Creating Feature-Level Configuration Templates
Prime Infrastructure provides the following types of feature-level configuration templates:
- Features and technologies templates—Configurations that are specific to a feature or technology in a device’s configuration. See Creating Features and Technologies Templates.
- CLI templates—User-defined templates that are created based on your own parameters. CLI templates allow you to choose the elements in the configurations. Prime Infrastructure provides variables that you replace with actual values and logic statements. You can also import templates from the Cisco Prime LAN Management System. See Updating Passwords.
- Composite templates—Two or more feature or CLI templates grouped together into one template. You specify the order in which the templates contained in the composite template are deployed to devices. See Creating Composite Templates.
Note
All templates must be published before they can be deployed to devices.
Creating and Deploying Feature-Level Configuration Templates
To create and deploy a feature-level configuration template, follow these steps:
Step 1
Choose Design > Configuration , choose the type of template, and complete the required fields. For information about the field descriptions, see the Cisco Prime Infrastructure 2.0 Reference Guide.
Step 2
Navigate to the My Templates folder, choose the template that you want to deploy, then click the Publish icon to publish the template.
After you publish a configuration task template, you can specify devices, values, and scheduling information to tailor your deployment (see Deploying and Monitoring Configuration Tasks).
Step 3
Click Deploy to deploy the template.
Step 4
To verify the status of the template deployment, choose Administration > Jobs Dashboard.
Creating Features and Technologies Templates
Features and Technologies templates are templates that are based on device configuration and that focus on specific features or technologies in a device’s configuration.
When you add a device to Prime Infrastructure, Prime Infrastructure gathers the device configuration for the model you added. Prime Infrastructure does not support every configurable option for all device types. If Prime Infrastructure does not have a Features and Technologies template for the specific feature or parameter that you want to configure, create a CLI template (see Creating CLI Configuration Templates).
Features and Technologies templates simplify the deployment of configuration changes. For example, you can create an SNMP Features and Technologies template and then quickly deploy it to devices you specify. You can also add this SNMP template to a composite template (see Creating Composite Templates). Then later, when you update the SNMP template, the composite template in which the SNMP template is contained automatically has your latest changes.
To create a Features and Technologies template, follow these steps:
Step 1
Choose Design > Configuration > Feature Design.
Step 2
In the Features and Technologies menu on the left, choose a template type to create.
Step 3
Complete the fields for that template.
If you are creating a feature template that applies only to a particular device type, the Device Type field lists only the applicable device type, and you cannot change the selection. Specifying a device type helps you to prevent a mismatch; that is, you cannot create a configuration and apply the configuration to a wrong device.
For information about the field descriptions, see the Cisco Prime Infrastructure 2.0 Reference Guide.
Step 4
Click Save as New Template. After you save the template, deploy it to your devices using the procedures in Creating and Deploying Feature-Level Configuration Templates.
Step 5
To verify the status of a template deployment, choose Administration > Jobs Dashboard.
Creating CLI Templates
CLI is a set of re-usable device configuration commands with the ability to parameterize select elements of the configuration as well as add control logic statements. This template is used to generate a device deployable configuration by replacing the parameterized elements (variables) with actual values and evaluating the control logic statements.
This section includes the following topics:
Prerequisites for Creating CLI Templates
Before you create a CLI template, you must:
- Have expert knowledge and understanding of the CLI and be able to write the CLI in Apache VTL. For more information about Apache Velocity Template Language, see http://velocity.apache.org/engine/devel/vtl-reference-guide.html.
- Understand to what devices the CLI you create can be applied.
- Understand the data types supported by Prime Infrastructure.
- Understand and be able to manually label configurations in the template.
- To know how to use variables and data types, see the “Variables and Data Types” section.
Creating CLI Configuration Templates
Use templates to define device parameters and settings, which you can later deploy to a specified number of devices based on device type.
Before You Begin
Make sure you have satisfied the prerequisites (see Prerequisites for Creating CLI Templates).
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Expand the CLI Templates folder, then click CLI.
Step 3
Enter the required information.
a.
In the OS Version field, you can specify an OS image version so that you can filter out devices older than the one you specified.
a.
In the Template Detail section, click the Manage Variables icon (above the CLI Content field).
This allows you to specify a variable for which you will define a value when you deploy the template.
b.
Click Add Row and enter the parameters for the new variable (see the “Variables and Data Types” section), then click Save.
c.
Enter the CLI information. In the CLI field, you must enter code using Apache VTL (see http://velocity.apache.org/engine/devel/vtl-reference-guide.html). For more information about different CLI command formats, see:
–
Adding Multi-line Commands
–
Adding Enable Mode Commands
–
Adding Interactive Commands
d.
(Optional) To change the variables, click Form View (a read-only view), click the Manage Variables icon, then make your changes (see the “Variables and Data Types” section).
Step 4
Click Save As New Template.
Step 5
Click Publish to publish the template, click Deploy and specify the deployment options (see Creating and Deploying Feature-Level Configuration Templates), then click OK.
Step 6
To verify the status of a template deployment, choose Administration > Jobs Dashboard.
Note
To duplicate a CLI template, expand the System Templates - CLI, hover your mouse cursor over the quick view picker icon next to CLI, and then click Duplicate. using the and Save as new template.
For field descriptions for the CLI templates, see the Cisco Prime Infrastructure 2.0 Reference Guide.
Variables and Data Types
You can use variables as placeholders to store values. The variables have names and data types. Table 8-1 lists data types that you can configure in the Manage Variables page.
Table 8-1 Data Types
|
|
String |
Enables you to create a text box for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value and Validation Expression fields. |
Integer |
Enables you to create a text box that accepts only numeric value. If you want to specify a range for the integer, click the Expand icon and configure the Range From and To fields. To specify a validation expression and a default value, click the Expand icon and configure the Default Value and Validation Expression fields. |
DB |
Enables you to specify a database type. See the “Managing Database Variables in CLI Templates” section. |
IPv4 Address |
Enables you to create a text box that accepts only IPv4 address for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value and Validation Expression fields. |
Drop-down |
Enables you to create a list box for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value field (with comma separated value for multiple list which appears in the UI). |
Check box |
Enables you to create a check box for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value field. |
Radio Button |
Enables you to create a radio button for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value field. |
Text Area |
Enables you to create a text area which allows multiline values for CLI template. To specify a validation expression and a default value, click the Expand icon and configure the Default Value and Validation Expression fields. |
Managing Database Variables in CLI Templates
You can use database (DB) variables for the following reasons:
- DB variable is one of the data types in CLI templates. You can create DB variables to find the exact device and generate the accurate commands.
- DB variables are pre-defined variables. All other variables are user-defined variables.
- To view the pre-defined DB variables go to the following path.
Cd/opt/CSCOlumos/conf/ifm/template/inventoryTagsInTemplate
Note
You can find the CLITemplateDbVariablesQuery.properties file inside the InventoryTagsInTemplate folder that contains the list of pre-defined DB variables.
- For example, SysObjectID, IPAddress, ProductSeries, ImageVersion are DB variables.When a device is added in to Prime Infrastructure, the complete details of the device is collected in the DB variables. That is, OID of the devices is collected in SysObjeectID, product series in ProductSeries, image versions of the device in ImageVersion and so on.
- Using the data collected by the DB variables, accurate commands can be generated to the device.
- You can select the DB variable in the Type field (using the Managed Variables page). Expand the name field and fill-in default value field with any of the DB variables which you want to use.
- When a device is discovered and added to Prime Infrastructure, you can use the database values that were gathered during the inventory collection to create CLI templates.
For example, if you want to create and deploy a CLI template to shut down all interfaces in a branch, create a CLI template that contains the following commands:
#foreach ($interfaceName in
$interfaceNameList)
where $interfaceNameList is the database variable type whose value will be retrieved from the database. $interfaceNameList has a default value of IntfName. You need to create the interfaceNameList variable as DB data type (using the managed variable dialog box) and add set the default to IntfName. If you have not specified a default value, you can specify it when you deploy the CLI template.
To populate interfaceNameList with the value from the database, you must create a properties file to capture the query string and save it in the /opt/CSCOlumos/conf/ifm/template/inventoryTagsInTemplate folder. This is a sample of a property file called interface.properties:
# for interface name tag->Name
IntfName=select name from EthernetProtocolEndpoint u where owningEntityId =
After you create the CLI template and the property file and deploy the CLI template, the following CLI is configured on the devices. This output assumes the device has two interfaces (Gigabitethernet0/1 and Gigabitethernet0/0):
interface GigabitEthernet0/0
interface GigabitEthernet0/1
Note
Verify that the Enterprise JavaBeans Query Language (EJB QL) specified in the properties file returns a list of strings; or, if a single element is specified, the EJB QL should return a list containing one element.
Using Validation Expression
The values that you define in the Validation Expression are validated with the associated component value at deploy flow. For example, if you enter a default value and a validation expression value in the design flow, this will be validated during the deploy flow. That is, if the default value does not match with the entered value in the validation expression, you will encounter an get error at design flow.
Note
The validation expression value works only for the string data type field.
Example:
Choose CLI > Manage Variables > Add Row. Choose string data type and then click the expand icon and configure the regular expression which will not allow a space in that text box.
Enter the following expression in the validating expression field.
Default value (optional)—ncs
The value should match with regular expression in validation expression field.)
Result:
Save the template, click Deploy, and then select a device. Try to enter a space in the text field. You will encounter a regular expression error.
Adding Multi-line Commands
To enter multi-line commands in the CLI Content area, use the following syntax:
<MLTCMD>First Line of Multiline Command
Second Line of Multiline Command
Last Line of Multiline Command</MLTCMD>
where:
- <MLTCMD> and </MLTCMD> tags are case-sensitive and must be entered as uppercase.
- The multi-line commands must be inserted between the <MLTCMD> and </MLTCMD> tags.
- Do not start this tag with a space.
- Do not use <MLTCMD> and </MLTCMD> in a single line.
Example 1:
<MLTCMD>banner_motd ~ Welcome to
Example 2:
<MLTCMD>banner motd ~ ${message}
where “message” is a multi-line input variable.
Adding Enable Mode Commands
Use this syntax to add enable mode commands to your CLI templates:
Adding Interactive Commands
An interactive command contains the input that must be entered following the execution of a command.
To enter an interactive command in the CLI Content area, use the following syntax:
CLI Command<IQ>interactive question 1<R>command response 1 <IQ>interactive question 2<R>command response 2
where <IQ> and <R> tag are case-sensitive and must be entered as uppercase.
For example:
crypto key generate rsa general-keys <IQ>yes/no<R> no
Combining Interactive Enable Mode Commands
Use this syntax to combine interactive Enable Mode commands:
commands<IQ>interactive question<R>response
For example:
mkdir <IQ>Create directory<R>XXX
Adding Interactive Multiline Commands
This is an example of an interactive command that contains multiple lines:
macro name EgressQoS<IQ>Enter macro<R><MLTCMD>mls qos trust dscp
wrr-queue queue-limit 10 25 10 10 10 10 10
wrr-queue bandwidth 1 25 4 10 10 10 10
priority-queue queue-limit 15
wrr-queue random-detect 1
wrr-queue random-detect 2
wrr-queue random-detect 3
wrr-queue random-detect 4
wrr-queue random-detect 5
wrr-queue random-detect 6
wrr-queue random-detect 7
wrr-queue random-detect max-threshold 1 100 100 100 100
wrr-queue random-detect min-threshold 1 80 100 100 100
wrr-queue random-detect max-threshold 2 100 100 100 100
wrr-queue random-detect min-threshold 2 80 100 100 100
wrr-queue random-detect max-threshold 3 80 90 100 100
wrr-queue random-detect min-threshold 3 70 80 90 100
wrr-queue random-detect min-threshold 4 70 80 90 100
wrr-queue random-detect max-threshold 4 80 90 100 100
wrr-queue random-detect min-threshold 5 70 80 90 100
wrr-queue random-detect max-threshold 5 80 90 100 100
wrr-queue random-detect min-threshold 6 70 80 90 100
wrr-queue random-detect max-threshold 6 80 90 100 100
wrr-queue random-detect min-threshold 7 60 70 80 90
wrr-queue random-detect max-threshold 7 70 80 90 100
Creating CLI Configuration Templates from Copied Code
One quick way to create CLI configuration templates is to copy code from a command line configuration session, CLI script, or other stored set of configuration commands. Prime Infrastructure lets you turn all the CLI parameters in the copied CLI into template variables.
To create a CLI template variable from copied code:
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Expand the CLI Template folder, then click CLI.
Step 3
In the CLI template, paste the copied code into the CLI Content field.
Step 4
Select the text that is to be the variable name and click Manage Variables (the icon above the CLI Content field).
You can use this same procedure to edit an existing variable created from copied code.
Step 5
Fill out the required information, then click Save > Add.
Step 6
To view the new variable, click Form View.
Exporting a CLI Configuration Template
If you have CLI templates in any other Prime Infrastructure server, you can export them as an XML file and import them into your current Prime Infrastructure server.
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Expand the CLI Template folder, then click System Templates - CLI.
Step 3
Select the template(s) that you want to export.
Step 4
Click the Export icon at the top right of the CLI template page.
Importing a CLI Configuration Template
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Expand the CLI Template folder, then hover your mouse cursor over the quick view picker icon next to CLI.
Step 3
Click Show All Templates.
Step 4
Click the Import icon at the top right of the CLI template page.
Step 5
Click Select Templates to navigate to your file, then click OK.
Exporting CLI Variables
You can export the CLI variables into a CSV file while deploying a CLI configuration template. You can use the CSV file to make necessary changes in the variable configuration and import it into Prime Infrastructure at a later time.
Step 1
Choose Deploy > Configuration Tasks.
Step 2
Expand the CLI Template.
Step 3
Select the template that you want to deploy.
Step 4
Select the device whose variables you want to export.
Step 5
Click the Export icon at the top right of the CLI template page.
Step 6
Click OK.
Importing CLI Variables
Step 1
Choose Deploy > Configuration Tasks.
Step 2
Expand the CLI Template.
Step 3
Select the template that you want to deploy.
Step 4
Select the device to which you want to import variables.
Step 5
Click the Import icon at the top right of the CLI template page.
Step 6
Click OK.
Updating Passwords
To comply with SoX (Sound eXchange, a free cross-platform digital audio editor), you might want to update the password for the network devices once every six months. To make the changes in a rolling fashion, you plan to perform the operation once for two regions every three months.
In this example, there are four custom dynamic groups, one for each region based on the cities in every region: North Region, South Region, East Region, and West Region. You must update the enable password for all of the devices in the north and south region. After this is complete, you plan to set another job to occur for the West and East region devices to occur three months later.
Before You Begin
The devices in these regions must have an assigned location attribute.
Step 1
If the four groups, North Region, South Region, East Region, and West Region, have not been created:
a.
Choose Operate > Device Work Center, then mouse-over User Defined and choose Add SubGroup.
b.
In the Create Sub-Group area, enter:
–
Group Name: North Region
–
Group Description: List of devices in the north region
–
Filter: Location > Contains > SJC-N
To determine the location of a device, choose Operate > Device Work Center > (gear icon) > Columns > Location.
The devices for the new group appear under Device Work Center > User Defined > North.
c.
Do the same for south, east, and west regions.
Step 2
To deploy the password template:
a.
Choose Deploy > Configuration Tasks > CLI Templates > System Templates-CLI.
b.
Select the Enable Password-IOS template and click Deploy.
c.
In the Device Selection area, open the User Defined groups and select the North Region and South Region groups.
d.
In the Value Selection area, enter and confirm the new enable password, then click Apply.
e.
In the Schedule area, enter a name for the job, the date and time to deploy the new template (or click Now), then click OK.
Step 3
After the job has run, choose Administration > Jobs Dashboard to view the status of the job (see Monitoring Jobs).
Tagging Templates
You can label a set of templates by providing an intuitive name to tag the templates. Tagging a configuration template helps you:
- Search a template using the tag name in the search field
- Use the tagged template as a reference to configure more devices
- Publish the tagged template and make it ready for deployment
Tagging a New Configuration Template
To tag a new configuration template and publish the tagged template, follow these steps:
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Expand the Features and Technologies folder, choose an appropriate subfolder, and then choose a template type.
Step 3
Complete the required fields, enter a tag name in the Tags field, then click Save as New Template.
Step 4
Click Publish to publish the template, click Deploy and specify the deployment options (see Creating and Deploying Feature-Level Configuration Templates), then click OK.
Tagging an Existing Template
To tag an existing template, follow these steps:
Step 1
Choose Design > Configuration > Feature Design.
Step 2
In the Features and Technologies menu on the left, expand the My Templates folder and choose the template you want to update.
Step 3
Enter a tag name in the Tag as field, then click Save.
Step 4
Click Publish to publish the template, click Deploy and specify the deployment options (see Creating and Deploying Feature-Level Configuration Templates), then click OK.
Associating a Tag With Multiple Templates
You can tag a new tag name or associate an existing tag with multiple templates.
Step 1
Choose Design > Configuration > Feature Design.
Step 2
Click the Tag icon drop-down arrow on the navigation toolbar of the Templates column.
Step 3
Enter a tag name in the Tag as field.
Step 4
In the My Templates folder, click the templates that are to be associated with the tag.
To associate all of the templates in the folder with the tag, select the box beside the My Templates folder.
Then click Apply.
Creating Monitoring Templates
Prime Infrastructure provides several types of monitoring templates.
- Metrics—Use monitoring templates to enable Prime Infrastructure to monitor network device metrics and alert you of changing conditions before the issues impact their operation (see Monitoring Network Device Metrics). For an example of how to create a template that collects metrics, see Example: Creating Health Monitoring Templates.
- NetFlow—You can monitor the different types of NetFlow traffic (see Monitoring NetFlow Traffic).
- Thresholds—Use monitoring templates to define thresholds (see Defining Thresholds). When the thresholds that you specify are reached, Prime Infrastructure issues an alarm. For examples of how to create various types of thresholds, see:
–
Defining Alarm Thresholds
–
Example: Defining Health Monitoring Thresholds
Monitoring Network Device Metrics
Use monitoring templates to monitor network device metrics and alert you of changing conditions before the issues impact their operation.
Step 1
Choose Design > Configuration > Monitor Configuration.
Step 2
Expand the Features menu on the left and choose Metrics, then click one of the types of metrics.
Step 3
Complete the required fields, click Save, then click Save As New Template.
Step 4
You can now deploy the template (see Deploying Monitor Configuration Templates).
Example: Creating Health Monitoring Templates
You can use health monitoring templates to enable Prime Infrastructure to monitor network device metrics such as CPU and memory utilization statistics and alert you of changing conditions before they impact operations.
To create a health monitoring template, follow these steps:
Step 1
Choose Design > Configuration > Monitor Configuration.
Step 2
Expand the Features menu on the left and choose Metrics; then click Device Health or Interface Health.
Step 3
Complete the required fields. For information about the field descriptions, see the Cisco Prime Infrastructure 2.0 Reference Guide.
Step 4
Choose Interface Health > Metric Parameters and select the parameters you want to monitor. To modify a parameter setting, click the parameter name, description, or polling frequency value and change the field, then click Save.
Step 5
Click Save as New Template, then deploy the template (see Deploying Monitor Configuration Templates).
Monitoring NetFlow Traffic
Use NetFlow monitoring templates to monitor NetFlow traffic.
Step 1
Choose Design > Configuration > Monitor Configuration.
Step 2
Expand the Features menu on the left and choose NetFlow, then click one of the types of NetFlow traffic.
Step 3
Complete the required fields, click Save, then click Save As New Template.
Step 4
You can now deploy the template (see Deploying Monitor Configuration Templates).
Defining Thresholds
Use monitoring templates to define thresholds. When the thresholds you specify are reached, Prime Infrastructure issues an alarm.
Step 1
Choose Design > Configuration > Monitor Configuration.
Step 2
Expand the Features menu on the left and choose Threshold.
Step 3
Complete the basic template fields.
Step 4
Under the Feature Category, choose one of the available metrics.
Step 5
Under Metric Parameters, choose the threshold setting that you want to change, then click Edit Threshold Setting. Enter a new value, choose the alarm severity when the threshold is met or exceeded, and click Done.
Step 6
Click Save as New Template.
Step 7
You can now deploy the template (see Deploying Monitor Configuration Templates).
Example: Defining Health Monitoring Thresholds
Use monitoring templates to define thresholds. When the thresholds you specify are reached, Prime Infrastructure issues an alarm.
Before You Begin
Before you can define health-monitoring threshold values:
1.
Choose Design > Monitoring Configuration > Features > Metrics.
2.
Create an Interface Health Monitoring template.
To define monitoring thresholds, follow these steps:
Step 1
Choose Design > Configuration > Monitor Configuration.
Step 2
Expand the Features menu on the left and choose Threshold.
Step 3
Complete the required fields. For information about the field descriptions, see the Cisco Prime Infrastructure 2.0 Reference Guide.
Step 4
In the Metric Parameters area, select the parameter for the threshold that you want to change, then click Edit Threshold Setting. The list of parameters displayed corresponds to the parameters that were included when the monitoring template was created; if you are using a default template, all available parameters are displayed.
Step 5
Enter a new value and choose the alarm severity for the threshold, then click Done.
Step 6
Click Save as New Template, then deploy the template (see Deploying Monitor Configuration Templates).
Table 8-2 Monitoring Template Threshold Parameters
|
|
Feature Category |
Choose one of the available metrics. In this example, choose either:
- Device Health—Allows you to change threshold values for CPU utilization, memory pool utilization, and environment temperature.
- Interface Health—Allows you to change threshold values for the number of outbound packets that are discarded.
|
Template Instance |
Select a default template or a previously created template. Note If there is no default template for the Feature Category you selected, then before you can define threshold values you must create the necessary template under Design > Configuration > Monitor Configuration > Features > Metrics. |
Type |
Select the type of metric. This list is auto-populated based on the selected Feature Category. |
Health Monitoring Template Metrics
Prime Infrastructure polls SNMP objects to gather monitoring information for the following health monitoring templates under Design > Configuration > Monitor Configuration > Features > Metrics:
- Device Health— Table 8-3 describes the device health parameters that are polled.
- Interface Health— Table 8-4 describes the interface parameters that are polled.
- Class Based Quality of Service— Table 8-5 describes the QoS parameters that are polled.
For the following monitoring templates that provide assurance information, data is collected through NetFlow or NAMs:
- Application
- NAM Health
- Traffic Analysis
- Voice Video Data
- Voice Video Signaling
Table 8-3 Device Health Monitoring Metrics
|
|
|
|
Device Availability |
All SNMP devices |
SNMPv2-MIB |
sysUpTime |
CPU Utilization |
Cisco IOS devices, Cisco Nexus 7000 Series |
CISCO-PROCESS-MIB |
cpmCPUTotalPhysicalIndex cpmCPUTotal1minRev |
Memory Pool Utilization |
Cisco IOS devices |
CISCO-MEMORY-POOL-MIB ciscoMemoryPoolUsed / (ciscoMemoryPoolUsed + ciscoMemoryPoolFree)) * 100 |
ciscoMemoryPoolName ciscoMemoryPoolType ciscoMemoryPoolUsed ciscoMemoryPoolFree |
Cisco Nexus 7000 Series |
CISCO-MEMORY-POOL-MIB (cempMemPoolUsed / (cempMemPoolUsed + cempMemPoolFree)) * 100 |
Env Temp |
ASR, Cisco Nexus 7000 Series |
CISCO-ENVMON-MIB |
entSensorValue |
Catalyst 2000, 3000, 4000, 6000, ISR |
CISCO-ENVMON-MIB |
ciscoEnvMonTemperatureStatusValue |
Largest Free Buffer Percentage |
Cisco IOS devices |
CISCO-MEMORY-POOL-MIB |
ciscoMemoryPoolLargestFree ciscoMemoryPoolFree |
Total Number of Buffer Misses |
Cisco IOS devices |
OLD-CISCO-MEMORY-MIB |
bufferSmHit, bufferMdHit, bufferBgHit, bufferLgHit, bufferHgHit, bufferSmMiss, bufferMdMiss, bufferBgMiss, bufferLgMiss, bufferHgMiss |
Table 8-4 Interface Health Monitoring Metrics
|
|
|
|
Interface Availability |
Cisco IOS devices, Cisco Nexus 7000 Series |
IF-MIB |
ifOperStatus ifOutOctets ifHighSpeed ifInOctets if InErrors ifOutErrors ifInDiscards ifOutDiscards |
Input Broadcast Packet Percentage |
Cisco IOS devices |
IF-MIB, Old-CISCO-Interface-MIB |
ifHCInBroadcastPkts, ifHCInMulticastPkts, ifInErrors, ifInDiscards, ifInUnknownProtos ifHCInBroadcastPkts, ifHCInMulticastPkts |
Input Queue Drop Percentage |
Cisco IOS devices |
IF-MIB, Old-CISCO-Interface-MIB |
ifHCInBroadcastPkts, ifHCInMulticastPkts, ifHCInUcastPkts, ifInDiscards, ifInUnknownProtos, locIfInputQueueDrops |
Output Queue Drop Percentage |
Cisco IOS devices |
IF-MIB, Old-CISCO-Interface-MIB |
ifHCOutBroadcastPkts, ifHCOutMulticastPkts, ifHCOutUcastPkts, ifOutDiscards, ifOutUnknownProtos, locIfOutputQueueDrops |
Table 8-5 Class-Based, QoS, Health-Monitoring Metrics
|
|
|
|
QOS calculation |
Cisco IOS devices |
CISCO-CLASS-BASED-QOS-MIB |
cbQosCMDropByte64 cbQosCMPostPolicyByte64 cbQosCMPrePolicyByte64 |
Deploying Monitor Configuration Templates
Step 1
Choose Deploy > Configuration Deployment > Monitoring Deployment.
Step 2
Find the template you created and click Deploy, then click OK.
Creating Controller Configuration Groups
By creating a configuration group, you can group controllers that should have the same mobility group name and similar configuration. You can assign templates to the group and push templates to all the controllers in a group. You can add, delete, or remove configuration groups, and download software, IDS signatures, or a customized web authentication page to controllers in the selected configuration groups. You can also save the current configuration to nonvolatile (flash) memory to controllers in selected configuration groups.
Note
A controller cannot be a member of more than one mobility group. Adding a controller to one mobility group removes that controller from any other mobility group to which it is already a member.
By choosing Design > Configuration > Wireless Configuration > Controller Configuration Groups, you can view a summary of all configuration groups in the Prime Infrastructure database. Choose Add Configuration Groups from the Select a command drop-down list to display a table with the following columns:
- Group Name—Name of the configuration group.
- Templates—Number of templates applied to the configuration group.
Creating a New Configuration Group
To create a configuration group, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
From the Select a command drop-down list, choose Add Config Group, then click Go.
Step 3
Enter the new configuration group name. It must be unique across all groups.
- If Enable Background Audit is selected, the network and controller audits occur for this configuration group.
Note
If the Enable Background Audit option is chosen, the network and controller audit is performed on this configuration group.
- If Enable Enforcement is selected, the templates are automatically applied during the audit if any discrepancies are found.
Step 4
Other templates created in Prime Infrastructure can be assigned to a configuration group. The same WLAN template can be assigned to more than one configuration group. Choose from the following:
- Select and add later—Click to add a template at a later time.
- Copy templates from a controller—Click to copy templates from another controller. Choose a controller from a list of current controllers to copy its applied template to the new configuration group. Only the templates are copied.
Note
The order of the templates is important when dealing with radio templates. For example, if the template list includes radio templates that require the radio network to be disabled prior to applying the radio parameters, the template to disable the radio network must be added to the template first.
Step 5
Click Save. The Config Groups page appears.
After you create a configuration group, Prime Infrastructure allows you to choose and configure multiple controllers by choosing the template that you want to push to the group of controllers.
- General—Allows you to enable mobility group.
To enable the Background Audit option, set template-based audit in Administration > System > Audit Settings.
Adding or Removing Controllers from a Configuration Group
To add or remove controllers from a configuration group, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
Click a group name in the Group Name column, then click the Audit tab.
The columns in the table display the IP address of the controller, the configuration group name the controller belongs to, and the mobility group name of the controller.
Step 3
Click to highlight the row of the controller that you want to add to the group, then click Add.
Note
If you want to remove a controller from the group, highlight the controller in the Group Controllers area and click Remove.
Step 4
Click the Apply/Schedule tab, click Apply to add or remove the controllers to the configuration groups, then click Save Selection.
Note
You cannot add or configure Cisco Catalyst 3850 Series Switches or Cisco 5700 Series Wireless LAN Controllers using the Classic view. To add or configure these devices, use the Lifecycle view.
Configuring Multiple Country Codes
You can configure one or more countries on a controller. After countries are configured on a controller, the corresponding 802.11a/n DCA channels are available for selection. At least one DCA channel must be selected for the 802.11a/n network. When the country codes are changed, the DCA channels are automatically changed in coordination.
Note
802.11a/n and 802.11b/n networks for controllers and access points must be disabled before configuring a country on a controller. To disable 802.11a/n or 802.11b/n networks, choose Configure > Controllers, select the desired controller that you want to disable, choose 802.11a/n or 802.11b/g/n from the left sidebar menu, and then choose Parameters. The Network Status is the first check box.
To add multiple controllers that are defined in a configuration group and then set the DCA channels, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
From the Select a command drop-down list, choose Add Config Groups, then click Go.
Step 3
Create a configuration group by entering the group name and mobility group name.
Step 4
Click Save, then click the Controllers tab.
Step 5
Highlight the controllers that you want to add, and click Add. The controller is added to the Group Controllers page.
Step 6
Click the Country/DCA tab. The Country/DCA page appears. Dynamic Channel Allocation (DCA) automatically selects a reasonably good channel allocation amongst a set of managed devices connected to the controller.
Step 7
Select the Update Country/DCA check box to display a list of countries from which to choose.
Step 8
Those DCA channels that are currently configured on the controller for the same mobility group are displayed in the Select Country Codes page. The corresponding 802.11a/n and 802.11b/n allowable channels for the chosen country is displayed as well. You can add or delete any channels in the list by selecting or deselecting the channel and clicking Save Selection.
Note
A minimum of 1 and a maximum of 20 countries can be configured for a controller.
Applying or Scheduling Configuration Groups
The scheduling function allows you to schedule a start day and time for provisioning.
To apply the mobility groups, mobility members, and templates to all of the controllers in a configuration group, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
Click a group name in the Group Name column, then choose the Apply/Schedule tab.
Step 3
Click Apply to start the provisioning of mobility groups, mobility members, and templates to all of the controllers in the configuration group. After you apply, you can leave this page or log out of Prime Infrastructure. The process continues, and you can return later to this page to view a report.
Note
Do not perform any other configuration group functions during the apply provisioning.
A report is generated and appears in the Recent Apply Report page. It shows which mobility groups, mobility members, or templates were successfully applied to each of the controllers.
Step 4
Enter a starting date in the text box or use the calendar icon to choose a start date.
Step 5
Choose the starting time using the hours and minutes drop-down lists.
Step 6
Click Schedule to start the provisioning at the scheduled time.
Auditing Configuration Groups
The Config Groups Audit page allows you to verify if the configuration complies of the controller with the group templates and mobility group. During the audit, you can leave this window or log out of Prime Infrastructure. The process continues, and you can return to this page later to view a report.
Do not perform any other configuration group functions during the audit verification.
To perform a configuration group audit, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
Click a group name in the Group Name column, then click the Audit tab.
Step 3
Click to highlight a controller on the Controllers tab, choose >> (Add), and Save Selection.
Step 4
Click to highlight a template on the Templates tab, choose >> (Add), and Save Selection.
Step 5
Click Audit to begin the auditing process.
A report is generated and the current configuration on each controller is compared with that in the configuration group templates. The report displays the audit status, the number of templates in sync, and the number of templates out of sync.
Note
This audit does not enforce Prime Infrastructure configuration to the device. It only identifies the discrepancies.
Step 6
Click Details to view the Controller Audit report details.
Step 7
Double-click a line item to open the Attribute Differences page. This page displays the attribute, its value in Prime Infrastructure, and its value in the controller.
Note
Click Retain Prime Infrastructure Value to push all attributes in the Attribute Differences page to the device.
Step 8
Click Close to return to the Controller Audit Report page.
Rebooting Configuration Groups
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
Click a group name in the Group Name column, then click the Reboot tab.
Step 3
Select the Cascade Reboot check box if you want to reboot one controller at a time, waiting for that controller to come up before rebooting the next controller.
Step 4
Click Reboot to reboot all controllers in the configuration group at the same time. During the reboot, you can leave this page or log out of Prime Infrastructure. The process continues, and you can return later to this page and view a report.
The Recent Reboot Report page shows when each controller was rebooted and what the controller status is after the reboot. If Prime Infrastructure is unable to reboot the controller, a failure is shown.
Retrieving Configuration Group Reports
To display all recently applied reports under a specified group name, follow these steps:
Step 1
Choose Design > Configuration > Wireless Configuration > Controller Configuration Groups.
Step 2
Click a group name in the Group Name column, then click the Report tab. The Recent Apply Report page displays all recently applied reports including the apply status, the date and time the apply was initiated, and the number of templates. The following information is provided for each individual IP address:
- Apply Status—Indicates success, partial success, failure, or not initiated.
- Successful Templates—Indicates the number of successful templates associated with the applicable IP address.
- Failures—Indicates the number of failures with the provisioning of mobility group, mobility members, and templates to the applicable controller.
- Details—Click Details to view the individual failures and associated error messages.
Step 3
If you want to view the scheduled task reports, click the click here link at the bottom of the page.
Creating wIPS Profiles
Prime Infrastructure provides several predefined profiles from which to choose. These profiles (based on customer types, building types, industry types, and so on) allow you to quickly activate the additional wireless threat protection available through Cisco Adaptive wIPS. You can use a profile ‘as is’ or customize it to better meet your needs.
Predefined profiles include:
- Education
- EnterpriseBest
- EnterpriseRogue
- Financial
- HealthCare
- HotSpotOpen
- Hotspot8021x
- Military
- Retail
- Tradeshow
- Warehouse
The wIPS Profiles > Profile List page allows you to view, edit, apply, or delete current wIPS profiles and to add new profiles. The Profile List provides the following information for each profile:
- Profile Name —Indicates the user-defined name for the current profile. Click the profile name to view or edit profile details.
Note
Hover your mouse cursor over the profile name to view the Profile ID and version.
- MSE(s) Applied To —Indicates the number of mobility services engines (MSEs) to which this profile is applied. Click the MSE number to view profile assignment details.
- Controller(s) Applied To —Indicates the number of controllers to which this profile is applied. Click the controller number to view profile assignment details.
To create a wIPS profile, follow these steps:
Step 1
Select Design > Configuration > Wireless Configuration > wIPS Profiles.
Step 2
From the Select a command drop-down list, choose Add Profile, then click Go.
Step 3
Enter a profile name in the Profile Name text box of the Profile Parameters page.
Step 4
Select the applicable pre-defined profile, or choose Default from the drop-down list.
Step 5
Choose Save > Next.
Note
When you select Save, the profile is saved to the Prime Infrastructure database with no changes and no mobility services engine or controller assignments. The profile appears in the profile list.
Step 6
To edit and delete current groups or add a new group:
a.
From the Select a command drop-down list on the SSID Group List page, choose Add Group or Add Groups from Global List, then click Go.
b.
Enter the group name and one or more SSID groups, then click Save.
Step 7
To determine which policies are included in the current profile, choose Profile Configuration. The check boxes in the policy tree (located in the left Select Policy pane) indicate which policies are enabled or disabled in the current profile. Using this page, you can:
- Enable or disable an entire branch or an individual policy by selecting or unselecting the check box for the applicable branch or policy.
Note
By default, all policies are selected.
- Click an individual policy to display the policy description. Use the Policy Rules page add, edit, delete, and reorder the current policy rule settings.
Note
There must be at least one policy rule in place. You cannot delete a policy rule if it is the only one in the list.
Note
If the profile is already applied to a controller, it cannot be deleted.
- Configure the following settings:
–
Threshold (not applicable to all policies)—Indicates the threshold or upper limit associated with the selected policy. Because every policy must contain at least one threshold, default thresholds are defined for each based on standard wireless network issues. Threshold options vary based on the selected policy.
When the threshold is reached for a policy, an alarm is triggered. Alarms from Cisco Adaptive wIPS DoS and security penetration attacks are classified as security alarms. A summary of these attacks is located in the Security Summary page; choose Monitor > Security to access this page. The wIPS attacks are located in the Threats and Attacks section.
–
Severity—Indicates the level of severity of the selected policy. Parameters include critical, major, info, and warning. The value of this field might vary depending on the wireless network.
–
Notification—Indicates the type of notification associated with the threshold.
–
ACL/SSID Group—Indicates the ACL or SSID Group(s) to which this threshold is be applied.
Note Only selected groups trigger the policy.
Step 8
When the profile configuration is complete, select Next to proceed to the MSE/Controller(s) page.
Step 9
In the Apply Profile page, select the mobility services engine and controller(s) to which you want to apply the current profile, then click Apply to apply the current profile to the selected mobility services engine/controller(s).
Note
You can also apply a profile directly from the profile list. From the Profile List page, select the profile that you want to apply and click Apply Profile from the Select a command drop-down list. Then click Go to access the Apply Profile page.
Creating Custom SNMP Polling Templates
You can design custom SNMP polling templates to monitor third-party or Cisco devices and device groups. Using this feature, you can:
- Upload the SNMP MIB for the device type, then choose devices and attributes to poll and the polling frequency.
- Upload a single MIB definition file, or a group of MIBs with their dependencies as a ZIP file.
- Deploy the custom SNMP polling template the same way as other monitoring templates.
- Display the results as a line chart or a table.
This feature enables you to easily repeat polling for the same devices and attributes, and can be used to customize the way Cisco devices are polled using SNMP.
You can create a maximum of 25 custom SNMP polling templates.
To create a custom SNMP polling template, follow these steps:
Step 1
Choose Design > Configuration > Custom SNMP Templates.
Step 2
Click the Basic tab and enter the required information. When specifying MIB information:
- Specify a filename extension only if you are uploading a ZIP file.
- If you are uploading a ZIP file, ensure that all dependent MIB files are either included in the ZIP or already present in the system.
- Ensure your upload file and the MIB definition have the same name (for example: Do not rename the ARUBA-MGMT-MIB definition file to ARUBA_MGMT). If you are uploading a ZIP file, you may name it as you please, but the MIB files packaged inside it must also follow this convention (for example: MyMibs.zip is acceptable, as long as all MIB files in the ZIP match their MIB names).
Step 3
Click Save.
Step 4
Specify the polling parameters for your new template:
a.
On the Monitor Configuration Templates page, expand the Features menu, choose Custom SNMP, and select your new custom SNMP template.
b.
Complete the basic template fields, then select a polling frequency, then click Save as New Template.
Step 5
To deploy the template:
a.
Choose Deploy > Configuration Deployment > Monitoring Deployment. Find the template you created and click Deploy.
b.
Check the boxes for the devices to which you want to deploy this template, then click Submit.
Step 6
To view the SNMP polling data, create a generic dashlet (see Creating Generic Dashlets) using the name of the template that you created in Step 4.
Note
To view the SNMP polling date for ASR device, you should use the show platform hardware qfp active datapath utilization | inc Processing command for CPU utilization and show platform hardware qfp active infrastructure exmem statistics | sec DRAM command for memory utilization.