cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9609
Views
66
Helpful
11
Replies

Expand your Tool Belt with TAC Knowledge Through the Cisco CLI Analyzer - AMA

ciscomoderator
Community Manager
Community Manager
This event is an opportunity to discuss about Cisco CLI Analyzer, its features, capabilities, and usage. The Cisco CLI Analyzer is a smart terminal emulator designed with internal TAC knowledge built in. Much like any terminal emulator, the CLI Analyzer provides the ability to store credentials for multiple devices as well as support for SSH and telnet. The CLI Analyzer is built to recognize and provide specific tools based on the Cisco device that you are connecting to.
Our experts can help you to solve your doubts here after the event!

To participate in this event, please use the Join the Discussion : Cisco Ask the Expertbutton below to ask your questions

Ask questions from Thursday 17th to Tuesday 22nd of December, 2020

Featured experts
noliver.jpgNick Oliver is a Technical Leader in the Cisco Customer Experience (CX) organization and specializes in Core Routing and Switching Software Architectures. He works primarily on Cisco IOS XE routers and switches and Cisco NX-OS switches. He has spent the past 20 years supporting a wide range of customers and loves solving complex problems. Nick holds a bachelor's degree in computer science from North Carolina State University and a CCIE certification in Enterprise Infrastructure (#21782).

magnus.pngMagnus Mortensen started his career at Cisco in 2006 as a TAC Engineer focusing on our Security product line. He is now a Principal Engineer in our CX organization, still with a focus on Security. His passions around innovation, automation, have fueled his career and led him to create everything from new case handling systems to Cisco CX's core automated problem detection system. Magnus is rarely satisfied with the status quo and is always looking for the next thing to improve.

For more information, visit the CLI Analyzer category.

Slides AMA Video Video

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
11 Replies 11

ciscomoderator
Community Manager
Community Manager

Hi Nick, Magnus, Scott and Dave thanks for sharing your knowledge and providing such an amazing session.

Please help us to answer the remaining questions from the live session:

  • Having IOS-XE is the only condition to support packet capture? For instance, does an ISR4000 supports it?

The Packet Capture Tool is supported for the following underlying CLI based tools:

 

Embedded Packet Capture (both IOS and IOS-XE Routers and Switches)
ASA Packet Capture
CPU Queue Debugging (4500 Switches)
Ethanalyzer (NX-OS Switches)
ELAM (Nexus 7000)

 

So the short answer is yes the ISR4000 also supports it. Additional details on using it are available here:
https://community.cisco.com/t5/cisco-cli-analyzer/using-the-packet-capture-tool-on-the-cli-analyzer/td-p/3064001

 

ciscomoderator
Community Manager
Community Manager
  • Which port needs to be opened on our Perimeter firewall to allow the CLI tool to work?

The reaching back to Cisco for "System Diagnostics" and other tools leverage HTTPS (TCP/443), and it is an outbound connection (like a web browser would). The only "inbound" connection would be for CLI Session Sharing and the that would likely require some port forwarding, etc. You can see the default port in Settings -> Connections... it is TCP/8090, so if you wanted to have someone external to your firewall connect to a session share hosted internally, you would need to likely open port TCP/8090 and do some additional NAT to forward that port to some host within your network. If two CLI Analyzers are on the same LAN and Layer-3 reachable, then Session Sharing should work fine. During the demo, NIck's laptop and mine were able to reach one another through Cisco's network so we didn't need to open any firewall rules/ports on the devices between us.

ciscomoderator
Community Manager
Community Manager
  • I have two questions related to the demo: How did Nick initially gave permission to Magnus to access 3 devices? And, having added 3 devices, would he be able to access a 4th device as well?

The access is granted on a per-session basis.  So During the demo Magnus only had access to the ASA that he was grated access to.  If I wanted to grant access to the other devices in the demo we would have done that on a device by device basis by clicking first on the "Session Sharing" icon in the top right, and then clicking on "Share Session" and then sharing the ip address and Session Key.  The individual joining the share then clicks on "New Session" and changes it from SSH to "Shared" and inputs these details. 

 

Additional details about Session Sharing are available in the CLI Analyzer by clicking on:

Feature Guide -> 3.1.0 Features -> Session Sharing

 

https://cway.cisco.com/docs/cisco-cli-analyzer/latest/Connection_Tab.htm
https://cway.cisco.com/docs/cisco-cli-analyzer/latest/Shared_Device_Sessions.htm

 

Hope that helps

You can enable "Session Sharing" on a per device basis once you yourself have connected to it. In the upper right of the client, you will see this icon:
Screen Shot 2020-12-18 at 10.09.57 AM.png

That will enable that session to be shared... If you don't see that option... check the Setting -> Connections to ensure "Session Sharing" is enabled.

Screen Shot 2020-12-18 at 10.11.04 AM.png

I was looking for an option to analyse multiple show tech file instead of adding it one by one. for example I need to analyse show tech file for 10 devices. instead of analysing it one by one I would like to do it all together. 



Response Signature


Nithin, 

Thanks for your question.  Right now there is no way to analyze multiple 'show tech' outputs through a single interface.  We will make a note of your request as a possible future enhancement. 

 

There is a new tool that is a possibility for what you are asking, called CX Cloud that you may want to look into:
https://www.cisco.com/c/m/en_us/customer-experience/cx-cloud.html

 

Hope that help,

Nick

is there a way I can  connect CLI  using my codes so  I can push  files for analysing and  take output as Json file ?



Response Signature


The external API's that are leverage by the CLI Analyzer are not exposed for direct usage outside of the tool itself. If you are looking to analyze multiple devices at once you might want to look at the "Connected TAC" covered here:

https://www.cisco.com/c/en/us/support/services/connected-tac/index.html

 

It goes over the the concept of "My Diagnostic Bridge" which is a separate VM installed on your network that enables multiple diagnostic scans on a scheduled or on demand basis across multiple devices.