One Cisco prime deployment for three physically different Networks

Similar Messages

• ONe Cisco Prime 3 different networks?

  Can one Cisco prime deployment be used to manage three physically different Networks without creating a bridge between the networks. It is imperative that the networks remain separated but they will be managed by the same team so can you somehow use one Cisco Prime without the networks becoming connected 

  Prime is just a management tool that is used as more of a collaboration tool so you can manage devices in one place instead of physically touching each device so yes it can manage 3 different network as long as those networks are able to reach Prime.
  I would create 3 different Virtual Domains for the network and only allow visibility to the specific devices that are in each network so you have complete segmentation.
  Hope this helps!
  Malwan 

• What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP's?

  What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP’s?

  • PI provides visibility for autonomous  clients within the same list view as lightweight and wired clients (client list  page).
  • Rogue AP detection for autonomous AP's is not supported (it's  supported in CUWN). 
  • Alarms/events for client authentication issues (e.g.  authentication failure) are displayed in PI.
  • Config management for  autonomous AP's is via CLI template.  Config comparison and archiving  functionality in PI leverages these same features that were brought in from LMS,  so need to defer to others in terms of whether this is a cross-platform feature  in PI or is only supported on a subset of platforms.  Config comparison/archive  is supported in CUWN.PI supports both infrastructure (e.g. AP Tx Power and  Channel, busiest AP, AP utilization, etc.) and client (e.g. client count, client  sessions, etc.) reports, and there are extensive reports for CUWN

• Can one Cisco IPS 4360 connect to two different ISP circuits?

  Hi,
  Currently our network has two circuits from two different ISPs, with two firewalls in the middle of the ISPs and the corporation internal network. We are thinking of purchasing a Cisco IPS 4360 and put the device between the ISPs and the two firewalls.
  We would like the traffic coming to/from ASA1 still use the circuit from ISP1, and ASA2 still use the circuit from ISP2. Is this possible? Can the 4360 route the traffic as we want?
  I drew a draft picture of this issue. Please have a look at the attachment.
  Thank you!
  Regards,
  Jacky

  Hi,
  Yes, You can deploy your IPS as your plan. Please see the below link.
  http://www.cisco.com/c/en/us/solutions/enterprise/validated-design-program/networking_solutions_products_genericcontent0900aecd80601e22.html
  Regards
  Parosh

• ACS Server - Support for three separate company networks

  I looking into purchasing a ACS 3.3 server to support 3 networks in my organization. Here are my requirements:
  - One ACS server running TACACS and RADIUS supporting three networks
  - each network has a common group of administrators that require various level of access
  - some adminstrators require access to all three networks, some one, some two
  How can I configure each group of users to only have access to their respective networks. What attributes do I use to destinguish the networks for each group of users.
  I think ACS can do this from the reading I have done but need assurance.
  Thanks

  You could see the documenation for the configuation examples here : " target="_blank">www.cisco.com/techsupport/--------> guest---------> product support ----------> Security and Vpns -------------> search for ACS 3.3, check for release notes as well as for configuration examples. You can select view all documents.
  Also, " target="_blank">www.cisco.com/techsupport-----> Select ACS from the drop down menu under Security.

• Cisco ISE Deployment suggestion required

  Require Assistance on Cisco ISE Deployment for below scenario
  -- We have Three Cisco ISE Appliances and Client has taken Advance Subscription License for 500 users
  -- Client has DC & DR and needs to deploy the Cisco ISE in one Main Office which connects to DC & DR on MPLS Links
  -- Client suggestion was to deploy one ISE node ( Admin + M&T + Policy Server ) in DC and its Standby Secondary in DR
       and only deploy Policy Server in Main Office.
       Idea behind the design is that ,
       1) If DC fails , Cisco ISE related logs will get generated on DR and any Cisco ISE related request will be taken care by Local Policy Server in Main Office .
        2) If Local Policy Server Fails , then ISE node in DC will act as Secondary backup and DR will act Teritary Backup
        below is view
                                       DC
                          Primary Node with Role
                     [Admin , M&T , Policy Server]
                                                                                                               Main Remote Offic
                                                                                                                Cisco ISE Node ( Only Policy Server) -----------> Network Devices
                                 DR
                         Secondary   Node with Role
                     [Admin , M&T , Policy Server]
  Please let me know is it possible

  Yes, The scenario is quite achievable also please  review the below link for assistance on deployment of ISE.
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf
  http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.pdf

• Cisco Prime Infrastructure 2.2 - can we load PI2.2 on UCS-E140S-M2/K9 -

  I am busy with an iWAN design and part of the solution is to have Cisco Prime deployed as a management tool.
  The customer does not have VM and do not want an appliance.
  The design caters for the new ISR4400 series routers.
  We can add a UCS-E single wide server to the Core Router - UCS-E140S-M2/K9- can I load PI2.2?
  The site will have 45 routers, 10 AP's - so will go with 50 lifecycle and assurance licences

  I'm afraid this is supported officially. There are only two options :
  > Installing as a virtual appliance - on an ESXi server.
  > Using Cisco Physical Appliance
  Installing directly on another hardware, be it UCS or other physical boxes is not supported. I am not sure if anyone would have tried to install and if there is a procedure to do so.
  I can you want to try to burn the image as iso on DVD and install on your UCS box, it may have support issues from TAC whenever you'll reach out.
  -Thanks
  Vinod 
  **Encourage Contributors. RATE Them**

• NCS & Cisco Prime LMS 4.X

  Hi,
  We have got preinstalled Cisco prime NCS appliance, is ts possible if we can insall Cisco Prime LMS 4.X on the same appliance and upgrade the existing running LMS 3.X which is running on Windows server on the appliance or do we need seperate appliance for cisco prime LMS 4.x.
  Rgds,
  Kamal Singh
  9971000379

  I am not sure if I understand you correctly but if you go for a physical appliance, NCS and LMS both needs their own dedicated appliances. Have a look here:
  Cisco Prime Infrastructure 1.1 Ordering and Licensing Guide
  that's what is written in section " Ordering Information for New Customers" point 5.:
  5. Purchase the physical appliance if the desired deployment option is a physical appliance rather than a virtual appliance. Both Cisco Prime NCS and Cisco Prime LMS support the physical appliance deployment option. Each product requires its own dedicated physical appliance. Refer to Table 2.

• Cisco Prime LMS MPLS monitoring

  Hi all, have anyone used Cisco Prime LMS for MPLS xconnect monitoring?
  Currently when these traps arrive to Cisco Prime LMS they are classified as "InformAlarm Unidentified Trap Generic".
  Is it maybe possible to load the correct MIB for these traps and get Cisco Prime LMS to understand them correctly?
  The raw traps looks like this:
  xconnect down:
  09:58:42.352760 IP (tos 0x40, ttl 245, id 12, offset 0, flags [none], proto: UDP (17), length: 114) routerhost.51591 > lmshost.snmptrap: [udp sum ok]  { SNMPv1 { Trap(71)  E:cisco.10.106.2 10.130.1.13 enterpriseSpecific s=1 424011509 E:cisco.10.106.1.2.1.26.2=2 E:cisco.10.106.1.2.1.26.2=2 } }
  xconnect up:
  09:59:48.597894 IP (tos 0x40, ttl 245, id 14, offset 0, flags [none], proto: UDP (17), length: 114) routerhost.51591 > lmshost.snmptrap: [udp sum ok]  { SNMPv1 { Trap(71)  E:cisco.10.106.2 10.130.1.13 enterpriseSpecific s=2 424018144 E:cisco.10.106.1.2.1.26.2=1 E:cisco.10.106.1.2.1.26.2=1 } }
  I found some more info about the traps at:
  http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2&mibName=CISCO-IETF-PW-MIB-V1SMI
  BR /Crille

  Here is an update:
  After discussing with TAC there seems to be 2 possible solutions in LMS right now:
  1. Create a threshold that monitors the specific OID for the xconnect vc and generate alarm if it changes.
  2. Configure the device to send syslog when a xconnect state changes and create an "automated syslog action".
  I have not tried either of them yet so I dont know which one works best, but option 2 seems easiest (its a one time config).

• Cisco Prime Server Specifications

  Would anyone happen to know a good server build would be to run Cisco Prime Infrastructure for 5k in network devices.  I can only find VM information and not physcial hardware specifications in regards to this.

  Kindly check the following link (Data sheet for PI)
            http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/data_sheet_c78-729088.html
  and you can check the server specification from cisco and follow cisco recommended as best practice

• Cisco Prime NCS appliance & license

  Hi all,
  I'm looking for getting a Cisco prime NCS appliance (PRIME-NCS-APL-K9). I'm a little bit confused regarding to the license scheme:
  1. Does the appliance has any license coming with it or we need to order the license separately?
  2. If I have an WLC 5508 (license support 12 APs) & 12 3500 APs, then number of devices counted will be 1 (WLC) or 12 (APs) or 13 (WLC + APs) ?
  Thanks for the help,

  Cisco Prime Infrastructure for the  first time you may access the lifecycle and assurance features using the  built-in evaluation license that is available by default. The default evaluation  license is valid for 60 days for 100 devices and 150 interfaces. You will need  to purchase the base license and the corresponding feature license before the  evaluation license expires. Cisco Prime Infrastructure 1.2 can be ordered using  the standard Cisco® ordering tools at http://www.cisco.com/go/ordering. More information about getting the  license files can be found in the Cisco Prime Infrastructure 1.2 Ordering and  Licensing Guide

• Cisco Prime Infrastructure 2.2 - Network Topology error

  He dears,
  My Customer has installed over UCS Cisco Prime Infrastructure 2.2.
  The network is composed with Switches nexus 93962-px and 2960x. All devices were discovered and inventoried successfully.
  The problems is that Network Topology is not showing the connections between devices. Some devices connections are showed (partially) and another not.
  We've already checked that CDP is run and working fine on all of switches.
  I appreciate your help!
  Tks,
  Regis

  I'm sorry to say that but Prime Infrastructure does not support IP SLA functionality similar to Cisco Prime LMS:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-729089.html
  It's in the developer's plans but there's no schedule yet for this feature.
  It's possible to manually configure IP SLA on the device and then define Custom SNMP templates in Prime Infrastructure and poll whatever information you might consider relevant.
  This isn't user friendly (exact OID needs to be typed manually) and is a bit quite complicated, though.
  -Thanks
  Vinod
  **Rating Encourages contributors, and its really free. **

• Email notification for config deployment jobs in Cisco Prime Infrastructure 1.2 ??

  We're upgrading from LMS 3.2 to Cisco Prime Infrastructure ...
  In LMS 3.2 we're using netconfig all the time to configure various jobs related to port security
  In installing Cisco Prime Infrastructure and working through it's use of templates, I'm having some difficulty finding out how to send out a notification once a configuration job has completed.  It's so simple in LMS 3.2 since it's part of the job creation screens.
  Any assistance would be greatly appreciated.

  HI, Raymond
  Just wondering if this problem is resolved?
  Thanks!

• Ask the Expert: Cisco Prime Infrastructure - Implementation and Deployment

  Welcome to the Cisco Support Community Ask the Expert conversation.
  This Ask The expert Session will cover questions spanning Cisco Prime Infrastructure on Implementation and Deployment on Wired and Wireless. This will be more specific to Customer’s and Partners questions product covering PI on configuration, Features and Menu, Network Monitoring, Maps, Implementation, High Availability and Maintenance and t/s parts.
  Monday, February 2nd, 2015 to Friday, February 13th, 2015
  Dhiresh Yadav is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco Prime Infrastructure and Cisco Wireless products. He has over 7 years of industry experience working with large enterprise and service provider networks. He also holds CCNP (RS) and CCIE (DC) certifications.
  Afroz Ahmad is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco NMS products like Prime Infrastructure, LMS, IP SLA and SNMP etc. He has over 7 years of industry experience working with large enterprise and service provider networks. He also holds CCNP (RS),CCIE (DC), and SCJP (Sun Certified Java Professional )
  Vinod Kumar Arya is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco NMS products like Prime Infrastructure, LMS, IP SLA and SNMP etc. He has over 8 years of industry experience working with large enterprise and service provider networks. He also holds VCP 5 and RHCE certifications.
  ** Remember to use the rating system to let the experts know you have received an adequate response.**
  Because of the volume expected during this event, the experts might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, > Network Management, shortly after the event. This event lasts through February 13th 2015. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

  Hello Wilson,
  Thanks for joining us.
  1841 should just work fine for net flow . Hope you have a valid "PI Assurance license" installed on the server.
  "PI Assurance license" is required for "net-flow"  feature
  Devices supporting Netflow in PI ::
  1400, 1600, 1700 & 1800
  2500, 2600 & 2800
  3600, 3700, 3750 & 3800
  4500 & 4700
  AS5300 & 5800
  7200, 7300, 7400 & 7500
  Catalyst 4500 ASCI
  Catalyst 5000, 6500, & 7600 ASCI
  ESR 10000 ASCI
  GSR 12000 ASCI
  Cisco IOS Software Release Version
  Supported Cisco Hardware Platforms
  11.1CA, 11.1CC
  Cisco 7200 and 7500 series, RSP 7200 series
  12.0
  Cisco 1720, 2600, 3600, 4500, 4700, AS5800 
  RSP 7000 and 7200 series
  uBR 7200 and 7500 series
  RSM series
  12.0T, 12.0S
  Cisco 1720, 2600, 3600, 4500, 4700, AS5800 
  RSP 7000 and 7200 series
  uBR 7200 and 7500 series
  RSM series, MGX8800RPM series, and BPx8600 series
  12.0(3)T, 12.0(3)S
  Cisco 1720, 2600, 3600, 4500, 4700, AS5300, AS5800
  RSP 7000 and 7200 series
  uBR 7200 and 7500 series
  RSM series, MGX8800RPM series, and BPx8650 series
  12.0(4)T
  Cisco 1400, 1600, 1720, 2500, 2600, 3600, 4500,
  4700, AS5300, AS5800
  RSP 7000 and 7200 series
  uBR 7200 and 7500 series
  RSM series, MGX8800RPM series, and BPx8650 series
  12.0(4)XE
  Cisco 7100 series
  12.0(6)S
  Cisco 12000 series
  NetFlow is also supported by these devices Cisco 800, 1700, 1800, 2800, 3800, 6500, 7300, 7600, 10000, CRS-1 and these Catalyst series switches: 45xx, 55xx, 6xxx.
  NetFlow export is also supported on other Cisco switches when using a NetFlow Feature Card (NFFC) or NFFC II and the Route Switch Module (RSM), or Route Switch Feature Card (RSFC). However, check whether version 5 is supported, as most switches export version 7 by default.
  You can check the below steps to diagnose the issue::
   To verify that NetFlow is exported from a device to PI, follow the steps below:
  1)    Browse to Administration > Data Sources page. Check the value in column ‘Last Active Time’  for the ‘Device Data Sources’ table. If the table is empty or  the value does not represent recent time, then
  it is possible that the device is not exporting NetFlow or PI Assurance license is not applied / expired.
  2)    Login to PI console ( via SSH) as root user and run the command:
                  netstat –an | grep 9991 – Output of this should be like :  udp        0      0 :::9991         :::*
                  Check the firewall settings on PI server using the command: firewall -L
  1)    Check the configuration on an IOS / IOS –XE device. Run the commands
  a)    sh running-config | inc destination
  1)    This should list the IP address of the PI SERVER ( along with other outputs if any)
  b)    sh running-config | inc 9991
  1)    This should list at least one entry.
  c)    If the above are fine, then verify that the flow monitor, flow exporter and the flow records are correctly configured on the device.
  Refer to the URLs below to configure NetFlow export.
  http://preview.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/user/guide/setup_monitor.html#wp1056427
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ****

• Cisco Prime Infra 2.1 for Wireless and Wired Management

  Hi All,
  I've two CPI 2.1 physical appliances running in HA mode. Currently they are used to manage Wireless infrastructure. 
  Now, we are planning to buy licenses and add wired devices to CPI. 
  We've two separate teams. Team-A manages Wireless only and Team-B manages Wired infrastructure.
  Both teams want their own Admin accounts to access CPI and they don't want to use shared credentials. If Team-A logsin with their Admin Account, they should see Cisco Prime Infrastructure dashboard and if Team-B logs in with their own Admin Account, they should see CiscoWorks LMS Dashbaord.
  How can we achieve this? I can create user accounts and provide access to the CPI, but I'm not sure how to specify which dahsboard they will get access to.
  Thanks,
  CJ

  You should consider merging team doing wired & wireless, it is difficult to manage these individually. 
  By any chance if you deploy 3850/3650, it is both WLC & Switch, so managing by two different teams does not make sense.
  HTH
  Rasika