This event had place on Thursday 17th, December 2020 at 9:30 hrs PDT
-This Support Talk event is a special session of the “TAC Tools Explained Series”-
This event provides an introduction to Cisco CLI Analyzer, its features, capabilities, and usage. The Cisco CLI Analyzer is a smart terminal emulator designed with internal TAC knowledge built in. Much like any terminal emulator, the CLI Analyzer provides the ability to store credentials for multiple devices as well as support for SSH and telnet. The CLI Analyzer is built to recognize and provide specific tools based on the Cisco device that you are connecting to. In this session experts covers some of the most useful tools available in the CLI Analyzer, including:
A: This is a very good question. There is no limit, devices information (IP Address/hostname, credentials) are all stored on your local machine.
A: In CLI Analyzer instead of creating the feature of grouping and the difficulties that can cause, we allow tagging. Then on the left under tags you will see tags that you can use to filter the devices list.
Also, in the search you could type in a "tag" value to filter. So, for example, you could tag devices with security. Then you could also tag with building, etc. and then you have more flexibility to filter the device list.
A: The data that is uploaded is not saved on your local machine and is not analyzed by CLI Analyzer; now, if you want the data to be stored (shell data) you must enable session logging.
Also, the data is sent to Cisco TAC processing system live, it is processed in a Cisco DC and results sent back. Overall CLI Analyzer is just a conduit to help Cisco TAC automatically process your device data.
A: At the bottom left of a session window, sort of muted (Cisco style) you will see the word Results. If you click that, it will be reopened.
A: At the moment, support is limited to Macs & PCs (MacOS and Windows machines). Nevertheless, that idea has been tossed around the development team. The issue you run into Linux is the multitude of available platforms, Debian, RedHat, Ubuntu, etc. and then multiple packaging systems. The amount of testing and resources required are fairly large.
A: Today not directly, but if you could get a list of CSV devices, you can import that.
A: We've leveraged a lot of the existing information from the output interpreter and built it into features like CHH and Systems diagnostics.
The Output Interpreter has been EoL'd after CLI Analyzer become available.
A: That does sound like an issue. Thanks for reporting, we will open a bug request with the development team.
A: The TAC Connect Bot is primarily for interfacing with existing cases that have already been opened. Such as requesting case escalations or retrieving current status of the case or RMA. Creating a case from scratch via the Bot is currently not supported.
A: At the moment, CLI Analyzer is not connected directly with the TAC Connect Bot.
A: Hello, 3.6.6 is the recommended version. We are looking to release shortly after the new year.
A: If your question is regards configuring (say on Linux) $HOME/.ssh/config and then from a terminal, I would type in ssh <ip> and then associated key and username are automatically filled in?
A: Which version of CLI Analyzer are you using? Cisco changed their SSO platform and CLI Analyzer in 3.6.6 had to be udpated to support all the new capabilities.
A: If the user VPN'd into the same network as the user you want to share a session with, then yes, you can share. I need to check on # of simultaneous shares.
A: We need to take this question offline; we need to validate with the TAC Case system you are capable to attach files. We know that TAC supports an anonymous flow for these types of cases. Thus, we’re contacting you via email for review this case.
A: Similar to support for FTD, you can definitely communicate with FMC the same way as any other terminal program. FMC is scheduled for a future release. CLI Analzyer always works with SSH/Telnet devices, but the extra features require multiple teams.
A: Any device that supports SSH/Telnet or direct console are technically supported. The question is CHH available for FTD also if there are specific tools available.
A: That is correct. CHH is provided by TAC engineers and can be updated independently from a CLI Analyzer upgrade. CHH is a component that is data driven and that updated data, as I mentioned, is always checked on every CLI Analyzer launch.
A: We're happy to discuss the scenario/issues you ran into. We're contacting you via email to check if it was limited to a specific technology, or perhaps the individual was new to the company.
A: You can always submit questions via the Feedback button on the left of the CLI Analyzer page. Also there is a TAC team that supports CLI Analyzer.
A: I would suggest that in the future for a future case, to request the TAC engineer to send you a TAC Data Collection id. In addition, if you open the case through CLI Analyzer, you can choose to either collect data, or attach files you may have already captured.
A: CLI Analyzer does support import from SecureCRT. In the "Devices" panel, you see an arrow pointing up with a line above, you can click that to choose to import from Putty, csv and secure CRT.
A: UCS B&C Series are supported.
A:The Packet Capture Tool is supported for the following underlying CLI based tools:
Embedded Packet Capture (both IOS and IOS-XE Routers and Switches)
ASA Packet Capture
CPU Queue Debugging (4500 Switches)
Ethanalyzer (NX-OS Switches)
ELAM (Nexus 7000)
So the short answer is yes the ISR4000 also supports it. Additional details on using it are available here:
A:The reaching back to Cisco for "System Diagnostics" and other tools leverage HTTPS (TCP/443), and it is an outbound connection (like a web browser would). The only "inbound" connection would be for CLI Session Sharing and the that would likely require some port forwarding, etc. You can see the default port in Settings -> Connections... it is TCP/8090, so if you wanted to have someone external to your firewall connect to a session share hosted internally, you would need to likely open port TCP/8090 and do some additional NAT to forward that port to some host within your network. If two CLI Analyzers are on the same LAN and Layer-3 reachable, then Session Sharing should work fine. During the demo, NIck's laptop and mine were able to reach one another through Cisco's network so we didn't need to open any firewall rules/ports on the devices between us.
A: The briefcase icon is shown based on your association to a contract covering the device. If the target device you have in your CLI Analyzer, if it doesn't have a contract, then briefcase will not be shown. But also, if the device is covered, but you are unfortunately not associated to the contract, the briefcase will not be shown. In addition to Scott's answer, if you know the device is covered, you can confirm and/or request the contract get associated with your CCO Profile with Cisco's Profile Manager Tool.
A: Currently there are no plans for that.
A: The CLI analyzer itself will work offline where you can get into the device, you can use it as a terminal
Any of the tools however are going to require a connection back to Cisco to be able to utilize those
So, if you don’t have access for wherever you’re doing your troubleshooting to get to Cisco that is when you’re going to want to download the file and use the file analysis to be able to upload that.
A: The port to be opened is defined in the settings of CLI Analyzer. The default is 8090. If you navigate to Settings -> Connection Under Session Sharing you can enable this functionality. Sharing must be disabled to change port value.
A: I would suggest that you submit those issues via Feedback in the CLI Analyzer. Also, those commands are not programmed into the CLI Analyzer, they are driven by back end systems that are completely independent of the CLI Analyzer. So these types of issues can be identified and fixed without requiring CLI Analyzer upgrades.
A: It's possible some of the sites may be getting blocked by your proxy server or firewall. You'll want to make sure the following urls are allowed: api.cisco.com
A: Find more details at the Ask Me Anything forum of this session here.