Scribd
Upload
305 views89 pages

Cisco Prime Lab Guide for Partners

The document outlines exercises for using the inventory, configuration, and deployment capabilities in Cisco Prime Infrastructure 2.2. The exercises include populating the device inventory through discovery, verifying and updating device credentials, adding devices, using the device 360 view, viewing device details, using the topology map and dashlets, creating device and location groups, and configuring high availability and the operation center features. Participants will complete exercises to discover their assigned POD of devices, view device inventory and topology, and configure features like application visibility and control templates.

Uploaded by

alireza1023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
305 views89 pages

Cisco Prime Lab Guide for Partners

The document outlines exercises for using the inventory, configuration, and deployment capabilities in Cisco Prime Infrastructure 2.2. The exercises include populating the device inventory through discovery, verifying and updating device credentials, adding devices, using the device 360 view, viewing device details, using the topology map and dashlets, creating device and location groups, and configuring high availability and the operation center features. Participants will complete exercises to discover their assigned POD of devices, view device inventory and topology, and configure features like application visibility and control templates.

Uploaded by

alireza1023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 89

Cisco Prime Infrastructure 2.

2 lab

Partner VT Amsterdam

Oct 30th, 2014

Cisco Prime Infrastructure 2.2


Partner VT Amsterdam, October 30th 2014

Agenda
UNDERSTANDING THE LAB ENVIRONMENT
CONNECTION TO THE LAB

2
3

PART 1: INVENTORY FEATURES : CREDENTIAL PROFILES, DISCOVERY , MULTIPLE EDIT , GROUPING,


TOPOLOGY
5
EXERCICE 1: POPULATING DEVICE INVENTORY
EXERCICE 2: VERIFYING/UPDATING CREDENTIALS, ADDING SINGLE DEVICES, MULTIPLE EDIT
EXERCICE 3: DEVICE 360
EXERCICE 4: DEVICE DETAILS
EXERCICE 5 : TOPOLOGY MAIN WINDOW, 360 VIEW AND DASHLET
EXERCICE 2 : DEVICE GROUPS
CREATING LOCATION GROUPS
CREATING A VIRTUAL DOMAIN
EXERCICE 7 : NETWORK TOPOLOGY MAPS
EXERCISE 8: PORT GROUP

5
12
14
18
20
27
27
29
30
35

PART 2: CONFIGURATION FEATURES : AVC AND QOS

37

EXERCISE 1: ONE CLICK TEMPLATE FOR AVC AND QOS


EXERCISE 2: SHARED POLICY OBJECTS AND MODEL BASED TEMPLATE: DESIGN AN AVC TEMPLATE
SHARED POLICY OBJECT
CUSTOMIZE AN APPLICATION VISIBILITY MODEL BASED TEMPLATE
DEPLOY AN APPLICATION VISIBILITY MODEL BASED TEMPLATE
EXERCICE 3: NETWORK SERVICES: APPLICATION VISIBILITY AND CONTROL
READINESS ASSESSMENT
NBAR2 PROTOCOL PACK MANAGEMENT
AVC PROFILES
INTERFACE CONFIGURATION

37
42
42
43
46
48
48
49
49
53

PART 3: VNAM AS A DATA SOURCE

56

EXERCICE 1 : SETUP A VNAM


EXERCICE 2: HOW IT WORKS
EXERCICE 3: DISCOVER A FEW VNAM CAPABILITIES
MONITOR DASHBOARDS
ANALYZE DASHBOARDS
REAL TIME
PACKET CAPTURE
APPLICATION RECOGNITION

56
59
60
60
61
65
65
66
Page | 1

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

EXERCICE 3 : ADD THE NAM IN YOUR INVENTORY


EXERCICE 4 : CONFIGURE THE NAM AS A DATASOURCE
EXERCICE 5 : VIEW NAM DATA IN PI
EXERCICE 6 : PACKET CAPTURE IN PI

67
68
68
69

PART 4: PI DEPLOYMENT CAPABILITIES : HIGH AVAILABILITY, OPERATION CENTER

72

EXERCICE 1: HIGH AVAILABILITY


MAIL SERVER DESTINATION .
ADDING A VIRTUAL DOMAIN
ENABLING HIGH AVAILABILITY
EXERCICE 2: OPCENTER
ENABLING OPCENTER SERVER
SINGLE SIGN ON
ADDING SERVERS
OPCENTER NAVIGATION
EXERCICE 3: FAILOVER.

72
72
74
75
78
78
80
82
83
87

Understanding the lab environment


The lab infrastructure deployment is shown below.

Page | 2

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Each student group own a POD which contains 1 catalyst 3560v2, 2 catalyst 3850 , one ISR G2 892,
one ISR G2 2911, one WLC 2504 and one virtual NAM, 3 AP, 3 phones .
Each POD is divided in 2 ports: The East Part, and the West Part
The rest of the infrastructure is shared.
The table below gives the
Name
SW-PODx-E
SW-PODx-W
RTR-PODx-E
RTR-PODx-W
WLC-PODx-W
vNAM-PODx
PI-PODx
SSOx
PI-P-PODx
PI-S-PODx
PI-V-PODx

Model
3850
3560V2
ISR 2911
ISR 892
WLC 2504
vNAM

Loopback0
10.14.20x.1
10.14.20x.2
10.14.20x.3
10.14.20x.4
172.195.x.1
192.168.40.2x
192.168.40.5x
192.168.40.15x
192.168.193.5x
192.168.193.15x
192.168.193.11x

Connection to the lab

Page | 3

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You must use Cisco AnyconnectVPN client.


Launch it , server is primelab-eu.cisco.com

Username is pi-lab
Ask Proctor for the password.

If you dont have CiscoAnyConnect installed, you can install it from https://primelab-eu.cisco.com
username pi-lab, password : ask your lab proctor.

Page | 4

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

PART 1: Inventory features : Credential profiles, Discovery ,


Multiple Edit , Grouping, Topology

Exercice 1: Populating device Inventory


There are 3 ways to populate the inventory, adding a single device, doing a bulk import, and
configuring an automatic device discovery.
In this section you will do a discovery

Launch PI Logon to PI plateform https://pi-podx.prime.ciscofrance.com


If you have any issue with dns resolution, use 192.168.40.5x (x is your pod number)

Verify the level of patch :

Page | 5

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

User: root, Password: Public123

You should see an empty overview dashboard

From Inventory> Device Management , select Credential Profiles

Page | 6

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select Add

Add a Credential Profile called "default" with the following credentials

snmp Read Community : public


snmp Write Community : private
ssh user : admin/C1sc0123
enable password C1sc0123
http user : admin/C1sc0123

Page | 7

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Add another credential profile, called nam, with the following parameters (optionally, you can use the Copy )

snmp Read Community : public


snmp Write Community : private
ssh user : root /root
http user : admin/cisco

You will use this one later in the lab.


Finally you should have something like

Create now the discovery job : Select Inventory> Device Management> Discovery

Select Discovery Setting (Upper right corner)

Page | 8

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select "New"

Give a name,expand Layer 2 protocol and expand Cisco Discovery Protocol

Page | 9

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Enable cdp, cross router boundary


Add a seed device (10.14.20x.2), 10 hops

Expand "Credential Set" and add the row as below

Page | 10

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Save and Run

and

The discovery creates a job that you can see in the discovery job dashboard

You can refresh to see the progress

after a couple of minutes, discovery should be completed

Page | 11

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 2: Verifying/Updating credentials, adding single devices, multiple


edit

From Inventory > Device Management > Network Devices .

This inventory replaces the device workcenter from 2.1 and earlier versions

Page | 12

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

click the device group: All devices

Select Add Device, and add the device 192.168.193.100 with the default credential profile

You should see a new device category: UCS B series

Page | 13

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Then select several devices. Remark, you can now edit multiple devices (edit devices in bulk)

click cancel

Exercice 3: Device 360


From Inventory > Device Management > Network Devices .
Select a device (a router or a switch)

Page | 14

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select Neighbors . In 2.2 , you can see both local and remote port (only remote port in 2.1 and
before)

Page | 15

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select the icon

And see the topology from this device !

Page | 16

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

You can select the icon

Partner VT Amsterdam

Oct 30th, 2014

to change the layout and the number of hops.

Page | 17

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 4: Device details


From Inventory > Device Management > Network Devices .

Click on a device name (a router or a switch)


Page | 18

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Explore the different menus

Explore Similar Menus with your wireless lan controller. What do you notice ?
How many access points are registered ?

Explore Similar menus for the UCS B series

Page | 19

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 5 : Topology main window, 360 view and dashlet


Select maps> Topology
Then drill-down to location> All Locations > Unassigned

Play with the different options


-

layout

Page | 20

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

zoom

overview

Partner VT Amsterdam

Page | 21

Oct 30th, 2014

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select a device and launch the 360 view

Page | 22

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

click the topology icon

Page | 23

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Change the layout and number of hops

Page | 24

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select now Dashboard>General

Add a Topology Dashlet

Page | 25

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Move the dashlet on upper right corner and configure it to display the All Locations> Unassigned ,
with a symetric layout.
(Mouse over the right corner of the dashlet and select the icon
mode)

Page | 26

to enter config

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 2 : device groups


PI provides several device grouping capabilities :

The device groups


The location groups
The site maps
The virtual domain

A device group, contains devices for different purposes (configuration, monitoring). A device can join
a group statically or dynamically based on a membership rule. In this case, if a new device matches
this rule, it automatically joins the group. Some inventory attributes are provided to be used in the
membership rule (name, location, type, user define field ). A single device can belong to more than
one device group. Predefined device groups exist based on device model.
Location Group are conceptually identical to a device group : this is a device group based on location
parameters, either snmp location, or switch location (civic address attributes) .This is a new feature
of PI 2.2 which replaces somewhere the use of sites. Membership to a location group is either static
or dynamic.
The site maps are groups of Access points on a map. Access points are positionned on a map and
allow to create wireless heatmap . Sites are organized as a 3 level hierarchy :
campus/building/floors. Membership of an AP to a site is static (manually added/removed) but a
feature called automatic hierarchy creation allow creation and addition of APs in a site based on
their name.
Virtual domains allow grouping for administrative purpose (Role Based Access Control) .

Creating Location Groups

In this exercise, you will create 3 location groups :


-

Provider
East
West

Based on the SNMP location parameter of your device.


But , before you will create an umbrella group called PI-LAB
From Inventory>Device Management > Network Devices , Hover over Location , and select Add
subgroup

Page | 27

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Just name it PI-LAB and save

Select this group and Add Subgroup

Name the group East


Add a membership rule based on syslocation

Preview the device list

Page | 28

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Create in the same way the location group West (syslocation contains West) and the site group
Provider (syslocation contains provider). Both must be subgroup of PI-LAB
You should have the following:

Creating a virtual domain

We will not spend time on virtual domain in this lab , just create one quickly called testVD and put
a few devices in it you will understand later

Page | 29

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Create sub domain testVD

add the network devices SW-SP1-A, SW-SP1-B and SW-SP2

Exercice 7 : Network topology Maps


Go now to Maps> Network Topology

Page | 30

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select User Defined - > PILAB-Network

Click one group

Explore drill down and expand

Page | 31

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Page | 32

Oct 30th, 2014

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Click a link to see the components


Page | 33

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Play with the layout, expand /collapse groups

Select now Dashboard > Overview >General

Page | 34

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

May be the topology dashlet is like that now !!

Why ?
Change it to

Exercise 8: Port Group


Small exercise here, nothing new in 2.2 , but you need this port group later

Select Inventory> Grouping> Port

Page | 35

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select Add subgroup under User defined

Select a static port group, give a name and save

You can use a filter to select YOUR router , 10.14.20x.3 and select GigabiEthernet 0/0 and 0/1

Select the appropriate port and move them to the group you created (add to group)
Page | 36

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

PART 2: Configuration features : AVC and QOS


Exercise 1: One click template for AVC and QoS
PI provides model based templates to deploy technology features on devices. These templates cover
Security Features (Zone Based Firewall, ACL, DMVPN, GetVPN, ScanSafe ) , Routing (OSPF, EIGRP )
, AVC (Application Visibility and Control) .
Model Based Template can be deployed on multiple devices or can sometimes be used to quickly
deploy the feature on a single device.
You will now deploy AVC monitoring on the GigabitEthernet0/1 of your router RTR-PODx-E . (This
interface is connected to your switch SW-PODx-E.)

From Inventory>Network Device click your Router RTR-PODx-E

Select Configuration, and Expand App Visibility & Control , then select App Visibility

Page | 37

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select the Gigabit0/1 interface

Then select Enable App Visibility> App Visibility & Performance (IPv4)

See the message

Page | 38

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You preview the CLI

Then click deploy, wait a moment

Then you get

Page | 39

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Go to Configuration Archive
If the device sends syslog message to your PI, a configuration Archive will occur.
Check if you have a recent config (not the case below)

if not, schedule an immediate archive

You can see the archive job running in the job dashboard (Administration> Jobs) . After a while it
must complete with success.

After some time you will have your archive

Expand the new configuration and select compare previous running

Page | 40

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

As you can see, PI deployed configuration based on ezPM !!

Verify that you are receiving data through flexible netflow , Administration> data source

Select
Select your data source (RTR-PODx-E) and see the netflow template

Page | 41

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You can drill down to the templates by clicking

you can also go to this page through Services> Netflow Templates

Exercise 2: Shared Policy Objects and Model Based Template: design an AVC
template
Shared Policy Object
PI 2.0 introduced the concept of reusable objects called Shared Policy Objects. In 2.0, only 2 shared
policy object existed : IPv4 subnet and Interface Role. These objects were used to customized model
based template like AVC and ZBFW (Zone Based Firewal) .
The release 2.2 have new objects : IPV6 Networks, Security Rule Parameter Map, Security Service,
Security Zone.
Select Configuration >Template> Shared Policy Objects > Shared > Interface Role
Add a new interface role calle inside-interface , where interface Name is GigabitEthernet0/1

Page | 42

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Customize an Application Visibility model based template

Select Configuration > Features and Technologies

Then Application Visibility & Control > App Visibility


Give a name

Page | 43

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select Router as Validation Criteria

Select the Interface role you have created in the field Apply to Interface role

Keep the default values

Page | 44

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Click Save as New Template

The template appears under My Templates > Features and Technologies> App Visibility and
control and can now be deployed

Page | 45

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Deploy an Application Visibility model based template

Now you will configure the deployment process on your router RTR-PODx-E. Please dont deploy on
the router of another POD !!!!
Select Deploy
Select your router RTR-PODx-E in the device selection (Note : here you can select more than one
device)

Notice that you can have an additionnal collector with PI 2.2

Page | 46

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Click CLI preview. Verify that it will be deployed on the appropriate interface (GigabitEthernet0/1)

Deploy but please dont save in startup config

See the job result

Page | 47

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Partner VT Amsterdam

Go to Inventory> network Device

click your device

Select Applied/Scheduled Templates

Exercice 3: Network Services: Application Visibility and Control


In this exercise, you will explore some of the capabilities of PI regarding AVC
Readiness assessment
Select
Services

>

AVC

>

Readiness

Assesment

Verify that your routers RTR-PODx-* are AVC capable .


The router RTR-PODx-E where you deployed AVC previously should be marked as active

Page | 48

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

NBAR2 protocol pack Management


Select Services > AVC >protocol packs management

You can populate on PI a repository of protocol packs (import) then deploy on the device.
Deployment is a job which copies the appropriate protocol pack on flash then activate it in cli.
On your system the repository is probably empty.

AVC profiles

AVC profiles, are configuration templates that can be deployed on interfaces. There are 3 categories

QoS Classification Profiles. This profiles define how application traffic can be identified
(based on NBAR2) and marked. 3 default profiles are provided out of the box according to
Cisco best practices : 5 classes, 8 classes and 12 classes profiles. New profiles can be added
QoS Action Profiles, define the egress action which will occured on egress traffic. (Queuing,
Priority Queuing, BW reservation, shaping ) . 3 default profiles are provided (5,8,12 classes)
out of the box. They can be modified and new profiles can be added as well
APP visibility Profile : define the monitoring action (URL monitoring, traffic volume,
Application Response Time , Voice/Video metrics ).

Select Services>AVC> AVC Profiles

Page | 49

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Now you will create a new classification profile based on the 5 class profile, but you will add the
traffic to/from your PI server in the class Transactional_data

Select + to add a new profile

Choose create a classification profile

Page | 50

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Give a name, and chose 5 class

Then click Add to add your classification


A new entry appears at the bottom

click
Change the type from NBAR to L3/L4 (you will classify using your PI ip address)
Select Apply IP/Port symmetrically
Put YOUR PI IP address

Page | 51

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Click OK
Select now the QoS class (Transactinal-Data)

Save the line

Save the profile

Page | 52

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Interface configuration

This new feature in 2.2 allow to enable AVC/QoS profiles on interface or interface groups

Select Services> AVC> Interface Configuration

Select the port group you created in previous lab (User Defined > myportgroup)

(Notice that one interface has already AVC deployed


Select both interfaces

Click enable QoS


Then select your profile (podx-profile)

Page | 53

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

you can preview CLI

Page | 54

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

then deploy
Please dont copy in startup !!

Check the status of the job in admistration> Job

Page | 55

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

PART 3: vNAM as a data source

Exercice 1 : Setup a vNAM


A vNAM has already been deployed for your pod, it has just an IP address, and ssh/telnet is enabled .
You will finish the config in this exercise
The IP address of your vnam is 192.168.40.2x , telnet user is root/root

telnet/ssh to your nam, enable http server, use admin/cisco for admin user

Page | 56

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

now you can finish the config with your web browser

From administration , configure the network parameters

Page | 57

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

call the nam vnam-podx , add dns parameter as below

From administration > snmp , add snmp communities public : readonly, private : readwrite

Configute Time synchronisation from administration >System >System Time

Warning : Good time synchronisation between your NAM and your client is NOT an option

Page | 58

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 2: How it works


The vNAM has 2 ports, 1 management port and 1 monitoring. The vnic interface corresponding to
the monitoring port has been configured in promiscuous mode on ESXi ,

Page | 59

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

The Physical interface is then connected to a switch where a monitoring session (SPAN) is setup

Exercice 3: Discover a few vNAM capabilities


Monitor Dashboards

Monitor Dashboard are composed of TOP N oriented dashlets (TOP N Application, TOP N DSCP , TOP
N encapsulation )
Select Monitor> Traffic Summary

Explore the Interactive report Filter.


You can change report period, Site , Encapsulation .

Page | 60

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select Monitor> Response Time Summary


You monitor here the application response time .

Analyze Dashboards
Back to Traffic summary, select an application (here netflow) in the TOP N application Dashlet

Page | 61

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

you will drill down to this application.


You can see the traffic volume over ther time, the sender and receiver , and the detail on application
. Here this is 2 routers sending netflow data to a Prime Infrastructure .

Notice the Zoom Pan feature

Page | 62

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Back to Monitor> Response Time Summary

Click https and select Analyze application Response Time

Page | 63

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Here you can see the components of a transaction : network time, server time and data time.
As you can see below, in this case , if http is slow , its not a nerworking issue

Back to Traffic Summary, select an application and click real time

Page | 64

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Real time
you will monitor every 5 sec

Packet Capture

Select again an application and click capture

Page | 65

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You can also create capture session, use filter,create triggered capture
Application Recognition

WIth 6.1, NAM software support NBAR 2. To enable the feature, Select Setupt> Classification >
Application Settings

Page | 66

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

There are tons on other feature in the NAM, dont hesitate to ask your lab proctor if you want more
details.

Exercice 3 : Add the NAM in your Inventory


Select Add Device

Add your own NAM (192.168.40.2x) , and select add devices

Select nam credential profile you created ealy, verigy and add

select add to add the nam in your inventory.


You have now a new device category (may be you need to refresh your browser)

Page | 67

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

and you can see your virtual nam

Exercice 4 : Configure the NAM as a datasource


At this time, the NAM data are not used by PI. You have to enable your NAM as a data source

Go to administration>Settings>Datasource
You will see

Select the NAM and click enable

After some time the data source will become active

Exercice 5 : View NAM data in PI


Select for Example Dashboard> Service Assurance
In the Top N application dashlet, Hover the upper right corner and clic the edit (pencil) icon
Select the nAM as data source , save and close

Page | 68

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 6 : Packet capture in PI


Select Monitor > Tools> Packet Capture
Then Capture Session (upper right)

Page | 69

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Create

Give a name and select Device >Add

Add your NAM

Page | 70

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Expand the NAM and add the Dataport

Click Create and Start

You will see your session running

You can stop it, go back to Monitor > Tools> Capture


Select your capture and decode

Page | 71

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

PART 4: PI Deployment capabilities : High Availability,


Operation Center
Exercice 1: High Availability
You will configure now, an HA pair with a PI primary server , 192.168.193.5x and a secondary
192.168.193.15x.

The primary is already configured as standalone with devices inside.

Mail Server destination .

Failover operations send mail to predefined mail destination. You should then configure a SMTP
destination on the primary PI server : 192.168.193.5x.
Connect to this server first and logon as root/Public123
From Administration > System settings , Configure SMTP destination . Server is 192.168.40.1
Use a user call [email protected] (x is your pod number)

Page | 72

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select test, and add if success .


Verify it works : connect with http to the mail server, use your username (pi-userx) and cisco as
password

Page | 73

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You should have received your test mail.

Adding a virtual domain

Quicky add a virtual domain in this server , its not for HA You will understand later
Select admin > Virtual Domain

Page | 74

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Create a subdomain from root

and add the 2 nexus 5K (DC-1 and DC-2)

Enabling High availability

Go to Administration> System > High Availability


Check the HA status

Select Configuration (left column)


And enter HA config :
-

Secondary is 192.168.193.15x
Key is Public123
You cane nable a Virtual IP and use 192.168.193.11x
Choose Manual failover
Page | 75

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

After a while you while have this window, it can take some time to complete (10/15 min) . You can
to the next exercise, you will come back here later.

Check configuration

Page | 76

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

You can also connect to the Helath monitor of the secondary, use the secondary ip address and port
8082, and use the HA key (Public123)

see below, your secondary is syncing , means it is in standby mode and database and file are in sync.

Verify that you Virtual IP is functional

Page | 77

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Exercice 2: OpCenter
Enabling OpCenter Server

To convert a PI into an OpCenter, you just have to apply a license

Connect to the server 192.168.40.15x , user root/Public 123


This server is empty.

go to Administration License

Page | 78

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Select file> License files

Select Add , and select the provided licence file

you have now a cluster license

Logout and login

Page | 79

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

see the Banner

and the menus and logon page


Remark also that you have no virtual domains

Single sign on

Before Adding Server, you must configure your cluster as SSO server and your instances as SSO client
On the OpCenter, 192.168.40.15x, select

add the server itself as sso server

Page | 80

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

enable SSO

keep SSO mode local (this means that the SSO server can also you an external aaa radius or tacacs
server)

On first instance, 192.168.40.5x , add sso server (it will be the opCenter )

Page | 81

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

and enable SSO

On the second Instance (use HA VIP or VIP name )


Do the same
Adding Servers

You must add your 2 server instances , pi-podx and your HA server (use the HA virtual pi-v-podx )
Add the first one : pi-podx.prime.ciscofrance.com

Page | 82

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Server is added

Add now the second pi-p-podx.prime.ciscofrance.com


Finally you will have

OpCenter Navigation

Look the home page

Page | 83

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Look the monitor > network device

Remark that you have an extra column : Prime Server


Click on a device name first : you have only device details

Back to the Monitor> network device page , click on Prime server name

Page | 84

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

This drill down to the appropriate server (with sso) in another window

Look at the virtual domains : you should see the ROOT-DOMAIN and the domain testVD

Select the domain testVD, see the device list

Do you understand how it works ?

Select Monitor > alarms and events


See alarms aggregated from both PI servers.

Page | 85

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Go to Client and Users , see endpoints collected by both instances

you can also test the generic search . You should have a user with your pod number : podx , search
for him in the generic search window

Page | 86

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Examine the available reports

Exercice 3: Failover.
You will stop the server pi-p-podx , this should trigger a manual failover.
Connect to the server through ssh, and halt it

Connect to your mail account. You should see this mail

Page | 87

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

Launch the URL, this is the health monitor of the secondary


Use the key : Public123

Click the failover button

wait the failover .

until

Logon to the secondary (you can use the Virtual ip )

Page | 88

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Partner VT Amsterdam

Oct 30th, 2014

and verify the status . Secondary must be active

you will also receive an e-mail

Check on the operation center. You see that OpCenter automatically switched to the secondary.

################################### END OF LAB #####################################

Page | 89

https://pi-podx.prime.ciscofrance.com

You might also like