-
- Monitoring Devices
- Monitoring Wireless Devices
- Creating Monitoring Policies and Thresholds
- Monitoring Alarms
- Monitoring Clients and Users
- Performance Routing Version 3 Based Network Monitoring
- Monitoring Wireless Technologies
- Using Monitoring Tools
- Viewing Performance Graphs
- Troubleshooting
- Monitoring Multiple Prime Infrastructure Instances
-
- Securing Network Services
- Configuring and Monitoring IWAN
- Using Converged Access Workflow
- Configuring and Monitoring Cisco Catalyst Instant Access
- Configuring Application Visibility and Control
- Ensuring Consistent Application Experiences
- Troubleshooting Applications
- Monitoring Microsoft Lync Traffic
- Using Mediatrace
- Cisco Mobility Services Engine and Services
- Configuring the Cisco AppNav Solution
- Configuring WAAS Container
- Working with Wireless Mobility
Cisco Prime Infrastructure 3.1 User Guide
- Updated:
- June 12, 2019
Chapter: Setting Up Network Monitoring
Setting Up Network Monitoring
After you add devices to the Prime Infrastructure inventory and set up device and port groups, you create monitoring templates to monitor device health (for example, CPU, memory, and interface utilization), basic QoS, and VPN tunnel statistics for wired devices in the group. After you create and apply monitoring templates, Prime Infrastructure collects and processes data from specified devices and displays the information in dashboards, dashlets, and reports.
Monitoring Port Groups and Interfaces
To monitor your device ports, you can create a port group and then display monitoring information on Prime Infrastructure dashboards. Port groups are logical groupings of interfaces that allow you to monitor device ports by the function they serve. For example, you can create a port group for the WAN ports and create another port group for the internal distribution ports on the same router.
See Types of Groups and Creating Device Context or Group Context Port Groups for more information about creating port groups.
After you create groups, you can create an interface health monitoring policy on those ports as explained in the following steps:
Step 1
Choose Monitor > Monitoring Tools > Monitoring Policies.
Step 4 Choose Interface Health. under Policy Types.
Step 5 From the Device Selection drop-down list, choose Port Group.
Step 6 Choose the User Defined group and click OK.
Step 8 Select required the Parameters and Threshold and complete the required fields.
Step 10 Click Save and Activate.
Step 11 To display the results, choose Dashboards > Overview > Network Interface, and view the Top N Interface Utilization dashlet.
Step 12 Edit the Top N Interface Utilization dashlet and add the port group that you previously created.
- Setting Up WAN Interface Monitoring
- Types of Groups
- Creating Device Context or Group Context Port Groups
Setting Up WAN Interface Monitoring
Creating a WAN interface port group allows you to efficiently monitor all WAN interfaces in a specific port group. For example, if you have many small branch offices that have low bandwidth issues, you can create a port group that includes all WAN interfaces from each branch office, and then monitor this port group for issues.
By default, Prime Infrastructure provides a static WAN Interfaces port group on which health monitoring is automatically deployed. The following procedure shows you how to:
1. Add interfaces to the WAN Interfaces port group.
2. Verify the utilization and availability of the WAN interfaces from the Site dashboard.
Step 1 To add interfaces to the WAN Interfaces port group:
a. Choose Inventory > Group Management > Port Groups.
b. From the menu on the left, choose System Defined > WAN Interfaces.
c. Select the device, then click Add to Group.
Step 2 To display the results:
a. Choose Dashboard> Overview > 
> Add Dashlets.
b. Click either of the following:
– Top N WAN Interfaces by Utilization
– Top N WAN Interfaces with Issues
Getting Enhanced Client Information by Integrating with Cisco Identity Services Engine (ISE)
Prime Infrastructure manages the wired and the wireless clients in the network. When Cisco ISE is used as a RADIUS server to authenticate clients, Prime Infrastructure collects additional information about these clients from Cisco ISE and provides all client relevant information to Prime Infrastructure to be visible in a single console.
When posture profiling is enforced in the network, Prime Infrastructure communicates with Cisco ISE to get the posture data for the clients and displays it along with other client attributes. When Cisco ISE is used to profile the clients or an endpoint in the network, Prime Infrastructure collects the profiled data to determine what type of client it is, whether it is an iPhone, iPad, an Android device, or any other device.
You can get enhanced information about managed clients using the Cisco ISE or Cisco Secure Access Control (ACS) View servers.
If Prime Infrastructure is integrated with an ISE server (to access endpoint information), you can:
- Check an End User’s Network Session Status.
- Using the User 360° View, you can identify possible problems with the end user’s authentication and authorization for network access.
- Troubleshoot the User Application and Site Bandwidth Utilization.
Prime Infrastructure displays ISE Profiling attributes only for authenticated endpoints.
Adding an Identity Services Engine
A maximum of two ISEs can be added toPrime Infrastructure. If you add two ISEs, one should be primary and the other should be standby. When you are adding a standalone node, you can add only one standalone node and cannot add a second node.
To add an Identity Services Engine, follow these steps:
Step 1 Choose Administration > Servers > ISE Servers.
Step 2 From the Select a command drop-down list, choose Add ISE Server, then click Go.
Step 3 Complete the required fields, then click Save.
The credentials should be superuser credentials local to ISE. Otherwise, ISE integration does not work.
Configuring ACS View Servers
If you do not have ISE, you can integrate your Cisco ACS View server with Prime Infrastructure. To access the ACS View Server tab, you must add a view server with credentials.
Prime Infrastructure supports only ACS View Server 5.1 or later.
To configure an ACS View Server, follow these steps:
Step 1 Choose Administration > Servers > ACS View Servers.
Step 2 From the Select a command drop-down list, choose Add ACS View Server, then click Go.
Step 3 Enter the port number of the ACS View Server you are adding. (Some ACS View Servers do not allow you to change the port on which HTTPS runs.)
Step 4 Enter the password that was established on the ACS View Server. Confirm the password.
Step 5 Specify the number of retries to be attempted.
Setting Up Assurance for Performance Monitoring
If your Prime Infrastructure implementation includes Assurance licenses, you must enable data collection via NAMs and NetFlow configurations. This is necessary to populate the additional dashlets, reports, and other features supplied with Assurance.
Enabling NAM Data Collection
To ensure that you can collect data from your Network Analysis Modules (NAMs), you must enable NAM data collection. You can do this for each discovered or added NAM, or for all NAMs at the same time.
You must specify the HTTP/HTTPS credentials for each NAM (see Adding NAM HTTP/HTTPS Credentials).
Step 1 Choose Services > Application Visibility & Control > Data Sources.
Step 2 In the NAM Data Collector section, select the required NAM datasources for which you want to enable data collection.
Defining NAM Polling Parameters
You can specify data that is collected from NAMs.
Step 1 Choose Monitor > Monitoring Policies.
Step 2 Click Add, then select NAM Health under the Policy Types list from the left sidebar menu.
Step 3 Select the NAM devices from which you want to collect data, then complete the required fields.
Step 4 Under Parameters and Thresholds, specify the parameters you want to poll from the NAM devices and threshold conditions.
Step 5 Click Save and Activate.
Enabling NetFlow Data Collection
To start collecting NetFlow and Flexible NetFlow data, you must configure your NetFlow-enabled switches, routers, and other devices (ISR/ASR) to export this data to Prime Infrastructure. The following table shows the various device types that support NetFlow and the ways to configure devices to export NetFlow data to Prime Infrastructure.
Table 5-1 gives the detailed information of NetFlow support summary.
|
|
|
|
|
|
|---|---|---|---|---|
Choose Services > Application Visibility & Control > Interfaces Configuration |
||||
Choose Services > Application Visibility & Control > Interfaces Configuration |
||||
TCP/UDP: Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI > Collecting Traffic Statistics Voice Video: Use Medianet Perfmon CLI template. Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI >Medianet – PerfMon |
||||
Choose Services > Application Visibility & Control > Interfaces Configuration |
||||
Choose Services > Application Visibility & Control > Interfaces Configuration |
||||
TCP/UDP, ART: Create a MACE CLI template. See Configuring NetFlow on ISR Devices Voice & Video: Use Medianet Perfmon CLI template. Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI >Medianet – PerfMon |
||||
Choose: Services > Application Visibility & Control >Interfaces Configuration |
||||
Choose Services > Application Visibility & Control > Interfaces Configuration |
||||
Create a custom CLI template. See Configuring NetFlow Export on Catalyst 2000 Switches. |
||||
| IP base or IP services feature set and equipped with the network services module. |
Create a custom CLI template. See Configuring NetFlow on Catalyst 3000, 4000, and 6000 Family of Switches |
|||
TCP/UDP: Create a custom CLI template. See Configuring NetFlow on Catalyst 3000, 4000, and 6000 Family of Switches Voice & Video: Use Medianet Perfmon CLI template. Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI >Medianet – PerfMon |
||||
TCP/UDP: Create a custom CLI template. See Configuring NetFlow on Catalyst 3000, 4000, and 6000 Family of Switches. Voice & Video: Use Medianet Perfmon CLI template. Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI >Medianet – PerfMon |
||||
TCP/UDP: Create a custom CLI template. See Configuring NetFlow on Catalyst 3000, 4000, and 6000 Family of Switches. Voice & Video: Use Medianet Perfmon CLI template. Choose Configuration > Templates > Features & Technologies > CLI Templates > System Templates - CLI >Medianet – PerfMon |
Configuring NetFlow Export on Catalyst 2000 Switches
To manually configure NetFlow export on Catalyst 2000 devices, create a user-defined CLI template as shown in the following steps.
Step 1 Choose Configuration > Templates > Features & Technologies > CLI Templates > CLI.
Step 2 Hover your mouse cursor over the information icon and click New to create a new CLI template.
Step 3 Enter a name for the new CLI template (for example, “Prime_NF_CFG_CAT2K).
Step 4 From the Device Type list, choose Switches and Hubs.
Step 5 In the Template Detail > CLI Content text box, enter the following commands, modifying them as needed for your network (note that these commands are only an example):
match ipv4 destination address
match transport destination-port
option exporter-stats timeout 20
interface GigabitEthernet3/0/1
ip flow monitor PrimeNFMon input
Step 6 Click Save as New Template. After you save the template, deploy it to your devices (see Creating Feature-Level Configuration Templates).
Configuring NetFlow on Catalyst 3000, 4000, and 6000 Family of Switches
To manually configure NetFlow to export TCP and UDP traffic on Catalyst 3000, 4000, or 6000 devices, create a user-defined CLI template as shown in the following steps.
Step 1 Choose Configuration > Templates > Features & Technologies > CLI Templates > CLI.
Step 2 Hover your mouse cursor over the information icon and click New to create a new CLI template.
Step 3 Enter a name for the new CLI template (for example, “Prime_NF_CFG_CAT3K_4K”).
Step 4 From the Device Type list, choose Switches and Hubs.
Step 5 In the Template Detail > CLI Content text box, enter the following commands, modifying them as needed for your network (note that these commands are only an example):
match ipv4 destination address
match transport destination-port
option exporter-stats timeout 20
interface GigabitEthernet3/0/1
ip flow monitor PrimeNFMon input
Step 6 Click Save as New Template. After you save the template, deploy it to your devices (see Creating Feature-Level Configuration Templates).
Configuring NetFlow on ISR Devices
To manually configure NetFlow to export MACE traffic on an ISR device, use the following steps to create a user-defined CLI template:
Step 1 Choose Configuration > Templates > Features & Technologies > CLI Templates > CLI.
Step 2 Hover your mouse cursor over the information icon and click New to create a new CLI template.
Step 3 Enter a name for the new CLI template (for example, “Prime_NF_CFG_MACE”).
Step 4 From the Device Type list, choose Routers.
Step 5 In the Template Detail > CLI Content text box, enter the following commands, modifying them as needed for your network (note that these commands are only an example)
flow record type mace mace-record
destination <PI_SERVER_IP_ADDRESS>
flow monitor type mace mace-monitor
class-map match-all PrimeNFClass
policy-map type mace mace_global
Step 6 Click Save as New Template. After you save the template, deploy it to your devices (see Creating Feature-Level Configuration Templates).
Feedback