The Cisco Prime Infrastructure is a network management tool that supports lifecycle management of your entire network infrastructure from one graphical interface. Prime Infrastructure provides network administrators with a single solution for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices. Robust graphical interfaces make device deployments and operations simple and cost-effective.
Prime Infrastructure provides two different graphical user interfaces (from which you can switch back and forth by clicking the downward arrow next to your login name):
Lifecycle view, which is organized according to the home, design, deploy, operate, report and administer menus.
Classic view, which closely corresponds to the graphical user interface in Cisco Prime Network Control System 1.1 or Cisco Wireless Control System (WCS).
For more information on the Lifecycle view of the Prime Infrastructure features, see the following URL:
Extended Device Support and Scalability (Wired / Wireless)
– With Prime Infrastructure 2.0, you can manage up to 13,000 wired devices, up to 1,000 controllers, up to 20,000 Unified Access Points, up to 3,000 autonomous Access Points, and up to 1,000 Network Analysis Modules.
– Day-1 support of new Cisco devices and software releases helps ensure up-to-date coverage with no manageability gaps, which is provided through monthly IDUs-Incremental Device Updates.
Guided Workflow for Day1 Deployment
– Streamlined workflows facilitate design, deployment, and operational lifecycle tasks that align with user roles.
Plug and Play for Wired/Wireless Devices
Out-of-the-Box Best Practice Configuration for Optimized Deployment of Cisco Features and Technologies
– Model-based simplified workflow to assess the network for Cisco TrustSec 802.1x readiness and facilitate the deployment of network technologies and solutions, such as one-click AVC Configuration from device work center, Cisco TrustSec 802.1x and Zone-Based Firewall (ZBF), all based on Cisco best practices.
Support for Wireless LAN Controller (WLC) Release 7.4
Support for new hardware and software features introduced in WLC Release 7.4. This includes WLC 5760 controller, 3850 switch, virtual WLC platforms, AP 2600, AP 1550 with EPON interface, high availability with sub-second failover, Proxy Mobile IPv6, and other features.
Simplified Usability, Troubleshooting and Remediation to Improve application, services and the end-user experience
– Contextual dashboards and 360-degree User and Device views display only the most relevant information for fast and efficient troubleshooting and remediation.
Support for End-of-Sale/End-of-Life Lifecycle Management reports for hardware, software and modules.
Support for PSIRT reports detailing devices impacted by Cisco security advisories.
Enhanced API support and Out-of-the-Box scripts.
Mobility Work Center—The Mobility Work Center displays all mobility domains configured in the managed network using Prime Infrastructure.
Application Services Health Dashboard.
Automated baselines and dynamic thresholds for enhanced application visibility, monitoring and troubleshooting.
Embedded Packet Capture support for ASR.
In Cisco Prime Infrastructure 2.0, you can use WSMA (over SSHv2) for configuring specific features on the ASR and ISR devices.
The Cisco Easy VPN Remote eliminates much of this tedious work by implementing Cisco Unity Client Protocol, which allows most VPN parameters to be defined at a Cisco IOS Easy VPN server.
The Interfaces feature helps in setting up physical and logical interfaces. Physical interfaces on a device depend on the device type and its interface processors or port adapters.
Cisco AppNav, is a hardware and software solution that simplifies network integration of WAN optimization. It also overcomes the challenges related to provisioning, visibility, scalability, asymmetry, and high availability.
The Cisco Wide Area Application Services (Cisco WAAS) container is a powerful WAN optimization acceleration solution
This section contains important notes about Cisco Prime Infrastructure.
If you have a large, dynamic network with a high range of roaming, some of the Prime Infrastructure monitoring and configuring screens might show different data for the same devices. For some monitoring screens, Prime Infrastructure displays data it retrieves directly from the devices. For configuration screens, Prime Infrastructure polls the devices, and because polling takes longer because of the network load, the configuration data might not refresh quickly. This limitation occurs primarily on client management screens because of client roaming in wireless networks and the increasing size and client density in such networks. Currently there is no workaround, but in subsequent releases of Wireless Controller software and Prime Infrastructure, enhancements are planned to improve data collection.
To reset the Prime Infrastructure server back to default factory settings, you must reinstall Prime Infrastructure with the original software image.
To completely erase all data from the Prime Infrastructure physical appliance (for example, if you are disposing of the appliance and want to remove all data), follow these steps:
1. During the Prime Infrastructure server boot sequence, press Ctrl-H when prompted to enter the raid configuration screen.
2. Click on the virtual drive in the logical view.
3. Select the slow init operation to erase all data from the Prime Infrastructure physical appliance hard drive.
The CCX Client Statistics report does not contain client information from the Cisco 5760 Wireless Controller and Cisco Catalyst 3850 Series Switches.
Client Statistics—You will notice that the client statistics data displayed in the CLI output and Prime Infrastructure UI (in the Clients and Users page) are different. This is because the CLI output displays the upstream (data sent to client) and downstream (data received from client) packet/byte count from the AP’s point of view, whereas, the Prime Infrastructure UI displays the upstream (data sent to AP and network) and downstream (data received from AP and network) packet/byte count from client's point of view.
Support for Cisco 3850 and 5760 devices are available in the LifeCycle view only, that is, you can use the Lifecycle view to configure and monitor Cisco 3850 and 5760 devices while you can use the Classic view to manage the legacy controllers.
The administrator should perform a “Refresh Config from Controller” or “Sync” operation for each of the network devices in Prime Infrastructure after the devices are upgraded (or the version is changed). Similarly, the administrator should perform a “Refresh Config from Controller” or “Sync” operation for each network device in Prime Infrastructure after the Prime Infrastructure server is upgraded from one release to another. These operations should be performed so that Prime Infrastructure can discover all the new features.
After upgrading the software image for Cisco Catalyst 3850, you need to run the Switch Inventory task (Administration > Background Tasks > Switch Inventory) to update the Software Version field. This field is not updated as part of the Controller Inventory Background task or by enabling the Administration > System Settings > Controller Upgrade Settings > Auto Refresh After Upgrade option.
You cannot apply wIPS profile to WLC 7.5 and earlier release using Prime Infrastructure1.4.x or Prime Infrastructure 2.x with MSE 7.6 release.
SWIM Image Management and Supported Devices—Table 2 provides a brief overview about the different processes involved in managing software images and whether the processes are supported in the Unified Wireless LAN Controllers and devices.
Table 2 Software Image Management Processes and Supported Devices
Software Image Management Processes
3850 Cisco IOS
5760 Cisco IOS
Image import from device
Ability to import software image from devices that are already deployed to Prime Infrastructure. The software image can then be distributed to other devices.
Not supported because the software image cannot be reassembled into a package.
Image import from file
Ability to import software image from known location on a file server to Prime Infrastructure. The software image can then be distributed to other devices.
Image import from URL
Ability to import software image from network accessible locations (URI/URL) to Prime Infrastructure. The software image can then be distributed to other devices.
Image import from Cisco.com
Ability to import software image from a trusted Cisco website to Prime Infrastructure. The software image can then be distributed to other devices.
Ability to upgrade software image on the managed devices from Prime Infrastructure. This allows you to update software image for multiple devices based on demand or at a later point in time as scheduled. The feedback and status are displayed during the upgrade and devices can be restarted, if required. In large deployments, you can stagger reboots so that the service at a site is not completely down during the upgrade window.
Note Software image distribution for Cisco WiSM2 controllers is not supported.
Ability to recommend a compatible image for the devices that are managed from Prime Infrastructure.
Not supported because the flash requirement is not available.
Image upgrade analysis
Ability to analyze the software images to determine the hardware upgrades required before you can perform the software upgrade.
Not supported because there is no minimum requirement for RAM or ROM. The newly upgraded image replaces the existing image after an upgrade.
SWIM and Configuration Archives support for Devices during Cisco Prime Infrastructure releases—Table 3 outlines the devices that the software image management and configuration archives support during the various Prime Infrastructure releases.
Table 3 SWIM and Configuration Archives support for Devices during Prime Infrastructure Releases
The image import operation for Cisco 5760 Wireless Controller and Cisco Catalyst 3850 Series Switches will work if the image is in the form of a package. It is not supported if the image is a single file.
When a backup is taken from a server in one time zone and restored in a server from other time zone, if the time in the server where the backup is taken at the time of backup is ahead of the restored server time, the restore might fail.
The guest client count information does not take the virtual domain configuration into account and the same information appears on all virtual domains irrespective of whether the concerned devices are a part of the virtual domain or not.
After you upgrade to Prime Infrastructure 2.0 from an older version, it becomes unlicensed because the licensing for Assurance has changed in 2.0. This requires TAC help to generate a new license and apply it on the server post upgrade.
When the SSO solution fails back to local login, one would expect that local users (other than root) are able to log in as in TACACS/Radius. In a regular state, this is true and the local user which is not root can log in. If another SSO server is added while not resetting the AAA mode again to SSO, the local user cannot login to the Prime Infrastructure server.
Choose Operate > Device Work Center > Configuration. From the left panel, choose security > NAT > Interfaces. From the Interfaces page, change interface association from 'None' to 'Inside' or 'Outside', and click Save. The Interface Association returns to 'None' without providing any warning or error message.
The image is distributed and activated properly using UDI on a device, but after the device reloads the status of image in Prime Infrastructure shows a timeout failure. Also, any config push after that also times out and fails.
Evaluation license should be deleted automatically when permanent license is added. But in the backup/restore scenario, the permanent and evaluation licenses exist at same time and may be displayed in the UI. In this case there is no functional impact, except the user sees both licenses on the page.
Unable to log in to Prime Infrastructure in AAA mode as Radius/TACACS mode. This could happen when the backup taken from another server has Radius/TACACS servers configured and is restored on a server with a different IP address.
The Cisco CSR 1000v device does not boot up with image distributed from Cisco Prime Infrastructure 2.0. After copying the user-specified image in the device, the device reboots with the running image rather than the newly distributed image.
When an administrator wants to view clients associated to a specific controller and uses Client Count link for a controller on Monitor > Controllers page. The admin may see that on Client and Users page the number of clients associated to that devices shown are different.
When configuring WAN Optimization using Prime Infrastructure, if you configure the same Remote Device match conditions (that is, configure same remote device MAC) twice or more for the same class map (in the Class-Maps feature), you are unable to sync or delete the device.
Editing an existing zone-based firewall configuration (on the ISR-G2) which has references to ACLs containing 'network object-groups' or 'service object-groups' may fail. This is applicable both for the DWC firewall policy editor and to the zone-based-firewall feature template.
Mediatrace feature of Prime Infrastructure is unable to provide media path and media metrics information. While running Mediatrace from Prime Infrastructure user interface, you will encounter an error message indicating that WSMA is not enabled, even though you have applied the associated CLI configuration on the respective devices.
During restore of a backup over Prime Infrastructure (version 2.0), the restore may fail with a message that the swap space configured is not sufficient. This could happen if the backup that is being restored was taken on an appliance that was originally an NCS 1.x appliance, even though it may be currently running an upgraded version.
Changing the hostname causes the Day 0 Plug and Play deployment to fail when Prime Infrastructure and the Plug and Play gateway are running on the same server, and the deployment is done through the Plug and Play Gateway running on Prime Infrastructure server.
msrpc-smb-netbios and msrpc-smb-netbio both appear in the Applications list, but they refer the same application. If you change the ports of the msrpc-smb-netbio application, you get the following error from the device: %Unable to remove port-map entry. Port-map entry for application msrpc-smb-netbio is not found . If you add the msrpc-smb-netbio application to be part of a Zone-Based Firewall Service, you get the following error from the device: % Incomplete command .
Configuring a zone-based firewall policy with WSMA may lead to failures; thus, WSMA support for zone-based firewall configuration is disabled in this release. Prime Infrastructure uses plain CLI over Telnet/SSH to configure zone-based firewall policies.
A partial Inventory collection failure occurs when collecting zone-based-firewall-related inventory collection from a device with an ATM interface. This means zone-based firewall manageability on that device does not work.
When there are no devices on the server which supports AVC, if you go to Design > Templates > Application Visibility > AVC Configuration, a pop-up message displays: “NBAR-applications list file is not up-to-date, it is highly recommended to install the latest Prime NBAR-taxonomy software update.”
ASA devices are displayed as unsupported in the Device Work Center.
Applet files are failing in EEM (Embedded Event Manager) templates.
Show All templates option is not working in Configuration Groups.
Table 5 lists the Resolved Caveats in Cisco Prime Infrastructure Release 2.0.
Click the identifier to view the details of the caveat. This information is displayed in the Bug Toolkit . You can track the status of the resolved caveats, using the Bug Toolkit.
Table 5 Resolved Caveats
The high availability secondary server should be able to run a backup and restore to primary.
The Client Session traffic reports are drastically different when compared to the report generated by Cisco accounting software/third party tools.
Restore fails with RMAN exception (RMAN-00571) because of missing log files.
Data Cleanup takes long time.
Unable to import WLAN template in Prime Infrastructure 1.2.
Failed to restore the database.
The difference between the RMAN Archivelogs and the disk contents causes database crash.
The Jobs Dashboard page shows error, and does not display the jobs list.
Failed to delete a few devices added to the upgraded server.
Many alerts are reported by IP addresses instead of hostname.
The high availability sync fails with error
The high availability registration failed.
The contents of the backup need to be optimized by removing unnecessary content in some directories.
Prime Infrastructure stops responding while importing DWG.
Wrong details are pushed when configuration template has managed variables.
Plug and Play does not get triggered because of an issue with message broker configuration in messaging.properties.
Newly added devices are in the “In Progress” state forever.
Deleting Custom SNMP template causes incorrect data or process crash.
The client counts reported in Client Count report is inaccurate when the selected time period is beyond one day.
There is an issue with auto-provisioning on a controller via CSV file for MAC address.
Some recent records from BaseStation are missing.
In high availability setup, the WLC configuration backup fails when repository is set to local FTP/TFTP.
PnP Gateway server does not reconnect with Prime Infrastructure server.
Unable to delete third-party WLC from Device Work Center when selected from a third party device.
Audit mismatches or exceptions occur while saving a FlexConnect AP Group.
Cisco 3750E image wrongly recommended for plain 3750 from repository
The memory utilization data unavailable for Nexus 7000 Series switches.
Unable to create reports as connection refused on port 20566.
After running the conversation reports for the first time with specific HostIP either in Source or Destination field, Application Filter and Datasource Filter entries disappear.
FNF extension parameters that are added to the Voice Video Data template are not propagated to reports.
Error appears when you click 'run and save' on a custom FNF v5 report.
Non-default templates, Custom FNF and SNMP templates are not retained in upgrade, high availability and backup/restore.
Client discovery fails if the controller has more than 20k clients.
When v9 and v5 template fields match exactly, the template will appear under the v5 template folder.
Extension fields missing from ATR and VVD Conversation reports.
Getting read timeout error while performing high availability registration.
In the “Distribute Image and Location Selection”, sometimes distribute image name is not having the selected images.
Upgrade Analysis is not working for ASR series.
Provisioning not getting completed when triggered in VD with user Admin.
Plug and Play provisioning not getting completed when the profile has only image.
Templates with DB Variables are not getting pushed to the device.
Config push fails when the device name is long.
Error while accessing Web-Authentication and Web-Policy ACLs at AP level
Results shows incorrect client count when 11u option selected in dashlet.
The Combined Inventory report failed to run on an upgraded server.
Undeploy template which is mapped to another template fails without displaying the proper failure reason.
On a switch that is being managed by NCS, after upgrading the switch IOS image and performing a “Resync” from Device Work Center results in switch going to “Unmanaged” state.
Routers get into managed mode with warnings after sync operation.
Failback error occurs while creating instance direct: /opt/CSCOlumos
Custom NetFlow reports did not show any data when some of the parameters are not selected.
Appliance BnR on Prime Infrastructure 1.2.1 failed.
Failed to execute the database query in secondary database.
Restore fails because of Memory target Not supported error.
Blank page appears on all upgraded servers.
Show version on 184.108.40.206 upgrade to 220.127.116.11 shows 18.104.22.168
Need proper error message when invalid file was restored.
Upgrade bundle information needs to be documented in 1.2.1 Release Notes or Quick Start Guide.
NetFlow-based reports are not working properly though valid netflow is available.
Process is not coming up during a failover.
After failback is complete, the primary attempts to register in secondary. After attempting to register, an error appears in the secondary UI.
There is an issue in download to the client machine in the upgraded server.
Port Grouping: All members are showing as “none” after failback.
The Operate > Applications and Services page is blank.
When you deploy a profile, the CLI config is pushed on device and gateway sends status as “WARNING” to Prime Infrastructure. Prime Infrastructure shows the CLI config status in provisioning as “Failure”.
Search does not work properly on APs.
Data cleanup background task is failing.
Cannot load the results page after a completed Voice Diagnostic test is performed.
ACL counters are not working when migrating from WCS 7.0.230 to NCS 1.1.
Applied to Controller and Virtual Domain counts are not appearing.
The Delete button in Shunned Client Saved search is not working.
Unable to apply Rogue rule group in the LifeCycle view.
After you create Friendly AP template successfully, the template details are missing.
Error while backing up database.
Configuration and disable issue with LWAP template.
Unable to select search option after switching from one view to other.
Error shown while taking the backup from secondary server.
If an upgrade fails, Prime Infrastructure is not returned to its original, preupgrade attempt state.
Planning mode is extremely slow to open for the previously designed floors.
High availability state is showing as database uncertain.
Occasionally, the server will stop responding to GUI requests.
You are unable to select the reporting time and protocol fields after running the reports with non-default values/protocols.
Context-sensitive online help throws an HTTP 404 error when you launch it from the Reports page.
As the virtual domain information was not persisted along with the discovered devices, all the devices are going to default root-domain. Therefore, the devices are not retrieved in any other virtual domains other than the root-domain.
Prime Infrastructure displays “null” for device hostnames it cannot retrieve, and therefore incorrect information appears in some pages like Virtual Domains.
Discovery settings created in VD appear in root-domain.
Cisco WLC Distribution with SNMPv2 device fails.
At times, discovery of new access points takes a long time, which causes other background tasks to take a long time to complete.
In non-root Virtual Domain GUI, the logged-in user will find the feature configuration failing.
The image copy operation is successful but the reload does not happen with the new image.
The inventory.log is not purging and this results in the growing size of the log.
Config archive fails with device unreachable message.
Scrollbar is missing in the background task page.
If you log in through non-root domain, you are unable to select any configuration and bootstrap template.
If you run the operations that are not supported, they may cause problems.
Prime Infrastructure does not show device type information for clients.
Upgrading Google Chrome to version 29.0.1547.57 m causes error.
You can access additional Cisco Prime Infrastructure documentation at:
Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.