Cisco Prime LAN Management Solution

Document

Wed, 09/04/2013 - 06:13
Aug 26th, 2013
User Badges:
  • Cisco Employee,
Table of Contents 



 Implementation, Configuration, and TroubleshootingWith Vinod Arya


This document contains the slides for the live webcast.


During this live event, Vinod takes you through the installation of Cisco Prime LMS, including initial portal login and use of the Getting Started workflow to configure the server. He will also demonstrate how to explore and customize the dashboards in My Menu, manage portlets, and change the portal layout. Additionally, Vinod will show the steps to manage the network device inventory, manage network device configurations and software images, monitor and troubleshoot the network, and much more.


Agenda:


  • Introduction to Cisco Prime LMS
  • Evolution of Cisco Prime LMS
  • Configuring and Implementing Cisco Prime LMS
  • Case Studies
  • Live demo


Vinod Arya is a High Touch Technical Support (HTTS) engineer in Cisco’s Focused Technical Support (FTS) organization working on Network Management System (NMS) products and technologies. His current focus is on planning and implementing Network Management Infrastructure(s). His areas of expertise also include NMS products and technologies such as the CiscoWorks LAN Management Solution (LMS), Simple Network Management Protocol (SNMP), IP, Service-Level Agreements (SLAs), Cisco Prime Provisioning, Cisco Network Registrar, and many others. He has more than 7 years of experience in IT. Prior to joining Cisco’s HTTS NMS team, Arya worked for Convergys India Pvt Ltd managing and optimizing the Optus Broadband Network. From there he joined HCL Technologies, working with its local switching team before moving on to the Network Management Team. He was also part of its Technical Assistance Center (TAC). Arya holds a Bachelor’s degree in Information Technology from Kumanun University in Nainital, India, and a MBA in Information Technology from Sikkim Manipal University in Bangalore, India. He holds several Cisco Certifications, including CCNA® and VCP 5.0..

Webcast related links:



General Questions:


Q. What was this known as earlier?

A. It was known as "CiscoWorks LAN Management Solution (LMS)".


Q. How will Cisco Prime LMS overcome the issues with the previous CiscoWorks LMS in terms of usability and stability?

A. The answer to this question is provided in the Ask the Expert event.


Q. When will Dynamic User Tracking support SNMPv3 informs, instead of just SNMPv2?

A. The answer to this question is provided in the Ask the Expert event.

Q. Does Cisco Prime work with Nexus Series Switches?

A. Yes, it does work with the Nexus Series Switches. For more information, see “Supported Devices Table for Cisco Prime LAN Management Solution 4.2”.


Q. Does LMS have the ability to run nightly backups of all devices as part of the feature set?

A. Yes, if all the devices are added successfully then CiscoWorks should be able to back up the configuration of all the devices.


Q. Is it possible to monitor services that run on a Microsoft Windows server with LMS?

A. No, it is not possible to monitor services that run on a Windows server with LMS.


Q. What is the difference between Cisco Prime LMS and Cisco Prime Infrastructure?

A. CiscoWorks LMS is used to manage the LAN as the name states, LAN Management Solution. However, Cisco Prime is LAN, Wireless, and WAN technology in one bundle.


Q. Can LMS manage any non-Cisco products such as Palo Alto devices?

A. For the non-Cisco devices, the support is less and it cannot be confirmed if Palo Alto devices are supported in LMS without knowledge of the sysObjectID of the device. In order to check support for a non-Cisco device, see "CiscoWorks LAN Management Solution 4.2 for Non-Cisco Devices".


Q. In consideration of the continuous migration to INF files, what LMS upgrades are planned and what features are planned in the future (rather than bug fixes and definition updates)?

A. The answer to this question is provided in the Ask the Expert event.

Q. Is it possible to monitor the status of track in an IP Service Level Agreement (SLA)?

A. You could monitor an IP SLA on a device that uses LMS. However, you would have to create the operation with LMS.


Q. How does Cisco Prime LMS work as a syslog server?

A. Prime LMS works well as a syslog server.


Q. Does LMS have per-device licensing, such as Network Control System (NCS)?

A. The answer to this question is provided in the Ask the Expert event.

Q. Can Cisco Prime monitor/configure options for Overlay Transport Virtualization (OTV)?

A. The answer to this question is provided in the Ask the Expert event.

Q. Is it possible to assign a topology map to a particular user?

A. No, it is not possible to assign a topology map to a particular user.


Q. Does Cisco Prime LMS manage Cisco Aironet Wireless?

A. Yes, it supports the Aironet 2600 Series. See "Supported Devices Table for Cisco Prime LAN Management Solution 4.2 3” for more information.


Q. Could you explain a little bit more the Number of CPU's COUNT required a windows server2008 to run LMS. I have one server with 4 sockets each one 6 processors so the logical number process=24. but I am not allowed to monitor more 30k objects?

A. This depends on the license you have and for how many devices.


Q. Is there a virtual machine (VM) appliance version like many of Cisco's other products?

A. Yes, you could use the Cisco's soft appliance which uses Linux as the OS to install LMS Release 4.2. See "Installing and Migrating to Cisco Prime LAN Management Solution 4.2" for more information.


Q. Can I use the device backup of Release 3.2 in Release 4.2?

A. You cannot back up and restore just device configurations. It has to be a complete backup of one LMS which can be restored into another.


Q. Does Cisco Prime Release 4.2 have a Layer 2 topology view?

A. Yes, LMS Release 4.2 has a Layer 2 topology view which you could launch from the topology.


Q. Can I set a specific time slot for change management of all the devices, such as midnight?

A. In order to collect the configuration from the devices, you could schedule it for midnight and at the same time you could schedule jobs to make any changes on the devices at the time that is convenient for you.


Q. Can LMS be configured to accept and display syslog messages from devices not currently in the Device Credentials Repository (DCR)? Possibly with an automated action to attempt to manage the unknown device?

A. It will not be possible if the device is not added in LMS. CiscoWorks will not be able to manage the syslog messages as the device itself is not currently managed by LMS.


Q. Is there any other installation bug identified as DCRServer Process failure (which is solved in Release 4.2.4)?

A. As of now there is no bug identified. However, if you run into such an issue, go to cisco support forum for a solution.


Q. Is it possible to have redundancy for CiscoWorks servers, such as a cluster?

A. Yes, you can configure the LMS in a High Availability Environment. See "Setting Up Cisco Prime LMS in High Availability and Disaster Recovery Environment" for more information.


Q. Is there an application programming interface (API) or command-line function that can be used to add devices through an automated process?

A. The answer to this question is provided in the Ask the Expert event.

Q. Is there a way to slipstream the latest service packs into the install files so that when multiple instances of LMS are installed/upgraded, the service packs are already installed?

A. No, you need to install the service packs one-by-one as per the hierarchy; LMS 4.2 > LMS 4.2.2 > LMS 4.2.4.


Q. I have created a job in LMS for an Adaptive Security Appliance (ASA) to delete a particular route and add a new route. The job executes only if the approval is given by my L3 Team Lead and Manager. Is this possible in LMS Release 4.2?

A. You could assign an approver in LMS, so when a job is to be executed it would first have to be approved by the approver. The approver receives a notification when a job is executed.


Q. Is it mandatory to select a device type when a device is added in Common Services (CS)?

A. No, most of the time LMS via SNMP gets hold of the sysObjectID and determines the device type. However, if the device is still unknown, you could run the inventory for it to become known.


Q. Is it possible assign a topology group user?

A. The answer to this question is provided in the Ask the Expert event.

Q. When any one approver member disapproves the job, the job should not execute. Is this possible?

A. See "Job Approval Workflow" for more information.


Q. Is there a recommendation on which platform to run LMS on between Microsoft Windows or a Linux Open Virtualization Alliance (OVA)?

A. It is up to you. People usually use Windows because it is more user friendly than Linux. Linux is CLI-based; however it is more secure than Windows so it is the user's choice.

Q. Is it possible to acknowledge a faulty device so that the error does not appear in the devices that are unreachable?

A. If you know a device is unreachable for any reason, you run the report for the unreachable device and delete it from there.


Q. Is it possible to send a fault notification to different recipients dependent on the time of day or day of the week?

A. Yes, you can send a fault notification to N number of users; however you will not be able to schedule it. As an example, when there is a fault an email will be sent.


Q. In LMS Release 4.2, am I able to monitor the utilization of the switch port? For example, how long a switch port was up?

A. You can run the Swith Port Utilization report, which is for the port of the campus manager.


Q. I can delete the device, but for instance, I know that Switch A will be down for maintenance. Is the only way to stop LMS from sending errors is to delete the device?

A. If a device will be under maintenance and you do not need alerts for this then you can suspend the device in LMS and resume it later; Inventory > Device Administration > Manage Device State.


Q. Is it possible to schedule a configuration change?

A. Yes, it depends on what changes you will make in the device.


Q. Is it possible to stop or edit the system poller?

A. No, unfortunately we cannot edit the system-defined poller.


Q. Is the license dependent on the number of nodes managed?

A. Whenever you bought the license, it was dependent on the number of devices you wanted to manage.


Q. What is mini-Remote Monitoring (mini-RMON) and how it can be used?

A. See the "Setting Up CiscoView Mini-RMON Manager" section for the RMON requirement.


Q. Can you define the polling interval for LMS per group or for all groups?

A.

Q. Is there a CLI available to check the jobs scheduled?

A. For Windows, just type at in the command prompt and you will see all the scheduled jobs such as backup.


Q. Can we manage light weight/other vendor access points in the LMS?

A.


Q. How can I move discovered devices from a default group to a customized group? Do I always have to specify the group name under discovery settings?

A. You could use this feature to segregate the devices and make the devices fall to a specific group. See the "Specifying Group Properties" section for more information.


Q. What is the purpose of having the manage/unmanaged devices group after running a discovery procedure?

A.


Q. How you create a backup in LMS Release 4.2.3?

A.


Q. Where would I be able to find the OVA files for Release 4.2? Currently, do only Releases 4.1 and 4.0 contain OVA files in the download section?

A. You can download it from here.


Q. Is there an API to connect to the database so you can do adhoc reports?

A.


DFM and HUM:


Q. What SNMP value will be polled by the Device Fault Manager (DFM) and the Health and Utilization Monitor (HUM)?

A. The DFM and HUM use only the SNMP community string to manage the device. The DFM sends an alarm when the device sends the trap to the DFM. The HUM can configure different pollers, such as for CPU, interface arability, and so on dependent upon the poller you have configured. MS polled the device to get the same information from the device, such as 5 minute CPU utilization with the respective Object Identifier (OID).


Q. Is DFM or HUM better to monitor the device temperature thresholds?

A. The HUM could be used to poll the threshold and generate an alert when it is violated. The DFM generates alerts when there is a problem with the device.


Q. It is often seen in the HUM that the total number of instances reached the maximum while editing the historical poller. What does it mean (physical interfaces or including loopback, VLAN, and so on)?

A. The number of MIB objects which can be polled by LMS depends on the server configuration. Yes, it includes all the interfaces which are managed by LMS. If you use LMS Release 4.2.x you have an option to select the interface while polling (Poll by User Selection > Select the instances on which you want to poll the devices).


Q. What SNMP port and MIB will be polled by the DMF and the HUM?

A. By default, LMS receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port, you can do so. LMS supports SNMPv1, v2,and v3 traps for trap receiving. For polling through the HUM, it uses the SNMP UDP port 161.


Q. Can you put the HUM in maintenance mode while you work on network changes?

A. In order to achieve this, suspend the poller under maintenance. Once you are back up, resume the pollers.


Q. For large, multi-site deployments, can a higher level LMS collect and aggregate data and statistics from multiple remote Resource Manager Essentials (RME), CM, and DFM collectors?

A. This should not be a problem. If you plan to to install a Master-Slave setup with different applications installed on different servers, it should work fine.


Cisco Prime Infrastructure:


Q. Will there be a session to cover Prime Infrastructure anytime soon?

A. Cisco had a webcast on Cisco Prime Infrastructure April 2013. You can see the recording at "Configure and Troubleshoot Wired and Wireless Networks Using Cisco Prime Infrastructure".


Q. If I own the license for Prime Infrastructure, does that allow me to run Prime LMS? Do I need Prime LMS if I own and run Prime Infrastructure?

A. No, the license for Prime Infrastructure does not entitle you to run Prime LMS. You do not need to run Prime LMS if you use Prme Infrastructure. Cisco will wait for the full-fledged version of Prime Infrastructure to be released before LMS is discontinued.


Q. When will the full-fledged version of Prime Infrastructure be released?

A.


Q. When do you anticipate end-of-life for this product if Prime Infrastructure will take over its role?

A. Cisco Prime LMS will always be there. Cisco will continue to improve the quality of the product, as CiscoWorks LMS is the complete solution for LAN Management.


Q. If I want to manage both wired and wireless do I need to wait to install Prime Infrastructure Release 2.0?

A. Yes, you need to wait till Prime Infrastructure Release 2.0 is released.


Q. Does Prime Infrastructure Release 2.0 cover all the services which LMS and Network Control System (NCS) provide?

A.


Q. We have LMS Release 4.2. I have been told that Cisco Prime Infrastructure Release 1.X (2.x?) is a replacement for LMS and that we need to upgrade. Does LMS have an end-of-life date?

A. No, Prime Infrastructure is not a replacement for LMS. Prime Infrastructure is a bundle which has LAN, Wireless, and WAN technology bundled together. There is no EOL planned for LMS as of now.


Q. When Prime Infrastructure Release 2.0 is finally released, is there so much functionality in that product that the "typical user" can migrate from Prime LMS to Prime Infrastructure Release 2.0?

A.


Q. Is Release 4.2.x the last release of Prime LMS and is it scheduled to be integrated into Prime Infrastructure? Is that what Prime Infrastructure Release 2.x is?

A. LMS Release 4.2.x still has some update patches pending. Prime Infrastructure Release 2.0 is a blend of both wired and wireless network management.


Q.­ Can we install Prime on a VM­?

A. Yes. You can install Prime on a VM. See “Installing and Migrating to Cisco Prime LAN Management Solution 4.2" for more information.


CPLMS Security Questions:

Q. In a high security environment that explicitly forbids the use of both SNMP and Cisco Discovery Protocol (CDP) protocols, is there any other Layer 2 discovery methodology to find non-routing devices, such as OID detection and Address Resolution Protocol (ARP), then attempt Secure Shell (SSH) connections?

A. LMS should be able to discover the devices with the other protocol; however it might not be able to manage the device as SNMP is needed to manage the device in LMS.


Q. Do Cisco Prime and Cisco Security Manager (CSM) integrate?

A. There is no product level integration available between LMS and CSM. CSM is built with some of the same components (historically RME and, with CSM Release 4.3, Common Services Release 4.0) used by Cisco Prime LMS but it is not integrated. The most you could do to put some links onto your LMS portal that point to the CSM server. See the "Adding Portlets" section for more information.


Q. Can you generate a Certificate Signing Request (CSR) from an LMS Server and then use it to create a valid certificate from my Certificate Authority (CA) Server?

A. Yes, you can do this. See "Uploading Third Party Security Certificates to LMS Server" for more information.


Q. Can I change the access on LMS from http to https once the server is in production?

A. Yes you can. You need to enable the Secure Socket Layer (SSL) on the LMS: Admin > Trust Management > Local Server > Browser-Server Security Mode Setup.


Q. Can I do authentication on the LMS Server with an external Identity Services Engine (ISE)?

A. LMS can be integrated with Access Control System (ACS), Windows Active Directory (AD), and so on, but not by ISE.


Q. Can I have an external repository for backups (FTP backup server) similar to Cisco ISE?

A. The recommended way for this to "take a backup locally and then siphon it off to an external repo".


Q. If my ISE device (which is connected to AD), is the authentication server for many devices on my network, can I configure the LMS that points to ISE so the user will be authenticated through LMS > ISE > AD?

A.


Q. Will there be schema extensions for ACS Release 5.x similar to the earlier LMS Release 2.x/3.x and ACS Release 3.x/4.x to allow role assignments from the ACS rather than require administrator accounts to be recreated locally?

A. As of now it not planned, It is understand that from the customer point of view the ACS integration which used to be there until LMS Release 4.x was great. But now with the mechanism of role-based access control (RBAC) added within LMS, a local user has access to all the GUI.


Q. Is it possible to pull the VPN connectivity report at the user level?

A.


Q. Does the Cisco Prime Infrastructure cover security devices?

A. There are a lot of Cisco Security devices supported by LMS. In order to learn more about this, see “Supported Devices Table for Cisco Prime LAN Management Solution 4.2”.



CiscoWorks Prime LAN Management Solution for IPv6:


Q. What types of IPv6 capabilities/considerations are present in CiscoWorks Prime LAN Management Solution (CPLMS)?

A. In order to understand CPLMS support for IPv6, see "IPv6 Support in LMS".


Loading.

Actions

This Document

Related Content