Introduction

This is the fifth maintenance release for Cisco Prime Infrastructure 3.10.

You can install Cisco Prime Infrastructure 3.10.5 on Cisco Prime Infrastructure 3.10.2 System Patch or Cisco Prime Infrastructure 3.10.3 or Cisco Prime Infrastructure 3.10.4+3.10.4 System Patch or Cisco Prime Infrastructure 3.10.4 Update 01 or Cisco Prime Infrastructure 3.10.4 Update 02+3.10.4 Update 02 System Patch or Cisco Prime Infrastructure 3.10.4 Update 03. Cisco Prime Infrastructure PI_3_10_5-1.0.29.ubf is approximately 1.76GB.

You must install the Cisco Prime Infrastructure 3.10.5 Mandatory System Patch (PI_3_10_5_SystemPatch-1.0.5.ubf - approximately 2.04 GB) after 3.10.5 installation. This includes Oracle Jan 2024 critical patch update. To install the system patch, see Installing the System Patch from Local Storage .

The downloading time depends on the available network connection in the enterprise environment. Ensure that you have adequate bandwidth and are not running into high latency issues.

System Requirements

For more details on the system requirements, see Understand System Requirements section in the Cisco Prime Infrastructure 3.10 Quick Start Guide.

Installation Guidelines

The following sections explain how to install the maintenance release.

Before You Begin Installing the Maintenance Release

You can install Cisco Prime Infrastructure 3.10.5 on Cisco Prime Infrastructure 3.10.2 System Patch or Cisco Prime Infrastructure 3.10.3 or Cisco Prime Infrastructure 3.10.4+3.10.4 System Patch or Cisco Prime Infrastructure 3.10.4 Update 01 or Cisco Prime Infrastructure 3.10.4 Update 02+3.10.4 Update 02 System Patch or Cisco Prime Infrastructure 3.10.4 Update 03 from Software Download page.

Since the maintenance release is not removable, it is important to have a way to revert your system to the original version in case hardware or software problems cause the maintenance release installation to fail.

To ensure you can do this, take a backup of your system before downloading and installing this UBF maintenance release.

Similarly, if you are running Prime Infrastructure 3.10.4 Update 03 in a Virtual Machine (VM) and your organization permits taking VM snapshots, stop Prime Infrastructure and use the VMware client to take a VM snapshot before applying this maintenance release. Store the snapshot in an external storage repository, and restore from the snapshot if the maintenance release installation is unsuccessful. For more details, see Restore an Application Backup in the Cisco Prime Infrastructure 3.10 Administrator Guide.

To revert to Prime Infrastructure 3.10.5 installation (with PI 3.10.x, PI 3.9.x, PI 3.8.x, or PI 3.7.x backup), follow these steps:

  1. Reinstall Prime Infrastructure 3.10 from an OVA or ISO distribution

  2. Upgrade to Cisco Prime Infrastructure 3.10.2 using tar bundle and install PI 3.10.2 system patch once after upgrade is completed. For more information, see Cisco Prime Infrastructure 3.10.2 Release Notes

  3. Install Cisco Prime Infrastructure 3.10.5

  4. Install Cisco Prime Infrastructure 3.10.5 System Patch

  5. If you have a prior 3.10.x, 3.9.x, PI 3.8.x, PI 3.7.x backup - Restore this backup

If you are installing this release as part of a High Availability (HA) implementation, see Installing the Maintenance Release in High Availability Mode in the Cisco Prime Infrastructure 3.10 Administrator Guide .

Installing the Release from Local Storage


Caution


If you have a High Availability (HA) environment, remove the HA setup before proceeding to install this release. For more details, see Installing the Maintenance Release in High Availability Mode .

Make sure that you have completed the recommended preparation steps given in Before You Begin Installing the Maintenance Release .

To install Cisco Prime Infrastructure 3.10.5 from the local storage, follow these steps:


Note


You can only install Cisco Prime Infrastructure 3.10.5 by manual download from Cisco.com and upload and install through Cisco Prime Infrastructure UI.

Procedure


Step 1

Download the Prime Infrastructure PI_3_10_5-1.0.29.ubf from Home > Products > Cloud and Systems Management > Routing and Switching Management > Network Management Solutions > Prime Infrastructure > Prime Infrastructure 3.10 > Prime Infrastructure Patches - 3.10.5 and save the file in your local system.

Step 2

Log in to Cisco Prime Infrastructure 3.10.2 System Patch or Cisco Prime Infrastructure 3.10.3 or Cisco Prime Infrastructure 3.10.4+3.10.4 System Patch or Cisco Prime Infrastructure 3.10.4 Update 01 or Cisco Prime Infrastructure 3.10.4 Update 02+3.10.4 Update 02 System Patch or Cisco Prime Infrastructure 3.10.4 Update 03.

Step 3

Choose Administration > Licenses and Software Updates > Software Update.

Step 4

Click Upload and browse to the location where you have saved the maintenance release file. Click OK to upload the file.

Step 5

In the Status of Updates pane, click the Files tab and check whether PI_3_10_5-1.0.29.ubf is listed under FileName column.

Step 6

In the Critical Fixes pane, click Install.

Note

 
Do not manually restart the server while the installation is in progress.

Step 7

Click Yes in the pop-up dialogue box to install Cisco Prime Infrastructure 3.10.5. It may take approximately 1 hour for the installation process to complete.

Step 8

You can verify the release installation from Prime Infrastructure Login under Critical Fixes by clicking View Installed Updates and also by logging into the server and choosing Administration > Software Update. You should see a listing for the release in the Updates tab, with Installed in the Status column.


Installing the Maintenance Release in High Availability Mode

Download PI_3_10_5-1.0.29.ubf from Home > Products > Cloud and Systems Management > Routing and Switching Management > Network Management Solutions > Prime Infrastructure > Prime Infrastructure 3.10 > Prime Infrastructure Patches - 3.10.5 and save the file in your local system.

To install the downloaded PI_3_10_5-1.0.29.ubf in High Availability mode follow the below prerequisites:


Note


Prime Infrastructure 3.10.5 can be applied only in primary and secondary standalone servers. The server will restart automatically once the installation is complete. The restart typically takes more than 60 minutes. You cannot apply Prime Infrastructure 3.10.5 when HA is enabled.
  • If you are installing Cisco Prime Infrastructure 3.10.5 on High Availability (HA) paired servers, you will get an error message.

For more details, see Remove HA Via the GUI in the Cisco Prime Infrastructure 3.10 Administrator Guide.

  • Continue the patching once HA removed completely. For more details, see the How to Patch New HA Servers section in the Cisco Prime Infrastructure 3.10 Administrator Guide .

Troubleshooting Maintenance Release Installs in High Availability Implementations

If you are unable to apply this maintenance release in a High Availability (HA) implementation, check whether your network bandwidth, throughput and latency meets the network requirements recommended in Network Throughput Restrictions on HA section in the Cisco Prime Infrastructure 3.10 Administrator Guide. In a few cases, continued or intermittent throughput problems can cause a complete failure. If you believe this has occurred, contact Cisco TAC for support.

If you are unable to verify that this maintenance release has been successfully installed on a Prime Infrastructure server, or one or both of the servers fails to restart properly after installing the maintenance release, you may need to re-image the server as explained in Before You Begin Installing the Maintenance Release before continuing.

In all cases, you can use the backup-logs command on one or both servers to get information on the source of the failure. For more information, see the backup-logs section in the Cisco Prime Infrastructure 3.10 Command Reference Guide .

Installing the System Patch from Local Storage

  • You can only install Cisco Prime Infrastructure PI_3_10_5_SystemPatch-1.0.5.ubf by manual download from Cisco.com and upload and install through Cisco Prime Infrastructure UI.

  • Cisco Prime Infrastructure PI_3_10_5_SystemPatch-1.0.5.ubf can be applied only in primary and secondary standalone servers. The server will restart automatically once the installation is complete. The restart typically takes 45 to 60 minutes.

To install Cisco Prime Infrastructure PI_3_10_5_SystemPatch-1.0.5.ubf from the local storage, follow these steps:

Procedure


Step 1

Download the Prime Infrastructure PI_3_10_5_SystemPatch-1.0.5.ubf Home > Products > Cloud and Systems Management > Routing and Switching Management > Network Management Solutions > Prime Infrastructure > Prime Infrastructure 3.10 > Prime Infrastructure Patches - 3.10.5 and save the file in your local system.

Step 2

Log in to Prime Infrastructure 3.10.5 server.

Step 3

Choose Administration > Licenses and Software Updates > Software Update.

Step 4

Click Upload and browse to the location where you have saved the system patch file. Click OK to upload the file.

Step 5

In the Status of Updates pane, click the Files tab and check whether PI_3_10_5_SystemPatch-1.0.5.ubf is listed under FileName column.

Step 6

In the Critical Fixes pane, click Install.

Step 7

Click Yes in the pop-up dialogue box to install Cisco Prime Infrastructure PI_3_10_5_SystemPatch-1.0.5.ubf. It may take approximately 1 hour for the installation process to complete.

Note

 
Do not manually restart the server while the installation is in progress.

Step 8

You can verify the release installation from Prime Infrastructure Login under Critical Fixes by clicking View Installed Updates and also by logging into the server and choosing Administration > Software Update. You should see a listing for the release in the Updates tab, with Installed in the Status column.


New Features and Enhancements

This section provides a brief description of new features and enhancements in Cisco Prime Infrastructure 3.10.5

Ping to Okta Migration

Cisco global security is migrating from Ping to Okta that impacts authentication mechanism, which used to authenticate Cisco APIs.

From this release, Cisco Prime Infrastructure's authentication method has migrated from Ping to Okta.Prime Infrastructure's Ping authentication used Resource Owner Password Credential ( ROPC ) as Grant type and store Cisco credentials in its own database, whereas ROPC is removed from the Okta implementation.

For Okta authentication Prime Infrastructure uses Device Authorization and it is implemented in the Account Settings, SWIM, Software Update, and Support Case Pages.

Account Settings

In the Administration > Settings > System Settings > Account Settings,

  • Select Cisco.com Credentials, and click Login to view the Activate your device dialog box and click Next.

  • Enter the login credentials in single sign on page and follow the authentication steps given in the Duo authentication dialog box to complete the activation.

Software Images

In the Inventory > Device Management > Software Images > Import,

  • Select Cisco.com, to view the Activate your device dialog box and click Next.

  • Enter the login credentials in single sign on page and follow the authentication steps given in the Duo authentication dialog box to complete the activation.

Software Update

In the Administration > Licenses and Software Updates > Software Update,

  • Click download, to view the Activate your device dialog box and click Next.

  • Enter the login credentials in single sign on page and follow the authentication steps given in the Duo authentication dialog box to complete the activation.

Support Cases

  • Click in the top right of the GUI, choose Support Cases. The device activation code is displayed in the Activate your device dialog box click Next.

  • Enter the login credentials in single sign on page and follow the authentication steps given in the Duo authentication dialog box to complete the activation.


Important


  • If you do not see the Activate your device pop-up, ensure that the pop-up blocker is disabled in the browser. Also, the time out period is set 10 minutes and after the time out period the activation code will be expired. You need to reinitate to get the new activation code.

  • When the server is down for more than nine hours, username saved in the Account Settings page will be deleted automatically as token gets expired.

  • When you upgrade to PI 3.10.5 from PI 3.10.4 Update 03 or any lower versions, you need to re-establish the cisco.com connection in the Account Settings page.

  • When you restore a backup of lower versions with saved credentials, you need to re-establish the cisco.com connection in the Account Settings page.

  • Swim jobs scheduled in PI 3.10.4 Update 03 or any lower versions will be failed in 3.10.5 due to Okta Implementation.You need to re-establish the cisco.com connection in the Account Settings page and reschedule the swim jobs.

  • You need to setup the proxy for a successful cisco.com authentication.


Important Notes

  • Prime was migrated to Smart Receiver and as per their guidelines Direct and Transport Gateway mode is not supported. You must use Proxy to enable smart license using new url https://smartreceiver.cisco.com/licservice/license.

  • Cisco announced the End-of-Life and End-of-Sale for all versions of Prime Infrastructure. Please use the PDMT to migrate data to Cisco DNA Center or use Cisco Networking Bot for self-help migration. For more information reach out to the migration team at primetodnacmigration@external.cisco.com.

  • After installing Prime Infrastructure 3.10.5, you will be notified with the below warning message during ncs status, show version, ncs stop, ncs start, and restore console and this can be ignored as there is no functionality impact:

    SLF4J: Class path contains multiple SLF4J bindings.

    SLF4J: Found binding in [jar:file:/opt/CSCOlumos/lib/xmp-third-party/com.cisco.xmp.osgi.slf4j-log4j12-1.5.8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class]

    SLF4J: Found binding in [jar:file:/opt/CSCOlumos/lib/xmp-third-party/log4j-slf4j-impl-2.20.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]

    SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.

  • By default, the Automonitoring device health does not monitor Security and VPN Devices. Due to this, Security and VPN Devices such as ASA devices does not appear in the Wired Device Availability report. To include them in the report, you will need to create an additional Device Health policy in the Monitoring Polices and select the ASA device in the policy, and generate the report.

  • Cisco Prime Infrastructure supports only one unique registration interface for each GDOI group. If you need multiple registration interface support, please contact the Cisco Technical Assistance Center (TAC).

  • The EOL/EOS message always appears on the login page of Prime Infrastructure.

  • The EOL/EOS message appears in a pop-up notification window every time the user login to the Prime Infrastructure. However, after restart of the Prime Infrastructure services, the pop-up message will not be notified in the future.

  • For all the versions of Prime Infrastructure, Prime XWT Widgets are not compatible with the latest versions of Chrome and Edge browsers. This impacts the prime xwt actions such as add, update, delete, duplicate, and so on.

    • Edge:

      • 114.0.1823.51

      • 114.0.1823.43

    • Chrome:

      • 114.0.5735.133

  • It is recommended to use Firefox or lower versions of Chrome and Edge browsers to carry out the Prime XWT widget actions in the Prime Infrastructure.

  • When you restore to Cisco Prime Infrastructure 3.10.4 from earlier versions 3.7.x, 3.8.x, 3.9.x, 3.10.x backup, you will be notified with the following warnings in the restore console window:
    
    Warning:
    <verisigntsaca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <airespace-root> uses a 1536-bit RSA key which is considered a security risk. This key size will be disabled in a future update. 
    <verisignclass1ca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <verisignclass1g2ca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <verisignclass2g2ca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <verisignclass3ca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <verisignclass3g2ca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    <verisigntsaca> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    Warning:
    <airespace-root> uses a 1536-bit RSA key which is considered a security risk. This key size will be disabled in a future update.
    These warning messages are displayed due to the recent upgrade of JRE in Prime Infrastructure 3.10.2. For more information, see JDK-8172404.

Open Caveats

The following table lists the open caveats in Prime Infrastructure Release 3.10.5.

Click the identifier to view the impact and workaround for the caveat. This information is displayed in the Bug Search Tool. You can track the status of the open caveats using the Bug Search Tool.

Table 1. Open Caveats

Identifier

Description

CSCwj83819

Oracle Database Server (Apr 2024 CPU)

CSCwk61635

Top check box issue while selecting the APs for LightWeight Access Points template

CSCwk73450

SLF4J content printed during ncs status & ncs stop & start and Restore console .

CSCwm03098

PrimeMigration: PI 3.10.5 + PDMT6 eWLC deletion is not happening after upgrading to 3.10.5

Resolved Caveats

The following caveats were resolved in Prime Infrastructure Release 3.10.5.

Click the identifier to view the impact and workaround for the caveat. This information is displayed in the Bug Search Tool. You can track the status of the open caveats using the Bug Search Tool.

Table 2. Resolved Caveats

Identifier

Description

CSCwf62198

Critical CVE in component apache-log4j. Upgrade to latest version

CSCwf62205

Critical CVE in component spring-framework. Upgrade to latest version

CSCwf81656

Cisco Prime Infrastructure 3.10 does not display Top N CPU Utilization Graph after Google Chrome upgrade

CSCwf85513

Unable to access AP Summary page and AP Configuration tab PI 3.9.1 security update 2

CSCwf92234

Need to document that Map Editor cannot be launched from Planning Mode

CSCwi24936

Peak throughput value is producing incorrect in report-AP Utilisation.

CSCwi36513

Operations Center can show incorrect redundancy status for wireless controllers.

CSCwi47806

Cisco Prime Infrastructure 3.10 is affected by vulnerability CVE-2023-46604

CSCwi47966

OpenSSL >1.1.1t Vulnerability

CSCwi58727

Apache Tomcat 9.0.0.M1 < 9.0.83

CSCwi58764

Evaluation of ncs for GWT Unauthenticated Java Deserialization Vulnerability

CSCwi70135

Related to CSCwi08182 :  More reports Wireless utilization and AP RF Quality History issue

CSCwi80385

Oracle Java SE Multiple Vulnerabilities (January 2024 CPU),Oracle Database Server (January 2024 CPU)

CSCwj02418

Unable to export Unified AP after filtering in Prime Infrastructure 3.10.4 update 02

CSCwj10901

Unable to edit Flex Profile on Site Tag for 9800 using Prime 3.10

CSCwj10956

3.10.4 update 03#7 - SFTP backup file transfer not working

CSCwj21406

Apache 2.4.x < 2.4.55 Multiple Vulnerabilities &  Apache 2.4.x < 2.4.56 & Apache 2.4.x < 2.4.58

CSCwj21512

RHEL 7 : emacs (RHSA-2023:3481) & c-ares (RHSA-2023:3741) & bind (RHSA-2023:4152) & ++ total 19 Vuls

CSCwj26530

9800 Telemetry coral connection failure issue seen even though device managed in Prime Infra

CSCwj26578

CSR incorrectly generated from CLI with special character

CSCwj31410

All wired clients hostname are not displayed on the Clients and Users page

CSCwj38324

9800 Devices not listed when creating MAC filtering template using the Japanese GUI

CSCwj54478

Unable to upload .pl script file in Syslog Policy

CSCwj54564

Cisco Prime Infrastructure 3.10.4 - Unable to export device list with filter applied

CSCwj58167

3.10.5#4 - OpenSSH < 9.6 Multiple Vulnerabilities & OpenSSH < 9.3 Multiple Vulnerabilities

CSCwj58778

Evaluation of ncs for HTTP/2 CONTINUATION Attack Tomcat vulnerability

CSCwj59503

User Groups page not show the tasks Syslog Policies, Syslog Policies Edit Access & Settings Access

CSCwj60653

Evaluation of ncs for HTTP/2 CONTINUATION Attack vulnerability

CSCwj67175

Apache 2.4.x < 2.4.59 Multiple Vulnerabilities

CSCwj67181

RHEL 7 : kernel (RHSA-2024:1249)

CSCwj70555

Controller Configuration Backup job's Next Start Time gets updated with Completion time

CSCwj70749

17.14.1 CCO coral need to be integrated with Prime 3.10.5 image

CSCwj71066

Job Dashboard > User Jobs hangs GUI and never returns response

CSCwj71202

RHEL 7 : squid (RHSA-2024:1787), RHEL 7 : X.Org server (RHSA-2024:1785

CSCwj88337

RHEL 7 : grub2 (RHSA-2024:2002)&  kernel (RHSA-2024:2004) & linux-firmware (RHSA-2024:0753)

CSCwj91168

RHEL 7 : emacs (RHSA-2023:3481)& RHEL 7 : cups (RHSA-2023:4766)

CSCwk02463

Prime 3.10.5 - In AP utilization report 802.11ax client is not listing

CSCwk17545

Mesh links are not showing on maps even though APs are associated to controllers (9800 and AireOS).

CSCwk33538

3.10.5#18 - RHEL 7 : glibc (RHSA-2024:3588)

CSCwk36750

RHEL7:less (RHSA-2024:3669)&bind,bind-dyndb-ldap&dhcp(RHSA-2024:3741)&linux-firmware(RHSA-2024:3939)

CSCwk48007

AP is not discovered if the 9800 WLC is managed by DNS name

CSCwk62276

Evaluation of ncs for OpenSSH regression vulnerability

CSCwk67350

Wired device availability" report do not display ASA devices details in 3.10.4

CSCwk64257

Apache 2.4.x < 2.4.60 Multiple Vulnerabilities

Submitting Feedback

Your feedback will help us improve the quality of our product. You must configure the email server and then enable data collection to configure the feedback tool. To send your feedback, follow these steps:

Procedure


Step 1

If you have configured your mail server, go to Step 4.

Step 2

Choose Administration > Settings > System Settings > Mail and Notification > Mail Server Configuration.

Step 3

In the Mail Server Configuration page, enter the mail server details, then click Save to save the configuration settings.

Step 4

Choose Administration > Settings > System Settings > General > Help Us Improve.

Step 5

In the Help Us Improve Cisco Products page, select Yes, collect data periodically, then click Save.

Step 6

Click the Settings icon, then select Feedback > I wish this page would.

Step 7

Enter your feedback, then click OK.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html .

Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.