Cisco Prime Infrastructure 1.3 Notifications
I am not receiving alerts when a router interface drops. I am receiving the alert for CAPWAP and switches, but none of my routers are showing any alerts when there are issues. I have reviewed the config documents but I don't know what I am missing.......
Robert-
If you create a separate service rule, you can have it fork TACACS authentication requests from that specific IP to a different Service identity and authorization process, where you can tell it to select a specific shell profile. Then all you have to do is create a separate shell profile for managing Prime and have that one selected. We do this with our UCS dvices, regular router/switch CLI logins, etc.
So for example:
UCS: TACACS request --> if match service selection rule "from UCS devices", go to UCS admin access policy --> if match ucs admin identiy reqirements, give UCS admin shell profile
PI: TACACS request --> if match service selection rule "from PI devices", go to PI admin access policy --> if match PI admin identiy reqirements (which are same as UCS), give PI admin shell profile
Default: TACACS request --> if match tacacs protocol from our IP range, go to default device admin policy --> if match defaul identy requirements, give default admin shell profile
Similar Messages
-
We're upgrading from LMS 3.2 to Cisco Prime Infrastructure ...
In LMS 3.2 we're using netconfig all the time to configure various jobs related to port security
In installing Cisco Prime Infrastructure and working through it's use of templates, I'm having some difficulty finding out how to send out a notification once a configuration job has completed. It's so simple in LMS 3.2 since it's part of the job creation screens.
Any assistance would be greatly appreciated.HI, Raymond
Just wondering if this problem is resolved?
Thanks! -
Cisco Prime Infrastructure 2.0 - no traps/info are pushed from devices
Good evening,
I have setup Cisco Prime Infrastructure 2.0 and, though I have added manually my 4 network cores as devices without any problem, I can't get a single trap or a single SNMP information to be pushed into my Cisco Prime Infra.
Here is my SNMP config on my core :
snmp-server user *edited* *edited* v3
snmp-server group *edited* v3 noauth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server community *edited* RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps rf
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps flex-links status
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps aaa_server
snmp-server enable traps flash insertion removal
snmp-server enable traps l2tc threshold sys-threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vswitch dual-active vsl
snmp-server enable traps udld link-fail-rpt status-change
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps ipsla
snmp-server enable traps vstack
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps errdisable
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host *ip-address-edited* version 3 noauth *edited*
Basically all traps are enabled but absolutely nothing is showing up in my Prime Infra except that my 4 devices are "Reachable".
Here is a show snmp on the same device :
sh snmp
Chassis: *S/N Edited*
38554534 SNMP packets input
0 Bad SNMP version errors
14 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
38453185 Number of requested variables
0 Number of altered variables
17790703 Get-request PDUs
20583581 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
38490708 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
38371069 Response PDUs
13 Trap PDUs
SNMP global trap: enabled
SNMP agent enabled
SNMP logging: enabled
Logging to *edited*, 0/10, 13 sent, 0 dropped.
Can anyone point out what is wrong or missing in my configuration? I can't seem to single it out myself.
Thanks
JeremyHi Jeremy,
SNMP traps are shown in the events and alerts section of PI.
SNMP config looks fine. Can you run the SNMP debug (debug snmp packets ) .check the logs and see if the device is actually sending the TRAPS to the PI server.
Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors **** -
Including Interface Description in Cisco PRime Infrastructure Alarm Message
Hi all,
i succesfully configured a Cisco Prime Infrastructure 2.1 applliance to display an alarm and to send me an e-mail when switch uplink ports goes down.
The text displayed in alarm message is :
port 'interface_id' is down on device 'device_ip_address'
I'd like to include in this text also the interface description so the text will display :
port 'interface_id' 'interface_descriprion' is down on device 'device_ip_address'
Is this possible?
Thankyou in advanceHi,
i followed these steps :
SWITCH SIDE
- configured Prime Infrastructure as snmp-server host;
- enabled snmp-traps for linkup and linkdown events globally;
- disabled snmp-traps for linkup and linkdown on non relevant interfaces using the no snmp trap link-status command
PRIME INFRASTRUCTURE SIDE
- under "Deploy/Monitor Deployment" i deployed template "Interface Health" for all the interested switches
- under "Administration/System Settings/Mail Server Configuration" configured my internal SMTP server to make Prime Infrastructure able to send e-mails
- under "Operate/Alarms & Events" click on "Email Notifications" , then on "Switches and Hubs"
- check the "critical" box , insert the destination e-mail address into the "To" field then click "Save"
- check the "switches and Hubs" box and then click Save
As i know is possible to avoid to configure every single not-interesting port on the switches with "no snmp trap link-status" command (it's a bit annoying when you have tens of switches), using Port Grouping configuration on PI but i tried it without success.
Hope this helps.
Best Regards, -
Consultations on Cisco Prime Infrastructure 2.2
I recently installed Cisco Prime Infrastructure 2.2 and I have 2 questions regarding configuration:
1. What configurations should run for vulnerability when some event occurs on a switch an alarm is lifted in the Cisco Prime Infrastructure 2.2?
2. Is there any way to put a device into maintenance mode in the web interface of Cisco Prime Infrastructure 2.2, so that can not be spoiled reports regarding equipment availability during the execution of maintenance?1. If you configure PI as an SNMP and syslog server for your devices and have enabled logging traps etc., PI's alarm browser will show the alarms. If you want them to be sent to you via email, you can do that under the Admin menu for setting up your Mail server and clicking the link to "Configure email notification for individual alarm categories." (see below - open in new tab to zoom). It's not completely customizable but what you see there is the current product capabilities in that regard.
2. No, this is not currently an available feature in PI 2.2. -
Change Interface availability threshold from Cisco Prime Infrastructure 2.0
Dear Community,
I’m working in Cisco Prime Infrastructure 2.0 and I’m having the following problem:
I want to monitor the interfaces availability from all the devices of my network. But only makes sense send an email notification for the most critical interfaces. I don´t want to receive an email notification every time anyone unplugs the network wire.
How can I achieve this?
I already tried to change the interface availability threshold from the Interface Health Threshold Template, but this one isn´t available to configure.
The idea was to change the severity of the alarm so I could distinguish what type of alarm would send email notification.
I also created a Custom SNMP Template that gets the ifOperStatus using the MIB IF-MIB. This also didn’t work because Prime Infrastructure doesn’t allow me to define thresholds to a Custom SNMP Template.
Without threshold, no alarm, without no alarm, no email notification!
Can you help?
Regards,
Daniel CJOnly on the HA pair which would be the secondary.
High Availability (HA) RTU: If Cisco Prime Infrastructure is deployed in a high availability configuration with one primary and one secondary instance in an HA pair, then an HA RTU is required. You only need to purchase a single set of the regular licenses (for example, Base, Lifecycle, and so on) for the primary instance.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Cisco Prime Infrastructure 1.2 is not working https & ncs
Hi, I have just deploy Cisco Prime Infrastructure 1.2 in a virtual appliance (Vmware Esxi 5.1). Console is ok & setup is also completed. but there is no NCS application. only app is shwoing: NCSPNP
Cannot access from https also.
Please suggest how to Starting Prime Infrastructure ServeFrom what you describe, it sounds like you have installed the Plug and Play (PNP) ova image. You need to install the Prime Infrastructure image.
See the screenshot below for details (click to enlarge): -
What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP's?
What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP’s?
• PI provides visibility for autonomous clients within the same list view as lightweight and wired clients (client list page).
• Rogue AP detection for autonomous AP's is not supported (it's supported in CUWN).
• Alarms/events for client authentication issues (e.g. authentication failure) are displayed in PI.
• Config management for autonomous AP's is via CLI template. Config comparison and archiving functionality in PI leverages these same features that were brought in from LMS, so need to defer to others in terms of whether this is a cross-platform feature in PI or is only supported on a subset of platforms. Config comparison/archive is supported in CUWN.PI supports both infrastructure (e.g. AP Tx Power and Channel, busiest AP, AP utilization, etc.) and client (e.g. client count, client sessions, etc.) reports, and there are extensive reports for CUWN -
User Name and Password for Cisco Prime Infrastructure 2.1
Hi all:
I am stuck at the login page of Cisco Prime Infrastructure 2.1.
I have tried using the user name root and its password (when log in with root at Vsphere Client) and also the login user name "before" get into the appliance infrastructure, all cannot work.
Anybody knows what is the default username or password or any way to set the username and password for this Cisco Prime Infrastructure 2.1 website?
Thanks!
tangsuanHi Tangsuan,
Following is the documented procedure for password recovery..
In order to modify the GUI root user password, you will need to login to the NCS CLI
as an admin user, and enter the command
"ncs password root password <new password>" (without the quotes)
This should set the web interface root user password :
http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/manag.html#wp1268889
If you have lost your CLI password , try the default logging that is ,
CLI user is admin and not root, so please try logging in as admin with
the password that was set during setup. If that does not work , you need
the install disk that came with the appliance to recover that password.
Follow these steps:
Recovering a Lost Admin Password
If you lose or forget the admin password for NCS appliance, follow these steps.
Step 1 Reboot the NCS appliance with the ISO DVD inserted. The Cisco Prime Network Control
System Welcome screen appears:
ISOLINUX 3.11 2005-09-02 Copyright (C) 1994-2005 H. Peter Anvin
Welcome to Cisco Prime Network Control System
To boot from hard disk, press <Enter>.
Available boot options:
[1] Network Control System Installation (Keyboard/Monitor)
[2] Network Control System Installation (Serial Console)
[3] Recover administrator password. (Keyboard/Monitor)
[4] Recover administrator password. (Serial Console)
<Enter> Boot existing OS from Hard Disk.
Enter boot option and press <return>.
boot:
Step 2 Select the desired recovery option, 3 or 4, depending on how you
are connected to the appliance and then follow the prompts.
Thanks-
Afroz
***Ratings Encourages Contributors **** -
When is Cisco Prime Infrastructure 2.0 released, and what does 2.0 offer?
We are running Prime Infrastructure 1.3 primarily for wireless management at this point. We have enough licenses to add all our switches, routers, and firewalls, but we're hesitant to do so until 2.0 comes out. While there are some features for backing up and configuring switches and routers, 1.3 still seems pretty limited in regards to non-wireless features. For example, nearly every report in 1.3 is for wireless controllers or AP's, there are no reports I've found relevent for switches and routers. I've read a lot of blogs, cisco posts, and white papers talking about how Cisco Prime Infrastrucure 2.0 will finally consolidate Prime into a truly all-in-one network management suite that can manage the entire Cisco environment. Does anyone know when it's officially being released? Does anyone have an tech sheets on what's new in 2.0, or what its capabilities are? I want to better understand what 2.0 has to offer, when it's coming out, how to upgrade, so I can start planning for the upgrade and eventually importing all our network devices to Cisco Prime for centralized management. Any useful information or links would be appreciated.
Thanks,
ChristianPI 2.0 is in Beta mode for testing in closed group already. However it may still take some time to get released on CCO for FCS.
I think it is expected to be released between aug-sep. BU has also started working on CPI 2.1, which you can see test uploads on CCO.
For what does it have for customers?
> As Cisco have a vision of one network Management software for both wired and wireless infrastructure, which started getting real partially with Cisco PI.
As WCS got evolved to NCS and eventually to Cisco Prime Infrastructure, but it doesnt yet have full Management capability for wired infra., which is there with LMS.
With CPI 2.x Cisco plans to blend entire LMS and WCS features together.
-Thanks -
Can't import images in cisco prime infrastructure 1.2
- Any job , trying to import images, in my cisco prime infrastructure fails with :
Jan 14 13:14:53 cisco-prime 01/14/13 13:15:18.040 ERROR [service] [pool-4-thread-19] IFM_SWIM_EXCEPTION: [com.cisco.ifm.swim.service.exception.IfmSwimParserException: Cannot populate software image info object from the image.]
How I can I solve this one ?
Tx,
M.I seem to have the same problem, strangely enough importing a universal image for 2960s worked fine, but I get thos error when trying to import a 3750x image
-
Cisco prime infrastructure not detect IP address of clients
hi all,
I have Cisco Prime infrastructure 1.2 and when move to monitor >> clients tab it lists me all the clients in my network but their IP address list estates "not detected" ?
please any advice?
I appreciate your kindly support.Just an update that while this appears to have worked fairly well (as far as Cisco Management Planes go), there was one small 'gotcha' I've noticed so far:
After the services came back up, the entries for our RADIUS servers did not function. No, not because I didn't update the clients address record on the RADIUS server itself, but because the RADIUS server record(s) within CPI have a field called 'Local Interface IP' that still reflects the previous IP assigned to CPI. A quick edit/save with the new interface fixes up the issue however.
Cheers! -
Cisco Prime Infrastructure 2.0 and Cisco ASA
Hello,
We've recently installed trial version of Cisco Prime Infrastructure 2.0 Express. We hoped that it already supports Cisco ASA 55xx series (especially 5505, we have pretty amount of them). But we had some problems with PI and asa durind the exploitation process.
First, I've added ASA to PI, and Inventory Collection Status is Completed, but I can't see CPU and RAM utilization graphs. Inventory.logs are non-informative.
Also, config backup is success, but when I try to watch the backuped configuration at Configuration Archive PI says "Failed to fetch raw configuration". And so on.
ASA version is 5505, image is 9.1(2).
So, I have a question: is it possible to manage ASAs with PI 2.0?
UPD: I've just tried to upgrade asa to 9.1(4), and behavior of the equipment is quite the same. Seems we shall wait for 9.2 to be released.Have you downloaded and applied the latest Device Pack updates?
PI enhanced ASA support after the initial 2.0 release and the Device Packs incorporate that change.
The README file for Device Packs explains how to install them. (A bug currently does not allow the direct download in PI so you need to follow the method for installation from local storage after you manually download. Here is a link to the download location. -
Cisco Prime Infrastructure 1.2 on Windows Server/Hyper-V
Hi Everyone,
In Entriprise environment while designing a BYOD solution we need to integrate ISE3315 with CPI 1.2. I know that Cisco ISE software either runs on 3315 platform or other option is virtual appliance (which is VMware based). Now problem is that we have Hyper-V environment as standard so I need to go with ISE-3315. Here my concern is to I install CPI 1.2 on Hyper-V, or on a Windows Server (2008 or 2012) based machine. Is that doable?
Any help, suggessions would be warmly welcomed.
Thanks,
Azhar...Cisco Prime LMS will slowly be phased out in favor of Cisco Prime Infrastructure and hence there are no new mainline releases are planned to provide support to new Hardware or virtualization support.
However, Prime LMS do support Hyper V Virtualization (As an installable in Windows 2008). Please note that Virtualization technologies like, VMWare and Hyper V virtualization systems are not supported in LMS 5000, and LMS 10000 Devices license, in Windows. VMWare Systems are supported in LMS 5000, and LMS 10000 Devices license in Soft Appliance. Virtualization technologies like, VMWare and Hyper V virtualization systems are not supported in LMS 5000, and LMS 10000 Devices license, in Windows. VMWare Systems are supported in LMS 5000, and LMS 10000 Devices license in Soft Appliance.
For more details on HW and SW requirements for Cisco Prime LMS, please check document here.
-Thanks
Vinod -
Ciscoworks LMS 3.0 to Cisco Prime Infrastructure LMS 4.2
In order to complete the upgrade the LMS 3.x runs over a physical server that ends with the upgrade(server its gona be retired), the think is that the Cisco Prime comes with an UCS and its gona run over a VM. The question here is the "Cisco Prime Infrastructure 1.1 - Maj Upg from LMS 2.x/3.x" media could be runs as clean install, I mean with no LMS 3.x intalled before? an the "Prime Infrastructure LMS 4.2 - 1.5K Device Maj Upg Lic" could be registered with no license installed of LMS 3.x?
There are a couple of things to distinguish:
1. The product SKU you need to order to migrate from LMS 3 to LMS 4.2.
2. The license file that is installed on that new LMS server.
#1 is based on Cisco agreeing, usually through the partner or reseller you are working with, that you are entitled to order the upgrade SKU (vs. buy a complete new product). The upgrade SKUs are all listed in the ordering guide here.
L-PI12-1.5K-UP (note - NOT the 1.1 product description you noted in the original post) would be the SKU for a major upgrade from LMS 2.x/3.x to the current Prime Infrastructure 1.2 release at the 1500 device license level. That upgrade includes licenses for both PI 1.2 and Prime LMS 4.2. You may choose which to install - most LMS customers stick with LMS for now as PI 1.2 does not yet have full feature parity. Your managed devices should not exceed 1500 combined (in this case) but that combined number is not enforced technically by the product's license daemon.
Once you have purchased the product and have the media you can install it on any host that meets the installation prerequisites as far as OS, memory, disk etc. A clean installation of LMS does not check for or require a previous installation as far as technical checks.
#2 - Once you have installed the new LMS server (and optionally a step near the end of installation, you need to add in the license file (*.lic file). That is obtained through the Cisco licensing portal (or via the TAC if you prefer) using the Product Activation Key (PAK) received with your product.
Maybe you are looking for
-
I am currently trying to set this up on Windows 7. I have tried both x86 and x64. I am haveing no luck however finding the driver for the touchpad. The keyboard works great but I am currently having to use a USB mouse. I have tried a bunch of Syna
-
Apple-ID disabled daily - clueless people cause it, but can Apple fix it?
I have a particular problem with an Apple-ID belonging to a family member. Her Apple-ID is disabled almost daily, forcing her to unlock it using two-step verification (a trusted device and her Recovery Key). Sometimes - unclear why - unlocking isn't
-
N80 FREEZING/CRASHING/SLOOOOOOOW
If anyone can help me that would be wicked! Had my N80 for about 12 months now, worked fine when i got it. Now all of a sudden it constantly freezes when i try and go into anything like messages,gallery etc.Its very very slow and crashes and freezes
-
How do I adjust BITC rates in Final cut Pro
I have a client who i am doing sound design for on his short film. I received an m4v in 23.98 with the dialog track embedded. I performed my dialog edit and exported a BWF from Digital performer which all synced perfectly here. He in turn dropped the
-
I have an iphone 4 n it is getting switched off automatically n switches on automatically , also it increases d volume by itself. Its a 1year old phone n the version is 4.3.2(8H7). Also the volume sign does not go off from the screen. Can anyone help