Configuration Management with Cisco Prime LAN Management Solution 4.1
Chapter 1: Overview of Configuration Management
Downloads: This chapterpdf (PDF - 159.0KB) The complete bookPDF (PDF - 7.53MB) | Feedback

Overview of Configuration Management

Table Of Contents

Overview of Configuration Management

What's New in LMS 4.1?

Configuration Center

Enhancements in Template Center

Organization

Configuration Management Tasks

Configuration Center


Overview of Configuration Management


Configuration Management in Cisco Prime LAN Management Solutions (LMS) allows you to manage, deploy, and modify the configuration files used by devices in your network. You can run tools that can compare configuration files and perform software image management tasks.

Configuration Dashboard in LMS provides information such as, date of last configuration change, status of the configuration jobs, summary of inventory configuration protocol, Hardware and Software summary.

You can create configuration jobs and also manage configuration archive settings. You can define baseline configuration templates and determine the devices that are non-compliant in your network.

You can perform VLANs configurations and Virtual Switching System (VSS) conversions.

This chapter provides information on the organization of the Configuration Management user guide, and an overview of Configuration Management tasks.

It explains:

What's New in LMS 4.1?

Organization

Configuration Management Tasks

Configuration Center

What's New in LMS 4.1?

This section contains the following new features of the Configuration Management module of LMS:

Configuration Center

Enhancements in Template Center

Configuration Center

Configuration Center (Configuration > Configuration Center) is a launch point for all types of device or feature configurations supported in LMS.

The links to the device or feature configurations are classified under configurations related to:

Technologies and Services

Validated Designs

Configuration Tools

For more information, see Configuration Center.

Enhancements in Template Center

Grouping of templates

The templates in Template Center are grouped into:

Custom Templates—Lists all the user-defined templates assigned to the current user.

Cisco Best Practises Templates—Lists all the system-defined templates

Reference for each template

You can add a link or specify a file that provides additional information about the template. The reference files can have the following extensions: html, txt, csv, pdf, doc, docx, xls, xlsx, and have to be stored in the location:
NMSROOT\htdocs\config-templates-help (On Windows) and NMSROOT/htdocs/config-templates-help (On Solaris and Soft Appliance).

Tag templates

You can specify tags for your template. These tags can be used as filters for the templates. You can specify multiple tags for a single template, each tag should be comma separated.

Filter templates

Template Center has two types of filters:

Quick Filter

Advanced Filter

These filters provide various options for you to query and filter the required templates.

Multi-line Command Support

You can enter multi-line commands like, banner and crypto certificate commands, as a part of the templates in Template Center. The multi-line commands must be within the tag <MLTCMD> and </MLTCMD>. The commands within the MLTCMD tags are considered as a single command and will be downloaded as a single command onto the device

These tags are case-sensitive and you must enter them only in uppercase. You cannot start this tag with a space. You can have a blank line within a multi-line command.

For more information, see Managing and Deploying Templates.

Organization

The Configuration Management user guide is organized as follows:

Table 1-1 Configuration Management User Guide

Chapter
Description

Chapter 1 "Overview of Configuration Management" (This chapter)

Provides information on the organization of Configuration Management with Cisco Prime LMS user guide and an overview of the tasks in Configuration Management functionality.

Chapter 2 "About Configuration Dashboard"

Describes the Configuration Dashboard portlets in LMS.

Chapter 3 "Managing and Deploying Templates"

Describes how to manage configuration templates and deploy them on devices.

Chapter 4 "Making and Deploying Configuration Changes Using NetConfig"

Describes how to use the NetConfig feature in Configuration Management.

NetConfig allows you to make configuration changes to your managed network devices whose configurations are archived in the Configuration Archive.

Chapter 5 "Archiving Configurations and Managing them using Configuration Archive"

Describes how to use the Configuration Management feature.

Configuration Management gives you easy access to the configuration files for all devices or Cisco IOS-based Catalyst switches, Content Service Switches, Content Engines, and Cisco routers in the LMS inventory.

Chapter 6 "Using Baseline Templates to Check Configuration Compliance"

Describes how to use Compliance management task to create, deploy, manage baseline templates.

It also describes how to check for configuration compliance.

Chapter 7 "Editing and Deploying Configurations Using Config Editor"

Describes how to use the Config Editor task. Config Editor allows you to edit a configuration file that exists in the configuration archive.

Chapter 8 "Managing Software Images Using Software Management"

Describes how to use the Software Image Management tool in LMS.

To ensure rapid, reliable software upgrades, Software Management automates many steps associated with upgrade planning, scheduling, downloading, and monitoring.

Chapter 9 "Virtual Switching System Support"

Describes how to convert two standalone switches into a Virtual Switching System.

It also describes how to convert a Virtual Switching System back to standalone switches.

Chapter 10 "Configuring VLAN"

Describes how to configure and manage a Virtual Local Area Network (VLAN) in your network.

It also describes how to configure and manage a Private VLAN (PVLAN), Trunk, and also assign ports to VLANs.

Chapter 11, "Configuring Virtual Routing and Forwarding (VRF)"

Describes how to perform end-to-end VRF configurations in an enterprise network using LMS.

Chapter 12 "Viewing Topology Services"

Describes how to view and monitor your network including the links and the ports of each link using Topology Services in LMS.

Chapter A "CLI Utilities"

Describes how to use the CiscoWorks Command Line (CWCLI) utilities in LMS.


Configuration Management Tasks

This section provides an overview of the Configuration Management tasks supported in LMS. The information is organized as follows:

Configuration Tasks
Menu Navigation Path
Description
Dashboard

Configuration

Configuration > Dashboard: Configuration

You can view and configure the following configuration dashboard portlets:

Best Practices Deviation

Discrepancies

Job Information Status

Device Change Audit

Inventory Config Protocol Summary

Hardware Summary

Job Approval

Software Summary

Syslog Alerts

Compliance

Compliance Templates

Configuration > Compliance: Compliance Templates

You can perform the following compliance tasks:

Manage Baseline templates

Run compliance check

Deploy Baseline templates

Run compliance check and deploy jobs

Out-of-Sync Summary

Configuration > Compliance: Out-of-Sync Summary

You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.

Job Browsers

Compliance

Configuration > Job Browsers: Compliance

You can view the compliance check and deploy job status.

Configuration Archive

Configuration > Job Browsers: Configuration Archive

You can manage archive management jobs.

Template Center

Configuration > Job Browsers: Template Center

You can browse the template deployment jobs registered on the system. Using the Template Center, you can manage template jobs. That is, you can stop, delete, refresh, or filter jobs using this job browser. You can also view the template job details such as work order, device details, and job summary.

NetConfig

Configuration > Job Browsers: NetConfig

Using the c Job Browser, you can manage NetConfig jobs. That is, you can edit, stop, delete, or filter jobs using this job browser.

Software Image Management

Configuration > Job Browsers: Software Image Management

You can view all your scheduled Software Management jobs. You can edit, stop, delete the jobs using the Software Image Management Job Browser.

Config Editor

Configuration > Job Browsers: Config Editor

You can manage configuration editor jobs.

Job Approval

Configuration > Job Browsers: Job Approval

You can approve configuration jobs.

Tools

Template Center

Configuration > Tools: Template Center

Template Center in LMS provides you with a list of system-defined templates. These templates contain configuration commands that can be deployed on the devices in your network.

You can perform the following tasks from Template Center:

Deploying Templates

Managing Templates

Importing Templates

Assigning Template to users

Viewing and Managing Template Center Jobs

NetConfig

Configuration > Tools: NetConfig

You can perform the following NetConfig tasks:

Deploying NetConfig jobs

Assigning Tasks to users

User Defined Tasks

Config Editor

Configuration > Tools: Config Editor

You can open a configuration file, edit it, save it in a private location or in public location using the following tasks:

Open and edit config files

Save config files as private

Save config files as public

Software Image Management

Configuration > Tools: Software Image Management

You can perform the following Software Image Management tasks:

Patch Distribution

Software Distribution

Software Repository

Repository Synchronization

Upgrade Analysis

Software Management Jobs

Workflows

VLAN

Configuration > Workflows: VLAN

You perform the following VLAN tasks:

Configure VLAN

Delete VLAN

Create Private VLAN

Delete Private VLAN

Configure Port Assignment

Configure Promiscuous Ports

Create Trunk

Modify Trunk Attributes

VRF-lite

Configuration > Workflows: VRF-lite

You can perform the following Virtual Routing and Forwarding (VRF) tasks:

Create VRF

Edit VRF

Extend VRF

Delete VRF

Edge VLAN Configuration

Virtual Switching System

Configuration > Workflows: Virtual Switching System

You can convert two standalone switches into a Virtual Switching System or convert Virtual Switching System back to standalone switches.

Configuration Center

Configuration > Configuration Center

You can view all the launch points for all types of device or feature configurations supported in LMS.

Configuration Archive

Summary

Configuration > Configuration Archive: Summary

You can view the configuration archival status and summary.

Views

Configuration > Configuration Archive: Views

You can search archives using version tree and version summary. Views lists the following links:

Custom Queries

Search Archive

Version Summary

Version Tree

Synchronization

Configuration > Configuration Archive: Synchronization

You can schedule a job to update the configuration archive for selected group of devices.

Compare Configs

Configuration > Configuration Archive: Compare Configs

You can compare the following configurations:

Startup vs Running

Running vs Latest Archived

Two Versions of the Same Device

Two Versions of Different Devices

Base Config vs Latest Version of Multiple Devices

Label Configs

Configuration > Configuration Archive: Label Configs

A label is a name given to a group of customized selection of configuration files. You can select configuration files from different devices, group and label them.

Protocol Usage Summary

Configuration > Configuration Archive: Protocol Usage Summary

You can view the configuration protocol usage details for successful configuration fetches.

Topology

Topology Services

Configuration > Topology

You can launch Topology Services to view and monitor your network.


Configuration Center

Configuration Center is a launch point for all types of device or feature configurations supported in LMS.

The various device or feature configurations supported in LMS are

Configuration
Description
Technologies and Services

Auto Smartport

Auto Smartports macros dynamically configure switch ports based on the device type detected on the port.

You can

Assess Auto Smartports readiness of the network.

Upgrade IOS, wherever required, to make the device ASP capable.

Deploy Auto Smartports templates on selected devices.

Add or edit macros, system-defined, user-defined, or remote macro, associated to an event.

Enable or disable Auto Smartports on selected interfaces of the selected devices.

Modify or disable Auto Smartports configuration on ASP enabled devices.

Credential

You can

Configure or change enable or secret password to enter in enable mode on devices.

Configure local username and password authentication on devices.

Configure SSH.

Add, remove, and edit Telnet passwords.

EEM

You can configure Embedded Event Manager (EEM) scripts or applets, and configure EEM Environmental Variables on the devices.

You can

Configure EEM scripts or applets on selected devices.

Configure the EEM policy.

Register or unregister a script or applet.

Configure EEM environmental variables that are used by the TCL script.

EnergyWise

You can measure, monitor, and manage the way your devices consume energy.

You can

Assess EnergyWise readiness of the network.

Upgrade IOS, wherever required, to make the device EnergyWise capable.

Define EnergyWise domains.

Associate devices to the EnergyWise domain.

Define Endpoint group and configuring EnergyWise policies.

Gold

You can configure Boot Level Diagnositc tests and configure GOLD Monitoring tests on devices.

You can

Configure Boot Level diagnositc tests.

Configure GOLD monitoring tests.

Configure Health Monitoring diagnostics.

Enable or disable Health Monitoring diagnostics test.

Configure Health Monitoring interval.

Identity

Identity offers authentication, access control, and user policies to secure network resources and connectivity.

You can

Assess Identity readiness of the network.

Upgrade IOS, wherever required, to make the device Identity capable.

Configure RADIUS settings.

Configure security modes, authentication profile, and host mode.

Configure MACsec on capable devices.

MACsec

You can configure MACsec to provide secure, encrypted communication on wired LANs.

You can use this template to configure:

Security policy to be applied to the session after the supplicant passes 802.1x authentication.

Authentication Failure Policy.

MKA policy.

Performance Monitoring

You can configure the following for endpoints like Cisco Unified Video Advantage (CUVA), Cisco TelePresence Movi, Tandberg, and Webex Servers:

Configure a flow record to specify the fields you want to monitor.

Configure a policy to include one or more classes.

Reaction ID, jitter and threshold of lost packets.

You can configure a flow record and specify how the collected data is aggregated and presented.

PfR

Performance Routing provides best path optimization and load balancing of traffic over the WAN and to the Internet for enterprise networks with multiple paths.

You can:

Configure traffic classes for performance routing.

Configure performance metrics of these individual traffic classes.

Control the traffic by applying suitable traffic class and link policies.

Port Macros

You can configure Auto Smartport macros on devices.

You can

Enable or disable Auto Smartport at device level.

Apply or remove Auto Smartport policy definitions.

QoS

This template provides QoS macros to switch ports upon detection of a Medianet endpoint.

You can:

Select specific network traffic.

Prioritize it according to its relative importance.

Use QoS macros to provide preferential treatment of traffic in your network.

RSVP

Resource Reservation Protocol (RSVP) signals the QoS needs of an application's traffic, along the devices, in the end-to-end path through the network.

You can configure

User or application that requires an RSVP request.

Bandwidth that has to be reserved.

Admission policy that the devices use to admit the RSVP message.

SCH

You can use this template to enable Smart Call Home on MDS, Nexus, IOS and ASA platforms.

SGA

You can propagate the Security Group Tags (SGT) across network devices that do not have hardware support for Cisco TrustSec.

You can use this template to configure:

Default SGT Exchange Protocol (SXP) password.

SXP address connection.

Default SXP source IP address.

Smart Install

Smart Install is a configuration and image management feature that provides zero-touch deployment for new devices.

You can:

Assess the readiness of your network for Smart Install capable directors.

Upgrade IOS, wherever required, to make the device Smart Install capable.

Discover and enable Smart Install on Smart Install capable directors.

Manage configuration files and images of clients in the Smart Install director.

Configure DHCP settings for Smart Install.

SNMP

You can configure SNMP community strings, SNMP security feature, and SNMP traps on devices.

TACACS

You can configure:

TACACS authentication

TACACS+ authentication

RADIUS on devices

Video Conferencing

You can use this template to configure different video endpoints for video conferences.

You can configure three types of video profiles:

Homogeneous Video Conference

Heterogeneous Video Conference

Guaranteed Audio Conference

Video Transcoding

You can use this template to configure video transcoding when the bit rate, frame rate, resolution, or codec is different between two endpoints.

VLAN

You can configure and manage VLAN, Private VLAN (PVLAN), Trunk, and also assign ports to VLANs.

VRF-Lite

You can select Layer 2 or Layer 3 devices and configure VRF on the selected devices.

You can

Select the Layer 2 or Layer 3 devices from the Distribution Layer or the Core Layer.

Configure VRF on the selected devices.

Configure details of the VRF like: VRF Name, Route Distinguisher, and description of VRF.

Map an interface to a VRF.

Configure the routing protocol to the selected devices on which VRF is configured.

VSS

You can convert VSS-capable standalone switches to a Virtual Switching System.

You can

Select devices for VSS configuration

Perform hardware compatibility checks on the devices

Perform software compatibility checks on the devices and generate compliance report

Define configuration parameters

Deploy commands on the devices to enable VSS mode

Validated Designs
 

Access Switch Configuration

You can use this template to configure QoS, rate limiting, ACLs, OSPF for routed access, and IPv6 on Access switches.

Cisco Smart Business Architecture

This template provides resilience, QoS, security, and, scalability for Cisco Smart Business Architecture (SBA) networks.

Small Branch Configuration

You can use this template to configure security features like GETVPN, DMVPN, Firewall, IPS and unified communications.

Configuration Tools

NetConfig Templates

You can configure:

General Settings

NetConfig provides system-defined configuration tasks. You can create configuration commands by using these tasks All System-defined tasks are categorized into various task groups in the Tasks Selector.

User-defined tasks

You can create user-defined tasks and add one or more templates to each task. The templates contain configuration commands and rollback commands. You can enter the configuration commands either by typing them or by importing them from a file. The template is associated with the MDF categories of devices, for which these templates will be applicable.

Template Center

You can deploy system-defined templates and user-defined templates on devices in your network.

You can configure the following types of templates:

Custom Templates—Lists all the user-defined templates assigned to the current user.

Cisco Best Practises Templates—Lists all the system-defined templates