Monitor > Managed Elements
menu provides tools to help you monitor your network on a daily basis, as well as perform other day-to-day or ad hoc operations relating to network device inventory and configuration management.
Monitoring Network Devices
Monitor > Managed Elements > Network Devices
to view the list of devices that have been added to Prime Infrastructure. You can also add, edit, synchronize, and group devices.
Network Devices Page
describes the information that is displayed when you select
Monitor > Managed Elements > Network Devices
to view the list of devices that have been added to Prime Infrastructure. You can sort the table by clicking on any cell heading.
Note When you launch the Cisco WLC UI from the Monitor > Managed Elements > Network Devices page in Cisco Prime Infrastructure UI, HTTPS connection opens for the Cisco WLC. If you want to use any other protocol to open the Cisco WLC UI session, you must launch it from the Device 360 view > Action > Connect to Device page and select the protocol that you want to open the Cisco WLC with.
Table 8-1 Network Devices Page Description
Device details such as software version, port information, CPU and memory utilization
Click on a Device Name.
Device 360 view
Click the icon in the IP Address field.
Collection status details
Click the icon in the Last Inventory Collection column.
Use the Jobs dashboard to:
View all running and completed jobs and corresponding job details
Filter jobs to view the specific jobs in which you are interested
View details of the most recently submitted job
View job execution results
Modify jobs, including deleting, editing, running, canceling, pausing, and resuming jobs
Prime Infrastructure can have a maximum of 25 jobs running concurrently. If a new job is created while 25 jobs are already running, the new job state is “scheduled” until a job completes and the new job can start. If a new job’s scheduled time has already passed before it could be started, the new job will not run and you’ll need to reschedule or start it when less than 25 jobs are running.
To monitor jobs, follow these steps:
Step 1 Choose
Administration > Dashboards > Job Dashboard
Step 2 Click a job, then perform any of the following actions:
to start the currently scheduled job immediately. If a job has the status “failed,” click
to resubmit the same job, which creates a new scheduled job with the same parameters as the previous job. Only the failed and partially successful devices within the job will be selected for retry.
to stop a discovery job currently in progress and return it to its scheduled state. You cannot abort all jobs. For example, you receive an error message if you try to abort a running configuration job.
to delete any future scheduled jobs for the job you specified. If a job is currently running, it will complete.
Step 3 To view information on when the job was created, started or scheduled and its history, select a job to view the Job Detail View page. Hover the mouse over the Status column of the specific job to view the troubleshooting information for a failed job.
When a minute job is scheduled to run recursively, the first trigger of the job falls on nth minute of the hour, as divided by the quartz scheduler, and successive runs will be placed as per the schedule. For example, if you have given the start time as 12:02:00 and you want the job to run every 3 minutes, then the job will be executed at 12:03 (in a minute), with the next recurrence at 12:06, 12:09, and so on. Another example, if you have given the start time as 12:00:00 and you want the job to run every 3 minutes, then the job will be executed at 12:00 (without any delay), with the next recurrence at 12:03, 12:06, and so on.
Monitoring Background Tasks
A background task is a scheduled program running in the background with no visible pages or other user interfaces. In Prime Infrastructure, background tasks can be anything from data collection to backing up configurations. You can monitor background tasks to see which background tasks are running, check their schedules, and find out whether the task was successfully completed.
To monitor the background tasks, follow these steps:
Step 1 Choose Administration > Settings > Background Tasks to view scheduled tasks. The Background Tasks page appears.
Choose a command
from the drop-down list:
—Runs all of the data sets with a selected check box.
—Enables the data set to run on its scheduled interval.
—Prevents the data set from running on its scheduled interval.
Using Packet Capture to Monitor and Troubleshoot Network Traffic
In addition to aggregating data from multiple NAMs, Prime Infrastructure features makes it easy to actively manage and troubleshoot network problems using multiple NAMs and ASRs.
Note This feature is supported for NAMs and ASRs. For more information on minimum Cisco IOS XE version supported on ASRs, see the Cisco ASR 1000 Series Aggregation Services Routers Release Notes.
In the following workflow, a network operator needs to troubleshoot a set of similar authentication violations taking place at multiple branches. Because the operator suspects that the authentication problems are due to a network attack in progress, the operator runs the Packet Capture feature against the NAMs or ASRs for each branch, then runs the Packet Decoder to inspect the suspicious traffic.
Step 1 Create a capture session definition:
Monitor > Tools > Packet Capture
, then click
to create a new capture session definition.
b. Complete the
section as needed. Give the session definition a unique name and specify how you want to file the captured data. To capture the full packet, enter 0 in the Packet Slice Size.
c. If you want to restrict the captured traffic to particular source or destination IPs, VLANs, applications, or ports, click
in the Software Filters section and create filters as needed. If you do not create a software filter, it captures everything.
d. In the
area, you can select:
– A NAM and its data ports. You can create one capture session per NAM only, whether the capture session is running or not.
– An ASR and its interfaces.
Create and Start All Sessions
Prime Infrastructure saves the new session definition, then runs separate capture sessions on each of the devices you specified. It stores the sessions as files on the device and displays the list of packet capture files in the
Step 2 To decode a packet capture file:
Monitor > Tools > Packet Capture.
b. Select a PCAP file in a NAM or ASR device.
to copy the PCAP file to the PI server (the decode operation only runs on files in the PI server).
to confirm that the copy job completed successfully.
e. Open the localhost folder, select the check box for the new capture file, then click
. The decoded data appears in the bottom pane.
f. A TCP Stream displays the data as the application layer sees it. To view the TCP Stream for a decoded file, select a TCP packet from the Packet List, then click
. You can view the data as ASCII text or in a HEX dump.
Step 3 To run a packet capture session again, select the session definition in the
area and click
Securing Network Services
Cisco TrustSec Identity-Based Networking Services (IBNS) is an integrated solution consisting of Cisco products that offer authentication, access control, and user policies to secure network connectivity and resources. Cisco TrustSec IBNS help enterprises to increase productivity and visibility, reduce operating costs, and enforce policy compliance.
In Prime Infrastructure, the TrustSec network service design enables you to choose preferred options for provisioning configurations to TrustSec-capable devices to enable 802.1X and other TrustSec functionality. You can configure wired 802_1x devices by creating TrustSec model-based configuration templates and choosing any one of the following navigation paths:
Services > Network Services > TrustSec
Configuration > Templates > Features & Technologies > Security > TrustSec > Wired 802_1x
Note that for Catalyst 6000 devices:
Security violation as protect is not available for Catalyst 6000 supervisor devices.
Security violation as replace is available in Cisco IOS Release 15.1(01)SY and later.
is not available for Catalyst 6500 supervisor 2T devices.
The MACsec support is available only for 3560-X series and 3750-X series devices with minimum supported image version “12.2.55SE3/15.0(1)SE2”.
Note For the TrustSec 2.0 platform support list, see the Cisco TrustSec 2.0 Product Bulletin.
For more details about configuring TrustSec model-based configuration templates, see Creating Feature-Level Configuration Templates.
Generating a TrustSec Readiness Assessment Report
TrustSec Readiness Assessment displays TrustSec-based device details such as TrustSec version, readiness category, readiness device count, and device percentage displayed in the pie chart.
To generate a TrustSec Readiness Assessment report, follow these steps:
Step 1 Choose
Services > Network Services > TrustSec.
Step 2 Expand the Features-TrustSec folder, then click
A pie chart appears with the following types of devices:
TrustSec Limited Compatibility Devices
TrustSec Capable Devices
TrustSec Hardware Incapable Devices
TrustSec Software Incapable Devices
Step 3 Click
and click any of the pie chart slices to view the details of the selected TrustSec-based device type.
Step 4 Click
to view the details of all TrustSec-based devices.
Step 5 Select the TrustSec version and click
to export the readiness assessment details to a CSV file.