Prerequisites for Onboarding Devices
Before adding devices, you must ensure that the devices themselves are configured to collect and transmit telemetry data properly and communicate successfully with Cisco Crosswork Change Automation and Health Insights. The following sections provide sample configurations for a variety of communications options. Use them as a guide to configuring the devices you plan to manage using Cisco Crosswork Change Automation and Health Insights.
Pre-Onboarding SNMP v2 Device Configuration
Note |
Only users configured with privilege level 15 can use the NETCONF APIs. Privilege level 15 can be used to configure the "enable" password option in XE devices. In such cases, NETCONF should not be included as one of the protocols to verify reachability and operational state for the onboarded devices. |
Note |
Only SNMPv2 and SNMPv3 (NoAuth/NoPriv) traps are supported. |
The following commands provide a sample pre-onboarding device configuration that sets the correct SNMPv2 and NETCONF configuration, and SSH and Telnet rate limits. The NETCONF setting is only needed if the device is MDT-capable (XR 6.5.3/6.6.3 or higher).
logging console debugging
logging monitor debugging
telnet vrf default ipv4 server max-servers 100
telnet vrf default ipv6 server max-servers 100
crypto key generate rsa
line default
exec-timeout 0 0
width 107
length 37
absolute-timeout 0
!
snmp-server community public RO
snmp-server community robot-demo2 RO
snmp-server ifindex persist
ntp
server <NTPServerIPAddress>
!
service cli history size 5000
service cli interactive disable
ssh server v2
ssh server vrf default
ssh server netconf vrf default
ssh server logging
ssh server rate-limit 100
ssh server session-limit 100
grpc
port 57400
!
netconf agent tty
!
netconf-yang agent
ssh
!
Pre-Onboarding SNMPv3 Device Configuration
If you want to enable SNMPv3 data collection, repeat the SNMPv2 configuration commands in the previous section, and add the following commands:
snmp-server group grpauthpriv v3 priv notify v1default
snmp-server user <user-ID> grpauthpriv v3 auth md5 <password> priv aes 128 <password>
Pre-Onboarding SNMPv2 and SNMPv3 Trap Configuration
If you want the device to send SNMP traps to Cisco Crosswork Change Automation and Health Insights, use the following commands to perform a pre-onboarding device configuration and test for the trap version you want.
For SNMP v2 traps:
snmp-server trap link ietf
snmp-server host <CrossworkDataGatewaysouthboundIPAddress> traps version 2c cisco123 udp-port 1062
snmp-server community cisco123
snmp-server traps snmp linkup
snmp-server traps snmp linkdown
For SNMP v3 traps:
snmp-server trap link ietf
snmp-server host < CrossworkDataGatewaysouthboundIPAddress> traps version 3 cisco123 udp-port 1062
snmp-server community cisco123
snmp-server traps snmp linkup
snmp-server traps snmp linkdown
Please note that, for traps to be received, the node_ip field for the device as listed in the Cisco Crosswork Change Automation and Health Insights inventory must match the IP address of the device interface from which the traps are sent. If they do not, Cisco Crosswork Change Automation and Health Insights will reject the traps. Also, the device needs to be in ADMIN_UP state for traps to be received.