Upload
chandra-sekar
View
29
Download
3
Embed Size (px)
DESCRIPTION
LMS
Citation preview
© 2013 Cisco and/or its affiliates. All rights reserved. 1
Vinod Arya Customer Support Engineer
August 20, 2013
Cisco Support Community Expert Series Webcast:
CiscoWorks Prime LAN Management Solution: Implementation, Configuration, and Troubleshooting
2 © 2013 Cisco and/or its affiliates. All rights reserved.
• Today’s featured expert is Cisco Support Engineer Expert
• Ask him questions now about Cisco Prime LAN Management Solution
Vinod Arya
CCNA, VCP
Expert’s photo
3 © 2013 Cisco and/or its affiliates. All rights reserved.
Installing, configuring and troubleshooting Cisco
Prime LMS
Panel of Experts
Event Date: August 20, 2013
Afroz Ahmad
CSE, CCNA, CCNP, OCJP
Syed Khalid
CSE CCNA, CCNP
4 © 2013 Cisco and/or its affiliates. All rights reserved.
Today’s presentation will include audience polling questions
We encourage you to participate!
5 © 2013 Cisco and/or its affiliates. All rights reserved.
If you would like a copy of the presentation slides, click the PDF link in the chat box on the right or go to
https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management
Or, https://supportforums.cisco.com/docs/DOC-35688
6 © 2013 Cisco and/or its affiliates. All rights reserved.
a) I am a beginner in NMS and have little or no experience with Cisco Prime LMS.
b) I have vast experience with Network Management Tools but limited experience with Cisco Prime LMS.
c) I’m an experience Network Administrator with basic/running knowledge of Cisco Prime LMS.
d) I’m running Cisco Prime LMS in production and I have in-depth knowledge of it.
What is your exposure and experience with Network Management with Cisco Prime LAN Management Solution?
7 © 2013 Cisco and/or its affiliates. All rights reserved.
Use the Q&A panel to submit your questions. Experts will start responding those
8 © 2013 Cisco and/or its affiliates. All rights reserved.
Vinod Arya
August 20, 2013
Customer Support Engineer
10 © 2013 Cisco and/or its affiliates. All rights reserved.
Introduction to Cisco Prime LMS
Basics of NMS
Evolution of Cisco Prime LMS
What is Cisco Prime LMS
Installing Cisco Prime LMS
Configuring and implementing Cisco Prime LMS
Troubleshooting Cisco Prime LMS
Live Demo
11 © 2013 Cisco and/or its affiliates. All rights reserved.
Does Network issues
Keeps you in tension?
QoS
Medianet
Cisco
Energy
Wise™
VSS
Cisco
TrustS
ec®
Routers
UT
IP
SLA
Topology Fault
Switches
CCM
NBAR
IP SLA
Config
Inventory
Reports Security Software
Mgmt
Support ??? ???
NMS
13 © 2013 Cisco and/or its affiliates. All rights reserved.
Single product for all “Wired” lifecycle needs
Simplifies and automates many day-to-day tasks
Troubleshoot
Discover
Manage
Monitor
Optimize
Remediate
• Quickly discover all network elements
• Create common device list – for all managed elements
• Review and modify network management processes
• Improve manageability • Improving network availability while
lowering OpEx
• Quickly fix problems through automated or manual intervention
• Best practices and discrepancy checking with automated fix to prevent problems before they affect service
• Provide visibility of all network changes – configuration, inventory
• Proactively monitor network faults and performance
• Identify problems before they affect service
• Collect inventory details and back up all device configurations
• Deploy configuration changes and image updates
• Maintain device configuration consistent with industry, IT or corporate policies and best practices
• Quickly isolate and identify network problems
• Problem isolation with drill down for root cause analysis
14 © 2013 Cisco and/or its affiliates. All rights reserved.
Efficiently manage network Assets and facilitate updates
Continuously monitor instantaneous configuration changes
Quickly identify policy deviations and comply with regulations
Proactively monitor health of network
Connect with community and remediate network issues
Improved contract connection for an improved lifecycle management
Leveraging the Best Practice and value added service
End to end visibility and complete of the network
Integrated Function Business Scenario
15 © 2013 Cisco and/or its affiliates. All rights reserved.
Discovery/Inventory management
Configuration management
Monitoring / Faults
Troubleshooting
Compliance & Auditing
Administration
Reporting
Best Practice Designs (SBA)
Network Refresh - EoX, PSIRT, etc.
16 © 2013 Cisco and/or its affiliates. All rights reserved.
Introduction to NMS
Evolution of Cisco Prime LMS
What is Cisco Prime LMS
17 © 2013 Cisco and/or its affiliates. All rights reserved.
Network Management Systems usually are specialized software's intended to monitor essential Networking Equipment's, covering both Software and Hardware sides (In our case it is Routing, switching, Security, Voice, Content and Optical Networking etc.)
Network Management Systems are based on FCAPS and majorly use SNMP to communicate to Network Devices.
The International Organization for Standardization (ISO) network management model defines five functional areas of network management : Fault Management, Configuration Management, Performance Management, Security Management, Accounting.
Cisco Prime LMS covers most of the functional areas of FCAPS except Security, which itself is a big functional area with dedicated Software’s.
18 © 2013 Cisco and/or its affiliates. All rights reserved.
Network traffic and network technology
Network resources (support staff, $$)
Growth
Network are increasing in scale and complexity
Manage the elements of Infrastructure
Support staff and budget
Cost
19 © 2013 Cisco and/or its affiliates. All rights reserved.
The Goals:
Ensure that users of a network receive information technology services with the quality of service they expect.
Ensure the strategic and tactical planning of the engineering, operations, and maintenance of a network and its services.
Help network engineers manage the complexity of a data network and ensure that data can go across the network with maximum efficiency and transparency.
Prepare for disaster recovery.
21 © 2013 Cisco and/or its affiliates. All rights reserved.
Simplifies and automates tasks associated with day-to-day management – inventory, configuration, software deployment and troubleshooting tasks.
Supports a broad range of Cisco devices down to the interface – detailed reporting, monitoring and configuration
Provides detailed visibility of users, ports and network connectivity – topology services, user tracking, inventory
Automates the change management process quickly identifying hardware, software and configuration changes – change audit reports
22 © 2013 Cisco and/or its affiliates. All rights reserved.
Bundle of Application
A suite of Integrated applications that simplify and augments the daily tasks required to manage a cisco end-end network reducing total cost of ownership and improving network availability.
Functional Architecture
Architecture is based on Clients, Servers and Agents.
23 © 2013 Cisco and/or its affiliates. All rights reserved.
Network Devices
CiscoWorks Servers
MIBs HTTP
HTTPS
User Authentication and Authorization
Multi-Server Trust
Cisco.com
A client/server/agent architecture
Access to information using web browser
Central storage of information
Automatic collection of updates and changes
Simplifies the deployment of change s to network devices
24 © 2013 Cisco and/or its affiliates. All rights reserved.
Monitoring and Troubleshooting
Proactively identify and quickly fix network problems before they affect end users and services with out-of-the-box preconfigured monitoring dashboards
Configuration Management
Simplify the roll-out of new technologies and network changes through guided workflows based on Cisco best practices with built-in configuration templates that help reduce errors.
Compliance and Audit Management
Quick visibility of compliance status of the network.
Comprehensive Reporting
Get immediate up-to-date information about the network through flexible reporting for inventory, user tracking, compliance, switch port usage
25 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS evolved since its first introduction as CiscoWorks 2000 in early 2000.
It had following versions since then :
CW2000 LMS 2.1 LMS 2.2
LMS 2.5 LMS 2.5.1 LMS 2.6 (EOS)
LMS 3.0 LMS 3.0.1 LMS 3.1 LMS 3.2 LMS 3.2.1
LMS 4.0 LMS 4.0.1 LMS 4.1 LMS 4.2.x*
* LMS 4.2 has 4 service packs till date.
26 © 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Prime LAN Management Solution (LMS) offered as part of Cisco Prime Infrastructure, delivers powerful network lifecycle management by simplifying the configuration, compliance, monitoring, troubleshooting, and administration of Cisco networks. This innovative solution offers end-to-end management for business-critical technologies and services. It aligns management functionality with the way network operators do their jobs.
Simplifies the Management of Borderless Networks.
Contd..
27 © 2013 Cisco and/or its affiliates. All rights reserved.
Monitoring and Troubleshooting
Proactively identify and quickly fix network problems before they affect end users and services with out-of-the-box preconfigured monitoring dashboards.
Configuration Management
Simplify the roll-out of new technologies and network changes through guided workflows based on Cisco best practices with built-in configuration templates that help reduce errors.
Compliance and Audit Management
Upgradable compliance engine offers extensive modeling of industry, corporate, IT, and technology policies and quick visibility into compliance status of the network.
Comprehensive Reporting
Get immediate up-to-date information about the network through flexible reporting for inventory, user tracking, compliance, switch port usage, end-of-sale, PSIRT, and other critical areas.
Work Centers
Easily manage all phases of the end-to-end lifecycle of Cisco value-added technologies and solutions, such as medianet, EnergyWise, TrustSec and Identity, Auto Smartports, and Smart
Install
29 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS 4.2 supports the following Solaris 10 releases:
• Solaris 10, 10/09 release • Solaris 10, 05/09 release
• Solaris 10, 10/08 release • Solaris 10, 05/08 release
• Solaris 10, 08/07 release • Solaris 10, 11/06 release
• Solaris 10, 09/10 release • Solaris 10, 08/11 release
LMS 4.2 supports the following Windows systems (only 64bit OS):
Windows 2008 Standard and Enterprise Edition Release 1 with SP1 and SP2
Windows Server 2008 R2 Standard and Enterprise Edition with SP1
LMS 4.2 supports the following Virtualization Systems:
•VMware ESX server 3.0.x •VMware ESX Server 3.5.x
•VMWare ESX Server 4.0.x •VMWare ESX Server 4.1
•VMWare ESXi Server 4.0 •VMware ESXi Server 4.1
•VMware ESXi Server 5.0 •Hyper V Virtualization (As an installable Windows 2008)
31 © 2013 Cisco and/or its affiliates. All rights reserved.
Why Quick install?
To reduce getting more number of inputs from the end user.
Instead of getting more number of passwords for admin, System identity , casuser and database prompting one login password from the end user and reusing the same for necessary terms.
Reduced the number of screens into to a single dialog.
Combined the number of user pre action information into single dialog called ‘Prerequisite’.
32 © 2013 Cisco and/or its affiliates. All rights reserved.
Quick Install contains 3 Major terms for Windows
Prerequisites of LMS
Combined all the prerequisites messages like disabling anti-virus ,
installing from network drive , DHCP service enabled.
LMS setup Dialog
Contains Welcome Message, License Agreement , LMS install
Destination Location , License Information , Login Password and
Backup Data.
Reboot Dialog
Contains Install information (like LMS download structure , license
validity and device information.) , Also contains view buttons for Errors
and Warnings available in the install log, Health monitor report and
finally reboot section.
33 © 2013 Cisco and/or its affiliates. All rights reserved.
Following default screens are having changes in Install
Mail Settings pages has been moved to the Getting Started. Launch
LMS42 and you can view the email setting screens.
Self-Signed certificate will be created randomly in the backend.
Summary window has been removed and the end of the reboot dialog
we have provided the view button to list passwords given by the end
user during install time.
And additionally health Monitor reports will provide the RAM ,SWAP
and Database details.
34 © 2013 Cisco and/or its affiliates. All rights reserved.
Warning when IIS is enabled and port 443 in use:
Prerequisite Warning or when there is an error:
35 © 2013 Cisco and/or its affiliates. All rights reserved.
Warning when all prerequisites are met and satisfied :
License and Install details and login setup:
36 © 2013 Cisco and/or its affiliates. All rights reserved.
Installation in Progress:
Installation completed window:
37 © 2013 Cisco and/or its affiliates. All rights reserved.
License Agreement message prompted option to enter YES or NO to view
the details
LMS4.2 installation has only Custom mode here after.
38 © 2013 Cisco and/or its affiliates. All rights reserved.
Like windows passwords screens are reduced and getting one login
password from the user and reusing the same. Provided the new prompt for
database password whether user can reuse the login password as
database password else system will generate a random password.
39 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS supports reinstallation of product in Windows and Solaris platform.
Reinstallation processes of LMS 4.2 are same as installation process for Windows and Solaris.
NOTE: Reinstallation is not supported in Linux.
41 © 2013 Cisco and/or its affiliates. All rights reserved.
Log into the portal for the first time, and use the Getting Started workflow to configure the server
Explore and customize the dashboards in My Menu, manage portlets, and change the portal layout
Manage the network device inventory
Manage network device configurations and software images.
Monitor and troubleshoot the network
Use the Work Centers to perform complete lifecycle management of network devices
Perform advanced administration tasks in CiscoWorks LMS
43 © 2013 Cisco and/or its affiliates. All rights reserved.
The First login page shows following details :
New Features
Migration procedure
Search Bar
Min. Options to Run LMS
Navigation Menu/Mouse Hover
44 © 2013 Cisco and/or its affiliates. All rights reserved.
System settings page is optimized. We can see and update the license information and other details directly.
Single page to set Authentication mode, Email server setting, Proxy setting, Backup and RCP and SCP setting
48 © 2013 Cisco and/or its affiliates. All rights reserved.
Device Allocation Setting:
Devices can be auto allocated to the selected device management
functions, or they can be allocated based on policies that can be
configured. Allocate all devices is enabled by default.
Device Addition:
Using this page we can add devices to Device Credential Repository
(DCR), and if required, create credential sets, and configure policies.
Devices can be added directly, using credential sets, or policies.
52 © 2013 Cisco and/or its affiliates. All rights reserved.
Manage Roles:
A role is a collection of privileges that dictate the type of system access we have.
The Manage User Roles workflow allows us to add, edit, copy and delete user-
defined roles in LMS. We can also set default user roles.
Manage User:
The Manage Users task in the Getting Started flow allows us to add, edit and
delete users in LMS. We can also set the authorization levels for the user.
55 © 2013 Cisco and/or its affiliates. All rights reserved.
Software and Device updates:
LMS periodically releases software and device package updates. We can check for these
updates from Cisco.com, and download them to a location on the server. We can install
these updates from this location.
In the case of device updates, we can install the updates using a web-based user interface,
and command line interface, wherever possible. The Getting Started workflow does not
support installation and uninstallation of software updates.
For downloads from Cisco.com to work, we should have access to Cisco.
59 © 2013 Cisco and/or its affiliates. All rights reserved.
Standard Discovery allows to run discovery with minimal settings.
The comparison of Standard Discovery with Custom Discovery
Standard Discovery Custom Discovery
Default Gateway as Seed Default Gateway as Seed
Support not provided
Discovery Fallback Support No Discovery Fallback
Support
Discovery using Existing
Policy Configuration
This option is not Supported
Default Credentials Set can
be used as SNMP
Credentials for Discovery
This option is not Supported
60 © 2013 Cisco and/or its affiliates. All rights reserved.
The discovery makes use of below protocols in specified order for discovering the devices.
• CDP
• LLDP
• Routing Table
• ARP
To Configure Standard Discovery following inputs have to be provided
Default Gateway ( as Default option)
Use DCR as seed
Seed device can be provided by user
61 © 2013 Cisco and/or its affiliates. All rights reserved.
By Choosing “Use Policy Configuration Settings option”, the configured policies (if any), will be taken as input for running discovery.If no policies are configured, Edit Policy Configuration link is provided to add policies with Credential Sets.
Credential Sets can be added using the link "Edit Credential Set".
62 © 2013 Cisco and/or its affiliates. All rights reserved.
By choosing “Use Custom Policy Configuration Settings” option user can add policies manually.
63 © 2013 Cisco and/or its affiliates. All rights reserved.
For fallback, the user has to check the option Snmp v3 to Snmp v2 Fallback and/or Snmp v2 to Snmp v1 Fallback
Select “Default Credential Set” option to apply the selected credentials to devices discovered and that will be added to DCR.
In Discovery Summary page , “Discovery Type” label have been added which depicts the Last Run Discovery.
For eg:Custom/Standard
When user clicks “Start Discovery” from Discovery Summary Page the last configured Discovery settings will be taken for Discovery.
In Discovery Schedule page, the option is provided for scheduling both Custom Discovery and Standard Discovery.
Discovery CLI supports Standard Discovery too
68 © 2013 Cisco and/or its affiliates. All rights reserved.
Key Use Cases
Customer or Partner is able to raise support cases for their network and track their cases from Prime Infrastructure.
Customer or Partner IT organization is able to go to Support communities with proper contextual information from Prime Infrastructure/LMS to self-diagnose and resolve network problems quickly before engaging Cisco Services.
Significant time savings for IT operators by
attaching contextual information
69 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS allows users to create/update a Support Case and access the Cisco Support Communities.
Create / Update
support case
70 © 2013 Cisco and/or its affiliates. All rights reserved.
Clicking Search Community
yields below screen
72 © 2013 Cisco and/or its affiliates. All rights reserved.
Inventory Management in Cisco Prime LMS groups the various activities in LMS involved in managing your inventory: your network devices. You can access these features from the Inventory menu in the Cisco Prime LMS home page.
Tools in the Inventory menu are:
Ciscoview
Mini-RMON
Device Center
SmartCase
73 © 2013 Cisco and/or its affiliates. All rights reserved.
Inventory Dashboard can be accessed via Inventory > Dashboard >
Inventory and we can configure the following Inventory dashboard
portlets from there:
Discrepancies Portlet
Here we can view the type and count of discrepancies, such as network inconsistencies and anomalies or wrong configurations in the discovered network.
The Discrepancy portlet gives a description of the discrepancy, the impact it has on the network, and ways to resolve it. Also, LMS provides reports on discrepancies in the discovered network, enabling identification of configuration errors such as link-speed mismatches on either end of a connection. Discrepancies are computed at the end of each data collection schedule.
Device Change Audit Portlet:
In the Device Change Audit portlet, we can view the changes in the inventory and configuration information for all the devices after every Inventory or Configuration Collection. However, the VLAN config change details will not be displayed and the changes in the exception period are displayed in red.
74 © 2013 Cisco and/or its affiliates. All rights reserved.
Hardware Summary Portlet:
In the Hardware Summary portlet, you can view a pie graph that displays the distribution of all managed Cisco devices in the inventory.
Software Summary Portlet:
In the Software Summary portlet, you can view the software version information and count for selected devices such as Cisco Interfaces and Modules, Switches and Hubs, Universal Gateways and Access Servers, and Routers.
Calendar Portlet:
In the Calendar portlet, we can view the jobs scheduled for the current month or day. When we launch the portlet, a calendar of the current month appears with the details of scheduled jobs in the Job Summary grid. Also, we can click the Day tab to view the jobs scheduled for the current day.
75 © 2013 Cisco and/or its affiliates. All rights reserved.
a) Windows
b) Solaris
c) OVA/OVF image on Linux shell
d) Not using Cisco Prime LMS
What is the preferred/existing OS for LMS in
your network?
Cisco Confidential 76 © 2010 Cisco and/or its affiliates. All rights reserved.
Tools in the Inventory menu CiscoView
Mini-RMON
Device Centre
SmartCase
77 © 2013 Cisco and/or its affiliates. All rights reserved.
CiscoView is a graphical SNMP-based device management tool that provides real-time views of networked Cisco Systems devices. These views deliver a continuously updated physical and logical picture of device configuration and performance conditions. Simultaneous views are also available for multiple device sessions.
Use CiscoView to:
View a graphical representation of the device, including component (interface, card, power supply, LED) status.
Configure parameters for devices, cards, and interfaces.
Monitor real-time statistics for interfaces, resource utilization, and device performance.
Set user preferences.
Perform device-specific operations as defined in each device package.
Manage groups of stackable devices.
78 © 2013 Cisco and/or its affiliates. All rights reserved.
CiscoView can be accessed from:
Inventory Tools CiscoView
80 © 2013 Cisco and/or its affiliates. All rights reserved.
Device Chassis View in CiscoView:
Configuring
Chassis
Configuring
Port/Interface
Configure Card
Physical
Configure Card
81 © 2013 Cisco and/or its affiliates. All rights reserved.
CiscoView Mini-RMON Manager provides web-enabled, real-time, remote monitoring (RMON) information to users to facilitate troubleshooting and improve network availability. When you use CiscoView Mini-RMON Manager with some Cisco devices, it provides visibility into network problems before they become critical.
It is a real-time remote monitoring tool that provides option to enable RMON collection, display the collected Ethernet statistics and lets you set thresholds against any of the collected statistics. An alarm is generated whenever the threshold is breached. This facilitates troubleshooting and improve network availability
To use this application, you must first install the Mini-RMON patch. This patch makes necessary updates to the CiscoView engine and installs the CiscoView Mini-RMON Manager device package. See Device Packages for more information.
We can access Mini-RMON from Inventory > Tools > Mini-RMON.
82 © 2013 Cisco and/or its affiliates. All rights reserved.
We need to configure Alarms and thresholds on device using Mini-RMON due receive alerts.
We can configure Alarms using the Mini-RMON Setup Tab and selecting Alarm.
The following information appears:
Alarm Source
Indicates whether the device, as a whole, or a port on that device is the source of an alarm.
Alarm Variable (alarmVariable)
Indicates the MIB variable to be sampled. Only variables that resolve to an ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may be sampled.
Rising Threshold (alarmRisingThreshold)
83 © 2013 Cisco and/or its affiliates. All rights reserved.
Rising Threshold (alarmRisingThreshold)
A threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event is generated. A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated alarmStartupAlarm is equal to "Rising" or "Rising or Falling".
After a rising event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches the alarmFallingThreshold.
Falling Threshold (alarmFallingThreshold)
A threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single event is generated. A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated alarmStartupAlarm is equal to "Falling" or "Rising or Falling".
After a falling event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches the alarmRisingThreshold.
84 © 2013 Cisco and/or its affiliates. All rights reserved.
Alarm Action (eventType)
The type of notification that the probe will generate for this event and there are four possible values:
None: no notifications are generated
Log: an entry for each event is added to the log table
Trap: a SNMP trap is sent to one or more management stations
Log and Trap: both a log entry and SNMP trap are generated
Current Value (alarmValue)
The value of the statistic during the last sampling period. For example, if the sample type is "Delta", this value will be the difference between the samples at the beginning and end of the period. If the sample type is "Absolute", this value will be the sampled value at the end of the period.
This is the value that is compared with the rising and falling thresholds. The value during the current sampling period is not made available until the period is completed and will remain available until the next period completes.
85 © 2013 Cisco and/or its affiliates. All rights reserved.
Configuring alarm in CiscoView Mini-RMON:
86 © 2013 Cisco and/or its affiliates. All rights reserved.
Device center is a part of Troubleshooting workflow in LMS, which collects information from the network and helps you to overcome network management challenges.
Using Device Center we can view the details of a device in the Device Troubleshooting page.
87 © 2013 Cisco and/or its affiliates. All rights reserved.
AlarmDevice centre Tools Option have various troubleshooting tools like snmpwalk, SNMP set, ping, Edit Device Credentials, Edit device Identity, In Built Packet Capture, Traceroute, Mini RMON etc
88 © 2013 Cisco and/or its affiliates. All rights reserved.
Device center Tools Option have various troubleshooting tools like snmpwalk, SNMP set, ping, Edit Device Credentials, Edit device Identity, In Built Packet Capture, Traceroute, Mini RMON etc
89 © 2013 Cisco and/or its affiliates. All rights reserved.
Device center Task Option have list of most important and essential options of each module from LMS, which can be directly launched for open device.
90 © 2013 Cisco and/or its affiliates. All rights reserved.
Device center Reports Option have list of most used reports options of each module from LMS, which can be directly launched for the open device.
91 © 2013 Cisco and/or its affiliates. All rights reserved.
Device center also shows major details from each module related to Status, Configuration, Reachability, Fault, Events, Port Status and Performance Details.
92 © 2013 Cisco and/or its affiliates. All rights reserved.
Key Takes of Device Center:
It provides a device-centric view for CiscoWorks applications.
It Provides device-oriented navigation paradigm for features and information from a single location.
Device Center provides a central point from where we can see a summary and reports for the selected device.
We can invoke various tools and perform various tasks.
We can launch Cisco-View.
We can view small topology map for devices.
We can troubleshoot connectivity.
Cisco Confidential 94 © 2010 Cisco and/or its affiliates. All rights reserved.
Objectives
Managing the Configuration Archive
Verifying Configuration Compliance
Using Configuration Tools
Using Configuration Workflows
95 © 2013 Cisco and/or its affiliates. All rights reserved.
Configuration Management allows to manage, deploy, and modify the configuration files used by devices in your network.
Configuration Dashboard in LMS provides information such as date of last configuration change, status of the configuration jobs, summary of inventory configuration protocol and Hardware and Software summary.
We can create configuration jobs to take active Archives device configuration.
We can define baseline configuration templates and determine the devices that are non-compliant in our network.
You can perform VLANs configurations and Virtual Switching System (VSS) conversions.
96 © 2013 Cisco and/or its affiliates. All rights reserved.
Configuration Archive Option are present under Configuration > Configuration Archive.
Configuration Archive maintains an active archive of the configuration of devices managed by LMS.
97 © 2013 Cisco and/or its affiliates. All rights reserved.
It enables to perform the following tasks:
Fetch, archive, and deploy device configurations
Search and generate reports on archived data
Compare and label configurations, compare configurations with a baseline, and check for compliance.
Summary/Status
of Archive for all
devices
Option to view
Configuration or
Search w/ or w/o
Patterns.
Run new Sync
Job or Sched for
future.
Compare configs
of same or diff
devices.
Label Configs to
save them from
Config purge.
View Protocol usage
for successful config
fetch
98 © 2013 Cisco and/or its affiliates. All rights reserved.
We can create a Config Archive job to sync Device configruration with LMS.
Select devices Run Now or Later
Job Options Submit Job
Name and Email
100 © 2013 Cisco and/or its affiliates. All rights reserved.
It is an integrated solution to manage, secure, administer and monitor heterogeneous networks.
Its functions include:
Compliance Management
• Enables regulatory check
• Helps to fix violations and to make device complaint with policies.
• Supports industry , IT and technology specific compliance
Audit reporting
• Enables to generate reports for various audits that were performed on the network devices.
101 © 2013 Cisco and/or its affiliates. All rights reserved.
Compliance Management functions helps to enable regulatory compliance checks against standards such as HIPAA, SOX, ISO/IEC 27002, NSA, PCI, DHS, DISA, CIS
Supports Industry, corporate, IT, and technology specific Compliance Policies.
Fix the violations to make the device compliance against the policies defined.
Policies are defined by a set of rules. LMS supports 293 policies.
HIPAA: Health Insurance Portability and Accountability Act Compliance
CSA : Cisco Security Advisory
DHS : Department of Homeland Security
DISA: Defense Information Systems Agency
PCI : Payment Card Industry
CIS : Centre for Internet Security
102 © 2013 Cisco and/or its affiliates. All rights reserved.
To run a compliance check on the network devices:
Either create a Policy Group or select a system-defined Policy Group
For user-defined Policy Group, add the required polices and rules to the Policy Group
Create a Policy Profile for the Policy Group
Map the required network devices to the Policy Group
Schedule a job to run the compliance check on the network devices and validate the status.
Fix the violations, if any using LMS
103 © 2013 Cisco and/or its affiliates. All rights reserved.
Out of the box support for regulatory standards like
HIPAA, SOX, ISO/IEC 27002, NSA, PCI, DHS, DISA, CIS
Life Cycle Management Reports
End of Life Hardware, End of Life Modules, End of Life Software
Device Contract Summary , Device Module Contract Summary
Services Reports
Security, Routing, Management, Capability (device is Capable or Not)
Improved PSIRT analysis
Analysis and reporting based on features enabled on devices, in addition to the hardware model and software version checks
104 © 2013 Cisco and/or its affiliates. All rights reserved.
Network Administrators can pick and choose the compliance policies and rules they want to enforce
• Create customized Policy Groups or select from one of the system defined policy group
• Create Policy Profiles to associate the devices against which you want to enforce the policies
• Schedule a Compliance Check on the profile to validate the compliance status
• Network Administrators and Operators can then verify the results of the job, to identify non-compliance and take corrective actions
Create Audit Reports as needed
106 © 2013 Cisco and/or its affiliates. All rights reserved.
Policy
Policy is a set of rules/conditions.
Policy Group
Policy Group is a set of policies.
Policy Profile
Policy Profile is a set of Policy groups where each Policy group is mapped with set of devices.
LMS supports 290+ policies.
In addition to the system defined Policy Groups, you can create your own Policy Groups by selecting a set of system defined policies.
107 © 2013 Cisco and/or its affiliates. All rights reserved.
Rules for the
selected Policy.
Policy group is a
collection of Policies.
Policy is defined by set
of rules/conditions.
108 © 2013 Cisco and/or its affiliates. All rights reserved.
Functions
Add Policy Group
Edit Policy Group
Delete Policy Group
Clone Policy Group
Note :- You cannot edit and save a System Policy Group. Hence, Save option will be disabled for System Policy Group. But you can modify System policy group and save as a custom policy group.
109 © 2013 Cisco and/or its affiliates. All rights reserved.
Click here to Add
New Policy Group.
Click here to add
policies to the group.
Save the
Policy Group
Select
Policies
110 © 2013 Cisco and/or its affiliates. All rights reserved.
Click on the
policy group to
edit
Mouse hover the
policy group to
clone and delete
111 © 2013 Cisco and/or its affiliates. All rights reserved.
Policy Profile is a set of Policy Groups where each Policy Group is mapped with a set of devices to check the compliance.
Functions
Add Policy Profile
Edit Policy Profile
Delete Policy Profile
Clone Policy Profile
Check Compliance
View History of profile Jobs
112 © 2013 Cisco and/or its affiliates. All rights reserved.
A Policy Profile is a Set of Policy groups and
the devices mapped to each group
Devices mapped to the
policy group [ie HIPAA
here].
113 © 2013 Cisco and/or its affiliates. All rights reserved.
Click here to add
new policy profile.
Click here to
Clone policy
profile.
Click here to Delete
policy profile.
Click here to Check
Compliance.
Click here to view the
history of the selected
profile jobs. Mouse hover profile
for more actions.
114 © 2013 Cisco and/or its affiliates. All rights reserved.
Enter Profile
description. Enter Policy
Profile Name.
Click here to add
policy groups to
profile.
Select policy groups for
the profile.
Select the
group to map
devices
Select
devices Save the
profile
115 © 2013 Cisco and/or its affiliates. All rights reserved.
To run a compliance check job:
• Mouse-hover the icon next to the
• Policy Profile.
• Click Check Compliance.
• Enter the information required to
• schedule the Job and click Submit.
• You can check the status of
your scheduled job under
Configuration > Job Browsers >
Compliance Profile Execution.
116 © 2013 Cisco and/or its affiliates. All rights reserved.
Profile Name
Click here to view
the violations
117 © 2013 Cisco and/or its affiliates. All rights reserved.
Select a
device
Select a policy
Select the
violation to be
fixed
Click Fix Violations
to apply fix
Click OK to schedule
the fix job
119 © 2013 Cisco and/or its affiliates. All rights reserved.
Device management in LMS is always synchronized with Compliance-Engine. CAAMServer process performs the below tasks to achieve this synchronization.
On device add/modify, the device ip/host name and device id details are added to Compliance -Engine.
On device delete, the device is deleted from Compliance-Engine.
After inventory collection [with change detected], inventory details like device family, product model, platform, serial number ,image name will be passed from lms to Compliance-Engine.
After config collection [with change detected], running configuration will be sent to Compliance-Engine.
After first successful inventory collection, show command output will be collected and send to Compliance-Engine.
121 © 2013 Cisco and/or its affiliates. All rights reserved.
Baselining refers to identifying a set of standardized policy
based commands that we would want to have on a set of
devices. We can create a Baseline template containing a set
of commands identified through the baselining process. This
template contains placeholders for device-specific values to
be substituted.
It can check the presence or absence of any specific
command on network devices to consider them compliant or
non-complaint.
122 © 2013 Cisco and/or its affiliates. All rights reserved.
We can use this Baseline template to compare with other
device configurations and generate a report that lists all the
devices that are non-compliant with the Baseline template.
We can easily deploy the Baseline template to the same
category of devices in the network.
We can schedule a compliance check job and deploy the
Baseline template on the non-compliant devices. This can
be performed as a single job or as a separate job.
We can import or export a Baseline template. This template
is stored in XML format.
123 © 2013 Cisco and/or its affiliates. All rights reserved.
Go to Baseline template Manager
Create Custom Template
(Basic or Advance)
Create using Basic method which allows to enter the
conditions to be checked, and in turn checks for
compliance only if given condition is satisfied
Using Advance method to check compliance we can also
specify the Parent Command Sets and prerequisites can be
marked with the command sets to evaluate them first and if
they are satisfied, the new command sets are run and
compliance is checked.
Run Compliance check
Choose Type, Date and sched a job.
Deploy template on non compliant Devices
Using File System
1. Create Parameter file, which specifies the variables
for the command sets.
2. Select Template and deploy
3. Select Enter Data
4. Select devices
5. Browse Parameter file
6. Schedule a job
Using User Interface :
1. Select Template and deploy
2. Select Enter Data
3. Select devices
4. Browse Parameter file
5. Schedule a job
View Baseline reports
Configuration > Compliance > Baseline Compliance > Jobs
124 © 2013 Cisco and/or its affiliates. All rights reserved.
a) Configuration fetch and Deployment
b) Compliance check
c) Configuration Comparison
d) Software Backup and deploy
e) All of the Above
Most important feature of Configuration management in our network is :
Cisco Confidential 125 © 2010 Cisco and/or its affiliates. All rights reserved.
Configuration Tools
NetConfig
Config Editor
Software Image Management
126 © 2013 Cisco and/or its affiliates. All rights reserved.
Netconfig is one of the Configuration Management applications that provides easy access to the configuration files of all supported devices.
It allows to change the configuration of network devices, provided the configurations are archived. Netconfig automatically updates the archive when it changes the configuration.
127 © 2013 Cisco and/or its affiliates. All rights reserved.
The advantages of using NetConfig instead of CLI configuration commands include but are not limited to:
Scheduling jobs
Using jobs to run multiple commands on multiple devices
Using tasks to carry out easy and reliable configuration changes
Mandating approval before running a job
Rolling back configuration changes when a job fails
128 © 2013 Cisco and/or its affiliates. All rights reserved.
1. Select the device, Module or Port base configuration:
2. Select the Device(s) and select System-defined task , user-defined or Adhoc to enter your own commands:
129 © 2013 Cisco and/or its affiliates. All rights reserved.
3. From Task Window Configure the CLI commands to complete task:
130 © 2013 Cisco and/or its affiliates. All rights reserved.
3. Select Scheduling option, details and other Job Options:
131 © 2013 Cisco and/or its affiliates. All rights reserved.
3. Click Next to see Job Work Order than Finish or directly Finish to start deploying:
132 © 2013 Cisco and/or its affiliates. All rights reserved.
The Config Editor provides easy access to configuration files. Config Editor allows a network administrator with the appropriate security privileges to edit a configuration file that exists in the configuration archive.
The Configuration Management application stores the current and a user-specified number of previous versions of the configuration files for all supported Cisco devices maintained in the Inventory. It automatically tracks changes to configuration files and updates the database if a change is made.
We can open the configuration file, change it, and download it to the device.
Cisco Confidential 133 © 2010 Cisco and/or its affiliates. All rights reserved.
Configuration Tools
NetConfig
Config Editor
Software Image Management
Cisco Confidential 135 © 2010 Cisco and/or its affiliates. All rights reserved.
Configuration Tools
NetConfig
Config Editor
Software Image Management
136 © 2013 Cisco and/or its affiliates. All rights reserved.
Manually upgrading your devices to the latest software version can be an error-prone, and time-consuming process. To ensure rapid, reliable software upgrades, Software Management automates the steps associated with upgrade planning, scheduling, downloading, and monitoring.
137 © 2013 Cisco and/or its affiliates. All rights reserved.
Reliably distributes single or multiple images in a single deployment operation
Repository of current images allows for rapid recovery from failure
Image can be deployed from repository or from another device flash
Set up your Software Management preferences
Analyze software upgrades
Perform In Service Software Upgrade (ISSU)
Import images into the software repository
Distribute software images to groups of devices
Distribute images as patches to group of devices
Reduce errors by using a recommended image
Track software bugs (Reports > Cisco.com > Locate Device Report)
138 © 2013 Cisco and/or its affiliates. All rights reserved.
Patch Distribution
We can distribute patches simultaneously to applicable devices. Patch distribution does not require reboot of the entire OS on a device. We can install a patches only to a search root where a base image exists. Patches, once installed, must be activated to come to effect on the running system.
Software Distribution
Software Distribution allows you to distribute images in your network by creating deployment Job with available option.
Software Repository
The Software Repository Management window displays the images that are available in the Software Management repository.
139 © 2013 Cisco and/or its affiliates. All rights reserved.
Repository Synchronization
The Synchronization report shows the Software Management-supported devices that are running software images not available in the software image repository. Using this option we can view and schedule the synchronization report.
Upgrade Analysis
Upgrade Analysis option is used to determine the impact to, and prerequisites for a new software deployment using images that reside in either Cisco.com or the image repository. This task analyze the device to be upgraded, to determine possible required hardware upgrades (boot ROM, Flash memory, RAM, and access)
Jobs
We can see all the completed, running and scheduled jobs for SWIM here.
Cisco Confidential 140 © 2010 Cisco and/or its affiliates. All rights reserved.
WorkFlow Tools
Vlan
VRF Lite
Virtual Switching System
141 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS collects data about devices so that we can configure and manage Virtual Local Area Network (VLAN) in the network. We must set up LMS server properly to ensure that Data Collection is successfully performed. Data Collection
The configuration module in LMS helps to manage VLANs. We can configure and manage VLAN, Private VLAN (PVLAN), Trunk, and also assign ports to VLANs.
142 © 2013 Cisco and/or its affiliates. All rights reserved.
Using LMS, we can perform end-to-end VRF configurations in an enterprise network. We can perform the VRF Configurations using the option to create VRF.
In an Enterprise network, at a given time, we can select up to 20 devices and configure VRF using the Create, Edit and Extend VRF workflow.
VRF configurations comprises workflows used to create, edit, extend, delete and assign Edge VLAN to VRF.
143 © 2013 Cisco and/or its affiliates. All rights reserved.
The device must be managed by LMS.
The device must either be L2/L3 or an L3 device
The device must have the necessary hardware support, else it will be classified as Other devices
If a device does not support MPLS VPN MIB, it is classified as a Capable device.
VTP Server must support MPLS VPN MIB. If the VTP Server does not support MPLS VPN MIB, LMS will not manage VTP Clients.
Reports can be generated to see supported and Capable devices:
VRF Capable Devices : The count of VRF capable devices shows the devices that are hardware ready but need software updates.
VRF Supported Devices : It includes devices that are both hardware and software ready. These devices can readily be used for discovering, creating, editing, extending, and deleting VRFs on the network
144 © 2013 Cisco and/or its affiliates. All rights reserved.
Virtual Switching technology is the process of combining two standalone distribution switches found in the local distribution layer into a single management point.
The Virtual Switching System (VSS) functions and appears as a single switch to the wiring closet and the core layer.
LMS has the capability to convert devices to VSS using its VSS Configuration Tool.
This GUI based conversion tool allows us to select two compatible standalone switches and guides us in converting those standalone switches into one Virtual Switching System.
During the conversion process, the Virtual Switching System Configuration tool generates the required CLI commands, based on user inputs.
145 © 2013 Cisco and/or its affiliates. All rights reserved.
Prerequisites for Conversion
Candidate devices that are to be converted to a Virtual Switching System are managed by LMS so that they can use this conversion tool.
Fresh Inventory and Config Collection has been carried out.
Only VSS-capable IOS Software Modularity images are running on the Standalone switches.
To convert standalone switches to a Virtual Switching System
Select Devices for VSS Configuration
Perform Hardware Checks on the Devices
Perform Software Compatibility Checks on the Two Devices
Generate Compliance Report
Define Configuration Parameters
Deploy Commands on the Two Switches to Enable VSS Mode
148 © 2013 Cisco and/or its affiliates. All rights reserved.
Data Collection collects most basic essential details from devices to lay
foundation for Topology and End host management.
Obtains connectivity information for devices in DCR and keeps the
database up to date.
Data Collection gathers information by sending SNMP requests to each
of the devices and stores it in the database.
The Information gathered from the MIB tables on each of these devices
includes VLAN port membership, VLAN Trunking Protocol (VTP)
domains, interface details, IP address and subnet information, etc.
149 © 2013 Cisco and/or its affiliates. All rights reserved.
Polls the entire network for device and link status periodically. This feature allows you to:
o Configure the time interval at which the network is polled.
o Poll only a critical set of devices (Critical Device Poller)
Use this option to see the device and link status without running Data Collection. Since Data Collection consumes significant system resources, we can simply poll the network and view the device and link status in Topology maps, using .
Devices can be added to the Critical Device Poller either from Topology maps or from N-Hop View portlet.
150 © 2013 Cisco and/or its affiliates. All rights reserved.
Data collection schedule enables us to schedule the Data collection for the devices periodically.
We can also start the data collection immediately for all the Devices or only for the failed Devices.
By Default, the Data collection will run for every 4 hours.
By Default, whenever an event like a device added, the data collection will run.
We can schedule Data Collection Jobs from:
Admin > Collection Settings > Data Collection > Data Collection Schedule
151 © 2013 Cisco and/or its affiliates. All rights reserved.
Run DC for All or
Failed device
Edit, Delete Or Add new DC
Scheduled Job.
153 © 2013 Cisco and/or its affiliates. All rights reserved.
Collects the endhosts information and Cisco IP phone details from the managed network.
Endhosts information will be collected from the connected switches and the associated routers
IP phone information is collected from the Cisco Call Manager.
This is done through automated polling of the network, by User Tracking Major Acquisition process.
Dynamic UT provides real time data about end hosts coming into and moving out of the network.
154 © 2013 Cisco and/or its affiliates. All rights reserved.
The host acquisition
process reads the
CAM table of all
Cisco layer 2
switches managed by
LMS, resolves MAC
to IP addresses using
ARP table in LMS
managed Cisco
routers, and resolves
IP to Host name
using DNS
155 © 2013 Cisco and/or its affiliates. All rights reserved.
User Tracking Major Acquisition
Discovers all the end hosts that are connected to the devices managed by LMS
User Tracking Minor Acquisition
Minor acquisition occurs on a device if any of the following changes take place:
a. A new endhost or IP phone is added to the network.
b. Port state changes (when the port comes up or goes down).
c. A new VLAN is added to the network.
d. There is a change in the existing VLAN.
User Tracking IP Phone Acquisition
Discovers all phones registered in Cisco Call Managers (CCM), that are managed by LMS
Contd…
156 © 2013 Cisco and/or its affiliates. All rights reserved.
Subnet based User Tracking Major Acquisition
User tracking subnet based acquisition would run only on those subnets that are configured in LMS. LMS discovers end hosts on all the VLANs available in the configured subnets.
Do subnet based acquisition, when you need details about the end hosts connected to a particular subnet or a select set of subnets. The acquisition completes faster, since it is not run on all devices managed by LMS.
Single device on-demand User Tracking Acquisition
This discovers the end hosts on all the VLANs available in the selected device. Hence this acquisition is useful for collecting information only on end hosts connected to the specified device.
157 © 2013 Cisco and/or its affiliates. All rights reserved.
Dynamic updates are asynchronous updates that are based on SNMP MAC notifications traps.
When an endhost is plugged to a switch, an SNMP MAC add notification trap is sent immediately to Campus Manager.
Similarly when an end host is unplugged from a switch, an SNMP MAC delete notification trap is sent to Campus Manager.
Dynamic UT provides real time data about end hosts coming into and moving out of the network.
159 © 2013 Cisco and/or its affiliates. All rights reserved.
a) Inventory, Configuration and Software Management
b) Network Topology, Layer 2 Services and User Tracking
c) Fault Management
d) IP SLA Performance Management
e) Device Performance Management
What is the most used feature of LMS in your Network?
Cisco Confidential 161 © 2010 Cisco and/or its affiliates. All rights reserved.
Objectives
Monitoring Tools
Troubleshooting Tools
Dashboards
Diagnostic tools
163 © 2013 Cisco and/or its affiliates. All rights reserved.
Shows graphical maps to view and manage Layer 2 and Layer 3
network devices.
Provide details about all VTP domains and VLAN memberships on
the network.
Provides launch points for configurations like IVR, Ether channels,
STP, and all UI based reports and configurations
168 © 2013 Cisco and/or its affiliates. All rights reserved.
Details
1. Menu
2. Toolbar
3. Topology Filters
4. Topology Map
171 © 2013 Cisco and/or its affiliates. All rights reserved.
The topology services will show the non-Cisco device
with new device icon.
173 © 2013 Cisco and/or its affiliates. All rights reserved.
Bandwidth Utilization is the measure of traffic flowing across a link.
It highlights bandwidth utilization across links in the Topology maps.
Bandwidth utilization is supported only on Ethernet links, and not on any other type of link.
To compute bandwidth utilization in LMS, you must enable Remote Monitoring (RMON). Enabling RMON depends on the following two parameters: Bucket size and Interval.
175 © 2013 Cisco and/or its affiliates. All rights reserved.
Selecting
Device Attributes,
Port Attributes and
VLAN Report from
Topology Services will
launch the
corresponding Reports
in UI
176 © 2013 Cisco and/or its affiliates. All rights reserved.
Discrepancies
Displays discrepancies or anomalies in the discovered network. You can generate a report on the discrepancies.
Best Practices Deviations
Displays Best Practices Deviations page in Report Generator, where you can generate a report of Best Practices Deviations.
Data Collection Report Displays Data Collection Metrics report.
Device Attributes Displays descriptive information about the selected device or devices.
Port Attributes Displays descriptive information about ports belonging to the selected device.
Link Attributes Displays descriptive information about the selected link or links.
VLAN Report Displays the VLAN Report for the selected devices in the Topology Map or for all devices in the Map.
Service Attributes
Displays descriptive information about any application servers that are running on the selected device or devices.
Multi-Layer Switching > Switching Engines
Multi-Layer Switching > Switching Engines
Multi-Layer Switching > Route Processors
Displays relationship between Layer 3 route processing devices in network.
IPv6 Addresses
Displays the IPv6 Addresses report.
178 © 2013 Cisco and/or its affiliates. All rights reserved.
TDR
Time Domain Reflectometry (TDR) is used to detect faults in cable.
TDR checks and locates open circuits, short circuits, sharp bends, crimps, kinks, impedance mismatches, and other such defects.
You can generate TDR reports for links from Topology maps.
PoE
Power over Ethernet or PoE technology describes a system to transmit electrical power, along with data, to remote devices over standard twisted-pair cable in an Ethernet network.
180 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS Fault Monitor is a centralized browser, where We can view the
information on faults, system events, and performance management
events of devices in a single place.
A fault refers to a problem in the device or in the network. Examples for
faults include Device Down, Link Down, and High Utilization.
An event refers to the activities or changes happening in the network.
Examples for events are Config Change, user login, and user logout.
Fault Monitor collects information on faults and events from all devices
in real-time and display the information for a selected group of devices.
Fault Monitor has two tabs: Device Fault Summary View and Fault View.
It provides a launch point for Event Monitor, and allows us to view event
forensic data collected.
181 © 2013 Cisco and/or its affiliates. All rights reserved.
We can access Fault Monitor through Monitor > Monitoring Tools > Fault Monitor:
184 © 2013 Cisco and/or its affiliates. All rights reserved.
Fault Monitor consist of three main parts :
Group selector, which lists the following groups in LMS to provide easy access to devices:
– System-defined groups
– User-defined groups
– Unreachable Devices group
– Unmanaged Devices group
– Suspended Devices group
Device Fault Summary view, which contains the Devices and Faults sub-panes. It provides a summary of devices selected from the group selector located on the right pane. If a device is selected, its faults are displayed in the Faults table.
Faults view, which provides fault details. When Fault Monitor is launched for the first time, it displays the details of all devices and for the subsequent times, it displays the focused device group faults based on user selections.
185 © 2013 Cisco and/or its affiliates. All rights reserved.
The Device Fault Summary tab contains two subpanes: Devices and Faults.
The initial display includes All Devices. After you select a group in the group selector, the Devices pane refreshes with devices belonging to that group.
The faults that correspond to the selections display in the Fault subpane.
Devices and events are sorted based on time, and not on severity. The most recent activity displays first. This pane is refreshed every 60 seconds. The tabular display pane is scrollable and can store up to 1,000 records.
187 © 2013 Cisco and/or its affiliates. All rights reserved.
Acknowledging an Event : Acknowledging active events signals to
other users that you are aware of the event. When you own an event, this status change is populated to all events displays.
Clearing an Event : Clearing an event moves the event to the
Cleared state. Cleared events are displayed for 20 minutes in the events display. The event is purged from database. As a result, when the next event is raised for the same device, a new event ID is generated.
Annotating an Event : We can annotate the event up to 255
characters. Any number of annotations can be entered. An annotation is shown whenever other users view the event from Fault Monitor.
Sending E-Mail in Response to an Event: With notify we can
manually sent event via email to multiple users. The e-mail notification adds the event details for the selected event.
188 © 2013 Cisco and/or its affiliates. All rights reserved.
Event Monitor can the fault history, syslog and system events
Displays the
latest 100
events from FH
DB.
Displays device
name or IP
Displays events
and its details
Mouse hover on
event shows
further details.
Shows Syslog
of selected
devices.
Shows other
system details
of devices
189 © 2013 Cisco and/or its affiliates. All rights reserved.
Embedded Event Manager (EEM) Generic Online Diagnostic (GOLD)
190 © 2013 Cisco and/or its affiliates. All rights reserved.
EEM (Embedded Event Manager) is an IOS technology that runs on the control plane of the Cisco Catalyst 6500 device. This EEM technology is integrated with Cisco IOS Software and because of this the Cisco IOS Software, EEM is aware of the state of the network from the perspective of the device on which it is operating. The Cisco Catalyst 2900XL, 2970, 2960, 3550, 3560, 3750, and 3750E switches also support EEM.
192 © 2013 Cisco and/or its affiliates. All rights reserved.
We can use LMS NetConfig EEM-specific tasks to configure the EEM-specific scripts, applets and variables on the devices managed by LMS.
We can view EEM syslogs report under Report > Fault & Event > Embedded Event Manager Syslogs
193 © 2013 Cisco and/or its affiliates. All rights reserved.
1. Select EEM > Configure Select device and
Task and click Next
194 © 2013 Cisco and/or its affiliates. All rights reserved.
3. Select Add
Instance and add
Env Variable to
be used by TCL
Script
4. We can view
CLI Commands
using View CLI
option.
5. Click Next or
Finish for Job to
config EEM on
device.
195 © 2013 Cisco and/or its affiliates. All rights reserved.
Embedded Event Manager (EEM) Generic Online Diagnostic (GOLD)
196 © 2013 Cisco and/or its affiliates. All rights reserved.
GOLD (Generic OnLine Diagnostics) is a device-specific IOS feature with fault detection capabilities. It defines a common framework for diagnostic operations across Cisco platforms running Cisco IOS Software. We can use LMS to configure GOLD on Supported devices.
NOTE : Only Cisco Catalyst 6500 (IOS), 2900XL, 2970, 2960, 3550, 3560, 3750, and 3750E switches are supported.
197 © 2013 Cisco and/or its affiliates. All rights reserved.
We can use LMS NetConfig to configure the GOLD Tests on devices managed by LMS.
We can view EEM syslogs report under Report > Fault & Event > Generic Online Testing > Create
GOLD specific NetConfig-Tasks are :
GOLD Boot level Task
GOLD Monitoring Task
GOLD Health Monitoring
task
198 © 2013 Cisco and/or its affiliates. All rights reserved.
NetShow Troubleshooting Workflow VRF Lite
199 © 2013 Cisco and/or its affiliates. All rights reserved.
Network show (NetShow) commands represent a set of read-only commands. These are primarily, show commands that we can run on devices that are managed in LMS.
Show Commands
Commands Output
Multiple Jobs/commands
200
Network
NetShow Command
using Cisco Prime LMS Show Command
Archive/Reports
Simplified
Automated
Efficient
Admins
Devices
Innovative Product Portfolio Simple NetShow Architecture
Network
Devices
201 © 2013 Cisco and/or its affiliates. All rights reserved.
Network Administrators can assign Command Sets to other users.
Network Administrators and Network Operators (if permitted) can execute the custom commands. This allows them to run a command against multiple devices.
Support for standard and non-standard Cisco devices.
Simplified new device support.
No device limit.
Integration with the Output Interpreter tool.
202 © 2013 Cisco and/or its affiliates. All rights reserved.
NetShow Troubleshooting Workflow VRF Lite
203 © 2013 Cisco and/or its affiliates. All rights reserved.
Troubleshooting workflow in LMS collects information from the network and helps you to overcome network management challenges.
Using this workflow, you can view the details of devices, endhosts, and links to troubleshoot the network connectivity problems or device diagnostics.
Troubleshooting workflow uses Device Centre to get collect Devices or End Host Troubleshooting details.
204 © 2013 Cisco and/or its affiliates. All rights reserved.
Device Information Portlet with device details
205 © 2013 Cisco and/or its affiliates. All rights reserved.
NetShow Troubleshooting Workflow VRF Lite
206 © 2013 Cisco and/or its affiliates. All rights reserved.
Using this tool we can troubleshoot Virtual Routing on enabled devices. It has following three option:
Ping : The ping command allows you to check the VRF connectivity between the source device and the destination device that are a part of the selected VRF, at various locations on the network. OR Ping is used to check the accessibility of devices in a VRF configured network.
TraceRoute : Displays a list of the routes traversed by the data packet to reach the Destination device in a particular VRF.
Show Commands : Show the result of the VRF-specific show commands. For example, we can get the output of
show ip route vrf <selected vrf> <selected protocol>
207 © 2013 Cisco and/or its affiliates. All rights reserved.
Shows VRF ping/trace route output
Shows VRF Show Commands output
208 © 2013 Cisco and/or its affiliates. All rights reserved.
From LMS 4.2 onwards Fault Management system will support all types of devices(Non Cisco, Uncertified and unknown devices)
Prior to LMS 4.2, all non cisco devices and unknown devices were moved to Question state. But LMS 4.2 onwards its moved to Known state.
Alert, event notification, polling and threshold is added for Generic Devices.
Fault Management will poll and monitor the below components by default:
• IP
• Port and interfaces
As part of Generic Device Support, added two different groups called
Non Cisco Device Type
Unknown Device Type
Generic Device Support (1/12)
211 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS can use NetConfig Taks to configure Syslog on devices.
212 © 2013 Cisco and/or its affiliates. All rights reserved.
-If you DISABLE all the filters and have the filter type as KEEP, then all the syslog messages are processed (kept).
-If you DISABLE all the filters and have the filter type as DROP, then all the syslog messages are dropped. No filtering is done but everything will be dropped.
-If you ENABLE all the filters and have the filter type as KEEP, then all the syslog messages that match the filter criteria are processed.
-If you ENABLE all the filters and have the filter type as DROP, then all the syslog messages that match the filter criteria are dropped.
213 © 2013 Cisco and/or its affiliates. All rights reserved.
We can create automated actions to be executed automatically whenever Syslog Analyzer receives a specific message type. We have following Automated Action Options :
Email : Email(s) we want to send an update to.
URL : URL which can be invoked by AA.
Script : Any Script which can be invoked and executed by LMS.
Default AA
/ Example
Create New AA Edit AA Enable/DisableAA
216 © 2013 Cisco and/or its affiliates. All rights reserved.
LMS can be installed with 90 days of Eval period. During Evaluation period LMS stays Full functional and it can manage 100 devices.
If your current license count is lower than your earlier license count, and you restore the data now, devices that exceed the current license count will be moved to Suspended state.
We can apply license from
Admin > System > License Management
Click Update &
browse to
License File to
update License
License for LMS and
Components.
License for CAAM
218 © 2013 Cisco and/or its affiliates. All rights reserved.
CWLMS Backup process takes full backup of all the databases, managed devices and their credentials, details from all modules like Configuration, Inventory etc. Additionally it also takes backup of user details and login credentials as well.
We should back up the database regularly so that we have a safe copy of the database, which is useful in data recovery.
Schedule backup from : Admin > System > Backup
Backup
Directory
Backup max
Generations
Backup
Schedule
Backup Apply
or Remove
220 © 2013 Cisco and/or its affiliates. All rights reserved.
Log files can expand and fill up disk space. Log files rotation helps to manage the log files more efficiently.
Logrot is a log rotation program that enables you to control the size growth of the log files.
Following are the benefits of using Logrot:
a. Rotate log files while Cisco Prime is running.
b. Optionally archive and compress rotated logs.
c. Rotate log files only when they have reached a particular size. Logrot
Directory
Restart
Daemon
Option
Added log file,
Size, format &
no. of backup
222 © 2013 Cisco and/or its affiliates. All rights reserved.
Device Management Function enables to Manage Applications to enable/disable on entire LMS level.
Till LMS 3.2 there were 8 different applications like Common Services, Portal and applications covering functionalities in FCAPS model. LMS 4.2 removes application boundaries and provides tighter integration among the components. It groups all the related functionalities in one place, thus making the product more user friendly.
If we disable a function, the function will stop collecting device information. For IPSLA Management, history data will be deleted.
Inventory, Config and Image management is default, and can’t be removed.
223 © 2013 Cisco and/or its affiliates. All rights reserved.
Expert responding some of your questions verbally. Use the Q&A panel to continue asking your questions
224 © 2013 Cisco and/or its affiliates. All rights reserved.
If you have additional questions, you can ask them to Vinod. He will be answering from August 20 to September 2, 2013 https://supportforums.cisco.com/thread/2235201
You can watch the video or read the Q&A 5 business days after the event at https://supportforums.cisco.com/community/netpro/ask-the-expert/webcasts
225 © 2013 Cisco and/or its affiliates. All rights reserved.
A. Nestlé food company, known for its chocolates, deployed the Cisco® Prime Network Control System (NCS), which is now Cisco Prime™ LAN Management Solution (LMS) offered as part of Cisco Prime Infrastructure, on its network.
B. Leonidas Belgian Chocolate company deployed Cisco® Prime Network Control System (NCS), which is now Cisco Prime™ LAN Management Solution (LMS) offered as part of Cisco Prime Infrastructure, to keep its I.T. cost down across its US operations.
C. Mars, known for its Snickers , M&M and Milky Way brand chocolates, deployed Cisco Prime™ LAN Management Solution (LMS) throughout its headquarters in Mount Olive, New Jersey.
Chocolate and CiscoWorks Prime LAN Management Solution – what do they have in common?
226 © 2013 Cisco and/or its affiliates. All rights reserved.
Wednesday September 4
11:00 a.m. PST Brasilia City
3:00 p.m. WEST Lisbon
7:00 a.m. San Francisco
Join Cisco Partner:
Leonardo Oliveira
During this live event you will learn the basic concepts offered by Cisco Unified Contact Center Express (UCCX) with PromonLogicalis expert Leonard de Oliveira.
Register for this live Webcast at:
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Topic: Cisco Unified Contact Center Express: Fundamentals,
Configuration and Support
227 © 2013 Cisco and/or its affiliates. All rights reserved.
Tuesday August 27
9:00 a.m. Mexico City
7:00 a.m. PDT San Francisco
3:00 p.m. BST Madrid
Join Cisco Expert:
Alejandra Gonzalez
During this live event, the expert Alejandra Gonzalez will focus on explaining how the licenses in Cisco Unified Communications Manager (Cisco UCM) 9.x and explain how to migrate legacy licenses to Cisco UCM 8.x.
Register for this live Webcast at:
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Topic: New Licensing Scheme in Cisco Unified Communications
Manager 9.x (Enterprise License Manager)
228 © 2013 Cisco and/or its affiliates. All rights reserved.
Tuesday September 3
12:00 p.m. Moscow Time
10:00 a.m. CEST Brussels Time
Join Cisco Expert:
Oleg Tipisov
During this live event you will learn several important concepts and real-world cases related to building fault-tolerant site-to-site VPNs on Cisco Adaptive Security Alliances (ASAs).
Register for this live Webcast at:
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Topic: Building Fault-Tolerant Site-to-Site VPNs with Cisco
Adaptive Security Appliances
229 © 2013 Cisco and/or its affiliates. All rights reserved.
Tuesday September 10
6:00 p.m. PST San Francisco
10:00 a.m. JST Tokyo
Join Cisco Expert:
Junya Nishida
During this live event you get expert knowledge on analysis method and tips for Cisco Telepresence series products, mainly TMS, MCU, and VCS with case studies
Register for this live Webcast at:
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Topic: Cisco Telepresence Management Suite (Cisco TMS), MCU,
and Video Communication Server (VCS) Log Analysis Tips and
Methods
230 © 2013 Cisco and/or its affiliates. All rights reserved.
Topic: Deploying Cisco Overlay Transport Virtualization (OTV) in Data Center Network
Join Cisco Experts: Anees Mohamed Abdulla and Pranav Doshi Learn and ask questions about how to plan, design, and implement Cisco Overlay Transport Virtualization (OTV) in your Data Center Network
Ends August 23
Join the discussion for these Ask The Expert Events at:
https://supportforums.cisco.com/community/netpro/expert-corner#view=ask-the-experts
Topic: Configuring and Troubleshooting Virtual Switching System
Join Cisco Expert: Anand Ganesan
Learn and ask questions about migration best practices for Adaptive Security Appliance 8.3/8.4.
Ends September 19th
Topic: Wireless LAN (Voice)
Join Cisco Experts: Saravanan Lakshmanan and Shankar Ramanthan Learn and ask questions about how to monitor, troubleshoot and configure Voice over WLAN on CUWN and 792x/9971 phones
Ends August 23
© 2013 Cisco and/or its affiliates. All rights reserved. 231
https://supportforms.cisco.com
http://www.facebook.com/CiscoSupportCommunity
http://twitter.com/#!/cisco_support
http://www.youtube.com/user/ciscosupportchannel
http://tinyurl.com/cscgoogleplus
http://tinyurl.com/csclinked
Newsletter Subscription: http://tinyurl.com/csc-newsletters
http://tinyurl.com/cscitunesapp
http://tinyurl.com/cscandroidapp
© 2013 Cisco and/or its affiliates. All rights reserved. 232
If you speak Spanish, Portuguese, Japanese, Polish or Russian,
we invite you to ask your questions and collaborate in your
language:
• Spanish https://supportforums.cisco.com/community/spanish
• Portuguese https://supportforums.cisco.com/community/portuguese
• Japanese https://supportforums.cisco.com/community/csc-japan
• Polish https://supportforums.cisco.com/community/etc/netpro-polska
• Russian https://supportforums.cisco.com/community/russian
234 © 2013 Cisco and/or its affiliates. All rights reserved.
Now your ratings on documents videos and blogs count give points to the authors!!!
So, when you contribute and get ratings you now get the points in your profile.
Help us recognize the good quality content in the community and make your searches
easier. Rate content in the community.
https://supportforums.cisco.com/community/netpro/idea-
center/cafe/blog/2013/06/07/ratings-extended-to-documents-blogs-and-videos
235 © 2013 Cisco and/or its affiliates. All rights reserved.
Global community members can collaborate with colleagues and other support professionals with easy, on-the-go access to the community’s breadth of technical resources in their local language.
With the latest version of the mobile app, you can now access the Spanish, Portuguese, Japanese and Russians communities.
https://supportforums.cisco.com/community/netpro/online-tools/mobile-
technical-support
236 © 2013 Cisco and/or its affiliates. All rights reserved.
A. Nestlé food company, known for its chocolates, deployed the Cisco® Prime Network Control System (NCS), which is now Cisco Prime™ LAN Management Solution (LMS) offered as part of Cisco Prime Infrastructure, on its network.
B. Leonidas Belgian Chocolate company deployed Cisco® Prime Network Control System (NCS), which is now Cisco Prime™ LAN Management Solution (LMS) offered as part of Cisco Prime Infrastructure, to keep its I.T. cost down across its US operations.
C. Mars, known for its Snickers , M&M and Milky Way brand chocolates, , deployed Cisco Prime™
LAN Management Solution (LMS) throughout its headquarters in Mount Olive, New Jersey..
Chocolate and CiscoWorks Prime LAN Management Solution – what do they have in common?
Correct Answer : B
Nestlé food company, known for its chocolates, deployed the Cisco® Prime Network Control System
(NCS), which is now Cisco Prime™ LAN Management Solution (LMS) offered as part of Cisco Prime
Infrastructure, on its network. Essentially, the platform provides full visibility of connectivity across sites,
regardless of device, network, or location. “IT now truly supports Nestlé’s business-critical production
processes, because we have full visibility of connectivity to networks across all our manufacturing facilities,”
says Kavi Garrib, senior systems engineer at Nestlé South Africa. In the event of failure, Nestlé is now able
to resume its production in minutes, instead of days.