#clmel
Using Prime to Manage Wireless LAN Deployments
BRKEWN-2011
Tjie Seng, Njauw
Consulting Systems Engineer
2
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Session Agenda
Introducing Cisco Prime Infrastructure
Installation and Initial Setup
Planning and Deploying a Wireless Network (planning tool, AirMagnet/Ekahau integration)
Configuration Tools
Monitoring the Network
Tools and Troubleshooting
Reporting
Advanced Topics
3
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Session Objective
This session focuses on Cisco Prime Infrastructure (PI) as a deployment, management, and troubleshooting tool for Cisco Unified Wireless and wired (access) networks. Attendees are required to have familiarity with basics of PI installation; topics covered in this session are, but not limited to: deployment options with PI (templates, auto-provisioning); operational insights, system dashboards, trends, alarms; drill-downs, cross-linked intuitive workflows to monitor client related information; enhanced reporting interface design and customisation abilities.
4
Introducing Cisco Prime Infrastructure
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Cisco Prime Infrastructure
Single platform for consolidated management of wired and wireless access infrastructure and endpoints
Extends the functionality of Cisco WCS/NCS, provides complete lifecycle management of wired and wireless access networks
Provides monitoring of endpoint security policy integration with Cisco Identity Services Engine (ISE)
All functionality in Cisco WCS/NCS is also supported in PI
6
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Cisco Prime Infrastructure Where It Fits In The Network
7
NMSP over SSL
Cisco Prime
Infrastructure
Cisco Wireless LAN
ControllerCisco
Mobility Services
Engine (MSE)
Access
Point
Location API via
SOAP/XML over
HTTPS
3rd-party location
applicationHTTPS
Client Browser
Active
RFID Tag
Wireless
Client
API
ISE
Installation and Initial Setup
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Virtual AppliancePhysical Appliance
Appliance Delivery Models
9
Application &
Components
OS
Cisco-branded
Hardware
(1RU)
Cisco
Provided
Application &
Components
OS
Cisco
Provided
Customer
Provided
Virtual Infrastructure
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Initial Setup
Setup script
Guides network administration through set of questions for setting basic parameters
Changes to set parameters can be made at a later time via CLI
Secondary (HA) server setup
Same software is configured during setup for primary of secondary operation
Server configured for primary operation cannot be reconfigured for secondary operation (or vice versa)
- appliance needs to be reinstalled and configured for secondary operation
10
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Prime Infrastructure 2.X: Virtual OVA ServerVirtual
Appliance Size
Virtual
CPU
Memory
(DRAM)
HDD Size Throughput
(Disk I/O)
Max
Concurrent
Clients/Users
API
Clients
Express 4 12 GB 300 GB 200 MBps 5 2
Custom
Express8 16 GB 600 GB 200 MBps 10 2
Standard 16 16 GB 900 GB 200 MBps 25 5
Pro 16 24 GB 1200 GB 200 MBps 50 5
Mapping of PI 1.x to 2.x
OVA/Bundle/SKU
PI 1.x PI 2.x
Small Express
Medium Express or Custom Express
Large Standard
Extra
Large
Pro
If using a Small or Med OVA from PI 1.2/1.3 and have not
significantly added more devices or turned on new features,
can migrate to the Express OVA. All current numbers of
scale with PI 1.2/1.3 will carry forward to PI 2.x
** Important Field Notice **
11
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Prime Infrastructure 2.X ( Gen 1 )Physical Appliance and Mapping
If your customer is using the PI Physical Appliance with PI 1.2/1.3 and have not significantly added more
devices or turned on new features, they can migrate to PI 2.1 with the same number of APs or devices.
** Important Field Notice **
In PI 2.1, the PI Physical Appliance maps to the Standard OVA (for scalability purposes) Physical Appliances are field upgradable Prime Infrastructure Appliance comes pre-installed with Prime Infrastructure 2.0 Deploying Cisco Prime NCS Virtual Appliance on CiscoWorks Wireless LAN Solution Engine (WLSE)
models 1130-19 or 1133 is not supported.
Physical
AppliancePhysical CPU Memory HDD Size
Throughput
(Disk I/O)
Max. Web
Clients
Max. API
Clients
Cisco Prime Appliance
2 CPUs
8 Cores (16 Threads)
16 GB
900 GB
(4x300GB RAID5)
200 MB/s 25 5
12
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Prime Infrastructure 2.x Scaling/Sizing Guidelines
Equiv PI 1.x => SmallSmall/Mediu
mLarge
Extra Large
PhysicalAppliance
PI 2.x => ExpressCustom Express
Standard Pro Physical
Devices
Max Unified AP 300 2,500 5,000 20,000 5,000Max Autonomous AP 300 1,000 3,000 3,000 3,000Max WLAN Controllers
5 50 500 1,000 500
Max Wired (Switches, Routers)
300 500 6,000 13,000 6,000
Max MSE 5 10 25 25 25NAMs 5 5 500 1,000 500Max Number of Devices
500 3,000 10,000 24,000 10,000
Clients
Wireless (Roaming) Clients
4,000 30,000 75,,000 200,000 75,000
Wireless (Transcient) Clients
1,000 5,000 25,000 40,000 25,000
Wired Clients 6,000 50,000 50,000 50,000 50,00013
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Equiv PI 1.x => SmallSmall /
MediumLarge
Extra Large
PhysicalAppliance
PI 2.x => ExpressCustom Express
Standard
Pro Physical*
Monitoring
Max Interfaces 12,000 50,000 25,0000 35,0000 25,000Netflow Rate (flows/sec) 3,000 3,000 16,000 80,000 16,000Events Sustained Rate (events/sec)
100 100 300 1000 300
Max NAM Data Polling Enabled
5 5 20 40 20
SystemMax Number Sites/Campus 200 500 2,500 2,500 2,500Max Virtual Domains 100 600 1,200 1,200 1,200
VM Requirements(vCPU/ Mem/ Disk / Disk I/O)
4v CPU/12GB / 300 GB / 200
Mbps
8 vCPU/16GB / 600 GB /200
Mbps
16 vCPU/ 16GB / 900GB /
200 Mbps
16 vCPU / 24GB /
1200GB / 200 Mbps
16 Threads / 16GB /
900GB (w/ RAID 5) / 200 Mbps
VMWare ESX Requirements ESXi 4.1 or 5.0ESXi 4.1 or
5.0ESXi 5.0 ESXi 5.0 N/A
14
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Virtual Machine Sizing
15
With Hyper-threading 1 core = 2 threads = 2 vCPUs; Without Hyper-threading 1 core = 1 Thread 1 vCPU
Custom Express OVA is not available as a downloadable OVA. Customers can start with Express OVA and customise with specified
parameters for # of vCPU, RAM Size, Disk Size: Refer to:
https://supportforums.cisco.com/docs/DOC-37253
Custom express OVA can be used to deploy Assurance along with Prime Infrastructure Lifecycle licenses
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Browser Support
Note:
It is strongly recommended to use a client with at least 4 GB or more; more memory helpsend-user experience
Clearing browser and flash cache helps; use the latest version of Adobe Flash
Browser Version Notes
Internet Explorer 10, 11Plug-in is not required for Lobby
Ambassador user
Mozilla Firefox 30 or laterLatest version may work, but may
not have been tested
Mozilla Firefox ESR 17 or 24ESR is stable version w/ less
frequent updates
Google Chrome 30 or laterLatest version may work, but may
not have been tested
16
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Scaling
With Hyper-threading 1 core = 2 threads = 2 vCPUs;Without Hyper-threading 1 core = 1 Thread = 1 vCPU
Custom Express OVA is not available as a downloadable OVA. Customers can start with Express OVA and customise with specified parameters for # of vCPU, RAM Size, Disk Size: Refer to:
https://supportforums.cisco.com/docs/DOC-37253
Please note: the scale numbers are generally soft limits and are provided as deployment guidelines for each of the OVA sizes and physical appliances
17
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
OVA Migration to PI 2.X Matrix
Pre-2.1 Physical/Virtual
ApplianceMaps to
WCS 7.x Standard OVA1
Physical Appliance Physical Appliance2
Small Express OVA
Medium Express OVA
Large Standard OVA (for Netflow Rate 16K flows/sec, move to Pro instead of Standard
18
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
WCS/NCS/Prime Infrastructure - Migration Path Summary
Upgrade
to PI 1.2.1
Upgrade to
NCS 1.1
WCS7.0.164.3
7.0.172.0
7.0.220.0
7.0.230.07.0.240.0
NCS1.0.1.4
1.0.2.29
1.1.0.58
1.1.1.241.1.2.12 SR-X*
NCS/PA-WAN1.1 (1.1.0.1114)
1.1.1 (1.1.0.1116)
CPI
1.2.0.1031.2.1.12
Upgrade
to PI 1.3
Inline upgrade
Need to install a
patch
DB Migration
License Migration
Upgrade
to PI 2.1
CPI
1.3.0.20
Requires Patch
ncs_1_1_1_24-Update.13.4.tar.gz
CPI
2.1.0.85
* Requires special patch to migrate forwards
19
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Migration, Maintaining DB Integrity
Step 1 - Older WCS upgrade to WCS 7.0.230.0
Step 2 - WCS 7.0.230.0 upgrade to NCS 1.1.1.24
Step 3 - NCS 1.1.1.24 load patch ncs_1.1.1.24-Update.13.4.tar.gz
Step 4 - NCS 1.1.1.24 (patched) upgrade to PI 2.1.0.85
Not all content is migratedAll Events, Certain Reports (AP Image Predownload, AP Profile Status, AP Summary, Client Count, Client Summary, Client Traffic, PCI Report, PCI Compliance Detailed and Summary reports, Preferred Call Network Summary report, Rogue APs, Adhoc Rogues, New Adhoc Rogues, Security Summary, and Guest Session reports). Dashboard customisation.
Also RADIUS/TACACS server IP and credentials and root password are not migrated
Non-root users and their credentials are migrated. Also, client historical session information will be migrated.
20
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Initial Setup
21
Setup script guides network administration through set of questions for setting basic parameters
Changes to set parameters can be made at a later time via CLI
Secondary (HA) server setup (no additional licensing costs)
Same software is configured during setup for primary or secondary operation
Server configured for primary operation cannot be reconfigured for secondary operation (or vice versa)
- software must be reinstalled to be configured for secondary operation
Licensing based on (v)UDI (Unique Device Identifier) of primary server
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
High-Availability - Components and Operation
22
At the heart of the high-availability design is the Health Monitor (HM) Process
Other components in Prime are JVM (PI), Database, and Apache webserver
HM is sub-divided into smaller components: Core HM: Configures, maintains state and starts/stops the HA configuration
across Prime servers
Heartbeat: Responsible for maintaining communication between the primary and secondary servers (over HTTPS, port 8082); timeout is set to two (??) seconds, with three retries
Application Monitor: Communicates with the Prime framework components on the primary server
DB Monitor: Configures database replication
File Sync: Identifies file changes, compression, and statistics maintenance
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Cisco Prime Infrastructure High Availability
23
When an active (primary) Prime fails, secondary Prime takes over operations for the failed primary Prime and continues to provide service.
If the standby Prime doesnt receive 3 heartbeats (timeout=30 seconds) then either the standby Prime will become active (automatic failover) or email will be sent to network admin (manual failover)
Failover (primary to secondary) can be automatic or manual
Failback (secondary to primary) is always manual
Active Standby
Database replication
HeartbeatHeartbeat
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
High-AvailabilityThings to Know
24
Both the primary and failover Prime servers should run the same software version
Both the primary and failover Prime servers should be the same size
Email server and receiver must be configured (used for notifications)
For communication between the primary and secondary, HM port must be allowed through firewall if firewall is in the path between primary and secondary servers
Failover mode must be carefully selected (and remembered): manual vs. automatic
Authentication key is created during the install, and is used by the primaryand failover Prime servers for communication(and also logging into the HM web page)
HM available at: https://:HMport (e.g.: https://10.10.10.20:8082)
Planning and Deployment
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Site Grouping
26
Sites can be organised into a hierarchy of Campuses and Buildings
Sites allows for Devices, Traffic, End-users and Alarms/Events to be organised based on the physical structure of the network
Users of Prime Infrastructure can be assigned to manage specific groups of Sites, called Virtual Domains based on their responsibilities
The Monitoring Dashboards allows all the data collected by Prime Infrastructure / Prime Assurance to be viewed based on Sites
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Adding Devices to Sites and Groups
27
Operate > Device Work Centre
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Virtual Domains
28
Virtual Domain consists of a set of devices and/or sites
user view can be restricted to information based on virtual domain
user can add new virtual domain by navigating to Administration > Virtual Domains
To add users, navigate to Administration > User Roles & AAA.
User can be added and assigned predefined static roles. Besides complete access, you can give administrative access with differentiated privileges to certain user groups
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Virtual Domains
29
Hierarchical Domains Selected users have access to individual domains
Top (root) user has complete access to all domains
Standard Prime Infrastructure features for all domains
Distributed Router Deployment Dedicated Router per virtual domain
Configuration and monitoring of Router allowed at individual domain level
Centralised Router Deployment Shared Controller (e.g.: ISR,) across multiple
virtual domains
Only monitoring views for particular domain; configuration of shared ISR at topmost domain
SW 1
ASR 1ASR
2ASR 3
SW 3
ISR
6
ISR
5
ISR
11
ISR 12
ISR 10
MarketingPurchasing
Engineering
Virtual Domains - Organisation Name
Bldg 1
Remote Site #1 Bldg 4
Campus A Campus C
Virtual Domains - Geographic Regions
Remote Site #2
Bldg 3
Bldg 2
Bldg 5
Bldg 6Bldg 8
Blgd10
Bldg 9Bldg 7
Campus B
ISR
7ISR
8ISR
9SW 2 SW 4
Root Domain
Root Domain
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public 30
Network PartitioningProvides the capability for PI to be segmented by network elements (controllers, APs, switches, maps).
Partitioning GranularityAlarms, reports, searches, applied templates, config groups are virtual domain aware.
User-Level ControlGranular control of user/admin privilege level (defined in PI and RADIUS/TACACS).
Virtual Domains vs. Roles
30
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public 31
Virtual Domain Setup
Define to network
components (maps,
wired/wireless devices)
in virtual domain
Assign virtual domain to
user to limit user-level
visibility and control.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Virtual Domain Roles: User Setup
32Cisco ACS Cisco PI
Assign virtual
domain to user to
limit user-level
visibility and control.
User accounts
provides
granular level
of user access.
Configuration Tools
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Controller Template LaunchPad
34
Tree-based hierarchy continues to
exist as left-hand navigation
All-in-one, high-level view of
template categories in PI which
may be expanded or collapsed for
easier navigation and viewing
Each template provides a callout icon
which, on mouse-over, provides easy
to understand description of what the
template is and how it may be used to
configure certain attribute(s).
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Templates: Discovery From Controller
35
Templates are added to PI database when a WLC is first added to PI
Template names can be changed to more meaningful names after discovery
Additional configuration changes on the WLC may be pulled in to PI via the Discover templates from controller option
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Configuration Config-Groups Overview
36
What Are Config-Groups?
An easy way to group controllers logically
Provides a way to manage controllers with similar configurations
Extract templates from existing controller to provision
Schedule configuration sets
Cascade Reboot
Manage Mobility Groups, DCA, and Configuration Auditing
When Are Config-Groups Used?
Group sites together for easier management for:
Mobility Groups
DCA and Regulatory Domain Settings
Schedule remote configuration changes
Groups sites to ensure compliance with configuration policies
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Configuration-Groups How-To: Setup
37
Select and add later: Only create the config group and then add controllers and
templates at another time
Copy Templates from controller: Copy templates from one of the controllers
currently in PI and then apply them to
controllers in this config group.
Note: if controllers templates are not already discovered, they can be
discovered from the Configure Controllers page
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Configuration-Groups: Things to Remember
Template order is very important!
Background audit is performed during network and controller audit
Background audit and audit enforcement can only run when template-based audit is selected (under AdministrationSettings)
WLC(s) may be part of multiple configuration groups so be careful while setting mobility group names
38
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Automatic audits based on
configuration syncbackground task.
Specify frequency of audit
Allows easy reconciliation in the event of a configuration mismatch
Helps ensure WLCs comply with configuration policies
ConfigurationAuditing
39
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Quick Audit Summary and Reconciliation
40
Audit Summary
Restore or Maintain Config
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Audit Settings
Audit Mode Basic Audit: Perform an audit on current WLC configuration and compare it
with the configuration in PI
Template-Based Audit: Perform an audit on current WLC configuration with respect to applied templates, config groups background templates and then the configuration in PI
Audit On All Parameters: Audit on entire WLC configuration
Selected Parameters: Audit on selected parameters from the templates
41
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Scheduled Image Download to Controller
42
Provides option to schedule software download (FTP/TFTP) to controllers.
Task can be saved for future scheduling.
Reboot can be scheduled at a future date/time.
Email notification can be sent after completion of download.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Configuration - Maps
Why Maps?
Track wireless clients and tags, and play location history across campus
Track and mitigate rogue devices
Display Chokepoints
Display Mesh AP relationships
Integrate outdoor wireless mesh with Google Earth
Represent wireless coverage on campus, and plan for growth
View Channel and Tx Power plans provisioned by RRM
View AP and RF Profile at the floor level
Provision and display coverage areas, markers and other objects and use them with location notifications
Post-Deployment: VoWLAN and Location Readiness tools
43
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Map Export/Import
44
Provides ability to export maps from source WCS/NCS/PI servers to destination PI server.
Can select all maps or subset. Export/import of map includes both map and APs
placed on map.
Option to export calibration information. Exported via tar gzipped XML file. Import process ungzips/untars XML file automatically.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Adding APs to Maps
AP Discovery
This can be dynamic or manual depending on AP naming syntax used and how APs are physically deployed
Manual
self explanatory and with a small number of APs probably the most typical way for deploying and selecting AP for positioning on MAPs with large multi site deployments impracticable, time consuming and prone to error
Dynamic
Using Hierarchy Naming convention based on Campus, Building Floor and Device automates a complex time consuming process APs require naming before importing into the data baseDoes not eliminate final map APs x and y position
45
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Hierarchical AP Provisioning
Select Hierarchy Creation
Use Sample AP Name for
Syntax
46
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Maps Layout
47
Hierarchical
Layout for easy
navigation
Default View of Campus,
Buildings, and Floors can be
easily changed with the
Quick Filters
Adding Campus or Buildings are
made easy with the drop-down
menu actions through an easy
wizard that walks you through
provisioning floor plans and APsBuilding view provides a
quick glance in to floorsstatus and alarm summary
for easier troubleshooting
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Maps Layout CleanAir
48
Quickly filter on
subset of interferers
on floor.
Can specify other
parameters: severity
level, zone of impact.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
New Maps - Interferer Clusters
49
Interferers that are in close
proximity to one another
are displayed as cluster.
Allows user to see
interferer details.
Interferer details can
be optionally
displayed.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
New Maps Client Clusters
50
New UI clusters clients that
are in close proximity to one
another.
Workflow allows user to see
specific client information.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Real-Time Heatmaps
Based on AP-to-AP RSSI measurements
Predictive (legacy) heat maps still supported
Provides graphical view of RSSI based on set of nearest APs vs. AP transmit power (predictive heat map)
Configurable options for real-time heat maps:
Min. number of APs
Recompilation interval
51
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Can view list of
neighbouring APs and RSSI value that they
hear the selected AP
Real-Time Heat Map
52
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Real-Time Heat Map
53
Provides list of
neighbouring APs and RSSI value
that hear the selected AP
Monitoring The Network
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Monitoring Dashboard Concepts
Canned tabs of high-level system views
Ability to add/remove tabs
Ability to add/remove components within tabs
Customise individual components
Introduction of trending information at system level
Quick drill-downs
55
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Information Layout and Workflow Concepts
Presents many intuitive ways to arrive at information
Ability to drill-down to an individual client-level detail from dashboard
Ability to drill-down with the help of Quick Filters
Ability to sort on different attributes in client list pages
Ability to perform and save intelligent searches
Ability to customise list layout, items per page and content
Perform advanced context-sensitive actions (such as launching a report from AP page) from page drop-downs
56
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Dashlet Customisation
57
Customisation
per dashlet
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Finding Data Search Capability
58
PI and MSE represent a large data store
How does admin filter on what category of data they are looking for?
PI provides Advanced Search capability
Search categories: alarms, access points, controller licenses, switches, clients (wired, wireless), chokepoints, events, interferers, wifi TDOA receivers, maps, rogue clients, shunned client, RFID tags
Various filter criteria depending on search categories
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Basic Search Searches for: clients, devices (APs, controllers, switches), rogues (AP, ad hoc), alarms.
Output is categorised.
Advanced Search Multiple search categories and criteria (alarms,
APs, controller licenses, switches, clients, chokepoints, interferers, TDOA receivers, maps,
rogue clients, shunned clients, RFID tags).
Searches can be saved for future use.
Search Basic Versus Advanced
59
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Using Search
60
Global Search Capability
Searches can be performed on partial input
Search output provides configuration and monitor links
based on device type found
Search parameters include IP Address, Usernames, MAC
Addresses, SSIDs ,Rogues and
AP Names
Advanced searches can be saved
for easy future reference and use
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Finding Data Interferers
61
Customised
search for
interferer criteria
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Finding Data Client Search
62
Use case: search for all authenticated wireless clients (802.11n, 5 GHz) on SSID blizzard
Customised search for
specific client criteria
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Monitoring - Client-Related Workflow
Common Steps in a Troubleshooting Scenario:
Lookup a client: MAC Address, Username, IP Address, Client type, Client state, From AP Details Page (example below)
Where is the client now (and how is their RF profile)
Where has this client been (Location playback, session and AP history)
Active troubleshooting
63
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Monitoring: Client Details1
64
Basic Client Propertiescan be expanded for further details
Client Association, Session
History and Roam Reason
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Monitoring: Client Details2
65
Client AP Association History
Signal Statistics History
Client Data Rate History
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Information: Location
66
Provides location
information based
from MSE
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Information: Location History
67
Provides the ability
to play back location
history of client.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Troubleshooting: Wireless Client
68
Status of client
connectivity
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Troubleshooting: Wired Client
69
Client status with
recommended
troubleshooting
steps
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Troubleshooting Tool
An easy way to identify client-related issues from within PI, without the need for extensive WLC debugs
Look at the clients current state (and at what stage of the connection they might be having issues at)
Allows for real-time troubleshooting and log retrieval from the WLC
Allows for looking up historical, and relevant client and AP events
Allows integration with ISE for authentication log retrieval
Common problems:
Watch out for misconfigured clients (common areas are WLAN profile settings, authentication and encryption settings, and any advanced extensions that might not be required
Ensure WLC settings match the provisioned client profiles (security, SSID broadcast, WLAN override, etc.)
Ensure data rate settings on the WLC (Mandatory, Supported and Disabled rates)
Look for client exclusion settings (easy way to find excluded clients is via the quick filter in MonitorClients page
70
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Sleeping Client
71
Prior to WLC 7.5 release, client device connected to the WLC on web-auth enabled WLANs has to enter login credentials every time the client goes to sleep and wakes up.
In WLC 7.5 release, client entry is cached for a configurable duration (up to 30 days / 720 hours)
Sleeping interval is configured on a per WLAN basis
When exceeding the user-idle timeout, client database entry is moved to a cache section of the database for the duration of the cache duration
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Enable sleeping client
and timeout value in
WLAN template
Sleeping Client Configuration
72
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Tracking Clients
73
Create policy for tracking one
or more clients detected on
the network
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
MonitoringAlarms and Events
What Are Events? An occurrence of a condition (or change in condition) in the network managed by PI
Not necessarily generated for every condition but could be a result of a pattern or threshold match by the WLC
Events may not be useful in their raw form (unless troubleshooting, for example) and usually need further processing
What Are Alarms? Correlated events result in alarms (PI allows looking up event history for alarms)
Both Alarms and Events are categorised by severities Critical
Major
Minor
Warning
Informational
74
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
PI - Alarms and Events
Single page view of alarms and events for wired and wireless
Persistent alarm summary and browser
Quick and Advanced Filtering
Advanced search capabilities
75
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Alarms Browser
76
Alarms sorted by Categories
and Severities are hyperlinked
to allow quick drill-down
On-demand refresh
and view
customisation
Persistent Alarm Summary
toolbar. Expands to display
alarm categories.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Alarm Details
77
Provides filtered view of alarms
for wired and wireless
Expandable view for
each alarm for details
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Northbound Event Notifications
Cisco Wireless LAN Controller
Cisco Prime Infrastructure
NetworkManagementSystem (NMS)
NorthboundSNMP Receiver
SNMP Agent (sends notifications only)
SNMP Manager (does GET/SET, receives traps)
SNMP Agent
SNMP
SNMP
78
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
PI + ISE: Client Posture and Profiling
79
Client authenticated using 802.1x
via ISE
ISE determines client to be
Microsoft Workstation based
on device fingerprinting
Client session
history
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
WLC - Native Client Profiling
80
WLC determines client to
be Microsoft Workstation
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Voice Audit Tool
81
Allows auditing current network configuration from a VoWLAN deployment perspective
Use default rules and thresholds based on Cisco best practices
Ability to customise the rules to match your network and requirements
Provides a simple report with a list of configuration gaps
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Voice Audit
Select/edit audit rules based on VoWLAN best
practice guidelines
Select what to
audit on (device,
floor map)
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Voice Audit
83
Report provides details
on rules that were not
met.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Voice Readiness ToolExample
84
Simple, post-deployment tool
to verify or correct AP
deployment and provides a
way to determine VoWLAN
readiness by band, and RSSI
cutoff values
2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-2011
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Location ReadinessExample
85
Simple, post-deployment tool to verify
or correct AP deployment and provides
information on what areas are under
the Cisco recommended estimates
Reporting
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Report LaunchPad
87
Report LaunchPad Easy Drill-Down
Easily navigate to
created/scheduled reports
Modify/run existing reports
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Report Customisation
88
Customise reports: select
data most relevant for
each report.
Run report immediately or
schedule to be run one-
time only or periodically.
Save report in user-
specified destination, or
mailed to one or more
recipients.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Client Summary Report - Endpoint Type
89
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
ISE Reports in PI
90
ISE reports cross-
launched from within PI
(single sign-on)
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Subset of ISE reports
cross-launched from
within PI (single sign-on).
PI + ISE Reports
91
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Application Visibility and Control (AVC)
92
AVC on a controller can classify and take action on 1039 different applications.
Two actions, either DROP or MARK, are possible on any classified application.
A maximum of 16 AVC profiles can be created on a WLC.
Each AVC profile can be configured with a maximum of 32 rules.
Same AVC profile can be mapped to multiple WLANs. However, one WLAN can have only one AVC profile.
AVC is supported on WLANs configured for central switching only.
Any application, which is not supported or recognised by AVC engine on WLC, is captured under the bucket of UNCLASSIFIED traffic.
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
AVC Application Visibility and Control
93
Application-level information -
complete visibility of applications
sending/receiving data on the
network
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
AVC Wireless LAN Controller GUI
94
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Key Takeaways
95
PI provides full lifecycle management for wired/wireless infrastructure and endpoints
Wired/wireless access infrastructure and endpoints need to be managed together
Prime Infrastructure 2.1 is the single release for AireOS and IOS based controllers supporting all current and near term future network devices
Provides license and data migration from WCS/NCS to PI
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Learning Resources - Free & Paid Resources Available!
Instructor-Led Training
3-days training available from learning partners
www.cisco.com/go/primeinfrastructure under Learn More
Electronic-Led Training
3 hours+ training available on Cisco.com
www.cisco.com/go/primeinfrastructure under Learn More
18-segment Prime Infrastructure Quick Start VoDs
2 hours+ How to series
Available on Ciscos YouTube Channel & PEC
http://bit.ly/PIQuickStartVODs
Prime Demo Series
96
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
For More Information
Cisco Prime
http://www.cisco.com/en/US/products/ps12239/index.html
Cisco Prime Infrastructure Release Noteshttps://www.cisco.com/en/US/products/ps12239/prod_release_notes_list.html
Cisco Prime Evaluation Software Downloads
Cisco Prime CCO Software Downloads
http://software.cisco.com/download
Cisco Prime Infrastructure White Papers
http://www.cisco.com/en/US/products/ps12239/prod_white_papers_list.html
http://www.cisco.com/pcgi-bin/marketplace/welcome.pl
97
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Participate in the My Favorite Speaker Contest
Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle
Two hashtags: #CLUS #MyFavoriteSpeaker
You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could be a Winner
98
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Continue Your Education
Demos
Labs
Lunch Topics
Final copy TBD
99
Q & A
2015 Cisco and/or its affiliates. All rights reserved.BRKEWN-2011 Cisco Public
Give us your feedback and receive a
Cisco Live 2015 T-Shirt!
Complete your Overall Event Survey and 5 Session
Evaluations.
Directly from your mobile device on the Cisco Live Mobile App
By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/clmelbourne2015
Visit any Cisco Live Internet Station located throughout the venue
T-Shirts can be collected in the World of Solutions
on Friday 20 March 12:00pm - 2:00pm
Complete Your Online Session Evaluation
Learn online with Cisco Live!
Visit us online after the conference for full
access to session videos and
presentations. www.CiscoLiveAPAC.com
Thank you.