Cisco Prime ..unable to add switches
Hi
When i try to add a switch i get the following....
Add Device Failed! Device already exists in the current domain
My SSH parameters should be ok they worj=k
AND
its not in the unknown devices group...ant ideas ?
Steve
Hi again Faisal,
The switch is a 4510R-R with 2 x SUP6-E's running code 12.2.53SG so the code is very recent. As the SUP6-E's are based on 4900 code I think that may be clue as to why things are not working however the SUP6-E should have full NAC support according to all documentation.
I would just like to add that our 5508 WLC's cannot be added to the CAM either and they are running version 6.0 WLC code. Again very recent code.
I can add 3750 switches fine so I know the configs are correct.
Doing this testing is most frustrating indeed as the NAC products just do not work as they should. I have asked for this to escalated to our SE so we should get a TAC case raised.
Faisal if you could be of any additional assistance this would be most appreciated.
Thanks,
Oliver
Similar Messages
-
Cisco Prime Infastructure connectivity to Switches
I am running into an issue with Cisco Prime Infrastructure 2.1 and a couple of our switches. When I initially added these Cisco 2960's to Prime the had connectivity and they discovered everything correctly. After a couple of days I can no longer ping my two switches from Prime and Prime from my two switches, I get an unreachable error. There is no ACL that would be preventing connectivity. Any suggestion on what this may be?
This was caused by interface vlan 1 not being shut down on the switch. Cisco Prime sits on vlan 1 and when it hit the switch it was trying to route back out on vlan 1 which has no ip address assigned.
-
Cisco Prime infrastructure Change severity Switches and hubs - link down alarm
Hi, I want to change the severity of the link down alarm in the Cisco Prime Infrastructure 1.3, but in the menu Administration -> System Settings -> Severity Configuration i can not find the alarm. Some body knows where is it? o where i can change the severity of that alarm?
Thanks in advanced.Hi Rollin and Daniel,
the first test i did changing the severity was with a new installation, with no devices added and it worked, when i did it in a Prime infrastructure with devices added it didn´t work, well, for this Prime with devices i upgraded it with the patch for 1.3 version and now it works too, the alarms is ok as the alarm severity, this is the link for the patch:
http://software.cisco.com/download/release.html?mdfid=284652876&flowid=38562&softwareid=284272933&release=1.3.0&relind=AVAILABLE&rellifecycle=&reltype=all
i hope this helps,
Regards,
Milton Tizoc. -
Cisco Prime unable to connect to TAC Service Requests
Always had the problem, but now decided to mess around with it.
When I try to get Cisco Prime 4.1 to connect to TAC Service Request I get the following error....
"There was an error while fetching the list of TAC Service Requests: String index out of range: -1"
I am able to download IOSs and other software with Prime, just not able to connect to TAC.
ThanksHi Marco,
actually it took me quite a long time to understand what the problem was. I found that on my CISCO AP i had to put "payload-encapsulation dot1h" on the radio interface to get the WIP310 communicate with the AP.
By the way It seems to me that the phone is a little buggy from the wireless point of view. Sometimes i have to try several times before getting the phone connected to the AP. Once the phone gets connected it's pretty stable, but getting it connected it's a nightmare :-)
Try with the above ption if you have a Cisco AP. Also try different channels on the AP...it might help
Hope this will help you
regards
Nicola -
Unable to add switches to CAM via SNMP
Hello all,
I am now starting some POC work and was progressing well until I came to adding some 4510 switches to the CAM to control OOB devices.
I have full IP connectivity between the switch management VLAN interface (the switch is running in layer 2 only) and the CAM eth0 interface over the network with no firewalls in the way.
I have tried configuring both SNMP versions on the CAM and I have captured the SNMP communication between the switch and the CAM which is being received by the switch and is being responded to. So I have proved that SNMP packets are reaching the various devices. There is no routing or switching issues.
Would someone please mind giving me a hand and tell me why the CAM cannot control the switch. When you try to add the switch it comes up with a message like "unable to control 10.108.2.15" This is the management VLAN2 on the test switch. I have used test communities public and private respectively on the CAM to match the switch.
SNMP switch config snippet below. The CAM is at 10.108.100.10.
snmp-server engineID local 800000090300001D4572F86E
snmp-server community public RO 10
snmp-server community private RW 10
snmp-server trap-source Vlan2
snmp-server enable traps snmp linkdown
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.108.100.10 version 2c private
snmp-server host 10.108.100.10 version 2c public
access-list 10 permit 10.108.100.10 (This is the CAM referenced in ACL 10 so the poll will work)
Thanks kindly,
OliverHi again Faisal,
The switch is a 4510R-R with 2 x SUP6-E's running code 12.2.53SG so the code is very recent. As the SUP6-E's are based on 4900 code I think that may be clue as to why things are not working however the SUP6-E should have full NAC support according to all documentation.
I would just like to add that our 5508 WLC's cannot be added to the CAM either and they are running version 6.0 WLC code. Again very recent code.
I can add 3750 switches fine so I know the configs are correct.
Doing this testing is most frustrating indeed as the NAC products just do not work as they should. I have asked for this to escalated to our SE so we should get a TAC case raised.
Faisal if you could be of any additional assistance this would be most appreciated.
Thanks,
Oliver -
2 Cisco Stacks, need to add switches
Hello,
I have 6 x 3750 switch split into 2 stacks ( A & B). This is for our VMware hosts and SANs and it works well. We have now run out of space and I have been given 2 x ws-3750G-12s-s chassis switches to add, 1 to each stack. So I have a few question on added these to the stacks, here is a diag to help:
These switches are slightly different to what we are using (in red) and we have to buy the SFP modules as the ports are empty, however will these switch be compatible?
I will need to use the same old IOS 12.2(53)?
I have highlighted in red where I think the stack cables need to go/moved does it look about right?
Will pullin gthese stack cables cause downtime?
I have to provision the stack to see the 4th switches is there any reboot required?
ThanksDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Examples:
sh platform stack manager all
Stack State Machine View
==============================================================
Switch Master/ Mac Address Version Current
Number Member (maj.min) State
1 Master ####.####.#### 1.45 Ready
2 Member ####.####.#### 1.45 Ready
3 Member ####.####.#### 1.45 Ready
sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K -
Cisco Prime SNMP Traps Best Pratice
The Cisco Prime documentation recommends configuring switches to send SNMP traps. However it does not give any more details.
I was wondering what sorts of SNMP traps people in the community are using with Cisco Prime 2.1. I'm looking for some sort of best practice or for an idea of what traps would be the most useful to configure on the switches, to send to Prime.Hi ,
Snmp traps need to be configured only on device end , there is no config need to be done on PI.
you can enable all the traps that you want. for e.g
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
etc......
and you can monitor then in PI (Administration > System Settings > Severity Configuration, Link down)
check the below link as well:
https://supportforums.cisco.com/discussion/11919481/prime-infrastructure-20-link-status-alarms
Thanks-
Afroz
***Ratings Encourages Contributors *** -
Cisco Prime Infrastructure 2.1 Inventory Job
My cisco prime infrastructure performs a switch inventory job every night at 22:00 hrs. When I looked at the syslog of the devices in the inventory, I see some entries that I never saw with other LMS versions.
2014-06-30 22:00:01 Local7.Notice xxx.xxx.xxx.xxx 5410: Jun 30 22:00:00.623 CST: %SYS-5-CONFIG_I: Configured from xxx.xxx.xxx.xxx by snmp
2014-06-30 22:00:01 Local7.Notice xxx.xxx.xxx.xxx 5411: Jun 30 22:00:01.567 CST: %SYS-5-CONFIG_I: Configured from console by vty1 (xxx.xxx.xxx.xxx)
2014-06-30 22:05:10 Local7.Notice xxx.xxx.xxx.xxx 5412: Jun 30 22:05:09.008 CST: %SYS-5-CONFIG_I: Configured from console by vty0 (xxx.xxx.xxx.xxx)
I don't understand what the PI is doing with the switches. Does anyone know what is happening during this inventory background job? TIAHello all,
we have the same problem maybe; Cisco Prime IF 2.1 is changing the running-configs and produces out-of-syncs ;
it turns so for us is, as if Cisco Prime IF 2.1 a snmp-server host x.x.x.x community entry writes in the running-config,
so are running-and startup-config are out-of-sync; is this correct? Herbert -
Hi friends,
I have a question about my syslog from Cisco Prime LMS 4.1, the hours from this syslog in the LMS is diferent from my switch log. I dont kown why.. I verified the hours betewen switch y the Cisco Prime is the same(the LMS is over Windows Server 2008R2) . both are the same log but in diferent hours about 5 hours.
maybe I have to configure the hours for Syslog in the Cisco Prime.
Log from Switch
Log from Cisco Prime LMSIf you have LMS, i am not sure, but if you have PI 1.2. Take a look at my post.
Basically, syslog feature doesn't work well. I could see couple of syslog through event / alarm, but syslog itself is not working properly.
https://supportforums.cisco.com/message/3861981#3861981 -
Cisco Prime Infrastructure 2.0 Alarms (switch port down)
We have a cisco Prime Infrastructure 2.0 managing switches, routers and AP.
By default, when a port of a switch goes down, the cisco Prime Infrastructre generates a Critical Alarm for that. (this is a problem, because every phone of laptop disconnection will generate a critical alarm for me)
I found out that if we go to Administration --> Alarm Severity --> Link down, I can change the Alarm from Critical to another type of alarm.(ex: warning)
The problem is that I want to keep the Critical Alarm for my Uplinks ports and for some important switch ports, and I would like to make the alarm as warning for the normal user ports.
I know that I can create Port Groupping and add ports to each group and apply monitoring templates on those groups. But This couldn't Help me solving my alarm problem.
So I just need to know how to manage the alarms severity for each group of ports.
Thank youHi,
Same problem here.
I am using Cisco Prime Infrastructure 2.0 (evaluation version for 60 days). I want to deploy port monitoring for my trunk ports between switches and some other important ports e.g. servers. Basically I want to get alarms when these ports are down, there are errors on ports and etc.
So in Design>Port Grouping I created User Defined group with important ports. In Deploy>Monitoring Deployment I selected Interface Health (default)>Deploy selected Port Groups and when selected port group I created.
Now the rule shows Deployed: Yes and Status: Active. After that I just pulled out one port which was in monitored group, waited 5min as it is set in Interface Health (default) template, and nothing happened, and worse, alarms started to show up of other ports where regular users are connected (computers was turned off), which I do not want to see at all. I tried redeploy template, I even created my own template but still no desired result.
Any suggestions how to make port monitoring work? -
Cisco Prime 2.1 - Collection Failure 2950 Series Switch
Hi All,
I am trying to add various devices in the Cisco Prime Infrastructure 2.1, but with the followings I get a message: Collection Failure (Inventory Collection Status).
Cisco Catalyst 2950 24 Switch
Cisco Catalyst 2950G 24 EI DC Switch
¿Why I can't sync this devices?
Kind Regards!
JEFFERSSONQGLeo,
I think you are not correct ...
( to be truth - I hope it ;- ) )
in PI 2.2 the Cat 3550 is listed under the supported devices whereas the Cat 2950, 2955 are not:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/release/notes/cpi_rn.html#pgfId-43885
But the latter are listed as being supported in PI 2.1 (while the Cat 3550 is not...)
http://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/supported/devices/pi21-supported-devices-list.xlsx?mdfid=284540974
So hopefully it is just a matter of time to get them ALL on the list of supported devices for the current version of PI 2.2 ...
I just saw that for Prime Network (Management SW for Service Providers) they even have Cat 3500XL on the list of supported devices... (but I do not know for which type of management they do support these devives, e.g. config, alarming,etc)
http://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/prime/network/4-2/supported/vnes/CiscoPrimeNetwork-4-2-SupportedCiscoVNEs.pdf -
Cisco ASA 5505 VPN connection issue ("Unable to add route")
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.
Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
* PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.
I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.
First I tried with the built-in ASDM IPSec Wizard, instructions found here.
VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself).
Client logs show following error messages:
1 15:53:09.363 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
2 15:53:13.593 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.101
3 15:53:13.593 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100165, Gateway: ac100101.
4 15:54:30.425 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
5 15:54:31.433 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
6 15:54:32.445 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
7 20:50:45.355 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
8 20:50:50.262 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.100
9 20:50:50.262 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100164, Gateway: ac100101.
I've already tried the suggestions from this link, although the problem is different there (as the user can still access the internet, even without split tunneling, which I cannot).
A show run shows the following output (note in the below I have tried a different VPN network: 192.168.3.0/24 instead of 172.16.1.0/24 seen in the Client log)
Result of the command: "sh run"
: Saved
ASA Version 8.2(5)
hostname AsaDWD
enable password kLu0SYBETXUJHVHX encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group DW-VPDN
ip address pppoe setroute
ftp mode passive
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool DWD-VPN-Pool 192.168.3.5-192.168.3.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group DW-VPDN request dialout pppoe
vpdn group DW-VPDN localname fa******@SKYNET
vpdn group DW-VPDN ppp authentication pap
vpdn username fa******@SKYNET password *****
dhcpd auto_config outside
dhcpd address 192.168.2.5-192.168.2.36 inside
dhcpd domain DOMAIN interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DWD internal
group-policy DWD attributes
vpn-tunnel-protocol IPSec
username test password ******* encrypted privilege 0
username test attributes
vpn-group-policy DWD
tunnel-group DWD type remote-access
tunnel-group DWD general-attributes
address-pool DWD-VPN-Pool
default-group-policy DWD
tunnel-group DWD ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3e6c9478a1ee04ab2e1e1cabbeddc7f4
: end
I've installed everything using the CLI as well (after a factory reset). This however yielded exactl the same issue.
Following commands have been entered:
ip local pool vpnpool 172.16.1.100-172.16.1.199 mask 255.255.255.0
username *** password ****
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp nat-traversal
sysopt connection permit-ipsec
sysopt connection permit-vpn
group-policy dwdvpn internal
group-policy dwdvpn attributes
vpn-tunnel-protocol IPSec
default-domain value DWD
tunnel-group dwdvpn type ipsec-ra
tunnel-group dwdvpn ipsec-attributes
pre-shared-key ****
tunnel-group dwdvpn general-attributes
authentication-server-group LOCAL
default-group-policy dwdvpn
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.
I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...
The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
Does anyone know what's going on?Yes, I have tried from a different laptop - same results. Using that laptop I can connect to a different IPSec site without issues.
Please find my renewed config below:
DWD-ASA(config)# sh run: Saved:ASA Version 8.2(5) !hostname DWD-ASAenable password ******* encryptedpasswd ****** encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.2.254 255.255.255.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group DWD ip address pppoe setroute !ftp mode passiveaccess-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.224 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500ip local pool vpnpool 192.168.50.10-192.168.50.20 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyhttp server enablehttp 192.168.2.0 255.255.255.0 insidehttp 0.0.0.0 0.0.0.0 outsideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map outside_map interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh timeout 5console timeout 0vpdn group DWD request dialout pppoevpdn group DWD localname *****@SKYNETvpdn group DWD ppp authentication papvpdn username *****@SKYNET password ***** dhcpd auto_config outside!dhcpd address 192.168.2.10-192.168.2.40 insidedhcpd enable inside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn enable outside svc enablegroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpngroup-policy dwdipsec internalgroup-policy dwdipsec attributes vpn-tunnel-protocol IPSec default-domain value DWDDOMusername user1 password ***** encrypted privilege 0username user1 attributes vpn-group-policy dwdipsectunnel-group dwdipsec type remote-accesstunnel-group dwdipsec general-attributes address-pool vpnpool default-group-policy dwdipsectunnel-group dwdipsec ipsec-attributes pre-shared-key *****tunnel-group dwdssl type remote-accesstunnel-group dwdssl general-attributes address-pool vpnpool!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:f5c8dd644aa2a27374a923671da1c834: endDWD-ASA(config)# -
Cisco Prime Infrastructure 2.2 Rest API XML does not add LF
I am using several scripts that dig the data from XML files created through Cisco Prime Infrastructure Rest API. It worked fine until 2.1. Now, with 2.2, seems Cisco stopped adding LF to each line and everything is 'one' line.
Here is an example with 2.1, there is a LF to the end of each line:
?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<queryResponse type="AccessPointDetails" rootUrl="https://server/webacs/api/v1/data" requestUrl="https://server/webacs/api/v1/data/AccessPointDetails?type=contains(UnifiedAp)&.full=true&.maxResults=1000&.firstResult=0" responseType="listEntityInstances" count="715" first="0" last="714">
<entity url="https://server/webacs/api/v1/data/AccessPointDetails/1505569" type="AccessPointDetails" dtoType="accessPointDetailsDTO">
<accessPointDetailsDTO id="1505569" displayName="1505569">
<adminStatus>ENABLE</adminStatus>
<apType>AP1240</apType>
<cdpNeighbors>
<cdpNeighbor>
<capabilities>Switch IGMP </capabilities>
<duplex>Half Duplex</duplex>
<interfaceSpeed>100Mbps</interfaceSpeed>
<localPort>2</localPort>
<neighborIpAddress>10.1.1.1</neighborIpAddress>
<neighborName>switch</neighborName>
<neighborPort>FastEthernet0/1</neighborPort>
<platform>cisco WS-C3560-8PC</platform>
</cdpNeighbor>
Now, with 2.2, there is not LF anywhere:
?xml version="1.0" encoding="UTF-8" standalone="yes"?><queryResponse type="AccessPointDetails" rootUrl="https://server/webacs/api/v1/data" requestUrl="https://server/webacs/api/v1/data/AccessPointDetails?type=contains(UnifiedAp&.full=true&.maxResults=1000&.firstResult=0" responseType="listEntityInstances" count="715" first="0" last="714">
<entity url="https://server/webacs/api/v1/data/AccessPointDetails/1505569" type="AccessPointDetails" dtoType="accessPointDetailsDTO">
<accessPointDetailsDTO id="1505569" displayName="1505569"><adminStatus>ENABLE</adminStatus><apType>AP1240</apType><cdpNeighbors><cdpNeighbor>
Does anyone know, is this intentional or a mistake? Or is there a way how I control this?
I am reading on-line CPI Rest API docs, but seems cannot find anything.
Thanks,
VladPI 2.0 is in Beta mode for testing in closed group already. However it may still take some time to get released on CCO for FCS.
I think it is expected to be released between aug-sep. BU has also started working on CPI 2.1, which you can see test uploads on CCO.
For what does it have for customers?
> As Cisco have a vision of one network Management software for both wired and wireless infrastructure, which started getting real partially with Cisco PI.
As WCS got evolved to NCS and eventually to Cisco Prime Infrastructure, but it doesnt yet have full Management capability for wired infra., which is there with LMS.
With CPI 2.x Cisco plans to blend entire LMS and WCS features together.
-Thanks -
Cannot add WLC 5508 7.2.111.3 to Cisco Prime Infrastructure 2.0
Though the Cisco Prime Infrastructure Compatibility Matrix list out that 7.2.111.3 is supported for PI 2.0
I am not able to add the controller to the PI 2.0.
The Reachability Status always shown "Unknow" and SNMP Status always shown "No response for SNMP Get".
There is no firewall between the WLC and PI.
And ping test shows it is reachable.
If I try to add controller by non-management port (I know it is not work but I want to try the reachability), the Reachability Status shown "Reachable" but the SNMP Status always shown error.
And if I use some SNMP testing software to test the SNMP port. SNMP can be quoted.
I have try to lower down the "Maximum VarBinds per Get PDU" but no luck.
Any thing I can do to troubleshoot the problem?Yes, I follow the procedure but it does not work.
Another update:
I add another WLC with version 7.0.98.0. It is fine.
And I setup another new PI 2.0 and new temporary WLC5508 with 7.2.111.3 to test. It work fine also......
So, I am wondering the existing 7.2 WLC have problem in responsing the SNMP Get. But I dont have any idea to test....
Do anyone have idea to test the snmp connection between PI and WLC? -
Configuring SNMpv3 in switch 2960 and connect to cisco prime 6.3
hi
I configuring the parameters in the switch for snmp v3 and the cisco prime, but i don´t have any response
but, I configure snmp version1 this work
in the scree on the cisco prime, don´t appear this field´s to configure all parameters for snmpv3
any idea??
thanksHi ,
share your SNMPv3 config or I have attached the sample SNMPv3 config , kindly check or reconfigure it and see if it help
Thanks-
Afroz
***Ratings Encourages Contributors ***
Maybe you are looking for
-
How do I autogen a value for primary key on inserts
I'm running 4.0. I am writing an app that maintains distributed database inventory information. All of my tables have surrogate numeric primary keys. I have created several report/form combinations. From the report, I can choose to create a new insta
-
Spotlight no longer working on iPad 4, iOS7
I am installed iOS 7 on my iPad 4. Now Spotlight is no longer working. I do not get any results. Searching for "mail" or a contact does not show anything. Spotlight is enabled in the preferences for all existing information types. How to proceed?
-
Setting the message parameter in java class
Hi! I have a resource bundle with a message that includes a parameter. my.message.key=Part1 {0} Part2 I am able to fill this parameter when using this message in jspx page like: <h:outputFormat value="#{res['my.message.key']}" rendered="#{userInfo.
-
Table fields to match pdf form
I found this on my formscentral help file. Note: Some types of form fields aren't supported when you import a PDF form. For example, text fields with formatting applied, such as numeric or percentage fields, are converted to plain text fields. And, s
-
Hi all, I'm facing a strange boring problem. I've a tomcat runs a webapp that using thin client connects to a remote DB. From about a week is not able to connect anymore. Java hangs and report this error: java.sql.SQLException: Io exception: Connecti