Managing vty ACLs with Prime Infrastructure?

I have a number of devices -- various models of Nexus, (2k - 7k), 6500s and some 1U stackables.
I'm trying to come up with a good way to leverage PI (2.1) to apply a vty ACL to the switches. There does not appear to be a template for this. The problem of course is not only the order of operation (remove ACL from vty if there is one so Prime doesn't lock itself out, only then do the rest of the stuff) but that the syntax seems to differ very aggravatingly -- some require "line vty 0 1509," some "line vty 0 1510," some platforms accept named ACLs for vty ACLs, some don't...
Any tips, tricks, or best practices on how to install and update vty ACLs on IOS and/or NX-OS devices with Prime Infrastructure?

I am also interested in this topic. We have vty ACLs in place but with different names. Would like to be able to find and update the ACL's and vty config. Using PI 2.1.

Similar Messages

  • Ask the Expert: One Management with Prime Infrastructure 1.2

    With Tejas Shah
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions from Cisco expert Tejas Shah on One Management with Prime Infrastructure 1.2 Combining the wireless functionality of Cisco Prime Network Control System (NCS) with the wired functionality of Cisco Prime LAN Management Solution (LMS),  Cisco Prime Infrastructure simplifies and automates many of the day-to-day tasks associated with maintaining and managing the end-to-end network infrastructure from a single pane of glass. The new converged solution delivers all of the existing wireless capabilities for RF management, user access visibility, reporting, and troubleshooting along with wired lifecycle functions such as discovery, inventory, configuration and image management, automated deployment, compliance reporting, integrated best practices, and reporting.
    Tejas Shah is a senior technical marketing engineer for Cisco Prime Infrastructure and Collaboration products. He has deployed Cisco Prime Collaboration Manager at various customer sites to help customers monitor and troubleshoot their video infrastructure. In addition, he is part of the Network Operations Center team at Cisco Live events for six years. Shah joined Cisco in 1995 and was in the Technical Assistance Center team supporting various network management system products for more than six years.
    Remember to use the rating system to let Tejas know if you have received an adequate response. 
    Tejas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub-community discussion forum shortly after the event. This event lasts through Sept 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

    Raun, please see my responses inline:
    Can you go over the licensing method with Prime Infrastructure 1.2 please? 
    Raun, you can check out the following link for ordering guide at
    http://www.cisco.com/en/US/products/ps12239/products_data_sheets_list.html
    I currently have NCS and do NOT currently have LMS.  I know I can move to Prime Infrastructure through Cisco Product Upgrade Tool.  However, what I am confused about is do I still have to buy LMS to have LMS functionality in Prime Infrastructure 1.2? 
    ==> Not at all.  The converged product will give you basic management capability for routers and switches that LMS provided in this release.   Feature/Functionality will keep on growing with upcoming releases.
    If not, do the licenses I transfer into Prime Infrastructure 1.2 from NCS also work for devices to work under LMS? 
    ==> Licensing is different than NCS or LMS.  You don't have to transfer the license.  Each install of Prime Infrastructure will have a unique UID string on which the licenses are based.  A new license will be applied to the product.
    Mean, can my currently 350 licenses be used for AP's as in NCS and routers in the LMS portion of Prime Infrastructure 1.2?
    ==> I would recommend getting a total count of your wired and wireless devices and match the right SKU based on that.
    Hope this helps.. Let me know if you have any further questions,
    Tejas

  • ISE integration with Prime Infrastructure,

    Hi Team,
      I would like to know what are the advantages and Disadvantages of the ISE integration with Prime Infrastructre.Also  how the LAN, wifi, and identity management part (guest access etc) will work together.
    Cheers!!!
    Minakshi

    Prime Infrastructure manages the wired and the wireless clients in the network. When Cisco ISE is used as a RADIUS server to authenticate clients, Prime Infrastructure collects additional information about these clients from Cisco ISE and provides all client relevant information to Prime Infrastructure to be visible in a single console.
    When posture profiling is enforced in the network, Prime Infrastructure talks to Cisco ISE to get the posture data for the clients and displays it along with other client attributes. When Cisco ISE is used to profile the clients or an endpoint in the network, Prime Infrastructure collects the profiled data to determine what type of client it is, whether it is an iPhone, iPad, an Android device, or any other device.
    Cisco ISE is assisting Prime Infrastructure to monitor and troubleshoot client information, and displays all the relevant information for a client in a single console.

  • FortiGate MIB Compatibility with Prime Infrastructure

    I have a Cisco Prime Infrastructure deployment that I would like to monitor various third-party devices. I have successfully discovered my FortiGate 60D device, but it has no monitoring functionality.
    I am trying to create a custom SNMP polling template to deploy to the device and I'm wondering is the FortiGate MIB is even supported by PI? If so, which SNMP MIB do you select when creating a new template?

    The FortiGate SNMP page on the FortiGate Web GUI links two MIB downloads:
    FORTINET-FORTIGATE-MIB
    FORTINET-CORE-MIB
    I have successfully uploaded the FORTINET-CORE-MIB file to the Prime Infrastructure MIB list and I am able to successfully apply that MIB to a template and the template to a dashlet, which outputs data. The issue is when I try to upload the FORTINET-FORTIGATE-MIB file, it produces an error message showing:
    Regards,
    Tom

  • Help with Prime Infrastructure Client Tracking

    I'm running PI 1.2.1.012 and I'm having issues populating client information. Most of my switches are 2960 series. Specifically I get a lot of MAC Address "Unknown" and nothing in the IP address field. I probably get about 25% of the correct MAC address and 10% of the IP addresses. I also run CiscoWorks Prime LMS 4.3.2. and the user tracking information is about 98% correct pertaining to MAC address and IP address. My other network management tools also are very accurate. Any help would be greatly appreciated.

    Same Problem here. I've discovered all the access switches in the environment and they are "Managed" in Device Work Center. Previously we used CiscoWorks and that populated the Mac address, IP address, along with what switch the end host was connected to. That was very helpful for our Helpdesk in troubleshooting. Im now trying to setup the same thing in Prime. Looking at a individual switch the MAC would populate but nothing on IP Address.
    Im at a loss. I've newly taken over the position of Network Analyst so maybe there is a licensing issue that we didnt get that im not aware of thats not bringing the ISE or LMS portion of Prime into play?

  • UPS monitoring support with Cisco Prime Infrastructure 1.2

    Dear Members,
    Good day,
    I am having a project implemented wherein i have the UPS power redudancy solution for our network devices.
    Now can anyone gide that is it possible for below :-
    UPS units installed with SNMP cards be monitored via Cisco Prime Infrastructure 1.2 as our monitoring & management solution is Cisco Prime Infrastructure 1.2 ?
    if yes
    Can you guide if following action would be possible to export the below logs from UPS unit to our Cisco Prime Infrastructure 1.2
       a) UPS fault status information
       b) UPS operational status(input power available Y/N)
       c) Battery fault status
       d) Battery charging current
       e) Battery charge level
       f) Output current
    Conclusion is we need to confirm that would it be posible to achieve remote monitoring of these UPS units via our CPI 1.2
    Thanks in Advance for your support & replies to this query.
    Regards,
    Muzammil N.

    Prime Infrastructure 1.2 can manage non-Cisco devices in a limited fashion via SNMP query and trap processing. It cannot import logs and does not have a generic syslog server,
    So if your devices have snmp read only support and can generate SNMP traps for the above you can add them to PI. Follow the manual add device procedure here.

  • Prime Infrastructure 2.1 problem with sorting devices in device groups

    Hi,
    I have a problem with prime infrastructure, namely prime is not doing appropriate sorting of devices in default device groups.
    Example: device type > routers > Cisco 2800 series integrated services routers - under shown results there are Cisco 2911 Integrated Service router, Cisco 2901 etc.
    Any solution? 
    Tnx

    Hi all:
    I have tried using Designing Monitoring Template to set the Health Check Polling time from default 15 minutes to 5 minutes and also tried also 1 minute.
    The result is 5 minutes is working but 1 minute is not working.
    May I know any one can help on this?
    Many thanks!
    Best regards,
    tangsuan

  • Installing Prime Infrastructure

    Hi All,
    I have a question about the installation of prime infrastructure.
    We have ordered prime infrastructure 1.1, after ordering we received 3 PAK codes. The goal is to install the LMS 4.2.                  
    - L-PILMS42-100 Prime Infrastructure LMS 4.2 - 100 Device Base Lic
    - L-PINCS11-100 Prime Infrastructure NCS 1.1 - 100 Device Base Lic
    - L-PINCSW11-100 Prime Infrastructure NCS WAN 1.1 - 100 Device Base Lic
    If I'm not mistaken, we can install all 3 applications, but not on the same machine? Is that correct? And how do you choose to install LMS or NCS?
    When deploying the OVA file? Where can you choose to use LMS or NCS?
    Or is it the same OVA file for each application and does it unlock features depending on which license file you enter in the web interface?
    Thanks,
    Best Regards,
    Joris

    Prime Infrastructure NCS 1.1 dropped the NCS name when they moved to version 1.2 (and now at 1.3). That's the second item in your original post. The 1.1 license will still be good when you upgrade to 1.3. In fact, if it's a brand new installation, you might as well start with 1.3. You can download the image from www.cisco.com/go/nmsevals and apply your 1.1 license.
    Prime LMS as noted above uses its own separate license and runs on its own separate server / VM.
    There's no proper product name "Prime Infrastructure LMS" though some docs may mistakenly call it that. "Cisco Prime" is the new sweeping name for a set of complimentary products developed around a loosely common architecture and look and feel. It includes Prime Infrastructure (PI), Prime LMS, Prime Security Manager (PRSM), etc.
    Prime Infrastructure NCS WAN 1.1 was a one timeproduct release designed for custoemrs with some specific needs for wired infrastructure management and without having LMS. It wil not be developed further and if you have LMS there's no need to install and operate the PI NCS WAN product.

  • Cisco Prime Infrastructure 2.0 - Third Party NetFlow

    Hi,
    is it possible to collect on the Cisco Prime Infrastructure 2.0 NetFlows from Third Party Devices, like a SonicWALL Firewall?
    I mean it is possible to poll SNMP informations from a third party device, so maybe it is also possible to get the NetFlow from this Device?
    Best Regards,
    Sven K.
    Sent from Cisco Technical Support iPad App

    Hi Sven,
    As per my understanding for 3rd party Only below thing are supported:
    The following support level is available with Prime Infrastructure :
    • Auto Discovery of a 3rd party Device
    • Basic Inventory collection
    • Basic lifecycle management of 3rd party device
    • Ability to show traps and syslog for 3rd party devices
    • Device reachability status polling
    • Ability to load new MIBs & to create new monitoring templates
    • For both Cisco and any SNMP device
    More info is available in the link given below:
    http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/release/notes/cpi_rn.html#wp75765
    Thanks-
    Afroz
    [Do rate the useful post]

  • Prime infrastructure 1.2

    Hi all,
    Yesterday I installed my first Cisco prime infrastructure 1.2.
    I'm a bit confused now, is this the integrated version of LMS and NCS? At first sight, there's not a lot LMS in it.
    I don't see topology services, netconfig etc.
    Since the release of LMS 4.0 I'm struggeling with the licenses every time. No exeptions this time, our customer has + 100 access points and + 100 switches.
    We have 125 NCS licenses
    Do we need separate licenses for the switches? Or are they included in the NCS license. According to a cisco licensing engineer LMS and WAN are not compatible with Prime Infrastructure 1.2.
    Can anyone clarify this for me?
    Thanks
    Best Regards,
    Joris              

    You are correct in saying there's not much LMS in Cisco Prime Infrastructure.  They are essentially still 2 different products even thought future plans are to combine both wireless and wired mgmt in future releases of Prime Infrastructure.
    Licensing will also stay separate for now even though Cisco is generating LMS and WAN license files with Prime Infrastructure...both of which are useless and have only confused the fact. 
    Certain contracts allow for migrating LMS licenses to Prime Infrastructure but it makes no sense to do that because the current version of Prime Infrastructure has only a couple of LMS features currently available. 

  • Prime Infrastructure 1.2.0.103 and Virtual MSE 7.3.101

    Hi,
    I cannot integrate Virtual MSE 7.3.101 with my Prime Infrastructure 1.2
    After I setup MSE via its wizard, I make a change on WCS username and password.
    When I try to integrate MSE with Prime Infrastructure, Prime notify me about the mismatch username/password.
    Both systems are fresh install on my UCS C220 M3.
    Does anyone has the same issue as me ?
    Thanks,
    Pongsatorn Maneesud

    Hi Scott,
    I decide to install a new Virtual MSE then after complete setup the initial wizard. This error appears,
    when I check on the CLI of MSE, this message appears,
    Does anyone can solve these issues ?
    Need to resolve this since it gonna be on production soon.
    Thanks,
    Pongsatorn

  • Prime Infrastructure Licensing question

    I received a PAK and I generated a license from it.  E Mail that I received shows this:
       Product Name         : L-PILMS42-50-M
       Product Description     : Prime Infrastructure LMS 4.2 - 50 Device Upgrade Lic                                            
    Now this says Prime Infrastructure LMS 4.2 and according to this link this is for LMS.  Is this right or did our reseller sent us a wrong PAK?
    http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/quickstart/guide/cpi_qsg.html#wp71203

    Hi Mohammad,
    I dont have any seperate server and even I did not order for this license still I got this.It came with PI 1.2 -100 devicess licence.
    it comes in bundle:
    Understanding License Files Delivered with Prime Infrastructure
    The following tables explain which license files are provided with Prime Infrastructure based on the PIDs you order. Prime Infrastructure 1.1 and 1.2 are product bundles that provide license files for multiple products.
    The Prime Infrastructure 1.2 (bundle) includes:
    •Prime Infrastructure 1.2 (product) - replaces Cisco Prime NCS 1.1 and NCS (WAN) 1.1
    •Prime LMS 4.2
    did u order seperately-  Prime Infrastructure LMS 4.2 - 50 Device Upgrade Lic ??
    Regards

  • Export Alarm/Event Data from Cisco Prime Infrastructure 2.1+

    I am looking to export the current Alarm data for my CPI 2.1 deployment. This so we can go through and organize the data in excel and better configure alarm/events....currently getting 3k a week and we need to tighten what constitutes a critical event and some other parameters. We need the raw data in csv format so do some analytics on it. 
    My issue is there is no reference in the admin/user guides to export alarm data. Also no button or option within the GUI. How can this be accomplished?

    The supported method going forward is to have external tools interact with Prime Infrastructure via the REST API.
    See the documentation on your Prime server for "GET Alarms":
         https://<your server address>/webacs/api/v1/data/Alarms?_docs
    ...or you can download a copy of the API Reference here.

  • Managing Prime Infrastructure 1.2 with MS IAS Radius

    HI,
    I have configured the PI 1.2il MS IAS radius server to authenticate machine with the management domain credentials.
    When I needed to migrate the atuthenticatione from local to radius mode and I went to AAA and I select "with Radius server."
    On the MS IAS I imported the tasks for users with role lobby ambassador and when I turned on the authentication mode in PI 1.2 with AAA Radius Server, the user was able to authenticate properly.
    When I imported Admin or Root tasks on the server could not let the user management interface in Prime.
    there is a documentation update?
    Regards
    Andrea

    I wrote about this some time ago.  Its based on NPS but you should be able to tweak it for IAS as well.
    http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure
    - Be sure to rate all helpful posts

  • Prime Infrastructure to manage WLC 5760 with IOS XE 03.03.03

    Hi there Is IOS XE 03.03.03 on WLC 5760 to be managed via Prime infrastructure 2.1 or what version do I need? It seems to be not fully supported with 2.1... Thanks and best regards Dominic

    Hi Dominic,
    The release notes http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/release/notes/cpi_rn.html#pgfId-43893 show support of up to 03.03.02
    I have got a 3850 WLC running on IOS XE 03.03.03 managed by Prime 2.1
    The release might not be up to date. When the release notes for Prime 2.1 came out, the highest supported is 03.02.03 and a few days later got changed to 03.03.02.
    Regards,
    Jeen Chew

Maybe you are looking for

  • Email problems on Macbook.

    My IPhone 5 has 4 email accounts set up on it, all of the accounts are receiving and sending emails fine. However when i go on my macbook and try to "get mail" it finds mail but does not show them in the inbox, i have tried changing a few settings on

  • Problem in copying the file

    i had created a frame in which iam getting a source file and then copies the file to certain location...the problem is when i copy a large file it is doing well for the first time but when the second time while iam copying exception occurs like this

  • Lenovo Photo Master Download

    I had to uninstall Lenovo Photo Master from my Yoga 3 Pro.  I cannot locate an installer on my computer, or a link to download the software on the Lenovo website.  Please help.

  • User Customized Oracle R graphs in OBI

    Hi, I have created anonymous block in database as below: begin sys.rqScriptCreate('RandomRedDots3', 'function(n){ plot( 1:n, rnorm(n), pch = 21, bg = "red", cex = 2 ) end; In OBI11.1.1.7 physical layer, created a view as below: select id, image from

  • Why won't my Ipod sync now?  New computer, Windows 7.

    I'm setting up a new Win 7 computer. I copied my itunes folder over and downloaded itunes. Shift-clicked and opened itunes and selected one of my libraries. It shows up fine. However, when I plug in my iPod it does not sync. First time I did it Windo