cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
10568
Views
301
Helpful
57
Replies
Highlighted
Frequent Contributor

Ask the Expert: Cisco Prime Infrastructure - Implementation and Deployment

Welcome to the Cisco Support Community Ask the Expert conversation.

This Ask The expert Session will cover questions spanning Cisco Prime Infrastructure on Implementation and Deployment on Wired and Wireless. This will be more specific to Customer’s and Partners questions product covering PI on configuration, Features and Menu, Network Monitoring, Maps, Implementation, High Availability and Maintenance and t/s parts.

Monday, February 2nd, 2015 to Friday, February 13th, 2015

Dhiresh Yadav is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco Prime Infrastructure and Cisco Wireless products. He has over 7 years of industry experience working with large enterprise and service provider networks. He also holds CCNP (RS) and CCIE (DC) certifications.
 
Afroz Ahmad is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco NMS products like Prime Infrastructure, LMS, IP SLA and SNMP etc. He has over 7 years of industry experience working with large enterprise and service provider networks. He also holds CCNP (RS),CCIE (DC), and SCJP (Sun Certified Java Professional )
 
Vinod Kumar Arya is a customer support engineer in High-Touch Technical Services (HTTS)  handling supporting Wireless and Network Management based Cisco products and is based in Bangalore. His areas of expertise include Cisco NMS products like Prime Infrastructure, LMS, IP SLA and SNMP etc. He has over 8 years of industry experience working with large enterprise and service provider networks. He also holds VCP 5 and RHCE certifications.
 

** Remember to use the rating system to let the experts know you have received an adequate response.**

Because of the volume expected during this event, the experts might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, > Network Management, shortly after the event. This event lasts through February 13th 2015. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

57 REPLIES 57
Highlighted

Hi Lothar,

Thanks for your time for joining this event.

 

- 1 -

Known from LMS 4.x it is possible to upload an offline-EoX-PSIRT offline file to update End-of-Life database of PI (especially for systems not directly connected with the internet, due to security reasons).

Within PI 2.2 I wasn't able to find a similar procedure.

Are there any plans to enable/implement offline-update EoX/PSIRT information?

 

**************

PSIRT report is based on compliance services, by default it is enabled under

Admin> System settings> Server settings.

The directory contain the PSIRT is:
/opt/CSCOlumos/staging/ifm/swim/psirt/data/localrepository/PSIRT_EOX_OFFLINE.zip, the
update function currently is broken in PI, suppose you can do update from  Administration
> Import Policy Update, however the link is broken and the bugs had been logged on it.
as of now the compliance policy update is only for LMS so far, unfortunately not for PI yet.

One related BUG which i found is ::

CSCum87046    PI PSIRT/EOL Data is 12 months out of date

***************

- 2 -

It seems that Syslog-Messages sent to PI Syslog-Server are no longer stored first in a raw file and the processed in db, so that it is no longer possible to create a raw dump of it.

Is that a known issue, and are there any workarounds to export in db stored messages to raw file?

 

*********************

In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered , the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The syslog messages will not be saved into log files  as per the current design.

Unfortunately , as of now due to this behavior we can’t read and backup  the syslogs  from Prime Infrastructure .

*******************

Even I am hoping to see the at least  the syslogs functionality  working as LMS in PI in coming releases :-)

 

Thanks-

Afroz

***Ratings Encourages Contributors ****

 

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Lothar,

Please note that regarding your question #1, the Compliance function is broken in PI 2.2. This is noted in the PI 2.2 release notes.

The PSIRT/EoX analysis is part of Compliance and thus unavailable until it is restored to working order in a future update.

Highlighted

Thank You Marvin for highlighting this.

Its important to share that, due to a technical/architectural problem, the Compliance Service process is disabled in Prime Infrastructure 2.2. As a result of this, the PSIRT compliance reports and the EoX device reports are not available in Prime Infrastructure 2.2. These reports are expected to be available in the next version of Prime Infrastructure.

This  problem was initially reported as a bug in PI:
 
CSCun09011 - PI transmits Cisco.com credentials insecurely

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Highlighted

Hi Vinod, Marvin,

 

thanks for highlighting this.

Unfortunately another reason for current LMS-Users not to upgrade/use PI 2.x :-{

Hopefully until the end of 2015 a PI-Version is available supporting the needs for wired managed as LMS did/does!

 

Lothar

 

Highlighted

Hi,

is there a plan to improve the performance from the prime in any way?

For example we had a WLC 7500 with a little over 2700 access points on it. Prime often go in mismatch status or show ap's as disconnected but ap's are still connected. Prime has not the power to read the whole controller.

or

Do a backup from our prime (for example change from version 2.1 to 2.2). The backup need a little over 11 hours to be finish. Import is not faster.

or

Our prime is installed as large in virtual environment. The prime server is the only virtual machine on the whole ESX server because prime take all ressources.

 

best regards,
Lars

 

Highlighted

Lars,

Thanks for your time on this Ask the Expert Event.

You have asked very important questions our development team is working to address on.

1. For the often Mismatch issue, there are some know defect for specific conditions like vlan or ssid mismatch. I would recommend to open a TAC case to identify the root cause for often mismatch and trigger.

2. The backup certainly is taking more time, but it also depends on the amount of DB. You should check size of the DB. Though 11 hours is certainly is alarming and may need specific troubleshooting to determine.

As we want to address the performance, their are plan to roll out a next generation Physical Appliance which will have a better hardware and performance optimisation for Large deployments specifically.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Highlighted

Hello Lars,

Adding to Vinod response , yes there have been significant improvement in the UI Performance in PI 2.2 as far as I know.

Bottom  line is  performance can vary depending on the resources availability .

 

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Afroz,

Thanks for endorsing it.

Lars,

In addition to what we said, i have some more facts to share. There are really some significant enhancements done in PI 2.2 to improve the performance. Following are some of the to highlight :

# Optimized Home page loading
# Improved loading of individual pages/flows.
# Flash/Flex replaced with HTML 5
# Optimized layering & resource loading
# Added HTTP Compression
# Optimized dashboard for wired & wireless
# Classic view is deprecated

We have performance data in ideal environment, where we tested all pages and mostly dashboard and each dashboard has loading time with maximum is less than 3.5 sec.

Also, we have deprecated Classic view enhance the user experience by removing many duplicate details/data management and retrieval.

Also, to address the AP sync issues, with PI 2.2 we have a dedicated and independent AP discovery service which will run at the back end and will not depend on the basic/ common sync/inventory job to collect the details.

This independent job runs every 5 min to keep the AP count in sync and updated from the controllers.

As you said there are performance issues, you can also try to use the test iops command to check your disk write performance which is very important in data i/o and hence contributes to tasks like DB backup where a lot of data is read and write. We expect i/o to be 200 m/s for optimal performance.

HTH

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Highlighted
Beginner

Hi,

I have an issue regarding the amount of email alarms created, i only want to receive an email when a device is down/unreachable.  

There seems to be nowhere in the Administration > Settings > System Settings to amend the category 'switches and hubs' only a category for 'switches' .

I have created a Port group to include only the uplink ports but i am still receiving alerts for every switchport.

Any help would be greatly appreciated.

Thanks

Highlighted

Hi David,

Thanks for joining the event.

You can follow the below steps to get the notification ,when the "switch down" or "switch module" goes down.

 

To get the email notification  ::

First : enable the SNMP traps and based on Traps you can configure the email notification.

For e.g "Switch down"  or  "Switch module "Alert

1.  Administration > System Settings > Severity Configuration.  Find the Alarm
Condition in the Alarm Category you want and adjust the Configured severity as you wish.

Screen shot attached

 

2.  Go to Operate > Alarms and Events > click Alarm and choose Email Notification.
You can adjust what severity levels and to whom you send the email here.

Screen shots attached

 

3.  Make sure to click the enable checkbox to enable.

 

Let me know how it works.

 

Thanks-

Afroz

***Ratings Encourages Contributors ***

 

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

HI Afroz,

Thanks for your input.  However I think you have misunderstood me.  I am recieving email alerts fine just too many.  Everytime any switchport goes up or down i receive an email alert!  I only want to receive alerts when a switch/router is unreachable and/or the uplink goes down.  This alerts will go to our 1st line team to warn them of any outages so its needs to be as straight forward as possible.

Thanks

Highlighted

Hi David,

we can't provision anything on PI to restrict the no. of traps or alerts shown in PI.

How ever  what we can do is ::

Go to Administration > System Settings > Severity Configuration. 

Only select the alarm ( switch down ) and change the severity level to "Critical"

and under

Go to Operate > Alarms and Events > click Alarm and choose Email Notification.

select only "Critical"

now you should get "EMAIL NOTIFICATION " only for critical alarms not for other severities.

 

Attached is the screenshot:

Hope it will help

 

Thanks-

Afroz

 

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

Highlighted

Thanks for that but that is how I have it setup currently,  would it help if I disabled certain SNMP traps from my network equipment?  Would these stop the constant up and down email messages that are classed as critical?

Thanks

Highlighted

Hi David,

 

since you are getting a lot of linkup/link down traps, I would suggest to disable the  linkup/linkdown trap  Globally and configure Only on the Important  and critical  interfaces .

 

Thanks-

Afroz

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Highlighted

Thanks for your assistance, that seems to of done the trick.

A 2nd question if I can,  on the Network Topology is there anyway to change the colour of the links between the network devices dependant on the connection speed?  So if its 1gb link its blue 10gb link red etc. etc.

 

Thanks 

Content for Community-Ad