Overview of Configuration Management
Configuration Management in Cisco Prime LAN Management Solutions (LMS) allows you to manage, deploy, and modify the configuration files used by devices in your network. You can run tools that can compare configuration files and perform software image management tasks.
Configuration Dashboard in LMS provides information such as, date of last configuration change, status of the configuration jobs, summary of inventory configuration protocol, Hardware and Software summary.
You can create configuration jobs and also manage configuration archive settings. You can define baseline configuration templates and determine the devices that are non-compliant in your network.
You can perform VLANs configurations and Virtual Switching System (VSS) conversions.
This chapter provides information on the organization of the Configuration Management user guide, and an overview of Configuration Management tasks.
It explains:
•
What's New in LMS 4.1?
•Organization
•Configuration Management Tasks
•Configuration Center
What's New in LMS 4.1?
This section contains the following new features of the Configuration Management module of LMS:
•Configuration Center
•Enhancements in Template Center
Configuration Center
Configuration Center (Configuration > Configuration Center) is a launch point for all types of device or feature configurations supported in LMS.
The links to the device or feature configurations are classified under configurations related to:
•Technologies and Services
•Validated Designs
•Configuration Tools
For more information, see Configuration Center.
Enhancements in Template Center
•Grouping of templates
The templates in Template Center are grouped into:
–Custom Templates—Lists all the user-defined templates assigned to the current user.
–Cisco Best Practises Templates—Lists all the system-defined templates
•Reference for each template
You can add a link or specify a file that provides additional information about the template. The reference files can have the following extensions: html, txt, csv, pdf, doc, docx, xls, xlsx, and have to be stored in the location:
NMSROOT\htdocs\config-templates-help (On Windows) and NMSROOT/htdocs/config-templates-help (On Solaris and Soft Appliance).
•Tag templates
You can specify tags for your template. These tags can be used as filters for the templates. You can specify multiple tags for a single template, each tag should be comma separated.
•Filter templates
Template Center has two types of filters:
–Quick Filter
–Advanced Filter
These filters provide various options for you to query and filter the required templates.
•Multi-line Command Support
You can enter multi-line commands like, banner and crypto certificate commands, as a part of the templates in Template Center. The multi-line commands must be within the tag <MLTCMD> and </MLTCMD>. The commands within the MLTCMD tags are considered as a single command and will be downloaded as a single command onto the device
These tags are case-sensitive and you must enter them only in uppercase. You cannot start this tag with a space. You can have a blank line within a multi-line command.
For more information, see Managing and Deploying Templates.
Organization
The Configuration Management user guide is organized as follows:
Table 1-1 Configuration Management User Guide
|
|
|
Chapter 1 "Overview of Configuration Management" (This chapter) |
Provides information on the organization of Configuration Management with Cisco Prime LMS user guide and an overview of the tasks in Configuration Management functionality. |
Chapter 2 "About Configuration Dashboard" |
Describes the Configuration Dashboard portlets in LMS. |
Chapter 3 "Managing and Deploying Templates" |
Describes how to manage configuration templates and deploy them on devices. |
Chapter 4 "Making and Deploying Configuration Changes Using NetConfig" |
Describes how to use the NetConfig feature in Configuration Management. NetConfig allows you to make configuration changes to your managed network devices whose configurations are archived in the Configuration Archive. |
Chapter 5 "Archiving Configurations and Managing them using Configuration Archive" |
Describes how to use the Configuration Management feature. Configuration Management gives you easy access to the configuration files for all devices or Cisco IOS-based Catalyst switches, Content Service Switches, Content Engines, and Cisco routers in the LMS inventory. |
Chapter 6 "Using Baseline Templates to Check Configuration Compliance" |
Describes how to use Compliance management task to create, deploy, manage baseline templates. It also describes how to check for configuration compliance. |
Chapter 7 "Editing and Deploying Configurations Using Config Editor" |
Describes how to use the Config Editor task. Config Editor allows you to edit a configuration file that exists in the configuration archive. |
Chapter 8 "Managing Software Images Using Software Management" |
Describes how to use the Software Image Management tool in LMS. To ensure rapid, reliable software upgrades, Software Management automates many steps associated with upgrade planning, scheduling, downloading, and monitoring. |
Chapter 9 "Virtual Switching System Support" |
Describes how to convert two standalone switches into a Virtual Switching System. It also describes how to convert a Virtual Switching System back to standalone switches. |
Chapter 10 "Configuring VLAN" |
Describes how to configure and manage a Virtual Local Area Network (VLAN) in your network. It also describes how to configure and manage a Private VLAN (PVLAN), Trunk, and also assign ports to VLANs. |
Chapter 11, "Configuring Virtual Routing and Forwarding (VRF)" |
Describes how to perform end-to-end VRF configurations in an enterprise network using LMS. |
Chapter 12 "Viewing Topology Services" |
Describes how to view and monitor your network including the links and the ports of each link using Topology Services in LMS. |
Chapter A "CLI Utilities" |
Describes how to use the CiscoWorks Command Line (CWCLI) utilities in LMS. |
Configuration Management Tasks
This section provides an overview of the Configuration Management tasks supported in LMS. The information is organized as follows:
|
|
|
|
|
|
Configuration |
Configuration > Dashboard: Configuration |
You can view and configure the following configuration dashboard portlets: •Best Practices Deviation •Discrepancies •Job Information Status •Device Change Audit •Inventory Config Protocol Summary •Hardware Summary •Job Approval •Software Summary •Syslog Alerts |
|
|
Compliance Templates |
Configuration > Compliance: Compliance Templates |
You can perform the following compliance tasks: •Manage Baseline templates •Run compliance check •Deploy Baseline templates •Run compliance check and deploy jobs |
Out-of-Sync Summary |
Configuration > Compliance: Out-of-Sync Summary |
You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration. |
|
|
Compliance |
Configuration > Job Browsers: Compliance |
You can view the compliance check and deploy job status. |
Configuration Archive |
Configuration > Job Browsers: Configuration Archive |
You can manage archive management jobs. |
Template Center |
Configuration > Job Browsers: Template Center |
You can browse the template deployment jobs registered on the system. Using the Template Center, you can manage template jobs. That is, you can stop, delete, refresh, or filter jobs using this job browser. You can also view the template job details such as work order, device details, and job summary. |
NetConfig |
Configuration > Job Browsers: NetConfig |
Using the c Job Browser, you can manage NetConfig jobs. That is, you can edit, stop, delete, or filter jobs using this job browser. |
Software Image Management |
Configuration > Job Browsers: Software Image Management |
You can view all your scheduled Software Management jobs. You can edit, stop, delete the jobs using the Software Image Management Job Browser. |
Config Editor |
Configuration > Job Browsers: Config Editor |
You can manage configuration editor jobs. |
Job Approval |
Configuration > Job Browsers: Job Approval |
You can approve configuration jobs. |
|
|
Template Center |
Configuration > Tools: Template Center |
Template Center in LMS provides you with a list of system-defined templates. These templates contain configuration commands that can be deployed on the devices in your network. You can perform the following tasks from Template Center: •Deploying Templates •Managing Templates •Importing Templates •Assigning Template to users •Viewing and Managing Template Center Jobs |
NetConfig |
Configuration > Tools: NetConfig |
You can perform the following NetConfig tasks: •Deploying NetConfig jobs •Assigning Tasks to users •User Defined Tasks |
Config Editor |
Configuration > Tools: Config Editor |
You can open a configuration file, edit it, save it in a private location or in public location using the following tasks: •Open and edit config files •Save config files as private •Save config files as public |
Software Image Management |
Configuration > Tools: Software Image Management |
You can perform the following Software Image Management tasks: •Patch Distribution •Software Distribution •Software Repository •Repository Synchronization •Upgrade Analysis •Software Management Jobs |
|
|
VLAN |
Configuration > Workflows: VLAN |
You perform the following VLAN tasks: •Configure VLAN •Delete VLAN •Create Private VLAN •Delete Private VLAN •Configure Port Assignment •Configure Promiscuous Ports •Create Trunk •Modify Trunk Attributes |
VRF-lite |
Configuration > Workflows: VRF-lite |
You can perform the following Virtual Routing and Forwarding (VRF) tasks: •Create VRF •Edit VRF •Extend VRF •Delete VRF •Edge VLAN Configuration |
Virtual Switching System |
Configuration > Workflows: Virtual Switching System |
You can convert two standalone switches into a Virtual Switching System or convert Virtual Switching System back to standalone switches. |
|
|
Configuration > Configuration Center |
You can view all the launch points for all types of device or feature configurations supported in LMS. |
|
|
Summary |
Configuration > Configuration Archive: Summary |
You can view the configuration archival status and summary. |
Views |
Configuration > Configuration Archive: Views |
You can search archives using version tree and version summary. Views lists the following links: •Custom Queries •Search Archive •Version Summary •Version Tree |
Synchronization |
Configuration > Configuration Archive: Synchronization |
You can schedule a job to update the configuration archive for selected group of devices. |
Compare Configs |
Configuration > Configuration Archive: Compare Configs |
You can compare the following configurations: •Startup vs Running •Running vs Latest Archived •Two Versions of the Same Device •Two Versions of Different Devices •Base Config vs Latest Version of Multiple Devices |
Label Configs |
Configuration > Configuration Archive: Label Configs |
A label is a name given to a group of customized selection of configuration files. You can select configuration files from different devices, group and label them. |
Protocol Usage Summary |
Configuration > Configuration Archive: Protocol Usage Summary |
You can view the configuration protocol usage details for successful configuration fetches. |
|
|
Topology Services |
Configuration > Topology |
You can launch Topology Services to view and monitor your network. |
Configuration Center
Configuration Center is a launch point for all types of device or feature configurations supported in LMS.
The various device or feature configurations supported in LMS are
|
|
|
|
Technologies and Services
|
Auto Smartport |
Auto Smartports macros dynamically configure switch ports based on the device type detected on the port. You can •Assess Auto Smartports readiness of the network. •Upgrade IOS, wherever required, to make the device ASP capable. •Deploy Auto Smartports templates on selected devices. •Add or edit macros, system-defined, user-defined, or remote macro, associated to an event. •Enable or disable Auto Smartports on selected interfaces of the selected devices. •Modify or disable Auto Smartports configuration on ASP enabled devices. |
Credential |
You can •Configure or change enable or secret password to enter in enable mode on devices. •Configure local username and password authentication on devices. •Configure SSH. •Add, remove, and edit Telnet passwords. |
EEM |
You can configure Embedded Event Manager (EEM) scripts or applets, and configure EEM Environmental Variables on the devices. You can •Configure EEM scripts or applets on selected devices. •Configure the EEM policy. •Register or unregister a script or applet. •Configure EEM environmental variables that are used by the TCL script. |
EnergyWise |
You can measure, monitor, and manage the way your devices consume energy. You can •Assess EnergyWise readiness of the network. •Upgrade IOS, wherever required, to make the device EnergyWise capable. •Define EnergyWise domains. •Associate devices to the EnergyWise domain. •Define Endpoint group and configuring EnergyWise policies. |
Gold |
You can configure Boot Level Diagnositc tests and configure GOLD Monitoring tests on devices. You can •Configure Boot Level diagnositc tests. •Configure GOLD monitoring tests. •Configure Health Monitoring diagnostics. •Enable or disable Health Monitoring diagnostics test. •Configure Health Monitoring interval. |
Identity |
Identity offers authentication, access control, and user policies to secure network resources and connectivity. You can •Assess Identity readiness of the network. •Upgrade IOS, wherever required, to make the device Identity capable. •Configure RADIUS settings. •Configure security modes, authentication profile, and host mode. •Configure MACsec on capable devices. |
MACsec |
You can configure MACsec to provide secure, encrypted communication on wired LANs. You can use this template to configure: •Security policy to be applied to the session after the supplicant passes 802.1x authentication. •Authentication Failure Policy. •MKA policy. |
Performance Monitoring |
You can configure the following for endpoints like Cisco Unified Video Advantage (CUVA), Cisco TelePresence Movi, Tandberg, and Webex Servers: •Configure a flow record to specify the fields you want to monitor. •Configure a policy to include one or more classes. •Reaction ID, jitter and threshold of lost packets. You can configure a flow record and specify how the collected data is aggregated and presented. |
PfR |
Performance Routing provides best path optimization and load balancing of traffic over the WAN and to the Internet for enterprise networks with multiple paths. You can: •Configure traffic classes for performance routing. •Configure performance metrics of these individual traffic classes. •Control the traffic by applying suitable traffic class and link policies. |
Port Macros |
You can configure Auto Smartport macros on devices. You can •Enable or disable Auto Smartport at device level. •Apply or remove Auto Smartport policy definitions. |
QoS |
This template provides QoS macros to switch ports upon detection of a Medianet endpoint. You can: •Select specific network traffic. •Prioritize it according to its relative importance. •Use QoS macros to provide preferential treatment of traffic in your network. |
RSVP |
Resource Reservation Protocol (RSVP) signals the QoS needs of an application's traffic, along the devices, in the end-to-end path through the network. You can configure •User or application that requires an RSVP request. •Bandwidth that has to be reserved. •Admission policy that the devices use to admit the RSVP message. |
SCH |
You can use this template to enable Smart Call Home on MDS, Nexus, IOS and ASA platforms. |
SGA |
You can propagate the Security Group Tags (SGT) across network devices that do not have hardware support for Cisco TrustSec. You can use this template to configure: •Default SGT Exchange Protocol (SXP) password. •SXP address connection. •Default SXP source IP address. |
Smart Install |
Smart Install is a configuration and image management feature that provides zero-touch deployment for new devices. You can: •Assess the readiness of your network for Smart Install capable directors. •Upgrade IOS, wherever required, to make the device Smart Install capable. •Discover and enable Smart Install on Smart Install capable directors. •Manage configuration files and images of clients in the Smart Install director. •Configure DHCP settings for Smart Install. |
SNMP |
You can configure SNMP community strings, SNMP security feature, and SNMP traps on devices. |
TACACS |
You can configure: •TACACS authentication •TACACS+ authentication •RADIUS on devices |
Video Conferencing |
You can use this template to configure different video endpoints for video conferences. You can configure three types of video profiles: •Homogeneous Video Conference •Heterogeneous Video Conference •Guaranteed Audio Conference |
Video Transcoding |
You can use this template to configure video transcoding when the bit rate, frame rate, resolution, or codec is different between two endpoints. |
VLAN |
You can configure and manage VLAN, Private VLAN (PVLAN), Trunk, and also assign ports to VLANs. |
VRF-Lite |
You can select Layer 2 or Layer 3 devices and configure VRF on the selected devices. You can •Select the Layer 2 or Layer 3 devices from the Distribution Layer or the Core Layer. •Configure VRF on the selected devices. •Configure details of the VRF like: VRF Name, Route Distinguisher, and description of VRF. •Map an interface to a VRF. •Configure the routing protocol to the selected devices on which VRF is configured. |
VSS |
You can convert VSS-capable standalone switches to a Virtual Switching System. You can •Select devices for VSS configuration •Perform hardware compatibility checks on the devices •Perform software compatibility checks on the devices and generate compliance report •Define configuration parameters •Deploy commands on the devices to enable VSS mode |
|
|
|
Access Switch Configuration |
You can use this template to configure QoS, rate limiting, ACLs, OSPF for routed access, and IPv6 on Access switches. |
Cisco Smart Business Architecture |
This template provides resilience, QoS, security, and, scalability for Cisco Smart Business Architecture (SBA) networks. |
Small Branch Configuration |
You can use this template to configure security features like GETVPN, DMVPN, Firewall, IPS and unified communications. |
|
|
NetConfig Templates
|
You can configure: •General Settings NetConfig provides system-defined configuration tasks. You can create configuration commands by using these tasks All System-defined tasks are categorized into various task groups in the Tasks Selector. •User-defined tasks You can create user-defined tasks and add one or more templates to each task. The templates contain configuration commands and rollback commands. You can enter the configuration commands either by typing them or by importing them from a file. The template is associated with the MDF categories of devices, for which these templates will be applicable. |
Template Center |
You can deploy system-defined templates and user-defined templates on devices in your network. You can configure the following types of templates: •Custom Templates—Lists all the user-defined templates assigned to the current user. •Cisco Best Practises Templates—Lists all the system-defined templates |
Feedback