Prime Infrastructure 3.1.3 supports token-based licensing model for Lifecycle and Assurance licenses. The license consumption is based on token weight per device type. For example, if you add a ASR 1001 device having token weight 3, the Lifecycle license/tokens consumed for managing the device is 3.
Due to this token-based licensing, a Prime Infrastructure instance consumes more tokens than what were consumed before. To avoid this overhead to the existing customers, Prime Infrastructure 3.1.3 supports generation of a one-time grandfathered license file for managing the existing devices without the need to buy additional licenses. This special privilege is provided to the existing customers as a one-time activity upon installation of Prime Infrastructure 3.1.3 update.
The grandfathered license file is a permanent license file and can be added/downloaded like other license files.
The grandfathered license file is encrypted and is not node locked.
The grandfathered Assurance tokens are valid only when 2.x Assurance permanent licenses are available.
A maximum of five grandfathered files can be added.
To Avail the Grandfathered License Support
Ensure whether Traditional licensing is enabled.
– Go to Administration > Licenses and Software Updates > Smart Software Licensing.
– Choose Traditional Licensing.
– Check whether the Register button is disabled to confirm the selection of Traditional Licensing.
Ensure 2.x permanent licenses are added.
Only 20,000 grandfathered tokens can be generated per Prime Infrastructure instance.
Assurance tokens will be generated only when 2.x Assurance permanent licenses are added on a Prime Infrastructure instance before applying Prime Infrastructure 3.1.3.
The number of grandfathered Assurance tokens generated is same as the number of grandfathered Lifecycle tokens.
After installing Prime Infrastructure 3.1.3, you can check the token consumption per device type in the T raditional Licensing Dashlet under Administration > Dashboard > Licensing Dashboard.
Before You Begin Installing the Maintenance Release
CautionOnce you install this maintenance release, you cannot un-install or remove it.
Since the maintenance release is not removable, it is important to have a way to revert your system to the original version in case hardware or software problems cause the maintenance release installation to fail.
To ensure you can do this, take a backup of your system before downloading and installing this UBF maintenance release.
To restore the backup of the Prime Infrastructure 3.1 installation, follow these steps:
1. Reinstall Prime Infrastructure 3.1 from an OVA or ISO distribution.
2. Restore the data from the backup that you made before applying the maintenance release 3.1.3
Similarly, if you are running Prime Infrastructure 3.1 in a Virtual Machine (VM) and your organization permits taking VM snapshots, stop Prime Infrastructure and use the VMware client to take a VM snapshot before applying this maintenance release. Store the snapshot in an external storage repository, and restore from the snapshot if the maintenance release installation is unsuccessful.
Step 4 Log in with your cisco.com credentials and click Yes or No in the Remember Credentials pop-up dialogue box.
Step 5 Click Show Details in the Critical Fixes pane to view the updates.
Step 6 Click Download corresponding to the Prime Infrastructure 3.1.3 Maintenance Release file name PI_3_1_3-1.0.16.ubf.
Step 7 Click Install to install the maintenance release.
Step 8 Click Yes in the popup dialogue box to install Cisco Prime Infrastructure 3.1.3. The Cisco Prime Infrastructure server will restart automatically.It may take approximately 25 to 35 minutes for the installation process to complete.
Step 9 You can verify the maintenance release installation from Prime Infrastructure Login under Critical Fixes by clicking View Installed Updates and also by logging into the server and choosing Administration > Software Update. You should see a listing for the maintenance release in the Updates tab, with Installed in the Status column.
Note Applying Prime Infrastructure 3.1.3 over Prime Infrastructure 3.1 takes more time than applying Prime Infrastructure 3.1.3 Maintenance Release UBF over Prime Infrastructure 3.1.1 or 3.1.2
Installing the Maintenance Release from Local Storage
Step 4 Click Upload and browse to the location where you have saved the maintenance release file. Click OK to upload the file.
Step 5 In the Status of Updates pane, click the Files tab and check whether PI_3_1_3-1.0.16.ubf is listed under FileName column.
Step 6 In the Critical Fixes pane, click Install.
Step 7 Click Yes in the popup dialogue box to install Cisco Prime Infrastructure 3.1.3. The Cisco Prime Infrastructure server will restart automatically.It may take approximately 25 to 35 minutes for the installation process to complete.
Step 8 You can verify the maintenance release installation from Prime Infrastructure Login under Critical Fixes by clicking View Installed Updates and also by logging into the server and choosing Administration > Software Update. You should see a listing for the maintenance release in the Updates tab, with Installed in the Status column.
Note Applying Prime Infrastructure 3.1.3 over Prime Infrastructure 3.1 takes more time than applying Prime Infrastructure 3.1.3 Maintenance Release UBF over Prime Infrastructure 3.1.1 or 3.1.2.
Installing the Maintenance Release in High Availability Mode
Note Prime Infrastructure 3.1.3 can be applied only in primary and secondary standalone servers. The server will restart automatically once the installation is complete. The restart typically takes 25 to 35 minutes. You cannot apply Prime Infrastructure 3.1.3 when HA is enabled.
If you are installing Cisco Prime Infrastructure Maintenance Release 3.1.3 on High Availability (HA) paired servers, you will get the following error message:
Troubleshooting Maintenance Release Installs in High Availability Implementations
If you are unable to apply this maintenance release in a High Availability (HA) implementation, check whether your network bandwidth, throughput and latency meets the network requirements recommended in Network Throughput Restrictions on HA section in the Cisco Prime Infrastructure 3.1.3 Administration Guide. In a few cases, continued or intermittent throughput problems can cause a complete failure. If you believe this has occurred, contact Cisco TAC for support.
If you are unable to verify that this maintenance release has been successfully installed on a Prime Infrastructure server, or one or both of the servers fails to restart properly after installing the maintenance release, you may need to re-image the server as explained in Before You Begin Installing the Maintenance Release before continuing.
In all cases, you can use the backup-logs command on one or both servers to get information on the source of the failure. For more information, see the backup-logs section in the Command Reference Guide for Cisco Prime Infrastructure 3.1.
Migrating from Previous Releases of Cisco Prime Infrastructure
You can restore the backup from following Prime Infrastructure versions to Prime Infrastructure 3.1.3:
Cisco Prime Infrastructure 18.104.22.168
Cisco Prime Infrastructure 3.0.1
Cisco Prime Infrastructure 3.0.2
Cisco Prime Infrastructure 3.0.3
Cisco Prime Infrastructure 22.214.171.124.132
Cisco Prime Infrastructure 3.1.1
Cisco Prime Infrastructure 3.1.2
If you are running multiple previous releases of Prime Infrastructure (for example, you are running version 126.96.36.199 and 3.0.1, 3.0.2, 3.0.3, 188.8.131.52.132), you must select one version from which to restore data.
You can apply the Cisco Prime Infrastructure 3.1.3 over Cisco Prime Infrastructure 3.1 upgraded server. For detailed information about upgrading from previous releases of Prime Infrastructure, including the list of versions from which you can upgrade, see the If You Are U pgrading From Previous Releases of Prime Infrastructure section of the Cisco Prime Infrastructure 3.1 Quick Start Guide.
Your feedback will help us improve the quality of our product. To send your feedback, follow these steps:
Step 1 Choose Administration > System Settings > Mail Server Configuration.
Step 2 In the Mail Server Configuration, enter the mail server details.
Step 3 Click Save to save the configuration settings.
Step 4 Choose Help > Help Us Improve Cisco Products.
Step 5 In the Help Us Improve Cisco Products, select the Yes, collect data periodically (monthly) option.
The Access Network workflow in Cisco Prime Infrastructure automates the access switch deployment in routed access networks in enterprise branch or campus networks for green field network deployment.
The Access Network workflow automates the following tasks:
Simultaneous multiple access switch configuration
Provisioning Access Ports
Deploys applicable Cisco Best Practice configurations
Branch Threat Defense
Cisco Branch Threat Defense is a router security technology that strengthens protection and saves time and money without having to deploy multiple-point security products. This technology mitigates security vulnerabilities in branch offices with direct Internet connections that bypass your data center, and encrypt communication between enterprise branches, headquarters, and data centers.
LISP interface health monitoring - Monitors the LISP interfaces that are added under Inventory > Group Management > Port Groups based on the interface statistics and QoS statistics.
You can monitor LISP using MIBs and view the polled data in the Device Lisp Map Cache Entries dashlet under Device dashboard and in the Top N Lisp Map Cache Entries dashlet under the Network Devices dashboard.
Configuration Archive Enhancements
This release includes a new System Job “Device Config Backup-External” for transferring the device configuration data to external repository. The configuration data are transferred in two ways:
Incremental transfer— Transfers the data available from the last backup till 15 minutes before the scheduled time.
Latest configuration transfer—Transfers only the latest configuration data.
This release also supports PfR configuration. You must install the latest device pack available on cisco.com for this feature support.
The IWAN workflow provides Direct Internet Access (DIA) support for ZBFW.
User Interface Enhancements
The device 360 view shows VRF details in the interface table and routing table.
Performance Routing Enhancements
The Performance routing page allows you to filter the events based on Virtual Routing Forwarding (VRF) discovered by the border routers.
TrustSec Readiness Assessment Enhancement
The TrustSec Readiness Assessment page allows you to view the details such as SGT Classification, SXP support and SGT Enforcement of the device modules such as supervisor, line card, route processor, etc.
CLI Template Enhancements
Cisco Prime Infrastructure 3.1.3 supports multi-line and interactive commands in the CLI Template for AireOS WLC.
This release supports to tag a template as port based template.
The following templates are newly added under CLI templates:
ERSPAN Source Session—supports only Cisco Catalyst 3650 and 3850 switches.
Multicast over GRE—supports only Cisco Catalyst 3650 and 3850 switches.
Deploying Configuration Templates from the Operations Center
You can now deploy configuration templates from the Operations Center. For more details see, Deploying Configuration Templates in the Cisco Prime Infrastructure 3.1.3 User Guide.
Global Search Enhancements
This release supports searching of clients using the interface description from the global search field in the toolbar.
Compliance Services Enhancements
Metadata for PSIRT and EOX reports is updated till May 2016.
Compliance service support in standard Prime Infrastructure virtual appliance.
This release supports importing of Non-Cisco Standard software images to Prime Infrastructure. You must install the latest device pack available on cisco.com for this feature support.
Plug and Play Enhancements
This release supports provisioning devices using the terminal server. You can also provision the device profiles again by selecting a device from the list and clicking the Reset button.
Plug and play now supports composite templates as part of configuration templates. Multiple configurations for a particular device can be deployed using the composite template. Composite template can contain system templates or user defined templates as member templates.
Note Prime Infrastructure Release 3.1.3 supports all features of Cisco WLC 8.3.
URL Filtering for Domains
Domain Filtering allows network administrators to define HTTP URLs based Access Control Lists (ACL) in order to allow or disallow traffic.
The URL Filtering feature helps optimize network bandwidth utilization by restricting access to websites. This feature gives you control to build URL ACLs using which you can either permit or deny access to websites. These ACLs can be applied to locations, AP groups, WLAN profiles, and trusted and non-trusted clients within the same SSID.
Default FlexConnect Group
Default FlexConnect Group is a container where FlexConnect APs, which are not a part of an administrator-configured FlexConnect group, are added automatically when they associate with Cisco WLC. It is not possible to manually add or delete the default FlexConnect group. It is also not possible to manually add or delete APs to the default FlexConnect group.
Mesh Off-Channel Background Scanning
Mesh APs will periodically go off channel and scan all the channels to update neighbor lists. Support is added for permanent off-channel background scanning for mesh APs (MAPs) when fast or very fast convergence is configured, to take advantage of the presence of neighboring MAPs that have been heard outside the Subset Channel list.
Cisco Aironet 2800 Series and 3800 Series APs
Cisco 2800 AP and Cisco 3800 AP are highly versatile and deliver most of the functionalities of any access points available in the industry.
The following enhancements have been made to Cisco Prime Infrastructure to support Cisco 2800 AP and Cisco 3800 AP in this release:
Supports XOR radio slot where the Wi-Fi radio can be switched between 2.4 GHz and 5 GHz and vice versa in slot 0.
Supports channel width of 160 MHz. Dynamic bandwidth selections allow the APs to dynamically switch between 20 MHz, 40 MHz, 80 MHz, and 160 MHz channels depending on the RF channel conditions.
Cisco CleanAir technology is enhanced to support 160 MHz channel width. This provides proactive and high-speed spectrum intelligence across 20 MHz, 40 MHz, 80 MHz, and 160 MHz channels.
Multi-Gigabit interface support on the access point.
A new antenna, AIR-ANT2544V4M-R8 has been introduced.
The following enhancements have been made to Sitemaps:
Site Maps view—Displays the number of 802.11a/n/ac, 802.11 b/g/n radios available on the campus, building, floor, and the outdoor area. When the XOR radios on a floor or outdoor area change their modes to either serving or monitor and the band changes to 802.11a or 802.b, then the corresponding counts in the Site Map page changes
Building view—Displays the number of 802.11a and 802.11b radios in each floor along with the clients attached to each band (802.11a and 802.11b). When the XOR radios in these floors change their band, then the corresponding client count changes.
Position AP screen—You can choose either internal or external antenna for 802.11 a/b/g/n radio slots.
Floor view—The following features have been updated:
– Icon View
– AP/Radio Filter
– Heatmap Filter
– AP360 View
Cisco Hyperlocation Enhancements
Cisco Hyperlocation Module has been enhanced to include:
A new dual antenna, AIR-ANT25-LOC-02.
Two new parameters, Azimuth and Elevation per radio from the Lightweight AP template page.
IPv6 Support for EoGRE Tunnels
Support is added for client IPv6 traffic and IPv6 address format for the EoGRE tunnel gateway. Client IPv6 traffic is supported on both IPv4 and IPv6 EoGRE tunnels. A maximum of eight different client IPv6 addresses are supported. Cisco WLCs send all the client IPv6 addresses that they have learned to the Accounting server in the accounting update message. All RADIUS or Accounting messages exchanged between Cisco WLCs and tunnel gateways or RADIUS servers that are outside the EoGRE tunnel.
Note IPv6 is not supported on the FlexConnect-to-WAG EoGRE tunnel.
Support for Fast Locate with AP Groups
Support for Fast Locate configuration has been added from Prime Infrastructure on Cisco WLC running Cisco IOS XE Denali 16.3.1.
Wireless Configuration Groups Workflow
Wireless Configuration Groups workflow is the improved workflow of the WLAN Controller Configuration Groups feature, which is available in the Prime Infrastructure. With the improved Wireless Configuration workflow, you can:
Select device specific templates.
Deploy multiple templates on multiple devices.
Audit multiple wireless templates from PI.
Support for -B Regulatory Domain for Access Points
Support for -B Regulatory Domain (5GHz) on Cisco APs from Cisco Prime Infrastructure has been added. New channels supported as part of this are: 120-MHz, 124-MHz, 128-MHz, and 144-MHz.
All -B Regulatory Domain APs in fixed 5-GHz support the new channels.
Cisco 2800 AP and Cisco 3800 APs support these new channels in fixed 5-GHz and when XOR radio is in 5 GHz.
Support to include Switch Port information in Rogue AP report.
A new report, Wired Rogue AP via SPT has been introduced in this release.
The following access point platforms have been introduced in this release:
Cisco Aironet 2800 Series APs
Cisco Aironet 3800 Series APs
Cisco Aironet 1810W Series APs
Cisco 1815I Series APs
Support for BLE Beacon with Hyperlocation module on Cisco IOS XE Denali 16.3.1
In addition to installing Prime Infrastructure 3.1.3 on Prime Infrastructure instances, make sure that you also install Prime Infrastructure 3.1.3 on Prime Operations Center.
You must ensure that the version of Prime Operations Center is the same as the version of the Prime infrastructure instances that it manages. For more details, see Setting Up Operations Center in Cisco Prime Infrastructure 3.1.3 Administrator Guide.
You can install Prime Infrastructure 3.1.3 on operations center from the Cisco Site, or local storage. You can also install the update in high availability mode if the high availability is available on Prime Operations Center. For more details on how to install the update, see Installation Guidelines.
Before installing Prime Infrastructure 3.1.3 in Prime Operations Center disable single sign-on (SSO) on Prime Operations Center and each of the Prime Infrastructure instances that you will manage using Prime Operations Center. For more details on how to enable or disable SSO, see Setting Up Operations Center in Cisco Prime Infrastructure 3.1.3 Administrator Guide.
After installing the update enable HA for Operations Center. For more details, see Enabling HA for Operations Center in Cisco Prime Infrastructure 3.1.3 Administrator Guide.
When Prime Infrastructure is integrated with an APIC-EM server and the Plug and Play profile created by Prime Infrastructure is deleted due to any of the following reasons the PnP profile create, edit, or status monitor will fail:
– By logging into the APIC-EM server and the PnP profile is deleted.
– A later version of APIC-EM is installed and it is integrated again with Prime Infrastructure that does not have Plug and Play profiles created on it earlier.
– Upgraded APIC-EM causes loss of data that Prime Infrastructure had created earlier.
The workaround for this problem is you should synchronize the data manually by:
– Deleting and recreating the profile again after adding APIC-EM.
– Exporting as CSV and importing it back after creating the corresponding profile for all profiles or device profiles.
– Creating the profiles or device profiles using the user interface.
Access Network Workflow—If you could not find the scrollbar in any of the Access Network workflow pages on MAC OS, go to System Preferences > General and set the Show scroll bars option to Always.
Table 1 lists the Open Caveats in Cisco Prime Infrastructure Release 3.1.3.
Click the identifier to view the impact and workaround for the caveat. This information is displayed in the Bug Search Tool. You can track the status of the open caveats using the Bug Search Tool.
The edit button is enabled in the global variable table even when no record is selected, or when the user adds new row or after canceling the add row section. The edit button is disabled only after any one of the global variable records is selected.
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user. The prime web user does not have the full privileges of root.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.