Class Map Statistic Dashlet in Cisco Prime Inf. 2.1
Dear All ,
I installed the demo version of Cisco Prime infra . 2.1 and I saw that there is a specific Dashlet to monitor QOS class map .
As we have some policy-map configured , it could be very interresting.
After a day spent on Google .. I didn't found how to configure it .. I found that Cbqos must be enabled on the switch/router
So I did it by entering the following cmd
snmp-server ifindex persist
snmp mib persist cbqos
But nothing . I also deployed the Cisco monitoring template for class map statistics .
Do I need another cmd to be entered or any other device or appliance from Cisco .. ?
Thanks a lot
Marc
PI 1.2 definitely does not include all the regulatory compliance features of LMS. Reference.
Even though the document says PI 1.2 will do baseline compliance, I haven't figured out how they expect you to do that.
Similar Messages
-
Cisco Prime Inf 1.2 global SNMP/SSH parameters
Hi - I'm looking for a way to create global credential profiles in Prime Inf, like I was able to do in CiscoWorks LRE. I have discovered a bunch of devices on my network, but I cant get the configs or inventory to sync on some because the SSH and/or SNMP parameters are incorrect. I can edit a device and modify the credentials, but if I select more than one device, the edit option is grayed out. I don't want to have to go into each device and modify the credentials. I'd like to do select a group of devices and apply a global credential profile to them.
We have several areas that use different credentials so that is why having mulitple global credential profiles is necessary.
Please advise.
ThanksLook in the Prime 1.2 user guide--there are sections that talk specifically about templates.
http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/deploy_temps.html -
Cisco Prime Inf 1.2 configuration compliance tool
Hi - working with a trial version of Cisco Prime 1.2. I am looking for a Configuration Compliance tool. I used it in Cisco Works LMS - but I dont see a way to do the same thing with Cisco Prime.
Please advise.
ThanksPI 1.2 definitely does not include all the regulatory compliance features of LMS. Reference.
Even though the document says PI 1.2 will do baseline compliance, I haven't figured out how they expect you to do that. -
Cisco Prime 1.2 Licensing question
Hi all,
I am try to design a wireless solution where we will use WLC, MSE, ACS and we want to hace map location of the ap.
It is a new solution, no a upgrading
For the use of map and location in Cisco Prime wich license is required?, just with the lifecycle can i do?
This solution is for a 120 ap´s, i list the license what i think that i need
R-PI12-K9
R-PI12-BASE-K9
L-PI12-LF-100
L-PI12-LF-50
I hope be clear
Regards,
SebastianI beleive that with life cycle you should be able to do maps, although you will obviously need a base as well.
Also, I don't beleive that you can get ACS anymore, so you will be looking at ISE instead. -
Adding MSE from VMware to Cisco Prime
Hi Guys,
I'm trying to register MSE 7.4 on installed on VMWare to Cisco Prime running on version 2.1 but it seems like i'm getting this issue every time i do:
"No response from server. It may be unreachable, or server is down or HTTPS connection to server failed"
I'm sure that the IP address is correct
I'm sure that NCS username and NCS password is correct
I can ping MSE from MSE (hehe)
I can ping Cisco prime from MSE
I also tried to re install MSE on VM but i'm still getting the same error message.
How can this be fixed? thanksMigrating Cisco WCS Licenses to Cisco Prime NCS Licenses
The Cisco Prime Network Control System uses a single-tier license model. When Cisco WCS BASE or WCS PLUS licenses are being migrated, licenses will be mapped to the new Cisco Prime NCS single-tier model, as shown in Figure 1. Customers are able to migrate their existing WCS licenses by purchasing the migration SKU (L-WCS-NCS1-M-K9) as also indicated.
For more information please refer to the link-
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/guide_c07-653879.html -
Cisco ACE loadbalancing matching more than one header in L7 class map
Dear All,
This is regarding Cisco ACE loadbalancing matching more than one header in L7 class map. I have a small setup with ACE 30 module in Cisco6500. I have got three webservers. Presently I have following configuration where I am mathing one url header.
class-map type http loadbalance match-all L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
So for above configuration, when traffic is coming for abhisar.com, it is working fine.
Now, I have following headers and DNS entry is pointing to same virtual IP for all http url header same as abhisar.com
abhisarindia.com
indiaabhi.com
So new configuration will be
class-map type http loadbalance match-any L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
4 match http header Host header-value ".*abhisarindia.com*"
6 match http header Host header-value ".*indiaabhi.com*"
So just want to confirm if this is fine.
Thank You,
Abhisar.Dear Rajesh,
Thank you for reply. I will let you know once I carry out this activity.
Thank You,
Abhisar. -
Cisco Prime 1.2 (MAPS/FLOOR PLANS)
Hi All,
Does anyone have any idea on how to import and scale correctly campus, building and floor diagrams into Cisco PI?
I have tried several times via the editor to rescale and it just doesn't work.
Any advise would be greatly appreciated.
Thanks in advance for any replies.
JasonYes you can add building and floor diagrams in Cisco Prime Infrastructure 1.2. For the same you can see the below link
http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/maps.html
Open this link and goto Adding Floor Areas to a Campus Building -
Hello All,
This is to see if I am the only one disappointed with the Mapping portion of Cisco Prime Infrastructure: my disappointments are as follows:
1. The Map can only be zoomed up to a certain size, under WCS and NCS we could almost zoom indefinitely into the map.
2. The edit map sizing tool bit and its working has changed and quite difficult to use, the tool tip has changed into a small square, and uses double click which are not as intuitive as before, why change a working thing?
3. Printing the Map is almost like priting the screen, when you say print you are telling it to print the map and not how it appears on your screen, for there are other tools like snagit or greenshot.
These are serious concerns for my team, are you experiencing this?
PrakashVery similar issue at least. The planning tool, which is reliant on the maps, is very difficult to use. It is very difficult to scale maps for use in the planning tool. Obviously this is important to calculations and placement of the AP's and also coverage computations.
-
Hi
When you create a map in Cisco Prime and place the APs, does this effect in any way the RRM configuration on the AP's? or there power\channel selection?
Or are the maps a purely passive tool?
Thanks in advanceRRM operates at the controller level. Prime maps are passive only and have no impact on RRM. The maps are more of a visual/graphical tool for heatmaps and planning scenarios.
-
Updating Cisco Prime Infrastructure Campus Maps
Our campus has changed significantly since we first created our maps, so I decided to edit the existing campus. Couldn't do it...got an error.
So, I created a new campus with a new campus layout image. I'm trying to move the existing buildings from the old campus to the new campus, but when I try I get the following error.
Error(s): You must correct the following error(s) before proceeding:
Error:Unknown Exception Occurred. If the problem persists please send logs to the Tech Support.
Error:Detail: Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect):[com.cisco.server.managedobjects.servicedomain.ServiceDomain#50255481]
As an additional note, I can a new building to the new campus and I can also move a building that has no floor plans in it yet. Pretty poor if this error means I'm going to have to duplicate my entire campus.
Any ideas?Unable to move buildings to a new Campuses (occurs on random buildings)
CSCul23421
Description
Symptom:
Prime Infrastructure may throw an exception when trying to move buildings between campuses, stating that the row was updated or deleted by another transaction.
Conditions:
Workaround:
At this time, there is no workaround. -
Issue with cisco prime adding aceess point in the map and move in the final position
I have an Cisco Prime infrastructure with a 2.1.1 version, I created a new campus, a new building, a new floor after that i want to add access point in one floor i can add 4 access ponit but in other one floor I add first 3 access points successful bunt when i try to add a new access point in the same floor tha access point it is added but I can not move it to the final possition on the map.
the cisco prime shows the followging message
Cannot find feature by (Mac/Name/ID) null
how can I move the access point into the last possiton ?Duplicate post.
Go HERE. -
Network topology map Cisco Prime Infrastructure
Hi just want to inquire if it is possible to create a network topology map on cisco prime infrastructure's dashboard that will display both wired and wireless devices or do we need another cisco product to accomplish it.
ThanksAt long last, Prime Infrastructure 2.2 was released yesterday (17 December 2014) and now includes the Topology map feature:
"Cisco Prime Infrastructure provides a visual map that allows you to view the physical network topology, including the network devices and the links that connect them. The topology maps have indicators that show the current alarm status of network devices and links. By using the network topology maps, you can easily monitor your network by viewing alarms and viewing the interconnection between the devices." (Link)
I'm migrating a system now and will open a new thread with first impressions. -
Source ip filtering with class map on cisco ace30
Hello ,
I would like to know if it is possible to filter source ips connecting to a virtual ip within a class map configuration ( or something else ) ?
access-list S_IP_FILTERING line 8 extended permit ip host 1.1.1.1 any
class-map match-all S_IP_FILTERING_XVIP
2 match access-list S_IP_FILTERING
3 match virtual-address 2.2.2.2 any
Error: Only one match access-list is allowed in a match-all class-map and it cannot mix with any other match type
thanks for your support
Case,Hi,
Yes, it is possible to do this. Use the ACL filter for the source IP address under the policy-map type loadbalance. Then you would call that load balance policy in your multi-match policy under the appropriate class.
for example:
class-map type http loadbalance match-any LOADBALANCE-FILTER
2 match source-address X.X.X.X 255.255.255.255
class-map match-any TEST-CLASSMAP
2 match virtual-address Y.Y.Y.Y tcp eq www
policy-map type loadbalance first-match LOADBALANCE
class LOADBALANCE-FILTER
serverfarm TEST-SERVERFARM
policy-map multi-match UTC-PM
class TEST-CLASSMAP
loadbalance policy LOADBALANCE
loadbalance vip inservice
-Alex -
Default class map is dropping all Packets
Hello I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part. Any help is greatly appreciated!!!!
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing.
Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname Cisco871
boot-start-marker
boot-end-marker
logging buffered 4096
no logging console
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock summer-time PST recurring
crypto pki trustpoint TP-self-signed-4004039535
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4004039535
revocation-check none
rsakeypair TP-self-signed-4004039535
crypto pki certificate chain TP-self-signed-4004039535
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303034 30333935 3335301E 170D3038 30323037 30373532
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303430
33393533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CEC2 7B89C73F AB4860EE 729C3B64 82139630 239A2301 8EA8B4C4 05505E25
B0F24E7F 26ECEC53 3E266E80 F3104F61 BDDC5592 40E12537 2262D272 08D38F8E
147F5059 7F632F5E 635B9CDF 652FFE82 C2F45C60 5F619AF0 72E640E0 E69EA9EF
41C6B06C DD8ACF4B 0A1A33CF AF3C6BFB 73AD6BE0 BD84DD7F 435BD943 0A22E0E5
F4130203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
551D1104 18301682 144C7570 696E2E44 61627567 61626F6F 732E6F72 67301F06
03551D23 04183016 801473C6 E0784818 29A89377 23A22F5E BDD430CE E282301D
0603551D 0E041604 1473C6E0 78481829 A8937723 A22F5EBD D430CEE2 82300D06
092A8648 86F70D01 01040500 03818100 299AD241 442F976F 4F030B33 C477B069
D356C518 8132E61B 1220F999 A30A4E0C D337DCE5 C408E3BC 0439BB66 543CF585
8B26AA77 91FA510B 14796239 F272A306 C942490C A44336E0 A9430B81 9FC62524
E55017FA 5C5463D7 B3492753 42315BEC 32B78F24 D10B0CA7 D1844CD5 C3E466B9
3543BD68 A4B2692D 05CBF6DC C93C8142
quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.5
ip dhcp excluded-address 172.16.15.1 172.16.15.5
ip dhcp excluded-address 172.16.15.14
ip dhcp excluded-address 172.16.17.1 172.16.17.5
ip dhcp excluded-address 192.168.19.1 192.168.19.5
ip dhcp pool MyNetNative
import all
network 10.0.0.0 255.255.255.248
default-router 10.0.0.1
domain-name MyNetNet.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
lease 0 2
ip dhcp pool MyNetData
import all
network 172.16.15.0 255.255.255.240
dns-server 172.16.15.14 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
default-router 172.16.15.1
domain-name MyDomain.org
ip dhcp pool MyNetVoice
import all
network 172.16.17.0 255.255.255.240
dns-server 172.16.15.14
default-router 172.16.17.1
domain-name MyDomain.org
ip dhcp pool MyNetGuest
import all
network 192.168.19.0 255.255.255.240
default-router 192.168.19.1
domain-name MyNetGuest.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
ip domain name MyDomain.org
ip name-server 172.16.15.14
ip name-server 4.2.2.4
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect TCP_PARAM
parameter-map type inspect global
username MyAdmin privilege 15 secret 5 MyPassword
archive
log config
hidekeys
class-map type inspect match-all MyNetGuest-access-list
match access-group 110
class-map type inspect match-any Base-protocols
match protocol http
match protocol https
match protocol ftp
match protocol ssh
match protocol dns
match protocol ntp
match protocol ica
match protocol pptp
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all MyNetGuest-Class
match class-map MyNetGuest-access-list
match class-map Base-protocols
class-map type inspect match-all MyNetNet-access-list
match access-group 100
class-map type inspect match-any Voice-protocols
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any Extended-protocols
match protocol pop3
match protocol pop3s
match protocol imap
match protocol imaps
match protocol smtp
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
class type inspect MyNetGuest-access-list
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
class type inspect MyNetGuest-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone
class class-default
pass
zone security MyNetNet-zone
zone security MyNetGuest-zone
zone security MyNetWAN-zone
zone-pair security MyNetNet->MyNetGuest source MyNetNet-zone destination MyNetGuest-zone
service-policy type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetWAN source MyNetGuest-zone destination MyNetWAN-zone
service-policy type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetNet source MyNetGuest-zone destination MyNetNet-zone
service-policy type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
interface FastEthernet0
description Cisco-2849-Switch
switchport mode trunk
speed 100
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
description SBS-Server
switchport access vlan 10
spanning-tree portfast
interface FastEthernet4
description WAN
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly
zone-member security MyNetWAN-zone
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
interface Vlan1
description MyNetNative
ip address 10.0.0.1 255.255.255.248
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
ip tcp adjust-mss 1452
interface Vlan10
description MyNetData
ip address 172.16.15.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan20
description MyNetVoice
ip address 172.16.17.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan69
description MyNetGuest
ip address 192.168.19.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetGuest-zone
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
access-list 100 remark MyNetnet
access-list 100 permit ip 10.0.0.0 0.0.0.7 any
access-list 100 permit ip 172.16.15.0 0.0.0.31 any
access-list 100 permit ip 172.16.17.0 0.0.0.15 any
access-list 110 remark MyNetGuest
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.2
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.3
access-list 110 deny ip 192.168.19.0 0.0.0.15 10.0.0.0 0.0.0.7
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.15.0 0.0.0.31
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.17.0 0.0.0.15
access-list 110 permit ip 192.168.19.0 0.0.0.15 any
control-plane
banner login ^CC
You know if you should be here or not.
if not please leave
NOW
^C
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
ntp server 172.16.15.14
webvpn cef
end
Cisco871#sh zone security
zone self
Description: System defined zone
zone MyNetNet-zone
Member Interfaces:
Vlan1
Vlan10
Vlan20
zone MyNetGuest-zone
Member Interfaces:
Vlan69
zone MyNetWAN-zone
Member Interfaces:
FastEthernet4
Cisco871#sh zone-pair security
Zone-pair name MyNetNet->MyNetGuest
Source-Zone MyNetNet-zone Destination-Zone MyNetGuest-zone
service-policy MyNetNet-zone_to_MyNetGuest-zone_policy
Zone-pair name MyNetNet->MyNetWAN
Source-Zone MyNetNet-zone Destination-Zone MyNetWAN-zone
service-policy MyNetNet-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetWAN
Source-Zone MyNetGuest-zone Destination-Zone MyNetWAN-zone
service-policy MyNetGuest-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetNet
Source-Zone MyNetGuest-zone Destination-Zone MyNetNet-zone
service-policy MyNetGuest-zone_to_MyNetNet-zone_policy
Cisco871#sh int faste4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0016.9d29.a667 (bia 0016.9d29.a667)
Description: WAN
Internet address is 10.38.177.98/25
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:34:50, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
593096 packets input, 73090812 bytes
Received 592752 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
9940 packets output, 1016025 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Zone-pair: MyNetNet->MyNetWAN
Service-policy inspect : MyNetNet-zone_to_MyNetWAN-zone_policy
Class-map: MyNetNet-Class (match-all)
Match: class-map match-all MyNetNet-access-list
Match: access-group 100
Match: class-map match-any Voice-protocols
Match: protocol h323
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol skinny
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol sip
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Extended-protocols
Match: protocol pop3
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pop3s
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imap
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imaps
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol smtp
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Base-protocols
Match: protocol http
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol https
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ssh
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol dns
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ntp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ica
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pptp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol icmp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol tcp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol udp
0 packets, 0 bytes
30 second rate 0 bps
Inspect
Session creations since subsystem startup or last reset 0
Current session counts (estab/half-open/terminating) [0:0:0]
Maxever session counts (estab/half-open/terminating) [0:0:0]
Last session created never
Last statistic reset never
Last session creation rate 0
Maxever session creation rate 0
Last half-open session total 0
Class-map: class-default (match-any)
Match: any
Drop (default action)
5196 packets, 256211 bytes
Cisco871#sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1745 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 1785 message lines logged
Log Buffer (4096 bytes):
001779: *Feb 15 11:00:55.979: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:61806 => 168.94.0.1:53 with ip ident 511 due to policy match failure
001780: *Feb 15 11:00:59.739: %FW-6-DROP_TCP_PKT: Dropping Other pkt 172.16.15.6:4399 => 168.94.69.30:443 due to policy match failure -- ip ident 515 tcpflags 0x7002 seq.no 974122240 ack 0
001781: *Feb 15 11:01:26.507: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:51991 => 168.94.0.1:53 with ip ident 625 due to policy match failure
001783: *Feb 15 11:01:57.891: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:64470 => 168.94.0.1:53 with ip ident 677 due to policy match failureHello Charlie,
I would recomend you to investigate a little bit more about how the ZBFW features works
Now I am going to help you on this one at least, then I will give you a few links you could use to study
We are going to study traffic from MyNetNet-zone to the MyNetWan-zone
First the zone-pair
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
so lets go policy-map
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
Finally to the class map
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
That keyword MATCH-ALL is the one causing the issues!!
Why?
Because you are telling the ZBFW to inspect traffic only if matches all of those class-maps so a packet will need to math the base protocols and the extended protocol and as you know that is not possible ( Just one protocol )
So here are the links
http://blogg.kvistofta.nu/cisco-ios-zone-based-policy-firewall/
https://supportforums.cisco.com/thread/2138873
http://pktmaniac.info/2011/08/zone-based-firewalls-something-to-keep-in-mind/
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
You have some work to do
Please remember to rate all the helpful posts
Julio
CCSP -
WCS and LMS to Cisco Prime Infrastructure 1.3 Upgrade
Hello,
Our customer is currently having WCS for 500 devices and LMS 3.2 for 1500 devices. We are planning to upgrade to Cisco Prime Infrastructure 1.3.
I want to check is the upgrade procedure that we have planned is ok or we have missed something.
Phase 1: WCS to CPI 1.3 upgrade
1. Check that WCS is at 7.0.230.0 version
2. Export WCS database
3. Install NCS 1.1.1.24 software
4. Contact cisco to obtain trial license for NCS software (L-WCS-NCS1-M-K9 license).
5. Migrate WCS license and import it in NCS software
6. Migrate WCS data to NCS software using ncs migrate command
7. Patch NCS software
8. Inline upgrade to CPI 1.3 software
9. Install proper licenses on CPI 1.3 (WCS and LMS device count)
My concern in this first phase is should I use NCS large image since our Cisco Prime Infrastructure 1.3 software should manage 2000 devices at the end.
Or is it better not to perform inline upgrade and insted go with exporting data from NCS and then importing them to CPI 1.3 that is going to be installed separately?
Phase 2: LMS 3.2 to CPI upgrade
1. Export LMS 3.2 database
2. Install LMS 4.2 software
3. Install license to LMS 4.2
4. Restore data from LMS 3.2 to LMS 4.2
5. Direct upgrade from LMS 4.2 to 4.2.2
6. Export the device list with credentials from LMS 4.2.2 and import it as a Bulk Import in CPI 1.3
At the end we will have CPI 1.3 and LMS 4.2.2 software running.
Is it possible to directly upgrade from LMS 4.2 to LMS 4.2.4 and then import data to CPI 1.3 or we need to go with 4.2.2 version?
Regards,
JelenaHello Marvin,
We have restored LMS 3.2 SP 1 database on LMs 4.2 and we have got some error messages during restore. Please see our restore output:
[kalms4/root-ade ~]# /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/res
resolver.pl restoreDBTableMig.pl restoreJRMMig.pl restorebackup.pl
[kalms4/root-ade ~]# /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup.pl -d /opt/BKP/
Restore started at : 2013/12/05 14:11:58
Please see '/var/adm/CSCOpx/log/restorebackup.log' for status.
USER ID is ..................................... : sysadmin
OS of the backup archive is..................... : Windows
INFO:The backup archive is from a different OS. Your current Platform is: Soft Appliance .
You are attempting to perform a Cross Platform Restore..
Do you wish to continue (Y/N) [Y] :Y
Generation to be restored is ................... : 0
Backup taken from............................... : /opt/BKP/
Common Services version in the backup data is... : 3.3.1
Common Services is installed in................. : /opt/CSCOpx
The temp folder for this restore program........ : /opt/CSCOpx/tempBackupData
Applications installed on this machine ......... : [Common Services][Campus Manager][Resource Manager Essentials][Device Fault Manager][cwportal][ipm][upm][cvw][cwlms]
Applications in the backup archive ............. : [Common Services][Campus Manager][Resource Manager Essentials][Device Fault Manager][opsxml][cwportal][ipm][upm][cvw]
WARNING: The list of applications installed on this CiscoWorks server does not match the list of
applications in the backup archive. If you restore data from this backup archive,it may
cause problems in the CiscoWorks applications.
Do you want to continue the restore operation? (y-continue or n-quit, y/n)?Y
Applications to be restored are................. : [Common Services] [Campus Manager] [Resource Manager Essentials] [Device Fault Manager] [cwportal] [ipm] [upm] [cvw]
Available disk space in NMSROOT................. : 86451488 Kb
Required disk space in NMSROOT.................. : 35906524 Kb
(The temp and NMSROOT are on same device, therefore this required disk space includes temp space)
Copying the backup files to the temporary location [/opt/CSCOpx/tempBackupData]
preRestore of [Common Services] has started.
preRestore of [Common Services] has completed.
preRestore of [Campus Manager] has started.
preRestore of [Campus Manager] has completed.
preRestore of [Resource Manager Essentials] has started.
preRestore of [Resource Manager Essentials] has completed.
preRestore of [Device Fault Manager] has started.
preRestore of [Device Fault Manager] has completed.
preRestore of [cwportal] has started.
preRestore of [cwportal] has completed.
preRestore of [ipm] has started.
preRestore of [ipm] has completed.
preRestore of [upm] has started.
preRestore of [upm] has completed.
preRestore of [cvw] has started.
preRestore of [cvw] has completed.
doRestore of [Common Services] has started.
Cross Platform Update started.
Cross Platform Update completed.
License check started.
WARNING: The license details in the server are different from the backup data.
After restoring, please check the license available in the server.
WARNING: Your current license count is lower than your earlier license count.
If you restore the data now, devices that exceed the current licence count
will be moved to Suspended state.
License check completed.
Restoring certificate.
WARNING: Cannot evaluate the hostname, hence the certificate
may be from this host or another host.
[ Certificate not overwritten ]
Restored Certificate.
Restoring Common Services database.
Restored Common Services database.
Restoring CMIC data.
Restored CMIC data.
Restoring CMC data.
Restored CMC data.
Restoring Security Settings.
Restored Security Settings.
Restoring DCR data.
Restored DCR data.
Restoring Certificate key store.
Restored Certificate key store.
Restoring DCNM CrossLaunch data.
Restored DCNM CrossLaunch function.
Restoring JAAS configuration.
Restored JAAS configuration.
JRM Job Migration started.
JRM job Migration done.
doRestore of [Common Services] has completed.
doRestore of [Campus Manager] has started.
Cross Platform Migration for Campus started.
Cross Platform update Starts for Campus
doRestore of [Campus Manager] has completed.
doRestore of [Resource Manager Essentials] has started.
10% of RME Restore completed
30% of RME Restore completed
50% of RME Restore completed
70% of RME Restore completed
100% of RME Restore completed
doRestore of [Resource Manager Essentials] has completed.
doRestore of [Device Fault Manager] has started.
10% of DFM Restore completed
30% of DFM Restore completed
50% of DFM Restore completed
80% of DFM Restore completed
Going to modify Eight PM report
Modified Sucessfully Eight PM report
100% of DFM Restore completed
doRestore of [Device Fault Manager] has completed.
doRestore of [cwportal] has started.
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.properties
Src file : /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db//portal.properties ,,, Destination file : /opt/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.properties
File Copied: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.properties
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.properties
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.script
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.script
Src file : /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db//portal.script ,,, Destination file : /opt/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.script
File Copied: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.script
Src file : /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db//portal.log ,,, Destination file : /opt/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.log
File Copied: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.log
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.log
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/db/portal.log
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultUserCommunity.properties
Src file : /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties//defaultUserCommunity.properties ,,, Destination file : /opt/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultUserCommunity.properties
File Copied: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultUserCommunity.properties
Src file : /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties//defaultCommunity.properties ,,, Destination file : /opt/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultCommunity.properties
File Copied: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultCommunity.properties
Error while coping the File: /opt/CSCOpx/tempBackupData/cwportal/CSCOpx/MDC/tomcat/webapps/cwportal/WEB-INF/classes/data/ciscoWorks/properties/defaultCommunity.properties
doRestore of [cwportal] has completed.
doRestore of [ipm] has started.
10% of IPM Restore Completed
30% of IPM Restore Completed
50% of IPM Restore Completed
60% of IPM Restore Completed
70% of IPM Restore Completed
100% of IPM Restore Completed
doRestore of [ipm] has completed.
doRestore of [upm] has started.
HUM database restore starts
INFO:STOP= /opt/CSCOpx/objects/db/bin64/dbstop -q -y -c dsn=upm
SQL Anywhere Command File Hiding Utility Version 10.0.1.4239
INFO: Database Shutdown is in Progress..Please wait
INFO: Stop Engine Args= /opt/CSCOpx/objects/db/bin64/dbstop -q -y -c dsn=upm
INFO: After Database Shutdown RC= 2304
root=C:\PROGRA~2\CSCOpx\databases\upm\upm.db
DBUTILS: Inside Cross Platform
INFO: Current Database password does not match the password of Database being restored
INFO: Using the Password of the Database being restored
HUM database restore successfully completed.
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Poller
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Poller/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Threshold
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Threshold/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Custom
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Custom/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Poller_Failure
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Poller_Failure/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/TrendWatch
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/TrendWatch/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Availability
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Availability/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/PoEPORTUtilization
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/PoEPORTUtilization/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_Utilization
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_Utilization/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Memory_Utilization
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Memory_Utilization/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_Availability
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_Availability/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Threshold_Violations
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Threshold_Violations/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/CPU_Utilization
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/CPU_Utilization/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/PoEPSEConsumption
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/PoEPSEConsumption/README.txt
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_ErrorRate
File :/opt/CSCOpx/MDC/tomcat/webapps/upm/reports/Quick/Interface_ErrorRate/README.txt
Directory is reportsStarted changing property .
linux
Restored HUM configuration file successfully.
doRestore of [upm] has completed.
doRestore of [cvw] has started.
doRestore of [cvw] has completed.
postRestore of [Common Services] has started.
postRestore of [Common Services] has completed.
postRestore of [Campus Manager] has started.
postRestore of [Campus Manager] has completed.
postRestore of [Resource Manager Essentials] has started.
postRestore of [Resource Manager Essentials] has completed.
postRestore of [Device Fault Manager] has started.
postRestore of [Device Fault Manager] has completed.
postRestore of [cwportal] has started.
postRestore of [cwportal] has completed.
postRestore of [ipm] has started.
postRestore of [ipm] has completed.
postRestore of [upm] has started.
postRestore of [upm] has completed.
postRestore of [cvw] has started.
postRestore of [cvw] has completed.
Restored successfully.
Are this errors going to affect our LMS 4.2 operations?
Then we have upgraded to LMS 4.2.2 and exported data and credentiales for PI import.
On PI 1.3 we have installed WCS 500 devices upgrade license and LMS 1500 upgrade license and now we are having 2000 devices lifecycle license. We have successfully restored WCS data in PI and we have imported LMS devices as bulk import. What is strange is that we have this message in prime regarding licensing:
On LMS 3.2 our customer had saved unlimited number of configuration versioning. After upgrading to LMS 4.2 we can only see last 3 configurations regardless of unlimided number of configurations in previous LMS, so my question is where can we find older configurations in LMS 4.2?
We are planning to turn unlimited versioning on CPI 1.3 now, so our customer will again have feature that they need. Do you have some experiance regarding disk space when all device configurations are stored forever?
Thank you for your help.
Regards,
Jelena
Maybe you are looking for
-
How to set settings to do 'right' thing by default, than default to 'wrong things...?
(How vague a title can i come up wth)... Well it could apply to more than one situation, which is why I left it a bit(!) open... Specifically, I find one of the reasons my current file has grown from a 60MB file to a 2.5GB file, is my use of gradient
-
Mini DisplayPort to HDMI Adapter by Belkin for iMac 2009 failed to work
This is an SOS message. I have purchased another Mini DisplayPort to HDMI Adapter and I have iMac (27-inc, Late 2009) running OS X Yosemite (Version 10.10.1). I have carried out the connection of Mini DisplayPort to HDMI adapter to LG Plasma TV Scre
-
Adobe Air application not installing
Hello, I am using Windows vista 32bit. I have adobe Air installed and installing the program "Adobe Air" succeeds with no issues. The problem is when I try to install a "*.air" package on this computer it does not function. Windows sees the package
-
How to get the FP-QUAD-510 to take readings
The documentation that comes with the FP-QUAD-510 does not clearly mention that you absolutely MUST supply external DC power in order for the input channels to function. Figures 3 and 4 of the Operating Instructions are missing a wire showing connect
-
Hello Forum I am finishing up a 25 minute project. I edited it in HD with the ProRes LT codec. We might go to tape in a few months for broadcast but in the meantime I just wanted to master the project as a file. I have tried to export it as prores 44