Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco Prime Infrastructure FAQ

 

[TOC:faq]

 

Getting Started

Q:1 What is Cisco Prime Infrastructure?  A product or a bundle?

Both.  When a customer orders Cisco Prime Infrastructure the customer receives two products bundled together: Cisco Prime Infrastructure and Cisco Prime LAN Management Solution.

 

Q:2 What is Lifecycle, Assurance, Data center and APIC EM Controller Apps? How do they relate to Cisco Prime Infrastructure 3.1?

Cisco Prime Infrastructure is composed of different feature sets which are licensed separately.

The Enterprise Management Feature set includes lifecycle, assurance and the right to use APIC-EM controller software and basic apps & services.

The Data Center Feature set provides Datacenter device inventory management, health and performance Monitoring, Infrastructure Impact and root cause analysis, Compute resource optimization, Future resource planning, and Customer Impact analysis.

 Q:3 I have LMS, how is Cisco Prime Infrastructure different?  What will happen to LMS?

Cisco Prime Infrastructure is a single pane network management product that converge the wireless management features from Cisco Prime Network Control System and the wired management features of Cisco Prime LMS.  Relevant features from Cisco Prime LMS are being phased into Prime Infrastructure beginning with the 1.2 release.  Most LMS customers will be able to transition to Prime Infrastructure.

Collateral on LMS 4.2 Vs PI 3.1 is available at

http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/white-paper-listing.html

 

Q:4 I have NCS/WCS, how is Cisco Prime Infrastructure different? What will happen to NCS?

Cisco Prime Infrastructure is a direct evolution of Cisco Prime NCS and can be considered as the latest release of Cisco Prime NCS. The product name was changed from NCS to Prime Infrastructure to reflect the expanded scope of the product to include full lifecycle management for wired devices (routers and switches) in addition to wireless devices.

 

Q:5 What are the new features in Prime Infrastructure 2.2?

Below are the new features

New Wireless Support

- WLC 8.0 & MSE 7.7/8.0 IPv6 & security certification (FIPS, CC, and USGv6) support

- IOS-XE 3.6 wireless / unified access support

- Wireless AVC

- IWAN Support

- IWAN Configuration Workflow

- AVC Workcenter

- NBAR Protocol Pack Update

- QoS Configuration for AVC

Data Center Assurance (Nexus 9000 & UCS)

- Basic device management for Nexus 9000 standalone switches

- Discovery and Inventory Support for UCS B and C series devices

- Monitor Availability and Faults on UCS Blade and Rack servers (B and C series)

- Root cause for faults and correlation to underlying UCS physical infrastructure

Operations Center

- Centralized Monitoring of Multiple Prime Infra Server Platform

- Converged Menu (fusion of "Lifecycle" & "Classic”)

- Network Topology

- Management of network devices via IPv6 (wired and wireless)

- Plug and Play gateway “high availability” deployment option

- New RW REST APIs for adding devices, managing wireless devices, provisioning WLANs

- Monitoring setup workflow improvements (Monitoring Policies)

- Credential Profiles (bulk network device credential management)

- Inventory and Device Grouping improvements

- Improvements in Job handling

- HA improvements (virtual IP)

  Additional details on what’s new can be found in the below link.

 Q:6  What is “Converged Menu “option in Cisco Prime Infrastructure 2.2?

Cisco Prime Infrastructure 2.2 introduces a single converged menu structure, combining many of the characteristics of the older “Classic” menu and newer characteristics of the previous “Lifecycle” menu. This will be the single menu used for all functionality in Prime Infrastructure going forward. The older “Classic” menu is still available in Prime Infrastructure 2.2, but this is officially “deprecated” and will not be present in future releases, and users should use the converged menu for all tasks and operations in Prime Infrastructure.

 

Q:7 List out the major changes in Cisco prime Infrastructure 2.2 GUI?

Cisco Prime Infrastructure 2.2 supports Native IE browser (IE 10 & 11) and no Chrome Plug-in and Flash Plug-in needed. Prime Infra 2.2 has a single converged menu structure. Prime Infrastructure 2.2 home dashboard options are organized as Monitor, Configuration, Inventory, Maps, Services, Report and Administration. Also Classic view is deprecated. Maps and Topology organized at top level.

 

Q:8 What are the Web Client Requirements for Prime Infrastructure?

Prime Infrastructure supports Internet Explorer, Mozilla Firefox and Google Chrome. Refer below link for supported versions.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-97386

Q:9 What are the Web Client Requirements for Prime Infrastructure 3.x?

All Prime Infrastructure users access the application from a client web browser.

Web client requirements are listed below.

  • Hardware—A Mac or Windows laptop or desktop compatible with one of the following tested and supported browsers:

– Google Chrome 34, 35, 36 or later

– Microsoft Internet Explorer 10, or 11 (No plug-ins are required.)

– Mozilla Firefox 30 or later

  • Display resolution— we recommend that you set the screen resolution to 1280 x 800 or higher.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/quickstart/guide/cpi_qsg.html#pgfId-127113

Q:10 What is SWSS and what you can get by having SWSS?

SWSS is Cisco Software Support Service.

Cisco Software Support Service (SWSS) gives you:

24x7 access to Technical Assistance Center (TAC)

Major software upgrades

Minor software updates

Access to online resources

The cost of SWSS is based on the licenses owned by the customer (i.e. Base, Software, Lifecycle, and Assurance & data Center). 

Q:11 Is Prime Infrastructure 3.0 supported on Gen 1 Appliance?

Prime Infrastructure 3.0 is supported on Gen 1 Appliance.

 

Refer the below link to install PI 3.0 on Gen 1 Appliance.

 

http://www.cisco.com/web/software/284272933/130096/Guide_for_installing_PI_3_0_and_migrating_PI_2_2_x_to_PI_3_0_2_on_a_Gen-1_Appliance.pdf

Q:12 What are the advantages of moving into new GUI in Prime Infrastructure 3.0?

Cisco Prime Infrastructure 3.0 comes with the new Graphical User Interface which has various advantages over the previous UI. New Evolution UX design is designed to provide better User experience for the end users and completely removes dependency on Adobe Flash and is based on HTML 5. New UI provides faster performance which has Improved Screen loading and rendering with reduced memory footprint. The new UI also provides support for new visualization widgets and new color palette.

Q:13 What are the new features supported in Prime Infrastructure 3.0?

Listed below are the new features in prime Infrastructure 3.0.

Platform

  • New User Interface
  • Network Summary Dashboard
  • Dashboard metrics panel
  • Dashboard export capabilities
  • Topology enhancement – Link 360
  • Japanese Localization support
  • Custom Alarms & Events for new Traps
  • Configuration Baseline Audit
  • New Platform/Device Support
  • PSIRT & EoL reporting enabled
  • Performance graphs
  •  Integration with APIC EM for ZTD
  • Composite Reports
  • Data Center: VM Assurance (VMware, Hyper-V)

 Wired

  • Configuration baseline Audit
  • Out of the box monitoring for links
  • New service health dashboard view
  • PfR Monitoring

Wireless

  • WLC 8.1 Support
  • Wireless device pack framework
  • Converged Access
  • Wireless Integration (Meraki support, Converged Access)

Q:14 Does Prime Infrastructure 3.1 support on Gen 1 Appliance?

Cisco Prime Infrastructure  3.1 is supported in Gen 1 appliance from PI 3.1 Software Update 3.

Q:15 What are the new features added in Prime Infrastructure 3.1?

Listed below are the new features in prime Infrastructure 3.1.

Data Center Assurance

  • DC Topology
  • Visibility to Fabric extender
  • VDC 1-hop view topology
  • VPC link in Topology
  • Out of the box polling of vPC links
  • 2/3/4 member vPC view in topology
  • Network VPC links with health status
  • VPC inconsistency view with Fault generation
  • DC APIs

Operations Center

  • Mixed Operations Center Licenses
  • Seamless SSO Setup
  • High Availability
  • Configuration Templates
  • Reports

Platform

  • New Plug and Play Dashboard
  • Instant Access Workflow
  • Configuration Deployment Workflow
  • Software Image Management Enhancement
  • Global Variable in Configuration Templates
  • Global Offline Search
  • Converged Access Workflow
  • TrustSec Readiness Assessment
  • Compliance Audit for Wireless LAN Controllers
  • Site Visibility
  • Routing Table Monitoring
  • IWAN Workflow Enhancements
  • Alarm Policies
  • Live Syslog Streaming
  • Bulk AP Replacement
  • Enhancement to DCA Template
  • Dock Window

Refer Prime Infrastructure 3.1 Release notes in the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/release/notes/cpi_rn.html

 Architecture

Q:1 What should I consider before migrating to Prime Infrastructure from LMS?

Refer to the document transitioning from Cisco Prime LMS to Cisco Prime Infrastructure available at http://www.cisco.com/go/primeinfrastructure.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/app_note_c27-716266.html

 

Q:2 Describe the form factors in which Cisco Prime Infrastructure is currently available for customers.

Prime Infrastructure comes in 2 form factors: a physical appliance or a virtual appliance.  Regardless of the form factor, each is a fully converged platform for wired/wireless management as well as assurance (application visibility) management. Nothing to install, once the OVA is loaded, in the case of the virtual appliance.  Cisco Prime Infrastructure is pre-loaded in case of Physical appliance and one may have to run the setup to configure the System.

 

Q:3  What is the limit for device scalability in Prime Infrastructure 2.x?

Prime Infrastructure 2.x can support up to 18K devices.  For more details please refer the below document.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-67786

 

Q:4 Is it possible to manage multiple instances of Prime Infrastructure (or) Do we have Manager of Manager (MoM) architecture in Prime infrastructure? 

 

Yes. In Prime Infrastructure 3.1 there is a feature called ‘Ops center’ which is a centralized visualizer for a network environment that has one or more Prime Infrastructure servers. Users may have one or more Prime Infrastructure servers for one of the following purposes:

-  Accommodate scale or the geographical distribution of their network.

- Support geographic distribution, where Enterprise or Service Providers have networks that are spread across the globe and would like to avoid managing the devices over the WAN links.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/mon-opsctr.html

  

Q:5 Customer is planning to migrate from WCS to Prime Infrastructure.   They have about 10,000 APs, some of which are still autonomous.  This is spread across different geographic locations.it looks like a single Prime deployment can manage the entire infrastructure. Does it make more sense for the customer to put a Prime deployment in each theater (Americas, Europe, Asia) as opposed to centrally located at a US datacenter.

Prime Infrastructure 2.2 will scale up to 18,000 devices of any type (LWAPs, routers, switches) in a single instance, and furthermore offers domain-based segregation and RBAC, or Roles-based Access Control, to define user authorization.  This is ok for most customer use cases, but not all.  You would need to have multiple instances of PI across the different theaters, which would allow local IT engineers to see the network for which they are responsible.

Ops center feature in Prime Infrastructure 2.2 will allow each of the theaters to have their own Prime Infrastructure instances, and then consolidate all the data from the various instances into a single NOC-focused cluster instance.  Presumably, it would be located in HQ.  This will give them the added advantage of scaling to unheard of numbers in terms of # of devices or # of client devices.

Q:6 What are the various protocols required to successfully manage a device in Cisco Prime Infrastructure 3.0 ?

Please see the below link for the required protocols to manage different devices in Cisco prime Infrastructure.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/guide-c07-736611.html#_Toc442524006

Q:7 What is the Operating system (OS) used by Cisco Prime infrastructure 3.0 ?

Cisco Prime Infrastructure 3.0 runs on a 64-bit, modified version of Red Hat Linux Enterprise Server 5.11 operating system

Q:8 What is the Operating system (OS) supported by Cisco Prime infrastructure 3.1 ?

Cisco Prime Infrastructure 3.1 runs on a 64-bit, customized version of Red Hat Linux Enterprise Server 6.7 operating system.

Q:9 What are the new device scaling terms in Cisco Prime Infrastructure 2.x?

  With Prime Infrastructure 2.x, we can scale up to 18000 devices, detailed figures below.

Supported Scale for Express/Standard/Pro Configurations in Prime 2.x

 

Supported Scale for Express/Standard/Pro Configurations

Parameter

Express

Standard

Pro

Devices

Max Unified AP

300

5000

20,000

Max Autonomous AP

300

3,000

3,000

Max Wired

300

6,000

13,000

NAMs

5

500

1,000

Clients

Wired Clients

6,000

50,000

50,000

Wireless Clients

4,000

75,000

200,000

Changing Clients

1,000

25,000

40,000

Monitoring

Events Sustained Rate (events/sec)

100

300

1,000

Netflow Rate (flows/sec)

3,000

16,000

80,000

Max Interfaces

12,000

250,000

350,000

Max NAM Data Polling Enabled

5

20

40

System

Max Number Sites/Campus

200

2,500

2,500

Max Groups : (User Defined + Out of the Box + Device Groups + Port Groups)

50

150

150

Max Virtual Domains

100

1,000

1,000

Concurrent GUI Clients

5

25

25

Concurrent API Clients

2

5

5

 

 Q:9 What are the various protocols required to successfully manage a device in Cisco Prime Infrastructure ?

Please see the below link for the required protocols to manage different devices in Cisco prime Infrastructure.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/guide-c07-729990.html#_Toc384812983

 

Q:10 Name the Operating system (OS) used by Cisco Prime infrastructure 2.x?

 Cisco Prime Infrastructure runs on a 64-bit, Red Hat Linux Enterprise Server 5.4 operating system

 

Q:11 How to modify the virtual machine resources when customer is updating express OVA to custom OVA?

 Follow the below link to modify the parameters in Virtual machine.

https://supportforums.cisco.com/document/11937711/how-modify-virtual-machine-resources-prime-infrastructure-20

 

Q:12 Is it necessary to migrate to new UCS based appliance (PI-UCS-APL-P-K9) for Cisco Prime Infrastructure?

Yes. Cisco announces the end-of-sale and end-of-life dates for the Cisco Prime Network Control System (Gen1) Series Appliances. So Customers are encouraged to migrate to the UCS based Cisco Prime Infrastructure Series Appliance (product ID number PI-UCS-APL-K9).

Follow the below link to know about EoS/EoL dates of Cisco prime NCS appliance.

http://www.cisco.com/c/en/us/products/collateral/wireless/prime-network-control-system-series-appliances/eos-eol-notice-c51-733312.html

 

Q:13 What is the hardware specification of Cisco Prime Infrastructure Gen 2 appliance?

 The Hardware specification of Gen 2 Appliance is listed below. It is recommended to use CPU of 2.93 GHz or higher.

Cisco Prime Appliance  (Gen 2)

10 Core Physical CPUs - 20 Threads

64 GB

8 x 900GB  RAID10

200 Mbps

 

 

Q:14 Can I share the same UCS-Blade server for Cisco Prime and another customer application?

 No. Prime Infrastructure Gen 2 physical appliance comes with Prime Infra application preloaded. So it is not possible to install other custom applications. It is possible only in a virtualized environment using hypervisors.

 

Q:15 When will the new prime appliances (PI-UCS-APL-P-K9) will be available on the CCW?

UCS based Prime Infrastructure appliance available from April 3rd 2015.

PI-UCS-APL-K9: $24K (for new installations);

PI-UCS-APL-U-K9: $21K (for upgrades from Gen1 to Gen 2)

 

Q:16 Does Prime Infrastructure require internet connectivity to operate?

 No. Prime Infrastructure can operate as a closed system with no internet. The only impact is that the TAC integration and accessing data that is stored on the internet (i.e. IOS image, PSIRT & EoX documents) would not be accessible.

Q:17 What are the device scaling parameters for prime Infrastructure 3.0?

Please find the device scaling parameters for prime Infrastructure 3.0.

Supported Scale for Express, Express Plus, Standard, and Pro Virtual Appliances and the Physical Appliances

Parameter

Express Virtual Appliance

Express Plus Virtual Appliance

Standard Virtual Appliance

Pro Virtual Appliance

Physical Appliance (Gen 1)

Physical Appliance (Gen 2)

Devices*

Max. unified access points

300

2,500

5,000

20,000

5,000

20,000

Max autonomous access points

300

500

3,000

3,000

3,000

3,000

Max. WLAN controllers

5

25

500

1,000

500

1,000

Max. wired (for example, switches, and routers)

300

1,000

6,000

13,000

6,000

13,000

Max. NAMs

5

5

500

1,000

500

1,000

Max. devices

1000

4,000

15,000

20,000

15,000

20,000

Clients

Max. wired clients

6,000

50,000

50,000

50,000

50,000

50,000

Max. wireless clients

4,000

30,000

75,000

200,000

75,000

200,000

Transient wireless clients  (clients/5-minute interval)

1,000

5,000

25,000

40,000

25,000

40,000

Parameter

Express Virtual Appliance

Express Plus Virtual Appliance

Standard Virtual Appliance

Pro Virtual Appliance

Physical Appliance (Gen 1)

Physical Appliance (Gen 2)

Monitoring

Events** sustained rate (events/sec)

100

100

300

1,000

300

1,000

Netflow rate (flows/sec)

3,000

3,000

16,000

80,000

16,000

80,000

Max. interfaces

12,000

50,000

250,000

350,000

250,000

350,000

Max. NAM data polling enabled

5

5

20

40

20

40

System

Max. number sites/campus

200

500

2,500

2,500

2,500

2,500

Max. groups: (User-defined + Out of the box + Device groups + Port groups)

50

100

150

150

150

150

Max. virtual domains

100

500

1,200

1,200

1,200

1,200

Concurrent GUI clients

5

10

25

50

25

50

Concurrent API clients

2

2

5

5

5

5

 

Q:18 What are the other languages supported by Cisco Prime Infrastructure ?

Cisco Prime Infrastructure 3.0 is localized for Japanese language. Cisco Prime Infrastructure 3.1 is localized in Japanese and Korean language.

Q:19 What are the different ways of integrating Prime Infrastructure with 3rd party tools like trouble ticketing system or north bound manager of manager like applications?

You can use the API resources along with the SNMP north bound notification to integrate Prime Infra with any 3rd party tools like trouble ticketing system or manager of manager applications.

API resources allow you to pull the alarms /events initially from the Prime System and also allows you to query for the alarms/events per device/group/time interval etc.

For asynchronous notifications on incoming alarms and events or updates to the existing alarms, you have to configure the PI system to send north bound traps. The definition of the traps sent from PI can be found from the Prime download page, the link for which is given below.

Here are some pointers.

API References

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

https://developer.cisco.com/site/prime-infrastructure/#

North bound Notification:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/administrator/guide/PIAdminBook/config_server_settings.html#82905

Your application needs to understand the SNMP Varbinds that Prime sends out. The definition of the MIB can be found in the following link.

https://software.cisco.com/download/release.html?mdfid=284540974&flowid=50202&softwareid=284272932&release=2.1&relind=AVAILABLE&rellifecycle=&reltype=latest

Look for Prime Infrastructure 2.1 North Bound Alarm MIB

CISCO-WIRELESS-NOTIFICATION-MIB.my

Here is the reference of all the alarms and events that are processed by incoming traps and syslogs by Prime

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-technical-reference-list.html

Q:20 Does Prime Infrastructure 3.x support classic view?

No. Classic view is no more supported from Prime Infrastructure version 3.0.

Q:21 What Database is used in Prime infrastructure?

Prime Infrastructure 3.0 runs on Oracle 11.2 database.

Prime Infrastructure 3.1 runs on Oracle 12.4 database.

Q:22 Do we have a list of Ports used in Prime Infrastructure ?

 The List of ports used by Prime Infrastructure can be found in the below link.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/guide-c07-731626.html#_Toc386763640

Q:23 Can I have access to Prime Infrastructure  server database?

No. Prime Infrastructure is a closed system. we don't provide direct access to the internal DB. There is a very rich set of REST APIs that provides access to data. You can get the documentation for the APIs from the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

Q:24 What Web server is being used by Prime Infrastructure ?

Prime Infrastructure 2.2 uses apache-tomcat-7.0.56 web server.

Q:25 Is it supported to have VMware tools on PI 3.1 ?Is it possible to install the newest VmWare Tools on the Cisco Prime 3.1?

VM tools come part of Prime Infrastructure OVA. Yes, you can install and actually it is recommended to not only update the VMware tools but also update the VM hardware version to the supported version based on host version.

 

Installation

 

Q:1 What are the System requirements for deploying Prime Infrastructure 2.2?

Prime Infrastructure comes with both Physical and Virtual appliance. Detailed specifications can be found on below link.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html

 Q:2 What are the system hardware requirements for prime Infrastructure 3.0?

Below are the hardware requirements of prime Infrastructure 3.0.

Requirement

Express

Express-Plus

Standard

Professional

VMware Version

ESXi 5.1 or 5.5

ESXi 5.1 or 5.5

ESXi 5.1 or 5.5

ESXi 5.1 or 5.5

Virtual CPUs 1

4

8

16

16

Memory (DRAM)

12 GB

16 GB

16 GB

24 GB

HDD Size

300 GB

600 GB

900 GB

1.2 TB

Throughput (Disk IOPS)

200 MB/s

200 MB/s

200 MB/s

200 MB/s

 

Q:3 Can I install Cisco Prime Infrastructure in HP ProLiant DL380e Gen8 server?

Bare metal installation isn't supported on any platform. The only supported option is to install VMware ESXi 5.0 on this HP server. So long as the server meets the requirements listed in the data sheet (http://www.cisco.com/en/US/products/ps12239/products_data_sheets_list.html),

You are free to install Prime Infrastructure on any server running ESXi 4.1 or 5.0.  You will need to know the total number of devices being managed in order to select the right OVA package to install.  Each OVA has different hardware requirements.

 Q:4 Can I install Prime Infrastructure 3.0 in Gen 1 Appliance?

No.User can’t install Prime Infrastructure 3.0 on Gen1 appliance. But there are plans to support Prime Infrastructure on Gen 1 Appliance via technology pack post Prime Infrastructure 3.0 release

Q:5 Does Prime Infrastructure Supports Microsoft Hyper V?

  Microsoft Hyper-V support is not available yet in Prime Infrastructure. Hyper V will be supported with PI 3.2 release FCS targeted for Mar 2017.

 Q:6 Is there any version of Prime Infrastructure that is supported on VMware vCloud Director? If not, are there plans to support it?

No, Prime Infrastructure works in a vCenter environment. PI is not supported in a vCloud Director environment. We do not support vCloud Director – we do not test that. There are no plans to test / officially support it.

 Q:7 How do I change user password in Cisco Prime Infrastructure ?

User can go to Administration > Users, Roles & AAA > Change Password to change their password

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/maint_user_access.html#pgfId-1129633

 Q:8 Will Prime Infrastructure work with VMWare vMotion?

Prime Infrastructure VM is just like any other standard VMware VM.So it will work with vMotion.

Q:9 How to customize the Express OVA of Prime Infrastructure in to Custom Express?

Follow the below link to customize the Express OVA.

Customizing Prime Infrastructure Deployment Based on Network    Sizes: https://supportforums.cisco.com/docs/DOC-37252

 Modifying Virtual Resources for Prime Infrastructure:  https://supportforums.cisco.com/docs/DOC-37253

Q:10 How to perform password recovery in Prime Infrastructure?

The below link has password recovery document for both physical and virtual appliance.

 http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-password-recoveries-list.html

Q:11 What are the licensing requirements to migrate from the PRIME appliance to a VM ?

There is no change in the licenses.  The customer would just need to download/deploy the virtual appliance (OVA). 

Q:12 How do I delete Cisco prime infrastructure 2.2 and reinstall Cisco prime infrastructure 3.0 on a Virtual  machine?

User need to delete the Prime Infrastructure 2.2 VM using the VSphere Client .Then he needs to create a new VM to deploy Prime Infrastructure 3.0 OVA.

Q:13 How to install Prime Infrastructure in FIPS mode?

Prime Infrastructure virtual appliance offers a “FIPS Mode” installation option. This option is intended for customers who require the products they use to be compliant with FIPS-140-2 standards.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-3/quickstart/guide/cpi_qsg.html#pgfId-110482

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/ServerHardening.html#pgfId-1022465

 Gen 2 Appliance

Q:1 Which Product ID should be chosen for Prime Infrastructure Gen 2 appliance?

 There was a typo in the data sheet and NCS EOL Notice  on the UCS appliance SKU name.

 

There is no part number as ‘PI-UCS-APL-P-K9’

 

Below are the correct part numbers for UCS based Gen 2 Prime Infrastructure Appliance.

 

PI-UCS-APL-K9: -This is for new installations.

PI-UCS-APL-U-K9: This is for upgrades from Gen1 to Gen 2.

Q:2 Does Gen 2 UCS appliance come preloaded with an OS and the Prime Infrastructure software?

Yes. UCS appliance is being shipped with Prime Infrastructure version 3.0 preloaded. Also user has an option to preload either v 2.2 or 3.0. When a customer buys the UCS appliance with Prime Infrastructure 3.0 pre-loaded, then they do not need to order the software again with the licenses.  They would just order the Base license and the corresponding Lifecycle, Assurance, and/or Datacenter licenses

Q:3 What are the hardware requirements for Prime Infrastructure Gen 2 appliance?

Hardware requirements of Gen2 appliance can be found in the below link.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/quickstart/guide/cpi_qsg.html

Q:4 Does the new Gen 2 hardware appliance (PI-UCS-APL-K9) come with any pre-installed licenses?

Prime Infrastructure Gen 2 Appliance comes with Cisco Prime Infrastructure Evaluation License which is valid for 60 days and 100 devices. You will have to order permanent Base, Lifecycle and other Licenses as per the customer requirements. Cisco Prime Infrastructure Ordering Guide (Slides 3, 4,5) may help you to order the physical appliance, Cisco Prime Software and the required Licenses for a new deployment.

http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-733532.pdf?mdfid=284422771

Licensing   

Q:1 Is there any evaluation/trial copy of Prime Infrastructure available to download? -

Yes. User can download the trial or evaluation version (Express OVA) of Prime Infrastructure software from www.cisco.com/go/nmsevals – Select “Cisco Prime Trial Downloads”.

The trial includes a Base license along with 100-device license for both Lifecycle & Assurance and 10-device license for Data center management valid for 60days. If the customer decides to purchase, then they can install the purchased licenses onto the trial system and move it into production.

Q:2 How to request / extend the trial license for Prime Infrastructure?

Send an email to ‘ask-pi-license-req@cisco.com’ with the below details.

  1. Customer’s CCO ID
  2. PI version
  3. Type of license(s) needed
    1. Device Management (Lifecycle /Assurance/both)
    2. UCS Server Management
      1. Physical Server - Number of UCS blades
      2. VM - Number of ESXi host
  4. Number of devices to manage (100 is default)
  5. Length of trail (60 days is default and 90 days is max)

Q:3 Where to view the licensing and ordering details of Prime Infrastructure?

You can get the ordering and licensing details of Prime Infrastructure in the below link

http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-735996.pdf

Q:4 How to request NFR license (Not for sale) for Prime Infrastructure?

NFR license is for partners and it is valid for 1 year with no cost. The NFR license can only be used in partner lab. Send an email with your Order Number, Company Name, and CCO ID to pi-nfr@cisco.com” to receive the NFR license file. Refer Cisco software store for more details.

Q:5 How to get the VUDI & Serial Number details of Prime Infrastructure server?

In Prime Infrastructure 1.X or 2.X, navigate to Administrationà Licenses to view the VUDI & Serial Number details.

In Prime Infrastructure 3.X, navigate to Administration / Dashboards / System Monitoring Dashboard/overview - You can find the VUDI and serial number under system Information

Q:6 Can I mix permanent and Evaluation license in Prime Infrastructure?

Temporary licenses can be mixed with Permanent licenses in a same server if they are of different types. (I.e. Perm Lifecycle with Temp Assurance or Temp data center).

It cannot be mixed in a same server if they are of same types. (I.e. Perm Lifecycle of 1000 plus Temp Lifecycle of 100).

Q:7 Is there any change in license consumption for switch stack in Prime Infrastructure 3.x?

Yes. Starting from PI 3.1.3, the licensing required for managing switch stacks has been changed and each switch in the stack will consume a license.

For customers who are upgrading from previous version to PI 3.1.3, grandfathered licenses will be generated. That means if they have switch stacks in inventory that are consuming 1 license per stack, then when grandfathering happens they will be given additional licenses to continue managing their inventory without any additional cost. This grandfathering only covers licenses purchased for PI v2.2 or older and only covers devices in inventory. Unused licenses are not covered.

Q:8 How a device is defined for License in Prime Infrastructure?

A device is uniquely identified through the assigned IP address and system object ID (SysOid) combination.However Prime Infrastructure does not consume license for below devices.

  • Wireless LAN controllers (WLCs),
  • Autonomous Access Points
  • Adaptive Security Appliance (ASA Firewall)
  • Voice Gateway devices
  • Meraki Access Point
  • Aruba and Third Party devices.

Q:9 Customer with an LMS 4.2.5 currently out of maintenance. How to renew the support contract?

LMS 4.2.x is not directly supported. It is supported via PI 2.x or PI 1.x support only.

 

So, if they have support on PI 1.x or 2.x then they can call in to use LMS 4.2.

They cannot add support for LMS 4.X or any LMS directly.

Q:10 Customer has LMS 4.2.3.What SKU the customer should order for upgrade to PI 3.1?

There is no upgrade available if it is bought via Prime Infrastructure.

LMS 4.2 Licenses couldn't have been purchased independently and could only be purchased by purchasing PI 1.x (where x <>0), PI 2.x.

Customers purchasing PI 1.x (where x <> 0), PI 2.x get PI licenses and LMS 4.2 licenses (provided as a shadow or duplicate license). Hence these LMS licenses cannot be again converted to PI licenses since it would amount to “double dipping”.

Q:11 Is there any migration path available from WCS 7.x to PI 3.X?

The Upgrade path is WCS 7.x à PI 2.X à PI 3.X

WCS migration licenses will work only on PI 2.2.

If there is no valid support contract, then Customer need to purchase upgrade SKUs from WCS to PI 2.X “R-W-PI2X-U-K9“. Refer Page No 37 in PI 3.x ordering and Licensing guide

If the customer has valid support contract, then they can perform free upgrade via PUT tool. Refer Page No 63 in PI 3.x ordering and licensing guide

For WCS, if you have a customer that has an active support contract, then they are able to upgrade to PI via PUT.  This will get them access to PI v2.2.  However, WCS support does not cover support for PI going forward. Customer need to cancel the WCS contract and have support purchased against the PIDs provided through PUT.  Once the customer has an active SWSS contract on PI v2.2, then the customer will have access to upgrade to PI v3.x.  However, the upgrade from PI 2.x to 3.x is not done via PUT.  The customer will just go to software.cisco.com and download the upgrade from there.  Their CCO ID will need to be associated with the corresponding SWSS contract for them to have the necessary entitlement.

 

Q:12 How to migrate from NCS 1.x to Prime Infrastructure 3.x?

The Upgrade path is NCS 1.X à PI 2.X à PI 3.X

If there is no valid support contract, then customer need to purchase upgrade SKUs from NCS to PI 2.X “R-P-MGMT3X-U-K9“. Refer Page No 87 in PI 3.x ordering and Licensing guide

If the customer has valid support contract, then they can download PI 3.0 software and install with free of cost.

With backup and restore of the NCS data, the licenses automatically migrate from NCS 1.x to PI 2.2.If the customer is doing a fresh installation of PI 3.0, they can copy the licenses from legacy systems and install them on PI 3.x.License re-host is NOT required. The NCS 1.x licenses all work on PI 3.0. License files are located in the /opt/CSCOlumos/licenses directory on your system.

Q:13 How do I upgrade from NCS 1.x to Prime Infrastructure 3.x and maintain all data that I have in the current system?

Please find below the steps.

Step 1 - Inline upgrade NCS 1.1.1.24 -> PI 2.0 – (documented in PI 2.0 Quick start Guide)

Step 2 - Inline upgrade PI 2.0  -> PI 2.1 – (documented in PI 2.1 Quick Start Guide)

Step 3 - Non-inline upgrade to PI 2.2 (documented in PI 2.2 Quick Start Guide)

Step 4 - Take Application backup of PI 2.1

Step 5 - Perform clean install of PI 2.2

Step 6 - Restore application backup from PI 2.1 on the PI 2.2 system

Step 7 – Perform Inline upgrade to PI 3.0

Q:14 I have PI 1.x with no support contract. How can I upgrade to PI 3.x?

If there is no valid support contract, then customer need to purchase upgrade SKUs for upgrading from PI 1.x & PI 2.X to PI 3.x( “R-P-MGMT3X-U-K9“).Refer Page No 87 in PI 3.x ordering and Licensing guide

Q:15 With valid support contract. What is the migration path to upgrade to PI 3.1 from Prime Infrastructure 1.x / 2.x?

If the customer has active support contract, then no license purchase is required. They can download PI 3.X software and install with free of cost.

With backup and restore of the PI 1.x / 2.x data, the licenses automatically migrate from PI 1.x / 2.x to 3.x.If the customer is doing a fresh installation of PI 3.0, they can copy the licenses from legacy systems and install them on PI 3.x. License re-host is NOT required. PI 1.x / 2.x licenses will work on PI 3.x server. License files are located in the /opt/CSCOlumos/licenses directory on your system.

Q:16 What is Enterprise management License? What does it include?

Cisco Enterprise Management 3.x License (R-MGMT3X-N-K9) includes licenses to manage Cisco Prime Infrastructure 3.x (PI 3.x) and the Cisco APIC-EM (solution apps – for instance, the Cisco IWAN app).

APIC-EM solution app licenses are right to use (RTU). Therefore, no separate license files. APIC-EM controller software and basic apps and services (for example, PnP, PKI, topology, inventory) are offered free of charge.

Q:17 When re-hosting of license is required in Prime Infrastructure?

Licenses installed on PI 2.1 system (both virtual & physical) or older are node locked licenses. For moving these licenses to a new system (node locked), you need to contact Cisco Licensing team (licensing@cisco.com) and request them to re-host the license.   

Q:18 How to split the licenses between 2 Prime Infrastructure servers?

There is no option to split licenses. However, if customer has multiple license files, then they can deploy the individual license files on separate systems as long as each system has its own Base License. From Cisco Prime Infrastructure 2.2 the licenses are no node locked. So you can move the licenses across different servers without the need for re-hosting the licenses. In case, if the customer does not have base licenses for the second system then he must purchase the base license.

In case if the customer is running prior versions of Cisco Prime Infrastructure (2.1 or older) and if you want to move your licenses to a different server, then send an email to licensing@cisco.com requesting a re-host for your licenses. You can then apply the re-hosted licenses to the new server.

Q:19 What is the process to combine the licenses from 2 separate Prime Infrastructure instances into one PI server?

Prime Infrastructure licenses are “additive”. Therefore, you can apply the licensing to the same system.

It depends on the Prime Infrastructure version, which is running on both servers. If both the servers are running PI 2.2 or later, then the licenses are “No node locked”. Therefore, you can apply the license from the second server to the first one. If they are running PI 2.1 or older, then the licenses are Node locked. You need to re-host the licenses to move it to other server. You need to contact the licensing team for that.

Q:20 Can I move license across Virtual Appliance and Physical appliance?

Yes. You can move and no need for any additional licenses, they can use the same licenses in physical appliance also.

Q:21 Is it necessary to re-host the licenses when upgrading from PI 2.1 to 2.2 ?

No. No need to re-host any license (Lifecycle or Assurance) when you upgrade from PI 2.1 to PI 2.2. It is required only if you upgrade from 1.4.x to PI 2.2. When upgrading Prime Infrastructure 1.4.x to 2.2, assurance data is not migrated. Your Assurance license needs to be re-hosted when you migrate from Prime Infrastructure 1.4 to 2.2.

Q:22 Do I need to purchase new license when moving from NCS appliance to PI virtual appliance?

You can use the same license in Virtual PI as well when you migrate from NCS appliance. It is supported. If it is PI 2.1 or older then re-hosting of license is required since the licenses are node locked.

Q:23 Is it possible to migrate the licenses from Gen 1 Appliance (running PI 2.2) to a PI 3.0 Virtual Machine?  

Backup of Gen1 Appliance running PI 2.2  can be restored on PI 3.0 virtual appliance .With backup and restore, the licenses will be migrated automatically. Please ensure that new host has the same or higher hardware configuration as the host from which the backup was taken. Refer below link from admin guide for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1055531

Q:24 Can I migrate the licenses from Gen 1 appliance to Gen 2?

Yes. Customer no need to buy new licenses. They just need to buy a Gen 2 appliance and restore the backup taken from Gen 1 appliance. With Backup and restore, the licenses will be migrated automatically.

Q:25 How to migrate the licenses from Gen 1 appliance running PI 1.3 to Gen 2 appliance with PI 3.1 ?

No need to re-host the licenses. PI 1.x licenses will work on PI 3.1 server.

Q:26 How to add capacity to the existing Prime Infrastructure server?

You can buy additional device licenses .Prime Infrastructure 3.x ordering and licensing guide has all SKUs and their services component.

http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-733532.pdf

Q:27 Is it necessary to purchase base license when adding capacity to the existing PI servers?

No. One base license for each Prime infrastructure server deployment. Base and HA license not required when adding capacity to existing PI servers.

Q:28 What are the different types of licenses in Prime Infrastructure 2.x?

Base License: A Base license is required for each instance of Prime Infrastructure, and is a prerequisite for all other license types.

Lifecycle License: Regulates the total number of devices under Prime Infrastructure management.

Assurance License: Regulates the total number of NetFlow devices under Prime Infrastructure management.

Collector License : Regulates the total number of NetFlow data flows per second that Prime Infrastructure can process .If you want to increase the flow to 80K flows per second then you need to purchase collector license.

Data Center Server license: Regulates the number of blade servers being managed by UCS device(s) in Prime Infrastructure. The license count matches the number of blades or rack units associated with any UCS device.

Datacenter licenses are specific only to UCS devices (Blade count). Other Data Center devices, such as Nexus switches and MDS devices are managed using a normal Lifecycle license.

Data Center Hypervisor license: Regulates the total number of host(s) managed by Prime Infrastructure management. This license manages Discovery Sources (Vcenters) in Prime Infrastructure. This license type was introduced with Prime Infrastructure version 3.0.

High Availability RTU license: This is required for High availability deployments.

Plug and Play RTU license: This is required for Plug and Play Zero touch deployment

Operation Center license: This is required to deploy multiple instances of Prime Infrastructure.

Q:29 What are the different types of licenses in Prime Infrastructure 3.x?

Base License: A Base license is required for each instance of Prime Infrastructure, and is a prerequisite for all other license types.

Enterprise Management License: Includes both lifecycle and assurance license. Prime Infrastructure 3.x enterprise management license includes licenses to run Prime Infrastructure and APIC EM applications (Basic and Solution Apps)

Collector License : Regulates the total number of NetFlow data flows per second that Prime Infrastructure can process .If you want to increase the flow to 80K flows per second then you need to purchase collector license.

Data Center Server license: Regulates the number of blade servers being managed by UCS device(s) in Prime Infrastructure. The license count matches the number of blades or rack units associated with any UCS device.

Datacenter licenses are specific only to UCS devices (Blade count). Other Data Center devices, such as Nexus switches and MDS devices are managed using a normal Lifecycle license.

Data Center Hypervisor license: Regulates the total number of host(s) managed by Prime Infrastructure management. This license manages Discovery Sources (Vcenters) in Prime Infrastructure. This license type was introduced with Prime Infrastructure version 3.0.

High Availability RTU license: This is required for High availability deployments.

Plug and Play RTU license: This is required for Plug and Play Zero touch deployment

Operation Center license: This is required to deploy multiple instances of Prime Infrastructure.

Q:30 When user should purchase collector license?

By default, a standard netflow collector is included with PI 3.x enterprise management license that supports up to 20,000 flows per second.  If you want to handle more than 20K flows per second then you need collector license (L-MGMT3X-N-CL).Collector License is applicable only for PRO ova and Gen 2 UCS appliance. Prime Infrastructure can support up to 80K flows

Q:31 How can I identify how many licenses are consumed? Prime Infrastructure 3.x?

In Prime Infrastructure 3.x, navigate to Administration / Licenses and Software Updates / Licenses to view the license consumption based on license type

Navigate to Administration / Dashboards / Licensing Dashboard to view license consumption based on device type.

Q:32 Where the licenses stored in PI server?

Prime Infrastructure license files are located in the /opt/CSCOlumos/licenses directory in Prime Infrastructure instance.

Q:33 Does the secondary Prime Infrastructure server require any license to operate in HA?

No. Only one Prime Infrastructure server license needs to be purchased. The secondary server will use the synchronized license from the primary server.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/deployment_guide_c07-721232.html#_Toc363680266

Q:34 Do I need to order any separate SKU for managing third party device?

Third party devices does not consume any license in Prime Infrastructure.

Q:35 Is there any list of devices that does not consume license in Prime Infrastructure?

Yes. Below are the list of devices that does not consume license in Prime Infrastructure.

  • Wireless LAN Controller (WLC)
  • Autonomous Access Point (AAP)
  • Adaptive security Appliance ( ASA)
  • Voice gateway devices
  • Meraki and Aruba controllers and access points.

Q:36 Do I need to buy a license to manage NAM in PI?

No. NAM (both physical & Virtaul) does not consume any license in Prime Infrastructure.

Q:37 When grandfathering will happen for Prime Infrastructure legacy licenses?

Grandfathering policy has been implemented from 3.1.3 & above software update. The purpose of the policy is to allow customers to continue managing the same inventory in 3.x as they did in 2.x without additional cost.

As a small example, if you had 2 Nexus 7K devices being managed in PI v2.x using 2 licenses, then upgrade to PI 3.1.3 and now system needs 14 tokens to manage the same 2 Nexus 7K devices, then Cisco will provide the additional 26 licenses to the customer at no cost. 

The only limitation for this is that only licenses purchased for PI 2.2 or older will be covered under this grandfather policy.

For unused older 2.x licenses, those will not be touched and will continue to be available and customer will get 1 token after 3.1.3 for that licenses. However, no grandfathering will be applied to these unused licenses.

Q:38 Where to see and how to validate whether grandfathering policy has been applied on his server or not?

Navigate to Administration > Licensing Dashboard.

After grandfathering is activated the consumption model changes. At that point, different devices consume different number of TOKENs as per the Tokens to license mapping table in page no: 93 in PI 3.x ordering and Licensing guide

The Licensing dashboard will show the number of grandfathered tokens generated for all type of managed devices. If it is zero that means grandfathering did not happen.

Q:39 What customer need to do if grandfathering did not happen?

If grandfathering did not happen, then customers need create a table showing:

-           # of Devices and Types (25 3Ks e.g) managed prior to upgrading to 3.1.2 and those managed after upgrading to 3.1.2

-           # of Licenses (PI 2.x or 1.x licenses) they were using

-           # of Grandfathered TKNs generated (if any)

-           # of Grandfathered TKNs shortage

Once you have all the above information, you need to send an email to 'ask-pi-license-req' alias. Shortage of Grand Fathered tokens will be issued.

Q:40 What is the reason for grandfather tokens not getting generated after upgrading to PI 3.1.3 /3.1.4 ?

Grandfathering may not happen if customer did a fresh install of the PI 3.1.3 / 3.1.4 and got the licenses re-issued and installed them on PI.

Also Grandfathered licenses are not automatically generated for APs, Cat 2Ks, 3Ks, ISR 1K, 800 Ser, CSR Routers.

Q:41 How many licenses needs to be ordered to manage UCS servers?

You have to order UCS server license (L-MGMT3X-US-K9) based on number of UCS blades.

Q:42 How many licenses I need to order for data center VM management?

You need to order UCS VM license (L-MGMT3X-UV-K9) based on number of ESXi hosts.

Q:43 What are the licenses that needs to be purchased for Ops center?

Operation Center server license needs to be ordered along with Operation center base license.

L-MGMT3X-OC-B - Cisco Enterprise Management PI 3.x Operation center Base license.

L-MGMT3X-OPRCTR-1 - Cisco Enterprise Management PI 3.x Operation Center, 1 Server License

You need to select the quantity based on the number of PI instances you are going to manage using Operation Center.

Q:44 Customer has purchased Cisco ONE License. What part codes should be purchased for Prime Infrastructure?

Yes. If you have purchased Cisco ONE license for your devices, then you can manage it in Prime Infrastructure without any additional license.

However, you have to purchase the Prime Infrastructure SKUs (base & Software) and corresponding services for both physical and virtual deployment of Prime Infrastructure.

Part Number

Description

R-MGMT3X-N-K9

Cisco Ent MGMT: Lic For PI 3.x And APIC EM Solution Apps

R-PI31-SW-K9

Prime Infrastructure 3.1 Software

L-MGMT3X-PI-BASE

Cisco Ent MGMT: PI 3.x Platform Base Lic

 

Q:45 How to add assurance license when a customer has already migrated their lifecycle licenses from PI 2.x to PI 3.x?

If a customer is looking to add Assurance license to PI 3.0 server, which has Lifecycle license only, then Assurance specific licenses need to be purchased and used. These are available under R-PI2X-K9 àAssurance.

Look for the PIDs with “-P” at the end and these PIDs are discounted (50% off).

 

Item Name

Description

R-PI2X-K9

Cisco Prime Infrastructure 2.x

L-PI2X-AS-100-P

Prime Infrastructure 2.x - Assurance - 100 Device Lic (Prom)

L-PI2X-AS-10K-P

Prime Infrastructure 2.x - Assurance - 10K Device Lic (Prom)

L-PI2X-AS-15K-P

Prime Infrastructure 2.x - Assurance - 15K Device Lic (Prom)

L-PI2X-AS-2.5K-P

Prime Infrastructure 2.x - Assurance - 2.5K Device Lic (Prom

L-PI2X-AS-25-P

Prime Infrastructure 2.x - Assurance - 25 Device Lic (Prom)

L-PI2X-AS-50-P

Prime Infrastructure 2.x - Assurance - 50 Device Lic (Prom)

L-PI2X-AS-500-P

Prime Infrastructure 2.x - Assurance - 500 Device Lic (Prom)

L-PI2X-AS-5K-P

Prime Infrastructure 2.x - Assurance - 5K Device Lic (Prom)

L-PI2X-AS-1K-P

Prime Infrastructure 2.x - Assurance - 1K Device Lic (Prom)

 

Q:46 If a customer has PI 2.x with 1000 Lifecycle licenses and then they upgrade 3.x, do they have access to 1000 PI Lifecycle and Assurance licenses or do they just have the 1000 Lifecycle licenses?

Customers with Life cycle license only, will have the same life cycle license alone when they are migrating from PI 2.x to PI 3.X.They will not get equivalent assurance licenses.

Q:47 Does the customer need to buy any special license in PI 3.x to enable compliance feature and to generate the compliance reports?

No. Compliance feature and Compliance reports does not require a license.  It is available with the standard Enterprise license.

Q:48 How to order the licenses if the customer does not know the type of devices models?

If the customer does not know the mix of network device type that their PI will manage, then the recommendation is to purchase 130 tokens for every 100 devices.

Q:49 Is it strictly enforced to use PI 3.X device type license for same device? Can’t we use it for other devices?

All device type based license are converted in to Tokens internally. Therefore, Cat 2K licenses can be used to manage Cat 3K device since both switches consume1 Token as per tokens to license mapping table in PI 3.x ordering and licensing guide.

Q:50 What license SKU I need to order to manage SMB (300/200/500) switches in Prime Infrastructure?

For SMB switches user can choose 1 TOKEN / Device (L-MGMT3X-TKN-K9=) or you can use the license SKU of Cat 2K or 3K( L-MGMT3X-2K-K9 or L-MGMT3X-3K-K9).

Q:51 What license SKU I need to choose to manage a IE switch in Prime 3.0? 

For IE switches you can use 1 TOKEN / Device (L-MGMT3X-TKN-K9=) or you can use the license for 2K or 3K switches.(L-MGMT3X-2K-K9 or L-MGMT3X-3K-K9 )

Q:52 Does an MDS 9148 consume the same number of tokens as a Nexus 5K ? 

No. To manage MDS switches you need to order 5 tokens (L-MGMT3X-TKN-K9)

Q:53 What PI 3.X license SKU is required for IR809 management?

For IR 809 Industrial ISR, you can either choose the SKU " L-MGMT3X-800SR-K9 " or you can purchase 1 token "L-MGMT3X-TKN-K9" per device.

Q:54 What license customer should purchase for ME switches?

For ME Switches you can purchase one TOKEN (L-MGMT3X-TKN-K9=) per switch.

Q:55 How to renew the expired support contract in Prime Infrastructure?

  • Customers with expired support contract or with no support contract can use upgrade licenses to upgrade from one version of PI to later versions of PI software and attach support contract.
  • Customers are strongly encouraged to attach Support Contract when purchasing Upgrade licenses.
  • No License files will be issued as part of the purchase of Upgrade part numbers or purchase of support on older part numbers
  • The existing licenses on their current PI servers will work with the later versions of PI software
  • Upgrade licenses can only be purchased by customers who have purchased the full product licenses in the past (e.g. Customers with PI 1.x licenses can purchase PI 1.x to PI 2.x upgrade licenses)
  • Upgrade licenses purchased must have matching licenses in terms of device count on earlier versions
  • (e.g. Customers with 25 device Lifecycle license on PI 1.x can only purchase 25 device upgrade license)
  • If the customer is already upgraded to the latest version and if he want to renew the support contract, then they can purchase the support SKUs alone without purchasing the upgrade SKUs.

 

Q:56 How to migrate from LMS 2.x /3.x to Prime Infrastructure 3.x?

LMS 2.x and 3.x customers cannot use PUT. Upgrade path is available via PI 2.x.They must purchase LMS to Prime Infrastructure 2.x migration license (R-L-PI2X-U-K9 )and then upgrade to Prime Infrastructure 3.x.

Q:57 What PI 3.x license SKU required for CGR routers?

If you do not see the exact device type in CCW, then you can select one of the same category and it will work.
CGR devices are similar to ISRG2.So you can use the same license or token count used  for ISR 1K and ISR 2K
For CGR 2000 series, select the license SKU for ISR 2K (L-MGMT3X-ISR2-K9) or 2 tokens (L-MGMT3X-TKN-K9=)
For CGR 1000 Series, select the license SKU for ISR 1K (L-MGMT3X-ISR1-K9 ) or 1 token.

Q:58 Is it mandated for the customer to order services on tokens received in Prime 3.1 through the grandfathering process? 

No. From a SWSS perspective, the customer needs support on all purchased licenses.  However, any licenses received through the Grandfathering process do not require support as they were given to the customer to account for the change in licensing from when they originally purchased.

Q:59 What is Base, lifecycle and assurance license in Prime Infrastructure and what features you get with these different licensing options?

License Type

Description

Dependencies/Requirements

 

Base

 

 

Lifecycle

 

 

 

 

 

 

Assurance

 

 

 

 

 

 

BASE licenses are used to track legally compliant PI instances.

 

 

Supports lifecycle management feature set which includes discovery, inventory, configuration management, image management, compliance and reporting.

 

 Supports the Cisco® Prime Infrastructure assurance management feature set, which includes end-to-end application, network, and end-user experience visibility, multi-NAM management, and monitoring of WAN optimization. This license type is based on the number of devices where NetFlow has been enabled.

One base license is required for each instance of Prime Infrastructure

 

Requires Base license and should be equal to total number of devices managed.

 

 

Requires a Base license and Associated Lifecycle License

(Number of Lifecycle licenses can be greater than the number of Assurance Licenses but not the other way around) We suggest that you match the quantities of Assurance and Lifecycle licenses (for all devices in which assurance is supported).

 

60.What are the different storage options available for ordering PI-UCS-APL-K9?

HDD and SSD options are available to order. HDD is recommended one and  there are no performance issues with it. The SSD option is only there for customers who need optimum performance. If the customer needs optimum performance and is willing to pay for it then they can choose it.

 Storage Options

HDD -->PI-UCS-H900G10K12G 

SSD -->PI-UCS-SD960GBKS4 

Upgrade

 

Q:1 Is there any migration path from Prime Infrastructure 1.4.x to 2.2?

User can’t perform in-line upgrade from Prime infrastructure 1.4.x to Prime Infra 2.2. User need to back up the database and restore it after fresh install of Prime Infrastructure 2.2.All the licenses will get migrated by default except assurance license.

Q:2 Is there any document available for Cisco Prime Infrastructure 1.3 to 2.1 migrations?

  PI 2.1 Quick Start Guide provides the necessary steps to upgrade from 1.3 to 2.1.

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/quickstart/guide/cpi_qsg.html#pgfId-56675

Q:3 How do we upgrade from previous versions of NCS to Prime Infrastructure 2.2?

"In-line upgrade" is not supported for Prime Infrastructure v2.2. Customers running previous versions of NCS should upgrade to either Prime Infra v1.4 or Prime Infra v2.1 and then need to Backup and Restore after the fresh installation of PI 2.2

 Supported upgrade paths can be found on below links

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-113783

Q:4 What are the minimum WCS versions supported for Prime Infrastructure upgrade?

User can find the supported WCS versions in the below link.

http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#91799

Q:5 Major Upgrade from LMS 2.x/3.x to Cisco Prime Infrastructure 2.x. Is HUM upgraded with this upgrade or not?

Yes, HUM is completely integrated in LMS 4.x. LMS is currently bundled along with Cisco Prime Infrastructure.  Cisco Prime Infrastructure supports inbuilt health monitoring feature.

 Q:6 How will be the upgrade process look like, going from prime Infra 1.3 to 2.2?

  An "in-line upgrade" is not supported for Prime Infrastructure v2.2.  Customers on v1.3 need to first upgrade to either prime Infra 1.4 or 2.1.User need to do fresh install of PI 2.2 and then backup and restore.

 Q:7 How can we upgrade to Cisco Prime Infrastructure 2.1.1 from 2.1?

It is a patch that needs to be installed on top of Prime Infrastructure 2.1

It is available in cisco.com under below link.

Downloads Home > Products Cloud and Systems Management > Routing and Switching Management> Network Management Solutions > Cisco Prime Infrastructure >Cisco Prime Infrastructure 2.1 >Prime Infrastructure Patches-2.1.1

 Q:8 Google announced that they were “expiring” their chrome plug-in for IE. Customer has IE as the standard,. Now that it is expiring, are there plans to support Native IE moving forward?

Yes, Native IE support is available in Prime Infrastructure 2.2.

Q:9 Can I upgrade from Prime Infrastructure 1.4 to 2.2?

  An "in-line upgrade" is not supported for PI v2.2.  Customers on v1.4 and need to back-up their database, install a new instance of PI 2.2 (virtual or hardware appliance) and then restore the database to the Prime Infra 2.2 system.

Q:10 What is the upgrade path to Cisco Prime Infrastructure 2.2 from NCS 1.1.2.12 ?

Refer to the PI 2.2 release notes for info on upgrading from NCS 1.1.2.12 to PI 2.2.

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/release/notes/cpi_rn_13.html#wp73605

which also references this document:

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.3/software/advisory/Software_Advisory_CPI_1_1_2_and_1_1_3.pdf

 Q:11 Do we support upgrading the FIPS version of NCS to PI 2.x?

Certain versions of NCS are FIPS-certified such as 1.1.3.2. NCS 1.1.1.24 for example is not FIPS-certified.

It was not possible to upgrade from the FIPS-certified versions of NCS 1.1 to PI 2.2.User need to first upgrade to either prime Infrastructure 1.4 or 2.1 and back-up their database. Then install a new instance of Prime Infrastructure 2.2 (virtual or hardware appliance) and then restore the database to the 2.2 system.

 Q:12 Is there a migration path for WCS older versions (WCS version 4.2)or do they need to order Prime Infrastructure as a new user?

To upgrade/migrate from WCS 7 to PI 2.2, you need to first do an intermediate upgrade from WCS 7 to NCS 1.1 and then upgrade to Prime Infra 1.4.Then need to complete the below mentioned process.

The details are found in the following references.

Step 1 - Install NCS 1.1.1.24:

 Step2-Export WCS data and migrate to NCS: http://www.cisco.com/en/US/docs/wireless/ncs/1.1/release/notes/NCS_RN1.1.1.html#wp83675

The ncs migrate command is available in NCS 1.1.

 Step 3 - Upgrade to PI 1.4:

http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-4/quickstart/guide/cpi_qsg_1_4.html#pgfId-56675

 Step 4 – Upgrade to PI 2.2:

User need to do fresh install of PI 2.2 and then backup and restore.

 

Q:13 Customer wants to upgrade an LMS 3.2 system to PI 2.x. for 11500 devices. In CCW when you want to quote the upgrade using the major upgrade sku, you can only select one upgrade package, in this case for 10.000 devices.   How do I quote the extra 1500 devices?

LMS 3.x was only offered in a few fixed sizes, so the available LMS 3.x to PI upgrade SKUs correspond to those sizes.  If they have 11500 licenses total, then they must have bought two copies of LMS 3.x …one for 10K and another for 1.5K.  So you would need to order the top level SKU R-PI12-UP-K9 twice….in one case order the 10K option and in the second case order the 1.5K option.

The customer will be able to decide if they want to deploy two PIs…one with 10K and another with 1.5K or they can deploy a single PI and add all the licenses together for 11.5K total.

 Q:14 Why In-line Upgrade is not possible in Cisco Prime infrastructure 2.2?

  Since Cisco Prime Infrastructure 2.2 has upgraded OS platform and Updated Oracle database, in-line upgrade is not possible. Recommended upgrade is through backup and Restore only.

 Q:15 Is Backup from 2.2-beta restorable to 2.2 FCS?

  Restoring backup from 2.2 Beta to 2.2 FCS build is tested and should work for the customer to migrate from the Beta to 2.2 FCS

 Q:16 Will a database from Medium OVA 1.3 deployment, after upgrade to 2.1.0.0.83 and backup, work on a PI release 2.2 in “Standard”-option?

The Medium OVA can move to the Standard option for Prime Infrastructure 2.2.  Below are the mappings.

The Express option replaces the Medium and Small options supplied in previous versions of Prime Infrastructure.

The Standard option replaces the large option supplied in previous versions of Prime Infrastructure.

The Pro option replaces the Extra Large option supplied in previous versions of Prime Infrastructure.

 Q:17 How to upgrade the hardware appliance of prime Infrastructure to 2.2 version?

Please refer below detailed steps to proceed on upgrading your Hardware Appliance

 http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1080307

  1. Take Application backup from Appliance 1 running any of the older versions supported (PI 1.4.x or PI 2.1.x)
  2. Install PI 2.2 on Appliance 2 (as clean install)
  3. Restore older version PI application backup from Appliance 1 to Appliance 2 now running Prime infrastructure 2.2.                                                                         

 Q:18 How to upgrade from LMS 4.1 to PI 2.2. What is the best way to do this?

PI 2.2 support migrating data from LMS 4.2.4 release only. Please refer the below link for more details.

 http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/ManageData.html#pgfId-1055763

Q:19 How to Upgrade to Prime Infrastructure 2.2 from 2.1 in HA environment?

PI 2.2 upgrade is supported only using restore of an earlier supported version 1.4 or 2.1.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-113783

User need toinstall a fresh PI 2.2 server and restore the backup taken from PI 2.1 on it.then user need to bring up secondary server in parallel in HA configuration. Once, primary server is restored with PI 2.1 backup, user can initiate the sync between primary and secondary servers.

Document to restore prior versions on PI 2.2 available in the below link: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1126997

Q:20 How to Upgrade to Prime Infrastructure 3.0 from Prime Infrastructure 2.x?

Starting from Prime Infrastructure v 2.2.x,user can perform inline upgrade to Prime Infrastructure 3.0.Customers using previous versions of cisco prime Infrastructure like PI 2.0.x, PI 2.1.x first upgrade to PI 2.2.x using backup and restore and then perform Inline upgrade to Prime Infrastructure 3.0.

Refer the below link on Prime Infrastructure 3.0 Quick start guide.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/quickstart/guide/cpi_qsg.html#pgfId-113783

Q:21 What is the migration path from Prime Infrastructure 1.x to Prime Infrastructure 3.0?

Prime Infrastructure 3.0 supports restoring from backup only for versions 1.4.x and 2.1.x. Customers using Prime infrastructure v1.x must upgrade to either 1.4.x or 2.1.x and you should backup your data and restore it to the server running Prime Infrastructure 3.0.

Refer the below link on Prime Infrastructure 3.0 Quick start guide.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/quickstart/guide/cpi_qsg.html#pgfId-113783

Q:22 What is the best way to migrate data from LMS to Cisco Prime Infrastructure 3.0?

Cisco Prime Infrastructure 3.0 supports data migration from Cisco Prime LAN Management Solution (LMS) version 4.2.4 on the Windows NT, Solaris and Linux platforms. The following LMS data can be imported into Prime Infrastructure using the CAR CLI:

Device Credential and Repository (DCR) Devices

Static Groups

Dynamic Groups

Software Image Management Repository Images

User Defined Templates (Netconfig)

LMS Local Users

MIBs

Q:23 Is there any migration path available from WCS to Prime Infrastructure 3.0?

There is a migration path available from WCS version 7.0.To upgrade/migrate from WCS 7 to PI 3.0, you need to do an intermediate upgrade from WCS to NCS 1.1.1.24.

Please find below the steps. The details are found in the following references.

Step 1 - Install NCS 1.1.1.24:

Step2 - Export WCS data and migrate to NCS: http://www.cisco.com/en/US/docs/wireless/ncs/1.1/release/notes/NCS_RN1.1.1.html#wp83675

Step 3 - Inline upgrade NCS 1.1.1.24 -> PI 1.4.x– (documented in PI 1.4 Quick start Guide)

Step 4 - Perform clean install of PI 3.0

Step 5 - Restore application backup from PI 1.4.x on the PI 3.0 system

Note: It is not recommended maintaining data when upgrading from WCS to Prime Infrastructure 3.0. While it is possible, there have been incidents where database corruption has happened, optimization is impacted, etc. So if the customer is willing to maintain the database, then they can do as noted above, but the appropriate and recommended way is starting with a fresh Prime Infrastructure database.  By doing this Customers can import their WCS heat maps in to prime Infrastructure 3.0

Q:24 How can we migrate to Prime Infrastructure 3.0 from previous versions of NCS?

There is a migration path available from NCS 1.1.1.24.

Follow the below steps for migrating to Prime infrastructure 3.0.

Step 1 - Inline upgrade NCS 1.1.1.24 -> PI 1.4.x– (documented in PI 1.4 Quick start Guide)

Step 2 - Perform clean install of PI 3.0

Step 3 - Restore application backup from PI 1.4.x on the PI 3.0 system

Q:25 Do we support upgrading the FIPS version of NCS to Prime Infrastructure 3.0?

No.It is not possible to upgrade from the FIPS-certified versions of NCS 1.1 to Prime Infrastructure 3.0.

Q:26 How to Upgrade to Prime Infrastructure 3.0 from 2.2 in HA environment?

In-line upgrade is available from Prime Infrastructure v2.2 to Prime Infrastructure 3.0. http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/quickstart/guide/cpi_qsg.html#19365

User need to disable HA first. Then perform inline upgrade to Primary Prime Infrastructure server. Perform inline upgrade to secondary Prime Infrastructure server. Then user needs to bring up secondary server in parallel in HA configuration. Once, primary server and secondary servers are inline upgraded, user can initiate the sync between primary and secondary servers.

Q:27 Is it possible to downgrade Cisco prime infrastructure 3.0 to Cisco prime infrastructure 2.2 using the CLI method?

There is no “downgrade” option available for Cisco Prime Infrastructure and it is not recommended to do.

Q:28 What are the supported versions of Prime Infrastructure to perform inline upgrade to Prime Infrastructure 3.0?

User can perform inline upgrade to Prime Infrastructure 3.0 form the below versions.

Prime Infrastructure v 2.2

Prime Infrastructure v 2.2.1

Prime Infrastructure v 2.2 with Wireless Technology pack

Prime Infrastructure v 2.2.1 with Data Center technology pack.

Prime Infrastructure v 2.2.2

Prime Infrastructure v 2.2.3

Prime Infrastructure v 2.2.3 with Wireless Technology pack

Prime Infrastructure v 2.2.3 with Data Center Technology Pack

Prime Infrastructure v 2.2.3 with both wireless technology pack and Data Center technology pack.

Q:29 How to upgrade to Prime Infrastructure 3.0 from LMS 4.2 with valid support contract?

   If the customer has valid support contract (SWSS / SASU ) on LMS 4.2, then they can upgrade to PI 2.2 and purchase associated SWSS SKUs on PI 2.x.Once they are on PI 2.2 (With SWSS / SASU on PI 1.x / 2.x), they can upgrade to PI 3.x directly at no cost.

Backup & Restore

 

Q:1 What are the different Backup/Restore options in Prime Infrastructure?

There are two types of backups, full and application only.

Full Back up: This will back up the application as well as the appliance configuration.

Command Example: backup myBackup repository myRepo

Application Only backup: This will only backup the PI application data.

Command Example: backup myBackup repository myRepo application NCS

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/backup_restore.html

 

Q:2 How can I schedule automatic backups in Prime Infrastructure 2.x?

User can schedule regular application backups through the Prime Infrastructure user interface. This method ensures that, time- and processor-intensive backup processes occur at relatively low-traffic periods of the day. Choose

Administration > Background Tasks or Click NCS Server Backup.

 http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1145170

Q:3 What data can be restored from backup of Cisco Prime Infrastructure 3.0?

In cisco Prime Infrastructure, /opt/CSCOlumos/conf/Migration.xml directory contains all configuration files and reports that are backed up.

Refer the below link to know what data can be saved and restored by Prime Infrastructure.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1133475

Q:4 what are the supported versions of prime Infrastructure to perform backup and restore to Prime infrastructure 3.0?

Prime Infrastructure 3.0 supports restoring from backups of the following releases:

Prime Infrastructure versions 2.2,2.2.1,2.2.2

Prime Infrastructure versions 2.2.X and all Cisco.com patches and point patches

Prime Infrastructure version 3.0

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1126997

Q:5 What are the different types of backup repositories supported in Prime Infrastructure?

Prime Infrastructure currently provides documented support for the following types of repositories:

NFS—NFS is fast, reliable, relatively lightweight, and supports use of staging URLs

FTP and SFTP—If you have a slow network, there is a possibility that backups to a remote FTP or SFTP repository could be corrupted because of incomplete transfers.

Refer the below link for more detail.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/backup_restore.html#87227

Q:6 Does Prime Infrastructure validate the backup before restoring?

Yes. Prime Infrastructure performs the following checks to ensure the validity of backups:

  1. Before starting the backup process, disk size, fast-recovery area, and control files are validated.
  2. The created backup database is validated to ensure that it can be restored.
  3. After the application data is zipped, the zipped file is validated against the files that were backed up.
  4. The TAR file is validated to make sure that it is correct and complete.
  5. The GPG file is validated to make sure that it is correct.

If the users manually transfer the backup file, or if the users want to verify that the backup transfer is complete, view the file’s md5CheckSum and file size.

Another best practice for validating a backup is to restore it to a standalone “test” installation of Prime Infrastructure.

Device Support

 

Q:1 What devices are supported in Cisco Prime Infrastructure 2.2 & 3.0?

Cisco Prime Infrastructure 2.2 supports the follow device types:

Cisco Integrated Services Routers (ISR)

Cisco Aggregation Services Routers (ASR)

Cisco Catalyst Switches

Cisco Network Analysis Modules

Cisco Wide Area Application Services (WAAS)

Cisco Nexus Switches

Cisco MDS 9000 Series Multilayer Switches

UCS B and C series Devices

Cisco Mobility Service Engine (MSE)

Cisco Prime Identity Service Engine (ISE)

Cisco Wireless LAN Controllers

Cisco Lightweight Access Points

Cisco Autonomous Access Points

Q:2 What are the devices supported on Plug and play feature in Cisco Prime Infrastructure?

Catalyst 2XXX, 3XXX, 4XXXX switches, ISR G2, ISR G3 and Katana (Cisco 5760 Wireless LAN Controller) are supported on Plug and play feature.

Q:3 What are the various devices supported in Prime Infrastructure 2.2?

List of support devices available in the below link:

http://www.cisco.com/en/US/products/ps12239/products_device_support_tables_list.html

Q:4 What are the new devices supported in Prime Infrastructure 3.0?

The list of supported device in Prime Infrastructure 3.0 can be found in the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-device-support-tables-list.html

Q:5 What WLC versions are compatible with Prime Infrastructure 3.0?

Prime Infrastructure 3.0 supports WLC 8.1.

WLC and MSE compatibility matrix is available in the below link

http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#91799

 

Q:6 Does MSE 7.7 and WLC 8.0 supported on PI 2.2?

Yes. Prime Infrastructure 2.2 supports WLC 8.0 and MSE 7.7.

WLC and MSE compatibility matrix is available in the below link

http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#91799

Q:7 Does PI 2.2 support UCS and Nexus products?

    Yes. Prime Infrastructure 2.2 Supports UCS and Nexus devices.

    Discovery, Inventory and configuration management for Nexus 9000 standalone switches

    Discovery and Inventory Support for UCS B and C series devices

    Monitor Availability and Faults on UCS Blade and Rack servers (B and C series)

    Root cause for faults and correlation to underlying UCS physical infrastructure

 Q:8 What is the level of support for 3rd party devices in Prime Infrastructure?

The following support level is available with Prime Infrastructure.

Auto Discovery of a 3rd party Device

Basic Inventory collection

Device reachability status polling

Ability to load new MIBs & to create new monitoring templates

More information is available in the link given below:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2- 1/release/notes/cpi_rn.html

Q:9 Does Prime Infrastructure Support 819 Router?

Yes. Prime Infrastructure 2.2 supports 819 routers. Please find below the link to know the list of supported    devices in PI 2.2.

 http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-device-support-tables-list.html

Q:10 Does Cisco Prime Infrastructure can manage Aruba APs or controllers? 

 Yes. Cisco Prime infrastructure provides a level of support for some Aruba Controllers including LLDP Neighbor Discovery, Configuration Archive, Software Image Management, Device Availability and device Reachability

 Q:11 Can Cisco Unified Call Manager (CUCM) and/or IP phone be managed via Prime Infrastructure?

      No, Prime Infrastructure does not support CUCM or IP Phones. Prime Collaboration is the right platform for these devices.

 Q:12 List out the Cisco Prime Infrastructure features that are available for Third party devices with RFC 1213?

       For third party devices, only limited support is provided by Cisco Prime Infrastructure. Prime Infrastructure collects the inventory details (Device Name, Device type, Uptime etc.) and interface details of the device.

  Q:13 Does Prime Infrastructure support autonomous 3600 AP?

      Yes. Prime Infrastructure version 2.2 supports 3600 AP.

 Q:14 Does Cisco Prime Infrastructure support UCS blade servers?

  Yes. Cisco Prime Infrastructure 2.2 supports UCS B series devices.

 Q:15 Is there any mechanism to raise a device support request in Cisco Prime Infrastructure?

Yes. It is possible to raise a device support request. Follow the below link to raise a request.

https://app.smartsheet.com/b/form?EQBCT=ad5db7886b774d9abb8ff61a6051cb95

 Q:16 Does Prime Infrastructure support Meraki Devices?

Yes. Prime Infrastructure v2.2 supports Meraki devices via Wireless tech pack which is available for download in the below CCO link.

https://software.cisco.com/download/release.html?mdfid=286236028&flowid=72882&softwareid=286285318&release=2.2.1&relind=AVAILABLE&rellifecycle=&reltype=latest

Currently Prime Infrastructure provides the below functionalities for Meraki.

- Ability to add Meraki devices to inventory

- Reachability status of the Meraki AP’s

- Cross launch to the Meraki dashboard is provided from prime infrastructure and all monitoring and configuration aspects are still using the Meraki cloud dashboard.

 Q:17 Does Prime Infrastructure Supports UCS E series?

Yes.Prime Infrastructure 3.1 supports UCS E series.

 Q:18 What is the level of support for UCS Fabric Interconnect in Prime Infrastructure 3.0?

  Currently with Prime Infrastructure 3.0 user can view the Chassis information and blades information. For the blades on a chassis user can see 360 view of the blade. For the chassis you can see the status of the power supplies, Fan and the IO Module details. Also for the Fabric Interconnect user can see the network information (Ethernet interfaces, vEthernet and fabric channel) and the IO Modules details.

The schematic view also shows the operational status of the data center components and the associated alarms using which you can trace the root cause of an application delivery failure to a UCS hardware problem of Cisco UCS device.

A new IO Modules tab is introduced in Inventory > Compute Resources > Cisco UCS Servers, to show the operational status of backplane ports and fabric ports. These details are useful for troubleshooting the UCS device.

Q:18 How to view the list of features supported for a specific device type?

To know the list of features supported for particular device type, click on the 'i' icon near the feature details in Supported devices page.

Q:19 List out the device types supported by Instant access workflow in Prime Infrastructure 3.1?

In PI, Instant access workflow is supported for 6800 and 6500-E chassis, SUP2T and SUP6T, Cisco Catalyst C3560CX-8XPD-S and C3560CX-12PD-S access switches.

Discovery

 

Q:1 Is SNMP (read and write) enough to do all functions?  What features aren't available within Prime Infrastructure if no SSH credentials are provided?  

SNMP credentials may be sufficient for management of wireless devices, but for IOS based devices, SNMP credentials will only get you basic inventory and monitoring. All software image management and configuration management requires CLI access. Bottom line is that for full functionality, CLI credentials are required.

 Q:2 Whether Prime Infrastructure support a jump host to manage network elements on the other side of a firewall?

No. Prime Infrastructure 3.0 does not support that kind of intermediary. No plans to support that at this time. Prime Infra would reside on the same side of the firewall as the managed device. Administrators outside the firewall would have permission to connect to the Prime Infra Web UI, but not to directly access the devices.

 Q:3 What are the various options of adding a device into Prime Infrastructure?

Prime Infrastructure provides two ways to discover the devices in your network:

Quick—allows you to quickly discover the devices in your network based on the SNMP community string, seed IP address, and subnet mask you specify. Choose Inventory > Device Management > Discovery > Quick Discovery

Regular—Allows you to specify protocol, credential and filter settings for discovery and to schedule, choose Inventory > Device management >Discovery click Discovery settings

Bulk Import- User can import all the devices using csv format file. Inventory> Device Management >Network Devices> Bulk Import

Add a device- User can add a single device by navigating to Inventory > Device Management >Network Devices> Add Device

 Q:4 What are the various Discovery protocols supported in Prime Infrastructure?

The various protocols supported are Ping Sweep Module,LLDP, CDP Module, Routing Table, Address Resolution Protocol, Border Gateway Protocol, and OSPF

 Q:5 Does Prime Infrastructure support SNMP V3?

Yes, SNMP V3 is supported in Prime Infrastructure. Refer the below link for more detail.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/gettingstarted.html

 Q:6 How can I add NAM device into inventory in Prime Infrastructure?

Follow the steps below to add HTTP credentials for a single NAM. You can repeat this task for all NAM’s from which you want Prime Infrastructure to collect data.

Choose Inventory > Device Management > Discovery

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/gettingstarted.html

 Q:7 What is SNMPv3 behavior if you include a WRITE object but that object is Actually not defined anywhere?

               In that scenario, the user will be able to write everything even though he didn’t define the   object anywhere.

 Q:8 Does Prime Infrastructure prefer to use SNMPv2 over v3 when both are configured in a discovery job?

         Prime Infra tries all credentials supplied both in discovery and when adding devices. When both SNMPv2 and SNMPv3 credentials are provided and valid for a device at the time of discovery/addition, SNMPv3 is preferred, and the PI database for the device is updated to note that for that device, v3 is to be used and Prime Infra will not "fall back" to SNMPv2 later when a device stops responding to SNMPv3. It will show the device as "SNMP unreachable”.

Q:9 Does Prime Infrastructure support IPV6? If so describe the level of support.

Yes. Prime Infrastructure is capable of managing the device that is configured with an IPV6 address starting from v2.2. Prime collects the IP address and inventory via IPV6 transport over Telnet and SSH protocol. Prime Infrastructure will allow Subnet discovery option to discover all addresses in IPv6 subnet. Ping sweep will additionally support sweeping a 12 - bit range of IPV6 addresses.

Prime Infrastructure will be able to receive syslogs and traps for theseIPV6devices and also Netflow processing from IPv6 enabled devices. Identify the source/destination of the flows by parsing the source address in both IPv6 and IPv4 formats. Collect IPv6 addresses in NAM assurance data. Support for IPv6 clients in End point site classification.

 Q:10 What is ‘Credential profiles’ in Prime Infrastructure ?

 Prime Infrastructure 2.2 introduces Credential Profiles. Users can create credential profiles where credential information by itself is saved in the system (in a secured manner). Now whether a device is added manually or discovered, this device credential profile can be associated to device for quicker device additions. This not only simplifies device additions in Prime Infrastructure, but also reduces any human error in specifying credentials.

Q:11 How user can export all devices and which credential profile they use in Prime Infrastructure?

 User can leverage the REST API's (exportDevices API ) to export the devices along with the credential profile name. ExportDevices API can export the following details listed in the below table.  For details on how to leverage the REST API. I request you to download the PI 2.2 API reference Guide.

 http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

 Q:12 Does prime infrastructure manage a device via dynamic IP addresses?

  No.Prime Infrastructure does not support management of network devices via dynamic IP address.

Q:13 Is it possible to automate the export of the devices in Cisco Prime Infrastructure?

Yes. Using Get Devices/export Devices REST API, user can automate the export of the devices.

 User can access the API documentation on any PI instance by visiting https://<pi_ip_address>/webacs/api/v1 > Click on 'Detailed Prime Infrastructure API Resources Documentation’ > click on 'GET Export Devices’.

 The API documentations are also available in the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html.

 Q:14 Is it possible to send an alert (Email or SMS) to the user once the device discovery is done in Prime Infrastructure?

This functionality is not currently available in Prime Infrastructure 3.0. But Prime Infrastructure can send notifications to a Java Message Server (JMS) whenever there are changes in inventory or configuration parameters that are part of an audit you have defined.

Refer the below link on Change audit notifications for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/maint_network_health.html#pgfId-1075146

Inventory

Q:1 How to trigger Manual Inventory collection in Prime Infrastructure?

User can force an inventory collection in order to sync the Prime Infrastructure database with the configuration, currently running on a device.

In Prime Infrastructure 2.1, Choose Operate > Device Work Center. Select the device and click Sync

 In Prime Infrastructure 2.2 Choose Inventory > Device Management > Network Devices. Select the device and click Sync

  In Prime Infrastructure 3.0 Choose Toggle navigation > Inventory > Device Management > Network Devices. Select the device and click Sync

Q:2 How can I control background data collection tasks in Prime Infrastructure?

Prime Infrastructure executes scheduled data collection tasks in the background at a regular basis. You can enable or disable these collection tasks, change the interval at which each task is executed, or change the retention period for the data (raw or aggregated) collected during each execution of each task. Choose Administration > Background Tasks.

Q:3 How to enable NAM data collection in Prime Infrastructure ?

To ensure that you can get data from your Network Analysis Modules (NAMs), you must enable NAM data collection. You can do this for each discovered or added NAM, or for all NAMs at once.

In PI 2.x Choose Administration > Data Sources > NAM Data Collector. Select NAM device & click enable.

 http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/gettingstarted.html

In Prime Infrastructure 3.0, Choose Toggle Navigation > Services > Application Visibility & Control > Data Sources

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/setup_monitor.html#41501

Q:4 How to enable Netflow data collection in Prime Infrastructure?

To start collecting NetFlow and Flexible NetFlow data, you need to configure your NetFlow-enabled switches, routers, and other devices, to export this data to Prime Infrastructure. Choose

Templates > CLI Templates > System Templates - CLI > Collecting Traffic Statistics

 http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/gettingstarted.html

 In Prime Infrastructure 3.0 choose

Toggle Navigation > Configuration > Templates > CLI Templates > System Templates –CLI > Collecting Traffic Statistics

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/setup_monitor.html#pgfId-1056427

Q:5 Where we can view the inventory details of UCS devices in prime Infrastructure 2.2?

        User can view the inventory details by navigating to Inventory > Device management > Compute devices > Cisco UCS servers. Clicking on the selected devices will provide Chassis 360 view and server 360 view.

In Prime Infrastructure 3.0,Choose Toggle Navigation >Inventory > Device Management > Compute Devices > Cisco UCS servers.

Q:6 Is it possible to perform bulk editing the devices information in network Inventory of Prime Infrastructure?

Prime Infrastructure allows bulk edit of device information in the network inventory starting from v 2.2. This allows the user to select multiple devices and change the device credentials or assigned credential profile. The user can also bulk edit the values of User Defined Fields.

Q:7 Is it possible to link prime Infrastructure to an external inventory management system?

Prime Infrastructure provides a REST API that exposes data. Prime Infrastructure does not support direct access to the database.

REST API Documentation is available in the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html.

Q:8 How to enable event based inventory collection in Prime Infrastructure ?

User can configure Prime Infrastructure to collect inventory when it receives a syslog event for a device.

Choose Administration > Settings > System Settings. Select the “Enable event based inventory collection” check box to allow Prime Infrastructure to collect inventory when it receives a syslog event for a device.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/ManageData.html#pgfId-1061731

Q:9 Can I view routing table or BGP neighbor details in Prime Infrastructure?

Yes. In Prime Infrastructure 3.1, user can launch the device 360 degree view for all the managed devices and view the routing table, BGP and EIGRP neighbor information.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/ui.html

Data Center

Q1: List out the licenses required for Data Center Monitoring in Prime Infrastructure.

In addition to base license, users need to have the below license for Data Center monitoring in Prime Infrastructure.

L-MGMT3X-US-K9 - This is Data Center license. It regulates the number of blade servers being managed by UCS device(s) in Prime Infrastructure. The license count matches the number of blades or rack units associated with any UCS device. Datacenter licenses are specific only to UCS devices (Blade count). Other Data Center devices, such as Nexus switches and MDS devices are managed using a normal Lifecycle license.

L-MGMT3X-UV-K9- This is Data Center Hypervisor license. It regulates the total number of host(s) managed by Prime Infrastructure management. This license manages Discovery Sources (Vcenters) in Prime Infrastructure.

Q2: Does Nexus and MDS switches require the data center licenses?

No. Nexus & MDS switches does not require data Center license. They are managed using a normal Lifecycle License.

Q3: Can data center license and data center hypervisor license be added independently of each other?

Yes. Data center license and data center hypervisor license can be added independently of each other.

Q4: What is the pre-requisite for adding data center license?    

Base and Lifecycle license is a prerequisite for adding a Data Center license

Q5: How to add compute resources like data center, cluster, hosts and virtual machines (VMs) into Prime Infrastructure inventory?

Navigate to Inventory > Device Management > Compute Devices > Discovery Sources. Add VMware Vcenter server details. Now compute resources like data center, cluster, hosts and virtual machines (VMs) are discovered and added into Prime Infrastructure automatically.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/manage_compute_resources.html

Q6: What credentials are required for discovering and managing the DC components defined within the Vcenter?

 Below information needs to be provided to complete the Vcenter discovery

  • Discovery Source
  • Discovery Source User Name
  • Discovery Source Password
  • Protocol
  • Discovery Source Port

Q7: How Prime Infrastructure Monitors the Virtual machines?

Prime Infrastructure does not poll the VM directly, but it gets the data periodically from the Vcenter via the application programming interfaces (APIs). The default polling interval is 5 minutes.

Q8: Where to configure polling interval for monitoring the Compute Resources?

Navigate to Administration > Settings > System Settings > Datacenter Settings and choose the Polling Interval from the drop-down list.

Q9. Is there an NB API to get Data center and VMs statistics from Prime Infrastructure?

Yes. Cisco Prime Infrastructure 3.1 supports several new REST APIs that allow users to fetch cluster, data center and VM details from outside of Cisco Prime Infrastructure GUI. Prime Infrastructure 3.1 API reference guide is available in the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

 

Grouping

Q:1 How to create Port groups in Prime Infrastructure ?

User can create a new port group which can be one of two types:

Static—Create and name a new port group to which you can add devices using the Add to Group button from Inventory > Group management > Port groups

Dynamic—Create and name a new port group and specify the rules to which ports or interfaces must comply in order to be added to this port group.    

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/group-devices.html#48976

Q:2 How do we assign devices to a group in Prime Infrastructure 3.0 ?

Devices are automatically grouped based on Device Type.

In Prime Infrastructure, Additional User Defined Static or Dynamic Device groups can be created from, Toggle Navigation > Inventory > Device management > Network Devices > Groups & Sites > Add to group

Q:3 What is the difference between Site Grouping, Location Based Group and User defined Group in Prime Infrastructure?

As the name suggests, Site grouping is to depict physical branches/sites and associate devices with them. This is strictly based on geographical hierarchy and it is meant for wireless site maps. User can monitor network based on site groups in Prime Infrastructure home dashboard.

The User defined group could be anything i.e. For example, user might want to view access devices only across all of his sites and hence he will have a user defined group called “Access Devices”.

Location groups allow you to group devices by location. You can create a hierarchy of location groups (such as theater, country, region, campus, building, and floor) by adding devices manually or by adding devices dynamically. Location based groups are meant for topology maps.

Q:4 Is it possible to add an Access point into location based group or user defined group in Prime Infrastructure?

Yes. This is supported in Prime infrastructure v 3.0. In Prime Infrastructure 3.0 user can select and add APs to location based groups or user defined groups.

Q:5 What is the difference between sites and virtual domains in Cisco Prime Infrastructure ?

     "Sites" are primarily a location group concept, focused on how to organize wireless spatial heat maps. Virtual Domains are different, it’s a way to define Administrative Access Control policy and also a way to define administrative boundaries to restrict what various Prime Infrastructure users can or cannot access in the product

Q:6 Is it possible to do dynamic grouping of devices by specifying IP address range?

Yes. In Prime Infrastructure 3.1, user can perform dynamic grouping of devices by specifying the IP address range.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/group-devices.html

Q:7 What is the functionality of Site Visibility feature in Prime Infrastructure 3.1?

Using Site Visibility feature, Location Groups can be synchronized with the Geo Maps by providing Geographic Location details while creating the Location Group or can be imported in bulk using the Group Import / Export option.

Software Image Management

Q:1 What are the various ways of loading images in Software Image Management of Prime Infrastructure ?

Images can be loaded into the repository from:

  • An existing device
  • Cisco.com
  • A specified URL location
  • A local file on the client machine

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/maint_images.html

 Q:2 Can we upgrade NAM using Software Image Management in Prime Infrastructure ?

Yes, the pre-requisite is that, the passwords for NAM's application and maintenance modes should be the same and for a NAM card present in a Catalyst 6000 device running CatOS, ensure that you set auto logout to a value that is high enough to allow the copying of the new image.

 Q:3 Does Software Center list only the software updates that are not installed in the machine?

The Software Center module lists all software updates including those that are installed. However, it performs the filtering for device updates.

 Q:4 How do I configure Job Approval for Software Image Management?

User has to configure the role on enabling job approval for SWIM feature here. Administration > Users, Roles & AAA > Groups > Group Detail and then to approve the job he has to go to Administration>Job Approval

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/maint_user_access.htmll

 Q:5 How much temporary space is required during image distribution?

The amount of free space that is required depends upon the image file size and also the number of devices that are being upgraded simultaneously. If the tftpfallback option is set, additional free disk space is required to keep the current image in the tftpboot directory. Disk space is used both in the tftpboot and temp directories.

 Q:6 How can I export the images from SWIM repository to a local drive or a file system mounted to the PI 2.x server?

To export the image from Software Repository to a local drive or a file system: Inventory -> Device management> Software Images>repository>export

  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/maint_images.html

Q:7 What are the prerequisites for downloading Software Updates from Cisco.com?

User should check for the following:

Valid Cisco.com credentials are configured during Server administration

Valid proxy details are configured and Cisco Prime support basic authentication of proxy server.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/maint_images.html#86087

Q:8 In Prime Infrastructure SWIM, How many software distribute job can run if "Distribute Parallel" option is selected?

In Prime Infrastructure, 5 Image distribute jobs can run in parallel if user select ‘Distribute parallel’ option.

During bulk image distribution i.e pushing image upgrade to 200 devices in a single transaction from UI, the distribution is processed in batches of 5 devices, rest of the devices are in effect in queue, yet to start state and picked up for processing as and when the task completes for the prior device & continues till all of them are processed.

Q:9 Does Prime Infrastructure 3.0 support import Images from cisco.com?

No. In Prime Infrastructure 3.0 Image distribution from Cisco.com has been disabled due to a security issue in the backend API that prime Infrastructure is using. So user need to Download the images manually from Cisco.com and import them by choosing Inventory > Device Management > Software Images > Import > File.

Q:9 Shall I configure an external server for Software Image Management in Prime Infrastructure 3.1?

Yes. In Prime Infrastructure 3.1, user can configure external servers for software Image management.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/maint_images.html

Q:10 What is the protocol order for Image Management?

  The default protocol order for Image Management is listed as

    • SCP
    • SFTP
    • FTP
    • TFTP

You can also define the protocol order at Administration > Settings > System Settings > Inventory > Image Management.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/maint_images.html

 

Configuration Management

Q:1 Can I define the protocol order for configuration fetch and deploy in Prime Infrastructure?

Yes, user can define protocol order at Administration > System Settings > Configuration Archive

 Q:2 What are the different ways Prime Infrastructure can Archive device configurations?

User can specify how Prime Infrastructure archives the configurations:

On demand—You can have Prime Infrastructure collect the configurations of selected devices by selecting Inventory > Configuration Archives.

Scheduled—You can schedule when Prime Infrastructure collects the configurations of selected devices and specify recurring collections by selecting Inventory > Configuration Archives > Schedule Archive.

During inventory- One can have Prime Infrastructure collected device configurations during the inventory collection process.

Based on Syslogs— If device is configured to send syslogs, and when there is any device configuration change, Prime Infrastructure collects and stores the configuration.

 Q:3 Does Prime Infrastructure support configuration rollback?

Yes, configuration roll back is supported to any previous version.

Choose Inventory > Configuration Archives and click on the expand icon for the device whose configuration you want to roll back. Click the specific configuration version you want to roll back, and then click Schedule Rollback

 Q:4 What are the various ways of doing Configuration Archive in Prime Infrastructure 2.x?

User can perform configuration archive tasks in two places:

In Prime Infrastructure 2.1,

  •              Operate > Configuration Archives—Lists all configuration archives by device type, site group, or user-defined group. You can schedule archive collections, rollbacks, and view the details of configurations.
  •              Operate > Device Work center—View a specific device’s archived configurations, compare its configurations, schedule a configuration rollback, and schedule archive collections for that device.

In Prime Infrastructure 2.2,

  •              Inventory > Configuration Archives—Lists all configuration archives by device type, site group, or user-defined group. You can schedule archive collections, rollbacks, and view the details of configurations.
  •              Inventory > Network Devices—View a specific device’s archived configurations, compare its configurations, schedule a configuration rollback, and schedule archive collections for that device.

 Q:5 How to trigger Manual Config Archive collection?

To specify when to archive configurations, Choose Inventory > Configuration Archives. Choose the device(s) whose configuration you want to archive, and then click Schedule Archive.

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/maint_config.html#wp1053306

 Q:6 How can we sync the Running Configuration of the device with the Startup Configuration in Prime Infrastructure 2.x?

  Cisco Prime Infrastructure has scheduled Overwrite option under Inventory > Device Management > Network Device > Select Device > Configuration Archive .Using this option user can copy the running configuration in to start up configuration

 Q:7 Does Prime Infrastructure send an email Notification if the configuration on a device is changed?

   No.The best that Prime Infrastructure can do currently is sending an e-mail on a regularly scheduled basis with a change audit report. User can then see if any configuration changes were detected and on which devices in the last reporting period. But still user has to go in and see what configuration change was made.

 Q:8 Does prime infrastructure support configuration deployment to any ASA devices? 

               Prime Infrastructure can archive the configuration in ASAs but Configuration template deployment is not supported in ASAs.

Q:9 Is it possible to export the archived configuration from switches or routers stored within the prime infrastructure?

   Yes. User can follow the below steps to export the configuration from the Archive.

  * Navigate Inventory > Device Management > Network Devices

  * Select the Device

 * Select Configuration Archive tab

* Expand/Select the version

* Click on running/startup configuration

* Click export at the right bottom of that window

Q:10 What is the maximum number of devices user can deploy the configuration in parallel?

Cisco Prime Infrastructure recommended default value is 5. Deploying CLI Template to large number of device (greater than 1000) will take more time. Increasing thread pool might faster the deployment. But if other simultaneous operations are in progress, increasing thread pool count may affect overall system performance.

Q:11 Is it possible to search configurations matching specific patterns in Prime Infrastructure?

Yes. In Prime Infrastructure 3.1, Global search has been enhanced to search against the archived configurations and can report on configurations matching the search pattern.

 

Template Management

Q:1 How to create a configuration template in Prime Infrastructure 2.x?

Under the Configuration > Templates choose the type of template you want to create.

 In Prime Infrastructure 3.0 Choose Toggle Navigation > Configuration > Templates > Feature and Technologies. Choose the type of the template you want to create.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/config-temp.html#pgfId-1123690

Q:2 How to publish a configuration template in Prime Infrastructure 2.x?

After user create the template, click Publish, to publish the template and make it available to be deployed

 Q:3 How to deploy a configuration template in Prime Infrastructure 2.x?

Under the Configuration menu, choose the template to deploy and deploy it.

In Prime infrastructure 3.0, Navigate to Configuration > Features & Technologies. Choose the template to deploy and deploy it

 Q:4 Where can we verify the status of configuration deployment job in Prime Infrastructure?

In PI 2.x, Choose Administration > Job Dashboard to verify the status of the template deployment.

In Prime Infrastructure 3.0, Choose Toggle Navigation > Administration > Job Dashboard verify the status of the template deployment.

Q:5 Can I group templates and deploy across a group of devices in Prime Infrastructure ?

Yes, Cisco Prime Infrastructure supports Composite templates which the user can use to group templates and deploy it across list of selected devices.

In PI 2.x, Choose Configuration> Templates > then click Composite Template

In Prime Infrastructure 3.0, Choose Toggle Navigation > Configuration> Templates > then click Composite Template

Q:6 How can we import CLI configuration templates from Cisco Prime LMS to Prime Infrastructure?

In addition to creating new configuration templates, you can also import configurations from Cisco Prime LAN Management Solution (LMS). If you have “golden” templates in Cisco Prime LMS, you can import those configurations into Prime Infrastructure and save them as configuration templates that you can deploy to the devices in your network.

In PI 2.x, Choose Configuration >Feature & Technologies Templates. Click the Import icon at the top right of the CLI template page.

In Prime Infrastructure 3.0, Choose Toggle Navigation > Configuration > Templates > Feature & Technologies. Click the Import icon at the top right of the CLI template page.

 

 

Q:7 Is there any template available for Syslog configuration in Prime Infrastructure?

User can configure the same, in Configuration >Templates > CLI Templates > System Templates - CLI > Configure Logging and can receive syslogs to the server.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/create_temps.html

In Cisco Prime Infrastructure 3.0 Choose Toggle Navigation > Configuration >Templates > CLI Templates > System Templates - CLI > Configure Logging and can receive syslogs to the server.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/config-temp.html#pgfId-1062027

 Q:8 Can I create my own custom monitoring templates and poll the devices using it?

Yes, A user can create a custom monitoring templates and specify the polling parameters for it under, Monitor > Monitoring Policies > Custom MIB polling

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/mon-pol-thresh.html

In Prime infrastructure 3.0 Choose Toggle navigation > Monitor > Monitoring Tools > Monitoring Policies > Policy Types > Custom MIB polling.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/mon-pol-thresh.html

 Q:9 Where can I create template for Guest user in Prime Infrastructure 2.x?

The purpose of a guest user account is to provide a user account for a limited amount of time. A Lobby Ambassador is able to configure a specific time frame for the guest user account to be active. Choose

Monitor> Tools > Wireless > Guest User. The Guest Users Controller Templates page appears.

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/user/guide/maint_wireless_optools.html#wp1153447

In Prime Infrastructure 3.0 ,Choose Toggle Navigation > Services > Guest users. The Guest Users Controller Templates page appears.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/config-temp.html#pgfId-1137786

Q:10 Is there a published resource for common CLI templates for Prime/WCS?

        Prime Infrastructure includes a number of CLI templates out-of-the-box, but we don’t have an external repository for them.

Q:11 Do we have Zone based Firewall and Easy VPN templates available in Cisco Prime Infrastructure ?

Yes. In Cisco Prime Infrastructure , many best practice templates are available along with Zone based firewall and DMVPN Templates

Q:12 What is the use of publishing the templates in Cisco Prime Infrastructure?

         In Cisco Prime Infrastructure, user can publish the templates so that the templates will  be available for deployment by other users.

Q:13 Can I deploy template using REST API’s in Prime Infrastructure 2.2?

   Yes , New RW API can be used for creating/deploying IOS/IOS-XE based templates

API

 Name

o    Description

GET

List Configuration Templates

Get a list of the published CLI templates

GET

List Device Types

Returns the list of device types you can specify for a CLI template.

PUT

Deploy Configuration Template

Deploy a template to a list of devices.

GET

Download Configuration Template

Export a template from the system.

POST

Upload Configuration Template

Upload a new template into the system.

DELETE

Delete Configuration Template

Deletes a template from the system.

 

 

Q:14 Is it possible to create a new feature design template in Cisco prime Infrastructure?

     No.It is not possible to create a model Based Template in Cisco Prime Infrastructure.

 Q:15 Does the Role-based access control in cisco prime Infrastructure extends to the templates?

No.This Feature is available in Cisco LMS and not yet available in Cisco Prime Infrastructure.

Q:16 Is it possible to undeploy a configuration template in Prime Infrastructure?

Yes but it is limited to Controllers template. The undeploy option is applicable only for the controller templates listed under Templates > Features and Technologies > Controller and will be active only if the controller template has been deployed to a device

Q:17 How to define global variables in Prime Infrastructure templates?

 Global variables for CLI templates can be defined in Cisco Prime Infrastructure 3.1. These variables can later be used while creating CLI templates. Choose Configuration Templates Global Variables to define the variables.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/config-temp.html#54293

 

VLAN Management

Q:1 What level of support is there in Prime Infrastructure 2.2 for VLAN Management?

Prime Infra 2.2 does not deliver any new VLAN management capabilities beyond what is already available in version 2.1. The plan is to provide more ad hoc VLAN management capability in the future, but so far that is not committed.

 

High Availability

Q:1 What are the High Availability (HA) options in Cisco Prime Infrastructure?

Prime Infrastructure provides a high availability option. When an active (primary) PI server fails, a secondary PI server takes over operations for the failed primary PI server and continues to provide service.

 In Prime Infrastructure 3.1 Configuration is done from Toggle Navigation > Administration > Settings > High Availability.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/config_HA.html

Q:2 Is there any document that describe the HA architecture of Prime Infrastructure?

   Refer Cisco Prime Infrastructure 3.1 deployment Guide for details.

  Link to deployment Guide

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime- infrastructure/guide-c07-729990.html#_Toc384812937

 More details on how to deploy Cisco Prime Infrastructure 3.1 HA can be found at 

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/config_HA.html

Q:3 What is the requirement for the connectivity between Prime Infrastructure primary and secondary servers?

        A reliable high-speed wired 1GBps link must exist between the primary and secondary prime infrastructure servers.

Q:4 In Prime Infrastructure HA Environment, how user should configure end network devices – should they have IP address of both the appliances for Syslog and SNMP traps?

     No. During Primary Prime Infra server Failover devices should be configured to send Traps to the secondary prime Infra server.

Q:5 What is required to login to the secondary server during HA fail over?

 No Specific Configuration steps needs to be performed to access the secondary server. Follow the below link for more detail.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/config_HA.html#pgfId-1147201

Q:6 What is virtual IP addressing in Prime Infrastructure High Availability?

When HA is implemented, User will have two separate Prime Infrastructure servers, with two different IP addresses. If the user fails to reconfigure devices to send their notifications to the secondary server as well, then when the secondary Prime Infrastructure server goes into Active mode, none of these notifications will be received by the secondary server. To avoid this additional device configuration overhead, HA supports use of a virtual IP that both servers can share as the Management Address. The two servers will switch IPs as needed during failover and failback processes. At any given time, the virtual IP Address will always point to the correct Prime Infrastructure server.

Q:7 What is the limitation in using Virtual IP addressing in HA?

 User cannot use this virtual IP addressing feature unless the addresses for both of the HA servers and the virtual IP are all in the same subnet.

Q:8 Is it possible to have two active primary servers in Prime Infrastructure ?

No. In Prime Infrastructure HA model, only one PI server can be in active mode

Q:9 In Prime infrastructure HA, Can servers in two different geographic area run in Active / Standby mode?

Yes. User can have HA servers in different geographically location to run in Active / Standby mode. And also you need to apply licenses in Primary server alone (No HA license needed). All the licenses will be automatically synched with Secondary server.

Please refer HA configuration steps in the below URL.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/config_HA.html#pgfId-1109277

Q:10 Is it possible to configure a primary server in a virtual environment (VMWare) and a secondary server as an appliance in Prime Infrastructure?

 Yes but it is not recommended to do so. High-availability deployments require that both primary and secondary appliances be identical (PHY/PHY, VM/VM, Gen2/Gen2, PI ver x/ver x)

Q:11 Is it possible to have appliances from different generations (for instance one appliance Generation 1 and one appliance Generation 2) to implement HA?

No. This would not be supported. Since the newer appliance has a better throughput, CPU, Memory etc than the Gen 1 (the sizes of the database etc) might differ. Hence it might not be possible for HA.

Q:12 Does Prime Infrastructure generate events when storage space runs low in HA setup ?

Yes. Prime Infrastructure Health Monitor checks the available disk space on both servers at regular intervals, and generates events when storage space runs low.

Q;13 What are the different deployment models of Prime Infrastructure HA?

Prime Infrastructure 3.1 HA feature supports the following deployment models.

Local- Both of the HA servers are located on the same subnet

Campus- Both HA servers are located in different subnets connected via LAN

Remote- Each HA server is located in a separate, remote subnet connected via WAN

Q:14 Does the secondary Prime Infrastructure require any license to operate in HA ?

No. Only one Cisco Prime Infrastructure server license needs to be purchased. There is no need to purchase a license for the secondary Cisco Prime Infrastructure server. The secondary server will use the license from the primary when a failover occurs. Thus the secondary server will be able to use the synchronized license from the primary server when the secondary server is active. The same Cisco Prime Infrastructure license file resides on both the primary and secondary Cisco Prime Infrastructure servers. The license file is only active on one system at a given point in time.

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/deployment_guide_c07-721232.html#_Toc363680266

Q:15 What is the latency requirement between Prime and secondary prime Infrastructure servers in HA?

It is been validated with recommended 1Gbps dedicated link with Maximum latency tested as 300 millsec with minimum throughput of 65 Mbps.

Supported bandwidth 1 Gbps dedicated link with the throughput varying between 1 Gbps - 65 Mbps between Primary and Secondary Server with varying Latency (0.21 ms to 300 ms)

Maximum latency supported as 300 millsec with the throughput `65 Mbps in 1 Gbps dedicated link

 

User Management / Tracking

Q:1 How does User Tracking user and Host acquisition process work?

UT is available under Monitor > Clients and users > Click on a client, and the user should be able to see the historical information.

 

Q:2 What are the requirements for PI to display username for clients (Operate/Clients and Users)? Is it necessary to have 802.1x authentication enabled on the wired ports? Is there an alternative way to obtain this information in PI?

Prime Infrastructure can get client usernames for wireless users from the WLC directly. For wired users, rely on the Identity Services Engine as the source for client usernames and certain other session attributes (endpoint type, when endpoint profiling is configured, etc). ISE can obtain usernames in 2 ways: For scenarios where 802.1X authentication is configured, ISE will get the authentication requests (and thus will have the username). In open wired access scenarios where endpoint users are logging into a Microsoft AD Domain, ISE 1.3 is able to subscribe to the security event log of the domain controller to obtain username – IP address mappings. Please refer to the ISE 1.3 documentation for details on how to set this up.

 

Q:3 How can the functionality of User Tracking Utility (UTU) provided with LMS be replicated in Prime Infrastructure 2.x?

The preferred implementation approach is that used by ISE, to use the WMI (Windows Management Interface) framework to subscribe to windows security events. Given that Prime Infrastructure already integrates with ISE, and ISE has this capability.There no plans to at this time to implement this mechanism directly in Prime Infra.

Q:4 How to disable client history in Cisco Prime Infrastructure 3.0?

There is no independent way to turn off/on the client history. This gets determined/created as per the scheduled Light weight Client Status background task (runs every 5 mins) & Wired Client Status task (scheduled for 2 hours)

If a user is not interested in any of the Client status, one can turn off/disable these background task, but this means PI will not poll for any client changes in the network & update its database.

Q:5 What is the level of support for UTU (User Tracking Utility) in Cisco Prime Infrastructure 3.0?  

Prime Infrastructure does support Client Tracking for both wired and wireless. Prime Infrastructure also allows integration with MSE and ISE for enhanced information (location, security, and username).  However, the User Tracking Utility in Cisco Works LMS does not exist in prime Infrastructure.

Q:6 Is it possible to view the status of all the clients from ISE (Identity Service Engine) in Prime Infrastructure 3.0?

Yes. User can filter and view all the clients from ISE by navigating to Monitor > Clients and Users > Filter by “Clients Known by ISE”. Here Cisco Prime Infrastructure lists all the clients known by ISE.

Q:7 Can I track or disable clients in the network using prime Infrastructure 3.0 ?

Yes.In Cisco Prime Infrastructure, User can track, monitor the status of the clients, disable or remove the clients using Monitor > clients and users page.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/mon-clients-users.html

Q:8 How can I test client connectivity in prime Infrastructure 3.0 ?

Yes. User can monitor the status of the connection, verify the current and past locations of a user, and troubleshoot client connectivity problems on Monitor > Clients and Users page

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/mon-clients-users.html

Q:9 Does Prime Infrastructure 3.0 supports multilevel approval?

No.Cisco Prime Infrastructure supports one level of approval by configuring job approval settings. User can configure certain types of jobs to run only after an administrator approves them. Discovery, Config, Configuration Archive, Configuration Overwrite, Configuration Rollback, Import, PollerJob, and SWIM Collection are some of the job can be configured for approval.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/config_server_settings.html#pgfId-1081686

Q:10 Can I integrate Prime Infrastructure with Microsoft AD and LDAP?

In Cisco Prime Infrastructure, User can also integrate with ISE.ISE can be integrated with external sources such as Active Directory and Lightweight Directory Access Protocol (LDAP).

Q:11 How long does the disassociated client data is retained?

By default Prime Infrastructure can retain data for disassociated client for 7 days. Choose Administration > Settings > System Settings > Client and User > Client to change the value ranging from 1 – 30 (in days)

IWAN

Q:1 What is IWAN?

 The Cisco Intelligent WAN (IWAN) is a system that enhances collaboration and cloud application performance while reducing the operating cost of the WAN. IWAN leverages low-cost high-bandwidth Internet services to increase bandwidth capacity without compromising performance, availability or security of collaboration or cloud based applications. Organizations can use IWAN to leverage the Internet as a WAN transport, as well as, for direct access to Public Cloud applications

Q:2 What are the components involved in IWAN Solution?

Secure and flexible transport-independent design using Dynamic Multipoint VPN (DMVPN)

Intelligent path control by using Cisco Performance Routing (PfR)

Application optimization: Cisco Application Visibility and Control (AVC) and Cisco Wide Area Application Services (WAAS)

Quality of Service (QoS)

Q:3 What is PfR in Prime Infrastructure?

PfRv3 is the 3rd generation Multi-Site aware Bandwidth and Path Control/Optimization solution    for WAN/Cloud based applications. Available now on:

ASR1k, 4451-X and CSR1000v with IOS-XE 3.13

ISR-G2 with 15.4(3)M

Q:4 What are the advantages of IWAN Solution?

  • Augment your network with lower-cost connectivity options, like the Internet
  • Realize the cost benefits of provider flexibility and higher WAN utilization
  • Offload the corporate WAN with application optimization, intelligent caching, and highly secure direct Internet access.

Q:5 Is there any Document/guide to help configuring IWAN?

Yes. Follow the below link to configure IWAN.

http://http://docwiki.cisco.com/wiki/PfR3:Solutions:IWAN

You can view the IWAN VoD in the below link.

https://communities.cisco.com/videos/13942

Q:6 Where we can find the templates for configuring IWAN in Cisco Prime Infrastructure?

User can find the IWAN templates under the below navigation path

Configuration > Templates > Feature & Technologies > Feature Templates > IWAN

Q:7 List out the IWAN tags that needs to be used for User defined Templates in Cisco Prime Infrastructure?

 Following are the tags to be used for user defined IWAN templates.

DMVPN: IWAN-DMVPN

PFR: IWAN-PFR

QOS: IWAN-QOS

AVC: IWAN-AVC

Q:8 Where we can find the IWAN workflow in Cisco Prime Infrastructure?

  In Cisco Prime infrastructure 3.1 Choose Toggle Navigation > Services and click on IWAN. User should be able to access the IWAN workflow here.

Q:9 How to check the status of the IWAN configuration Job in Prime Infrastructure?

User can check the status of the IWAN configuration Job by navigating to Administration>Jobs > User Defined.

Q:10 Is there any additional licensing needed for the IWAN monitoring in Prime Infrastructure?

No. Prime Infrastructure 3.x Enterprise management license includes both provisioning and monitoring for IWAN.

Q:11 How is IWAN workflow enhanced in Prime infrastructure 3.1 ?

 In Cisco Prime Infrastructure 3.1, IWAN workflow is enhanced for

  • Multi Data Center Configuration
  • EIGRP and BGP Configuration support for Overlay
  • Security Improvements - Pre-shared key and PKI support

Q:12 What is the reason for getting no data in IWAN and PfR Monitoring page in Prime infrastructure ?

  • In Cisco Prime Infrastructure, sites needs to be created and should get added to a location group. Navigate to inventory and go to all “unassigned” sites. Assign them to a location group.
  • Also, netflow export on the devices needs to be pointing to Prime Infrastructure in the specified port number (9991).

Q:13 Does Prime Infrastructure support IWAN Configuration and Monitoring in CSR 1000V Routers?

Yes. Prime infrastructure supports IWAN Configuration and Monitoring in CSR 1000V.

Q:14 Are Prime Infrastructure Assurance licenses needed to manage IWAN?

Yes. Assurance license is needed for IWAN. Also, in Prime Infrastructure 3.x, assurance and life-cycle licenses are merged into a single Enterprise Management License. You can either purchase new licenses a-la-cart of as part of Cisco One Foundation.

Q:15 Does PI 3.x provide any additional visibility on which path is active using PfR in an IWAN deployment?

Yes. Prime Infrastructure 3.1 shows active path using PFR and IWAN deployment.

Q:16 Is there any additional license required to enable IWAN app on APIC EM?

No. Prime Infrastructure 3.x Enterprise Management License includes Lifecycle and Assurance Licenses plus the right to use APIC-EM Solution Apps like the IWAN App.

Q:17 Does Prime Infrastructure 3.x support IWAN Dual POP?

Yes. IWAN dual POP is supported in Prime Infrastructure 3.0.2 release. It has been listed under Prime Infrastructure patch in the below link.

https://software.cisco.com/download/release.html?mdfid=286285348&flowid=76142&softwareid=284272933&release=3.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest

Q:18 Can I deploy IWAN using Prime Infrastructure 3.x independent of APIC-EM Controller?

Yes. You don’t need APIC-EM if you are using Prime Infrastructure to deploy IWAN.

Q:19 Does IWAN, PfR and AVC monitoring require collector License?

No. By default a standard netflow collector is included with Prime Infrastructure that supports up to 20,000 flows per second. This requires Assurance license to be enabled. 

You need collector license (L-MGMT3X-N-CL) if you want to increase scale to 80,000 flows per second.

Q:20 What is new in Prime Infrastructure 3.1.2 IWAN workflow?

In Prime Infrastructure 3.1.2, IWAN workflow provides Direct Internet Access (DIA) support for ZBFW.

Ops center

Q:1 What is Prime Infrastructure Operation Center? Is there any document describing Ops center features?

If multiple Prime Infrastructure instances are running in your network, you can monitor those instances from the Operations Center. The Operations Center provides additional, Operations Center-specific dashboards that you can use to quickly determine the status of your network and identify any issues that require further attention. The Operations Center dashlets display aggregated data.

Link from the user guide:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/mon-opsctr.html

Q:2 How to Install Prime Infrastructure Ops center?

The installation process for Ops Center (OPC) is exactly the same as Installation of Prime Infrastructure. Operation Center is shipped as part of Prime Infrastructure. It is activated based on the license type applied in Prime Infrastructure. When the user applies the operation center license to Prime Infrastructure, it transforms Prime Infrastructure into Operations center. Now we use it for managing multiple Prime Infrastructure instances.

Q:3 How many instances of Prime Infrastructure can be managed by Ops center? What happens if I scale beyond that limit?

Prime Infrastructure supports 10 managed instances, but there is no hard limit on this and user can add more instances as long as their license allows for it.  The reason for this limitation is Ops Center’s performance depends on its managed instances. Ops Center needs to wait for the response of all its managed instances before aggregating and displaying the result.  The more instances you add to Ops Center, the more data it needs to process and thus the slower it becomes.  Adding more instances also increases the likelihood of one (or more) of the managed instances serving as a bottleneck.  If there is low network latency between Ops Center and its managed instances, user should be able to add more than 10 instances without impacting Ops Center’s overall performance. 

Q:4 What are the hardware requirements to setup Prime Infrastructure Operations Center? 

Prime Infrastructure Operation Center requires the Express OVA size with the following system requirements:

4 CPU, 12GB Memory, 300GB Hard Disk.

Ops Center will be able to manage up to 100 Virtual Domains with the Express setup.  A bigger OVA size has to be used for managing more virtual domains.  

Here are more details:

Minimum Recommended hardware Configuration: Express OVA Max Number of Instances Supported: 10 Bandwidth & Latency Requirements between Operations Center & Managed Instances: 250 kbps and latency of up to 5 ms.

Q:5 How to set up Prime Infra Operations Center?

 User need to follow the below steps to setup Ops Center:

  1. Install Prime Infrastructure
  2. Apply OPC license file to Prime Infrastructure.
  3. Make it as an SSO server
  4. Setup your managed instances as SSO client to your OPC instance
  5. Add managed instances to your OPC instance.

Link from Admin Guide:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/setup_tasks.html#pgfId-1058461

Q:6 How Prime Infrastructure Operation center feature works?

Operation Center will start pulling data from the managed Prime Infrastructure instances via the Restful APIs. It is important to have the Operations center and Prime Infrastructure instances configured in an SSO mode so user can seamlessly launch into the Prime Infrastructure instances from the Operations Center view.

Q:7 Do you have the list of tasks user can perform by configuring Prime Infrastructure Ops center?

Yes. User can perform the below mentioned tasks by configuring Operation Center.

  • Centralized Monitoring
  • Unified Assets (Inventory), Clients views
  • Consolidated Reports / Dashlets
  • Consolidated Search
  • Virtual Domain aware
  • Single Sign On
  • Alarm management from a centralized location (read/write)

Q:8 What is new in Prime Infrastructure 3.1 Ops Center ?

With Cisco Prime Infrastructure Operations Center 3.1, SSO configurations for Cisco Prime Infrastructure server instances can be done from the Cisco Prime Operation Center while adding the instances.

Cisco Prime Infrastructure Operations Center 3.1 supports High Availability deployment and supports virtual IP configurations

In Cisco Prime Infrastructure Operations Center 3.1, elastic search has been implemented, which is a lot faster and provides recommended results.

With Cisco Prime Infrastructure Operations Center 3.1, Configuration templates available in the managed instances can be viewed.

Applying Operation Center licenses are made easy. A single license file can be applied to transform the Prime Infrastructure instance into Operations Center

Cisco Prime Infrastructure Operation Center 3.1 introduces six new reports

Q:9 Does Prime Infrastructure Ops center manage the PI instances that are in HA mode?

Yes. Prime Infrastructure Operations center manages the Prime Infrastructure instances that are in HA mode and gives you visibility to which servers is being active at any point in time and transparently logs the user into the Prime Infrastructure that is primary.

Q:10 Can we generate reports from Prime Infrastructure Ops Center?

  Yes. User can generate a subset of reports in Prime Infrastructure 3.1 Ops center.

Q:11 How does Prime Infrastructure Ops center handle a situation where it’s managing two instances of Prime Infra where each instance is managing a device with the same IP address??

  In such a case, both devices are displayed in Ops Center and user can distinguish where the device is coming from by looking at the 'Prime Server' column, which indicates the Prime Infrastructure instance where the device is originating from.

Q:12 Does Prime Infra Operations center give notification if any Prime Infrastructure instance goes down?

Yes. Prime Infra Ops Center gives a notification if one or more of those Prime Infrastructure instances are not responding or goes into inactive state

Q:13 Is there any HA deployment model for Prime Infra Ops Center?

Yes. Prime Infrastructure Ops Center does support HA .User can setup secondary server for Ops Center.

Q:14 Do we have any recommendations with Ops Center on how to deploy Cisco Prime Infrastructure in a network with overlapping IP addresses?

Overlapping IP addresses are supported by Ops center as long as a single underlying PI system does not have overlapping addresses. User can distinguish which instances the devices are originating from by looking at the Prime Server column, which indicates the managed instances. Currently Ops Center scales to support 10 separate PI systems.

Q:15 What Protocol and Port numbers are used for communication between Prime Infra Operation Center and individual member instances?

Single-Sign-On (SSO) needs to be enabled between Ops Center and its managed instances.  Ops Center serves as the SSO server and the managed instances serve as SSO clients to Ops Center. SSO requires two ports to be open: 443 (HTTPS) and 8082 (used for setting up SSL certificate). All communications are over REST calls over HTTPS with default port 443.

Q:16 Can I generate Consolidated Assurance Reports from Operation Center?

No. In Prime infrastructure Ops Center, you cannot generate consolidated assurance reports.

Q:17 How do we backup Prime Infrastructure Ops center?

Prime Infrastructure Ops Center doesn’t support scheduling backup from the GUI. User has to take a backup via CLI.

Prime Infrastructure instances running Operations Center support restores of application backups taken using the CLI from Prime Infrastructure versions 3.0.x or 3.1 only.

Follow the instructions mentioned in the below link:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/backup_restore.html#pgfId-1177981

Q:18 Does the prime Infra Ops Center base license the same as a base license for a regular Prime Infra server 3.x?

The Ops Center base license file essentially transforms a PI instance to an Ops Center instance. The incremental license indicates how many instances can be managed by Ops Center. User can not apply an incremental license prior to applying a base license.  The base license has to be applied first followed by the incremental license.

The following document also provides further details on ordering Ops Center licenses:

 http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-733532.pdf (see page 21).  

Q:19 Does Prime Infrastructure Ops center supports Virtual domain?

Yes. Prime Infrastructure 3.1 Ops Center supports Virtual domain.

Q:20 Is it possible to manage Prime Infrastructure 3.1 instance in PI 2.2.X Ops center?

No. User cannot manage PI 3.1 Instance in PI 2.2.X Ops Center. Prime infrastructure 3.1 can be managed only by Prime Infrastructure 3.1 Ops Center. Also Prime Infrastructure 3.1 Ops Center is designed in such a way that it can manage only PI 3.0.x or PI 3.1 Instances.

Q:21 What is Prime Infrastructure Cluster?

The cluster refers to Operation Center feature in Prime Infrastructure which can provide a single pane of glass view across multiple PI instances.

Q:22 Is it possible to do configuration changes across all managed instances from Prime infrastructure Ops Center?

Yes. Starting from Prime Infrastructure 3.1.2 user can deploy configuration templates from the Operations Center.

 Refer the below link from Prime Infrastructrue 3.1.2 user guide.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1-2/user/guide/pi_ug/mon-opsctr.html#20681

Q:23 If the customer is using Ops Center and 3 instances of Prime Infrastructure, are the licenses pooled under Ops Center or does each instance of PI have its own licenses?

No. The licenses are not pooled under Ops Center.  Each Prime Infrastructure instance will have its own license. 

Q:24 What information is required to generate a trail license for Prime Ops Center?

User has to provide the following details to generate the trail license.

  • Number of instances user need to manage as part of this evaluation
  • Version of prime Infrastructure planning to use (2.2,3.0 or 3.1)

Q:25 Do I need any license for Ops Center?

Yes. Prime Infrastructure Ops Center need separate license to be purchased.

Two license files that need to be applied in Operations Center:

– A base license transforms the Prime Infrastructure instance to an Operations Center instance.

– An incremental license indicates how many instances you can manage in Operations Center.

You must apply both licenses, then log out and log back in for the changes to take effect.

Refer Prime Infrastructure Ordering and licensing guide in the below link for more details.

http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-735996.pdf

Q:26 I have created a custom dashboard called “Critical Assets” in Prime Infrastructure. Will Prime Infrastructure Ops center display this dashboard / data from its dashlets? 

No. The custom dashboard will not be displayed in Ops Center. Ops Center (Ops Center) always displays aggregated data from all managed instances. The only way to display data from specific PI instances in Ops Center is to use Virtual Domains (VD) or to deactivate the instances you’re not interested in under Manage and Monitor Servers page.

Q:27 Does Operation Center support TACACS? 

Yes. To setup TACACS or another central authentication server in Operations Center, follow the instructions provided below.

  • Login to Ops Center
  • Select Administration > Users, Roles & AAA > select 'TACACS+ Servers' from left-hand navigation menu and ensure that your TACACS server is added
  • Now select 'SSO Server Settings' from left-hand navigation menu
  • Select 'TACACS+' radio button > Click on Save

Q:28 How do you setup Single-Sign-On (SSO) in Operations Center? 

Single-Sign-On (SSO) has to be setup such that Ops Center acts as the SSO server and the managed instances act as the SSO clients.  Follow the instructions below to set this up:

On Ops Center, Select Administration > Users, Roles & AAA > select 'SSO Servers' from left-hand navigation menu > Select 'Add SSO Server' from drop-down menu. Go to “ Add the IP address of Ops Center “ .Select OK.From the left-hand navigation, select 'AAA Mode Settings' > Select 'SSO' > Save > Logout

On *Managed PI Instances, *Select Administration > Users, Roles & AAA > select 'SSO Servers' from left-hand navigation menu > Select 'Add SSO Server' from drop-down menu > Go > Add the IP address of Ops Center > OK > from the left-hand navigation, select 'AAA Mode Settings' > Select 'SSO' > Save > Logout

To ensure that SSO is working properly, login to Ops Center, open a new browser tab and access one of your managed instances.  If you're automatically logged into your PI instance without having to re-authenticate, then SSO is working as expected. 

Q:29 Does Prime Infrastructure Ops Center support IWAN?

No. Prime Infrastructure Ops Center does not support IWAN.

Q:30 How does Ops Center's license count work with respect to PI instances that have a secondary server setup?

The secondary servers are not counted as part of your license count when adding your managed instances to Ops Center.  In other words if your Ops Center license allows for management of three instances, it’s three instances with or without HA.  Hence, you'll only need to specify a count of 3 for your L-PI2X-OPRCTR-1 license.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/mon-opsctr.html#pgfId-1081496

 

Topology

Q:1 What is Network topology Map in Prime Infrastructure?

Cisco Prime Infrastructure provides a visual map of your network’s physical topology, including the network devices and the links that connect them. The topology maps have indicators that show the current alarm status of network devices and links. Using these network topology maps, you can easily monitor your network by viewing alarms in the context of the interconnection between devices.

Q:2 How Prime Infrastructure discovers the network topology ?

Cisco Prime Infrastructure uses Cisco Discovery Protocol (CDP) or the Link Level Discovery Protocol (LLDP) to discover the links in the network topology. In some case, links may not be discoverable; in those cases it is possible to manually add the link to the topology map and associate the link with a specific interface on the appropriate managed device.

Q:3 Is Prime Infrastructure topology map same as in LMS?

 No. The network topology Map in Prime Infrastructure is not the same as in LMS. Prime infrastructure does not use the Java-applet based thick client. Prime Infrastructure topology view is completely different rendering/visualization component, works in light web client either JSP or HTML 5 based.

Q:4 What is new in Prime Infrastructure 3.1 topology map?

In Prime infrastructure 3.1 users can visualize data center topology.

Data center topology provides the ability to use all links in the LAN topology by taking advantage of technologies such as virtual Port Channels (vPCs). vPCs enable full, cross-sectional bandwidth utilization among LAN switches, as well as between servers and LAN switches.

A port channel bundles up to eight individual interfaces into a group to provide increased bandwidth and redundancy.

A virtual Port Channel (vPC) allows links that are physically connected to two different devices to appear as a single Port Channel to a third device. The third device can be any other networking device.

Virtual Device Context (VDC) enables the virtualization of a single physical device in one or more logical devices

Q:5 What is ‘Topology Dashlet’ in Prime Infrastructure?

 Cisco Prime Infrastructure allows the user to add a “Topology Dashlet” to Overview dashboards. Topology dashlet shows the snapshot of network topology for a location or user defined group. User can select a group from edit options.

Q:6 How to add unmanaged devices and manual links to Prime Infrastructure topology maps?

 User can add unmanaged devices and links to topology maps in order to get a complete view of the network. For Example, If we have a link in our network that Prime Infrastructure cannot discover, we can manually draw the link in our network topology. The manually created link is a managed link because Prime Infrastructure retrieves the link status from the interfaces on the managed devices to which it is connected.

Q:8 Is it possible to view the AP and controller connectivity in Prime Infrastructure topology map?

No. The network topology map in Prime Infrastructure is only covering the directly managed network devices – routers, switches WLCs, etc. - APs are not shown on the topology map.

Q:9 Does Prime Infrastructure topology map can show the third party devices?

 Yes.3rd party devices (without the links connecting them) can be shown in Prime Infrastructure Topology Map.

Q:10 Is it possible to view VLAN/ spanning tree visualization in Topology map of Prime Infrastructure 3.1?

No. Prime Infrastructure topology map does not yet support VLAN/Spanning Tree visualization.

Q:11 Does Prime Infrastructure Topology map show the link status for each link (up or down, green or red)?

 Yes. Prime Infra Topology map allows the user to view the link status and Links will be decorated to indicate alarm status

Q:12 Is it possible to view current bandwidth utilization on the links in Topology map?

 No. Prime Infrastructure topology map will not show visualization of bandwidth utilization.

Q:13 What is“N-Hop” Topology view and how to launch it in prime Infrastructure ?

  As part of the Device 360 feature in Cisco Prime Infrastructure, a new “topology view” capability is available, which allows the user to see an “N-Hop” topology view for the device, showing the links and devices which are in close proximity to the device.

This can be seen anywhere you can launch the Device 360 tool. There is a new “Topology” icon located at the upper right hand corner that is used to select N-Hop view. You can then edit to select number of hops.

Q:14 Is it possible to create a link between two location groups in Prime Infrastructure Topology Map?

No. Cisco prime Infrastructure allows the user to draw a link between devices. It does not support link between two locations.

Q:15 Can we change the device icon as our own image in Cisco Prime Infrastructure Topology map ?

No. Cisco Prime Infrastructure does not support changing the device icon.

Q:16 Does Prime Infrastructure support use of LLDP 802.1Q sub interface information for topology maps?

No. Prime infrastructure does not support LLDP for topology maps. Support will be added in the future release.

Q:17 Does Prime Infrastructure Topology map detect inventory changes dynamically?

Yes. But Topology update for inventory changes requires “enabling event based inventory collection” in Prime Infrastructure. Ensure to check if this option is selected under the Administration -> System Settings -> Inventory menu.

Q:18 Does Prime Infrastructure supports STP( Spanning Tree protocol) topology Discovery?

No. Prime Infrastructure 3.1 does not support STP Topology discovery.

Q:19 Does prime Infrastructure topology map support creating un-managed link between Buildings and Sites?

No. Prime Infrastructure does not support links between group containers. It only supports creating un-managed link between devices.

Q:20 Is there a way to import an overlay map (like a google map) into the Topology map of Prime Infrastructure ?

There is no map overlay supported on Prime Infrastructure topology map.

Geo map views are available in Prime Infrastructure 3.1, but not Topology with geo map views.

Q:21 Does Prime Infrastructure 3.1 support exporting topology to Microsoft Visio?

No. This functionality is currently not available in Prime Infrastructure 3.1.

  

Assurance

Q:1 How do we setup path trace in NAM?

If your network uses NAMs to monitor network traffic, you must complete the following tasks to enable path tracing for both RTP and TCP traffic:

  • Add NAMs to the system. You can do this either automatically, using Discovery, or manually, using bulk import or Device Work Center.
  • Enable NAM Data collection. You can do this by choosing Administration > Data Sources > NAM
  • Create a Site structure for your organization and use Device Work Center to assign your principal routers to the appropriate Sites. You can do this by choosing Maps > Site Map  and adding one or more Campuses.
  • Associate your Sites with Authorized Data Sources. You can do this by choosing Administration > System Settings > Data Deduplication, and assigning authoritative data sources for Voice/Video.
  • Associate your Sites with Endpoint subnets. You can do this by choosing Services > Application Visibility & Control > Endpoint Association and then associating subnets with your Sites. If you fail to do this, then by default, the data collected by NAMs for these endpoints will have their sites set to “Unassigned”.
  • Configure your routers for Mediatrace and WSMA.
  • http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/user/guide/PathTrace.html#wp1057470

 

Q:2 What are the medianet devices supported for path trace without NAM in Prime Infrastructure 2.2?

Cisco 2900,3900 Series Integrated Services Routers and Cisco ASR 1000 Series Aggregation Services Routers.

 

Q:3 How can I Monitor performance baselines in my network?

Flow these steps to establish the standard performance characteristics of your candidate applications and sites before implementing WAN optimizations.

Select Dashboards > performance Click the Application tab. Use the dashlets on this page to establish the performance characteristics of your optimization candidates as currently configured.

 

Q:4 Where can I view my WAN related performance analysis summary?

For a report, select  Reports > Report Launch Pad. Then select Performance > WAN Application Performance Analysis Summary. Specify filter and other settings for the report and click Run.

 

Q:5 How do I get Multi segment WAN Traffic analysis in Prime Infrastructure 2.2?

Follow these steps to monitor WAAS-optimized WAN traffic. Select Dashboard > Performance > WAN Optimization > Multi-Segment Analysis

 

Q:6 How can I ensure consistent application experiences in my network using Prime Infrastructure 2.2?

User can use Cisco Wide Area Application Services (WAAS) devices and software help to ensure high-quality WAN end-user experiences across applications at multiple sites

The below link will have the detailed steps:

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/user/guide/consistentapp.html

Q:7 Can I capture packets automatically based on an event in Prime Infrastructure 2.2?

We can run the Prime Assurance Packet Capture feature against NAMs for each branch, then cross-launch the NAM Traffic Analyzer Packet Decoder to inspect the suspicious traffic. Select Monitor >Tools > Packet Capture and Click Create, to create a new capture session definition.

 Q:8 How to associate my endpoints with sites in Prime Infrastructure 2.2?

Endpoint-Site association rules allow you to associate all the devices on particular subnets to a Site profile, and (optionally) to specify the VLAN location and monitor data source for the devices on that subnet. Services > End point Association

 

Q:9 What would a customer need to do to take full advantage of the AVC (Application visibility and control) benefits of the ISR G2 AX bundles?

Buy Assurance Management licenses for all Netflow enabled devices.

 

Q:10 Can I create custom service applications in Prime Infrastructure 2.2?

Yes with Prime Infra 2.2 user has the Ability to create Custom Business Critical Applications

 

Q:11 Customer has a NAM 2220. What would need to use this with Prime infrastructure 2.2? Just a licensed device?

      Need Assurance Management license.  The minimum package would be sufficient.

Q:12 What are the different sources of data to Cisco Prime Infrastructure?

Cisco Prime Infrastructure consumes a lot of information from various different sources, including NAM, NetFlow, NBAR, Cisco Medianet, PerfMon, and Performance Agent

Q:13 How can the network administrator monitor and troubleshoot the network traffic using Cisco Prime Infrastructure?

Prime Infrastructure with licensed Assurance features makes it easy to actively manage and troubleshoot network problems using multiple NAMs and ASRs. The operator runs the Packet Capture feature against the NAMs or ASRs for each branch, then runs the Packet Decoder to inspect the suspicious traffic. This feature is available under Services > Application Visibility and Control > Packet Capture.

 Q:14 What are the supported Assurance Data sources?

Prime Infrastructure with Assurance needs to collect data from your network devices using the exported data sources.  For each source, the reference link shows the devices that support this form of export, and the minimum version of Cisco IOS or other software that must be running on the device to export the data.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/setup_tasks.html#pgfId-1057554

 

Q:15 When NAM Traffic monitoring is not available, how Cisco Prime Infrastructure gets the traffic flow data?

Where Cisco Network Analysis Module (NAM) traffic monitoring data is not available, Prime Infrastructure supports RTP path tracing using Medianet Performance Monitor and IOS NetFlow.

 

Q:16 What are the device types that support NetFlow data in Cisco Prime Infrastructure?

The device types which support NetFlow data in Cisco Prime Infrastructure is listed in the below link.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/setup_monitor.html#pgfId-1056427

 

Q:17 How to ensure that the Netflow data is collected?

To ensure that Prime Infrastructure can make use of NetFlow data, your network devices must:

• Have NetFlow enabled on the interfaces that you want to monitor.

• Export the NetFlow data to the Prime Infrastructure server and port.

 

Q:18 Whether it required enabling Netflow in VLANs explicitly?

It is not necessary to enable NetFlow on VLANs and Tunnels, as they are included automatically whenever we enable NetFlow on a physical interface.

 

Q:19 What version of Flexible Netflow is supported in Cisco Prime Infrastructure?

Prime Infrastructure supports Flexible NetFlow versions 5 and 9.

 

Q:20 What is the impact if multiple Netflow exporters are configured on the same router?

If multiple NetFlow exporters are configured on the same router, make sure that only one of them exports to the Prime Infrastructure server. If there is more than one exporter on the same router exporting to the same destination, it will risk data corruption.

 

Q:21 How to overcome the duplicate data populated, if there are data from multiple sources?

The Data Deduplication page allows you to specify a data source at a specific site. For example, if you have a Network Analysis Module (NAM) at a branch office as well as NetFlow data that is sent from the same branch, you can choose to have Prime Infrastructure display only the NAM or the NetFlow data for that site. Data deduplication can be enabled from Administration -> System Settings -> Choose Data deduplication from the left sidebar menu.

 

Q:22 What is the functionality of Application Visibility and control in Cisco Prime Infrastructure? 

The Application Visibility feature allows the user to monitor traffic on specific interfaces and generate performance and bandwidth-statistics reports that supply information to the various dashlets and reports in Prime Infrastructure. Devices send these reports to Prime Infrastructure, and each report supplies information to a subset of the Prime Infrastructure dashlets and reports. Prime Infrastructure can configure Application Visibility either through CLI (over Telnet or SSH) or through WSMA.

Application Visibility can be configured through WSMA in a more efficient and robust method and we recommend that you use the WSMA protocols for configuring Application Visibility

 

Q:23 Using Cisco Prime Infrastructure, can we provision QoS in a router by a single click?

Yes. User has to navigate to Monitor > Network Devices and selects and finds the router for which QoS needs to be configured.

In configuration, the user has an option Quality of Service in the left hand menu.

The user on selecting the QoS has the ability to view the list of interfaces and also, if QoS is configured on the interfaces.

For interfaces on which QoS is enabled, the user must be able to see a read only version of the QoS configured on the interface

For interfaces on which QoS is not configured, the end user must have the ability to select the interface and enable 5/8/12 class QoS policy on the ingress or egress of the interface

QoS policy is pushed to the device instantaneously

 

Q:24 Can we bulk provision QoS on one or more interfaces on one or multiple routers? 

Yes. It is possible to configure QoS on multiple devices. User has to navigate to Configuration > Templates >Features & Technologies. Then select QoS templates.

The end user can name the template and save it for deployment.

On deployment, the system pushes the QoS template on the devices selected for the interfaces that are part of the port group for which the QoS policy is deployed

 

Q:25 Can we configure the Mediatrace in the Switches and Routers using Cisco Prime Infrastructure? 

Prime Infrastructure supplies an out-of-the-box template that configures Mediatrace on routers and switches. You must apply this configuration to every router and switch that you want to include in your results whenever you are tracing service paths.

 

Q:26 Can we trace service path details in Cisco Prime Infrastructure? If so, how? 

To trace service path details, the Web Services Management Agent (WSMA) over HTTP protocol must run Mediatrace commands on your routers and switches. Configure this feature on the same set of routers and switches where Mediatrace is configured.

 

Q:27 Is WSMA over http and https protocols are supported in Prime Infrastructure 2.2?

WSMA over HTTP is supported in PI 2.2; however WSMA over HTTPS is not supported in the current version of Prime Infrastructure.

 

Q:28 Does PI 2.2 have the ability to identify the routers which are AVC capable?

AVC Readiness Assessment feature have the ability to do an analysis across the entire network and be able to identify all of the routers that are

1) AVC capable

2) AVC capable with an IOS image upgrade

3) AVC not capable

 

Then the user has the ability to select the list of devices that need image upgrade and must be able to update the image to an AVC compliant version.

 

Q:29 Which platforms support Application Visibility feature?

• ASR platform from Cisco IOS-XE Release 15.3(1)S1 or later

• ISR G2 platform from Cisco IOS Release 15.2(4)M2 or later

• ISR G3 platform from Cisco IOS-XE Release 15.3(2)S or later

• CSR platform from Cisco IOS-XE Release 15.3(2)S or later

 

Q:30 When migrating data from previous release of Cisco Prime Infrastructure, does it require an assurance license?

After restoring Prime Infrastructure 1.4.x or 2.1.x on a new Prime Infrastructure 2.2 virtual machine or hardware appliance, you need to rehost your Assurance license only. All other licenses are automatically applied to the new server. For new license requests, email licensing@cisco.com.

 

Q:31 Is there any particular assurance data which is not migrated during upgrade?

When you move your data to Prime Infrastructure 2.2, the following Assurance data is not migrated:

Raw NetFlow information

Custom NetFlow reports

Packet capture files

Processed non-aggregated data, such as PFR data and URLs.

 

Q:32 How Cisco Prime Infrastructure learns about protocol pack updates and how to update it? 

The protocol packs are available through the Prime software update site or Prime points to the protocol pack update site and checks for update. They are downloaded as a software update.

The protocol pack is updated along with maintaining the update version in the Application and Services dashboard. The end user must be able to filter based on the protocol pack to see the list of applications (difference from the previous protocol pack version – What’s new/updated).

 

Q:33 How Prime Infrastructure display the application and service health issues based on the key metrics identified?

Using the baseline means and standard deviations, Prime Infrastructure can monitor application and service health issues by detecting abnormal deviations of key metrics from their baselined values and assign a health scores (red, yellow, or green) for each application and site for each monitoring interval:

 - A red score indicates a highly abnormal deviation from baseline (deviations from baselines with a probability of less than 0.1%).

- A yellow score indicates a mildly abnormal deviation (deviations with a probability of less than 1%).

- A green score indicates that the metric is within its normal range

- A gray score indicates there is insufficient data for a site/application.

 

Q:34 What is the different performance reports supported in the Cisco Prime Infrastructure? Is it customizable and what is the report view that is displayed?

There are various Performance reports that you can generate in Prime Infrastructure. The details are listed in the link

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/reps.html#pgfId-1060903

 

Q:35 Does Prime Infrastructure support netflow for nexus devices and ASR 9000?

No. Prime Infrastructure does not support netflow from any of the nexus devices and ASR 9000. The reason is that PI does not support sampled netflow which is what the nexus devices and ASR 9000 support. Also, user still can point the netflows from the Nexus to PI, but the data would be incorrect, since PI thinks it is a regular Flexible Netflow and does not take into account the sampling part.

Q:36 Can we disable the default Application visibility for an interface?

Yes, we can enable or disable the default Application visibility feature in an interface. When a new application visibility template is created, it will overwrite the default application visibility configuration that was enabled from the Device Work Center.

 

Q:37 How to upload NBAR2 Protocol pack in Prime Infrastructure 2.2?

Prime Infrastructure provides an easy way to upload the NBAR2 protocol packs and push them to the devices. Through these protocol packs, users can have the latest set of applications that the router can classify.

Browse to Services> Application Visibility and Control > NBAR2 Protocol Management to do this.

 

Q:38 How to view the QoS Policies that has been applied to particular interface in Prime Infrastructure 2.2?

Prime Infrastructure allows the user to view the current QOS policies applied to that interface in the Interface Details dashlet. There is also a new “Top QOS Class Map Statistics Trend” dashlet which can quickly depict how the current QOS policy is affecting the applications, based on which the user can make changes to the existing QOS policies.

 

Q:39 How to modify the QoS Policies that has been applied to the particular interface?

 User can modify the QOS configuration from the Interface Detail Dashboard itself. The hyper link to the QOS policy gets you to Services > Application Visibility and Control > AVC Profiles. Here you can make modifications to the QOS policies and save them.

At this point, these edited policies have not yet been deployed on the device. In case a modified QoS Policy is being used by any of the devices added to Prime, "some devices are out of sync" message will appear at the top including a hyper link to Services  Application Visibility and Control  Interfaces Configuration; click "Update Devices QoS" and select the devices on which you would like to apply these newly edited QOS policies. This will now push the QOS configurations on to the devices chosen.

 

Q:40 Does the 'Top N WAN interfaces by Utilization' dashlet require an Assurance license to populate data in Prime Infrastructure?

The ‘Top N WAN interfaces by utilization’ dashlet does not require assurance license. Data will be populated using SNMP polling. But before that Interface monitoring templates needs to be deployed on all the WAN interfaces

 

Q:41 Do we have any general sizing guidelines for implementing the Assurance component of Prime Infrastructure?

There is no recommendation on number of flows/AP basis. The only way to find out is to turn them on and Prime Infrastructure can tell us how much of flows it is processing. User can start with the basic 20K flows/sec if it exceeds then user can add the collector license which scale up to 80K flows/sec.

Q:42 What is baselining with respect to Prime Infrastructure Assurance?

There are two types of base lining within Prime Infrastructure. Interface and   Application. Interface baselining is purely based on SNMP polling. Mean value will be calculated and compare the current value with the mean and report based on that .Application baselining is based on Netflows/AVC data.

 

Q:43 Can Netflow information be used to form a baseline of “normal” usage and can alerting be created?

Yes.The netflow data can be used for baselining and alarms can be generated.

 

Q:44 What exactly does the prime assurance license enable in prime infrastructure?

 The Assurance license enables the netflow capabilities of Prime Infrastructure.  This allows the devices to send netflow to PI and it will be able to process and show application details based on the content of the flow.  Without the license you are limited to the capabilities of Lifecycle license, which is device management

Q:45 How to Monitor Performance Routing (PFR) in Prime Infrastructure 3.0?

Cisco Prime Infrastructure 3.0 Supports PFR Monitoring. Navigate to Services > Application Visibility & Control > PfR Monitoring. Here you can monitor Performance Routing.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/perform_rout.html

Q:46 Is there any way to change the default neflow port number 9991 in Prime Infrastructure?             

No. Cisco Prime Infrastructure is designed to listen on 9991 for netflow. There is no mechanism available right now to change this port.

Q:47 How to deploy the custom applications to multiple managed routers?

Follow the below steps to configure this.

Step 1 :Navigate to  Services > Application Visibility & Control > Applications and Services.
Step 2 :  create the custom application.
Step 3 : select that custom application and click on “Deploy” button at the top.
Step 4: Select all the routers.

Q:48 Does Prime Infrastructure 3.x support Sampled netflow?

No. Prime Infrastructure 3.x  does not support sampled netflow. Also there is no plan to support it in any Prime Infrastructure release in future.

Wireless

Q:1 How can I troubleshoot Un-joined access points in Prime Infrastructure 2.x?

The Un-joined AP page displays a list of access points that have not joined any wireless controllers.

Select Monitor > Wireless technologies > Unjoined APs. And click Troubleshoot

 

Q:2 Do we have any Location accuracy tools available in Prime Infrastructure 2.x?

The Location Accuracy Tools enable you to run either of the following tests:

There are two ways to test location accuracy:

• Scheduled Accuracy testing—Employed when clients, tags, and interferers are already deployed and associated to the wireless LAN infrastructure. Scheduled tests can be configured and saved when clients, tags, and interferers are already pre-positioned so that, the test can be run on a regularly scheduled basis.

• On-Demand Accuracy Testing—Employed when elements are associated, but not pre-positioned. On-demand testing allows you to test the location accuracy of clients, tags, and interferers at a number of different locations. It is generally used to test the location accuracy for a small number of clients, tags, and interferers.

 

Q:3 How to add Site profiles in Prime Infrastructure 2.x?

There are two areas in which you can set up and change sites:

• Maps > Site Maps—Create a new site and change an existing site.

• Inventory > Device management >Network devices—If a site has previously been created, you can add devices to the site by clicking, Add to Site from Network Devices page.

 

Q:4 How to configure migration analysis for wireless controllers in Prime Infrastructure 2.x?

A user can Choose Monitor > Tools > Autonomous AP Migration Analysis to launch the Migration Analysis Summary page.

 

Q:5 How to configure a WIPS profile in Prime Infrastructure 2.x?

A new WIPS profile can be created using the default or a pre-configured profile. Select, Services > Mobility Services > WIPS Profiles.  When the WIPS Profiles page appears, choose Add Profile.

 

Q:6 Can a user import maps from WCS or NCS to Prime Infrastructure 2.x?

If you have already created maps for the wireless network in a previous version of WCS or NCS, you can export from those applications and import the information into Cisco Prime Infrastructure as well. You can go to Maps > Site Maps> Import Maps > Choose File

Once the file has been uploaded, all the maps will be automatically created by Cisco Prime Infrastructure.

Q:7 How to create WLANS using Cisco Prime Infrastructure 2.x?

Configuration groups are used when grouping sites together for easier management (mobility groups, DCA, and regulatory domain settings) and for scheduling remote configuration changes. Configuration groups can be accessed from Configuration > Templates > Controller Configuration Groups where WLANS can be created

 

Q:8 How can we build an RF profile in Prime Infrastructure 2.x?

With Cisco Prime Infrastructure you can approach building or managing an RF profile. Choose Configure > Controllers, then click the IP address of the controller and choose 802.11 > RF Profiles in order to access profiles for an individual controller.

 

Q:9 What are the various Site Map formats supported by Prime Infrastructure 2.x?

XML Format, WLSE Map and AP Location Data are the formats supported in Cisco Prime Infrastructure 2.2

 

Q:10 Do we have a wireless coverage planning tool in prime infrastructure 2.x?

The built-in planning tool provides a way for network administrators to determine what is required in the deployment of a wireless network.

1.  Specify the AP prefix and AP placement method (automatic versus manual).

2. Choose the AP type and specify the antenna for both the 2.4 GHz and 5 GHz bands.

3. Choose the protocol (band) and minimum desired throughput per band that is required     for this plan.

4. Enable planning mode for advanced options for data

 

Q:11 What are the various wireless remediation tools available in Prime Infrastructure?

The following tools available within Cisco Prime Infrastructure may be used in order to   remediate wireless issues:

• Cisco Clean Air

• Client Troubleshooting

• AP Troubleshooting

• Audit Tool

• Security Dashboard

• Switch port Tracing (SPT)

• Apart from these key tools, you can find more tools by navigating to Monitor > Wireless Technologies > Tools

 

Q:12 How many WIPS threat conditions are supported by Cisco Prime Infrastructure 2.x?

Cisco Adaptive Wireless IPS alerts the user on more than 100 different threat conditions over many categories

 

Q:13 Can I create Spectrum Experts to act as a remote interference sensor using Prime Infrastructure?

A spectrum expert client acts as a remote interference sensor and sends dynamic interference data to Prime Infrastructure. This feature allows Prime Infrastructure to collect, monitor, and archive detailed interferer data from spectrum experts in the network.

To configure spectrum experts, choose Services > Mobility Services > Spectrum Experts.

 

Q:14 How can I monitor RFID Tags using Cisco Prime Infrastructure?

The Monitor > RFID Tags page allows you to monitor tag status and location on Prime Infrastructure maps as well as review tag details. This section provides information on the tags detected by the location appliance.

 

Q:15 How can I audit the group templates on the configuration groups on the controllers?

The Config Groups Audit page allows the user to verify if the configuration complies of the    controller with the group templates and mobility group. During the audit, you can leave this window or log out of Prime Infrastructure.

Choose Configuration > Templates > Controller Configuration Groups.

Step 2 Click a group name in the Group Name column, then click the Audit tab.

 

Q:16 Can I configure a guest account in Prime Infrastructure 2.2 with unlimited lifetime on 3850 and 5760 wireless controller?

When you configure a guest account with unlimited lifetime, for Catalyst 3850 Switches (Cisco IOS XE 3.2.1) and Cisco 5760 Wireless LAN Controllers, the maximum time period that the guest account will be active is one year.

Q:17 Can we change mobility roles on Cisco 3850 switches using Prime Infrastructure 2.x?

By default, Cisco 3850 controllers act as MAs. These controllers can be converted to MCs if MCs are needed in the network.

To change a mobility role: Choose Services > Mobility Services > Mobility Domain

Q:18 Can we create guest anchor Guest Anchor Controller for a WLAN for 3850 and 5760 wireless controllers?

The guest anchor controller is a controller dedicated to guest traffic, and is located in an unsecured network area, often called the demilitarized zone (DMZ). The Cisco 5760 controller can be a Guest Anchor whereas the Catalyst 3850 switch cannot be a guest anchor but it can be a foreign controller.

 

Q:19 Can I use both Classic and lifecycle views to add or configure 3850 and 5760 wireless controllers into cisco prime infrastructure?

You cannot add or configure Cisco Catalyst 3850 Series Switches or Cisco 5700 Series Wireless LAN Controllers using the Classic view. To add or configure these devices, use the Lifecycle view.

 

Q:20 How to monitor wireless interferer in Prime Infrastructure 2.x?

The Monitor > Interferers page allows you to monitor interference devices detected by the CleanAir enabled access points.

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/maint_wireless_optools.html#wp1154046

 

Q:21 Is Controller redundancy configuration supported in Prime Infrastructure 2.x?

Yes, it is supported only for 5500, 7500, 8500 and Wism2 controllers.

 

Q:22 How can we get the Device Classification information discovered by the WLCs in Cisco  prime Infrastructure 2.x?

                 User can get the device classification information from “clients and users tracking “table and also from the user 360 view. Follow the below link for reference.

            https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7- 5/NativeProfiling75.html

 

Q:23 How to link a RF-Profile to an AP-Group in prime Infrastructure 2.x?

                       Navigate to Configuration > Templates > Feature and technologies > Controllers > WLANs >   AP Groups. This AP Groups template has “RF Profile” tab for mapping RF profile.

 

Q:24 In Cisco prime Infrastructure wireless maps, is it possible to sync proposal APs into floor view page without adding MAC IP address?   

        No.In Cisco Prime Infrastructure, Access point (AP) from planning tool cannot be added to floor map.  To add AP’s to floor map, the AP should be joined to WLC and discovered by Prime Infrasturcture.Once AP’s are in Prime Infrastructure, they can be added to floor map. Also site survey maps can be exported from Air Magnet/Ekahau site survey tools and imported into Prime Infrastructure.

 

Q:25 Does Cisco Prime Infrastructure integrate with Spectrum Expert Wi-Fi for mapping/interference functionality?

     Yes. Spectrum Expert (SE) and Clean Air require access points that support Clean Air mentioned in the below link.

      https://www.cisco.com/c/en/us/solutions/enterprise-networks/cleanair-technology/index.html

       Spectrum Expert (SE) software can be cross-launched from Prime Infrastructure by navigating to Services >Mobility Services > Spectrum Expert (SE)

      http://goo.gl/0wEVcq

     MSE is required for event correlation, interferer location. Follow the below link for reference.

     http://blogs.cisco.com/cin/deploying-the-mobility-services-engine/

 

Q:26 Does Prime Infrastructure support DWF file format for importing floor maps?

No.DWF file format is not supported for importing floor maps.  Supported file formats are listed in PI documentation.

 Follow the below link to view the document.

 https://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-1/configuration/guide/pi_21_cg/maps.html#76374

Q:27 What are the WLAN features enhanced in Prime Infrastructure 2.2?

              Following are some of the new supported features and enhancement with wireless in Prime   Infrastructure 2.2

Wireless Configuration Features 7.4

Policy Classification Engine

Client SSO

PMIP IPV6 enhancements

Rogue enhancements

Detect Dead Radios

Guest Description

Flex Connect Audit Support

Sleeping Client

PEAP/EAP-TLS on AP in Flex standalone mode

802.11w

DHCP Proxy in WLAN Config

LED provision on AP

Panasonic .1x & Web Auth.

Proactive Capacity Alarm for RFID, Clients, APs

FlexConnect VLAN Config within FlexConnect Groups

Wireless 8.0 Features

Full IPv6 Support

Certification (Client auth using OCSP, IPsec)

Bonjour – Phase 2 (Client enablement)

 

Q:28 Does Prime Infrastructure support a WLC-HA cluster?

   Prime Infrastructure provides WLC -HA support for monitoring redundancy status via below ways:

- There is a customizable “Redundancy” column for each WLC in Configuration >Network Devices > Wireless Controllers Device Group.  From here, one can see if redundancy is enabled/paired/disabled state for the WLC.

- The "Redundancy - Redundancy States" Monitoring page can also be viewed from Device Details Tab which is displayed after selecting any WLC, which displays some key attributes such as Local State / Peer State / Unit (i.e. Primary / Secondary), Redundancy management IP, etc.

- The same page can also be viewed from Classic View via Monitor > Controller "x.x.x.x" > Redundancy > Redundancy States.

 

Q:29 What is converged access Workflow in Cisco prime Infrastructure 3.0?

In Cisco Prime Infrastructure, the converged access configuration wizard provides the following three unique deployment workflows each providing flexibility to automate configuration to self-deploy end-to-end converged access solution in various Enterprise-class deployment models.

  • IOS-XE Controller - Small Network
  • IOS-XE Centralized Wireless Network
  • IOS-XE Controller - Large Network

To successfully deploy the Converged Access solution using Cisco Prime Infrastructure wizard, a minimum set of configuration must be applied as prerequisite on selected system and at network.

Refer the below link for Prerequisites.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/converged_access.html#pgfId-1088810

Q:30 Is there any best practice with max number of access points recommended per floor?

There is no hard limit to the number of APs that can be added to a floor area. For optimal performance it is recommended to have not more than 100 APs per floor area.

In case there are more APs on a floor, we recommend creating multiple floor areas and design the Site maps in accordance. 

Q:31 Is it possible to get statistics in Prime Infrastructure for each single SSID per AP when we have several SSIDs per AP?

In Prime Infrastructure user can generate Client count report for specific SSID per AP. Application reporting, Data rate, Error and other metrics are based on per client or AP – not per SSID.

Q:32 what license is required to detect the rogue APs in Prime Infrastructure?

There is no additional / special license required for rogue detection in Prime Infrastructure.

MSE is a required component for rogue detection/mitigation solution. MSE is a separate product and licensed accordingly. Wireless rogue management (detection, classification, mitigation) is covered extensively in the following document.

Q:33 What are the new Wireless features in Prime Infrastructure 3.1?

Following are some of the new supported features and enhancement with wireless in Prime Infrastructure 3.1.

Bulk AP Replacement

Enhancement in DCA Templates

AP health Index

ISE 2.0 Integration

Ability to export Client association history records from Client details page

Migration of background tasks to Wireless System Jobs

Location/Site based Lightweight AP template deployment

Combined AP Radio Downtime report to cover both Autonomous Aps & Unified Access Points

Hyper location, BLE and HALO module support on Polaris 16.2

Support for new AP – IW3700

http://goo.gl/VyxeRd

Monitoring

 

Q:1 Does Cisco Prime Infrastructure 2.x support IPSLA Probe provisioning? Also can PI 2.x do IPSLA Reporting (Trending over a period of 15min, 1hr, 1day, 1week, 1month)

  IPSLA isn't supported yet in Prime Infrastructure.  Please use Prime LMS 4.2 for this.

 

Q:2 Can I use an external MIB file in Prime Infrastructure 2.x?

User can go to Monitor>Monitoring Policies > Add >Policy Types>Custom MIB polling >Upload MIB

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/user/guide/create_temp_mon.html#wp1066507

 

Q:3 How can I monitor Interferences in my wireless network?

In the Monitor >Wireless Technologies > Interferers page, user can monitor interference devices detected by Clean Air-enabled access points. By default, the Monitoring AP Detected Interferers page is displayed.

 

Q:4 List out the enhancement that has been added on Cisco Prime Infrastructure 2.2 Site Maps?

 Performance enhancements have been done in Cisco Prime Infrastructure 2.2 sitemaps. Also

 Following are the list of enhancements that has been added.

Zoom improvements 133% to 1052%

 Faster loading of maps

AP placement in maps

 Intelligent user-specific caching

 

Q:5 Can I open a TAC case from the events bar in Prime Infrastructure 2.x?

If user receive an alarm in  Alarms & Events, he can use Prime Infrastructure to view discussion forums on the Cisco Support Community. By viewing and participating in the Cisco Support Community forums, user can find information that can help to diagnose and resolve problems. User must enter your Cisco.com username and password to view and participate in the Cisco Support Community forums.

 

Q:6 Can user track or disable clients in the network using prime Infrastructure 2.x?

In Cisco Prime Infrastructure, User can track, monitor the status of the clients, disable or remove the clients using Monitor > clients and users page.

 

Q:7 Can user test client connectivity in prime Infrastructure 2.x?

Yes. User can monitor the status of the connection, verify the current and past locations of a user, and troubleshoot client connectivity problems on Monitor > Clients and Users page

 

Q:8 How can we troubleshoot Un-joined Access Points using Prime Infrastructure?

When a lightweight access point initially starts up, it attempts to discover and join a wireless LAN controller. After joining the wireless controller, the access point updates its software image if needed and receives all of the configuration details for the device and network. Until the access point successfully joins a wireless controller, it cannot be managed by Prime Infrastructure, and it does not contain the proper configuration settings to allow client access. Prime Infrastructure provides you with a tool that diagnoses why an access point cannot join a controller, and lists corrective actions.

 

Q:9 Do we have any client troubleshooting Test analysis tool for CCXv5 Clients?

CCXv5 clients are client devices that support Cisco Compatible Extensions version 5 (CCXv5). User can access the troubleshooting capabilities for these clients in the Test Analysis section in client troubleshooting workflow

 

Q:10 How do I pinpoint Device packet loss and jitter on RTP conversations?

           User can trace the path between Source and Destination and can pin point the problem using medianet trace feature in Cisco Prime Infrastructure.

 

Q:11 Does Prime Infrastructure 2.x support embedded packet capture for ASR?

Yes. Cisco Prime Infrastructure supports embedded packet capture for ASR

 

Q:12 What is User 360 and what is the information we can get?

User 360 in Prime Infrastructure can be used to quickly isolate and fix end-user or end-point issues

 

Q:13 Are there any plans to include any L2 trace route capability ? Similar Path Trace in LMS?

Prime Infra does support the ability to do a Path Trace (for L3 and L2) of voice and video traffic, but that requires both that the devices have IOS media trace capabilities.

LMS Path Analysis was an attempt to guess the L2 path based on the L2 topology we have, but in fact that was really only able to show a possible/likely path (based on shortest traversal of the L2 topology), and didn't actually have any way to know or predict what the path really was or would be.

Q:14 Is there any way in Cisco prime infrastructure to un-manage the unwanted interfaces/ports? (If we don’t want to monitor all the interfaces/ports on devices)

               In Cisco Prime Infrastructure, Port Groups can be configured and Monitoring templates can be deployed for those Port groups, so that only those interface/ports get monitored.

 

Q:15 What is Performance Graphs in Cisco Prime Infrastructure 3.0? How to create it?

In Cisco Prime Infrastructure 3.0, Performance graphs are used to compare the Key Performance Indicators (KPIs) for devices and interfaces. User can create performance graphs by navigating to Monitor > Monitoring Tools > Performance Graphs.

Refer the below link for more information.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/perfgraphs.html#pgfId-1068805

Q:16 Does Prime Infrastructure has the ability to detect broadcasting on switches in the networks?

Prime Infrastructure3.0 has interface monitoring policies to detect broadcasting.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/mon-pol-thresh.html#pgfId-1085693

Compliance (Configuration Baseline Audit)

Q:1 Whether Compliance Audit will get enabled by default Prime Infrastructure 3.0?

By default, compliance auditing is not enabled.

To enable compliance auditing, choose Administration > Settings > System Settings > General >

Server, then enable Compliance Settings.

Q:2 What are the steps to follow to perform compliance auditing in Prime Infrastructure 3.0?

To perform a compliance audit against the devices in your network, complete the following steps:

  1. Define a compliance policy, which includes rules, conditions, and fixes.
  2. Create a policy profile, which contains a set of policies you want to run against your device(s).
  3. Run the policy against the specified device(s), either immediately or at a specified time.

Prime Infrastructure compares the device’s running configuration, or any show commands, with the

Content specified in the policy, detects any violations, and creates a report.

  1. View the audit compliance report to view and fix any violations.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/compliance.html

Q:3 What is the limitation/mandatory fields that needs to be provided in Compliance Policy?

Once the compliance policy is created, user must specify rules within the policy and define the conditions and the relevant fixes for any violations.

Rules are platform-specific. Each policy must contain at least one rule; however, there is no limitation on the number of rules user can define for a policy.

Q:4 What is a Policy Profile in prime Infrastructure 3.0?

A compliance policy profile is a collection of policy group to target device associations. The policy profile also defines when the audit should be run and notifications and events to generate

Q:5 Whether System Policy files are editable in prime Infrastructure 3.0 ?

No. User cannot edit and save a System Policy Group. Hence, save option will be disabled for System Policy Group.

Q:6 What are the supported formats of compliance reports in prime Infrastructure 3.0?

Either PDF or CSV format is provided. Click on the export icon in the report screen to export.

Q:7 What Compliance Engine does in prime Infrastructure 3.0?

  1. a) Runs the compliance check for the devices.
  2. b) Generates the Compliance and Audit Reports for the devices.

Q:8 What is Policy Group and Compliance Rules in prime Infrastructure 3.0?

A compliance policy group is a collection of one or more compliance policies

Compliance Rules check for discrete conditions in a configuration file, a configuration block, or output of a command

Q:9 What is the Purpose of performing Compliance Auditing in prime Infrastructure 3.0?

Using the Compliance Feature, users will be able to: - Create/edit/delete Compliance Policy Group (associate set of policies) - Create/edit/delete Compliance Policy Profile(associate devices to policy groups) - Check for compliance against Compliance Policy Profile and fix them on any compliance violation seen.

Q:10 What are the available compliance policies in Prime Infrastructure 3.0?

There are System defined policies available, which can only be mapped in the Policy Profile selector. Whereas, there is one more named User defined policy, where the customized policy can be listed in this category. User can define set of policies with the configuration to be audited for compliance.

Q:11 Does Prime Infrastructure 3.0 support PSIRT & EOX reports?

Yes, PSIRT & EOX reports are supported

Q:12 What are PSIRT & EOX reports in in prime Infrastructure 3.0 Compliance Audit?

User can run a report to determine if any devices in your network have security vulnerabilities as defined by the Cisco Product Incident Response Team (PSIRT). It can also view documentation about the specific vulnerability that describes the impact of vulnerability and any potential steps needed to protect your environment.

 

User can run a report to determine if any Cisco device hardware or software in their network has reached its end of life (EOX). This can help user to determine product upgrade and substitution options.

Q:13 Is it possible to generate weekly or monthly change audit reports in prime Infrastructure 3.0?

Yes, reports can be generated on minute, hourly, daily, weekly, monthly and on yearly basis Please describe different Job status available for Compliance Policy reports.

Choose Configuration > Compliance > Jobs to view the status of scheduled jobs and view any violations. There might be several different compliance policies running on a single device.

Q:14 What is a compliance policy in prime Infrastructure 3.0?

A compliance policy is a set of CLI commands that define a desired baseline or expected configuration.

Step 1 Choose Configuration > Compliance > Policies.

Step 2 Click the Create Compliance Policy icon.

Step 3 Enter a title and description, and then click Create.

User can now create policy rules for the policy.

Q:15 Does the compliance could run only in the running configuration?

Once a compliance profile is created, user can choose the devices on which to run it. Prime Infrastructure creates a job with the name of the compliance profile. It is not necessarily on running configuration. User can able to use the configuration option to run the policies in PI3.0

Use Latest Archived Configuration—if you choose this option, Prime Infrastructure uses the latest backup configuration in the archive. If the backup configuration is not available, the device is not audited and is marked against non-audited devices.

Use Current Device Configuration—Prime Infrastructure polls for the latest configuration from the device and then performs the audit. If a Show command is used in the compliance policy, the output of the Show command is taken from the current device configuration.

Q:16 Whether a Compliance Job can be suspended in prime Infrastructure 3.0?

Yes, User is allowed to pause the job and schedule in the future. Whereas, cannot suspend a job that is running.

Q:17 If a violation rose, whether Prime Infrastructure 3.0 allows the user to fix with the actual configuration?

Yes. Prime Infrastructure allows user to fix any compliance violations that appear on devices.

Q:18 Describe the steps involved in fixing the violations, if generated in Prime Infrastructure 3.0

Step 1 Choose Configuration > Compliance > Jobs, then click the Audit Jobs tab to view the status of the jobs.

Step 2 Click Failure under the Last Run Result column for any job in which compliance violations were found. Prime Infrastructure displays the status of all policies that were run as part of the compliance audit. The Ignore Count column indicates the number of devices for which the specified policy is not applicable and therefore, was not validated against.

Step 3 Click Next to view the devices on which the compliance violation appears.

Step 4 Click the down arrow to expand the device name to view the policy for which there is a violation. When a device’s configuration contains a compliance violation, a check box appears when:

  • There is an available CLI fix for the device.
  • There is no job currently running to fix the violation.

Step 5 Select the box next to the policy for which you have defined and want to apply a fix, and then click next.

Step 6 Preview the fix commands that were previously defined in the policy, then click Next.

Step 7 Select the schedule for applying the configuration changes to the device, then click Schedule Fix Job.

Q:19 Does regulatory compliance policy templates (PCI-DSS, HIPAA etc.) built into Prime Infrastructure 3.0?

No.Regulatory compliance policies not included as part of Prime Infrastructure 3.0 release. It will be included in our future release.

Q:20 Can we export the rules and policies off-box to use on other installations?

Yes, Prime Infrastructure allows the user to export or import rules in xml format.

Q:21 Is there any dashboard to view compliance audit violations In Prime Infrastructure 3.0?

No.There is no specific dashboard to view compliance violations in Prime Infrastructure 3.0.

Q:22 How does the compliance audit job run when it is defined in recurrence?

Compliance audit job creates a job Id with start and end time. Thus the compliance audit runs as recurrence job detailing the failures and success etc.

Q:23 Define the parameters used within the block options or conditional match criteria?

Below is the list of Block Options

Parse as Blocks

Checking this option enables you to run conditions on specific blocks (as defined in this section) in running configuration files. This option is enabled only if you selected Configuration in the Condition Scope option.

Block Start Expression

This field is mandatory if Parse as Blocks option is enabled. This must be a regular expression. Rule inputs and Grep outputs can be used here.

Block End Expression

This field is optional. By default, blocks end when the top-level or a sub-level command begins. If you prefer to break the block earlier, enter the value as a regular expression.

Rule Pass Criteria

Check the option, as required. If you select:

  • All Sub Blocks—The rule is marked a success only if all the blocks fulfill the specified condition.
  • Any Sub Block—The rule is marked a success even if one of the sub blocks fulfill the condition.
  • Raise One Violation for Each Failing Instance—If you check this option, the violation count specified in the Job view increases by as many number of violations as the condition encounters in each block.

Q:24 Is it possible to modify/view the system defined policies? Is there any roadmap on enhancing that option?

No.System defined policies only allowed to edit the rule input or change the rule within the compliance policies.

Q:25 Will there be any library of policies like HIPAA, PCI, and DISA STIG?

No.This is not supported in prime Infrastructure 3.0.

Q:26 Shall I run Configuration Compliance Audit for Wireless LAN Controller?

Yes .In Prime Infrastructure 3.1, user can define the device configuration baselines and audit policies for AireOS Wireless LAN Controllers. You can find and fix any configuration violations in the Wireless LAN Controller. You can also schedule compliance audit against multiple controller configurations and generate an audit report that indicates if any configuration deviates from the specified baseline.

Faults/ Alarms / Alerts/Events

 

Q:1 How to define Threshold parameters in Prime Infrastructure 2.x?

User can make use of monitoring templates to define thresholds. When the thresholds you specify are reached, Prime Infrastructure issues an alarm.

In PI 2.1 Navigate to Design > Monitor configuration> Choose Appropriate Template

In PI 2.2 Navigate to Monitor > Monitoring Policies > Choose Appropriate Template

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/create_temp_mon.html#wp1064881

 

Q:2 Can I define Alarm Severity Levels in Prime Infrastructure 2.x?

To configure the severity level for newly generated alarms: Choose Administration > System Settings. From the left sidebar menu, choose Severity Configuration.

 http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/ManageData.html#wp1058548

 

Q:3 How to Change Alarm status in Prime Infrastructure 2.x?

User can remove an alarm from the list of alarms by changing its status to acknowledged or cleared. No e-mails will be generated for these alarms.

    In PI 2.1 Choose Operate > Alarms & Events.

    In PI 2.2Choose Monitor > Alarms & Events.

    Choose Change Status > Acknowledge or Clear

 

Q:4 Does cisco prime Infrastructure can alert when a non-authorized device is connected to the network. If so, is it through a report or by an alarm/trap.

  There is no such report or capability to report on unauthorized devices today, but we are looking at ways to enhance how we discover devices and make decisions about whether to manage them or not.

 

Q:5 What polling intervals does Prime Infrastructure 2.x support?

User can specify intervals ranging from 1Min to 12 Hours.

 

Q:6 Is it possible to have SNMP traps forwarded from Prime Infrastructure to additional SNMP monitoring?

This is not supported in Prime Infrastructure and no plans to do that at this time. User can  configure the “Notification Receiver” option which allows PI to forward alarms as SNMP traps.  PI generate alarms based on polling, received SNMP traps and received SYSLOGs. These alarms are categorized and then can be forwarded as traps to a third party trap receiver (in this case, to a TT system).

 

Q:7 Is it the normal behavior of Cisco Prime Infra, to generate a critical alert when AP 3700 is powered with 15W?

       Yes. It’s a normal behavior. If the access point draws low power from the Ethernet, Prime Infrastructure will generate a critical alarm.

 

Q:8 Does Cisco Prime Infrastructure has any capability for automatically opening tickets when the device goes down?

      Prime Infrastructure offers a fully documented REST-based API to get access to the data inside. Any external system can use the REST API to get information about alarms and devices in Prime Infrastructure. Also it can be programmed to raise a ticket when Prime Infrastructure sends certain northbound events. But that is not quite the same as "automatically opening tickets ".

 At this time there is no capability for automatically creating a trouble ticket on an exterior (northbound) ticketing system. REST API documentation is available in the below link.

     http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

 

Q:9 Does Prime Infrastructure support collecting SYSLOG sent by ISE?

No.Prime infrastructure does not support collection of SYSLOG from ISE.

Q:10 Does Cisco Prime Infrastructure 3.0 supports Alarm Customization?

Yes. In Prime Infrastructure 3.0, user can specify a trap notification name or syslog message identifier, and specify the event severity, category, and message to use when the specified trap or syslog is received. Prime Infrastructure creates an event with the settings you specify.

Refer the below link for more detail.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/alarms.html#pgfId-1067052

Q:11 Is it possible to suppress the alarms from a specific device group in prime Infrastructure 3.1?

Yes. Cisco Prime Infrastructure 3.1 includes a new feature called Alarm policy, which is a filtering method that allows you to control the alarms generated. You can activate and suppress Alarms generation, for specific device groups and port groups on which you want the alarms to get generated or ignored. Below alarm policies are supported in Prime Infrastructure 3.1.

  • Interface
  • Access Point
  • Controller
  • Layer2 Switch
  • Wired Infrastructure

Q:12 How to view the historical Syslog messages in Prime Infrastructure 3.1?

In Prime Infrastructure 3.1,User can view both live streaming of syslogs and historical syslog messages by navigating to Monitor > Monitoring Tools > Syslog Viewer.

Syslog live Streaming can be leveraged to troubleshoot issues related to Clients or Infrastructure managed by Cisco Prime Infrastructure. Syslog tab in “Monitor-> Monitoring Tools -> Alarms and Events” has been deprecated from 3.1.

Q 13 Is it possible to change the Auto clear interval for any alarm in Prime Infrastructure?

You can change the auto clear interval for any alarm condition. The alarm generated for the specific alarm condition will be auto cleared in the interval specified. Choose Administration > Settings > System Settings > Alarms and Events > Alarm Severity and Auto Clear. Expand the categories available under the Event Types column, Click on the Auto Clear Duration field and enter the duration after which you need to clear the alarm.

 

Reporting

 

Q:1 How can I customize report generation in Prime Infrastructure 2.x?

Many reports allow the user to customize their results, so that, user can include or exclude different types of information. If the report you are creating permits this, it will display a Customize button. User can navigate to the below location to access the Create Custom Report page and customize the report results. Choose Report > Report Launch Pad. Click Customize to open the Create Custom Report page

 

Q:2 Where can I see the scheduled run reports in Prime Infrastructure?

To view all the currently scheduled runs in Prime Infrastructure, choose Report > Scheduled Run Results.

 

Q:3 Can I configure Prime Infrastructure 2.x to send the PDF format of reports as an E-mail?

Yes, Emails can be configured to send Email alerts. Under reports> When all report parameters have been set, choose send email option.

 

Q:4 Can I generate an End of Sale / End of Life hardware/software Report in Prime Infrastructure?

Yes. User can generate EOX hardware, Software, PSIRT reports in Prime Infrastructure 2.x.

 

Q:5 Can I generate a report based on templates added in a given Poller?

Yes, Custom Report generation is possible in reports. Report Launch Pad > Report Type > New > Customize.

 

Q:6 Can I view the complete details of a device from a single report?

Yes. Cisco Prime Infrastructure allows the user to generate a detailed inventory report which can give the above view. Report>Device>Detailed inventory report.

  http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/reps_field_ref.html#wp1066640

 

Q:7 Where can I view a successful job in Cisco Prime Infrastructure?

We can view the job details under Administration>Job Dashboard.

 

Q:8 Can we save specific custom reports for future use in Prime Infrastructure 2.x?

In the Saved Report Templates page of Cisco Prime Infrastructure, user can create and manage saved report templates. You can also enable, disable, delete, or run currently saved report templates. To open this page in Prime Infrastructure, choose

Report > Saved Report Templates.

 

Q:9 Is there any report within Prime Infrastructure that can give the list of EOL software running on their HW?

    Prime Infrastructure 2.x provides EoX reports on HW, modules and SW.

 

Q:10 Does Prime Infrastructure 2.x provide PSIRT Risk reports and link to all security risks?

Yes, Cisco Prime Infrastructure 2.x provides a detailed PSIRT reports.

 

Q:11 For creating EoL reports by connecting to Cisco repository as well as installing patches , does Prime Infrastructure requires Smartnet on all equipment or just on LMS?

The EoL reporting just requires a CCO ID, it doesn't have any relation to whether you have SmartNet coverage of your devices. The LMS contract connection feature will pull down contract info to let the customer generate a report showing how the devices in their network are covered or not by their service contracts. You can use that feature whether or not you have SmartNet coverage for everything (in fact the whole point is to help the customer understand what is covered or not).

 

Q:12 Is there any report in Prime infrastructure equivalent to bug summary report in LMS 4.2?

     This reporting capability is not currently available in Prime Infrastructure. It is supported in future release of PI planned   sometime in CY2015.

 

Q:13 Is it possible to generate a report on Unused Ports in Prime Infrastructure?

       Yes. It is possible to generate a report by customizing   “Wired port attribute report “.Select the report by navigating to Report > Report Launch Pad> Device > Wired port Attribute and select the admin and operational status. Then user needs to export as .CSV and manipulate the data to find the hop down port.

 

Q:14 Does prime infrastructure 2.x generate Device hardening report?

       Prime Infrastructure does not yet have “config baseline audit" capability .It is planned for future release post PI 2.2 release. L MS does have this capability.

 

Q:15 Is it possible to combine reports in Cisco prime Infrastructure 3.0?

Yes. In Cisco Prime Infrastructure 3.0 Composite reports can be created from a pre-defined list of supported reports. Two or more reports can be combined and information can be filtered based on requirements. Users can select multiple reports and combine them instead of creating special reports for different scenarios. Composite reports can be created from a pre-defined list of supported reports.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/reps.html#18283

Q:16 How to specify data retention period for reports?

The Retention period for Reports is 31 days by default. You can edit this settings in the following path Administration > Settings > System Settings > General > Report. It can be retained maximum of 366 days and also you can specify the report Repository path on the Prime Infrastructure Server.

Q:17 Is there any report to get the modules and cards details in Prime Infrastructure 3.x?

Yes. In Prime Infrastructure 3.x "Wired Module Detail Report" under device category will provide the list of cards and modules details for the selected devices.

Security

 

Q:1 How do I setup the AAA mode in Prime Infrastructure 2.x?

Prime Infrastructure supports local as well as TACACS+ and RADIUS, but you must specify a TACACS+ or RADIUS server first.

To specify a TACACS+ server and then change the AAA mode to TACACS+: Choose

Administration > Users, Roles & AAA, then click TACACS+.

 

Q:2 Does Prime Infrastructure 2.x support ACS servers? If so which version?

Yes, Prime Infrastructure 2.2 supports ACS View server 5.1 or later.

 

Q:3 How to configure ACS view server in Prime Infrastructure 2.x?

To facilitate communication between Prime Infrastructure and the ACS View Server and to access the ACS View Server tab, you must add a view server with credentials.

Choose Administration > Servers > ACS View Servers.

 

Q:4 My customer has just purchased Prime Infrastructure. Based on their security policy, customer requires Antivirus software on server OS. PI is Linux based, but it is hardened so we cannot get root access to install AV. Could you please suggest any solution for that request?

Prime Infrastructure as a closed system, we do not support any action by the customer to add any additional software to the product. There is no need for customer to worry about installing any anti-virus software.

 We do follow standard Cisco guidelines for product security, which include hardening recommendations and testing for many different areas of vulnerability.

Prime Infrastructure follows the Cisco Secure Development Lifecycle (CSDL) process

External CDL Website  http://www.cisco.com/web/about/security/cspo/csdl/index.html

External CSDL Whitepaper   http://www.cisco.com/web/about/security/cspo/csdl/docs/External_CSDL_Whitepaper_Final.pdf

With regard to any disclosure of new vulnerabilities and security related hot fixes

Cisco Security Vulnerability Policy:

http://www.cisco.com/en/US/partner/products/products_security_vulnerability_policy.html

Ongoing disclosures handled by Cisco Product Security Incident Response Team (PSIRT) process.

http://www.cisco.com/en/US/partner/products/products_security_vulnerability_policy.html#cpsirp

All fixes to product delivered as product patches/updates. The document references provided describe the Cisco Secure Development Lifecycle program. The best way would be for the customer and partner to waive the AV requirement for Prime Infrastructure, as not applicable.

 

Q:5 Do we have Pre-defined profiles Industry Standard on wireless threat IPS?

Prime Infrastructure’s Wireless IPS feature enables or disables alarms from the policy profile that are appropriate for that WLAN environment. For example, health care institutions can select the Healthcare profile and all alarms that are necessary to be HIPAA compliant are enabled.

  

Q:6 Does Prime Infrastructure 2.x support RSA credentials for SSH access to devices.

Prime Infrastructure doesn't have any way to generate tokens for OTP CLI access control; a static username/password for CLI access (as well as enable PW, where needed) must be entered into Prime Infra for each managed device.

RBAC (Role Based Access Control)

Q:1 Is there a way to rename or create additional user groups in Prime Infrastructure ?

No, Cisco Prime does not support renaming or creating additional user group. There are few user defined groups which the customer can customize according to his requirement

Q:2 Where can I define users and roles in Prime Infrastructure ?

You can add a user and assign predefined static roles. Besides complete access, you can give administrative access with differentiated privileges to certain user groups. Choose Administration > Users, Roles & AAA > click Users > Choose Add a User, then click Go.

Q:3 How can I change my active virtual domain in Prime Infrastructure ?

Rest your cursor on the Virtual Domain in Home Dashboard and click the icon that appears to the right. Choose a domain from the list of domains of which you are a member.

Q:4 What is the maximum number of connections allowed by Cisco Prime Infrastructure 3.0 to access the web interface?

50 concurrent users are allowed in Prime Infrastructure 3.0

Q:5 What is virtual domain in Prime Infrastructure ? What are the pre-requisites needed for this?

Virtual domains can be based on physical sites, device types, user communities, or any other designation you choose. Before you set up virtual domains, you should determine which users should have access, to which sites and the devices in your network.

Q:6 How to create Virtual domains in Prime Infrastructure ?

  By default, there is only one virtual domain defined (root) in Prime Infrastructure.

Choose Administration > Virtual Domains. In the Virtual Domains sidebar menu, click the parent virtual domain for your new virtual domain and then click the Add New Domain icon.

You can also create a new child domain of an existing domain by hovering your mouse cursor over the name of the parent virtual domain. You will see a cross-hair icon appear next to the domain name. Click the icon to display a popup summary of the parent, then click Create Sub Domain to create a new child domain of that parent.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/maint_user_access.html#54162

Q:7 How to assign users to a Virtual Domain in Prime Infrastructure ?

After you create a virtual domain, you can associate it with specific users. This allows users to view information relevant to them specifically and restricts their access to other areas. Users assigned to a virtual domain, can configure devices, view alarms, and generate reports for their assigned virtual domain only. Choose

 Administration > Users, Roles, & AAA and click the username that you want to assign to a virtual domain.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/maint_user_access.html#60015

Q:8 Can I authenticate operators/admins of Prime Infrastructure via 2 factor authentication (linked to ISE or ACS for RADIUS/TACACS)?

Yes. It is possible to have Prime Infrastructure admins authenticated by an external AAA, where that AAA system backbends somehow connected to a RADIUS token server or RSA Secure ID. The user has to generate the token when he logs in, but to Prime Infrastructure, it is just a password which is sent to the external AAA to be validated.

Q:9 Does Prime Infrastructure support 2 factor authentication when communicating with routers/switches/WLC’s for purposes of configuration changes/configuration backups, etc (SSH access)?

No.Prime Infrastructure 3.0 doesn’t support token based authentication for any device.

Q:10 Does Prime Infrastructure support Job approval based RBAC functionality?

   Yes. Prime Infrastructure 2.x has a dashboard of job approval tasks and actions.

Automated Deployment / Plug & Play

 

Q:1 What is the Automated Deployment Gateway and why do I need it?

The Prime Infrastructure Automated Deployment feature allows you to create templates that can be hosted on the Automated Deployment Gateway. Network devices (e.g. ISR G2, Catalyst switches, etc.) with Cisco Networking Services (CNS) agents can call home to the Automated Deployment Gateway to pull their configuration templates down. After provisioning, the management of those devices follows the regular Prime Infrastructure process.

 

Q:2 How plug and Play works in Catalyst switches?

 The below link shows how PnP works, step by step.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/setup_workflows.html

WebEx recording of a presentation, and demo:

https://cisco.webex.com/cisco/ldr.php?RCID=4c95a45c1ad9b625d81433635fee250d

You can download the demo as a file:

https://cisco.webex.com/cisco/lsr.php?RCID=006aa94174a26041cb91cd680dca079d

The Plug and Play portion of the demo start on the 1:00:38 minute.

 

Q:3 List out the hardware requirements for Prime Infrastructure Plug and Play gateway?

The server requirements for the Cisco Prime Infrastructure Plug and Play Gateway OVA are as follows:

        ·           VMware ESXi Server version 4.1.0 or 5.0 is required. Version 5.0 is preferred. Prime Infrastructure 2.0 has not been tested with VMware ESXi Server versions later than 5.0.

       ·           RAM— 4GB

       ·           Disk Space—100 GB (Recommended to use SAN)

       ·           Processors—4 virtual CPUs with 2.93 GHz or faster

Follow the below link for reference.

       http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/quickstart/guide/cpi_qsg.html#pgfId-50173

Q:4 Can we purchase Cisco prime Infrastructure without the underlying Lifecycle licenses and to be a ‘Plug and Play’ only solution?

No.Cisco Prime Infrastructure Plug and Play feature requires Lifecycle management licenses. User cannot just purchase the Plug and Play standalone.

 

Q:5 Does Plug and play support prime Infrastructure HA deployments?

Yes. Prime Infrastructure 2.2 supports Plug and Play in Prime Infra High Availability (HA) deployments. PnP Gateway Standalone Server HA will use a Floating Virtual IP address across both the Primary and Secondary PnP Server so that the devices can call home to the same IP Address/Hostname in case of failover.

 

Q:6 How Plug and Play (PNP) HA works?

The switch over from Primary PnP Gateway to Secondary PnP Gateway and connection migration from Primary PI to Secondary PI should be automatically handled without any manual intervention. The user inputs required for the HA configuration are done during the advanced setup of Primary PnP Gateway alone and those are applied on the secondary server from the primary server. In case of PnP Gateway is not configured in HA mode then also the advanced setup could be used to support the configuration of Prime Infrastructure Secondary Server. The PnP Gateway Status should display the HA status along with the details of who is the currently active server.

Q:7 Is Day1 device support (Plug and Play) available in Prime Infrastructure ?

Yes, Day 1 device support (Plug and Play) is available in Prime Infrastructure.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/plugandplay.html

Q:8 Does plug n play in Prime Infrastructure support Apple IOS application?

  Yes, Cisco Prime Infrastructure includes Apple iOS Plug & Play App allowing anyone to stage and push a configuration

Q:9 What is the default Timeout for Plug n Play?

The default timeout is 1 hour for Image transfer, Image distribution and Image Activation. For better reliability and security, we recommend you to use secure protocols only (SFTP, SCP) for distributing software images. We do not recommend using TFTP or FTP. If you choose TFTP protocol for the image distribution and if the device and the server are in different subnet, the image should be copied within the specified session time limit (one hour) which is maintained by the application otherwise the distribution will fail due to timeout error

Q:10 What is Instant Access in Prime Infrastructure 3.1?

Cisco Instant Access is a solution that uses Cisco IOS Software to connect Cisco Catalyst 6800ia access switches to Cisco Catalyst 6800 and 6800E series core switches. The Instant Access workflow provides zero-touch deployment to enable Catalyst 6800 series Instant Access system with single-homed fabric connection to Compact Switches deployed in extended Access Layer network. The Work Flow is designed to support the complete network automation for Day-1 and Day-2 operations. The solution is intended to simplify your campus network operations and management.

Contract Connection

Q:1  Ability to add contracts into Prime Infrastructure? Do we have this in the roadmap of PI?

         This feature is not available at this point of time. It will be available post Prime Infrastructure 2.2 release.

 

Multi Tenancy

 

Q:1 Can we manage multi-customers with one instance of PI? Do we need any specific license to be purchased? How many devices / Customers are supported?

User can manage multiple customers with a single instance of Prime Infrastructure using virtual domains. But there are some limitations, though, such as duplicate IP addresses not being supported.  These are on the roadmap. 600 numbers of virtual-domains are supported in a single platform

 

Q:2 Does Prime Infrastructure 2.2 support multi tenancy? Does the Multi-customer license, will be able to handle that?

Yes and no.  We provide reasonable good support for multi-tenancy, but an important use case is missing – that is overlapping IP Address.  That will not be supported in Prime Infrastructure 2.2.

 

Capacity Management

 

Q:1 Does Prime Infrastructure 2.x include capacity management?

Prime Infrastructure does not have a formal capacity planning tool.  PI does maintain an inventory of the managed network, so you can get reports on how many devices are in your network, what kinds of devices, etc. which could be used for planning purposes, but there isn't a planning feature.

 

Q:2 Can I use Prime Infrastructure 2.x for capacity planning?

Prime Infrastructure allows you to view and report a variety of key performance Indicators that are critical for maintaining and improving your network's operational readiness and performance quality.

The below link will have the detailed steps:

http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.2/user/guide/capchange.html

 

Smart Services

Q:1 Do we have readiness assessment for Trustsec in Prime Infrastructure ?

802.1x Readiness assessment & deployment is available from Cisco Prime Infrastructure.

Q:2 What is the functionality of AVC readiness assessment in Prime Infrastructure?

The AVC Readiness Assessment aims to analyze the routers that are currently being managed by PI and provide a report that talks about whether the devices are AVC capable or not. It also suggests appropriate actions to be taken in order to make the device as AVC capable. IN order for the router to be AVC capable, it needs to be of the right hardware, having the min IOS/IOS-XE image and an active AVC license.

Browse to Services > Application Visibility and Control > Readiness Assessment to view this feature. As a pre-requisite to this step, ensure that the routers are added into PI and are managed completely.

Q:3 What is TrustSec Readiness Assessment in Prime Infrastructure ?

In Cisco Prime Infrastructure 3.1, the TrustSec Readiness Assessment enables you to choose preferred options for provisioning configurations to TrustSec-capable devices to enable 802.1X and other TrustSec functionality. TrustSec Readiness Assessment displays TrustSec-based device details such as TrustSec Feature classification.

Q:4 Does Prime Infrastructure 3.1 support Smart licensing?

Yes. Smart Software Licensing   feature is available in Prime Infrastructure 3.1.

Refer the below link for more details.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/licensing.html#pgfId-1078772

Q:5 What are the limitations of Smart Licensing Feature in Prime Infrastructure 3.1?

Listed below are the limitations of Smart Licensing.

  • In HA (High Availability), you can perform smart license actions (enable, register, deregister and disable) on the HA Primary server and these actions are not permitted on the HA Secondary server.
  • While performing backup and restore operation, the license supported during backup will be restored. Smart licensing registration state cannot be restored on another server and in that case user has to register once again on the restored setup.
  • While performing an upgrade from an older version, the license supported in the older version will be enabled by default in the new version.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/licensing.html#pgfId-1078772

Q:6 How to setup Smart licensing in Prime Infrastructure 3.1?

If you are currently using traditional licensing, there are some procedures to convert to Cisco Smart Licensing.

Follow the below link to setup Smart Licensing.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/licensing.html#pgfId-1084193

Q:7 What are the advantages of Smart licensing in Prime infrastructure 3.1?

  • Purchase additional licenses and automatically update the information.
  • Monitor current purchases and entitlements (duration and number of units).
  • Monitor current usage information and trending information.
  • Easily track if adequate licenses are purchased.
  • Save time with the ability to transfer licenses across the company

Q:8 How to disable Smart licensing in Prime Infrastructure 3.1?

Refer the below link to disable smart licensing in Prime infrastructure 3.1.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/licensing.html#pgfId-1085333

 

Miscellaneous

Q:1 Is there any iPhone and/or Android app for Cisco Prime Infrastructure ?

There is a Cisco Prime Infrastructure (v 1.3)app available for iPhone and iPad from the App Store.  At this point of time, there is no app for Android-based devices.

Q:2 How does quick search work in Prime Infrastructure ?

Quick search matches IP address, MAC address and SSID across multiple DB tables. The tables that are used are controllers, switches, clients, alarms, rogue APs, APs, Location server, tag, maps, rogue clients and rogue alarms. Also it is capable of searching Menu Items.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/ui.html#pgfId-1015856

Q:3 Where do I navigate to get to the Device 360 degree view in Prime Infrastructure ?

User can mouse over to any event/fault or any device under network devices to view the detailed info on devices like IP, Name, Reachability, Interface, CPU utilization etc. It also provides cross launch to various troubleshooting tools and TAC support.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/ui.html#pgfId-1015661

Q:4 How can I increase the timeout value of Cisco Prime infrastructure 3.0 User interface?

User can go to Settings > My Preferences >User idle Timeout in Home Dashboard to increase timeout value. Maximum would be 120 min and Minimum would be 15 min.

Q:5 What are the various task states in Cisco Prime Infrastructure ?

Each task in the system has a state, which indicates what the task is currently doing.

For each task in the system, the task can only run once at a time, and additionally, some groups of tasks are mutually exclusive, meaning, that only one task in the group can run at a time. Based on this, each task can be in one of the following states:

  • Idle: The task is not running, and is not yet scheduled to run.
  • Waiting: The task has reached its scheduled run time, but is now waiting for another task to finish. For example, only one data collection task can usually run in the entire system, and so data collection tasks can often be seen in the waiting state, as they are scheduled to run, but waiting for another data collection task to finish. Tasks in the waiting state go into a queue, and then run in the order in which they were triggered, one after the other.
  • Running: The task is running.
  • Expired: The task is Idle and not scheduled to run again. An Expired task will be eliminated from the scheduler, but retained in the database, until a user runs it manually or schedules it to run again.

Q:6 What are the purging options available in Prime Infrastructure ?

Audit Log purges can be done from

  •  > System Settings > Audit
  • Configuration related purging can be done from

Q:7 How to configure mail server settings in Prime Infrastructure?

Prime Infrastructure can send reports and alarm notifications via SMTP email. To enable this functionality, User must first configure one or more SMTP email servers. Select

Administration > Settings >System Settings > Mail and Notification > Select Mail Server Configuration.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/config_server_settings.html#pgfId-1070790

Q:8 Where can I get software support and product update information on Prime Infrastructure ?

Device Package updates, Technology Package and software updates for major Prime Infrastructure product releases are integrated into update bundles. These bundles are available for download directly from Cisco. Choose Administration > Licenses and software Update > Select Software Update.

Q:9 How to add a MSE server in Prime Infrastructure ?

 In Prime Infrastructure 3.0, User can add MSE in the following path: Services > Mobility Services > Mobility Services Engine > Select a command > Add Location Server.

Q:10 How to add traps configuration for a MSE in Prime Infrastructure ?

  Follow the below path to configure traps for MSE.

 Services > Mobility Services > Device Name > System > Trap Destinations > Add Trap Destinations page.

http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/3.0/configuration/guide/mse.html

Q:11 How to configure TFTP /FTP servers in Prime Infrastructure ?

 Choose Administration > Servers > TFTP/FTP Servers and enter details.

Q:12 How can I check my system disk usage in Prime Infrastructure 3.0 ?

  User can quickly check on the total system disk space usage using the Appliance Status tab under Administration > Appliance.

Q:13 Are cisco Auto smart ports borderless technology feature part of Prime Infrastructure 3.0?

  Down link port configuration in Cisco plug and play feature is done using cisco auto smart ports technology.

Q:14 I have additional questions regarding Cisco Prime Infrastructure, is there a support community?

Yes, there is a Cisco Network Management support community available here: https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management

Q:15 Is there any IPhone/IPad App available for Cisco Prime Infrastructure 3.0?

Cisco Prime app in the App store is a full featured app that includes visibility on devices, alarms, events, etc.  The Cisco PnP app is a single purpose application that is limited strictly to downloading configs (bootstrap or otherwise) from Prime server.” Search for "Cisco Prime" in the App Store.

Q:16 How do I change the polling ip address that discovery associated to my devices?

There is no way to do that today. You will need to delete and re-add the device (and yes, you will lose any history, etc).

We do have requirements to allow that kind of change in the future (not yet committed).

Q:17 Where to look out for MIBS supported by a device?

That information is available on CCO. Best place to start is always http://www.cisco.com/go/mibs

From there you can find a lot of info, such as

ftp://ftp.cisco.com/pub/mibs/supportlists/asr1000/asr1000-supportlist.html

Q:18 Is Cisco Configuration Engine (CE) being wrapped into Prime Infrastructure ?

Cisco Configuration Engine is a product specifically intended for Service Providers, crafted to do the specific tasks of day 1 rollout and day 2 configuration mgmt.

Prime Infra is an enterprise management product that provides a wide spectrum of wireless & wired management, as well as application visibility. As part of the overall device lifecycle management, Prime Infra does support plug and play / "zero touch deployment" scenarios (leveraging the CNS agent capability in IOS and doing many of the same things the CCE does), but the context is still as part of the larger enterprise product. We do not have the APIs in Prime Infra today to support PnP, but these are planned for future.

Q:19 I'd like to compare feature gaps between LMS and Prime Infrastructure 3.0.Do we have any collateral to understand the same?

Yes, see the draft documents under White papers on the internal PI page:

http://iwe.cisco.com/web/ese/go_primeinfrastructure

Q:20 List out the document(s) describing the feature parity between LMS 4.2 and Prime infrastructure 3.0?

 LMS v4.2.x and PI 3.0 feature parity document is available in the below link.

 http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/guide-c07-731975.html

Q:21 Does Cisco Prime Infrastructure 3.0 have any IPAM (address management) capabilities?

  For IPAM the product would be Prime Network Registrar.

   External site:  http://www.cisco.com/en/US/products/ps11808/index.html

   Internal site:  http://iwe.cisco.com/web/ese/go_cnr

Q:22 Does Prime Infrastructure 3.0 support NETCONF (Network Configuration protocol) to interact with the device?

 No.  Prime Iinfrastructure does not use NETCONF to interact with any network device.Prime infrastructure uses SNMP, ICMP,CLI via TELNET or SSH, and in some cases HTTP.

Q:23 Does Cisco Prime Infrastructure support SNMP traps?

       Prime Infrastructure is a trap receiver. However that doesn’t mean that Prime Infrastructure will display all the received traps. Prime Infrastructure can understand some of the traps, and creates some event/alarms based on them. The traps that Prime Infrastructure doesn’t understand will not be displayed. The list of traps (including MIB, cause, action) supported by Prime Infrastructure is available in the below link.

       http://www.cisco.com/c/dam/en/us/td/docs/wireless/prime_infrastructure/1-3/configuration/guide/CPI_Alarms_Events.xls

Q:24 Is it possible to integrate a ticketing system with Cisco Prime Infrastructure 3.0?  

Prime Infrastructure does not have pre-built integrations with any ticketing system. But   Prime Infrastructure has a fully documented REST API that can be leveraged.

      REST API documentation is available in the below link.

       http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

Q:25 Does Prime infrastructure 3.0 discover third party IP camera, Switches and firewalls?

Yes. Prime Infrastructure is capable of discovering any SNMP-enabled device that supports RFC 1213 (MIB2). The information is limited though.

Q:26 Is there any integration between Prime Infrastructure 3.0 and Cisco Video Surveillance Manager?

 No. Prime Infrastructure 3.0 can’t be integrated with Cisco Video Surveillance Manager (CVSM)

Q:27 Does Prime Infrastructure 3.0 manage Cisco IP phones?

No. Cisco Prime Infrastructure 3.0 doesn’t manage IP phones. It’s been recommended to use Prime Collaboration for that.

Q:28 Does Prime Central manage Prime Infrastructure 3.0?

No. There is no integration point between Prime Central and Prime Infrastructure.

Q:29 Is there any document explaining the integration between Prime Infrastructure, ISE and MSE?

There is a discussion in the Unified Access/BYOD CVD 2.6 released in March 2014. Direct link to the chapter:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Network_Management.html#10423

Link on Full Unified Access/BYOD Design Guide

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide.html

Q:30 List out the various task that can be performed using Read / Write REST APIs in Prime Infrastructure ?

Prime Infrastructure 3.0 supports several new Read/Write APIs that allows users to externally trigger configuration of the WLAN on controllers and access points from outside of Prime Infrastructure GUI. Prime Infrastructure APIs will allow users to programmatically do operations like schedule configuration push.

Prime Infrastructure brings flexibility to automatically export devices through API and do a bulk import of devices to be managed by PI. Users may get job details for jobs that have been scheduled, push new jobs and resume, cancel and suspend jobs through APIs.

The complete REST API documentation is available in the below link.

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-programming-reference-guides-list.html

Q:31 Can Prime Infrastructure monitor 3rd party voice solutions?

Prime Infrastructure looks at the RTP streams and as long as the 3rd party voice solutions adhere to the RTP standards, Prime infrastructure should be able to monitor them with Medianet.

 

 

Troubleshooting / TAC Support

Q;1 How can we Troubleshoot Voice/Video delivery to a branch office using PI 2.2?

User must be able to link user experiences of network services with the underlying hardware devices, interfaces, and device configurations that deliver these services.

Refer the below link.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/mon-pol-thresh.html

Training

Q:1 What is the URL for Cisco Prime Demo Series?

Here is the URL which will provide the details to attend the Prime Demo sessions across different geographical regions. Software Demo Series Schedule

Q:2 What is the URL for Selling Cisco Prime?

Here is the URL for Selling Cisco Prime http://iwe.cisco.com/web/ese/go_primeinfrastructure

Q:3 Which one of these webinar's will cover the wireless element of PRIME?

Prime Infrastructure is the webinar which convers wired/wireless/AX management solution

Q:4 Do we have any documents/VOD’s which can help in doing setting up Cisco Prime Infrastructure?

Prime Infrastructure Quick Start VoD Series is an 18-segment video series, each averaging less than 10 minutes that step users through the installation, setup, configuration and customization of their Prime Infrastructure system.  You can find details on this and more here: www.cisco.com/go/prime-demo

Q:5 List out the various training resources for learning Prime Infrastructure?

Following are the training resources available for Prime Infrastructure ·     

 

References

 

Version history
Revision #:
1 of 1
Last update:
‎04-12-2014 12:44 PM
Updated by:
 
Labels (1)
Everyone's tags (1)
Comments

Thanks Ramnaray...

I ask if it is possible to export all configuration files from CPI to a TFPT server by one shoot or script or template ?

Operate > Device Work Center > Configurations Archives

If so, how to do it ?

Regards

Pierre-Hubertin

New Member

Thank You

Hall of Fame Super Silver

Jason,

Please post as a new question thread and not as a comment on a document. 

New Member

Greetings,can I establish a primary server in a virtual environment and a secondary server at the same evironment?

Thank you

New Member

I am unable to export my AP configs. When I select Unified AP under devices and select all (or even one AP) the export button remains grayed out.  

 

However this is not the case when I select other network devices such as a switch.

 

Any thoughts as to why I can't export AP configs?

New Member

What are the main differences between Prime DCNM and PI3.0. In PI3.0, the N9K series are also supported (in particular I think on vPC, VDC monitoring and config). Why should one buy DCNM?

I understand that DCNM also focus on SAN, OTV,  VXLAN => This is missing in PI3.0 ?

New Member

Hi,

Does anyone know how long Assurance data (from Netflow) is stored and where is the menu and/or option to enlarge o reduce Assurance Data retention?

Thanks!

New Member

Prime only supports SNMPv3 downstream. It still cannot be configured upstream to another SNMP monitor for up-down. Only SNMPv2.

New Member

Hi!

Does anybody know if I can configure email notification only limited group of my devices?

For example, I want PI to sent email of switch down event of switches only which are a part of the user defined group.

Hall of Fame Super Silver

ymorkotun  

Please post as a new question thread and not as a comment on a document.

Cisco Employee
Cisco Employee

I think this section needs updating since it is no longer a "may be" but the enforcement is factual for a very specific release and patch version.

There are BASE tokens, LF tokens, AS Tokens, UCS-VM, UCS-SERV Tokens etc.

The only difference is – starting with PI 3.0.x (may be PI 3.10) we will enforce the differences in device types and stack vs switch ..

However, for most devices (85%)(APs (all types), Cat (2K, 3K), Routers (ISR1K, 800 Series)  -- there is NO Difference in behavior. All these devices consume one LF and one AS token (If present).

New Member

We are using Cisco Prime Infrastructure 3.1 - To generate heatmaps using the maps do we need to pre-load the access points into the device? tried generating the heat map without loading of the devices and i believe its not considering the effects of walls,doors and windows.

Is there any way where we can get a proper heat map generated considering the effects of objects?

Thanks