4 Lab Guide Prime Infrastructure 2 2

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Cisco Prime Infrastructure 2.2 Partner VT – Amsterdam, October 30th 2014

Agenda UNDERSTANDING THE LAB ENVIRONMENT CONNECTION TO THE LAB

2 3

PART 1: INVENTORY FEATURES : CREDENTIAL PROFILES, DISCOVERY , MULTIPLE EDIT , GROUPING, TOPOLOGY 5 EXERCICE 1: POPULATING DEVICE INVENTORY EXERCICE 2: VERIFYING/UPDATING CREDENTIALS, ADDING SINGLE DEVICES, MULTIPLE EDIT EXERCICE 3: DEVICE 360 EXERCICE 4: DEVICE DETAILS EXERCICE 5 : TOPOLOGY MAIN WINDOW, 360 VIEW AND DASHLET EXERCICE 2 : DEVICE GROUPS CREATING LOCATION GROUPS CREATING A VIRTUAL DOMAIN EXERCICE 7 : NETWORK TOPOLOGY MAPS EXERCISE 8: PORT GROUP

5 12 14 18 20 27 27 29 30 35

PART 2: CONFIGURATION FEATURES : AVC AND QOS

37

EXERCISE 1: ONE CLICK TEMPLATE FOR AVC AND QOS EXERCISE 2: SHARED POLICY OBJECTS AND MODEL BASED TEMPLATE: DESIGN AN AVC TEMPLATE SHARED POLICY OBJECT CUSTOMIZE AN APPLICATION VISIBILITY MODEL BASED TEMPLATE DEPLOY AN APPLICATION VISIBILITY MODEL BASED TEMPLATE EXERCICE 3: NETWORK SERVICES: APPLICATION VISIBILITY AND CONTROL READINESS ASSESSMENT NBAR2 PROTOCOL PACK MANAGEMENT AVC PROFILES INTERFACE CONFIGURATION

37 42 42 43 46 48 48 49 49 53

PART 3: VNAM AS A DATA SOURCE

56

EXERCICE 1 : SETUP A VNAM EXERCICE 2: HOW IT WORKS EXERCICE 3: DISCOVER A FEW VNAM CAPABILITIES MONITOR DASHBOARDS ANALYZE DASHBOARDS REAL TIME PACKET CAPTURE APPLICATION RECOGNITION

56 59 60 60 61 65 65 66 Page | 1

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

EXERCICE 3 : ADD THE NAM IN YOUR INVENTORY EXERCICE 4 : CONFIGURE THE NAM AS A DATASOURCE EXERCICE 5 : VIEW NAM DATA IN PI EXERCICE 6 : PACKET CAPTURE IN PI

67 68 68 69

PART 4: PI DEPLOYMENT CAPABILITIES : HIGH AVAILABILITY, OPERATION CENTER

72

EXERCICE 1: HIGH AVAILABILITY MAIL SERVER DESTINATION . ADDING A VIRTUAL DOMAIN ENABLING HIGH AVAILABILITY EXERCICE 2: OPCENTER ENABLING OPCENTER SERVER SINGLE SIGN ON ADDING SERVERS OPCENTER NAVIGATION EXERCICE 3: FAILOVER.

72 72 74 75 78 78 80 82 83 87

Understanding the lab environment The lab infrastructure deployment is shown below.

Page | 2

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Each student group own a POD which contains 1 catalyst 3560v2, 2 catalyst 3850 , one ISR G2 892, one ISR G2 2911, one WLC 2504 and one virtual NAM, 3 AP, 3 phones . Each POD is divided in 2 ports: The East Part, and the West Part The rest of the infrastructure is shared. The table below gives the Name SW-PODx-E SW-PODx-W RTR-PODx-E RTR-PODx-W WLC-PODx-W vNAM-PODx PI-PODx SSOx PI-P-PODx PI-S-PODx PI-V-PODx

Model 3850 3560V2 ISR 2911 ISR 892 WLC 2504 vNAM

Loopback0 10.14.20x.1 10.14.20x.2 10.14.20x.3 10.14.20x.4 172.195.x.1 192.168.40.2x 192.168.40.5x 192.168.40.15x 192.168.193.5x 192.168.193.15x 192.168.193.11x

Connection to the lab

Page | 3

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You must use Cisco AnyconnectVPN client. Launch it , server is primelab-eu.cisco.com

Username is pi-lab Ask Proctor for the password.

If you don’t have CiscoAnyConnect installed, you can install it from https://primelab-eu.cisco.com username pi-lab, password : ask your lab proctor.

Page | 4

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

PART 1: Inventory features : Credential profiles, Discovery , Multiple Edit , Grouping, Topology

Exercice 1: Populating device Inventory There are 3 ways to populate the inventory, adding a single device, doing a bulk import, and configuring an automatic device discovery. In this section you will do a discovery

Launch PI Logon to PI plateform https://pi-podx.prime.ciscofrance.com If you have any issue with dns resolution, use 192.168.40.5x (x is your pod number)

Verify the level of patch :

Page | 5

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

User: root, Password: Public123

You should see an empty overview dashboard

From Inventory> Device Management , select Credential Profiles

Page | 6

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select Add

Add a Credential Profile called "default" with the following credentials     

snmp Read Community : public snmp Write Community : private ssh user : admin/C1sc0123 enable password C1sc0123 http user : admin/C1sc0123

Page | 7

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Add another credential profile, called nam, with the following parameters (optionally, you can use the Copy )    

snmp Read Community : public snmp Write Community : private ssh user : root /root http user : admin/cisco

You will use this one later in the lab. Finally you should have something like

Create now the discovery job : Select Inventory> Device Management> Discovery

Select Discovery Setting (Upper right corner)

Page | 8

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select "New"

Give a name,expand Layer 2 protocol and expand Cisco Discovery Protocol

Page | 9

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Enable cdp, cross router boundary Add a seed device (10.14.20x.2), 10 hops

Expand "Credential Set" and add the row as below

Page | 10

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Save and Run

and

The discovery creates a job that you can see in the discovery job dashboard

You can refresh to see the progress

after a couple of minutes, discovery should be completed

Page | 11

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 2: Verifying/Updating credentials, adding single devices, multiple edit

From Inventory > Device Management > Network Devices .

This inventory replaces the device workcenter from 2.1 and earlier versions

Page | 12

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

click the device group: All devices

Select “Add Device”, and add the device 192.168.193.100 with the default credential profile

You should see a new device category: UCS B series

Page | 13

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Then select several devices. Remark, you can now edit multiple devices (edit devices in bulk)

click cancel

Exercice 3: Device 360 From Inventory > Device Management > Network Devices . Select a device (a router or a switch)

Page | 14

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select « Neighbors » . In 2.2 , you can see both local and remote port (only remote port in 2.1 and before)

Page | 15

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select the icon

And see the topology from this device !

Page | 16

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

You can select the icon

– Partner VT Amsterdam –

Oct 30th, 2014

to change the layout and the number of hops.

Page | 17

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 4: Device details From Inventory > Device Management > Network Devices .

Click on a device name (a router or a switch) Page | 18

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Explore the different menus

Explore Similar Menus with your wireless lan controller. What do you notice ? How many access points are registered ?

Explore Similar menus for the UCS B series

Page | 19

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 5 : Topology main window, 360 view and dashlet Select maps> Topology Then drill-down to location> All Locations > Unassigned

Play with the different options -

layout

Page | 20

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

-

zoom

-

overview

– Partner VT Amsterdam –

Page | 21

Oct 30th, 2014

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select a device and launch the 360 view

Page | 22

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

click the topology icon

Page | 23

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Change the layout and number of hops

Page | 24

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select now Dashboard>General

Add a Topology Dashlet

Page | 25

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Move the dashlet on upper right corner and configure it to display the All Locations> Unassigned , with a symetric layout. (Mouse over the right corner of the dashlet and select the icon mode)

Page | 26

to enter config

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 2 : device groups PI provides several device grouping capabilities :    

The device groups The location groups The site maps The virtual domain

A device group, contains devices for different purposes (configuration, monitoring). A device can join a group statically or dynamically based on a membership rule. In this case, if a new device matches this rule, it automatically joins the group. Some inventory attributes are provided to be used in the membership rule (name, location, type, user define field …). A single device can belong to more than one device group. Predefined device groups exist based on device model. Location Group are conceptually identical to a device group : this is a device group based on location parameters, either snmp location, or switch location (civic address attributes) .This is a new feature of PI 2.2 which replaces somewhere the use of sites. Membership to a location group is either static or dynamic. The site maps are groups of Access points on a map. Access points are positionned on a map and allow to create wireless heatmap . Sites are organized as a 3 level hierarchy : campus/building/floors. Membership of an AP to a site is static (manually added/removed) but a feature called « automatic hierarchy creation » allow creation and addition of APs in a site based on their name. Virtual domains allow grouping for administrative purpose (Role Based Access Control) .

Creating Location Groups

In this exercise, you will create 3 location groups : -

Provider East West

Based on the SNMP location parameter of your device. But , before you will create an umbrella group called PI-LAB From Inventory>Device Management > Network Devices , Hover over Location , and select « Add subgroup »

Page | 27

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Just name it PI-LAB and save

Select this group and “Add Subgroup”

Name the group East Add a membership rule based on syslocation

Preview the device list

Page | 28

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Create in the same way the location group West (syslocation contains West) and the site group Provider (syslocation contains provider). Both must be subgroup of PI-LAB You should have the following:

Creating a virtual domain

We will not spend time on virtual domain in this lab , just create one quickly called « testVD » and put a few devices in it … you will understand later …

Page | 29

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Create sub domain testVD

add the network devices SW-SP1-A, SW-SP1-B and SW-SP2

Exercice 7 : Network topology Maps Go now to Maps> Network Topology

Page | 30

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select User Defined - > PILAB-Network

Click one group

Explore drill down and expand

Page | 31

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Page | 32

Oct 30th, 2014

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Click a link to see the components Page | 33

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Play with the layout, expand /collapse groups

Select now Dashboard > Overview >General

Page | 34

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

May be the topology dashlet is like that now !!

Why ? Change it to

Exercise 8: Port Group Small exercise here, nothing new in 2.2 , but you need this port group later …

Select Inventory> Grouping> Port

Page | 35

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select Add subgroup under User defined

Select a static port group, give a name and save

You can use a filter to select YOUR router , 10.14.20x.3 and select GigabiEthernet 0/0 and 0/1

Select the appropriate port and move them to the group you created (add to group) Page | 36

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

PART 2: Configuration features : AVC and QOS Exercise 1: One click template for AVC and QoS PI provides model based templates to deploy technology features on devices. These templates cover Security Features (Zone Based Firewall, ACL, DMVPN, GetVPN, ScanSafe …) , Routing (OSPF, EIGRP …) , AVC (Application Visibility and Control) . Model Based Template can be deployed on multiple devices or can sometimes be used to quickly deploy the feature on a single device. You will now deploy AVC monitoring on the GigabitEthernet0/1 of your router RTR-PODx-E . (This interface is connected to your switch SW-PODx-E.)

From Inventory>Network Device click your Router RTR-PODx-E

Select Configuration, and Expand App Visibility & Control , then select App Visibility

Page | 37

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select the Gigabit0/1 interface

Then select Enable App Visibility> App Visibility & Performance (IPv4)

See the message

Page | 38

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You preview the CLI

Then click deploy, wait a moment …

Then you get

Page | 39

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Go to Configuration Archive If the device sends syslog message to your PI, a configuration Archive will occur. Check if you have a recent config (not the case below)

if not, schedule an immediate archive

You can see the archive job running in the job dashboard (Administration> Jobs) . After a while it must complete with success.

After some time you will have your archive

Expand the new configuration and select compare previous running

Page | 40

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

As you can see, PI deployed configuration based on ezPM !!

Verify that you are receiving data through flexible netflow , Administration> data source

Select Select your data source (RTR-PODx-E) and see the netflow template

Page | 41

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You can drill down to the templates by clicking

you can also go to this page through Services> Netflow Templates

Exercise 2: Shared Policy Objects and Model Based Template: design an AVC template Shared Policy Object PI 2.0 introduced the concept of reusable objects called Shared Policy Objects. In 2.0, only 2 shared policy object existed : IPv4 subnet and Interface Role. These objects were used to customized model based template like AVC and ZBFW (Zone Based Firewal) . The release 2.2 have new objects : IPV6 Networks, Security Rule Parameter Map, Security Service, Security Zone. Select Configuration >Template> Shared Policy Objects > Shared > Interface Role Add a new interface role calle inside-interface , where interface Name is GigabitEthernet0/1

Page | 42

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Customize an Application Visibility model based template

Select Configuration > Features and Technologies

Then Application Visibility & Control > App Visibility Give a name

Page | 43

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select Router as Validation Criteria

Select the Interface role you have created in the field « Apply to Interface role »

Keep the default values

Page | 44

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Click Save as New Template

The template appears under « My Templates > Features and Technologies> App Visibility and control » and can now be deployed

Page | 45

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Deploy an Application Visibility model based template

Now you will configure the deployment process on your router RTR-PODx-E. Please don’t deploy on the router of another POD !!!! Select Deploy Select your router RTR-PODx-E in the device selection (Note : here you can select more than one device)

Notice that you can have an additionnal collector with PI 2.2

Page | 46

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Click CLI preview. Verify that it will be deployed on the appropriate interface (GigabitEthernet0/1)

Deploy but please don’t save in startup config

See the job result

Page | 47

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

– Partner VT Amsterdam –

Go to Inventory> network Device

click your device

Select Applied/Scheduled Templates

Exercice 3: Network Services: Application Visibility and Control In this exercise, you will explore some of the capabilities of PI regarding AVC Readiness assessment Select Services

>

AVC

>

Readiness

Assesment

Verify that your routers RTR-PODx-* are AVC capable . The router RTR-PODx-E where you deployed AVC previously should be marked as active

Page | 48

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

NBAR2 protocol pack Management Select Services > AVC >protocol packs management

You can populate on PI a repository of protocol packs (import) then deploy on the device. Deployment is a job which copies the appropriate protocol pack on flash then activate it in cli. On your system the repository is probably empty.

AVC profiles

AVC profiles, are configuration templates that can be deployed on interfaces. There are 3 categories 





QoS Classification Profiles. This profiles define how application traffic can be identified (based on NBAR2) and marked. 3 default profiles are provided out of the box according to Cisco best practices : 5 classes, 8 classes and 12 classes profiles. New profiles can be added QoS Action Profiles, define the egress action which will occured on egress traffic. (Queuing, Priority Queuing, BW reservation, shaping …) . 3 default profiles are provided (5,8,12 classes) out of the box. They can be modified and new profiles can be added as well APP visibility Profile : define the monitoring action (URL monitoring, traffic volume, Application Response Time , Voice/Video metrics ).

Select Services>AVC> AVC Profiles

Page | 49

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Now you will create a new classification profile based on the 5 class profile, but you will add the traffic to/from your PI server in the class « Transactional_data »

Select + to add a new profile

Choose create a classification profile

Page | 50

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Give a name, and chose 5 class

Then click Add to add your classification A new entry appears at the bottom

click Change the type from NBAR to L3/L4 (you will classify using your PI ip address) Select Apply IP/Port symmetrically Put YOUR PI IP address

Page | 51

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Click OK Select now the QoS class (Transactinal-Data)

Save the line

Save the profile

Page | 52

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Interface configuration

This new feature in 2.2 allow to enable AVC/QoS profiles on interface or interface groups

Select Services> AVC> Interface Configuration

Select the port group you created in previous lab (User Defined > myportgroup)

(Notice that one interface has already AVC deployed Select both interfaces

Click enable QoS Then select your profile (podx-profile)

Page | 53

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

you can preview CLI

Page | 54

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

then deploy Please don’t copy in startup !!

Check the status of the job in admistration> Job

Page | 55

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

PART 3: vNAM as a data source

Exercice 1 : Setup a vNAM A vNAM has already been deployed for your pod, it has just an IP address, and ssh/telnet is enabled . You will finish the config in this exercise The IP address of your vnam is 192.168.40.2x , telnet user is root/root

telnet/ssh to your nam, enable http server, use admin/cisco for admin user

Page | 56

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

now you can finish the config with your web browser

From administration , configure the network parameters

Page | 57

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

call the nam vnam-podx , add dns parameter as below

From administration > snmp , add snmp communities public : readonly, private : readwrite

Configute Time synchronisation from administration >System >System Time

Warning : Good time synchronisation between your NAM and your client is NOT an option

Page | 58

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

.

Exercice 2: How it works The vNAM has 2 ports, 1 management port and 1 monitoring. The vnic interface corresponding to the monitoring port has been configured in promiscuous mode on ESXi ,

Page | 59

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

The Physical interface is then connected to a switch where a monitoring session (SPAN) is setup

Exercice 3: Discover a few vNAM capabilities Monitor Dashboards

Monitor Dashboard are composed of TOP N oriented dashlets (TOP N Application, TOP N DSCP , TOP N encapsulation …) Select Monitor> Traffic Summary

Explore the Interactive report Filter. You can change report period, Site , Encapsulation .

Page | 60

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select Monitor> Response Time Summary You monitor here the application response time .

Analyze Dashboards Back to Traffic summary, select an application (here netflow) in the TOP N application Dashlet

Page | 61

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

you will drill down to this application. You can see the traffic volume over ther time, the sender and receiver , and the detail on application . Here this is 2 routers sending netflow data to a Prime Infrastructure .

Notice the Zoom Pan feature

Page | 62

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Back to Monitor> Response Time Summary

Click https and select Analyze application Response Time

Page | 63

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Here you can see the components of a transaction : network time, server time and data time. As you can see below, in this case , if http is slow , it’s not a nerworking issue 

Back to Traffic Summary, select an application and click real time

Page | 64

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Real time you will monitor every 5 sec

Packet Capture

Select again an application and click capture

Page | 65

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You can also create capture session, use filter,create triggered capture … Application Recognition

WIth 6.1, NAM software support NBAR 2. To enable the feature, Select Setupt> Classification > Application Settings

Page | 66

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

There are tons on other feature in the NAM, don’t hesitate to ask your lab proctor if you want more details.

Exercice 3 : Add the NAM in your Inventory Select Add Device

Add your own NAM (192.168.40.2x) , and select add devices

Select nam credential profile you created ealy, verigy and add

select add to add the nam in your inventory. You have now a new device category (may be you need to refresh your browser)

Page | 67

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

and you can see your virtual nam

Exercice 4 : Configure the NAM as a datasource At this time, the NAM data are not used by PI. You have to enable your NAM as a data source

Go to administration>Settings>Datasource You will see

Select the NAM and click enable

After some time the data source will become active

Exercice 5 : View NAM data in PI Select for Example Dashboard> Service Assurance In the Top N application dashlet, Hover the upper right corner and clic the edit (pencil) icon Select the nAM as data source , save and close

Page | 68

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 6 : Packet capture in PI Select Monitor > Tools> Packet Capture Then Capture Session (upper right)

Page | 69

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Create

Give a name and select Device >Add

Add your NAM

Page | 70

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Expand the NAM and add the Dataport

Click Create and Start

You will see your session running

You can stop it, go back to Monitor > Tools> Capture Select your capture and decode

Page | 71

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

PART 4: PI Deployment capabilities : High Availability, Operation Center Exercice 1: High Availability You will configure now, an HA pair with a PI primary server , 192.168.193.5x and a secondary 192.168.193.15x.

The primary is already configured as standalone with devices inside.

Mail Server destination .

Failover operations send mail to predefined mail destination. You should then configure a SMTP destination on the primary PI server : 192.168.193.5x. Connect to this server first and logon as root/Public123 From Administration > System settings , Configure SMTP destination . Server is 192.168.40.1 Use a user call [email protected] (x is your pod number)

Page | 72

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select test, and add if success . Verify it works : connect with http to the mail server, use your username (pi-userx) and cisco as password

Page | 73

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You should have received your test mail.

Adding a virtual domain

Quicky add a virtual domain in this server , it’s not for HA … You will understand later  Select admin > Virtual Domain

Page | 74

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Create a subdomain from root

and add the 2 nexus 5K (DC-1 and DC-2)

Enabling High availability

Go to Administration> System > High Availability Check the HA status

Select Configuration (left column) And enter HA config : -

Secondary is 192.168.193.15x Key is Public123 You cane nable a Virtual IP and use 192.168.193.11x Choose Manual failover Page | 75

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

After a while you while have this window, it can take some time to complete (10/15 min) . You can to the next exercise, you will come back here later.

Check configuration

Page | 76

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

You can also connect to the Helath monitor of the secondary, use the secondary ip address and port 8082, and use the HA key (Public123)

see below, your secondary is syncing , means it is in standby mode and database and file are in sync.

Verify that you Virtual IP is functional

Page | 77

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Exercice 2: OpCenter Enabling OpCenter Server

To convert a PI into an OpCenter, you just have to apply a license

Connect to the server 192.168.40.15x , user root/Public 123 This server is empty.

go to Administration License

Page | 78

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Select file> License files

Select Add , and select the provided licence file

you have now a cluster license

Logout and login

Page | 79

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

see the Banner

and the menus and logon page Remark also that you have no virtual domains

Single sign on

Before Adding Server, you must configure your cluster as SSO server and your instances as SSO client On the OpCenter, 192.168.40.15x, select

add the server itself as sso server

Page | 80

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

enable SSO

keep SSO mode local (this means that the SSO server can also you an external aaa radius or tacacs server)

On first instance, 192.168.40.5x , add sso server (it will be the opCenter )

Page | 81

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

and enable SSO

On the second Instance (use HA VIP or VIP name ) Do the same Adding Servers

You must add your 2 server instances , pi-podx and your HA server (use the HA virtual pi-v-podx ) Add the first one : pi-podx.prime.ciscofrance.com

Page | 82

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Server is added

Add now the second pi-p-podx.prime.ciscofrance.com Finally you will have

OpCenter Navigation

Look the home page

Page | 83

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Look the monitor > network device

Remark that you have an extra column : Prime Server Click on a device name first : you have only device details

Back to the Monitor> network device page , click on Prime server name

Page | 84

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

This drill down to the appropriate server (with sso) in another window

Look at the virtual domains : you should see the ROOT-DOMAIN and the domain testVD

Select the domain testVD, see the device list

Do you understand how it works ?

Select Monitor > alarms and events See alarms aggregated from both PI servers.

Page | 85

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Go to Client and Users , see endpoints collected by both instances

you can also test the generic search . You should have a user with your pod number : podx , search for him in the generic search window

Page | 86

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Examine the available reports

Exercice 3: Failover. You will stop the server pi-p-podx , this should trigger a manual failover. Connect to the server through ssh, and halt it

Connect to your mail account. You should see this mail

Page | 87

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

Launch the URL, this is the health monitor of the secondary Use the key : Public123

Click the failover button

wait the failover .

until

Logon to the secondary (you can use the Virtual ip )

Page | 88

https://pi-podx.prime.ciscofrance.com

Cisco Prime Infrastructure 2.2 lab

– Partner VT Amsterdam –

Oct 30th, 2014

and verify the status . Secondary must be active

you will also receive an e-mail

Check on the operation center. You see that OpCenter automatically switched to the secondary.

################################### END OF LAB #####################################

Page | 89

https://pi-podx.prime.ciscofrance.com