Descripción: 4 Lab Guide Prime Infrastructure 2.2...
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Cisco Prime Infrastructure 2.2 Partner VT – Amsterdam, October 30th 2014
Agenda UNDERSTANDING THE LAB ENVIRONMENT CONNECTION TO THE LAB
2 3
PART 1: INVENTORY FEATURES : CREDENTIAL PROFILES, DISCOVERY , MULTIPLE EDIT , GROUPING, TOPOLOGY 5 EXERCICE 1: POPULATING DEVICE INVENTORY EXERCICE 2: VERIFYING/UPDATING CREDENTIALS, ADDING SINGLE DEVICES, MULTIPLE EDIT EXERCICE 3: DEVICE 360 EXERCICE 4: DEVICE DETAILS EXERCICE 5 : TOPOLOGY MAIN WINDOW, 360 VIEW AND DASHLET EXERCICE 2 : DEVICE GROUPS CREATING LOCATION GROUPS CREATING A VIRTUAL DOMAIN EXERCICE 7 : NETWORK TOPOLOGY MAPS EXERCISE 8: PORT GROUP
5 12 14 18 20 27 27 29 30 35
PART 2: CONFIGURATION FEATURES : AVC AND QOS
37
EXERCISE 1: ONE CLICK TEMPLATE FOR AVC AND QOS EXERCISE 2: SHARED POLICY OBJECTS AND MODEL BASED TEMPLATE: DESIGN AN AVC TEMPLATE SHARED POLICY OBJECT CUSTOMIZE AN APPLICATION VISIBILITY MODEL BASED TEMPLATE DEPLOY AN APPLICATION VISIBILITY MODEL BASED TEMPLATE EXERCICE 3: NETWORK SERVICES: APPLICATION VISIBILITY AND CONTROL READINESS ASSESSMENT NBAR2 PROTOCOL PACK MANAGEMENT AVC PROFILES INTERFACE CONFIGURATION
37 42 42 43 46 48 48 49 49 53
PART 3: VNAM AS A DATA SOURCE
56
EXERCICE 1 : SETUP A VNAM EXERCICE 2: HOW IT WORKS EXERCICE 3: DISCOVER A FEW VNAM CAPABILITIES MONITOR DASHBOARDS ANALYZE DASHBOARDS REAL TIME PACKET CAPTURE APPLICATION RECOGNITION
56 59 60 60 61 65 65 66 Page | 1
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
EXERCICE 3 : ADD THE NAM IN YOUR INVENTORY EXERCICE 4 : CONFIGURE THE NAM AS A DATASOURCE EXERCICE 5 : VIEW NAM DATA IN PI EXERCICE 6 : PACKET CAPTURE IN PI
67 68 68 69
PART 4: PI DEPLOYMENT CAPABILITIES : HIGH AVAILABILITY, OPERATION CENTER
72
EXERCICE 1: HIGH AVAILABILITY MAIL SERVER DESTINATION . ADDING A VIRTUAL DOMAIN ENABLING HIGH AVAILABILITY EXERCICE 2: OPCENTER ENABLING OPCENTER SERVER SINGLE SIGN ON ADDING SERVERS OPCENTER NAVIGATION EXERCICE 3: FAILOVER.
72 72 74 75 78 78 80 82 83 87
Understanding the lab environment The lab infrastructure deployment is shown below.
Page | 2
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Each student group own a POD which contains 1 catalyst 3560v2, 2 catalyst 3850 , one ISR G2 892, one ISR G2 2911, one WLC 2504 and one virtual NAM, 3 AP, 3 phones . Each POD is divided in 2 ports: The East Part, and the West Part The rest of the infrastructure is shared. The table below gives the Name SW-PODx-E SW-PODx-W RTR-PODx-E RTR-PODx-W WLC-PODx-W vNAM-PODx PI-PODx SSOx PI-P-PODx PI-S-PODx PI-V-PODx
Model 3850 3560V2 ISR 2911 ISR 892 WLC 2504 vNAM
Loopback0 10.14.20x.1 10.14.20x.2 10.14.20x.3 10.14.20x.4 172.195.x.1 192.168.40.2x 192.168.40.5x 192.168.40.15x 192.168.193.5x 192.168.193.15x 192.168.193.11x
Connection to the lab
Page | 3
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You must use Cisco AnyconnectVPN client. Launch it , server is primelab-eu.cisco.com
Username is pi-lab Ask Proctor for the password.
If you don’t have CiscoAnyConnect installed, you can install it from https://primelab-eu.cisco.com username pi-lab, password : ask your lab proctor.
Page | 4
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
PART 1: Inventory features : Credential profiles, Discovery , Multiple Edit , Grouping, Topology
Exercice 1: Populating device Inventory There are 3 ways to populate the inventory, adding a single device, doing a bulk import, and configuring an automatic device discovery. In this section you will do a discovery
Launch PI Logon to PI plateform https://pi-podx.prime.ciscofrance.com If you have any issue with dns resolution, use 192.168.40.5x (x is your pod number)
Verify the level of patch :
Page | 5
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
User: root, Password: Public123
You should see an empty overview dashboard
From Inventory> Device Management , select Credential Profiles
Page | 6
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select Add
Add a Credential Profile called "default" with the following credentials
snmp Read Community : public snmp Write Community : private ssh user : admin/C1sc0123 enable password C1sc0123 http user : admin/C1sc0123
Page | 7
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Add another credential profile, called nam, with the following parameters (optionally, you can use the Copy )
snmp Read Community : public snmp Write Community : private ssh user : root /root http user : admin/cisco
You will use this one later in the lab. Finally you should have something like
Create now the discovery job : Select Inventory> Device Management> Discovery
Select Discovery Setting (Upper right corner)
Page | 8
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select "New"
Give a name,expand Layer 2 protocol and expand Cisco Discovery Protocol
Page | 9
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Enable cdp, cross router boundary Add a seed device (10.14.20x.2), 10 hops
Expand "Credential Set" and add the row as below
Page | 10
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Save and Run
and
The discovery creates a job that you can see in the discovery job dashboard
You can refresh to see the progress
after a couple of minutes, discovery should be completed
Page | 11
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 2: Verifying/Updating credentials, adding single devices, multiple edit
From Inventory > Device Management > Network Devices .
This inventory replaces the device workcenter from 2.1 and earlier versions
Page | 12
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
click the device group: All devices
Select “Add Device”, and add the device 192.168.193.100 with the default credential profile
You should see a new device category: UCS B series
Page | 13
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Then select several devices. Remark, you can now edit multiple devices (edit devices in bulk)
click cancel
Exercice 3: Device 360 From Inventory > Device Management > Network Devices . Select a device (a router or a switch)
Page | 14
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select « Neighbors » . In 2.2 , you can see both local and remote port (only remote port in 2.1 and before)
Page | 15
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select the icon
And see the topology from this device !
Page | 16
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
You can select the icon
– Partner VT Amsterdam –
Oct 30th, 2014
to change the layout and the number of hops.
Page | 17
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 4: Device details From Inventory > Device Management > Network Devices .
Click on a device name (a router or a switch) Page | 18
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Explore the different menus
Explore Similar Menus with your wireless lan controller. What do you notice ? How many access points are registered ?
Explore Similar menus for the UCS B series
Page | 19
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 5 : Topology main window, 360 view and dashlet Select maps> Topology Then drill-down to location> All Locations > Unassigned
Play with the different options -
layout
Page | 20
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
-
zoom
-
overview
– Partner VT Amsterdam –
Page | 21
Oct 30th, 2014
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select a device and launch the 360 view
Page | 22
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
click the topology icon
Page | 23
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Change the layout and number of hops
Page | 24
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select now Dashboard>General
Add a Topology Dashlet
Page | 25
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Move the dashlet on upper right corner and configure it to display the All Locations> Unassigned , with a symetric layout. (Mouse over the right corner of the dashlet and select the icon mode)
Page | 26
to enter config
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 2 : device groups PI provides several device grouping capabilities :
The device groups The location groups The site maps The virtual domain
A device group, contains devices for different purposes (configuration, monitoring). A device can join a group statically or dynamically based on a membership rule. In this case, if a new device matches this rule, it automatically joins the group. Some inventory attributes are provided to be used in the membership rule (name, location, type, user define field …). A single device can belong to more than one device group. Predefined device groups exist based on device model. Location Group are conceptually identical to a device group : this is a device group based on location parameters, either snmp location, or switch location (civic address attributes) .This is a new feature of PI 2.2 which replaces somewhere the use of sites. Membership to a location group is either static or dynamic. The site maps are groups of Access points on a map. Access points are positionned on a map and allow to create wireless heatmap . Sites are organized as a 3 level hierarchy : campus/building/floors. Membership of an AP to a site is static (manually added/removed) but a feature called « automatic hierarchy creation » allow creation and addition of APs in a site based on their name. Virtual domains allow grouping for administrative purpose (Role Based Access Control) .
Creating Location Groups
In this exercise, you will create 3 location groups : -
Provider East West
Based on the SNMP location parameter of your device. But , before you will create an umbrella group called PI-LAB From Inventory>Device Management > Network Devices , Hover over Location , and select « Add subgroup »
Page | 27
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Just name it PI-LAB and save
Select this group and “Add Subgroup”
Name the group East Add a membership rule based on syslocation
Preview the device list
Page | 28
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Create in the same way the location group West (syslocation contains West) and the site group Provider (syslocation contains provider). Both must be subgroup of PI-LAB You should have the following:
Creating a virtual domain
We will not spend time on virtual domain in this lab , just create one quickly called « testVD » and put a few devices in it … you will understand later …
Page | 29
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Create sub domain testVD
add the network devices SW-SP1-A, SW-SP1-B and SW-SP2
Exercice 7 : Network topology Maps Go now to Maps> Network Topology
Page | 30
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select User Defined - > PILAB-Network
Click one group
Explore drill down and expand
Page | 31
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Page | 32
Oct 30th, 2014
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Click a link to see the components Page | 33
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Play with the layout, expand /collapse groups
Select now Dashboard > Overview >General
Page | 34
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
May be the topology dashlet is like that now !!
Why ? Change it to
Exercise 8: Port Group Small exercise here, nothing new in 2.2 , but you need this port group later …
Select Inventory> Grouping> Port
Page | 35
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select Add subgroup under User defined
Select a static port group, give a name and save
You can use a filter to select YOUR router , 10.14.20x.3 and select GigabiEthernet 0/0 and 0/1
Select the appropriate port and move them to the group you created (add to group) Page | 36
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
PART 2: Configuration features : AVC and QOS Exercise 1: One click template for AVC and QoS PI provides model based templates to deploy technology features on devices. These templates cover Security Features (Zone Based Firewall, ACL, DMVPN, GetVPN, ScanSafe …) , Routing (OSPF, EIGRP …) , AVC (Application Visibility and Control) . Model Based Template can be deployed on multiple devices or can sometimes be used to quickly deploy the feature on a single device. You will now deploy AVC monitoring on the GigabitEthernet0/1 of your router RTR-PODx-E . (This interface is connected to your switch SW-PODx-E.)
From Inventory>Network Device click your Router RTR-PODx-E
Select Configuration, and Expand App Visibility & Control , then select App Visibility
Page | 37
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select the Gigabit0/1 interface
Then select Enable App Visibility> App Visibility & Performance (IPv4)
See the message
Page | 38
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You preview the CLI
Then click deploy, wait a moment …
Then you get
Page | 39
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Go to Configuration Archive If the device sends syslog message to your PI, a configuration Archive will occur. Check if you have a recent config (not the case below)
if not, schedule an immediate archive
You can see the archive job running in the job dashboard (Administration> Jobs) . After a while it must complete with success.
After some time you will have your archive
Expand the new configuration and select compare previous running
Page | 40
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
As you can see, PI deployed configuration based on ezPM !!
Verify that you are receiving data through flexible netflow , Administration> data source
Select Select your data source (RTR-PODx-E) and see the netflow template
Page | 41
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You can drill down to the templates by clicking
you can also go to this page through Services> Netflow Templates
Exercise 2: Shared Policy Objects and Model Based Template: design an AVC template Shared Policy Object PI 2.0 introduced the concept of reusable objects called Shared Policy Objects. In 2.0, only 2 shared policy object existed : IPv4 subnet and Interface Role. These objects were used to customized model based template like AVC and ZBFW (Zone Based Firewal) . The release 2.2 have new objects : IPV6 Networks, Security Rule Parameter Map, Security Service, Security Zone. Select Configuration >Template> Shared Policy Objects > Shared > Interface Role Add a new interface role calle inside-interface , where interface Name is GigabitEthernet0/1
Page | 42
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Customize an Application Visibility model based template
Select Configuration > Features and Technologies
Then Application Visibility & Control > App Visibility Give a name
Page | 43
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select Router as Validation Criteria
Select the Interface role you have created in the field « Apply to Interface role »
Keep the default values
Page | 44
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Click Save as New Template
The template appears under « My Templates > Features and Technologies> App Visibility and control » and can now be deployed
Page | 45
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Deploy an Application Visibility model based template
Now you will configure the deployment process on your router RTR-PODx-E. Please don’t deploy on the router of another POD !!!! Select Deploy Select your router RTR-PODx-E in the device selection (Note : here you can select more than one device)
Notice that you can have an additionnal collector with PI 2.2
Page | 46
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Click CLI preview. Verify that it will be deployed on the appropriate interface (GigabitEthernet0/1)
Deploy but please don’t save in startup config
See the job result
Page | 47
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
Oct 30th, 2014
– Partner VT Amsterdam –
Go to Inventory> network Device
click your device
Select Applied/Scheduled Templates
Exercice 3: Network Services: Application Visibility and Control In this exercise, you will explore some of the capabilities of PI regarding AVC Readiness assessment Select Services
>
AVC
>
Readiness
Assesment
Verify that your routers RTR-PODx-* are AVC capable . The router RTR-PODx-E where you deployed AVC previously should be marked as active
Page | 48
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
NBAR2 protocol pack Management Select Services > AVC >protocol packs management
You can populate on PI a repository of protocol packs (import) then deploy on the device. Deployment is a job which copies the appropriate protocol pack on flash then activate it in cli. On your system the repository is probably empty.
AVC profiles
AVC profiles, are configuration templates that can be deployed on interfaces. There are 3 categories
QoS Classification Profiles. This profiles define how application traffic can be identified (based on NBAR2) and marked. 3 default profiles are provided out of the box according to Cisco best practices : 5 classes, 8 classes and 12 classes profiles. New profiles can be added QoS Action Profiles, define the egress action which will occured on egress traffic. (Queuing, Priority Queuing, BW reservation, shaping …) . 3 default profiles are provided (5,8,12 classes) out of the box. They can be modified and new profiles can be added as well APP visibility Profile : define the monitoring action (URL monitoring, traffic volume, Application Response Time , Voice/Video metrics ).
Select Services>AVC> AVC Profiles
Page | 49
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Now you will create a new classification profile based on the 5 class profile, but you will add the traffic to/from your PI server in the class « Transactional_data »
Select + to add a new profile
Choose create a classification profile
Page | 50
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Give a name, and chose 5 class
Then click Add to add your classification A new entry appears at the bottom
click Change the type from NBAR to L3/L4 (you will classify using your PI ip address) Select Apply IP/Port symmetrically Put YOUR PI IP address
Page | 51
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Click OK Select now the QoS class (Transactinal-Data)
Save the line
Save the profile
Page | 52
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Interface configuration
This new feature in 2.2 allow to enable AVC/QoS profiles on interface or interface groups
Select Services> AVC> Interface Configuration
Select the port group you created in previous lab (User Defined > myportgroup)
(Notice that one interface has already AVC deployed Select both interfaces
Click enable QoS Then select your profile (podx-profile)
Page | 53
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
you can preview CLI
Page | 54
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
then deploy Please don’t copy in startup !!
Check the status of the job in admistration> Job
Page | 55
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
PART 3: vNAM as a data source
Exercice 1 : Setup a vNAM A vNAM has already been deployed for your pod, it has just an IP address, and ssh/telnet is enabled . You will finish the config in this exercise The IP address of your vnam is 192.168.40.2x , telnet user is root/root
telnet/ssh to your nam, enable http server, use admin/cisco for admin user
Page | 56
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
now you can finish the config with your web browser
From administration , configure the network parameters
Page | 57
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
call the nam vnam-podx , add dns parameter as below
From administration > snmp , add snmp communities public : readonly, private : readwrite
Configute Time synchronisation from administration >System >System Time
Warning : Good time synchronisation between your NAM and your client is NOT an option
Page | 58
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
.
Exercice 2: How it works The vNAM has 2 ports, 1 management port and 1 monitoring. The vnic interface corresponding to the monitoring port has been configured in promiscuous mode on ESXi ,
Page | 59
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
The Physical interface is then connected to a switch where a monitoring session (SPAN) is setup
Exercice 3: Discover a few vNAM capabilities Monitor Dashboards
Monitor Dashboard are composed of TOP N oriented dashlets (TOP N Application, TOP N DSCP , TOP N encapsulation …) Select Monitor> Traffic Summary
Explore the Interactive report Filter. You can change report period, Site , Encapsulation .
Page | 60
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select Monitor> Response Time Summary You monitor here the application response time .
Analyze Dashboards Back to Traffic summary, select an application (here netflow) in the TOP N application Dashlet
Page | 61
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
you will drill down to this application. You can see the traffic volume over ther time, the sender and receiver , and the detail on application . Here this is 2 routers sending netflow data to a Prime Infrastructure .
Notice the Zoom Pan feature
Page | 62
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Back to Monitor> Response Time Summary
Click https and select Analyze application Response Time
Page | 63
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Here you can see the components of a transaction : network time, server time and data time. As you can see below, in this case , if http is slow , it’s not a nerworking issue
Back to Traffic Summary, select an application and click real time
Page | 64
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Real time you will monitor every 5 sec
Packet Capture
Select again an application and click capture
Page | 65
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You can also create capture session, use filter,create triggered capture … Application Recognition
WIth 6.1, NAM software support NBAR 2. To enable the feature, Select Setupt> Classification > Application Settings
Page | 66
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
There are tons on other feature in the NAM, don’t hesitate to ask your lab proctor if you want more details.
Exercice 3 : Add the NAM in your Inventory Select Add Device
Add your own NAM (192.168.40.2x) , and select add devices
Select nam credential profile you created ealy, verigy and add
select add to add the nam in your inventory. You have now a new device category (may be you need to refresh your browser)
Page | 67
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
and you can see your virtual nam
Exercice 4 : Configure the NAM as a datasource At this time, the NAM data are not used by PI. You have to enable your NAM as a data source
Go to administration>Settings>Datasource You will see
Select the NAM and click enable
After some time the data source will become active
Exercice 5 : View NAM data in PI Select for Example Dashboard> Service Assurance In the Top N application dashlet, Hover the upper right corner and clic the edit (pencil) icon Select the nAM as data source , save and close
Page | 68
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 6 : Packet capture in PI Select Monitor > Tools> Packet Capture Then Capture Session (upper right)
Page | 69
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Create
Give a name and select Device >Add
Add your NAM
Page | 70
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Expand the NAM and add the Dataport
Click Create and Start
You will see your session running
You can stop it, go back to Monitor > Tools> Capture Select your capture and decode
Page | 71
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
PART 4: PI Deployment capabilities : High Availability, Operation Center Exercice 1: High Availability You will configure now, an HA pair with a PI primary server , 192.168.193.5x and a secondary 192.168.193.15x.
The primary is already configured as standalone with devices inside.
Mail Server destination .
Failover operations send mail to predefined mail destination. You should then configure a SMTP destination on the primary PI server : 192.168.193.5x. Connect to this server first and logon as root/Public123 From Administration > System settings , Configure SMTP destination . Server is 192.168.40.1 Use a user call
[email protected] (x is your pod number)
Page | 72
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select test, and add if success . Verify it works : connect with http to the mail server, use your username (pi-userx) and cisco as password
Page | 73
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You should have received your test mail.
Adding a virtual domain
Quicky add a virtual domain in this server , it’s not for HA … You will understand later Select admin > Virtual Domain
Page | 74
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Create a subdomain from root
and add the 2 nexus 5K (DC-1 and DC-2)
Enabling High availability
Go to Administration> System > High Availability Check the HA status
Select Configuration (left column) And enter HA config : -
Secondary is 192.168.193.15x Key is Public123 You cane nable a Virtual IP and use 192.168.193.11x Choose Manual failover Page | 75
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
After a while you while have this window, it can take some time to complete (10/15 min) . You can to the next exercise, you will come back here later.
Check configuration
Page | 76
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
You can also connect to the Helath monitor of the secondary, use the secondary ip address and port 8082, and use the HA key (Public123)
see below, your secondary is syncing , means it is in standby mode and database and file are in sync.
Verify that you Virtual IP is functional
Page | 77
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Exercice 2: OpCenter Enabling OpCenter Server
To convert a PI into an OpCenter, you just have to apply a license
Connect to the server 192.168.40.15x , user root/Public 123 This server is empty.
go to Administration License
Page | 78
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Select file> License files
Select Add , and select the provided licence file
you have now a cluster license
Logout and login
Page | 79
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
see the Banner
and the menus and logon page Remark also that you have no virtual domains
Single sign on
Before Adding Server, you must configure your cluster as SSO server and your instances as SSO client On the OpCenter, 192.168.40.15x, select
add the server itself as sso server
Page | 80
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
enable SSO
keep SSO mode local (this means that the SSO server can also you an external aaa radius or tacacs server)
On first instance, 192.168.40.5x , add sso server (it will be the opCenter )
Page | 81
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
and enable SSO
On the second Instance (use HA VIP or VIP name ) Do the same Adding Servers
You must add your 2 server instances , pi-podx and your HA server (use the HA virtual pi-v-podx ) Add the first one : pi-podx.prime.ciscofrance.com
Page | 82
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Server is added
Add now the second pi-p-podx.prime.ciscofrance.com Finally you will have
OpCenter Navigation
Look the home page
Page | 83
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Look the monitor > network device
Remark that you have an extra column : Prime Server Click on a device name first : you have only device details
Back to the Monitor> network device page , click on Prime server name
Page | 84
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
This drill down to the appropriate server (with sso) in another window
Look at the virtual domains : you should see the ROOT-DOMAIN and the domain testVD
Select the domain testVD, see the device list
Do you understand how it works ?
Select Monitor > alarms and events See alarms aggregated from both PI servers.
Page | 85
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Go to Client and Users , see endpoints collected by both instances
you can also test the generic search . You should have a user with your pod number : podx , search for him in the generic search window
Page | 86
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Examine the available reports
Exercice 3: Failover. You will stop the server pi-p-podx , this should trigger a manual failover. Connect to the server through ssh, and halt it
Connect to your mail account. You should see this mail
Page | 87
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
Launch the URL, this is the health monitor of the secondary Use the key : Public123
Click the failover button
wait the failover .
until
Logon to the secondary (you can use the Virtual ip )
Page | 88
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
– Partner VT Amsterdam –
Oct 30th, 2014
and verify the status . Secondary must be active
you will also receive an e-mail
Check on the operation center. You see that OpCenter automatically switched to the secondary.
################################### END OF LAB #####################################
Page | 89
https://pi-podx.prime.ciscofrance.com
