4 Lab Guide Prime Infrastructure 2 2

Cisco Prime Infrastructure 2.
2 lab
Partner VT Amsterdam
Oct 30th, 2014
Cisco Prime Infrastructure 2.2

Partner VT Amsterdam, October 30th 2014
Agenda
UNDERSTANDING THE LAB ENVIRONMENT
CONNECTION TO THE LAB
2
3
PART 1: INVENTORY FEATURES : CREDENTIAL PROFILES, DISCOVERY , MULTIPLE EDIT , GROUPING,

TOPOLOGY
5
EXERCICE 1: POPULATING DEVICE INVENTORY
EXERCICE 2: VERIFYING/UPDATING CREDENTIALS, ADDING SINGLE DEVICES, MULTIPLE EDIT
EXERCICE 3: DEVICE 360
EXERCICE 4: DEVICE DETAILS
EXERCICE 5 : TOPOLOGY MAIN WINDOW, 360 VIEW AND DASHLET
EXERCICE 2 : DEVICE GROUPS
CREATING LOCATION GROUPS
CREATING A VIRTUAL DOMAIN
EXERCICE 7 : NETWORK TOPOLOGY MAPS
EXERCISE 8: PORT GROUP
5
12
14
18
20
27
27
29
30
35
PART 2: CONFIGURATION FEATURES : AVC AND QOS
37
EXERCISE 1: ONE CLICK TEMPLATE FOR AVC AND QOS

EXERCISE 2: SHARED POLICY OBJECTS AND MODEL BASED TEMPLATE: DESIGN AN AVC TEMPLATE
SHARED POLICY OBJECT
CUSTOMIZE AN APPLICATION VISIBILITY MODEL BASED TEMPLATE
DEPLOY AN APPLICATION VISIBILITY MODEL BASED TEMPLATE
EXERCICE 3: NETWORK SERVICES: APPLICATION VISIBILITY AND CONTROL
READINESS ASSESSMENT
NBAR2 PROTOCOL PACK MANAGEMENT
AVC PROFILES
INTERFACE CONFIGURATION
37
42
42
43
46
48
48
49
49
53
PART 3: VNAM AS A DATA SOURCE
56
EXERCICE 1 : SETUP A VNAM

EXERCICE 2: HOW IT WORKS
EXERCICE 3: DISCOVER A FEW VNAM CAPABILITIES
MONITOR DASHBOARDS
ANALYZE DASHBOARDS
REAL TIME
PACKET CAPTURE
APPLICATION RECOGNITION
56
59
60
60
61
65
65
66
Page | 1
https://pi-podx.prime.ciscofrance.com
Cisco Prime Infrastructure 2.2 lab
Oct 30th, 2014
EXERCICE 3 : ADD THE NAM IN YOUR INVENTORY

EXERCICE 4 : CONFIGURE THE NAM AS A DATASOURCE
EXERCICE 5 : VIEW NAM DATA IN PI
EXERCICE 6 : PACKET CAPTURE IN PI
67
68
68
69
PART 4: PI DEPLOYMENT CAPABILITIES : HIGH AVAILABILITY, OPERATION CENTER
72
EXERCICE 1: HIGH AVAILABILITY

MAIL SERVER DESTINATION .
ADDING A VIRTUAL DOMAIN
ENABLING HIGH AVAILABILITY
EXERCICE 2: OPCENTER
ENABLING OPCENTER SERVER
SINGLE SIGN ON
ADDING SERVERS
OPCENTER NAVIGATION
EXERCICE 3: FAILOVER.
72
72
74
75
78
78
80
82
83
87
Understanding the lab environment

The lab infrastructure deployment is shown below.
Page | 2
Oct 30th, 2014
Each student group own a POD which contains 1 catalyst 3560v2, 2 catalyst 3850 , one ISR G2 892,
one ISR G2 2911, one WLC 2504 and one virtual NAM, 3 AP, 3 phones .
Each POD is divided in 2 ports: The East Part, and the West Part
The rest of the infrastructure is shared.
The table below gives the
Name
SW-PODx-E
SW-PODx-W
RTR-PODx-E
RTR-PODx-W
WLC-PODx-W
vNAM-PODx
PI-PODx
SSOx
PI-P-PODx
PI-S-PODx
PI-V-PODx
Model
3850
3560V2
ISR 2911
ISR 892
WLC 2504
vNAM
Loopback0
10.14.20x.1
10.14.20x.2
10.14.20x.3
10.14.20x.4
172.195.x.1
192.168.40.2x
192.168.40.5x
192.168.40.15x
192.168.193.5x
192.168.193.15x
192.168.193.11x
Connection to the lab
Page | 3
Oct 30th, 2014
You must use Cisco AnyconnectVPN client.

Launch it , server is primelab-eu.cisco.com
Username is pi-lab
Ask Proctor for the password.
If you dont have CiscoAnyConnect installed, you can install it from https://primelab-eu.cisco.com
username pi-lab, password : ask your lab proctor.
Page | 4
Oct 30th, 2014
PART 1: Inventory features : Credential profiles, Discovery ,

Multiple Edit , Grouping, Topology
Exercice 1: Populating device Inventory

There are 3 ways to populate the inventory, adding a single device, doing a bulk import, and
configuring an automatic device discovery.
In this section you will do a discovery
Launch PI Logon to PI plateform https://pi-podx.prime.ciscofrance.com

If you have any issue with dns resolution, use 192.168.40.5x (x is your pod number)
Verify the level of patch :
Page | 5
Oct 30th, 2014
User: root, Password: Public123
You should see an empty overview dashboard
From Inventory> Device Management , select Credential Profiles
Page | 6
Oct 30th, 2014
Select Add
Add a Credential Profile called "default" with the following credentials
snmp Read Community : public

snmp Write Community : private
ssh user : admin/C1sc0123
enable password C1sc0123
http user : admin/C1sc0123
Page | 7
Oct 30th, 2014
Add another credential profile, called nam, with the following parameters (optionally, you can use the Copy )
snmp Read Community : public

snmp Write Community : private
ssh user : root /root
http user : admin/cisco
You will use this one later in the lab.

Finally you should have something like
Create now the discovery job : Select Inventory> Device Management> Discovery
Select Discovery Setting (Upper right corner)
Page | 8
Oct 30th, 2014
Select "New"
Give a name,expand Layer 2 protocol and expand Cisco Discovery Protocol
Page | 9
Oct 30th, 2014
Enable cdp, cross router boundary

Add a seed device (10.14.20x.2), 10 hops
Expand "Credential Set" and add the row as below
Page | 10
Oct 30th, 2014
Save and Run
and
The discovery creates a job that you can see in the discovery job dashboard
You can refresh to see the progress
after a couple of minutes, discovery should be completed
Page | 11
Oct 30th, 2014
Exercice 2: Verifying/Updating credentials, adding single devices, multiple

edit
From Inventory > Device Management > Network Devices .
This inventory replaces the device workcenter from 2.1 and earlier versions
Page | 12
Oct 30th, 2014
click the device group: All devices
Select Add Device, and add the device 192.168.193.100 with the default credential profile
You should see a new device category: UCS B series
Page | 13
Oct 30th, 2014
Then select several devices. Remark, you can now edit multiple devices (edit devices in bulk)
click cancel
Exercice 3: Device 360

Select a device (a router or a switch)
Page | 14
Oct 30th, 2014
Select Neighbors . In 2.2 , you can see both local and remote port (only remote port in 2.1 and
before)
Page | 15
Oct 30th, 2014
Select the icon
And see the topology from this device !
Page | 16
You can select the icon
Oct 30th, 2014
to change the layout and the number of hops.
Page | 17
Oct 30th, 2014
Exercice 4: Device details

Click on a device name (a router or a switch)

Page | 18
Oct 30th, 2014
Explore the different menus
Explore Similar Menus with your wireless lan controller. What do you notice ?
How many access points are registered ?
Explore Similar menus for the UCS B series
Page | 19
Oct 30th, 2014
Exercice 5 : Topology main window, 360 view and dashlet

Select maps> Topology
Then drill-down to location> All Locations > Unassigned
Play with the different options

-
layout
Page | 20
zoom
overview
Page | 21
Oct 30th, 2014
Oct 30th, 2014
Select a device and launch the 360 view
Page | 22
Oct 30th, 2014
click the topology icon
Page | 23
Oct 30th, 2014
Change the layout and number of hops
Page | 24
Oct 30th, 2014
Select now Dashboard>General
Add a Topology Dashlet
Page | 25
Oct 30th, 2014
Move the dashlet on upper right corner and configure it to display the All Locations> Unassigned ,
with a symetric layout.
(Mouse over the right corner of the dashlet and select the icon
mode)
Page | 26
to enter config
Oct 30th, 2014
Exercice 2 : device groups

PI provides several device grouping capabilities :
The device groups

The location groups
The site maps
The virtual domain
A device group, contains devices for different purposes (configuration, monitoring). A device can join
a group statically or dynamically based on a membership rule. In this case, if a new device matches
this rule, it automatically joins the group. Some inventory attributes are provided to be used in the
membership rule (name, location, type, user define field ). A single device can belong to more than
one device group. Predefined device groups exist based on device model.
Location Group are conceptually identical to a device group : this is a device group based on location
parameters, either snmp location, or switch location (civic address attributes) .This is a new feature
of PI 2.2 which replaces somewhere the use of sites. Membership to a location group is either static
or dynamic.
The site maps are groups of Access points on a map. Access points are positionned on a map and
allow to create wireless heatmap . Sites are organized as a 3 level hierarchy :
campus/building/floors. Membership of an AP to a site is static (manually added/removed) but a
feature called automatic hierarchy creation allow creation and addition of APs in a site based on
their name.
Virtual domains allow grouping for administrative purpose (Role Based Access Control) .
Creating Location Groups
In this exercise, you will create 3 location groups :

-
Provider
East
West
Based on the SNMP location parameter of your device.

But , before you will create an umbrella group called PI-LAB
From Inventory>Device Management > Network Devices , Hover over Location , and select Add
subgroup
Page | 27
Oct 30th, 2014
Just name it PI-LAB and save
Select this group and Add Subgroup
Name the group East

Add a membership rule based on syslocation
Preview the device list
Page | 28
Oct 30th, 2014
Create in the same way the location group West (syslocation contains West) and the site group
Provider (syslocation contains provider). Both must be subgroup of PI-LAB
You should have the following:
Creating a virtual domain
We will not spend time on virtual domain in this lab , just create one quickly called testVD and put
a few devices in it you will understand later
Page | 29
Oct 30th, 2014
Create sub domain testVD
add the network devices SW-SP1-A, SW-SP1-B and SW-SP2
Exercice 7 : Network topology Maps

Go now to Maps> Network Topology
Page | 30
Oct 30th, 2014
Select User Defined - > PILAB-Network
Click one group
Explore drill down and expand
Page | 31
Page | 32
Oct 30th, 2014
Oct 30th, 2014
Click a link to see the components

Page | 33
Oct 30th, 2014
Play with the layout, expand /collapse groups
Select now Dashboard > Overview >General
Page | 34
Oct 30th, 2014
May be the topology dashlet is like that now !!
Why ?
Change it to
Exercise 8: Port Group

Small exercise here, nothing new in 2.2 , but you need this port group later
Select Inventory> Grouping> Port
Page | 35
Oct 30th, 2014
Select Add subgroup under User defined
Select a static port group, give a name and save
You can use a filter to select YOUR router , 10.14.20x.3 and select GigabiEthernet 0/0 and 0/1
Select the appropriate port and move them to the group you created (add to group)
Page | 36
Oct 30th, 2014
PART 2: Configuration features : AVC and QOS

Exercise 1: One click template for AVC and QoS
PI provides model based templates to deploy technology features on devices. These templates cover
Security Features (Zone Based Firewall, ACL, DMVPN, GetVPN, ScanSafe ) , Routing (OSPF, EIGRP )
, AVC (Application Visibility and Control) .
Model Based Template can be deployed on multiple devices or can sometimes be used to quickly
deploy the feature on a single device.
You will now deploy AVC monitoring on the GigabitEthernet0/1 of your router RTR-PODx-E . (This
interface is connected to your switch SW-PODx-E.)
From Inventory>Network Device click your Router RTR-PODx-E
Select Configuration, and Expand App Visibility & Control , then select App Visibility
Page | 37
Oct 30th, 2014
Select the Gigabit0/1 interface
Then select Enable App Visibility> App Visibility & Performance (IPv4)
See the message
Page | 38
Oct 30th, 2014
You preview the CLI
Then click deploy, wait a moment
Then you get
Page | 39
Oct 30th, 2014
Go to Configuration Archive
If the device sends syslog message to your PI, a configuration Archive will occur.
Check if you have a recent config (not the case below)
if not, schedule an immediate archive
You can see the archive job running in the job dashboard (Administration> Jobs) . After a while it
must complete with success.
After some time you will have your archive
Expand the new configuration and select compare previous running
Page | 40
Oct 30th, 2014
As you can see, PI deployed configuration based on ezPM !!
Verify that you are receiving data through flexible netflow , Administration> data source
Select
Select your data source (RTR-PODx-E) and see the netflow template
Page | 41
Oct 30th, 2014
You can drill down to the templates by clicking
you can also go to this page through Services> Netflow Templates
Exercise 2: Shared Policy Objects and Model Based Template: design an AVC
template
Shared Policy Object
PI 2.0 introduced the concept of reusable objects called Shared Policy Objects. In 2.0, only 2 shared
policy object existed : IPv4 subnet and Interface Role. These objects were used to customized model
based template like AVC and ZBFW (Zone Based Firewal) .
The release 2.2 have new objects : IPV6 Networks, Security Rule Parameter Map, Security Service,
Security Zone.
Select Configuration >Template> Shared Policy Objects > Shared > Interface Role
Add a new interface role calle inside-interface , where interface Name is GigabitEthernet0/1
Page | 42
Oct 30th, 2014
Customize an Application Visibility model based template
Select Configuration > Features and Technologies
Then Application Visibility & Control > App Visibility

Give a name
Page | 43
Oct 30th, 2014
Select Router as Validation Criteria
Select the Interface role you have created in the field Apply to Interface role
Keep the default values
Page | 44
Oct 30th, 2014
Click Save as New Template
The template appears under My Templates > Features and Technologies> App Visibility and
control and can now be deployed
Page | 45
Oct 30th, 2014
Deploy an Application Visibility model based template
Now you will configure the deployment process on your router RTR-PODx-E. Please dont deploy on
the router of another POD !!!!
Select Deploy
Select your router RTR-PODx-E in the device selection (Note : here you can select more than one
device)
Notice that you can have an additionnal collector with PI 2.2
Page | 46
Oct 30th, 2014
Click CLI preview. Verify that it will be deployed on the appropriate interface (GigabitEthernet0/1)
Deploy but please dont save in startup config
See the job result
Page | 47
Oct 30th, 2014
Go to Inventory> network Device
click your device
Select Applied/Scheduled Templates
Exercice 3: Network Services: Application Visibility and Control

In this exercise, you will explore some of the capabilities of PI regarding AVC
Readiness assessment
Select
Services
>
AVC
>
Readiness
Assesment
Verify that your routers RTR-PODx-* are AVC capable .

The router RTR-PODx-E where you deployed AVC previously should be marked as active
Page | 48
Oct 30th, 2014
NBAR2 protocol pack Management

Select Services > AVC >protocol packs management
You can populate on PI a repository of protocol packs (import) then deploy on the device.
Deployment is a job which copies the appropriate protocol pack on flash then activate it in cli.
On your system the repository is probably empty.
AVC profiles
AVC profiles, are configuration templates that can be deployed on interfaces. There are 3 categories
QoS Classification Profiles. This profiles define how application traffic can be identified
(based on NBAR2) and marked. 3 default profiles are provided out of the box according to
Cisco best practices : 5 classes, 8 classes and 12 classes profiles. New profiles can be added
QoS Action Profiles, define the egress action which will occured on egress traffic. (Queuing,
Priority Queuing, BW reservation, shaping ) . 3 default profiles are provided (5,8,12 classes)
out of the box. They can be modified and new profiles can be added as well
APP visibility Profile : define the monitoring action (URL monitoring, traffic volume,
Application Response Time , Voice/Video metrics ).
Select Services>AVC> AVC Profiles
Page | 49
Oct 30th, 2014
Now you will create a new classification profile based on the 5 class profile, but you will add the
traffic to/from your PI server in the class Transactional_data
Select + to add a new profile
Choose create a classification profile
Page | 50
Oct 30th, 2014
Give a name, and chose 5 class
Then click Add to add your classification

A new entry appears at the bottom
click
Change the type from NBAR to L3/L4 (you will classify using your PI ip address)
Select Apply IP/Port symmetrically
Put YOUR PI IP address
Page | 51
Oct 30th, 2014
Click OK
Select now the QoS class (Transactinal-Data)
Save the line
Save the profile
Page | 52
Oct 30th, 2014
Interface configuration
This new feature in 2.2 allow to enable AVC/QoS profiles on interface or interface groups
Select Services> AVC> Interface Configuration
Select the port group you created in previous lab (User Defined > myportgroup)
(Notice that one interface has already AVC deployed

Select both interfaces
Click enable QoS

Then select your profile (podx-profile)
Page | 53
Oct 30th, 2014
you can preview CLI
Page | 54
Oct 30th, 2014
then deploy
Please dont copy in startup !!
Check the status of the job in admistration> Job
Page | 55
Oct 30th, 2014
PART 3: vNAM as a data source
Exercice 1 : Setup a vNAM

A vNAM has already been deployed for your pod, it has just an IP address, and ssh/telnet is enabled .
You will finish the config in this exercise
The IP address of your vnam is 192.168.40.2x , telnet user is root/root
telnet/ssh to your nam, enable http server, use admin/cisco for admin user
Page | 56
Oct 30th, 2014
now you can finish the config with your web browser
From administration , configure the network parameters
Page | 57
Oct 30th, 2014
call the nam vnam-podx , add dns parameter as below
From administration > snmp , add snmp communities public : readonly, private : readwrite
Configute Time synchronisation from administration >System >System Time
Warning : Good time synchronisation between your NAM and your client is NOT an option
Page | 58
Oct 30th, 2014
Exercice 2: How it works

The vNAM has 2 ports, 1 management port and 1 monitoring. The vnic interface corresponding to
the monitoring port has been configured in promiscuous mode on ESXi ,
Page | 59
Oct 30th, 2014
The Physical interface is then connected to a switch where a monitoring session (SPAN) is setup
Exercice 3: Discover a few vNAM capabilities

Monitor Dashboards
Monitor Dashboard are composed of TOP N oriented dashlets (TOP N Application, TOP N DSCP , TOP
N encapsulation )
Select Monitor> Traffic Summary
Explore the Interactive report Filter.

You can change report period, Site , Encapsulation .
Page | 60
Oct 30th, 2014
Select Monitor> Response Time Summary

You monitor here the application response time .
Analyze Dashboards
Back to Traffic summary, select an application (here netflow) in the TOP N application Dashlet
Page | 61
Oct 30th, 2014
you will drill down to this application.

You can see the traffic volume over ther time, the sender and receiver , and the detail on application
. Here this is 2 routers sending netflow data to a Prime Infrastructure .
Notice the Zoom Pan feature
Page | 62
Oct 30th, 2014
Back to Monitor> Response Time Summary
Click https and select Analyze application Response Time
Page | 63
Oct 30th, 2014
Here you can see the components of a transaction : network time, server time and data time.
As you can see below, in this case , if http is slow , its not a nerworking issue
Back to Traffic Summary, select an application and click real time
Page | 64
Oct 30th, 2014
Real time
you will monitor every 5 sec
Packet Capture
Select again an application and click capture
Page | 65
Oct 30th, 2014
You can also create capture session, use filter,create triggered capture
Application Recognition
WIth 6.1, NAM software support NBAR 2. To enable the feature, Select Setupt> Classification >
Application Settings
Page | 66
Oct 30th, 2014
There are tons on other feature in the NAM, dont hesitate to ask your lab proctor if you want more
details.
Exercice 3 : Add the NAM in your Inventory

Select Add Device
Add your own NAM (192.168.40.2x) , and select add devices
Select nam credential profile you created ealy, verigy and add
select add to add the nam in your inventory.

You have now a new device category (may be you need to refresh your browser)
Page | 67
Oct 30th, 2014
and you can see your virtual nam
Exercice 4 : Configure the NAM as a datasource

At this time, the NAM data are not used by PI. You have to enable your NAM as a data source
Go to administration>Settings>Datasource
You will see
Select the NAM and click enable
After some time the data source will become active
Exercice 5 : View NAM data in PI

Select for Example Dashboard> Service Assurance
In the Top N application dashlet, Hover the upper right corner and clic the edit (pencil) icon
Select the nAM as data source , save and close
Page | 68
Oct 30th, 2014
Exercice 6 : Packet capture in PI

Select Monitor > Tools> Packet Capture
Then Capture Session (upper right)
Page | 69
Oct 30th, 2014
Create
Give a name and select Device >Add
Add your NAM
Page | 70
Oct 30th, 2014
Expand the NAM and add the Dataport
Click Create and Start
You will see your session running
You can stop it, go back to Monitor > Tools> Capture

Select your capture and decode
Page | 71
Oct 30th, 2014
PART 4: PI Deployment capabilities : High Availability,

Operation Center
Exercice 1: High Availability
You will configure now, an HA pair with a PI primary server , 192.168.193.5x and a secondary
192.168.193.15x.
The primary is already configured as standalone with devices inside.
Mail Server destination .
Failover operations send mail to predefined mail destination. You should then configure a SMTP
destination on the primary PI server : 192.168.193.5x.
Connect to this server first and logon as root/Public123
From Administration > System settings , Configure SMTP destination . Server is 192.168.40.1
Use a user call pi-userx@cxd.ciscofrance.com (x is your pod number)
Page | 72
Oct 30th, 2014
Select test, and add if success .

Verify it works : connect with http to the mail server, use your username (pi-userx) and cisco as
password
Page | 73
Oct 30th, 2014
You should have received your test mail.
Adding a virtual domain
Quicky add a virtual domain in this server , its not for HA You will understand later
Select admin > Virtual Domain
Page | 74
Oct 30th, 2014
Create a subdomain from root
and add the 2 nexus 5K (DC-1 and DC-2)
Enabling High availability
Go to Administration> System > High Availability

Check the HA status
Select Configuration (left column)

And enter HA config :
-
Secondary is 192.168.193.15x
Key is Public123
You cane nable a Virtual IP and use 192.168.193.11x
Choose Manual failover
Page | 75
Oct 30th, 2014
After a while you while have this window, it can take some time to complete (10/15 min) . You can
to the next exercise, you will come back here later.
Check configuration
Page | 76
Oct 30th, 2014
You can also connect to the Helath monitor of the secondary, use the secondary ip address and port
8082, and use the HA key (Public123)
see below, your secondary is syncing , means it is in standby mode and database and file are in sync.
Verify that you Virtual IP is functional
Page | 77
Oct 30th, 2014
Exercice 2: OpCenter
Enabling OpCenter Server
To convert a PI into an OpCenter, you just have to apply a license
Connect to the server 192.168.40.15x , user root/Public 123

This server is empty.
go to Administration License
Page | 78
Oct 30th, 2014
Select file> License files
Select Add , and select the provided licence file
you have now a cluster license
Logout and login
Page | 79
Oct 30th, 2014
see the Banner
and the menus and logon page

Remark also that you have no virtual domains
Single sign on
Before Adding Server, you must configure your cluster as SSO server and your instances as SSO client
On the OpCenter, 192.168.40.15x, select
add the server itself as sso server
Page | 80
Oct 30th, 2014
enable SSO
keep SSO mode local (this means that the SSO server can also you an external aaa radius or tacacs
server)
On first instance, 192.168.40.5x , add sso server (it will be the opCenter )
Page | 81
Oct 30th, 2014
and enable SSO
On the second Instance (use HA VIP or VIP name )

Do the same
Adding Servers
You must add your 2 server instances , pi-podx and your HA server (use the HA virtual pi-v-podx )
Add the first one : pi-podx.prime.ciscofrance.com
Page | 82
Oct 30th, 2014
Server is added
Add now the second pi-p-podx.prime.ciscofrance.com

Finally you will have
OpCenter Navigation
Look the home page
Page | 83
Oct 30th, 2014
Look the monitor > network device
Remark that you have an extra column : Prime Server

Click on a device name first : you have only device details
Back to the Monitor> network device page , click on Prime server name
Page | 84
Oct 30th, 2014
This drill down to the appropriate server (with sso) in another window
Look at the virtual domains : you should see the ROOT-DOMAIN and the domain testVD
Select the domain testVD, see the device list
Do you understand how it works ?
Select Monitor > alarms and events

See alarms aggregated from both PI servers.
Page | 85
Oct 30th, 2014
Go to Client and Users , see endpoints collected by both instances
you can also test the generic search . You should have a user with your pod number : podx , search
for him in the generic search window
Page | 86
Oct 30th, 2014
Examine the available reports
Exercice 3: Failover.
You will stop the server pi-p-podx , this should trigger a manual failover.
Connect to the server through ssh, and halt it
Connect to your mail account. You should see this mail
Page | 87
Oct 30th, 2014
Launch the URL, this is the health monitor of the secondary

Use the key : Public123
Click the failover button
wait the failover .
until
Logon to the secondary (you can use the Virtual ip )
Page | 88
Oct 30th, 2014
and verify the status . Secondary must be active
you will also receive an e-mail
Check on the operation center. You see that OpCenter automatically switched to the secondary.
################################### END OF LAB #####################################
Page | 89

4 Lab Guide Prime Infrastructure 2 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 Lab Guide Prime Infrastructure 2 2

Uploaded by

Copyright:

Available Formats

Cisco Prime Infrastructure 2.

Oct 30th, 2014

Cisco Prime Infrastructure 2.2

PART 1: INVENTORY FEATURES : CREDENTIAL PROFILES, DISCOVERY , MULTIPLE EDIT , GROUPING,

PART 2: CONFIGURATION FEATURES : AVC AND QOS

EXERCISE 1: ONE CLICK TEMPLATE FOR AVC AND QOS

PART 3: VNAM AS A DATA SOURCE

EXERCICE 1 : SETUP A VNAM

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

EXERCICE 3 : ADD THE NAM IN YOUR INVENTORY

PART 4: PI DEPLOYMENT CAPABILITIES : HIGH AVAILABILITY, OPERATION CENTER

EXERCICE 1: HIGH AVAILABILITY

Understanding the lab environment

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Connection to the lab

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

You must use Cisco AnyconnectVPN client.

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

PART 1: Inventory features : Credential profiles, Discovery ,

Exercice 1: Populating device Inventory

Launch PI Logon to PI plateform https://pi-podx.prime.ciscofrance.com

Verify the level of patch :

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

User: root, Password: Public123

You should see an empty overview dashboard

From Inventory> Device Management , select Credential Profiles

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Add a Credential Profile called "default" with the following credentials

snmp Read Community : public

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

snmp Read Community : public

You will use this one later in the lab.

Select Discovery Setting (Upper right corner)

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Give a name,expand Layer 2 protocol and expand Cisco Discovery Protocol

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Enable cdp, cross router boundary

Expand "Credential Set" and add the row as below

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Save and Run

You can refresh to see the progress

after a couple of minutes, discovery should be completed

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Exercice 2: Verifying/Updating credentials, adding single devices, multiple

From Inventory > Device Management > Network Devices .

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

click the device group: All devices

You should see a new device category: UCS B series

Cisco Prime Infrastructure 2.2 lab

Oct 30th, 2014

Exercice 3: Device 360

Cisco Prime Infrastructure 2.2 lab