Cisco Prime Authorization

Similar Messages

• Replicate in the Master controller and creation of new user with cisco prime infrastructure 2.1.

  Hello!!
  We have multiple controllers Cisco WLC 5508 (all running software version 7.6.120.0) distributed in various buildings and a controller in other control building (also Cisco WLC 7.6.120.0 5508) operating as Master and backup of the buildings's controllers . 
  Each building is radiated such an SSID that is used as a validation of the user connected to that SSID web portal each controller (in the WLAN, Security -> Layer 3 -> Web Policy), using the local database to validate the user. 
  The problem is that the local database of users is not being replicated between controllers buildings and the Master controller, so if you drop the controller of a building, the Master controller begins to provide service to the buildings access points, but the equivalent radiated SSID cannot able to validate users. 
  I need know if it's possible through Cisco Prime Infrastruture 2.1, first replicate in the Master controller on the basis of existing controllers buildings each local data and, second, that the creation of new users are automatically perform both the controllers like to the Master .
  Thanks.

  As noted earlier, it is not advisable to use the root user to log in for normal use. New users and groups can be created by navigating to Administration > Users, Roles & AAA as shown in the preceding figures. It would help to chalk out what are the various levels at which you want to distribute the users, and to create those roles first. It doesn’t really matter whether you create users or groups first. New users can be easily added by going to Administration > Users, Roles & AAA > Users > Add Users > Select “Add Users” from the drop-down on the right side. Once you get into the add user workflow, fill in the username, password, and local authorization for this user as shown in the figure below.
  A virtual domain can also be assigned to the users when you define their roles by selecting the virtual domain on the left side and moving it to the right side as shown in the image below (left).

• Using ACS for Cisco Prime authentication

  I'd like to use our Tacacs server running ACS to be the authentication method for user accounts in Prime, but don't even know where to start with this..
  Any pointers?

  The configuration on the Prime Infrastructure side is minimal:  define the authentication server Prime is to use and select a mode for Prime Infrastructure to use with it.
  Administration > AAA > TACACS+ Servers > add tacacs server.
  Administration > AAA > AAA Mode Settings > tacacs+ and enable fallback to local.
  The bulk of the configuration is on the authentication server side, particularly indefining groups, services and authorization tasks.  This is covered in the "Performing Administrative Tasks" chapter of the Prime Infrastructure Configuration Guide, starting with the topic "Configuring ACS 5.x"
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1595935
  "Configuring ACS 4.x"
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1625896
  https://supportforums.cisco.com/docs/DOC-17909
  In case it doesn't work, please get the logs from the ACS reports and monirtoring for tacacs authentication and error message while accessing cisco prime.
  Jatin Katyal
  - Do rate helpful posts -

• Cisco Prime Infrastructure 1.2 OVA - URL/FTP not working

  The ESXi install of the theNCS  OVA was successful. NCS seems to load and activate interfaces. The console session is working. Using compliant browsers; https://<ip address> does not work. When I stop "ncs" or halt the vm the web page responds shortly but then the connection is lost.  I used "show ports" and tried https://<ip address>/8082 and get a login from the Cisco Prime Infrastructure Health Monitor URL. There is a prompt for the authorization key. How can I confirm the installation is complte and all services are up and running
  Thanks
  Terry

  After digging almost 1 month, I found the answer.
  When you do provision from ESXi with ova file, you have to create "Thick Provision" otherwise, you wiil have same problem such as "some services are not up"
  In my case, I am running ESXi on the top of VM WorkStation since I don't have any ESXi server. When I added 250GB into the WorkStation and did provision with "Thick" it works !!! 
  Since my testing envrionment is little complicated (ESXi with VM WorkStation), I added first 250GB HDD into ESXi, and tried. It didn't work. So I added 250GB into VM WorkStation and did provision through Workstation, it worked (If you don't understand this statements, do not worry. If you have ESXi server, you don't need to worry about)
  As far as cisco ova is concerned, when I talked to one of my my friend who was working for new ACS (Virtual Appliance) he had same issue. He also solved with "Thick Provision"
  FYI, even if when I installed with "Thin Provision", PI 1.2 used only 10GB out of 200GB, so I did not think that I should use "Think Provision". But definitely not.

• Cisco Prime Infrastructure 1.3 - reports

  Hi all,
  I am curious if anybody can help me with Cisco Prime reports. What I want to do is to create report of all my devices which will have information such as hostname, IP adress, . . . , an serial number. I found this task almost inpossible... When I look at the device work center tab and click on one of my devices I can see alll of the information I want (so good so far all infromation are available..but..)When I want to create such a report from all of devices in report section I pick up Detail Device Inventory and customize report which I want. Problem appears after report is done. The main ifnormation such as hostname, location an IP adress are in the first part of report and in the second part there are chassis information with serial number and other fields. But these two parts of report dont have any common field so it is impossible for me to match serial number to hostname..So if I dont want to click on every device in device work center and write down all of information I dont know how to do such a simple task...
  I hope someone is able to follow my thoughts
  Thanks for any answer
  Martin

  Robert-
  If you create a separate service rule, you can have it fork TACACS authentication requests from that specific IP to a different Service identity and authorization process, where you can tell it to select a specific shell profile.  Then all you have to do is create a separate shell profile for managing Prime and have that one selected.  We do this with our UCS dvices, regular router/switch CLI logins, etc.
  So for example:
  UCS: TACACS request --> if match service selection rule "from UCS devices", go to UCS admin access policy -->  if match ucs admin identiy reqirements, give UCS admin shell profile
  PI: TACACS request --> if match service selection rule "from PI devices", go to PI admin access policy -->  if match PI admin  identiy reqirements (which are same as UCS), give PI admin shell profile
  Default: TACACS request --> if match tacacs protocol from our IP range, go to default device admin policy --> if match defaul identy requirements, give default admin shell profile

• Integration of CISCO PRIME 1.3 with ACS 5.2

  Hi
  we are trying to integrate the CISCO PRIME 1.3 with ACS5.2 .We have configured the attribute for admin users in ACS shell profile.
  virtual-domain0=ROOT-DOMAIN
  total task is 159
  After then configured a rule in default device admin.
  Default Device Admin> Authorization>
  Shell profile is choosen
  Command set is full acess.
  but not able to get the access of PI .

  Please check the below link which may be helpful for you:
  Link-1
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/ctrlcfg.html

• Issues with Cisco Prime LMS 4.2.3

  Hi,
  I'm trailing Cisco Prime LMS 4.2.3 Soft appliance on ESXi before I deploy it into a live environment and am having some issues.
  I've upgraded to version 4.2.3 and the box was working fine after the upgrade however on power it up today the Apache service will not start.
  If I look at the LMS application I see this for the Apache service.
  "Apache                Administrator has shut down this server   0 "
  I have tried to starting it.
  CiscoLMS42/admin# application start Apache
  % Application failed to start
  CiscoLMS42/admin#
  If I run an application operation debug at the same time I get the following output.
  CiscoLMS42/admin# 6 [5343]: application:operation cars_install.c[1145] [admin]: Application initialization initiated for appname: Apache, operation: 0
  7 [5343]: application:operation cars_install.c[1146] [admin]: Operations: O-APP_START, 1-APP_STOP, 2-APP_STATUS
  6 [5343]: application:operation cars_install.c[1150] [admin]: Verifying app (Apache) is installed ...
  3 [5343]: application:operation cars_install.c[1152] [admin]: App (Apache) is not installed.
  3 [5343]: application:operation install_cli.c[281] [admin]: Error while starting application  - Application: Apache ErrorCode: -999
  I'm at a complete lose as to where to look next, failing anything else I'll have to rebuild it, but it would be nice to know how to get the Apache up and running again.
  regards
  Rich

  Hi Richard,
  I see the following:
  [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor After gettingAJPPort : ajpPort = 9009 and host =CiscoLMS42
  [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor theMgr constructor successful.
  [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor Inside whileloop
  [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor Tomcat is not ready, it's coming up Connection refused
  It looks like the hostname cannot be resolved. Can you try to add a static entry in /etc/hosts for the IP of the server and CiscoLMS42?
  Restart the daemon manager and it should work.
  Regards,
  Vlad
  ==========
  NMS Team
  Krakow, Poland
  Cisco TAC

• Cisco Prime Infrastructure 1.2 is not working https & ncs

  Hi, I have just deploy Cisco Prime Infrastructure 1.2 in a virtual appliance (Vmware Esxi 5.1). Console is ok & setup is also completed. but there is no NCS application. only app is shwoing: NCSPNP
  Cannot access from https also.
  Please suggest how to Starting Prime Infrastructure Serve

  From what you describe, it sounds like you have installed the Plug and Play (PNP) ova image. You need to install the Prime Infrastructure image.
  See the screenshot below for details (click to enlarge):

• How to customize email notifications sent by Cisco Prime.

  Hi,
  We have been receiving email alerts for any unresponsive devices in Cisco Prime. I was able to find the option to customize the subject for such email alert under Admin-Network-Notification and Action settings, however I am not able to locate the option to change the email body.
  The email body for such alerts has lot of unrequired information which I would like to remove.
  Can someone provide me the options on how to get rid of such information in the email body.
  Regards

  Hi ,
  To customize the e-mail subject:
  Step 1 Select Admin > Network >  Notification and Action Settings > Fault - Email subject  customization.
  The available and selected lists of the subject attributes for e-mail  are displayed.
  To customize the e-mail subject, you can add and remove subjects from  the current e-mail subjects list. By default, following list of e-mail  subject attributes are displayed in the Selected Subjects for E-Mail  box.
  •Event ID
  •Device Name
  •Time
  •Severity
  •Event Name
  •Status
  To add a subject:
  a. Select the subject attribute  from Available Subjects for E-Mail.
  b. Click Add.
  The selected subject attribute is added to the Selected Subjects for  E-Mail list.
  You can add a subject attribute only from the Available Subjects list to  the Selected Subjects list. You cannot add a subject attribute from the  Selected subject list to the Available Subject list.
  To remove a subject attribute:
  a. Select the subject attribute  from Selected Subjects for E-Mail.
  b. Click Remove.
  The selected subject attribute is removed from the Selected list and  added to the Available subjects for E-Mail list.
  You can remove a subject attribute only from the Selected Subjects list  and not from the Available Subjects list.
  Step 2 Click Up or Down to rearrange the  order of the selected e-mail subject attributes.
  Step 3 Click Apply to save the customized e-mail  subject attributes.
  Note: Other than this you will not be able to customize any thing, User-defined fied option will not work.
  I hope this will help
  Thanks
  Afroz

• Ask the Expert: Overview of Cisco Prime Service Catalog and Process Orchestrator Solutions

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Cisco Prime Service Catalog and Process Orchestrator solutions.
  Cisco expert Jason Davis will discuss Cisco’s network management products offered under the Cisco Prime framework. If you have questions about Cisco Prime infrastructure or data center automation with our Cisco Prime Service Catalog and Process Orchestrator solutions, join us on the Cisco Support Community.
  Jason Davis is a distinguished services engineer in the Intelligent Infrastructure Practice team of Cisco Advanced Services. His role is to provide strategic and tactical consulting for hundreds of Advanced Services customers, lead service innovation, and assess new services and technologies. Jason's primary expertise areas are in network management systems, intelligent automation, virtualization, data center operations, software-defined networking, and network programmability.
  Based out of the Research Triangle Park (RTP) campus, Jason is also responsible for administering the Research Triangle Park Network Management Lab, Cisco's largest network management lab.
  Since joining Cisco in 1998, Jason has been a frequent speaker at Cisco's Networkers and CiscoLive conferences in the United States and Europe. In the past five years he has also been involved in the conference network setup and monitoring. He is a much sought-after resource by the field sales teams to assist with presales solutions and executive briefings. He has provided strategic and tactical network management consulting for several hundred customers.
  Jason is a subject matter expert with the following products and features:
  Cisco Prime LAN management solution
  Cisco Prime infrastructure
  CiscoSecure ACS
  Cisco Prime Network Registrar
  Cisco Process Orchestrator
  Cisco Prime Service Catalog
  Cisco IP SLA
  Embedded Event Manager
  SNMPv3
  onePK and OpenFlow
  Cisco UCS
  Device instrumentation
  VMware ESX, ESXi, and vCenter
  ITIL
  Jason received his bachelor of science degree in electrical engineering from the University of Miami (FL). He has been married for 20 years and has 4 children. His interests include providing audiovisual technical support for churches and conference venues, camping and biking with his family, remote-control helicopter piloting, paintball, and recreational shooting.
  Remember to use the rating system to let Jason know if you have received an adequate response.
  Because of the volume expected during this event, Jason might not be able to answer every question. Remember that you can continue the conversation in Data Center > Intelligent Automation under the subcommunity Cisco Prime Service Catalog shortly after the event. This event lasts through September 12, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Jason,
  Thank you very much for welcoming me to your expert discussion :) I feel to be in the right place, at the right time. Thank you also for answering question beyond your scope here, much appreciated. The information received will help me to go further as such I have submitted a 5 start rating for your first reply.
  That sounds promising about the LMS part so yes, I stay tuned and wait patiently.
  Ok, now let’s revert to the actual topic discussed here. Cisco Prime Service Catalog and Process Orchestrator solutions I have briefly read up on this on CCO (where elseJ) and picked out the following quote
  ---- Quote from the Cisco Prime Service Catalog Data Sheet
   Today’s end users want self-service and easy access to IT tools and services.
  Simultaneously, organizations are seeking ways to extend their cloud management
  platforms beyond self-service delivery of virtual machines and infrastructure resources
  while increasing their use of cloud-based solutions to enhance business agility and effectiveness.
  Cisco Prime™ Service Catalog offers tremendous benefits to organizations that want to unify the ways in
  which all types of IT services are ordered and fulfilled, not just infrastructure requests
  ---- un quote ---
  I try to understand what (at high level of course) happens in the back ground when an order is raised and which vendor solution your product can interact with.
  As mentioned in the quoted text, this service catalogue goes beyond the standard infrastructure.
  Let’s say, a user wants to deploy a new email services, or in your example,  extends or create a new web-portal (i.e. for HR to view and manage holiday, staff absence and benefits).
  Your solution will need to interact somehow with the 3rd party vendor application that is capable building such portal I believe.
  Without disclosing to many information, I assume the portal is linked to backend VM,s that spin up requested resources (and more magic of course). Perhaps I am mixing this up with another cisco product where a user can go on the portal and spin up virtual Firewalls, virtual Routers can be provisioned in now time.
  Out if interest; Is this product also known as Mozart? (project code within Cisco?)
  I hope query is ok.
  Best wishes
  Markus

• Ask The Expert: Understanding, Implementing, and Troubleshooting Cisco Prime Network

  Ask questions and learn about Cisco Prime Network with Cisco experts Vignesh Rajendran Praveen and Jaminder Singh Bali.
  Cisco Prime Network is and  Cisco Prime Network provides cost-effective device operation, administration and network fault management for today’s complex and evolved programmable networks (EPNs). It is a single solution to support both the traditional physical network components, as well as compute infrastructure, and the virtual elements found in data centers. Automated configuration and change management combined with advanced troubleshooting and diagnostics greatly help service providers enable proactive service assurance. Additionally, the flexible and extensible architecture is designed to support the multivendor environment, helping to lower operational costs.
  This event runs January 5 through January 16, 2015.
  Vignesh Rajendran Praveen is a High Touch Engineer with the Focused Technical Services team supporting Cisco's major Service Provider customers in Routing, Switching, Multiprotocol Label Switching (MPLS) technologies and Cisco Prime Network related issues. Previously at Cisco he has worked as a Network Consulting Engineer for Enterprise Customers and as a Customer Support Engineer for Service Provider customers. He has been in the networking industry for ten years and holds CCIE certification (#34503) in the Routing and Switching as well as Service Provider tracks.
  Jaminder Singh Bali is a Customer Support Engineer working in SP-NMS TAC team, supporting Cisco's major service provider customers in Cisco Prime Network, Performance and Prime Central related issues. His areas of expertise include Oracle, Linux and NMS applications. He has been in the industry for past six years.
  Remember to use the rating system to let the experts know if you have received an adequate response. 
  The Experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community, sub-community, LAN, Switching and Routing discussion forum shortly after the event. This event lasts through January 16, 2015. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Jerome,
  A variety of Cisco devices are supported by the the Cisco Prime Network. I would encourage you to go through the below links on the user guide depending the version of Cisco Prime Network being used.
  "Cisco Prime Network Supported Cisco Virtual Network Elements (VNEs)"
  "Cisco Prime Network Supported Cisco VNEs - Addendum"
  Below is the link for the user guide.
  http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-network/products-user-guide-list.html
  Hope this would help in providing you more clarity.
  ***********Plz do rate this post if you found it helpful*************************
  Thanks & Regards,
  Vignesh R P

• What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP's?

  What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP’s?

  • PI provides visibility for autonomous  clients within the same list view as lightweight and wired clients (client list  page).
  • Rogue AP detection for autonomous AP's is not supported (it's  supported in CUWN). 
  • Alarms/events for client authentication issues (e.g.  authentication failure) are displayed in PI.
  • Config management for  autonomous AP's is via CLI template.  Config comparison and archiving  functionality in PI leverages these same features that were brought in from LMS,  so need to defer to others in terms of whether this is a cross-platform feature  in PI or is only supported on a subset of platforms.  Config comparison/archive  is supported in CUWN.PI supports both infrastructure (e.g. AP Tx Power and  Channel, busiest AP, AP utilization, etc.) and client (e.g. client count, client  sessions, etc.) reports, and there are extensive reports for CUWN

• Error coming while installing Cisco Prime 4.2 on Windows Server 2008 R2

  Hi,
  I'm trying to install Cisco Prime 4.2 on Windows Server 2008 R2. While initiating the installation, message box "Error: csv not found" appears, and the installation terminates.
  Is there any csv template need to be copied at any location before hand?

  Are you installaing LMS 4.2.4  directly ?
  Looking at the error ,it looks like ...
  If yes then  you need to follow the below path:
  The installation path of LMS 4.2.4 : LMS 4.2 > LMS 4.2.2 > LMS 4.2.4
  Thanks-
  Afroz
  [Do rate the useful post]

• Cisco Prime 1.2 - cannot delete "Unassigned" Campus

  Hi,
  has anybody an idea how to delete Unassigned Campus?
  I went through I think all documentation and they are speaking that only "System Campus" cannot be deleted, but not a single word about "Unassigned" campus.
  All the campuses below behaves like a child of Unassigned campus. I know it's just cosmetic issue, but still I would like to get rid of it.
  I attached a screenshot.
  Thanks!
  K.

  Yes you can add building and floor diagrams in Cisco Prime Infrastructure 1.2. For the same you can see the below link
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/maps.html
  Open this link and goto Adding Floor Areas to a Campus Building

• Issue with backup NCS via NFS (Cisco Prime NCS 1.2.0)

  Hello,
  Does someone have issue with backup NCS via externally mounted location (NFS)?
  I have Cisco Prime NCS 1.2.0 and tried backup it to external resources, but I have issue with my free space:
  NCS/admin# backup ncs repository backup_nfs
  % Creating backup with timestamped filename: ncs-130131-0534.tar.gpg
  INFO : Cannot configure the backup directory size settings as the free space available is less than the current database size.
  You do not have enough disk space available in your repository to complete this backup.
  DB size is 25 GB
  Available size is 12 GB
  Please refer to the command reference guide for NCS and look at the /backup-staging-url/ command reference to setup the backup repository on an externally mounted location
    Stage 5 of 7: Building backup file ...
    -- complete.
    Stage 6 of 7: Encrypting backup file ...
    -- complete.
    Stage 7 of 7: Transferring backup file ...
    -- complete.
  I have tried to add additional space and use command backup-staging-url (my configuration: backup-staging-url nfs://server2008:/nfs), but it didn't help me.
  NFS share works perfect. I have checked it via NFS repository:
  repository backup_nfs
    url nfs://server2008:/nfs
  +++++++++++++++++++++++++++++++++++++++
  NCS/admin# show repository backup_nfs
  NCS-130130-1135.tar.gpg
  NCS-130130-1137.tar.gpg
  NCS-130130-1157.tar.gpg
  NCS-130130-1158.tar.gpg
  test-130130-1210.tar.gz
  Everytime when I try create backup I receive error message "You do not have enough disk space available in your repository to complete this backup".
  Does someone know how can I backup NCS system?
  Thank you

  How much space is availabe on that NFS mount point? It looks like to me from the error message that there is only 12 GB.... 
  The backup-staging-url is just for a space used to stage the backup before it is written-----