Prime Infra, ACS5.4 and RADISUS/TACACS behaviour

Similar Messages

• Netflow is not showing on prime infra 1.2 and also reports are not generating

  Hi friends,
  I add my router to cisco prime for netflow and configured it by temelate as mentioned by cisco in deployment guide. I got netfloe till last friday but today i am getting anyflow on prime.
  second I am not able to generate raw netflow.
  how can i removed any device from data sources ifthis is nolonger present there. for better understanding i am also ataching the snapshot.

  Hi,
  Thanks
  Yes I have configured the command “aaa accounting exec default start-stop group tacacs+”
  As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
  Regards,
  Vineet

• Issue with Prime Infra 2.1.1 and Nexus 7K

  We have recently migrated from our NCS to Prime Infra 2.1.1. Since doing this we have started to import or switching gear into PI in addition to our WLC and MSE appliances. Discovery and inventory of the 3750X and 4500-X switches has been without issue. When we point PI 2.1.1 to a Nexus 7K running a VDC, the switch discovers as a Nexus 9500 instead of a 7K. Anyone else seen this happen? Any work arounds or suggestion on what might be going on? My thought was its discovering a VDC on the 7K and its not the admin VDC. That said our Admin VDC is not configured for SNMP and  we wanted to discover the VDC's that we actually use for client traffic. I should note we have loaded the lastest available device pack to PI as well.
  Please advise - any help would be greatly appreciated.
  Thanks,
  Jeff

  We ran a  discovery of all our Nexus switching last night. Once we did that the patter was easy to see. Any 9 or 10 slot Nexus was fine, any 4-slot Nexus appears as a Nexus 9500 instead of a 7K. I checked the compatibility matrix (latest release through DP 6.0) and support for the 9/10/18 slot is listed. No mention of support for the 4 slot. I believe that is our issue.
  Jeff

• Cisco Prime Infra and SMS gateway integration

  Hello,
  Can anyone point me to right documents or resources to integrate cisco prime infra 2.x with SMS gateway?
  Is there any way I can get SMS alerts for critical events in Cisco Prime Infra 2.x?
  Any suggestion is highly appreciated.
  Regards,
  Girish

  Not directly.
  If you configure PI to email you on alerts, many carriers allow you receive SMS via an email address - i.e. <your_number>@<your_carrier>

• Cisco Prime Infra 1.2 Web server

  Hello,
  I have installed a version of Cisco Prime Infrastructure 1.2.11 with a kickstart .ova file on my production network.
  Everything goes fine and I follow the instructions for installation ; i can ping my Cisco PI server and ssh into it as admin.
  However, when I try to reach the web server via https, it does not work. I have reviewed my proxy settings and they are not to blame. The nslookup returns the IP address when I poll it. I have read elsewhere that I would need "NCS" service to be started, but I can't find anything called NCS on my Prime Infra server in CLI mode.
  Anyone with a suggestion for this issue ?
  Thanks
  Jeremy

  Actually I know what's happening ; the PnP (plug n play) setup was not configured, and so 443 port was not up.
  I configured PnP using "pnp setup" command, but then I have to supply a list of certificates and keys :
  Enter absolute pathname of PnP Gateway server key file:
  Enter absolute pathname of PnP Gateway server certificate file:
  Enter absolute pathname of Prime Infrastructure server certificate file:
  I tried to do this with the private key I had for my server. I created it on my Certificate Authentication and got a .key and a .csr (certificate server request).
  However when i feed them to my PnP setup I get this error :
  Setup is in progress.......
  Stop PnP Gateway server
  OpenSSL command failed for mycert.csr and mykey.key
  any idea as to why this is happening?
  I read elswhere again that i need to run commands with "ncs" but I don't have "ncs" commands on my prompt...
  Thank you for your time

• Can Cisco Prime Infra 2.1 work as syslog server

  Hello all,
      Customer want Cisco Prime Infra 2.1 to work as syslog server.  they want to query text in syslog and get raw log file from Cisco Prime Infra.  but when i see in user interface.  I think that it cannot query and search text in syslog.  but i am not sure whether we can get raw log file per devices from Cisco Prime Infra.   Can anyone know about this.?
  thanks
  sompoj

  Hi Sompoj,
  In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
  , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
  syslog messages will not be saved into log files .
  Thanks-
  Afroz
  ****Ratings Encourages Contributors ****

• Cisco Prime Infra 2.1 Standard Install using OVA File HD Requirements

     Hi guys,
         I wanna install the Cisco Prime Infra Standard 2.1 using the OVA File but I haven't 900 HD Space continuous in Storage.
     Two questions
         01) The Virtual Machine allocate this space (900 HD) during the install or allocate dynamically as needed ?
         02) There is a option to install the Standard Version using less HD space ?
        Thanks
        My Best Regards
        Andre Gustavo Lomonaco

  Initially we installed medium when Prime 2.0 came out, however about 3 months lately we needed to upgrade to standard/pro.  Upgrading the CPU/Core was seamless  
  Install a smaller OVA with enough cpu/cores for the standard and just add disk space later on
  https://supportforums.cisco.com/document/9871606/adding-disk-space-prime-infrastructure
  Its not a recommended practice but there are work around...

• ISE ( Idendity Service Engine ) & MSE (Mobility Service Engine ) & Prime Infra

  What is the difference between ISE ( Idendity Service Engine ) & MSE (Mobility Service Engine ) & Prime Infra .
  How this will be used along with WLC & AP & wireless Users.

  The Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and VPN access, leading to more productive workers and lower operations costs. When operating in a network, ISE provides the following key features: 1.Rigorous identity enforcement 2. Extensive policy enforcement 3.
  Security compliance 4. Automated onboarding whereas Cisco Mobility Services Engine supports RTLS and WIPS and Cisco Prime is centralize wireless and wired Monitoring and management solution. ISE and MSE both can be integrated with Cisco Prime. For more deatil over these products you can see the below links.
  http://www.cisco.com/en/US/prod/netmgtsw/prime.html
  http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c78-475378.html
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/data_sheet_c78-656174.html

• Prime Infra 2.0 alert when syslog message received

  Dear member,
  May I know did prime infra 1.3, 2.0 can support alerted user when received a syslog message?
  if yes, and configiuration guide for reference?
  Regards

  Hi Russ,
  PI does not actually keep a record of the raw syslog  messages it receives, and there is no report for syslogs. When PI receives a syslog, it will immediately process the message and convert it to an event/alarm.
  Also, note that PI only processes severity 1 and 2 syslogs. The closest thing you can get to a  syslog report
  would be to run anadvanced search for events
  For other alarms and events you can go to Operate > Alarms
  & Events > Email Notification page. Make sure that the alarm categories that you
  want to have notifications for also has the Enable checkbox checked.
  Thanks-
  Afroz
  [Do rate the useful post]

• Upgrade Prime Infra 1.4 to 2.x

  Hello,
  Is there a timeframe for the Prime Infra 1.4 Version to get upgraded to 2.x?
  thanks in advance
  Martin

  Note: Cisco Prime Infrastructure version 1.4 and 1.4.x cannot be upgraded to version 2.1; upgrade will be available for a future 2.x release.
  http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-731516.html

• Prime Infra: Add guest user to all WLC's

  Hi all,
  I have prime infra 2 running, with 2 WLC's v7.4
  1  WLC has all the AP's, the other one sits in the same mobility group in case the first one fails (it has no joind AP's when acting as standby).
  When I create a guest user in Prime Infra, it only gets created on the WLC with the AP's joined.
  So WLC1 has the AP's WLC2 has none -> I create a guest user and it is added to WLC1
  I do a failover, WLC1 has no AP's WLC2 has all the AP's, I create a new guest user, it is added only to WLC2
  Is there a way that I can add a guest user, and it adds it to the 2 WLC's?
  Thanks in advance!

  Did you install the application in /Applications? If so, then it's available to all users on that machine and they can add it to their Dock, or you can login to each account and add it to their Dock.
  When creating new accounts, the template used is the one you get when you first create an account on a new Mac, and that was specified by Apple.
  Mulder
  If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
  iMac G4 700Mhz   Mac OS X (10.3.9)  

• Cisco Prime Infrastructure 1.2 and Aironet 1250 + VSS issues

  Hi,
  I  am new to the NCS implementations and configurations. I have one very  specific case with Cisco Prime Infrastructure 1.2 and autonomnous APs  and several issues with Cisco VSS on 6500 switches.
  So here is the version from Prime:
  NCS/admin# show version
  Cisco Application Deployment Engine OS Release: 2.0
  ADE-OS Build Version: 2.0.1.038
  ADE-OS System Architecture: x86_64
  Copyright (c) 2005-2010 by Cisco Systems, Inc.
  All rights reserved.
  Hostname: NCS
  Version information of installed applications
  Cisco Prime Network Control System
  Version : 1.2.1.012
  IOS version on our APs (which are autonomnous) is:
  AP-N-1>show ver
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Thu 11-Aug-11 03:23 by prod_rel_team
  Well  the issue what we have now is that access point has been added but its  not recognized by the NCS prime. I have tried all three versions of SNMP  but I get the same result. The SNMP configuration is valid since I use  the same for my switching infrastructure. When I enter "debug snmp packets" and "terminal monitor" I can see the SNMP communication between Prime and Aironet 1250 which is standalone.
  When  I switch to Lifecycle theme and go to Operate > Device Monitor  Center I see all devices I have added. The Aironet 1250 is reachable but  under collection status I get Managed with Warnings. When I hover over  with my mouse I get "None available".
  I  have successfully added my switching infrastructure in total, which is  operating perfectly for Catalyst 2960/3650/3750/4500 series but for 6500  under VSS I have some warnings. The device is recognized by the system  which is excellent and all is operational. I get the following errors  under Collection Status:
  feature_sensor
  SNMP request timed out
  feature_powerSupplyFanStatus-6k
  SNMP request timed out
  IdentityCapability
  The device is unreachable.
  feature_flashdevice
  SNMP request timed out
  sam_ipsla_feature
  The device is unreachable.
  What can be done to resolve these issues ? I have attached a screenshot of this particular issue. The affected access point is 172.16.165.241.
  Predrag Petrovic       

  Hi rajeeshp,
  Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
  Predrag Petrovic

• CISCO PRIME INFRA 1.1 License

  Hai Recently, we are installing cisco Prime NCS 1.1  and we are facing some issue for License.
  I would like to clarrify the below licneses.
  L-WCS-NCS1-M-K9
  L-PINCS11-300-U
    L-PINCSW11-300-U
  We installed the second licnese and got 300 device limit. But we have 500 access points in our network. We are using NCS only for Wireless Management and not for Network Devices which is using LMS .
  I am confused, we have additional 2 more licenses as above and why is that for??? can any one let me know these!!! Y we are using WCS-NCS license and it is having lonly 25 device limit support , which we cannot import since i already upload the second licnes. Also y this L-PINCSW11-300-u WAN license used for????

  You can always remove the license if you installed the wrong license....You need to install your base first then your adder.  You don't need to use the LMS or WAN as this comes free with NCS 1.1.  The WCS to NCS migration comes with a free 25 ap base license.  You just need to make sure you have purchased the correct license to cover your 500 ap count.
  Here is another thread regarding the license:
  https://supportforums.cisco.com/message/3672947#3672947
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Upgrade Prime Infra 1.4 to 2.0: is there no way other than fresh install

  Hello,
  We want to upgrade a Prime Infrastructure from 1.4 to 2.0.
  Cisco document says that there is no upgrade path from Prime Infrastructure 1.4 to Prime Infrastructure 2.0.
  So how to do if I want to upgrade from 1.4 to 2.0: I have to insert all configuration manually? :'(
  Regards,
  Antra

  HI Antra,
  There is no upgrade path from Prime Infrastructure 1.4 to Prime Infrastructure 2.0.
  as per my knowledge you must start it from scratch.
  Info:
  Prime Infrastructure 1.4 is a separate software train parallel with Prime Infrastructure 1.3 and 2.0.
  The next maintenance release for users of Prime Infrastructure 1.4 will be Prime Infrastructure 2.2, currently targeted for the September/October/November 2014 timeframe.
  So if you have 1.4 or 2.2 then you can not upgrade and downgrade.
  Regards

• NME-NAM with Cisco Prime 5.1.2 and IOS Firewall

  Hello,
  I have installed and configured the Cisco NME-NAM with Prime 5.1.2 and have access to the NAM via a web browser. It is not picking up any data even though I havew configured the following:
  internal data source
  network site 10.10.16.0/20
  All reports show "No data for selected time interval"
  I am running IOS 15.1 on a 2811 with IOS firewall enabled.
  Do I need to create a FW rule to allow traffic to be monitored by the NME-NAM?
  Thank you,
  Matthew

  Hi rajeeshp,
  Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
  Predrag Petrovic