cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Want a Smarter Network?

3186
Views
0
Helpful
0
Comments
Hall of Fame Cisco Employee

Have you ever wished your network was more proactive?

Say that while you're peacefully sleeping, your core 6500 experiences a module failure.  What happens?  Maybe nothing...right away.  The ports on that switch may be down, but you (and your users) may not notice until 8:00 am the next day.  In that case, you're playing catch-up.  Wouldn't it be better if the device could automatically open a service request with TAC as soon as the module failure is detected?  And attached to that service request would be all of the information necessary to troubleshoot the problem or RMA a replacement module.

Let's say a new field notice comes out for one of your 2951 network modules?  How will you know?  Do you scan the field notices every day, or do you receive emails for every field notice that is published?  Wouldn't it be better if you could be notified when a new field notice comes out for your specific devices based on their specific configurations?

How do you know if the configuration on your 7609 is the best it can be?  You could comb through config guides, tech tips, etc. looking for best practice recommendations.  Wouldn't it be better to come to one place to see what best practice recommendations are available for your device based on its current configuration?

The good news all of these things are available now with Smart Call HomeSmart Call Home is a proactive service capability built into many Cisco devices.  The services it provides are free to customers with SmartNET, SP Base, Unified Computing Support Service, or Mission Critical Support Service contracts.  Smart Call Home will periodically send messages from your devices to Cisco.com.  The Cisco.com backend processes these messages, checks for product advisories, diagnostic issues, critical problems, configuration sanity, etc. then prepares reports that can be run via a web-based portal.  The backend will also periodically send email notifications when product advisories or critical device issues are found.  Hardware failures can also trigger the creation of automatic TAC service requests.

I know what you may be thinking.  If my devices are sending messages to Cisco (especially configuration details), how can I make sure the information is secure?  To ensure that the data being sent by the devices is not intercepted, Smart Call Home makes use of SSL to connect to Cisco.com.  You can also use email, but those messages will not be secured.  Essentially, the flow looks like this:

Screen shot 2010-11-26 at 4.00.24 AM.png

This image shows that Smart Call Home can use secure HTTPS or insecure email to send its messages.  If your devices do not have direct Internet access or access to an SMTP server, there is another option.  The Smart Call Home Transport Gateway can be used to proxy Call Home messages from the devices to the Cisco.com backend.  Transport Gateway is a free application for Linux, Solaris, and Windows.

So now you're interested?  How do you get started?  First, you need to make sure your devices support Smart Call Home.  At this time, Smart Call Home is supported on Catalyst 4500s, Catalyst 4900s, Catalyst 6500s, Cisco 7200s, Cisco 7300s, Cisco 7600s, ASAs, ASR 1000s, ISRs, MDS 9000s, Nexus 5000s, Nexus 7000s, and UCS.  Next, check the Smart Call Home homepage for the quick start guide for your platforms.  As an example, we'll walk through enabling Smart Call Home on an IOS device (a Cisco 7606 in this case).

Configuring Smart Call Home can be very simple.  If you want to use the secure HTTPS transport protocol, then all you need to do is specify a contact email address, load the SSL certificate, activate the built-in CiscoTAC-1 profile, and enable the Smart Call Home service.  This example assumes the 7606 has a direct connection to Cisco.com.  The quick start guides on the Smart Call Home homepage cover email and Transport Gateway examples in addition to HTTPS.

1.  Configure the Smart Call Home contact email address

Cisco7606(config)#call-home

Cisco7606(cfg-call-home)#contact-email-addr user@company.com

2.  Install the SSL certificate.  Be sure to grab the latest certificate from the Smart Call Home homepage.

Cisco7606(config)#crypto pki trustpoint cisco

Cisco7606(ca-trustpoint)#enroll terminal

Cisco7606(ca-trustpoint)#revocation-check crl none

Cisco7606(ca-trustpoint)#exit

Cisco7606(config)#crypto pki authenticate cisco

Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself

MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
oJ2daZH9

% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported

Cisco7606(config)#

3.  Set the transport protocol to HTTP and activate the built-in CiscoTAC-1 profile.  Even though you set the transport method to "http" HTTPS will be used.  You can confirm the URL is an HTTPS URL using the EXEC command show call-home profile CiscoTAC-1.

Cisco7606(config)#call-home

Cisco7606(cfg-call-home)#profile CiscoTAC-1

Cisco7606(cfg-call-home-profile)#destination transport-method http

Cisco7606(cfg-call-home-profile)#active

4.  Enable the Smart Call Home service.

Cisco7606(config)#service call-home

Shortly after the service is enabled, Smart Call Home should send its first message to Cisco.com.  If you want to make sure this happens, you can force a message to be sent to trigger the registration process.  Exit to EXEC mode and send an inventory message.

Cisco7606#call-home send alert-group inventory profile CiscoTAC-1

Sending inventory info call-home message ...
Please wait. This may take some time ...

What happens next?  Once the device sends its first message to the Smart Call Home backend, the registration process kicks off.  Smart Call Home will send an email to the contact email address.  There will be a link in this email that will complete the registration process.  When you click on that link you will be prompted to login to Cisco.com.  You must login with a Cisco.com ID that has a contract that covers the device to be registered.  Once that happens the device will be associated with your Cisco.com ID.

Once the device is registered, it will continue to send updates to Cisco.com, and you can start using the Smart Call Home portal to manage your device.  The portal will show you inventory details, configuration details (with feature analysis!), syslog events, environmental events, diagnostic events, and telemetry data (NOTE: some Smart Call Home features will not be available for all device types so be sure to check the user's guide for full details).

Screen shot 2010-11-27 at 2.58.59 AM.png

If you're looking to mass-deploy Smart Call Home to multiple devices in your network, consider using CiscoWorks LAN Management Solution's (LMS) Netconfig application to push out the changes.  Netconfig can be found under Configuration > Tools > NetConfig > Deploy.  Create a new Netconfig job and select the Smart Call Home task from the list of all tasks.

Screen shot 2010-11-27 at 3.15.56 AM.png

Already using Smart Call Home in your network?  What do you think?  Comment on this blog to let us know how we can make it better.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards