR IPAM address and address (v6) classes.
IP_NOT_EDITABLE_MAC_ADDR IPAM address and address (v6) classes.
DHCP_STATIC_NOT_EDITABLE_MAC_ADDR DHCP static and DHCPv6 static classes.
WORKFLOW_REQUEST_HIDE_ACTION Workflow request classes.
WORKFLOW_REQUEST_HIDE_ATTACH_TO Workflow request classes.
WORKFLOW_REQUEST_HIDE_SOURCE Workflow request classes.
WORKFLOW_ADD_TICKET_SPACE IPAM space classes.
WORKFLOW_ADD_TICKET_BLOCK IPAM block classes, IPv4 only.
WORKFLOW_ADD_TICKET_SUBNET IPAM subnet classes, IPv4 only.
WORKFLOW_ADD_TICKET_POOL IPAM pool classes, IPv4 only.
WORKFLOW_ADD_TICKET_ADDRESS IPAM address classes, IPv4 only.
WORKFLOW_ADD_TICKET_DNSZONE DNS zones classes.
FORCE_SUBNET_PREFIX IPAM subnet and subnet (v6) classes.
HIDE_IP_ALIAS IPAM address and address (v6) classes.
HOSTDEV_IS_SWITCH Device Manage device classes.
NO_SPACE_FATHER_VLSM IPAM space classes.
NO_VLSM_SUBNET IPAM subnet and subnet (v6) classes.
BLOCK_TYPE IPAM block classes, IPv4 only.

To properly configure the pre-defined variables value and understand the purpose of each one
of them, follow the description below.

USER_SOURCE_TYPE
This variable allows to specify the user source.

Value: local, param, pam or rule.

USER_HIDE_PARAM
This variable allows to create users using only a login (through the usr login field). On the
user addition wizard, the Password, Confirm password, Email, Login URL and Maintainer
group fields are hidden.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.

964
 Class Studio Pre-defined Variables

IP_MANDATORY_MAC_ADDR
This variable allows to make the MAC address field mandatory in the IPv4 and IPv6 address
addition and edition wizards.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
IP_NOT_EDITABLE_MAC_ADDR
This variable allows to prevent users from editing the MAC address field in the IPv4 and IPv6
address addition and edition wizards.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
DHCP_STATIC_NOT_EDITABLE_MAC_ADDR
This variable allows to prevent users from editing the MAC address field in the DHCP static
addition and edition wizards.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_ACTION
This variable allows to hide the Action requested field in the Workflow outgoing requests
addition wizard.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_ATTACH_TO
This variable allows to hide the Attach to drop-down list in the Workflow outgoing requests
addition wizard.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_REQUEST_HIDE_SOURCE
This variable allows to hide the Requesting user field in the Workflow outgoing requests ad-
dition wizard.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_SPACE
This variable allows to associate a Workflow request with a space directly from the addition/edi-
tion wizard in the IPAM.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_BLOCK
This variable allows to associate a Workflow request with a block directly from the addition/edi-
tion wizard in the IPAM.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_SUBNET
This variable allows to associate a Workflow ticket with a subnet directly from the addition/edi-
tion wizard in the IPAM.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_POOL
This variable allows to associate a Workflow ticket with a pool directly from the addition/edition
wizard in the IPAM.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.

965
 Class Studio Pre-defined Variables

WORKFLOW_ADD_TICKET_ADDRESS
This variable allows to associate a Workflow ticket with an IP address directly from the addi-
tion/edition wizard in the IPAM.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
WORKFLOW_ADD_TICKET_DNSZONE
This variable allows to associate a Workflow ticket with a zone directly from the addition/edition
wizard in the DNS.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
FORCE_SUBNET_PREFIX
This variable allows to force the value of a subnet prefix in the addition wizard. For more
details, refer to the Force prefix section of this guide.

Value: the prefix of your choice following the format <number>. Leave the field empty to
disable the variable.
HIDE_IP_ALIAS
This variable allows to hide the Aliases configuration page in the IP address addition wizard.
For more details, refer to the Configuring IP Address Aliases section of this guide.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
HOSTDEV_IS_SWITCH
This variable allows to specify that a device is a switch in the module Device manager.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
NO_SPACE_FATHER_VLSM
This variable allows to prevent a space from being affiliated with a parent space in the space
addition wizard.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
NO_VLSM_SUBNET
This variable allows to prevent users from setting a subnet as non-terminal in the subnet
addition wizard. The Terminal subnet checkbox is hidden.

Value: 1 (one) to enable the variable. Leave the field empty to disable it.
BLOCK_TYPE
This variable allows to set manually the start and end address of a block, like you are able
to when creating DHCP ranges or IPAM pools.

Value: range to enable the variable. Leave the field empty to disable it.

966
Appendix F. Matrices of Network Flows
Table of Contents
IPAM Network Flows ...................................................................................................... 968
DHCP Network Flows .................................................................................................... 969
SOLIDserver DHCP .............................................................................................. 969
Windows 2000, 2003, 2008 DHCP Agent ................................................................ 970
Windows 2000, 2003, 2008 DHCP Agentless .......................................................... 971
DNS Network Flows ...................................................................................................... 972
SOLIDserver DNS ................................................................................................. 972
Windows 2000, 2003, 2008 DNS ............................................................................ 973
Windows 2000, 2003, 2008 DNS Agentless ............................................................ 974
NetChange Network Flows ............................................................................................ 975
High Availability Management Network Flows .................................................................. 976

967
 Table F.1. List of Network Flows for SOLIDserver IPAM
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
web Client web any SOLIDserver 80 TCP HTTP Graphic User Interface (WEB)
IPAM
web Client web any SOLIDserver 443 TCP HTTPS Graphic User Interface (WEB)
IPAM
DNS SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM Network Flows

IPAM
DNS SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management
NTP client SOLIDserver any NTP server 123 UDP NTP Required for ActiveDirectory

968
IPAM
TFTP Client any SOLIDserver 69 UDP TFTP Required for client for the file transfer
NTP server Client any SOLIDserver 123 UDP NTP Optional service
LDAP server SOLIDserver any LDAP 380 TCP LDAP Accounting
Matrices of Network Flows

IPAM
GSS - TSIG SOLIDserver any LDAP 389 TCP LDAP Authentication for MS DNS Update
IPAM
 Table F.2. List of Network Flows for SOLIDserver DHCP
Component Address src Port Address dst Port UDP Protocol Notes
src dst TCP
SOLIDserver SOLIDserver any DHCP 1162 UDP SNMP SNMP v1, v2c, v3
IPAM IPAM
SOLIDserver DHCP

DHCP eip DHCP master any DHCP slave 647 TCP Failover Failover and load sharing
SOLIDserver DHCP any DNS 162 UDP SNMP Send a trap on event
IPAM TRAP
DHCP Network Flows

DHCP DHCP slave any DHCP master 847 TCP Failover DHCP failover channel
NTP client DHCP any NTP server 123 UDP NTP Required to synchronize DHCP failover
NTP server Client any SOLIDserver 123 UDP NTP Optional service
SYSLOG DHCP any SYSLOG 514 UDP SYSLOG Syslog network redirection on SOLIDserver
TFTP Client any SOLIDserver 69 UDP TFTP Required for client for the file transfer

969
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management
DHCP DHCP - Client DHCP - ICMP PING/ECHO Ping direct
DHCP Client DHCP - DHCP - ICMP Reply Ping direct
Matrices of Network Flows

DHCP Client DHCP 68 DHCP 67 UDP DHCP Required for DHCP service
DHCP DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
DHCPv6 Client DHCP 546 DHCP 547 UDP DHCP Required for DHCPv6 service
DHCPv6 DHCP 547 Client DHCP 546 UDP DHCP Required for DHCPv6 service
 Table F.3. List of Network Flows for Microsoft DHCP with the EfficientIP DHCP Agent
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any WinDHCP 4000 TCP WINDHCP Required for DHCP management
IPAM IPAM
DHCP Client DHCP 68 MS DHCP 67 UDP DHCP Required for DHCP service
DHCP MS DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
Windows 2000, 2003, 2008 DHCP Agent

970
Matrices of Network Flows
 Table F.4. List of Network Flows for Microsoft Agentless DHCP
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
DHCP Client DHCP 68 DHCP 67 UDP DHCP Required for DHCP service
DHCP DHCP 67 Client DHCP 68 UDP DHCP Required for DHCP service
SOLIDserver SOLIDserver any MS DHCP 135 TCP MSRPC Microsoft Remote Procedure Calls (MSRPC)
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 136 UDP/TCP profile PROFILE Naming System
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 137 UDP/TCP netbios-ns NETBIOS Name Service
IPAM IPAM
SOLIDserver SOLIDserver any MS DHCP 138 UDP/TCP netbios-dgm NETBIOS Datagram Service
IPAM IPAM

971
Windows 2000, 2003, 2008 DHCP Agentless
Matrices of Network Flows
 Table F.5. List of Network Flows for SOLIDserver DNS
Component Address src Port Address dst Port UDP Protocol Notes
src dst TCP
SOLIDserver SOLIDserver any DNS 53 UDP/TCP DNS DNS resolution and DDNS update
SOLIDserver DNS

IPAM IPAM (RFC2136)

SOLIDserver SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM IPAM
SOLIDserver SOLIDserver any DNS 1161 UDP SNMP SNMP v1, v2c, v3
DNS Network Flows

IPAM IPAM
NTP client DNS any NTP server 123 UDP NTP Required to synchronize DNS clock
NTP server Client any SOLIDserver 123 UDP NTP Optional service
SYSLOG DNS any SYSLOG 514 UDP SYSLOG Syslog network redirection on SOLIDserver
SSHv2 Client any SOLIDserver 22 TCP SSH Optional for the management

972
DNS DNS any DNS 53 UDP/TCP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
a
DNS DNS 53 DNS 2053 UDP DNS DNS notify
Matrices of Network Flows

DNS DNS any SOLIDserver 162 UDP TRAP Send a trap on event
HSM HSM any SOLIDserver 9004 UDP/TCP nCipher Required for DNSSEC signing with HSM
HSM HSM any SOLIDserver 9004 UDP/TCP nCipher Required for DNSSEC signing with HSM
a
The port number 2053 is used to send notify from the DNS server to the management plateform. This notify can be configured to speed up the RR upload on DNS
zone change.
 Table F.6. List of Network Flows for Microsoft DNS
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM IPAM
SOLIDserver SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM IPAM
DNS DNS any DNS 53 UDP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
SOLIDserver SOLIDserver any WinDNS 4001 TCP WinDNS Required for MS DNS management
Windows 2000, 2003, 2008 DNS

IPAM IPAM
GSS - TSIG SOLIDserver any LDAP 389 TCP LDAP Authentication for MS DNS Update
IPAM

973
Matrices of Network Flows
 Table F.7. List of Network Flows for Microsoft Agentless DNS
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
SOLIDserver SOLIDserver any DNS 53 UDP DNS DNS resolution and DDNS update (RFC2136)
IPAM IPAM
SOLIDserver SOLIDserver any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
IPAM IPAM
DNS DNS any DNS 53 UDP DNS DNS resolution
DNS DNS any DNS 53 TCP DNS DNS transfer (IXFR/AXFR)
SOLIDserver SOLIDserver any MS DNS 135 TCP MSRPC Microsoft Remote Procedure Calls (MSRPC)
IPAM IPAM
SOLIDserver SOLIDserver any MS DNS 136 UDP/TCP profile PROFILE Naming System
IPAM IPAM

974
SOLIDserver SOLIDserver any MS DNS 137 UDP/TCP netbios-ns NETBIOS Name Service
Windows 2000, 2003, 2008 DNS Agentless

IPAM IPAM
SOLIDserver SOLIDserver any MS DNS 138 UDP/TCP netbios-dgm NETBIOS Datagram Service
IPAM IPAM
Matrices of Network Flows
 Table F.8. List of Network Flows for SOLIDserver NetChange
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
Network device SOLIDserver any Network 161 UDP SNMP SNMP v1, v2c, v3
IPAM
DNS Server SOLIDserver any DNS 53 UDP DNS DNS resolution
IPAM
NetChange Network Flows

975
Matrices of Network Flows
 Table F.9. List of Network Flows for SOLIDserver High Availability
Component Address src Port src Address dst Port dst UDP Protocol Notes
TCP
The Hot Standby checks every 10 seconds if
SOLIDserver SOLIDserver the Master is still running (what is called the
Web service any 443 TCP HTTPS
Hot Standby Master Heartbeat) and if not is ready to switch to
Master.
The Master answers to the Hot standby and
SOLIDserver SOLIDserver
Web service any 443 TCP HTTPS let it know if it is still running or has to become
Master Hot Standby
the Hot Standby.
Database replica- SOLIDserver SOLIDserver The Hot Standby replicates the Master data-
any 5432 TCP PostgreSQL
tion Hot Standby Master base in real time.
The Master sends any new data to the Hot
Standby database in real time. This way, in
Database replica- SOLIDserver SOLIDserver

976
any 5432 TCP PostgreSQL case of a switch, the new Master does not
tion Master Hot Standby
contain less data than the former master appli-
ance.
Matrices of Network Flows

High Availability Management Network Flows

Appendix G. Configuring Radius
Table of Contents
Configuring FreeRadius ................................................................................................. 977
Configuring the Radius Server ............................................................................... 977
Configuring a FreeRadius server with SOLIDserver ................................................. 977
Configuring Radius with Cisco ACS ................................................................................ 978

Configuring FreeRadius
Configuring the Radius Server
The Radius server must be configured with the addresses of the SOLIDserver (the Radius 'clients')
that will connect to it. The Efficientip vendor number is 2440.

The efficientip dictionary must be configured to send back the following attributes:

Table G.1. EfficientIp dictionary: Attributes to be returned

Attribute Code Type
efficientip-version 1 integer
efficientip-service-class 2 integer
efficientip-identity-type 3 integer
efficientip-first-name 16 string
efficientip-last-name 17 string
efficientip-pseudonym 18 string
efficientip-ip-host 19 string
efficientip-email 20 string
efficientip-first-login-path 32 string
efficientip-maintainer-group 33 string
efficientip-groups 34 string
efficientip-admin-group 35 string
efficientip-extra-blob 64 string

Configuring a FreeRadius server with SOLIDserver

Four files are needed for this configuration: the dictionary.efficientip file, the clients.conf file, the
huntgroups file and the users file. The users files is only necessary for the LDAP protocol.

dictionary.efficientip
#Dictionnary for efficientip

VENDOR efficientip 2440

BEGIN-VENDOR efficientip

ATTRIBUTE efficientip-version 1 integer

977
 Configuring Radius

ATTRIBUTE efficientip-service-class 2 integer

ATTRIBUTE efficientip-identity-type 3 integer
ATTRIBUTE efficientip-first-name 16 string
ATTRIBUTE efficientip-last-name 17 string
ATTRIBUTE efficientip-pseudonym 18 string
ATTRIBUTE efficientip-ip-host 19 string
ATTRIBUTE efficientip-email 20 string
ATTRIBUTE efficientip-first-login-path 32 string
ATTRIBUTE efficientip-maintainer-group 33 string
ATTRIBUTE efficientip-groups 34 string
ATTRIBUTE efficientip-admin-group 35 string
ATTRIBUTE efficientip-extra-blob 64 string

END-VENDOR efficientip

clients.conf
client 192.168.1.5 {
secret = mysecretpassword
shortname = solideserver
}

huntgroups
eip NAS-IP-Address == 192.168.1.5

users
DEFAULT Huntgroup-Name == eip, LDAP1-Ldap-Group == "cn=MLM.ACCES.ECRITURE.SWITCH,ou=securitygroups,
o=myorganization", Auth-Type := LDAP1
efficientip-groups = "admin-rw",
Fall-Through = no

Configuring Radius with Cisco ACS

With SOLIDserver you can configure a Radius server a Cisco Secure Access Control Server
(ACS). To do so, define the EfficientIP RADIUS vendor and VSA set in a RADIUS vendor/VSA
import file named efficientip.ini, then follow the procedure below.

In the following example, you define a RADIUS vendor/VSA import file that has EfficientIP as a
vendor and 2440 as IETF number:

978
 Configuring Radius

Example G.1. The content of an efficientip.ini RADIUS vendor/VSA import file

[User Defined Vendor] Name=EfficientIP IETF Code=2440
VSA 1=efficientip-version
VSA 2=efficientip-service-class
VSA 3=efficientip-identity-type
VSA 16=efficientip-first-name
VSA 17=efficientip-last-name
VSA 18=efficientip-pseudonym
VSA 19=efficientip-ip-host
VSA 20=efficientip-email
VSA 32=efficientip-first-login-path
VSA 33=efficientip-maintainer-group
VSA 34=efficientip-groups
VSA 35=efficientip-admin-group
VSA 64=efficientip-extra-blob

[efficientip-version]
Type=INTEGER
Profile=OUT

[efficientip-service-class]
Type=INTEGER
Profile=OUT

[efficientip-identity-type]
Type=INTEGER
Profile=OUT

[efficientip-first-name]
Type=STRING
Profile=OUT

[efficientip-last-name]
Type=STRING
Profile=OUT

[efficientip-pseudonym]
Type=STRING
Profile=OUT

[efficientip-ip-host]
Type=STRING
Profile=OUT

[efficientip-email]
Type=STRING
Profile=OUT

[efficientip-first-login-path]
Type=STRING
Profile=OUT

[efficientip-maintainer-group]
Type=STRING
Profile=OUT

[efficientip-groups]
Type=STRING
Profile=MULTI OUT

[efficientip-admin-group]
Type=STRING
Profile=OUT

[efficientip-extra-blob]
Type=STRING
Profile=OUT

To configure Cisco ACS with Radius

1. On the computer running ACS, open an MS-DOS command prompt.

2. Change directories until you get to the directory containing the CSUtil.exe file. For more details
regarding this file's location, please refer to the Cisco ACS documentation.

979
 Configuring Radius

3. Once you are in the right directory, execute the command below:
CSUtil.exe -addUDV 5 efficientip.ini

In this command, the number 5 is an unused ACS RADIUS vendor slot number and efficien-
tip.ini is the name of the EfficientIP’s RADIUS vendor/VSA import file you created earlier.
4. Press Enter. A CSUtil.exe confirmation prompt appears.
5. Confirm that you want to add the RADIUS vendor and halt all ACS services during the pro-
cess, type Y and press Enter. CSUtil.exe halts ACS services, parses the vendor/VSA input
file, and adds the new RADIUS vendor and VSAs to ACS. This process may take a few
minutes. After it is complete, CSUtil.exe restarts ACS services.

980
Appendix H. SPX
Table of Contents
Prerequisites ................................................................................................................. 981
Enabling the SPX Classes ............................................................................................. 982
Enabling the SPX Rules ................................................................................................. 982
Managing your RIPE Network With SOLIDserver ............................................................. 982
Configuring the Connection to the RIPE .................................................................. 983
Importing Your Network Objects ............................................................................. 986
Adding RIPE Objects From the GUI ........................................................................ 989
Editing RIPE Objects From the GUI ........................................................................ 995
Deleting RIPE Objects From the GUI ...................................................................... 998
Making Sure the RIPE Received Your Changes ..................................................... 1000
Validating a New Assignment Window ................................................................... 1000
Editing the Connection to the RIPE ....................................................................... 1001

The Service Provider eXtension (SPX) is a module that can be integrated to the IPAM through
a dedicated licence option. It can assist Local Internet Registry (LIR) declarations as it allows to
manage the complete life cycle of the IP address networks allocated to you by a Regional Internet
Registry (RIR) member.

From SOLIDserver GUI, you can manage your networks whether they were allocated to you by
the RIPE (Réseaux IP Européens).

Prerequisites
To properly use the SPX module you must:

1. Purchase the SPX licence option.

To make sure you do have this licence option, the administrator can go to the Administration
homepage and in the menu select System > Licences. In the Activation keys panel, all the li-
cence options are listed: SPX must be listed.
2. Configure SOLIDserver to match your network organization:
a. Enabling the dedicated classes.
b. Enabling the dedicated rules.
c. Providing your RIR network details to SOLIDserver and then add or import the relevant
data (users, ranges of IP addresses...).
3. Edit the subnets in the GUI: the licence automatically sends your information to the relevant
RIR member.

No matter what RIR you depend on, there is only one wizard to configure SOLIDserver. Once
SPX is properly set and matches your network, only subnets can be added and edited: their
containers are managed by the RIR itself. Whenever you add or edit subnets through the GUI,
an email is sent to your RIR.

981
 SPX

Enabling the SPX Classes

To properly configure SOLIDserver to manage RIR networks, you need to enable the default
SPX classes provided. Even though their default name contains the keyword RIPE in the GUI,
they allow to add extra fields and options that assist you into managing RIPE networks.

To enable SPX classes

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the Customization section, click on the Class Studio icon. The Class Studio listing page
opens.
3. In the Directory column filtering field, type in SPX. Only the default SPX classes are listed.
4. Next to the Name column tick the checkbox, all the classes of the directory are selected.
5. In the menu, select Edit > Enable class. The Enable class wizard opens.
6. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The classes are marked as Enabled in the Status column.

Enabling the SPX Rules

Once the SPX classes are enabled, you must enable the default SPX rules. They all belong to
the RIPE module in the GUI.

These rules are designed to automate the communication with the RIPE: send your changes and
receive the RIPE answers.

To enable SPX rules

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. In the menu, select System > Expert > Rules. The Rules list opens.
3. In the Module column filtering field, type in RIPE. The SPX rules are listed.
4. Next to the Name column tick the checkbox, all the classes of the module are selected.
5. In the menu, select Edit > Enable. The Enable wizard opens.
6. Click on OK to commit your configuration. The report opens and closes, the page refreshes.
The rules are marked as OK in the Status column.

Managing your RIPE Network With SOLIDserver

Once you enabled the required rules and classes, you must configure SOLIDserver to:

1. Configure SOLIDserver to retrieve RIPE organization details and send out the changes per-
formed in the GUI.
2. Import your network details (blocks, inetnums, users) to have a complete overview from the
GUI.
3. Manage your network from the GUI: edit, create and delete persons, inetnums, inet6nums,
aut-nums...

982
 SPX

1
SOLIDserver supports Provider Aggregatable and Provider Independent addresses . You can
import or add them using dedicated classes available for blocks and inetnums.

The procedures of this section describe the fields configured in the default RIPE classes. If your
administrator configured specific RIPE classes, there might be extra fields that are not detailed
in this guide.

Configuring the Connection to the RIPE

To configure SOLIDserver with your RIPE details, a configuration wizard is available on the IPAM
homepage.

It allows you provide your RIPE organization details and set up management preferences using
SOLIDserver classes. These classes apply to IPv4 and IPv6 blocks, IPv4 and IPv6 subnets (in-
etnums), autnums and finally users. So before you start the configuration make sure that:

• you have all your RIPE network details: maintainer, organization, registry identifier, administrator
contact (admin-c) and user contact (person).
• your RIPE classes and rules are enabled. If you did not enable the RIPE classes, you cannot
finish the configuration.

Keep in mind that this configuration wizard allows to configure your RIPE database as well as
your TEST database, if you have one.

To configure SOLIDserver with your RIPE details

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. Configure your RIPE settings:

a. In the Source drop-down list, select RIPE.

b. In the Comment field, type in a comment regarding the organization.
c. In the Maintainer field, type your RIPE maintainer full name. This information is contained
in the mntner fields and reused in the mnt-by field of the inetnums managed.
d. In the Password field, type in your RIPE password. It is used to authenticate the database
updates.
e. In the Source drop-down list, select RIPE to configure your official RIPE database or
TEST to configure the RIPE test database.
f. In the NCC REGID field, type in your registry identifier. It was provided to you by the
RIPE, if not, you should contact them to obtain it.
g. In the From (email) field, type in the source email address displayed on the emails sent
to the RIPE.
h. In the Notify (email) field, type in the email address of the person notified of any change
made in the RIPE database.
i. In the Changed (email) field, type in the email address displayed in the "changed" field
of the inetnum description in the RIPE database. It can be a generic email address or
the email address of a person.

1
For more details, refer to the page http://www.ripe.net/lir-services/member-support/info/faqs/isp-related-questions/pa-pi.

983
 SPX

j. In the AW validation (email) field, type in the email of the person notified if you exceed
the number of IP addresses of your Assigned Window. This person has to be able to
perform the appropriate procedures if your new inetnums exceed the allocated range
of addresses.
k. In the AW size field, type in the number of IP addresses allocated to you by the RIPE
via the Assigned Window .
l. In the Update method drop-down list, select POST or EMAIL. POST is selected by default
and is a service based method to notify the RIPE of any changes . If you select EMAIL,
three fields appear. They allow you to configure an email based changes notification
process:

i. In the Update pop3 mailbox field, type in the pop3 address of your mail server.
ii. In the Update mailbox login field, type in the login of the specified mail server.
iii. In the Update mailbox password field, type in the password of the specified mail
server.

m. If you selected the POST update method, the Expert mode drop-down list allows you
to set up a proxy server to communicate changes to the RIPE. By default, No is selected.

If you do not want to set up a proxy, go straight to step 4.

To configure a proxy, select Yes. Five fields appear:

i. In the Whois RIR host field, type in the full name of the proxy server.
ii. In the Whois port field, type in the number of the Whois RIR host port used to
transmit information to the RIPE. Port 80 is generally used.
iii. In the RIR Update host field, type in the name of the RIPE server receiving your
updates.
iv. In the RIR update URL field, type in the URL of the RIPE server receiving your up-
dates.
v. In the Email used for the update field, type in the email address used as source
when notifying the RIPE of any updates.

4. Once all the fields are filled, click on ADD . The details are moved to the Maintainer list and
displayed as follows: Source: <selected-source> - Maintainer : <maintainer-name> .
5. Repeat these steps for as many maintainers as needed.
6. On the RIPE Block class configuration page, configure the class(es) for your RIPE blocks:

a. In the Block class drop-down list, select one of your classes or the default class
2
SPX/RIPE_Block .
b. In the Block PI class drop-down list, select one of your classes or the default class
SPX/RIPE_PI_block.
c. Click on the NEXT . The next page opens.

7. On the Ripe subnet class configuration page, configure the class(es) for your RIPE inetnums:

2
All the classes name can be preceded by a / if they belong to a specific directory, following the format: <directory-name>/<class-
name>. In this case, the default class RIPE_Block belongs to the directory SPX.

984
 SPX

a. In the Subnet class drop-down list, select one of your classes or a default class:
SPX/RIPE_PI_subnet or SPX/RIPE_subnet.
b. The selected class is moved to the New subnet class field.
c. Click on to confirm its selection. The class is moved to the List of ripe subnet.
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.

8. On the RIPE Block (v6) class configuration page, configure the class(es) for your IPv6 RIPE
blocks:

a. In the Block class (v6) drop-down list, select one of your classes or the default class
SPX/RIPE_Block.
b. Click on the NEXT . The next page opens.

9. On the Ripe subnet (v6) class configuration page, configure the class(es) for your IPv6
RIPE inetnums:

a. In the Subnet class (v6) drop-down list, select one of your classes or the default class
SPX/RIPE_subnet.
b. The selected class is moved to the New subnet class (v6) field.
c. Click on to confirm its selection. The class is moved to the List of RIPE subnets (v6).
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.

10. On the Ripe autnum class configuration page, configure the class(es) for your autnums:

a. In the New autnum class drop-down list, select one of your classes or the default class
SPX/RIPE.
b. The selected class is moved to the New AutNum class field.
c. Click on to confirm its selection. The class is moved to the List of RIPE AutNum.
d. Repeat these actions for as many classes as needed.
e. Click on the NEXT . The next page opens.

11. On the Ripe user class configuration page, configure the class(es) for your RIPE users:

a. In the New user class drop-down list, select one of your classes or the default class
SPX/RIPE_person.
b. The selected class is moved to the New user class field.
c. Click on to confirm its selection. The class is moved to the List of RIPE users.
d. Repeat these actions for as many classes as needed.

12. Click on OK to commit your configuration. The report opens and closes, the page refreshes.

At any time, you can edit these settings or add new maintainers, for more details refer to the
section Editing the RIPE Configuration.

985
 SPX

Importing Your Network Objects

From SOLIDserver GUI, you can import existing:

• blocks,
• inetnums,
• inet6nums,
• persons,
• aut-nums and policies.

From the GUI, you can import existing blocks, inetnums, inet6nums, aut-nums and persons. Once
imported, you can edit them or their content through the GUI.

Keep in mind that the blocks can only be imported.You can then edit their content through inetnum,
inet6num and person additions, editions and deletions.

Once you imported your network objects, editing the content of your inetnums follows the same
procedures as regular subnets. For more details, refer to the chapter Managing Addresses.

Importing RIPE Blocks

Once your configuration with the RIPE is complete, you can import the blocks that the RIPE al-
located you.

Following the IPAM hierarchy, your block(s) must belong to a space. If you do not have a space,
add one. For more details, refer to the procedure To add a space.

During the import, the Use the "ripe.db.inetnum" file stored in the Local files listing option allows
you to use the "ripe.db.inetnum" file if you uploaded it to the Local files listing before performing
the import. It allows to work with the file content rather than connecting to the RIPE using an In-
ternet connection to obtain the inetnum details.

To import an IPv4 RIPE block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 blocks.
4. In the menu, select Add > Import > RIPE blocks. The Importing RIPE blocks wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA block class drop-down list, you can choose a class if you manage a block of Pro-
vider Aggregatable IP addresses.
9. In the PI block class drop-down list, you can choose a class if you manage a block of Provider
Independent IP addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
blocks are listed.

986
 SPX

To import an IPv6 RIPE block

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > RIPE Blocks (v6). The Importing IPv6 RIPE blocks wizard
opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA block class drop-down list, you can choose a class if you manage a block of Pro-
vider Aggregatable IP addresses.
9. Click on OK to commit your import. The report opens and closes, the page refreshes. The
blocks are listed.

Importing RIPE Inetnums

Once your configuration with the RIPE is complete and you have imported your blocks in a space,
you can import you existing inetnums if you have any. The RIPE inetnum correspond to the
subnets in the IPAM hierarchy.

During the import, the Use the "ripe.db.inetnum" file stored in the Local files listing option allows
you to use the "ripe.db.inetnum" file if you uploaded it to the Local files listing before performing
the import. It allows to work with the file content rather than connecting to the RIPE using an In-
ternet connection to obtain the inetnum details.

To import IPv4 RIPE inetnums

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Import > RIPE Inetnums. The Importing RIPE inetnums (subnets)
wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA subnet class drop-down list, you can choose a class if you manage subnets of
Provider Aggregatable IP addresses.
9. In the PI subnet class drop-down list, you can choose a class if you manage subnets of
Provider Independent IP addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
inetnums are listed among the subnets.

987
 SPX

To import IPv6 RIPE inetnums

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 blocks.
4. In the menu, select Add > Import > RIPE Inetnums (v6). The Importing RIPE inet6nums
(IPv6 subnets) wizard opens.
5. In the Use the "ripe.db.inetnum" file stored in the Local files listing section, you can tick
the checkbox if need be.
6. In the Maintainer drop-down list, select the maintainer of your choice.
7. In the Destination space, select the space of your choice. If you are importing from the All
blocks page of a specific space, it is already selected.
8. In the PA subnet class drop-down list, you can choose a class if you manage subnets of
Provider Aggregatable IPv6 addresses.
9. In the PI subnet class drop-down list, you can choose a class if you manage subnets of
Provider Indepenedent IPv6 addresses.
10. Click on OK to commit your import. The report opens and closes, the page refreshes. The
inetnums are listed among the subnets.

Once you imported your inetnums, you can edit them from the GUI. Any change is sent to the
RIPE using the update method that you selected during the maintainer configuration (post or
email).

You can also add subnets from the GUI. These new objects are also communicated to the RIPE.
For more details, refer to the section Adding New RIPE Subnets.

Importing RIPE Persons

You can import existing RIPE persons on the Users page. In the GUI, they are managed listed
like the other users. The main goal of importing RIPE persons is to edit them from the GUI, any
change is sent to the RIPE following the update method you selected when configuring the
maintainer.

You can create a group for your RIPE persons to gather them but, unlike standard users managed
via the appliance, there is no need to grant them specific rights.

The RIPE persons listed on the Users page do not have access to the appliance if you do not
grant them rights (through the group they belong to) or configure credentials for them.

To import RIPE persons

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > Import > RIPE persons. The Import: persons wizard opens.
4. In the Mntner drop-down list, select the maintainer of your choice.
5. Click on OK to commit your import. The report opens and closes, the page refreshes. The
RIPE persons are listed among the users.

988
 SPX

Importing RIPE Aut-nums and AS Policies

You can import Autonomous System numbers (aut-nums) on the AS numbers page.

Importing of AS numbers also imports AS routing policies. The routing policy is described by
enumerating all neighboring AS number with which routing information is exchanged, they are
all listed in the All policies page. For each neighbor, the routing policy is described in terms of
exactly what is being sent (announced) and allowed (accepted). That way, each aut-num contains
policies that describes what can be implemented and enforced locally by said AS number.

Keep in mind the All policies page is accessible from the All AS numbers page. You can access
it through the breadcrumb.

To import RIPE aut-nums

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > Import > RIPE aut-nums. The Importing RIPE aut-nums (AS
numbers) wizard opens.
4. In the Maintainer drop-down list, select the maintainer of your choice.
5. In the Class name drop-down list, you can select a class to apply to the aut-nums you are
importing.
6. Click on OK to commit your import. The report opens and closes, the page refreshes. The
aut-nums are listed.
7. In the AutNum name column, click on the name of the aut-num of your choice. The All
policies page displays the policies of this AS number.

Adding RIPE Objects From the GUI

From SOLIDserver GUI, you can add:

• inetnums,
• inet6nums,
• persons,
• aut-nums and their policies.

You cannot add RIPE blocks, you can only import existing ones and edit their content.

Any addition sends a request to the RIPE that is confirmed or denied. The status of that request
can be displayed in a dedicated column on the All subnets and Users pages.

Once you added the network objects of your choice, editing the content of your inetnums follows
the same procedures as regular subnets. For more details, refer to the chapter Managing Ad-
dresses.

Adding New RIPE Inetnums

Using dedicated classes, the ones that come with the appliance or some that you created, you
can add RIPE subnets, inetnums, using the same addition wizard as standard subnets.

989
 SPX

Keep in mind that you must provide the RIPE users that manage your network to SOLIDserver.
So before creating an inetnum, you must have a user in charge of managing it in the RIPE
database. If the inetnum managing person already exists in the RIPE, there is no need to create
it in the GUI, you can import it.

Once you added an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum addition was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.

To add a RIPE inetnum

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. In the menu, select Add > Subnet > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The Block
class page opens.
6. In the Block class list, select the RIPE class of your choice. Click on NEXT . The the Subnet
class page opens.
7. In the Subnet class list, select the RIPE class of your choice. Click on NEXT . The Subnet
Size page opens.
8. Select a Subnet search size, Prefix or Netmask. The two other fields are edited accordingly.
9. Click on NEXT . The Search result page opens.
10. In the Subnet address list, select the start address of your choice. The subnet address list
displays the available subnets in the blocks matching the selected block class.
11. Click on NEXT . The Add an IPv4 subnet page appears.
12. Configure the inetnum:

a. The Address, Prefix field are displayed in read-only as they correspond to the criteria
previously set.
b. In the Terminal subnet section, the box is ticked.
c. In the Gateway field, the gateway is displayed. Its IP address corresponds to the default
gateway offset configured. You can edit it if need be.
d. In the Number of pools drop-down list, you can select a value between 1 and 5, depend-
ing on the number of pools you want to create in the inetnum. Once you selected a
value, you need to set the Size and Type of each pool.
e. In the Mode drop-down list, Configurable behaviors is selected by default. If you want
to set particular behaviors for the inetnum, select All behaviors. New fields appear. For
more details, refer to the IPAM section of the Default Behaviors chapter of this guide.
f. In the Inetnum field, the inetnum start and end address are displayed.
g. In the Net name, name the inetnum. The field automatically displays capital letters. The
value entered in also displayed in the Subnet name field.
h. In the Description field, type in a description for the inetnum.
i. In the Country drop-down list, select the country where the organization is located.

13. Click on NEXT . The next page opens and allows you to set up a notify mail:

990
 SPX

a. In the Notify mail field, type in the email address of the person notified of any change
made on the inetnum you are creating.
b. Click on . The address is moved to the Notify list.
c. In the Remarks field, you can type in a comment regarding the inetnum.

14. Click on NEXT . The Contacts page opens.

a. Specify the inetnum technical contacts (tech-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.

b. Specify the inetnum administrative contacts (admin-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.

15. Click on OK to commit your creation. The report opens and closes. The subnet is listed, its
state is Creating. Until its status is not OK, the RIPE has not confirmed the addition.
Have a look in the Waiting state column for more details regarding the addition confirmation.

If the inetnum status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.

If the inetnum status stays in wait_aw_confirm, refer to the section Validating a New Assignment
Window.

To add a RIPE inet6num

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP6 to display the IPv6 subnets.
4. In the menu, select Add > Subnet (v6) > By search. The wizard opens.
5. On the Space selection page, select the space of your choice. Click on NEXT . The Block
class page opens.
6. In the Block class list, select the RIPE class of your choice. Click on NEXT . The the Subnet
class page opens.
7. In the Subnet class list, select the RIPE class of your choice. Click on NEXT . The Subnet
Size page opens.
8. In the Subnet prefix drop-down list, select the value of your choice.
9. Click on NEXT . The Search result page opens.

991
 SPX

10. In the Subnet address (v6) list, select the start address of your choice. The subnet address
list displays the available subnets in the blocks matching the selected block class.
11. Click on NEXT . The Add an IPv6 subnet page appears.
12. Configure the IPv6 inetnum:

a. The Address, Prefix field are displayed in read-only as they correspond to the criteria
previously set.
b. In the Terminal subnet section, the box is ticked.
c. In the Gateway field, the gateway is displayed. Its IP address corresponds to the default
gateway offset configured. You can edit it if need be.
d. In the Number of pools drop-down list, you can select a value between 1 and 5, depend-
ing on the number of pools you want to create in the inetnum. Once you selected a
value, you need to set the Size and Type of each pool.
e. In the Mode drop-down list, Configurable behaviors is selected by default. If you want
to set particular behaviors for the IPv6 inetnum, select All behaviors. New fields appear.
For more details, refer to the IPAM section of the Default Behaviors chapter of this guide.
f. In the Ine6tnum field, the IPv6 inetnum start address and prefix are displayed.
g. In the Net name, name the inetnum. The field automatically displays capital letters. The
value entered in also displayed in the Subnet name field.
h. In the Description field, type in a description for the inetnum.
i. In the Country drop-down list, select the country where the organization is located.

13. Click on NEXT . The next page opens and allows you to set up a notify mail:

a. In the Notify mail field, type in the email address of the person notified of any change
made on the IPv6 inetnum you are creating.
b. Click on . The address is moved to the Notify list.
c. In the Remarks field, you can type in a comment regarding the inetnum.

14. Click on NEXT . The Contacts page opens.

a. Specify the inetnum technical contacts (tech-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.

b. Specify the inetnum administrative contacts (admin-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.

992
 SPX

15. Click on OK to commit your creation. The report opens and closes. The subnet is listed, its
state is Creating. Until its status is not OK, the RIPE has not confirmed the addition.
Have a look in the Waiting state column for more details regarding the addition confirmation.

If the inet6num status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.

Adding New RIPE Persons

From the GUI Users page, you can add RIPE persons.

Once you added an person via the GUI, you have to wait for the RIPE confirmation. To make
sure the person addition was confirmed, you can display the Waiting column. For more details,
refer to the section Customizing the List Layout.

To add a RIPE person

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. In the menu, select Add > User. The Add a user wizard opens.
4. In the User class list, select the RIPE class of your choice.
5. Click on NEXT . The Add a user page opens.
6. You can either configure the RIPE person with RIPE dedicated fields (step 7) or add extra
details for your management through the GUI (step 8).
7. Configuring the person RIPE details:

a. In the Usr login field, an identifier is automatically incremented. You can edit it if need
be.
b. In the Address field, type in the person mailing address to fill in the RIPE address field.
c. In the Phone field, type in th person phone number following the format: +<country
code> <area code> <phone number>.
d. In the Fax field, you can type in a fax number following the same format as the Phone
field.
e. In the Email field, type in the user email address.
f. In the Remark field, you can type in a comment regarding the person.
g. In the Notify field, you can type in the email address of the person notified of any changes
made on the details of the person you are creating.
h. In the Mntner drop-down list, select your maintainer.

8. Configure extra details for the RIPE person following the steps below.

a. In the First name field, type in the person first name.

b. In the Last name field, type in the person last name.
c. In the Pseudonym field, the user last and first name are automatically displayed. You
can replace them by a shortname or shorter name if you want.

993
 SPX

9. Click on OK to commit the creation. The report opens and closes. The user is listed, its state
is Creating. Until its status is not OK, the RIPE has not confirmed the addition. Have a
look in the Waiting state column for more details regarding the addition confirmation.

If the person status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.

Adding New RIPE Aut-nums

From the All numbers page, you can add AS numbers (aut-num). This addition is also notified to
the RIPE.

To add a RIPE aut-num

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. In the menu, select Add > AS numbers. The wizard opens.
4. In the Autnum class list, select the RIPE class of your choice.
5. Click on NEXT . The Add an AS Number page opens.
6. Configure the AS number:

a. In the AutNum name field, the AS number full name is displayed once you filled in the
AS Number field as follows: AS<AS-number>.
b. In the AS Number field, type in the number of your choice.This number must be available,
composed of 10 digits at the most and lower that 4294967295. The value entered
automatically completes the AutNum name field.
c. In the AS name field, you can name the AS number.
d. In the Description field, you can type in a description.
e. In the Maintainer drop-down list, select your maintainer.

7. Click on NEXT . The Contacts page opens.

a. Specify the AS number technical contacts (tech-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Technical contacts field.

b. Specify the AS number administrative contacts (admin-c):

i. In the Nic handle / Person field, type in the user's Nic handle or name (as displayed
in the RIPE person field).
ii. Click on SEARCH to retrieve their details.
iii. Click on . The contact is moved to the Administrative contacts field.

994
 SPX

8. Click on OK to commit the creation. The report opens and closes. The user is listed, its state
is Creating. Until its status is not OK, the RIPE has not confirmed the addition. Have a
look in the Waiting state column for more details regarding the addition confirmation.

Editing RIPE Objects From the GUI

From SOLIDserver GUI, you can edit:

• inetnums,
• inet6nums,
• persons,
• aut-nums and their policies.

You cannot edit RIPE blocks.

Any object edition sends a request to the RIPE that is confirmed or denied. The status of that
request can be displayed in a dedicated column on the All subnets and Users pages.

Editing the content of your inetnums, their pools and IP addresses, follows the same procedures
as regular subnets. For more details, refer to the chapter Managing Addresses.

Editing RIPE Inetnums

RIPE inetnums can be edited in IPv4 and IPv6. Any changes are sent to the RIPE and the notify
mail person configured for the inetnum.

Once you edited an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum edition was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.

To edit a RIPE inetnum from its properties page

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or IP6 to display the IPv6
subnets.
4. At the end of the line of the subnet of your choice, click on . The subnet properties pages
opens.
5. In the Main properties panel, click on EDIT . The wizard opens.
6. In the Subnet class list, select a different class or None.
7. Click on NEXT . The Edit an IPv4 subnet or the Edit an IPv6 subnet page appears.
8. Edit the Net name, Description and/or Country fields, according to your needs.
9. Click on NEXT . The next page open.
10. Edit the list of notification email addresses and Remarks field according to your needs:

a. Add a new email address if need be. In the Notify mail field, type in the new email ad-
dress. Click on to move the address in the Notify list. In the Remarks field, you can
type in a comment regarding the inetnum to fill the RIPE remarks field.

995
 SPX

b. Remove an address from the Notify list. Select the address you want to delete and click
on . The address is no longer listed.
c. In the Remarks field, you can edit the comment regarding the inetnum.

11. Click on NEXT . The Contacts page opens.

a. Edit the inetnum technical contacts (tech-c) list:

i. Add a new person if need be. In the Nic handle / Person field, type in the user's
Nic handle or name (as displayed in the RIPE person field). Click on SEARCH to re-
trieve their details. Click on . The contact is moved to the Technical contacts
field.
ii. Remove a person from the list. In the Technical contacts field, select a person and
click on . The person is no longer listed.

b. Edit the inetnum administrative contacts (admin-c) list:

i. Add a new person if need be. In the Nic handle / Person field, type in the user's
Nic handle or name (as displayed in the RIPE person field). Click on SEARCH to re-
trieve their details. Click on . The contact is moved to the Administrative contacts
field.
ii. Remove a person from the list. In the Administrative contacts field, select a person
and click on . The person is no longer listed.

12. Click on OK to commit your changes. The report opens and closes. The changes are listed
in the panel.
13. Go to the All subnets list to see the inetnum state and make sure it was confirmed by the
RIPE. Until its status is not OK, the RIPE has not confirmed the edition. Have a look in
the Waiting state column for more details regarding the edition confirmation.

If the inetnum or inet6num status stays in wait_mail_add, refer to the section Making Sure the
RIPE Received Your Changes.

If the inetnum status stays in wait_aw_confirm, refer to the section Validating a New Assignment
Window.

Editing RIPE Persons

RIPE persons can be edited from the Users page. Any changes are sent to the RIPE and the
email address of the Notify field if it was set during the person creation.

Once you edited a person via the GUI, you have to wait for the RIPE confirmation. To make sure
the inetnum edition was confirmed, you can display the Waiting column. For more details, refer
to the section Customizing the List Layout.

To edit a RIPE person

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.

996
 SPX

3. In the Login column, click on the user name. The user properties page opens.
4. In the Main properties panel, click on EDIT . The Edit a user wizard opens.
5. In the User class list, edit the class if need be.
6. Click on NEXT . The Edit a user page opens.
7. Edit the user information according to your needs. For more details, refer to the procedure
To add a RIPE person.
8. Click on OK to commit your modifications. The report opens and closes. The changes are
listed in the panel.
9. Go back to the Users list to see the person state and make sure it was confirmed by the
RIPE. Until its status is not OK, the RIPE has not confirmed the edition. Have a look in
the Waiting column for more details regarding the edition confirmation.

If the person status stays in wait_mail_add, refer to the section Making Sure the RIPE Received
Your Changes.

Editing RIPE Aut-nums

There are two ways of editing an AS number by:

1. editing its details of an AS number: AS name, Description, Maintainer and Contact information
but you cannot edit the Autnum full name.
2. editing its content of an AS number: delete some of its policies.

To edit a RIPE aut-num

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. At the end of the line of the AS number of your choice, click on . The properties pages
opens.
4. In the Main properties panel, click on EDIT . The wizard opens.
5. In the Autnum class list, edit the class if need be.
6. Click on NEXT . The Edit an AS Number page opens.
7. Edit the AS number configuration via the AS name, Description and Maintainer fields,
8. Click on NEXT . The Contacts page opens.
9. Edit the contacts details according to your needs.
10. Click on OK to commit the changes. The report opens and closes. The changes are listed
in the panel.

To edit the policies of a RIPE aut-num

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. In the AutNum name column, click on the name of the aut-num of your choice. The All
policies page opens.
4. Tick the policie(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.

997
 SPX

6. Click on OK to commit the deletion. The report opens and closes. The policies are no longer
listed.

Deleting RIPE Objects From the GUI

You can delete RIPE inetnums, inet6nums and persons from SOLIDserver GUI.

Keep in mind that you can delete blocks, but this deletion does not affect your RIPE database.
It deletes the block from the list and you no longer manage it via SOLIDserver.

Any object edition sends a request to the RIPE that is confirmed or denied. The status of that
request can be displayed in a dedicated column on the All subnets and Users pages.

Deleting RIPE Blocks

You can delete RIPE blocks from SOLIDserver is no longer want to manage them from the GUI.
Deleting a RIPE block from SOLIDserver does not delete it from your RIPE database.

To stop managing a RIPE block via SOLIDserver

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Blocks icon. The All blocks list opens.
3. Next to the Logout button, click on the IP4 or IP6 icon to display the IPv4 or IPv6 blocks.
4. Tick the block(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The selected blocks are
no longer listed, they might be replaced by Orphan subnets. This deletion does not delete
the block from your RIPE database.

Deleting RIPE Inetnums and Inet6nums

From the All subnets list, you can delete IPv4 and IPv6 inetnums from your database.

Once you deleted an inetnum via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum deletion was confirmed, you can display the Waiting state column. For more
details, refer to the section Customizing the List Layout.

To delete a RIPE inetnum

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) you want to delete.
5. In the menu, select Edit > Delete. The Delete wizard opens.
6. Click on OK to commit the deletion. The report opens and closes. The subnet state is
Deleting until the RIPE confirms its deletion. Have a look in the Waiting state column for
more details regarding the deletion confirmation.

998
 SPX

If you had used addresses within the inetnum, they are placed in an Orphan address and listed
among your subnets. They are simply displayed in the GUI but no longer used within your RIPE
database as the whole inetnum was deleted.

If the inetnum status stays in wait_mail_del, refer to the section Making Sure the RIPE Received
Your Changes.

Deleting RIPE Persons

RIPE persons can be deleted from the Users page. This deletion request is sent to the RIPE and
the email address of the Notify field if it was set during the person creation.

Once you deleted a person via the GUI, you have to wait for the RIPE confirmation. To make
sure the inetnum edition was confirmed, you can display the Waiting column. For more details,
refer to the section Customizing the List Layout.

Before deleting a person, make sure that the inetnums they were managing are already
managed by someone else: edit the inetnums concerned Contacts details. For more details,
refer to the section Editing RIPE Inetnums.

To edit a RIPE person

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The user state is Deleting
until the RIPE confirms its deletion. Have a look in the Waiting state column for more details
regarding the deletion confirmation.

If the person status stays in wait_mail_del, refer to the section Making Sure the RIPE Received
Your Changes.

Deleting RIPE Aut-nums

You can delete AS numbers, it also deletes the policies it contains.

If you want to delete the policies of an AS number refer to the section Editing RIPE Aut-nums.

To delete a RIPE aut-num

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the AS numbers icon. The All AS numbers list opens.
3. Tick the user(s) you want to delete.
4. In the menu, select Edit > Delete. The Delete wizard opens.
5. Click on OK to commit the deletion. The report opens and closes. The user state is Deleting
until the RIPE confirms its deletion.

999
 SPX

Making Sure the RIPE Received Your Changes

If inetnums or persons you added, edited or deleted have the status wait_mail_add, wait_mail_del
or must_send_mail, you need to use the option Register again.

This option resends your inetnum or person information to the RIPE via POST or EMAIL, depend-
ing on your configuration.

To register again newly added or edited RIPE inetnums

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets or on IP6 to display IPv6
subnets.
4. Tick the subnet(s) that have the status wait_mail_add, wait_mail_del or must_send_mail.
5. In the menu, select Edit > RIPE > Register again. The Inetnum Register again wizard opens.
6. Click on OK to commit your choice. The report opens and closes. The subnet Status evolves
until it is OK. Have a look in the Waiting state column for more details regarding the RIPE
confirmation.

To register again newly added or edited RIPE inetnums

1. Go to the Administration tab. If the homepage is not displayed, click on . The homepage
opens.
2. Click on the Users, Groups & Rights icon. The Users list opens.
3. Tick the person(s) that have the status wait_mail_add or wait_mail_del.
4. In the menu, select Edit > Register again. The Person Register again wizard opens.
5. Click on OK to commit your choice. The report opens and closes. The subnet Status evolves
until it is OK. Have a look in the Waiting state column for more details regarding the RIPE
confirmation.

Validating a New Assignment Window

When you add or edit an inetnum through SOLIDserver, you can purposely exceed the Assignment
Window declared during your RIPE configuration. By exceeding, we mean:

• configuring an inetnum which start and/or end address exceeds the range of IP addresses
available in the block.
• allocating an inetnum to a user even if this allocation exceeds the total number of IP addresses
you are allowed to allocate. This sum takes into account the total number of IP addresses in
your Assignment Window over the last 12 months. For more details, refer to the prerogatives
in the section 7.0 Assignment Window in the document RIPE-599, available at ht-
tp://www.ripe.net/ripe/docs/ripe-599#Assignment-Window.

In both cases, the subnets are marked wait_aw_confirm. Keep in mind that if you do exceed the
AW, you need to:

1. Follow the appropriate RIPE procedures to be able to extend your Assignment Window.
2. Once your request is approved by the RIPE, you can use the option Validate AW in the GUI.

1000
 SPX

If your request is denied, you should delete the inetnum. For more details, refer to the section
Deleting RIPE Inetnums and Inet6nums.

To confirm the new AW in the GUI

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. Click on the Subnets icon. The All subnets list opens.
3. Next to the Logout button, click on IP4 to display the IPv4 subnets.
4. Tick the subnet(s) marked wait_aw_confirm that were approved by the RIPE.
5. In the menu, select Edit > RIPE > Validate AW. The wizard opens.
6. Click on OK to commit your configuration. The report opens and closes. The All subnets
page is visible again. Have a look in the Waiting state and Status column to monitor the
evolution.

Editing the Connection to the RIPE

Once your configuration with SOLIDserver is done, you can always edit its details or the class
associated with your maintainer through the RIPE configuration wizard.

Keep in mind that you should not edit the maintainer name, registry identifier or AW size if
you already imported your blocks.

To edit the RIPE maintainer configuration details

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer you want to edit. The configuration current
values are displayed in the each field.
4. Change the value of the field(s) of your choice. For more details regarding the fields, refer
to the procedure To configure SOLIDserver with your RIPE details.
5. Click on UPDATE . The Maintainer list is edited according to your changes. Only the Source
and Maintainer name are displayed on this list.
6. Click on NEXT . The RIPE Block class configuration page opens.
7. Click on NEXT . The Ripe subnet class configuration page opens.
8. Click on NEXT . The RIPE Block (v6) class configuration page opens.
9. Click on NEXT . The Ripe subnet (v6) class configuration page opens.
10. Click on NEXT . The Ripe autnum class configuration page opens.
11. Click on NEXT . The Ripe user class configuration page opens.
12. Click on OK to commit your changes. The report opens and closes, the page refreshes.

To delete a RIPE maintainer

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer you want to delete. The configuration current
values are displayed in the each field.

1001
 SPX

4. Click on DELETE . The maintainer is no longer in the Maintainer list.

5. Click on NEXT . The RIPE Block class configuration page opens.
6. Click on NEXT . The Ripe subnet class configuration page opens.
7. Click on NEXT . The RIPE Block (v6) class configuration page opens.
8. Click on NEXT . The Ripe subnet (v6) class configuration page opens.
9. Click on NEXT . The Ripe autnum class configuration page opens.
10. Click on NEXT . The Ripe user class configuration page opens.
11. Click on OK to commit your changes. The report opens and closes, the page refreshes.

To edit the classes associated with a RIPE maintainer

1. Go to the IPAM tab. If the homepage is not displayed, click on . The homepage opens.
2. In the menu, select Tools > RIPE configuration. The RIPE configuration wizard opens.
3. In the Maintainer list, click on the maintainer which classes you want to edit. The configuration
current values are displayed in the each field.
4. Click on NEXT . The RIPE Block class configuration page opens.
5. In the Block class and Block PI class drop-down lists, select a different class if need be.
6. Click on NEXT . The Ripe subnet class configuration page opens.

a. You can add classes using the Subnet class drop-down list and button. The class is
moved to the List of RIPE subnets.
b. You can remove a class, select it in the List of ripe subnet and click on . The class
is no longer listed.

7. Click on NEXT . The RIPE Block (v6) class configuration page opens.
8. In the Block class (v6) drop-down list, select a different class if need be.
9. Click on NEXT . The Ripe subnet (v6) class configuration page opens.

a. You can add classes using the Subnet class (v6) drop-down list and button. The class
is moved to the List of RIPE subnets (v6).
b. You can remove a class, select it in the List of RIPE subnets (v6) and click on . The
class is no longer listed.

10. Click on NEXT . The Ripe autnum class configuration page opens.

a. You can add classes using the New autnum class drop-down list and button. The
class is moved to the List of RIPE AutNum.
b. You can remove a class, select it in the List of RIPE AutNum and click on . The class
is no longer listed.

11. Click on NEXT . The Ripe user class configuration page opens.

a. You can add classes using the New user class drop-down list and button. The class
is moved to the List of RIPE users.

1002
 SPX

b. You can remove a class, select it in the List of RIPE users and click on . The class is
no longer listed.

12. Click on OK to commit your changes. The report opens and closes, the page refreshes.

1003
 adding a DHCP server, 360
Index adding a DNS server, 489
DHCP server, 360
DHCP server limitations, 362
A DNS server, 489
ACL DNS server limitations, 490
creating an ACL based on option 82, 437 alerts, 114
DNS server ACL, 540 acknowledging alerts, 120
editing a view match clients list, 553 adding alerts, 117
editing a view match destination list, 553 checking alerts, 119
granting access to known clients, 420 disabling alerts, 119
range ACL, 407 enabling alerts, 119
restricting access, 420 allow-notify
Active Directory at server level, 528
authenticating administrators, 833 at view level, 559
creating an administrator account, 492 at zone level, 592
domain, 583 allow-query
editing an AD DNS server, 494 at server level, 530
importing an AD DNS server, 492 at view level, 562
managing a Microsoft DNS server, 492 at zone level, 597
relying on AD credentials to log users, 832 allow-query-cache
stop managing an AD DNS server, 494 at server level, 531
addresses, 249 at view level, 564
adding, 252 allow-recursion, 527
adding by search, 254 allow-transfer
adding manually, 253, 256 at server level, 532
assigning, 252 at view level, 565
configuring aliases, 261 at zone level, 596
deleting, 267 allow-update, 595
editing, 258 also-notify
editing aliases, 263 at server level, 528
editing the network/broadcast address, 253 at view level, 559
moving IPv4 addresses across spaces, 261 alt-transfer-source, 538
moving IPv4 addresses across subnets, 260 alt-transfer-source-v6, 538
moving IPv4 addresses across the VLSM, 261 appliance
pinging an address, 266 default gateway, 83
removing aliases, 263 reboot, 109
renaming Pv4 addresses massively, 259 remote management, 863
restoring, 258 shutdown, 109
statuses, 251 SNMP agent, 105
undoing an address deletion, 258 troubleshooting, 886
updating upgrading, 894
Device Manager, 776 autoselect media port, 93
administrators
authenticating B
Active Directory, 833
backup, 889
LDAP, 836
configuring the remote archive, 891
RADIUS, 837
creating an instant backup, 890
enabling/disabling a user, 830
restoring a backup, 892
group of users, 811
scheduling a daily backup, 891
local user, 825
setting a backup rotation, 891
managing, 825
uploading a backup, 892
remote authentication, 832
BIND
Agentless server

1004
 Index

BIND DNS server, 497 hide welcome banner, 74

importing zones archive file, 677 homepage title, 73
blackhole, 533 interface names, 74
blocks login page image, 71
adding, 223 meta database, 896
block map, 238
deleting, 226 D
editing, 225 DDNS
moving blocks, 226 zone authorizations, 595
splitting IPv4 blocks, 225 default behaviors, 122
configuring
C DHCP, 133
CARP (Common Address Redundancy Protocol), 89 DNS, 135
certificate IPAM, 123
creating a certificate, 103 internal module setup, 11
HTTPS, 104 propagating default behaviors, 137
importing a certificate, 101 setting default behaviors, 138
Class Studio, 901 Device Manager, 751
class objects, 905 devices, 754
adding, 912 adding automatically, 756
deleting, 936 adding manually, 759
editing, 935 deleting, 761
organizing, 936 duplicating, 760
classes, 904 managing visibility, 755
adding, 907 merging, 761
deleting, 911 dual stack, 776
disabling, 911 importing CSV data, 178
duplicating, 908 interfaces, 763
enabling, 910 adding automatically, 765
moving, 909 adding manually, 768
renaming, 909 deleting, 775
using another or no class, 910 editing the name, 770
rights, 817 editing the properties, 772
syntax, 937 managing visibility, 764
classes (see Class Studio) IPAM interaction, 776
configuration file using default behaviors, 780, 783
DHCP (dhcpd.conf), 106 using the link option, 781
DHCPv6 (dhcpd6.conf), 106 using the MAC address, 776
DNS (named.conf), 106 monitoring changes, 774
NSD (nsd.conf), 106 ports, 763
Unbound (unbound.conf), 106 adding automatically, 765
Custom DB, 896 adding manually, 766
custom data deleting, 775
adding, 899 editing the name, 770
deleting, 900 editing the properties, 771
editing, 899 managing visibility, 764
custom database rules, 785
adding, 897 from NetChange, 785
deleting, 898 from the DHCP, 785
editing, 898 updating from
importing custom data through a CSV file, 190 IPAM addresses automatically, 758
customize IPAM addresses manually, 776
appliance homepage image, 73 NetChange (devices), 757

1005
 Index

NetChange (ports & interfaces), 765 DNS, 458

DHCP, 313 anycast, 544
ACL (see ACL) configuring a resolver, 79
groups, 399 configuring servers, 524
importing DNS keys, 542
CSV data, 162 EDNS options
Infoblox configuration file, 448 at server level, 535
ISC configuration file, 445 at view level, 567
MetaIP configuration file, 449 forwarding
Microsoft configuration file, 447 server, 524
NetID, 450 view, 557
VitalQIP configuration file, 446 zone, 590
IP helper, 389 Hybrid (see Hybrid)
labels in IPv6, 305 importing
leases (see leases) BIND archive file, 677
monitoring events, 442 CSV data, 173
ping check, 424 VitalQIP archive file, 678
preventing IP address duplication, 424 monitoring
preventing IP overlapping, 409 audit, 674
ranges (see ranges (DHCP)) physical server statistics, 675
relay agents, 389 querylog, 675
relay agent information, 417 state log, 674
relay agent information (DHCPv6), 419 resolver, 485
rights, 815 resource records (see resource records)
scopes (see scopes) rights, 814
servers, 345 RPZ (see RPZ)
EfficientIP servers, 347 servers, 484
ICS DHCP server, 362 BIND DNS server, 497
Microsoft agentless server, 360 EfficientIP server, 485
Microsoft server with agent, 354 generic servers, 517
statuses, 346 Microsoft agentless server, 489
smart architectures, 320 Microsoft server via AD, 492
SSL vs SNMP, 348 Microsoft server with agent, 495
statics (see statics) Nominum servers, 519
DHCP options, 430 statuses, 485
advanced configuration, 945 synchronizing, 521
bulk changes at the scope level, 385 smart architectures, 462
circuit ID, 436 sortlist, 536
DHCPv4, 433 views (see views)
DHCPv6, 434 zone delegation, 587, 616
group, 402 zones (see zones)
range, 410 DNSSEC, 621
relay agent information, 436 chain of trust, 623
relay agent information (DHCPv6), 437 deleting unused keys, 635
remote ID, 436 disabling DNSSEC, 632
RFC 2132/option 43, 437 DNSKEY, 621
RFC3046/option 82, 436 adding (see resource records, adding)
RFC3315/DHCPv6, 435 DS, 623
scope, 384 adding, 631
server, 353 invalidating a compromised KSK safely, 634
setting options, 431 Keys regeneration, 627
static, 396 NSEC/NSEC3, 623
vendor class identifier, 435 NSEC3PARAM, 623
vendor specific information, 437 resolver, 625

1006
 Index

RRSIG, 622 enabling and disabling groups, 823

signing a zone, 626 importing CSV data, 187
signing zones in DNSSEC with an HSM, 644 super user account, 819
transmitting the DS to a parent zone, 630 GUI
trust anchor, 625 customizing the GUI, 71
domains (VLAN), 792 understanding the GUI, 16
adding, 793
deleting, 794 H
editing, 793 high availability management, 845
Dual stack adding a remote appliance, 850
Device Manager, 776 configuration, 851
interfaces, 84 configuring the management appliance, 849
virtual interface, 91 controlling the automated switch, 857
dynamic update, 543 disabling high availability, 855
at zone level, 595 hot standby appliance, 848
limitations, 862
E master appliance, 847
EDNS, 535 monitoring each appliance services, 867
exports, 193 monitoring the HA logs, 855
configuring exports, 195 network disruption, 859
export files, 201 replacing an appliance, 862
export templates, 203 split-brain, 860
finding exports in the database, 195 standalone appliance, 848
reimport, 198 switching the appliances role, 854
scheduled export configuration files, 202 upgrading appliances, 852
HSM, 636
F configuring the HSM, 640
failover, 426 creating the RFS, 641
communications-interrupted state, 319 enrolling manually, 641
configuring virtual IP, 89 identifying a server, 641
DHCP Safe Failover, 317 using a Security World, 640
Ethernet port, 87 with a new Security World, 640
management database, 845 enabling the HSM service, 639
normal state, 318 integrating the HSM to SOLIDserver, 638
partner-down state, 319 limitations, 645
switching to partner-down, 429 using the HSM and DNSSEC, 644
Farm, 476 HTTPS
file transfer certificate, 100
using SFTP/SCP/RSYNC, 97 Hybrid, 664
firewall, 79 backup, restoration and upgrade with, 672
forwarding checking the compatibility with, 664
DNS (see DNS, forwarding) forcing the compatibility with, 670
logs, 869 generating the incompatibilities report, 665
limitations, 670
NSD, 668
G switching back to BIND, 671
gadgets, 49
switching to, 667
group of users, 811
Unbound, 669
adding groups, 812
assigning resources, 817
defining a group rights, 821 I
deleting groups, 824 imports
editing a group rights, 821 data
editing groups, 813 CSV, 139

1007
 Index

Device Manager, 178 L

DHCP, 444
Labels, IPv6, 305
DNS, 677
lame-ttl, 534
IPAM, 302
LDAP
NetChange, 687
authenticating administrators, 836
from
leases, 411
BIND DNS, 677
blacklisting, 416
Infoblox DHCP, 448
converting to statics, 415
ISC DHCP, 444
lease time configuration, 413
MetaIP DHCP, 449
pinging, 424
Microsoft DHCP, 446
releasing lease, 414
NetID DHCP, 450
tracking logs, 416
NetID IPAM data, 303
license
VitalQIP DHCP, 445
activating a license, 108
VitalQIP DNS, 678
adding a license, 12
VitalQIP IPAM data, 302
requesting a license, 12, 108
import templates, 191
Linux
Infoblox
DHCP packages, 363, 370
importing a DHCP configuration file, 448
DNS packages, 498, 505
IP addresses (see addresses)
local files listing, 883
IPAM, 216
Locked Synchronization
addresses (see addresses)
on a DHCP smart architecture, 326
blocks (see blocks)
on a DNS smart architecture, 466
importing
logs
CSV data, 141
redirection, 869
NetID host addresses, 304
visualization, 867
NetID networks, 303
NetID subnets, 303
RIPE objects, 986 M
Vital QIP data, 302 maintenance, 881
IP addresses (see addresses) clearing SOLIDserver cache, 882
labels in IPv6, 305 maintenance mode, 881
networking, 216 update macros and rules, 881
pools (see pools) management, high availability (see high availability
provisioning, 275 management)
rights, 814 Master/Slave, 468
RIPE networks management (see RIPE) max-cache-size, 534
spaces (see spaces) MetaIP
subnets (see subnets) importing a DHCP configuration file, 449
transition options, 269 Microsoft DHCP
updating agentless server, 360
Device Manager (see addresses) importing a configuration file, 446
Device Manager with addresses, 776 WinDHCP Manager agent, 354
VLAN Manager with subnets, 805 Microsoft DNS
updating from agentless server, 489
NetChange discovered items, 711 via AD, 492
VLSM (see VLSM (Variable Length Subnet WinDNS agent, 495
Masking)) monitoring
VRF (see VRF) database tables size, 875
IPLocator (see NetChange) DHCP servers, 442
ISC DNS events, 674
importing a DHCP configuration file, 444 netstat, 875
ISC DHCP server, 362 services logs, 867
services statistics, 869

1008
 Index

session tracking, 870 adding a specific route, 85

user tracking, 871 basic interface configuration, 84
extended user tracking, 874 default gateway, 83
Multi-Master, 470 DNS resolver, 79
duplex, 93
N Ethernet port failover, 87
NetChange, 682 interface IPv4/IPv6, 84
advanced options, 717 interface trunking (802.1q), 85
discovered items, 709 speed, 93
history view, 711 static route, 83
refreshing, 710 VHID, 89
discovering network devices, 688 virtual interface, 91
importing CSV data, 176 virtual IP, 89
licenses, 684 network flows
monitoring DHCP, 969
automating devices synchronization, 716 DNS, 972
keeping the database up to date, 714 High Availability, 976
network devices, 685 IPAM, 968
adding, 687 NetChange, 975
connecting via a web console, 692 notify
connecting via telnet, 692 at server level, 528
deleting, 693 at view level, 559
making a snapshot, 692 at zone level, 592
refreshing, 690 notify-source, 538
scheduling a refresh, 691 notify-source-v6, 538
statistics, 712 NTP, 99
ports, 699 configuring the NTP server, 99
802.1X authentication, 703 forcing an NTP update, 100
associating a port with a VLAN, 707
configuring tagging mode, 706 O
edge and terminal ports, 699 One-to-Many, 330
editing speed and duplex, 702 One-to-One, 328
enabling/disabling, 701
interconnection ports, 699 P
refreshing, 708 Packager, 939
statistics, 712 creating packages, 940
updating description, 703 deleting packages, 944
rights, 816 downloading packages, 944
routes, 695 installing packages, 943
statistics, 712 uninstalling packages, 943
updating uploading packages, 940
Device Manager with devices, 757 ping
Device Manager with discovered items, 758 addresses, 266
IPAM with addresses, 711 leases, 424
VLANs, 696 subnets, 235
adding, 697 pools
deleting, 698 adding, 244
editing, 698 deleting, 248
NetID reserving, 247
importing a DHCP configuration file, 450 resizing, 247
importing IPAM data, 303 ports
netstat, 875 Device Manager, 763
network hardware appliance, 3

1009
 Index

NetChange, 699 CNAME, 606

post-migration, 895 DNAME, 609
PXE, 423 DNSKEY, 612
changing the lease time for PXE clients, 424 DS (see DNSSEC, DS)
next-server and filename options (v4), 423 HINFO, 608
MINFO, 609
Q MX, 603
querylog, 675 NAPTR, 611
NS, 602
NSAP, 611
R PTR, 605
RADIUS
SRV, 607
authenticating administrators, 837
TXT, 607
configuring a FreeRadius server, 977
WKS, 613
configuring with Cisco Radius ACS, 978
delegation, 616
ranges (DHCP), 403
deleting, 616
adding, 405
DNSSEC records
deleting, 409
DNSKEY, 621
editing, 407
DS, 623
options, 410
NSEC/NSEC3, 623
resizing, 408
NSEC3PARAM, 623
using rules to manage, 409
RRSIG, 622
ranges (VLAN), 796
duplicating, 618
adding, 797
editing, 614
deleting, 799
load balancing, 619
editing, 798
moving, 618
resizing, 798
SOA, 601
recursion, 526
SPF, 620
remote management, 863
supported RRs, 601
adding appliances, 864
rights management, 810
configuring the management appliance, 863
authentication rules, 832
remote network configuration, 865
groups of users, 811
remote service configuration, 865
users, 825
removing appliances from, 866
RIPE, 981
replacing an appliance, 866
AS numbers (see aut-nums)
upgrading remote appliances, 865
aut-nums
reports, 204
adding, 994
browsing the reports database, 204
deleting, 999
downloading and displaying, 206
editing, 997
generating, 205
importing, 989
managing scheduled reports, 207
blocks
on DHCP scopes, 441
importing, 986
on DHCP servers, 441
configuring the appliance, 983
on DNS servers, 673
editing the appliance configuration, 1001
on DNS zones, 674
inetnums/inet6nums
on NetChange network devices, 714
adding, 989
on statistics, 877
deleting, 998
on users, 877
editing, 995
scheduling, 205
importing, 987
resource records, 599
registering changes again, 1000
adding, 602
management via SOLIDserver, 982
A, 604
persons
AAAA, 604
adding, 993
AFSDB, 610
deleting, 999

1010
 Index

editing, 996 enabling, 95

importing, 988 starting, 95
registering changes again, 1000 stopping, 95
prerequisites, 981 SFTP
subnets (see inetnums/inet6nums) password, 97
users (see persons) Single-Server, DHCPv4, 333
route Single-Server, DHCPv6, 335
adding a specific route, 85 Single-Server, DNS, 474
static route, 83 smart architectures
RPZ, 647 DHCPv4, 321
policies, 651 DHCPv6, 323
adding, 653, 656, 659, 663 DNS, 462
based on domain names, 653 locked synchronization (DHCP), 326
based on IP addresses, 656 locked synchronization (DNS), 466
based on name server domain name, 659 Smart Folders, 209
based on name server IP address, 659 SMTP, 98
deleting, 663 SNMP, 104
NODATA, 652 configure the local agent, 105
NXDOMAIN, 652 DHCP server addition, 351
order, 652 DHCP server configuration, 352
PASSTHRU, 652 profile, 878
REDIRECT, 651 SOLIDserver
records (see RPZ, policies) clearing SOLIDserver cache, 882
rules (see RPZ, policies) front panel (LCD), 3
zones, 649 network configuration, 6
add, 649 resetting configuration, 7
delete, 651 Linux packages
edit, 650 BIND DNS, 505
RR (see resource records) ISC DHCP, 370
RSYNC Linux packages (version 4)
password, 97 BIND DNS, 498
ISC DHCP, 363
S logging in, 10
scopes, 381 prerequisites, 5
adding, 383 update macros and rules, 881
automated creation through rules, 388 spaces
defining a space for, 386 adding, 219
deleting, 389 deleting, 221
duplicating (DHCPv4), 388 editing, 220
editing, 384 SPF Records, 620
moving (DHCPv4), 388 (see also ressource records)
options, 384 Split-Scope, DHCPv4, 332
shared network, 387 Split-Scope, DHCPv6, 337
super-scope, 387 SPX
SCP prerequisites, 981
password, 97 RIPE, 981
security SSH, 96
firewall, 79 enable/disable, 95
saving a backup of the appliance, 889 login, 96
SSH password, 96 password, 96
tracking users' operations, 871 password security level, 96
service SSL
disabling, 95 certificate, 100
DHCP server addition, 348

1011
 Index

Stateless, 338 preventing IP overlapping (DHCP), 409

statics, 391 update
adding, 393 DHCP database
copying (DHCPv4), 397 from the IPAM, 122
deleting, 397 DNS database
editing, 395 from the DHCP, 122
MAC address types, 957 from the IPAM, 122
options, 396 IPAM database
updating, 398 from the DHCP, 122
statistics, 869 from the DNS, 122
Stealth, 472 use-alt-transfer-source, 538
subnets user, 825
adding manually, 230 configuring the user login session time, 829
block map, 238 enabling/disabling a user, 830
By search addition, 233 granting access to changes from all the users, 873
deleting, 240 groups of users, 811
discovering IPv4 subnets, 235 importing CSV data, 188
editing, 236 local user, 825
editing the network/broadcast address, 253 redirecting user once they logged out, 829
finding available subnets, 233 tracking all operations, 872
managing/unmanaging, 239 tracking operations at a specific time, 873
merging IPv4 subnets, 237 tracking operations on a specific IP, 873
moving IPv4 subnets, 239 tracking operations on a specific service, 872
splitting IPv4 subnets, 237
statuses, 229 V
updating views, 548
VLAN Manager, 805 adding, 550
subnetting, 218 deleting, 555
syslog, 867 editing, 552
severity levels, 868 match client, 553
match destination, 553
T order, 554
templates (IPAM), 275 getting rid of all views, 556
applying templates, 285 VIF (virtual interface), 91
block templates, 278 VIP (virtual IP), 89
pool templates, 281 Virtual Local Area Network
space templates, 277 setting up a VLAN using a VIF, 85
subnet templates, 280 VitalQIP
templates classes, 275 importing DHCP data, 445
templates mode, 276 importing DNS data, 678
tracking importing IPAM data, 302
sessions, 870 VLAN, 801
users, 871 adding, 802
transfer-source, 538 deleting, 803
transfer-source-v6, 538 editing, 803
troubleshooting, 886 statuses, 802
guidelines, 886 VLAN Manager, 790
network capture, 887 applying the IPAM interaction, 806
troubleshooting dump, 888 domains (see domains (VLAN))
importing
U CSV data, 181
uniqueness of IP address ranges (see ranges (VLAN))
preventing IP address duplication (DHCP), 424 rights, 816

1012
 Index

updating from Z
IPAM subnets, 805
zones
VLANs (see VLAN)
classless in-addr.arpa delegation, 589
VLSM (Variable Length Subnet Masking), 287
delegation, 587
manual VLSM, 290
delegation-only zones, 582
moving IPv4 addresses across the VLSM, 261
deleting, 584
semi-automated VLSM, 293
disabling/enabling, 584
VRF, 296
duplicating zones, 585
Virtual Routing and Forwarding
forward, 577
adding, 297
hint, 581
deleting, 298
importing a VitalQIP archive file, 678
editing, 297
master, 571
importing, 159
migrating to another server, 585
VRF Route Target
moving zones, 585
adding, 299
slave, 576
deleting, 301
statuses, 571
editing, 301
stub, 579
importing, 161
synchronizing the manager with, 584
VRRP (Virtual Router Redundancy Protocol), 89

W
WinDHCP Manager agent, 354
WinDNS Manager agent, 495
Workflow, 720
customizing the requests administration, 742
adding statuses, 746
best practices, 747
editing the email notification, 745
editing the statuses, 743
executing requests, 737
using classes, 738
using the execute option, 737
incoming requests, 732
accepting requests, 735
archiving requests, 736
default request administration, 733
deleting requests, 736
finishing requests, 735
handling requests, 734
managing requests content, 733
rejecting requests, 735
outgoing requests, 724
adding creation requests, 725
adding deletion requests, 727
adding edition requests, 726
cancelling requests, 730
editing requests, 729
user access to classes, 722

X
X.509
HTTPS certificate, 100

1013