Cisco Prime Nerk 43 User Guide
Have a look at the manual Cisco Prime Nerk 43 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1166
33-2
Cisco Prime Network 4.3.2 User Guide
Chapter 33 Managing Certificates
Table 33-1 Parameters and Description
Parameter Description Display Message
Domain Name
[cisco.com]:Enter the domain name. By
default the script accepts
cisco.com as domain name.
How many days is
self-signed
certificate valid
for? [365]:Enter the number of days that
you want the self-signed
certificate to be valid for.writing new CSR (Certificate
Signing Request) to
/export/home/pn430/scripts/C
SR/test.csr...](http://img.usermanuals.tech/thumb/17/104726/w64_prime-nerk-43-user-guide-1524844501_d-1165.png "Page 1166
33-2
Cisco Prime Network 4.3.2 User Guide
Chapter 33 Managing Certificates
Table 33-1 Parameters and Description
Parameter Description Display Message
Domain Name
[cisco.com]:Enter the domain name. By
default the script accepts
cisco.com as domain name.
How many days is
self-signed
certificate valid
for? [365]:Enter the number of days that
you want the self-signed
certificate to be valid for.writing new CSR (Certificate
Signing Request) to
/export/home/pn430/scripts/C
SR/test.csr...")
C-49 Cisco Prime Network 4.3.2 User Guide Appendix C Event Correlation Examples MPLS Fault Scenarios BGP Neighbor Loss Scenario Ta b l e 3 - 6 shows the impacted calculations and reported affected severities for a BGP neighbor loss fault scenario. NoteThe affected only relate to Layer 3 VPN services. BGP rules require all routers within an autonomous system to be fully meshed. For large networks, this requirement represents a severe scaling problem. Route reflectors enable a BGP entity to establish a single BGP connection with a peer, where through that single peer, routing information is learned from other peers. As a result, the number of BGP sessions and connections is greatly reduced. Decreasing the number of BGP connections and using route reflectors further separates the data and control paths. For example, data packets going from A to B do not go through the route reflector, while the routing updates between A and B do. Every BGP router is uniquely identified by a router ID. A route reflector is not a configuration of a specific router. A router may act as a route reflector if it has a BGP neighbor configured as a BGP client. A router may act as both a route reflector to some of its BGP neighbors (those that are configured as BGP clients) and a nonclient BGP neighbor to those BGP neighbors that are configured as nonclient BGP neighbors. A route reflector uses the following logic when distributing routes to its BGP neighbors: A router advertises to its client peers all routes learned from other client and nonclient peers. A router advertises to its nonclient peers only routes received from client peers. Router ID distribution follows the same logic described previously. Prime Network modeling provides a list of one or more router IDs for each interface. This reflects the network behavior of receiving BGP updates from a BGP router (possessing that ID) through that interface. The VNE also maintains the nature of the relationships (client and nonclient) among the various VNEs representing the BGP routers. Figure C-48 shows an example. Table 3-6 BGP Neighbor Loss Scenario Impact and Affected Severity Description Impact calculation Initiates a local affected flow to all VRFs that are present on the issuing device. Each local VRF that has route entries with a next hop IP address that was learned from the BGP neighbor that was lost collects VRFs from both sides and pairs them together as affected. Supports a route reflector configuration, whereby during the affected search, affected parties are located on all BGP neighbors learned via the route reflector. Reported affected severity Only reports on real affected on the IBGP domain.
C-50 Cisco Prime Network 4.3.2 User Guide Appendix C Event Correlation Examples MPLS Fault Scenarios Figure C-48 Route Reflector Example In the example, the following configuration is applied: Router A (router ID A) has clients B, C, and D configured. Therefore it serves as the route reflector for these BGP routers. Routers B, C, and D all have Router A as a BGP nonclient neighbor. Router D and Router B also have each other configured as BGP nonclient neighbors. In this case, in Prime Network, the following information is maintained by a VNE: Router B learns router ID D from interface 1. Router B learns router IDs A, C, and D from interface 2. Router C learns router IDs A, B, and D from interface 1. Router D learns router ID B from interface 2. Router D learns router IDs A, B, and C from interface 1. Router A learns router ID D from interface 1. Router A learns router ID C from interface 2. Router A learns router ID B from interface 3. In the Figure C-48 example, if a BGP connection from Router A to Router B is lost, the following occurs: Router A notifies both Routers C and D of the loss of router ID B. Router C removes the ID of Router B from its tables and completely loses connectivity to it, resulting in a Real Affected impact analysis. Router D loses the ID of Router B learned from interface 1, but it still has the Router B ID that was learned through interface 2. Therefore, no impact analysis is performed. If a BGP connection is lost from Router B to Router D, the following occurs: Router B does not notify Router A of its router ID loss, because Router A is configured in the Router B tables as a nonclient peer. Router D does not notify Router A of its router ID loss, because Router A is configured in Router D’s tables as a nonclient peer. Router B notes that the ID of Router D is no longer learned through interface 1. IF 1 IF 1 IF 1 IF 1IF 3 IF 2 IF 2IF 2 Router A (RR) Router B Router D Router C 154564
C-51 Cisco Prime Network 4.3.2 User Guide Appendix C Event Correlation Examples MPLS Fault Scenarios Router D notes that the ID of Router B is no longer learned through interface 2. No impact analysis is performed. Broken LSP Discovered Scenario Ta b l e 3 - 7 lists the impacted calculations and reported affected severities for a broken LSP discovered fault scenario. MPLS TE Tunnel Down Scenario Ta b l e 3 - 8 lists the impacted calculations and reported affected severities for an MPLS TE tunnel down fault scenario. Pseudowire MPLS Tunnel Down Scenario Ta b l e 3 - 9 lists the impacted calculations and reported affected severities for a pseudowire MPLS tunnel down fault scenario. Table 3-7 Broken LSP Discovered Scenario Impact and Affected Severity Description Impact calculation Initiates an affected flow to determine all the affected parties using the LSP. Reported affected severity Only reports on Real Affected. When the Link Down alarm is cleared, all the correlated broken LSP alarms are auto-cleared. Ta b l e 3 - 8 M P L S T E Tu n n e l D o w n S c e n a r i o Impact and Affected Severity Description Impact calculation Initiates a flow to look for affected parties. Reported affected severity Only reports on real affected. Table 3-9 Pseudowire MPLS Tunnel Down Impact and Affected Severity Description Impact calculation Initiates a flow to look for the affected parties. Reported affected severity Only reports on real affected on the MPLS domain.
C-52 Cisco Prime Network 4.3.2 User Guide Appendix C Event Correlation Examples MPLS Fault Scenarios
CH A P T E R 33-1 Cisco Prime Network 4.3.2 User Guide 33 Managing Certificates Managing Certificates chapter describes how to generate a Self-signed certificates and Certificate Signing Request (CSR) that can be used to obtain SSL certificates from a Certificate Authority such as Verisign, Digicert and so on. This chapter also describes how to import a generated Self-Signed certificate or CA certificate in Prime Network Operation Report. Generating Self-Signed Certificates and Certificate Signing Request Generate a self-signed certificate and a Certificate Signing Request (CSR) by using the Generate Self-Signed Certificate and Certificate Signing Request option. When you generate a self-signed certificate, a new self-signed certificate in PEM format and a CSR file are created in the $ANAHOME/scripts/CSR/ directory. When you press enter in a command without specifying any value the script will select a default option automatically. For example, if you do not specify a domain name, the script by default picks the domain name as cisco.com. Step 1Execute $ANAHOME/local/scripts/selfsignedcert.pl. Step 2Choose Generate Self-Signed Certificate and Certificate Signing Request(.csr) and press Enter. The system prompts you to enter information as listed in the following table.
33-2 Cisco Prime Network 4.3.2 User Guide Chapter 33 Managing Certificates Table 33-1 Parameters and Description Parameter Description Display Message Domain Name [cisco.com]:Enter the domain name. By default the script accepts cisco.com as domain name. How many days is self-signed certificate valid for? [365]:Enter the number of days that you want the self-signed certificate to be valid for.writing new CSR (Certificate Signing Request) to /export/home/pn430/scripts/C SR/test.csr writing private key to /export/home/pn430/scripts/C SR/test.key Generating a 2048 bit RSA private key writing new private key to /export/home/pn430/local/scr ipts/cisco.com.key You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter ., the field will be left blank. Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Enter the country name, state or province name and locality name, Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []:Enter the organization name and Organizational unit name. Common Name (eg, your name or your servers hostname) []:Enter the common name.
33-3 Cisco Prime Network 4.3.2 User Guide Chapter 33 Managing Certificates Importing Certificate Authority or Self-Signed Certificate Import a Certificate Authority (CA) signed certificate or self-signed certificate by using Import CA/Self-Signed Certificate option. You can either import the generated self-signed certificate or import a certificate generated by another system or third party by copying the .pem and .key (private key) files to the $ANAHOME/scripts/CSR directory. The .pem file provided is exported into PKCS12 format, and then converted to JKS format. The JKS file can be imported into Tomcat. Step 1Execute $ANAHOME/local/scripts/selfsignedcert.pl as PN user. Step 2Choose the Import CA/Self-Signed Certificate option and press Enter. Step 3Specify values for the following parameters and then press Enter: Table 33-2 Parameters and Description Email Address []:Enter the email address. A challenge password []: An optional company name:(Optional) Enter a challenge password and an optional company name.CSR generated successfully (/export/home/pn430/scripts/ CSR/cisco.com.csr) Use the CSR to obtain a certificate in PEM/CER format from a CA (Certificate Authority). New self-signed certificate in PEM format generated (/export/home/pn430/scripts/ CSR/cisco.com.pem) Table 33-1 Parameters and Description Parameter Description Display Message Parameters Description Domain Name [cisco.com]:Enter the domain name. CA/self-signed certificate (.pem/.cer) file path:Enter the path to the CA signed certificate or self-signed certificate. private key file path:Enter the path to the private key. keystore password:Enter the Java KeyStore (JKS) password to set. The following confirmation messages might appear, enter Yes or No to proceed further. Existing certificate will be erased, wa.nt to proceed (Yes/No):Enter Yes to proceed or No to exit. Prime Network and Operation Report restart required applying certificate, do you want to restart (Yes/No):Enter Yes to proceed or No to exit. If you enter yes then a message similar to the following one appears: Restarting Prime Network and Operation Report............................................Done Certificate $ANAHOME /scripts/CSR/cisco.com.pem imported to server successfully.
33-4 Cisco Prime Network 4.3.2 User Guide Chapter 33 Managing Certificates