Cisco Prime Nerk 43 User Guide
Have a look at the manual Cisco Prime Nerk 43 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
3-21 Cisco Prime Network 4.3.2 User Guide Chapter 3 Setting Up Change and Configuration Management Enabling SSH Resync on VNE and CCM Synchronization of SSH Key in CCM When communicating with the device, Cisco Prime Network CCM operations use the SSH keys that are stored in the known_hosts file. This file is available in the /.ssh/known_hosts directory. If there is a mismatch in the SSH key and if the automatic key synchronization feature is enabled, then the Cisco Prime Network CCM script synchronizes with the device automatically. After which, the CCM script connects without server-side authentication, learns the new SSH keys, and updates the new keys in the known_hosts file for further communication. If there is a mismatch, then the automatic key synchronization feature should be enabled to synchronize with the SSH keys. Common Settings for Key Resync for SSH-VNE and CCM Follow the prerequisites to enable key resync for SSH VNE and CCM: Enabling Server Authentication Settings, page 3-21 Enabling SSH key synchronization, page 3-21 Enabling Server Authentication Settings To enable SSH settings, follow the steps provided below: Step 1Log on to the Administration client. Step 2Click New to open the New VNE window. Step 3Click the Telnet/SSH tab and check the Enable check box. In the Telnet/SSH window, once the Enable option is checked, the other options such as Protocol, Port, Prompt, and Mask are also enabled. Step 4From the Protocol drop-down list, choose the SSHv2 option to open the SSHv2 pane. Step 5In the Server Authentication drop-down list of the SSHv2 pane, choose save-first-auth mode. The server authentication is set. Enabling SSH key synchronization SSH key synchronization is defined in device protocol reachable settings. To enable the SSH key synchronization, follow the steps provided below: Step 1Log on to the Administration client. Step 2From the To o l s menu, choose Registry Controller to open the Registry Controller window. Step 3In the Registry Controller window, expand the Device Protocol Reachability node. Step 4Click Te l n e t to open the Te l n e t pane. Step 5Choose Tr u e from the Enable Re-Sync SSH Keys drop-down list. The SSH key synchronization is enabled. By default, the Enable Re-Sync SSH Keys option is set to False.
3-22 Cisco Prime Network 4.3.2 User Guide Chapter 3 Setting Up Change and Configuration Management Enabling SSH Resync on VNE and CCM Verifying SSH key Resync on VNE To verify SSH key resync on VNE, follow the steps provided below: Step 1Model the VNE using SSHv2. Refer Enabling Server Authentication Settings, page 3-21. Step 2Enable resync on the device. Refer Enabling SSH key synchronization, page 3-21. Step 3Log into the device, and change the key in the device. NoteFor VNE, a DSA key change is to be performed by using the crypto key generate dsa command. Refer the Configuring SSH topic (Steps 5 and 6 under the Detailed Steps section) of the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide. Step 4In the PN Admin/Vision client, right-click the VNE and restart by selecting Stop VNE followed by Start VNE options to reflect the actual state of the VNE. To ensure the key resync on VNE If the device key is changed and the resync is set to true, after restart-In the VNE status tab, the Investigation State would be Operational and the CLI state under Telnet/SSH Connectivity also would be Operational. If the key is changed and resync is set to the default value of false, after restart-The VNE status tab would update the Investigation State to Currently Unsychronized, and the Telnet/SSH Connectivity CLI State to Down and Description as Protocol failed to connect to host. Verifying SSH key Resync on CCM To verify SSH key resync on CCM, follow the steps provided below: Step 1Model the VNE using SSHv2. Refer Enabling Server Authentication Settings, page 3-21. Step 2Enable resync on the device. Refer Enabling SSH key synchronization, page 3-21. Step 3Login to the device, and change the key in the device. NoteFor CCM, an RSA key change is to be performed using the crypto key generate rsa command. On setting the resync value to true, the RSA key entries sync with the device and are updated in the known_host fi l e s o t h a t t h e C C M o p e r a t i ons become successful. On setting the resync value to false, the CCM operations would fail. Step 4Login to the CCM Dashboard, navigate to the CCM page, and choose any CCM operation such as Backup/Restore. Step 5From the VNEs listed, select the required VNE on which the operation needs to be performed. To ensure the key resync on CCM If the resync value is set to false, then any CCM operation performed would fail. If the resync value is set to true, then any CCM operation performed would succeed. Known Limitation for CCM
3-23 Cisco Prime Network 4.3.2 User Guide Chapter 3 Setting Up Change and Configuration Management Enabling SSH Resync on VNE and CCM On performing a DSA key change, the DSA key entries are not updated in the known_host files. However, this does not impact any CCM operation. In other words, irrespective of the resync value (true or false), the CCM operations are always successful.
3-24 Cisco Prime Network 4.3.2 User Guide Chapter 3 Setting Up Change and Configuration Management Enabling SSH Resync on VNE and CCM
CH A P T E R 4-1 Cisco Prime Network 4.3.2 User Guide 4 Setting Up Vision Client Maps Vision client maps display devices and their physical and logical relationships, including relationships with logical NEs such as services. From a map, users can drill down into both the physical and logical NE details and perform other operations, such as launching command scripts and external applications. These topics explain how to set up maps: Workflow for Creating a Map, page 4-2 Creating a New Map and Add NEs to the Map, page 4-3 Applying a Background Image To a Map, page 4-12 Grouping Network Elements into Aggregations, page 4-7 Labelling NEs to Associate Them with Customers (Business Tags), page 4-9 Adding a Static Link When a Network Link is Missing, page 4-13 Changing Vision Client Default Settings (Sound, Display, Events Age), page 4-15 Changing You Vision Client Password, page 4-16 Whether you can perform these setup tasks depends on your account privileges. See Vision Client Permissions, page B-1 for more information.
4-2 Cisco Prime Network 4.3.2 User Guide Chapter 4 Setting Up Vision Client Maps Workflow for Creating a Map Workflow for Creating a Map Use maps to highlight different segments of your environment. For example, you could create one map to display the BGP architecture and relationships between NEs, and another map to display the physical connectivity of the network. You can create maps that cover specific network segments, customer networks, services, or any other mix of network elements required. Network maps provide a graphic display of active faults and alarms and serve as access points for activating services. When you create a map, it is saved in the database and made available to other users if they have sufficient access and security privileges. When you delete a map, it is removed from the database. You can only perform these tasks if you have the required privileges. See Vision Client Permissions, page B-1. The following table provides the basic workflow for setting creating maps. After creating a map and adding devices to it, you can view the NE properties as described in Opening Maps, page 7-2. Description See: Step 1Launch the Vision client and create an empty map using a name that reflects the map purpose, and add elements or services to the map.Creating a New Map and Add NEs to the Map, page 4-3 Step 2Apply optional customizations to the map: Group NEs into aggregations, which are displayed as a single entity by default (but can be opened for NE details).Grouping Network Elements into Aggregations, page 4-7 Apply a layout or drag NEs to a desired layoutApplying a Layout to a Map, page 4-7 Label important NEs by creating and applying business tags, allowing users to search for NEs using labels created for your deployment’s needs.Labelling NEs to Associate Them with Customers (Business Tags), page 4-9 Apply background images to maps.Applying a Background Image To a Map, page 4-12 Step 3Create logical links to ensure that correlation flows are not interrupted.Adding a Static Link When a Network Link is Missing, page 4-13 Step 4Adjust Vision client settings that affect maps (audio alarms, display defaults, and so forth).Changing Vision Client Default Settings (Sound, Display, Events Age), page 4-15 Step 5(Optional) Create ticket (or event) filters and save them so you can use them as needed. The following table describes how regular and resynced events detail are displayed in Prime Network:, page 11-6 Step 6Check the global settings that can impact map operations (for example, whether users can view maps created by others).Check Global Settings for Vision Client Maps, page 4-14 Step 7(Optional) Extend the Vision client to model and display additional NE properties; support new devices, software versions, and modules; display commands that users can launch from an NE’s right-click menu; launch external applications; integrate with northbound applications; and many other customizations.Extending Prime Network Features, page 2-6
4-3 Cisco Prime Network 4.3.2 User Guide Chapter 4 Setting Up Vision Client Maps Creating a New Map and Add NEs to the Map Creating a New Map and Add NEs to the Map Naming Your Maps The name you assign a map is a significant way to organize the NEs in your network. Use these guide4.3.2 when naming maps: Give each map a specific function. For example, do not mix network and service elements together in a map. Give each map a name that reflects the map function, such as: –Core Devices for a network map named –MPLS for a service map named Step 1Launch the Vision client. Step 2To create a new map, choose File > New Map in the Vision client main menu and enter a map name that reflects the map function. To add elements to the map, do one of the following: Creating a Service Map This procedure explains how to locate services in the network so you can add them to a map. When Vision client users open the map, they will only be permitted to view a service if the NE associated with the service is in their device scope. If you have a very large network, you can alternatively generate a service report by choosing Reports > Run Report > Network Service Reports and choosing Ethernet Services, Pseudowire, or VPLs. If You Are Using Prime Network:Launch the Vision client by choosing: As part of suiteAssure > Prime Network > Vision from the REPLACE main menu bar As a standalone applicationStart > Programs > Cisco Prime Network > Cisco Prime Network Vision from your local machine For this map function: Examples See: A map of services in the networkCross connects, Ethernet services, MPLS-TP tunnels, pseudowires, unassociated bridges, VLANs, VPLs, VPNsCreating a Service Map, page 4-3 A map of the network’s physical topologyCore devices with their physical linksCreating a Physical Topology Map, page 4-4 A map of NEs that are connected using a specific type of linkData links: ATM, Frame Relay Tunneling: GRE, Layer 2 TP, pseudowires, MPLS-TE, GRE Tunnels Protocol architectures: BGPCreating a Special-Purpose Map, page 4-5
4-4 Cisco Prime Network 4.3.2 User Guide Chapter 4 Setting Up Vision Client Maps Creating a New Map and Add NEs to the Map Step 1Choose File > New Map, and enter a map name that reflects the service. Step 2Click the tab for your new map and choose File >Add to Map. The following figure shows the service types you can choose. If you choose VPN > New, the Create VPN dialog box is displayed. For information on creating a VPN, see Creating a VPN, page 17-22. Step 3Choose a service (such as VPLS) and Prime Network displays all services of that type. Step 4If you are working with a very large number of NEs that are affected by the services, click Search. The search criteria depends on the entity type. For example, you can search for Ethernet Services by the system name, pseudowires by their role, and so forth. Step 5Choose the services and click OK. Creating a Physical Topology Map This procedure explains how to locate physical NEs in the network so you can add them to a map. When a Vision client user opens the map, they will be able to see the map devices, but devices outside their device scope will be displayed with a lock icon. If you have a very large network, you can alternatively generate a service report by choosing Reports > Run Report > Inventory Reports and choosing a hardware report. Step 1Choose File > New Map, and enter a map name that reflects the map purpose (such as Core Devices). Step 2Choose File >Add to Map > Network Elements. Step 3Click Search to find NEs by their vendor, element type, IP address, and so forth; or click Show All to list all NEs. A locked device icon means the device is not in your scope. For example, to find all Cisco 7600 series routers, click the Filter button, choose Element Type as your filter criteria, and enter 76 in the text box.
4-5 Cisco Prime Network 4.3.2 User Guide Chapter 4 Setting Up Vision Client Maps Creating a New Map and Add NEs to the Map Step 4Choose the NEs and click OK. Creating a Special-Purpose Map You can create a special-purpose map by selecting specific link types for your map, such as a map that shows all the BGP links in the network. TipDo not mix logical and physical links into one map because they can be displayed the same way. Link types can only be ascertained by hovering the mouse over the link. By default, Vision client users will only be able to view links if both link endpoints are in their device scope. (This can be changed using the Registry Controller; see the Cisco Prime Network 4.3.2 Administrator Guide.) Keep in mind that this procedure effectively filters in or filters out certain link types. If subsequent users want to filter the map, the links offered for filtering are limited to what you specify in this procedure. Step 1Choose File > New Map, and enter a map name Step 2In the Create Map dialog box, and click Advanced. The Link Filter dialog displays link types, as shown in Figure 4-1.
4-6 Cisco Prime Network 4.3.2 User Guide Chapter 4 Setting Up Vision Client Maps Creating a New Map and Add NEs to the Map Figure 4-1 Link Filter Dialog These are some examples of what you can create using the various link types: Process map with all BFD links Traffic map with all Frame Relay links Tunnel map with all GRE tunnels The link type also determines the algorithm Prime Network will use for the may layouts (symmetrical, orthogonal, and so forth). Step 3Check the link type you want to include in your map and click Apply to apply the defined link filter settings and continue with more selections. Step 4Click OK when you have completed your selections. Step 5In the Create Map dialog box, enter a name for the new map and click OK. An empty new map is displayed in the navigation pane and content area, and the map toolbar displays the Link Filter Applied button, which indicates that a link filter is currently applied to the map. Step 6Add the required elements to the map by choosing Choose File >Add to Map. Indicates a link filter is currently applied to the map. If you want to clear the filter, click this icon and choose None from the Group drop-down list.