Centrally manage all Cisco Switches

I have more than 20 Cisco switches in my office which is basically a soap manufacturing factory. The switches include Cisco 2950, 2960, 3560, 3750 etc. We have routers also which include 2821, 2951 etc. We also have Cisco WLC 2125 and LAP 1262 series. Sometimes all these devices management comes very tough to us.
We need to logon to different devices for troubleshooting/network managment which sometimes becomes very tough to us. So I wonder if there any cisco applications or tools by which we can centrally manage all these devices.
If would be a great help for us if anyone can suggest.

The closest low cost (free) Cisco product to manage most of that would be Cisco Network Assistant (CNA). It'll do fine with your switches and manage at least your 2900 series router.
If I were on a budget I'd use CNA for the switches, add in Cisco Confguration Professional (CCP) for the couple of routers and use the built-in browser-based interface for the WLC (which covers its WAPs as well).
If you want a paid Cisco product to cover it all, you'd have to step up to Cisco Prime Infrastructure at the base licensing level (up to 50 devices). List price for that is about US$5295.
Third party options abound and also range from free open source projects (Nagios, Cacti, RANCID etc.) to full-featured systems such as the SolarWinds products (NPM, NCM, etc.)

Similar Messages

Firewall Ports Required for NAC manager to manage/add Cisco switch

Hi,
I am trying to add cisco switches to the NAM, however i am not able to add the switch as I am getting the error "unable to control switch" I have tried to open ports 161-162 on the firwall; if i was to allow any traffic between the NAM and switch, the cisco NAM is able to add/manage the switch.
Not sure what other ports may be required for cisco NAM to manage the switch?
Thanks.

Hi,
AFAIK, only the UDP ports 161-162 for the SNMP communication need to be open.
Please make sure you have configured the correct port on the switch:
(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162 mac-notification snmp
If still not working i would check the logs on the firewall for any blocked traffic between the CAM and the switch.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

NAC is not managing new Cisco Switch 2960S

Hello,
we want to add a Cisco Switch 2960S to the devices, but CAM says he is unable to control that switch.
The switch type Cisco WS-C2960-8TC-L is already running on the CAM.
Is there a OID Update for the 2960S?
Our CAM version is 4.5.1.

Solution:
Use the update on CAM:
-> Device Management -> Clean Access -> Updates -> Update
to get new OIDs for the switches.
This solved the problem. The device was added afterwards successfully.

Cisco Switches (2960 Series) Management

We are managing these devices using HP OpenView Network Node Manager (Ver. 7.5) on HP-UX platform.
What are the known problems, limitations on its initial discovery and on later stages of managing the same ?

The Cisco Catalyst 2960 Series supports the Cisco IOS LAN BASE software image. This software image is a rich suite of intelligent services that is also available in a crypto image at no additional charge.
Cisco Network Assistant also offers centralized management and configuration of Cisco switches and other Cisco devices such as routers and wireless access points. With Cisco Network Assistant, in addition to configuring multiple switches at a time, you can configure Cisco wireless access points, and invoke the Device Manager on Cisco routers and access points. Cisco Network Assistant can be downloaded (available at no cost).
This URL should help you:
http://www.cisco.com/en/US/products/ps5931/index.html

Management port in Cisco Switches (are they really physical port)

Hi all,
I have been taught to console into my cisco switch for configurations through console cable + putty (serial terminal).
Then I have been taught to configure a management ip and gateway on the cisco switch.
Switch# conf t
Switch(config)# interface vlan 1
Switch(config-if)# ip address 192.168.1.11 255.255.255.0
Switch(config-if)# no shut
Switch(config-if)# exit
Switch(config)# ip default-gateway 192.168.1.1
All the while, i thought this is the way to remote in to the switch via putty/telnet through the network to configure the switch, until i saw the picture below (cisco catalyst 2960)
=======================================
There is a physical port call ethernet management port. What is it ? What is the difference between this port and the earlier example of setting a management ip in VLAN 1 ?
If i set an IP on this particular interface and I ssh in, will i see the same screen/display/console from the earlier example in which i set a management ip in VLAN1 and I ssh in ?
Regards,
Noob

Hi Leo,
Sorry if you find it hard to explain to me.
I have understood to think of the ethernet management port as a separate entity from the original switch.
Maybe with the help of the diagram below, can you let me know if i have understood correctly ?
*please assume connected port is a management port separated from the normal switch ports
q1) does the ethernet management port need to be connected to another switch ?
I have thought of it as a device on the network and it is mentioned by you previously that it will be connected to a switch
"he traffic goes up the cable connected to the Management port and up a switch. Now that switch holds all the information because it is a switch. "
q2) In the current setup then, terminal B will be able to access the management port - am i right ?
q3) you mentioned that the management port is not able to set any gateway, (which is the router fe0/5 - 192.168.0.3 in my illustration), in that case do you mean that terminal A will not be able to access the management port remotely and it can only be accessible locally ?
Please do correct me if my understanding is wrong.
Thank you so much for your advices.
Regards,
Noob

Using WAVE-294-K9 as Central Manager - Cisco WAAS

Hi all,
Please, currently I'm working on a small scale Cisco WAAS deployment. I want to know if it's possible to use the entry level Cisco
WAVE-294-K9 as Central Manager.
Also about licensing, does this appliance model come with the enterprise level license
Thanks

Hi Abraham,
Yes, the WAVE-294 can also be configured as a central manager.
For the license, as with any other WAAS device, the enterprise license will have to be activated after the device is installed. As you probably know, WAAS uses a honor-based licensing system, so, no license verification will be done during the license activation.
I hope this helps
Daniel

How to centrally manage system center 2012 all products manger's

Dear All,
I am planning to deploy system center configuration manager, operation manager, virtual machine manager and service manager.
Please let me know is there any centrally manage suite available to manage system center 2012 R2 from single console.
Thanks in advance.

Option 1 or 2 are fine. Changing the user name has no effect as just like all good Windows apps, it doesn't reference the actual name but instead uses the SID.
Option 3 is not sufficient for every single thing delegated to this account. Granted, I can't name what these things are and they are very, very little used, but they do exist. If you do delete the account, the only way to get an equivalent one back is to
call support as it involves updating the DB directly.
Jason | http://blog.configmgrftw.com | @jasonsandys

Cisco WAAS Central Manager

Can someone tell me how to deploy Cisco WAAS Central Manager to manage 100 WAE devices over WAN? Is there any additional devices need to setup redundant design and any license cost included here per device basis to monitor? I need detailed solution to manage WAE devices centrally.

Vinod,
There is no need to buy additional licenses or no need to add per device license on the central manager. You can go with the 294-4G or the 474 device , these can support upto 250 devices. However would suggest you to go with a higher model so in future if you expand , you might want to replace the CM that time.
Also a central manager cannot work as a inline or wccp device nor it can do any optimization.
Regards
Abijith

Hello all...is there a way to activate(on startup) /deactivate(on logoff) CS6 Suite using a script, Active Directory Login Script or central Management Tool?

hello all...is there a way to activate(on startup) /deactivate(on logoff) CS6 Suite using a script, Active Directory Login Script or central Management Tool?

The long answer is: No. this is Adobe's secret sauce and you cannot manage it using other tools.
Mylenium

Is it mandatory to have Central Manager (CM)

Dear All,
We are planning to have WAAS solution in our corporate. It is a small setup with 3 sites. We are thinking of using the SRE module in the WAN routers. While going through the documentations a need for additional Central Manager is mentioned. Just wonder is it really required to have it considering a small setup?
Regards,
Anoop

hello Anoop,
It depends on what type of optimization you will require at the small site, for example I am confident that HTTP content, video streaming, basic transport and enterprise license optimizations should still work without a CM ( I have never done a lab without a CM so I am speaking from my experience)
Please keep in mind that a WAAS system without a CM is not supported!! in addition it will be very difficult to troubleshooting anything without the CM anyways.
The CM performs the role of a centralized point of configuration for multiple WAE's even if they are just 2 or 3 WAE's it is still as important as it is for a big deployment.
Without a CM, you won't be able to take advantage of CIFS prepositioning, SSL key management, or secure store (WAE disk encryption) and you won't be able to use the nice graphical reporting charts that WAAS CM provides ( to see what exactly is WAAS doing on your network from your small office to your data center or wherever the traffic is going to)
in regards Virtual WAAS ( as refered on the previous comment ) you might want to take a look at the following links:
http://www.cisco.com/en/US/products/ps11231/index.html
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v431/vwaas/guide/vwaasguide.html
good luck!

Configure Domain Controller ( PDC emulator) as NTP source for Cisco switch 6509

Hi All,
My Org consists of 2 DC one Physical and One Virtual. All Roles are on Physical machine. I ran a W32tm /Query /Configuration command on PDC emulator and the results are confusing.My PDC is using time source VMICTimeProvider a syou can see below.
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
My first Question is that Is it Ok for PDC emulator to use this time source or should I change to some Other source like pool.ntp.org or time.windows.com,0x1.
My Second Question is that I have a core switch cisco 6509 and I want this switch to use my NTP server (PDC emulator ) as NTP source,but at present I cannot as I am getting this error on switch.(no select intersectionTP )
Can Any one help ... Its is urgent
Thanks in Advance
EagleAsh

You should not make your DCs sync their time with your Hypervisor. This usually ends with time synchronization problem so I would recommend to disable that on your DCs and domain joined VMs and use an external NTP server to sync time on your PDC while using
your AD forest topology for time sync on other DCs and domain-joined computers.
I have already started a Wiki article that describes how to configure time sync in an AD domain and you might consider using the GPO configuration option that is stated: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
For the CISCO switch, I would recommend asking them in CISCO forums.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

ESA Centralized Management License

Hi all,
my customer provides single ESA Appliance and would like to produce another one (either physical or virtual). I can see there is no Centralized management license on existing single ESA (wiht dual ESA it was automaticaly added in the past). Can somebody point me, how to obtain (order) centralized management license for existing ESA to be able to make configuration cluster with future ESA?
As I understand it right way, there should be no problem to provide configuration cluster with hybrid ESA (Physical and virtual) - Is it true?
Thank you for any help.

You may request the license be provided for your serial number by contacting our Global Licensing team. They will provide you the availability of the Centralized Management feature key based on your contract and appliance.
Please contact our Global Licensing Operations team:
https://tools.cisco.com/SWIFT/LicensingUI/Home
Licensing FAQ
Phone: 1-800-553-2447, opt 3 (You may request to have a case opened for GLO/Licensing.)
Their email directly is: [email protected]
For the virtual appliance - you will need to assure that they build the centralized management feature key into the license XML, and re-provide a fresh XML for your vESA, based on the VLN associated to the vESA. To get this information - please run 'showlicense' on the CLI.
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Power Over ethernet on Cisco switches - why??

I administer 3 servers (two g4 towers and one xserve attached to an XCraid) and 50 Macintosh workstations in an agency/production group within a fairly large company (2000+). Like most major companies the majority of the computer and servers are Windows based (specifically DELL) with CISCO switches.
I ran into a problem today where a switch was updated the "OS of the swithc" without my knowledge by our Infrastructure group. This resulted in a very high latency problem when pulling files from our Apple servers. After some digging we determined that the feature "Power Over Ethernet" had been disabled when they updated the switch's OS. Once we enabled PoE back on those ports, it was back to business.
My question here is, why does this feature have to be enabled? All DELL servers reconnected without a hitch. I hear PoE is only really resevered for VoiP devices and such. What is it with Apple servers that need this feature turned on?
Look forward to hear from you all.
Xserver, Xraid, G5, etc Mac OS X (10.4.6)

I can confirm that portfast makes a huge difference, as the autonegotiation between the switch and the client is performed inside of about 2 seconds, rather than the standard thrash-around period of about 40 seconds that some ethernet devices can use to determine line speed and simplex / duplex operation.
Turn on portfast on any switch ports that you don't plan on using for trunking / uplinking. When you do this, it tells the switch that there isn't a managed switch / router downstream, so it doesn't need to try to negotiate routing protocols and whatnot - it greatly speeds up the autonegotiation process.
Also, on some Cisco switches (We found it on a Cisco Catalyst 4006) if you lock the port to a specific operating speed / mode (e.g. 100Mbps / full duplex), the Mac doesn't like it nearly as much as if you leave it to autonegotiation. We were having the exact same issue the OP is seeing (limited bandwidth, massive CRC error count) until we put it back to auto and enabled portfast, and then we got the performance we expected, without recurrence of the issue.

Any one ever worked on 6500 series Cisco switches QOS or 6503 or 6524 QOS(Urgent help needed)

Hi All,
I am having issue specifally doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls.
Below is the scenario & configuration which i am having issue.
CE1(2821 router)(dot1Q)--------->PE1(2821 router)------->P(6524 switch)-------->PE2(6503 switch)------->(dot1Q)(2821 switch)CE2.
On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5.
On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work?
---match means=classification or classify
Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario.
i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin.
below r my questions for 6503 qos:
1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc.
2.any other configutaion of qos needed on 6503?
3.i am unable to match anything on outbound port of 6503.
4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl.
5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface.
CE1(2821) config:
class-map match-any EF
match ip precedence 5
class-map match-any data
match ip precedence 3
policy-map ip2mpls
class EF
set cos 5
class data
set cos 3
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.455
encapsulation dot1Q 455
ip address 172.16.15.1 255.255.255.252
service-policy output EF
PE1(2821) config:
mls qos map cos-dscp 0 8 16 24 32 40 48 56
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all mpls_exp
match mpls experimental topmost 5
class-map match-any cos3
match cos 3
class-map match-any LOO1
match cos 5
policy-map EF
class LOO1
set mpls experimental imposition 5
class cos3
set mpls experimental imposition 3
policy-map QOS_G_5
class mpls_exp
priority
class exp_3
bandwidth 500
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
service-policy output QOS_G_5
interface FastEthernet0/1.455
encapsulation dot1Q 455
xconnect 5.5.5.5 455 encapsulation mpls
service-policy input EF
PE2(6503 qos):
R1#show module
Mod Ports Card Type Model Serial No.
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL09401U2L
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114247YN
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0712AM69
4 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL10019J4N
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3BXL SAD102805VM
6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD0846060F
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3BXL SAD102504EF 5.3 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD111300PD 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1004BQ2A 2.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAD10270189 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD102801G5 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1415FE95 1.11 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD08440794 2.4 Ok
R1#show mls qos maps
Normal Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 01 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 01 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Maximum Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Dscp-exp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
mls netflow interface
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all EXP_5
match mpls experimental topmost 5
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all prec5
match ip precedence 5
class-map match-all cos5
match cos 5
policy-map mpls2ip
class QOS_GROUP_5
set cos 5
policy-map IN_FROM_R3
class EXP_5
set qos-group 5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/2
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
interface GigabitEthernet2/2.455
encapsulation dot1Q 455
xconnect 3.3.3.3 455 encapsulation mpls
service-policy output mpls2ip
interface GigabitEthernet2/1
ip address 192.168.34.4 255.255.255.0
ip ospf network point-to-point
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
mpls ip
service-policy input IN_FROM_R4
Thanks & regards,
Ahsan Rasheed

Hi All,.
I am still having issue on 6503 or 6524 Cisco Switch.
" Can any one give me any sample of 6524 or 6503 QOS working configuration, i would be really thankful "
As i have mentioned in my prevoius post of configuration of 6503. I am unable to match mpls exp 5 packet on 6503. My qos configuration on PE1(2811 router) is working perfectly. I am unable to classify mpls ex5 or mpls exp3 on 6503 switch. Am i missing something on configuration?
PE2 config:"6503 switch"
class-map match-all mpls_exp
match mpls experimental topmost 5
policy-map EF
class mpls_exp
R!#mls qos
int Gi2/4
service-policy input EF
mls qos trust cos
dscp: 0 10 18 24 34 46 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
Thanks,
Ahsan Rasheed

Ironport C170 Central Management Feature...

We have a SINGLE Ironport C170 that was set up by an IT Services group here over 6 years ago- before I was hired. We have been getting the following message e-mailed to us recently:
The Warning message is:
Your "Centralized Management" key will expire in under 5 day(s). Please contact your authorized Cisco sales representative.
Our concern here is this:
We do not use "Centralized Management"- we only have one office, one E-mail Security appliance. Should we worry about this feature expiring? Is this a Feature Key that we will need to purchase a renewal for? I appreciate any insight into this issue.
Q.M. Quiney
Network Admin
Precision Payroll of America

Centralized management key was separate (non-free) feature key for connecting multiple appliances in the cluster. Now this license key is included in all newer SW versions in the base license.
If you're not using multiple appliances you don't need this feature and you can ignore this warning.
Just to be sure you're not using a single appliance in a cluster check cluster status with CLI->clusterconfig.

Centrally manage all Cisco Switches

Similar Messages

Maybe you are looking for