Cisco Prime Infrastructure Configuration Guide, Release 1.2
Chapter 4: Performing Maintenance Operations
Downloads: This chapterpdf (PDF - 155.0KB) The complete bookPDF (PDF - 15.04MB) | Feedback

Table of Contents

Performing Maintenance Operations

Information About Maintenance Operations

Performing System Tasks

Adding a Controller to Prime Infrastructure Database

Using Prime Infrastructure to Update System Software

Downloading Vendor Device Certificates

Downloading Vendor CA Certificates

Using Prime Infrastructure to Enable Long Preambles for SpectraLink NetLink Phones

Creating an RF Calibration Model

Performing Prime Infrastructure Operations

Verifying the Status of Prime Infrastructure

Stopping Prime Infrastructure

Backing Up Prime Infrastructure Database

Scheduling Automatic Backups

Performing a Manual Backup

Restoring Prime Infrastructure Database

Restoring Prime Infrastructure Database

Restoring Prime Infrastructure Database in a High Availability Environment

Upgrading WCS to Prime Infrastructure

Upgrading Prime Infrastructure in a High Availability Environment

Upgrading the Network

Reinitializing the Database

Recovering Prime Infrastructure Password

Performing Disk Cleanup

Performing Maintenance Operations

You can perform the actions at the system level, such as updating system softwares or downloading certificates that can be used with many items.

This chapter describes the system level tasks to perform with Cisco Prime Infrastructure. It contains the following sections:

Information About Maintenance Operations

A system-level task is a collection of tasks that relate to operations that apply to Prime Infrastructure database as a whole. System tasks also include restoring Prime Infrastructure database. For more information, see the “Restoring Prime Infrastructure Database” section.

Performing System Tasks

This sections describes how to use Prime Infrastructure to perform system-level tasks. This section contains the following topics:

Adding a Controller to Prime Infrastructure Database

To add a controller to Prime Infrastructure database, follow these steps:


Note We recommend that you manage controllers through the controller dedicated service port for improved security. However, when you manage controllers that do not have a service port (such as 2000 series controllers) or for which the service port is disabled, you must manage those controllers through the controller management interface.



Step 1 Log into Prime Infrastructure user interface.

Step 2 Choose Configure > Controllers to display the All Controllers page.

Step 3 From the Select a command drop-down list, choose Add Controller, and click Go.

Step 4 In the Add Controller page, enter the controller IP address, network mask, and required SNMP settings.

Step 5 Click OK. Prime Infrastructure displays a Please Wait dialog box while it contacts the controller and adds the current controller configuration to Prime Infrastructure database. It then returns you to the Add Controller page.

Step 6 If Prime Infrastructure does not find a controller at the IP address that you entered for the controller, the Discovery Status dialog displays this message:

No response from device, check SNMP.

Check these settings to correct the problem:

  • The controller service port IP address might be set incorrectly. Check the service port setting on the controller.
  • Prime Infrastructure might not have been able to contact the controller. Make sure that you can ping the controller from Prime Infrastructure server.
  • The SNMP settings on the controller might not match the SNMP settings that you entered in Prime Infrastructure. Make sure that the SNMP settings configured on the controller match the settings that you entered in Prime Infrastructure.

Step 7 Add additional controllers if desired.


 

Using Prime Infrastructure to Update System Software

To update controller (and access point) software using Prime Infrastructure, follow these steps:


Step 1 Enter the ping ip-address command to be sure that Prime Infrastructure server can contact the controller. If you use an external TFTP server, enter the ping ip-address command to be sure that Prime Infrastructure server can contact the TFTP server.


Note When you are downloading through a controller distribution system (DS) network port, the TFTP server can be on the same or a different subnet because the DS port is routable.


Step 2 Choose Configure > Controllers to navigate to the All Controllers page.

Step 3 Select the check box of the desired controller, choose Download Software (TFTP or FTP) from the Select a command drop-down list, and click Go. Prime Infrastructure displays the Download Software to Controller page.

Step 4 If you use the built-in Prime Infrastructure TFTP server, choose Default Server from the Server Name drop-down list box. If you use an external TFTP server, choose New from the Server Name drop-down list box and add the external TFTP server IP address.

Step 5 Enter the file path and server file name in their respective text boxes (for example, AS_2000_release.aes for 2000 series controllers). The files are uploaded to the root directory which was configured for use by the TFTP server. You can change to a different directory.


Note Be sure that you have the correct software file for your controller.


Step 6 Click Download . Prime Infrastructure downloads the software to the controller, and the controller writes the code to flash RAM. As Prime Infrastructure performs this function, it displays its progress in the Status field.


 

Downloading Vendor Device Certificates

Each wireless device (controller, access point, and client) has its own device certificates. For example, the controller is shipped with a Cisco-installed device certificate. This certificate is used by EAP-TLS and EAP-FAST (when not using PACs) to authenticate wireless clients during local EAP authentication. However, if you want to use your own vendor-specific device certificate, it must be downloaded to the controller.

To download a vendor-specific device certificate to the controller, follow these steps:


Step 1 Choose Configure > Controllers.

Step 2 You can download the certificates in one of two ways:

a. Select the check box of the controller you choose.

b. Choose Download Vendor Device Certificate from the Select a command drop-down list, and click Go.

or

a. Click the URL of the desired controller in the IP Address column.

b. Choose System > Commands from the left sidebar menu.

c. Choose TFTP or FTP in the Upload/Download Command section.

d. Choose Download Vendor Device Certificate from the Upload/Download Commands drop-down list, and click Go.

Step 3 In the Certificate Password text box, enter the password which was used to protect the certificate.

Step 4 Specify if the certificate to download is on the TFTP server or on the local machine. If it is on the TFTP server, the name must be supplied in the Server File Name field. If the certificate is on the local machine, you must specify the file path in the Local File Name field using the Choose File button.

Step 5 Enter the TFTP server name in the Server Name field. The default is for Prime Infrastructure server to act as the TFTP server.

Step 6 Enter the server IP address.

Step 7 In the Maximum Retries text box, enter the maximum number of times that the TFTP server attempts to download the certificate.

Step 8 In the Timeout text box, enter the amount of time (in seconds) that the TFTP server attempts to download the certificate.

Step 9 In the Local File Name text box, enter the directory path of the certificate.

Step 10 Click OK.


 

Downloading Vendor CA Certificates

Controllers and access points have a certificate authority (CA) certificate that is used to sign and validate device certificates. The controller is shipped with a Cisco-installed CA certificate. This certificate might be used by EAP-TLS and EAP-FAST (when not using PACs) to authenticate wireless clients during local EAP authentication. However, if you want to use your own vendor-specific CA certificate, it must be downloaded to the controller. To download vendor CA certificate to the controller, follow the instructions:


Step 1 Choose Configure > Controllers.

Step 2 You can download the certificates in one of two ways:

a. Select the check box of the controller you choose.

b. Choose Download Vendor CA Certificate from the Select a command drop-down list, and click Go.

or

a. Click the URL of the desired controller in the IP Address column.

b. Choose System > Command s from the left sidebar menu.

c. Choose Download Vendor CA Certificate from the Upload/Download Commands drop-down list, and click Go.

Step 3 Specify if the certificate to download is on the TFTP server or on the local machine. If it is on the TFTP server, the name must be supplied in the Server File Name field in Click OK. . If the certificate is on the local machine, you must specify the file path in the Local File Name field in In the Local File Name text box, enter the directory path of the certificate. using the Browse button.

Step 4 Enter the TFTP server name in the Server Name field. The default is for Prime Infrastructure server to act as the TFTP server.

Step 5 Enter the server IP address.

Step 6 In the Maximum Retries text box, enter the maximum number of times that the TFTP server attempts to download the certificate.

Step 7 In the Timeout text box, enter the amount of time (in seconds) that the TFTP server attempts to download the certificate.

Step 8 In the Local File Name text box, enter the directory path of the certificate.

Step 9 Click OK.


 

Using Prime Infrastructure to Enable Long Preambles for SpectraLink NetLink Phones

A radio preamble (sometimes called a header) is a section of data at the head of a packet. It contains information that wireless devices need when sending and receiving packets. Short preambles improve throughput performance, so they are enabled by default. However, some wireless devices, such as SpectraLink NetLink phones, require long preambles.

To optimize the operation of SpectraLink NetLink phones on your wireless LAN, to use Prime Infrastructure to enable long preambles, follow these steps:


Step 1 Log into Prime Infrastructure user interface.

Step 2 Choose Configure > Controllers to navigate to the All Controllers page.

Step 3 Click the IP address of the desired controller.

Step 4 From the left sidebar menu, choose 802.11b/g/n > Parameters.

Step 5 If the IP Address > 802.11b/g/n Parameters page shows that short preambles are enabled, continue to the next step. However, if short preambles are disabled, which means that long preambles are enabled, the controller is already optimized for SpectraLink NetLink phones, and you do not need to continue this procedure.

Step 6 Enable long preambles by unselecting the Short Preamble check box.

Step 7 Click Save to update the controller configuration.

Step 8 To save the controller configuration, choose System > Commands from the left sidebar menu, choose Save Config To Flash from the Administrative Commands drop-down list, and click Go.

Step 9 To reboot the controller, choose Reboot from the Administrative Commands drop-down list and click Go.

Step 10 Click OK when the following message appears.

Please save configuration by clicking “Save Config to flash”. Do you want to continue rebooting anyways?
 

The controller reboots. This process might take some time, during which Prime Infrastructure loses its connection to the controller.


Note You can view the controller reboot process with a command-line interface session.



 

Creating an RF Calibration Model

If you would like to further refine Prime Infrastructure Location tracking of client and rogue access points across one or more floors of a building, you have the option of creating an RF calibration model that uses physically collected RF measurements to fine-tune the location algorithm. When you have multiple floors in a building with the same physical layout as the calibrated floor, you can save time calibrating the remaining floors by using the same RF calibration model for the remaining floors.

The calibration models are used as RF overlays with measured RF signal characteristics that can be applied to different floor areas. This allows the Cisco Unified Wireless Network Solution installation team to lay out one floor in a multi-floor area, use the RF calibration tool to measure and save the RF characteristics of that floor as a new calibration model, and apply that calibration model to all the other floors with the same physical layout.

Performing Prime Infrastructure Operations

This section contains the following topics:

Verifying the Status of Prime Infrastructure

This section provides instructions for checking the status of Prime Infrastructure. To check the status of Prime Infrastructure. You can check the status at any time, follow these steps:


Step 1 Log into the system as admin.

Step 2 Using the CARS command-line interface, enter ncs status command.

The command-line interface displays messages indicating the status of Prime Infrastructure.


 

Stopping Prime Infrastructure

This section provides instructions for stopping Prime Infrastructure. You can stop Prime Infrastructure at any time. To stop Prime Infrastructure, follow these steps:


Note If any users are logged in when you stop Prime Infrastructure, their Prime Infrastructure sessions stop functioning.



Step 1 Log into the system as admin.


Note To see which version of Prime Infrastructure you currently have installed, enter show application version ncs.


Step 2 Using the CARS command-line interface, enter ncs stop command.

The command-line interface displays messages indicating that Prime Infrastructure is stopping.


 

Backing Up Prime Infrastructure Database

This section provides instructions for backing up Prime Infrastructure database. You can schedule regular backups through Prime Infrastructure user interface or manually initiate a backup. The following files are backed up using, both Prime Infrastructure user interface and command-line interface:

  • Oracle database
  • Maps
  • Report files
  • Accuracy files used for generating reports
  • USERMGT file

The device configurations are obtained from the devices in the back up files.


Note Machine specific settings (such as FTP enable and disable, FTP port, FTP root directory, TFTP enable and disable, TFTP port, TFTP root directory, HTTP forward enable and disable, HTTP port, HTTPS port, report repository directory, and all high availability settings) are not included in the backup and restore function if the backup is restored to a different device.


This section contains the following topics:

Scheduling Automatic Backups

To schedule automatic backups of Prime Infrastructure database, follow these steps:


Step 1 Log into Prime Infrastructure user interface.

Step 2 Choose Administration > Background Tasks to display the Scheduled Tasks page.

Step 3 Click NCS Server Backup task.

Step 4 Select the Enabled check box.

Step 5 At the Backup Repository field, Choose an existing backup repository, or click Create to create a new repository.

Step 6 If you are backing up in remote location, select the FTP Repository check box. You need to enter the FTP location, username, and password of the remote machine.

Step 7 In the Interval (Days) text box, enter a number representing the number of days between each backup. For example, 1 = a daily backup, 2 = a backup every other day, 7 = a weekly backup, and so on.

Range: 1 to 360

Default: 7

Step 8 In the Time of Day text box, enter the time when you want the backup to start. It must be in this format: hh:mm AM/PM (for example: 03:00 AM).


Note Backing up a large database affects the performance of Prime Infrastructure server. Therefore, we recommend that you schedule backups to run when Prime Infrastructure server is idle (for example, in the middle of the night).


Step 9 Click Submit to save your settings. The backup file is saved as a .zip file in the ftp-install-dir/ftp-server/admin/NCSBackup directory using this format: dd-mmm-yy_ hh-mm-ss.zip
(for example, 11-Nov-05_10-30-00.zip).


 

Performing a Manual Backup

To back up Prime Infrastructure database, follow these steps:


Note We recommend that you do a backup using the User Interface when the system is running. To do this, choose Administration > Background Tasks, select the NCS Server Backup task, and then select Execute Now.



Step 1 Log into the system as admin.

Step 2 You can perform a backup using the command-line interface.

Step 3 Back up the application data to the repository (local or remote) by entering the following command:

backup testbackup repository backup_repo application NCS


 

Restoring Prime Infrastructure Database

This section provides instructions for restoring Prime Infrastructure database. This section contains the following topics:

Restoring Prime Infrastructure Database

If you are restoring Prime Infrastructure database in a high availability environment, see the “Restoring Prime Infrastructure Database in a High Availability Environment” section. To restore Prime Infrastructure database from a backup file. follow these steps:


Step 1 To view all local repository backups, enter the following command:

show repository backup_repo


Note If possible, stop all Prime Infrastructure user interfaces to stabilize the database.


Step 2 Manually shut down the platform using the ncs stop command.

Step 3 Restore the application backup by entering the following command:

restore backup gpg file repository repository name application NCS

Step 4 Click Yes if a message appears indicating that Prime Infrastructure is running and needs to be shut down.

The command-line interface displays messages indicating that Prime Infrastructure database is being restored.


 

Restoring Prime Infrastructure Database in a High Availability Environment

During installation, you were prompted to determine if a secondary Prime Infrastructure server would be used for high availability support to the primary Prime Infrastructure server. If you opted for this high availability environment and enabled it in the Administration > High Availability page, the status appears as HA enabled. Before restoring a database, you must convert the status to HA not configured.


Caution You should not upgrade the system while the system is in HA enabled mode. If you attempt to restore the database while the status is set to HA enabled, unexpected results might occur.

To change the status from HA enabled to HA not configured, do the following

  • Choose Administration > High Availability .
  • Click Remove in the HA Configuration page.

The primary server is now in HA Not Configured mode, and you can safely restore the data from the backup.

Once the data is successfully restored and the system is operational, reestablish the HA between the primary and the secondary systems.


 

Upgrading WCS to Prime Infrastructure

A direct upgrade from a WCS release to Prime Infrastructure 1.2 is not supported. You must first upgrade to an NCS 1.1 release, and then upgrade to Prime Infrastructure 1.2.

Prime Infrastructure supports data migration in the NCS Releases 1.0.2.29, 1.1.0.58, and 1.1.1.24. Before you migrate from an NCS release to Prime Infrastructure 1.2, you must perform the following:

  • Install the ‘disk space management’ patch to the existing system.
  • Ensure that you perform a backup before attempting to upgrade.
  • Use a console connection when you upgrade, to avoid Telnet/SSH terminal timeouts.
  • Remove high availability before performing the upgrade.

For detailed information about the application upgrade, see the following URL:

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/quickstart/guide/cpi_qsg.html#wp56675

If you are upgrading to Prime Infrastructure in a high availability environment, see the “Upgrading Prime Infrastructure in a High Availability Environment” section.

Upgrading Prime Infrastructure in a High Availability Environment

If you have a primary and secondary Prime Infrastructure, follow these steps for a successful upgrade:


Step 1 You must first remove the HA configuration with the following steps:

a. Log in to the primary Prime Infrastructure server.

b. Choose Administration > High Availability , and choose HA Configuration from the left sidebar menu.

c. Click Remove to remove the HA configuration.


Note It might take a few minutes for the remove to complete.


Step 2 You must first upgrade the secondary Prime Infrastructure with the following steps:

a. Shut down the secondary Prime Infrastructure. See the “Stopping Prime Infrastructure” section for more information.


Note You can use ncs stop for a graceful shut down. A graceful shut down does not trigger the automatic failover.


b. Perform an upgrade on the secondary Prime Infrastructure.

c. Start the secondary Prime Infrastructure.


Note It attempts to reconnect to the primary Prime Infrastructure, but a version mismatch error is returned.


Step 3 Upgrade the primary Prime Infrastructure.

a. Shut down the primary Prime Infrastructure. See the “Stopping Prime Infrastructure” section for more information.

b. Perform an upgrade on the primary Prime Infrastructure.

c. Start the primary Prime Infrastructure.

Step 4 Enable HA again on the primary Prime Infrastructure.

a. Login to the primary Prime Infrastructure server.

b. Choose Administration > High Availability and select HA Configuration from the left sidebar menu.

c. Enter the HA configuration settings and click Save to enable high availability.


 

Upgrading the Network

Network upgrades must follow a recommended procedure so that databases can remain synchronized with each other. For example, You cannot upgrade the controller portion of the network to a newer release but maintain the current Prime Infrastructure version and not upgrade it. The supported order of upgrade is Prime Infrastructure first, followed by the controller, and then any additional devices.

Reinitializing the Database

If you need to reset the database because of a synchronization problem or a corruption of some type, enter ncs db reinitdb to reinitialize the database.

Recovering Prime Infrastructure Password

You can change the Prime Infrastructure application root user or FTP user password. This option provides a safeguard if you lose the root password. An executable was added to the installer /bin directory (passwd.bat for Windows and passwd.sh for Linux). To recover the passwords and regain access, follow these steps:


Note If you are a Linux user, you must be the root user to run the command.



Note In Linux, use the passwd.sh to change the NCS password. The passwd is a built-in Linux command to change the OS password.



Step 1 Log in to the Prime Infrastructure command-line interface as an admin user.

Step 2 Run the following command:

ncs password root password password

Where password is the root user login password. You can enter a password not exceeding 80 characters.

Example of the command usage:

ncs-appliance/admin# ncs password root password ?
 
<WORD> Type in root user login password (Max Size - 80)
 

You should now be able to login to Prime Infrastructure web interface with the new root password.


 

Performing Disk Cleanup

When Prime Infrastructure is running low on disk space, an alarm is raised in the system. Also, the following error appears as a pop-up dialog box.

The system is running low on diskspace, please refer to online help to perform disk cleanup.

To resolve this issue, use the following CLI command:

ncs cleanup

You can use this command to free up and reclaim disk space.

For more information, see the “Performing Disk Cleanup” section.