The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
You need to make the following configuration changes on these platforms for Discovery to work properly.
Feature |
Platform |
Required Configuration |
---|---|---|
Discovery (device inventory collection) |
Cisco ASR 9000 router or any other Cisco device that requires NETCONF support for their device pack. |
Configure NETCONF on these platforms. For information, see NETCONF Configuration. |
Discovery (host inventory collection) |
Devices connected to hosts using SNMP. |
Configure SNMP traps on these devices. For information, see SNMP Trap Configuration. |
Devices connected to hosts using IPDT. |
Enable IPDT for these devices. For information, see IP Device Tracking Configuration. |
|
Configure SNMP traps and object identifiers on these wireless LAN controllers. For information, see Wireless LAN Controller Configuration. |
You must enable the NETCONF protocol for the Cisco ASR 9000 router or for any other Cisco device that requires NETCONF support for their device pack. If NETCONF is not enabled, then the controller's inventory collection process will be incomplete for that device.
Note | Though NETCONF typically runs over SSH or on its own port, with the Cisco APIC-EM and for the Cisco ASR 9000 router NETCONF is run over a CLI session. |
For specific information about enabling NETCONF for your own Cisco device, refer to that device’s documentation. As an example, a typical configuration sequence on a terminal to enable NETCONF on a Cisco device is as follows:
#ssh server v2 #netconf agent tty #! #xml agent tty #! #commit #end #crypto key generate rsa
Note | The rsa key needs to be generated to succeed with SSH. For this reason, the crypto key generate rsa command needs to be executed in exec mode at the end of the configuration sequence if it has not already been done. |
To ensure that Cisco APIC-EM captures data about the hosts connected to your network devices, you must set up SNMP traps or notifications. Enter the following SNMP commands to set up SNMP traps on the devices that connect to hosts within your network:
Note | For Cisco Nexus devices, enter the following SNMP commands instead of the commands listed above: |
After configuring SNMP traps on the network devices, the following data is captured and made available in the controller's GUI:
The Cisco APIC-EM discovery function uses several protocols and methods to retrieve network information, such as hosts IP addresses, MAC addresses, and network attachment points. To use IP Device Tracking (IPDT) for discovery, you must manually enable IPDT on the devices and interfaces for this protocol to be used to collect host information. To enable IPDT on your devices, refer to your specific device documentation. For general information about IPDT, see IP Device Tracking (IPDT) Overview.
The Cisco APIC-EM accepts SNMP traps from several Cisco Wireless LAN Controllers (WLCs). The SNMP traps are used to update the host inventory database. You need to configure the WLCs so that the Cisco APIC-EM is the trap receiver, and the WLCs send the enhanced traps to the Cisco APIC-EM.
The following WLCs require SNMP traps to be enabled:
Cisco Series 2504 Wireless LAN Controller
Cisco Series 5508/5520 Wireless LAN Controller
Cisco Series 8510/8540 Wireless LAN Controller
The following table specifies the SNMP traps and object identifiers that must be set on the WLCs.
Trap Name |
OID |
---|---|
ciscoLwappDot11ClientAssocTrap |
1.3.6.1.4.1.9.9.599.0.9 |
ciscoLwappDot11ClientDeAuthenticatedTrap |
1.3.6.1.4.1.9.9.599.0.10 |
ciscoLwappDot11ClientMovedToRunStateNewTrap |
1.3.6.1.4.1.9.9.599.0.11 |
ciscoLwappDot11ClientMobilityTrap |
1.3.6.1.4.1.9.9.599.0.12 |
The following configurations must be set to enable the above SNMP traps:
config trapflags client enhanced-802.11-associate enable
config trapflags client enhanced-802.11-deauthenticate enable
config trapflags client enhanced-authentication enable
config trapflags client enhanced-802.11-stats enable
Note | When setting the SNMP traps on the WLCs, ensure you configure the IP address of the Cisco APIC-EM as the SNMP trap destination IP address. You set the Cisco APIC-EM IP address using the configuration wizard during the deployment process. For information about this process and the controller IP address, see the Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide for additional information. |