This document contains the slides for the live webcast.
During this live event, Vinod takes you through the installation of Cisco Prime LMS, including initial portal login and use of the Getting Started workflow to configure the server. He will also demonstrate how to explore and customize the dashboards in My Menu, manage portlets, and change the portal layout. Additionally, Vinod will show the steps to manage the network device inventory, manage network device configurations and software images, monitor and troubleshoot the network, and much more.
Introduction to Cisco Prime LMS
Evolution of Cisco Prime LMS
Configuring and Implementing Cisco Prime LMS
Vinod Arya is a High Touch Technical Support (HTTS) engineer in Cisco’s Focused Technical Support (FTS) organization working on Network Management System (NMS) products and technologies. His current focus is on planning and implementing Network Management Infrastructure(s). His areas of expertise also include NMS products and technologies such as the CiscoWorks LAN Management Solution (LMS), Simple Network Management Protocol (SNMP), IP, Service-Level Agreements (SLAs), Cisco Prime Provisioning, Cisco Network Registrar, and many others. He has more than 7 years of experience in IT. Prior to joining Cisco’s HTTS NMS team, Arya worked for Convergys India Pvt Ltd managing and optimizing the Optus Broadband Network. From there he joined HCL Technologies, working with its local switching team before moving on to the Network Management Team. He was also part of its Technical Assistance Center (TAC). Arya holds a Bachelor’s degree in Information Technology from Kumanun University in Nainital, India, and a MBA in Information Technology from Sikkim Manipal University in Bangalore, India. He holds several Cisco Certifications, including CCNA® and VCP 5.0..
Q. Does LMS have the ability to run nightly backups of all devices as part of the feature set?
A. Yes, if all the devices are added successfully then CiscoWorks should be able to back up the configuration of all the devices.
Q. Is it possible to monitor services that run on a Microsoft Windows server with LMS?
A. No, it is not possible to monitor services that run on a Windows server with LMS.
Q. What is the difference between Cisco Prime LMS and Cisco Prime Infrastructure?
A. CiscoWorks LMS is used to manage the LAN as the name states, LAN Management Solution. However, Cisco Prime is LAN, Wireless, and WAN technology in one bundle.
Q. Can LMS manage any non-Cisco products such as Palo Alto devices?
A. For the non-Cisco devices, the support is less and it cannot be confirmed if Palo Alto devices are supported in LMS without knowledge of the sysObjectID of the device. In order to check support for a non-Cisco device, see "CiscoWorks LAN Management Solution 4.2 for Non-Cisco Devices".
Q. In consideration of the continuous migration to INF files, what LMS upgrades are planned and what features are planned in the future (rather than bug fixes and definition updates)?
Q. Could you explain a little bit more the Number of CPU's COUNT required a windows server2008 to run LMS. I have one server with 4 sockets each one 6 processors so the logical number process=24. but I am not allowed to monitor more 30k objects?
A. This depends on the license you have and for how many devices.
Q. Is there a virtual machine (VM) appliance version like many of Cisco's other products?
Q. Can I use the device backup of Release 3.2 in Release 4.2?
A. You cannot back up and restore just device configurations. It has to be a complete backup of one LMS which can be restored into another.
Q. Does Cisco Prime Release 4.2 have a Layer 2 topology view?
A. Yes, LMS Release 4.2 has a Layer 2 topology view which you could launch from the topology.
Q. Can I set a specific time slot for change management of all the devices, such as midnight?
A. In order to collect the configuration from the devices, you could schedule it for midnight and at the same time you could schedule jobs to make any changes on the devices at the time that is convenient for you.
Q. Can LMS be configured to accept and display syslog messages from devices not currently in the Device Credentials Repository (DCR)? Possibly with an automated action to attempt to manage the unknown device?
A. It will not be possible if the device is not added in LMS. CiscoWorks will not be able to manage the syslog messages as the device itself is not currently managed by LMS.
Q. Is there any other installation bug identified as DCRServer Process failure (which is solved in Release 4.2.4)?
A. As of now there is no bug identified. However, if you run into such an issue, go to cisco support forum for a solution.
Q. Is it possible to have redundancy for CiscoWorks servers, such as a cluster?
Q. Is there a way to slipstream the latest service packs into the install files so that when multiple instances of LMS are installed/upgraded, the service packs are already installed?
A. No, you need to install the service packs one-by-one as per the hierarchy; LMS 4.2 > LMS 4.2.2 > LMS 4.2.4.
Q. I have created a job in LMS for an Adaptive Security Appliance (ASA) to delete a particular route and add a new route. The job executes only if the approval is given by my L3 Team Lead and Manager. Is this possible in LMS Release 4.2?
A. You could assign an approver in LMS, so when a job is to be executed it would first have to be approved by the approver. The approver receives a notification when a job is executed.
Q. Is it mandatory to select a device type when a device is added in Common Services (CS)?
A. No, most of the time LMS via SNMP gets hold of the sysObjectID and determines the device type. However, if the device is still unknown, you could run the inventory for it to become known.
Q. Is there an API to connect to the database so you can do adhoc reports?
DFM and HUM:
Q. What SNMP value will be polled by the Device Fault Manager (DFM) and the Health and Utilization Monitor (HUM)?
A. The DFM and HUM use only the SNMP community string to manage the device. The DFM sends an alarm when the device sends the trap to the DFM. The HUM can configure different pollers, such as for CPU, interface arability, and so on dependent upon the poller you have configured. MS polled the device to get the same information from the device, such as 5 minute CPU utilization with the respective Object Identifier (OID).
Q. Is DFM or HUM better to monitor the device temperature thresholds?
A. The HUM could be used to poll the threshold and generate an alert when it is violated. The DFM generates alerts when there is a problem with the device.
Q. It is often seen in the HUM that the total number of instances reached the maximum while editing the historical poller. What does it mean (physical interfaces or including loopback, VLAN, and so on)?
A. The number of MIB objects which can be polled by LMS depends on the server configuration. Yes, it includes all the interfaces which are managed by LMS. If you use LMS Release 4.2.x you have an option to select the interface while polling (Poll by User Selection > Select the instances on which you want to poll the devices).
Q. What SNMP port and MIB will be polled by the DMF and the HUM?
A. By default, LMS receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port, you can do so. LMS supports SNMPv1, v2,and v3 traps for trap receiving. For polling through the HUM, it uses the SNMP UDP port 161.
Q. Can you put the HUM in maintenance mode while you work on network changes?
A. In order to achieve this, suspend the poller under maintenance. Once you are back up, resume the pollers.
Q. For large, multi-site deployments, can a higher level LMS collect and aggregate data and statistics from multiple remote Resource Manager Essentials (RME), CM, and DFM collectors?
A. This should not be a problem. If you plan to to install a Master-Slave setup with different applications installed on different servers, it should work fine.
Cisco Prime Infrastructure:
Q. Will there be a session to cover Prime Infrastructure anytime soon?
Q. If I own the license for Prime Infrastructure, does that allow me to run Prime LMS? Do I need Prime LMS if I own and run Prime Infrastructure?
A. No, the license for Prime Infrastructure does not entitle you to run Prime LMS. You do not need to run Prime LMS if you use Prme Infrastructure. Cisco will wait for the full-fledged version of Prime Infrastructure to be released before LMS is discontinued.
Q. When will the full-fledged version of Prime Infrastructure be released?
Q. When do you anticipate end-of-life for this product if Prime Infrastructure will take over its role?
A. Cisco Prime LMS will always be there. Cisco will continue to improve the quality of the product, as CiscoWorks LMS is the complete solution for LAN Management.
Q. If I want to manage both wired and wireless do I need to wait to install Prime Infrastructure Release 2.0?
A. Yes, you need to wait till Prime Infrastructure Release 2.0 is released.
Q. Does Prime Infrastructure Release 2.0 cover all the services which LMS and Network Control System (NCS) provide?
Q. We have LMS Release 4.2. I have been told that Cisco Prime Infrastructure Release 1.X (2.x?) is a replacement for LMS and that we need to upgrade. Does LMS have an end-of-life date?
A. No, Prime Infrastructure is not a replacement for LMS. Prime Infrastructure is a bundle which has LAN, Wireless, and WAN technology bundled together. There is no EOL planned for LMS as of now.
Q. When Prime Infrastructure Release 2.0 is finally released, is there so much functionality in that product that the "typical user" can migrate from Prime LMS to Prime Infrastructure Release 2.0?
Q. Is Release 4.2.x the last release of Prime LMS and is it scheduled to be integrated into Prime Infrastructure? Is that what Prime Infrastructure Release 2.x is?
A. LMS Release 4.2.x still has some update patches pending. Prime Infrastructure Release 2.0 is a blend of both wired and wireless network management.
Q. In a high security environment that explicitly forbids the use of both SNMP and Cisco Discovery Protocol (CDP) protocols, is there any other Layer 2 discovery methodology to find non-routing devices, such as OID detection and Address Resolution Protocol (ARP), then attempt Secure Shell (SSH) connections?
A. LMS should be able to discover the devices with the other protocol; however it might not be able to manage the device as SNMP is needed to manage the device in LMS.
Q. Do Cisco Prime and Cisco Security Manager (CSM) integrate?
A. There is no product level integration available between LMS and CSM. CSM is built with some of the same components (historically RME and, with CSM Release 4.3, Common Services Release 4.0) used by Cisco Prime LMS but it is not integrated. The most you could do to put some links onto your LMS portal that point to the CSM server. See the "Adding Portlets" section for more information.
Q. Can you generate a Certificate Signing Request (CSR) from an LMS Server and then use it to create a valid certificate from my Certificate Authority (CA) Server?
Q. Can I change the access on LMS from http to https once the server is in production?
A. Yes you can. You need to enable the Secure Socket Layer (SSL) on the LMS: Admin > Trust Management > Local Server > Browser-Server Security Mode Setup.
Q. Can I do authentication on the LMS Server with an external Identity Services Engine (ISE)?
A. LMS can be integrated with Access Control System (ACS), Windows Active Directory (AD), and so on, but not by ISE.
Q. Can I have an external repository for backups (FTP backup server) similar to Cisco ISE?
A. The recommended way for this to "take a backup locally and then siphon it off to an external repo".
Q. If my ISE device (which is connected to AD), is the authentication server for many devices on my network, can I configure the LMS that points to ISE so the user will be authenticated through LMS > ISE > AD?
Q. Will there be schema extensions for ACS Release 5.x similar to the earlier LMS Release 2.x/3.x and ACS Release 3.x/4.x to allow role assignments from the ACS rather than require administrator accounts to be recreated locally?
A. As of now it not planned, It is understand that from the customer point of view the ACS integration which used to be there until LMS Release 4.x was great. But now with the mechanism of role-based access control (RBAC) added within LMS, a local user has access to all the GUI.
Q. Is it possible to pull the VPN connectivity report at the user level?
Q. Does the Cisco Prime Infrastructure cover security devices?