Technology Work Centers in Cisco Prime LAN Management ... · Contents v Technology Work Centers in Cisco Prime LAN Management Solution 4.1 OL-23861-01 EnergyWise - Current Power Consumption

Technology Work Centers in Cisco Prime LAN Management Solution 4.1

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-23861-01

http://www.cisco.com

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Technology Work Centers in Cisco Prime LAN Management Solution 4.1 © 1998-2011 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

OL-23861-01

C O N T E N T S

Notices ix

OpenSSL/Open SSL Project iii-ix

License Issues iii-ix

Preface xiii

C H A P T E R 1 Overview of Work Centers 1-1

What’s New in LMS 4.1? 1-2

Technology Portlet 1-3

C H A P T E R 2 Managing Cisco Trust and Identity Management Solutions 2-1

Identity in LMS 2-2

Features and Benefits of Identity in LMS 2-3

Terms and Definitions in Identity 2-4

Understanding the Security Modes 2-4

Monitor Mode 2-4

Low Impact Mode 2-5

High Security Mode 2-5

Understanding Authentication Profiles 2-5

802.1x Port-Based Authentication 2-5

MAC Authentication Bypass (MAB) 2-6

Web-Based Authentication (WebAuth) 2-6

Flexible Authentication (FlexAuth) 2-6

Local WebAuth 2-6

Understanding Host Modes 2-6

Single Host Mode 2-7

Multiple Host Mode 2-7

Multiple Domain Authentication 2-7

Multiple Authentication Mode 2-7

Understanding MAC Move and MAC Replace 2-7

MAC Move 2-8

MAC Replace 2-8

Understanding Change of Authorization (CoA) 2-8

Understanding Media Access Control Security (MACsec) 2-8

Understanding the Identity Dashboard 2-10

iiiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

Contents

Identity - Authentication Trend 2-10

Identity - Authorization Trend 2-10

Configuring Identity Portlets 2-11

Identity - Security Modes Distribution 2-11

Identity - 802.1x Agentless Portlet 2-12

Identity - Authenticated Users Portlet 2-12

User Tracking Summary 2-12

Supported Devices and Images for Identity 2-15

Getting Started with Identity 2-15

Assessing Identity Readiness of Your Network 2-16

Identity-capable Devices 2-16

Identity-software-incapable Devices 2-16

RADIUS-capable Devices 2-16

Identity-hardware-incapable Devices 2-17

Configuring RADIUS 2-17

Provisioning Identity 2-20

Configuring Identity 2-21

Configuring Local WebAuth Settings 2-25

Scheduling Identity Configuration Jobs 2-26

Defining the NetConfig Protocol Order 2-29

Identity Readiness Assessment 2-29

Identity-capable Devices 2-29

Identity-software-incapable Devices 2-30

Radius-capable Devices 2-30

Identity-hardware-incapable Devices 2-30

Managing Identity Devices 2-31

Disabling Identity 2-31

Monitoring Identity 2-32

Managing Identity Jobs 2-33

Viewing Job Details 2-35

C H A P T E R 3 Managing Cisco EnergyWise Using LMS 3-1

What is EnergyWise? 3-2

Features and Benefits of EnergyWise in LMS 3-3

Understanding the EnergyWise Dashboard 3-4

EnergyWise - Power Consumption Graph 3-5

EnergyWise - Total Savings Graph 3-6

EnergyWise - Savings Trend Graph 3-7

ivTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Contents

EnergyWise - Current Power Consumption 3-8

EnergyWise - Policy Override 3-9

EnergyWise - Endpoint Group 3-10

EnergyWise - Capability Summary 3-11

EnergyWise Enabled Devices 3-11

EnergyWise Capable Devices 3-11

EnergyWise Software Incapable Devices 3-11

EnergyWise Hardware Incapable Devices 3-11

EnergyWise Supported Devices and Images 3-12

Getting Started with EnergyWise 3-18

Assessing EnergyWise Readiness of Your Network 3-18

EnergyWise Enabled Devices 3-19

EnergyWise Capable Devices 3-19

EnergyWise Software Incapable Devices 3-19

EnergyWise Hardware Incapable Devices 3-19

Enabling EnergyWise on Devices 3-20

Associating Devices to an EnergyWise Domain 3-20

Enabling EnergyWise on Devices in Disjoint Domains 3-21

Configuring EnergyWise Attributes on Endpoints 3-21

Scheduling EnergyWise Configuration Jobs 3-24


Applying EnergyWise Policies to Endpoints 3-25

Applying EnergyWise Policies to Endpoint Groups 3-26

Checking EnergyWise Policy Compliance 3-27

Managing EnergyWise Devices 3-28

Enabling EnergyWise on Devices in Disjoint Domains 3-30

Managing EnergyWise Domain 3-30

Creating EnergyWise Domain 3-32

Managing EnergyWise Endpoint Groups 3-33

Creating EnergyWise Endpoint Groups 3-35

Configuring Threshold Settings 3-36

Managing EnergyWise Policies 3-38

Adding EnergyWise Policies 3-38

Configuring EnergyWise Events 3-39

Managing EnergyWise Jobs 3-41


Monitoring EnergyWise 3-45

Generating EnergyWise Reports 3-45

vTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Contents

Configuring EnergyWise Settings 3-45

Configuring EnergyWise Collection Settings 3-46

Configuring EnergyWise Cost Settings 3-46

Configuring EnergyWise Data Purge Settings 3-47

Viewing EnergyWise Collection Summary 3-48

Viewing Device Collection Summary 3-48

Viewing Endpoint Collection Summary 3-49

Viewing Compliance Check Summary 3-50

C H A P T E R 4 Managing Auto Smartports in LMS 4-1

What are Auto Smartports? 4-2

Auto Smartports Supported Devices and Images 4-2

Getting Started with Auto Smartports 4-4

Assessing Auto Smartports Readiness of Your Network 4-4

ASP-enabled Devices 4-4

ASP-capable Devices 4-4

ASP-software-incapable Devices 4-5

ASP-hardware-incapable Devices 4-6

Managing Auto Smartports Templates 4-6

Creating New ASP Templates 4-7

Editing Auto Smartports Templates 4-11

Configuring Auto Smartports Using LMS 4-11

Configuring Auto Smartports 4-12

Adding and Editing Macros Associated With Events 4-15

Understanding the Remote Macro Feature 4-16

Sample User-defined Macro 4-16

Scheduling Auto Smartports Configuration Jobs 4-16


Auto Smartports Readiness Assessment 4-19

ASP-enabled Devices 4-19

ASP-capable Devices 4-19

ASP-software-incapable Devices 4-19

ASP-hardware-incapable Devices 4-20

Configuring ASP Interfaces 4-20

Managing Auto Smartports 4-21

Viewing Auto Smartport Reports 4-21

Managing Auto Smartports Jobs 4-22


viTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Contents

C H A P T E R 5 Managing Medianet Endpoints Using LMS 5-1

What is Medianet? 5-2

Features and Benefits of Medianet in LMS 5-4

Medianet Supported Devices and Images 5-6

Getting Started with Medianet and Assessing Medianet Readiness of Your Network 5-8

Medianet Devices 5-8

Medianet Software Incapable Devices 5-8

Medianet Hardware Incapable Devices 5-8

Prerequisites for Configuring and Monitoring Medianet Endpoints 5-9

Device Groups and Port Groups for Medianet 5-9

Enabling Location Collection 5-10

Configuring Devices with Medianet Endpoints 5-10

Configure Auto Smartports 5-11

Configure Location Settings Using Templates 5-11

Configure Video Conferencing 5-11

Configure Video Transcoding 5-12

Configure RSVP 5-12

Configure PfR 5-12

Configure QoS 5-12

Configure Performance Monitoring 5-13

Configure IPSLA Video Operations 5-13

Configure Dynamic User Tracking 5-13

Configuring Location Settings Using Templates 5-13

Understanding the Medianet Dashboard 5-15

Customizing the Display of Location Attributes 5-16

Last N Faults on Devices with Medianet Endpoints 5-18

Last N Unreachable Medianet Endpoints Portlet 5-19

Last N Connected Medianet Endpoints Portlet 5-21

Config Changes on Devices with Medianet Endpoints Portlet 5-22

Medianet Endpoints Status Across Locations Portlet 5-24

Troubleshooting Medianet Portlets 5-24

Generating Medianet Reports 5-25

Using Medianet Custom Layouts 5-25

Medianet Endpoint Inventory Report 5-26

Interpreting Medianet Endpoint Inventory Report 5-27

Troubleshooting Medianet Endpoints 5-28

Managing Medianet Jobs 5-29


viiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Contents

C H A P T E R 6 Smart Install in LMS 6-1

Getting Started with Smart Install 6-2

Assessing Smart Install Director Readiness of Your Network 6-2

SI-director-capable Switches 6-2

SI-director-enabled Switches 6-3

SI-software-incapable Switches 6-3

SI-hardware-incapable Switches 6-3

Supported Devices and Images for Smart Install 6-4

Assessing Your Network for SI Directors 6-4

SI-director-capable Switches 6-4

SI-director-enabled Switches 6-5

SI-software-incapable Switches 6-5

SI-hardware-incapable Switches 6-5

Configuring Smart Install Director 6-5

Configuring Smart Install Groups 6-6

Adding Smart Install Groups 6-7

Configuring DHCP Settings 6-10

Adding DHCP Pools 6-11

Configuring Host Name and Join Window 6-12

Scheduling Smart Install Configuration Jobs 6-13


Managing Config and Image for Clients 6-16

Managing Smart Install Director 6-18

Removing Smart Install Configurations from an SI Director 6-18

Generating Smart Install Reports 6-19

Managing Smart Install Jobs 6-21


A P P E N D I X A Supported Devices and Images for Technology Work Centers A-1

Supported Devices and Images for Identity A-1

Supported Devices and Images for EnergyWise A-2

Supported Devices and Images for Auto Smartports A-8

Supported Devices and Images for Smart Install A-9

Supported Devices and Images for Medianet A-10

Known List of Hardware-incapable Devices A-12

IN D E X

viiiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Notices

The following notices pertain to this software license:

OpenSSL/Open SSL ProjectLMS includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/), cryptographic software written by Eric Young ([email protected]), and software written by Tim Hudson ([email protected]).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. The license texts are listed below. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL, please contact [email protected].

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning the features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.

4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may neither be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

ixTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

http://www.openssl.org/


Notices

“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS”' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

Original SSLeay License:

Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved.

This package is an SSL implementation written by Eric Young ([email protected]).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]).

Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning the features or use of this software must display the following acknowledgement:

“This product includes cryptographic software written by Eric Young ([email protected])”.

The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: “This product includes software written by Tim Hudson ([email protected])”.

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

xTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01


Notices

(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

xiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Notices

xiiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Preface

Work Centers in LMS provide complete lifecycle management of Identity, EnergyWise, Medianet, Auto Smart Ports, and Smart Install from Day 1 to Day N operations in a workflow-oriented approach. The workflow includes readiness assessment, configuration, monitoring, and reporting.

This preface details related documents that support Work Centers feature, and demonstrates the styles and conventions used in this guide. The preface contains the following sections:

• Audience

• Document Conventions

• Product Documentation

AudienceThis guide is for users who are skilled in network administration and management, and for network operators who can use this guide to make configuration changes to devices, using LMS. The network administrator or the operator should be familiar with the following:

• Basic Network Administration and Management

• Basic Solaris System Administration

• Basic Soft Appliance System Administration

• Basic Windows System Administration

• Basic LMS Administration

xiiiTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Preface

Document ConventionsTable 1 describes the conventions followed in the user guide.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Table 1 Conventions Used

Item Convention

Commands and keywords boldface font

Variables for which you supply values italic font

Displayed session and system information screen font

Information you enter boldface screen font

Variables you enter italic screen font

Menu items and button names boldface font

Selecting a menu item in paragraphs Option > Network Preferences

Selecting a menu item in tables Option > Network Preferences

xivTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Preface

Product Documentation

Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

Table 2 describes on the product documentation that is available.

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Table 2 Product Documentation

Document Title Available Formats

Getting Started with Cisco Prime LAN Management Solution 4.1

PDF version part of Cisco Prime LMS 4.1 Product DVD.

Context-sensitive online help Select an option from the navigation tree, then click Help.

Technology Work Centers in Cisco Prime LAN Management Solution 4.1 (This document)


Configuration Management with Cisco Prime LAN Management Solution 4.1


Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1


Inventory Management with Cisco Prime LAN Management Solution 4.1


Administration of Cisco Prime LAN Management Solution 4.1


Technology Work Centers in Cisco Prime LAN Management Solution 4.1


Reports Management with Cisco Prime LAN Management Solution 4.1


xvTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Preface

xviTechnology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Technology Work CeOL-23861-01

C H A P T E R 1
Overview of Work Centers
This section provides an overview of the various Work Centers in Cisco Prime LMS.

Cisco Prime LMS is a management solution for Cisco network devices; it also allows you to implement, and manage complex Cisco solutions like Identity, EnergyWise, Medianet, and network features like Auto Smartports, and Smart Install.

Work Centers provides complete lifecycle management of Identity, EnergyWise, Auto Smartports, Medianet, and Smart Install from Day 1 to Day N operations in a workflow-oriented approach. This includes readiness assessment, configuration, monitoring, and reporting capabilities.

The different Technology Work Centers in LMS are:

Work Center Description

Identity Identity-based Networking Services (IBNS), which is a part of the Cisco Trust and Identity Management Solution, is an integrated solution that comprises several Cisco products, and offers authentication, access control, and user policies to secure network resources and connectivity.

See Identity in LMS for more information.

EnergyWise Cisco EnergyWise is a comprehensive program for power management in your network. Cisco EnergyWise enables companies to measure, manage, and reduce the power consumption of network infrastructure and network-attached devices to increase cost savings.

See Managing Cisco EnergyWise Using LMS for more information.

Auto Smartports Auto Smartports macros dynamically configure ports based on the device type detected on the port. When the switch detects a new device on a port, it applies the appropriate Auto Smartports macro on the port.

See Managing Auto Smartports in LMS for more information.

Smart Install Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. This means you can ship a switch to a location, place it in the network and powers it on with no configuration required on the switch.

See Smart Install in LMS for more information.

Medianet Cisco Medianet solution is an end-to-end architecture for a media-optimized network comprising advanced, intelligent technologies and devices in a platform that is optimized for the delivery of rich-media applications.

LMS provides workflows for setting up auto configuration, and for configuring location settings to aid the provisioning and tracking of Medianet endpoints such as digital media players (DMP) and IP video surveillance cameras (IPVSC).

See Managing Medianet Endpoints Using LMS for more information.

1-1nters in Cisco Prime LAN Management Solution 4.1

Chapter 1 Overview of Work Centers What’s New in LMS 4.1?

See What’s New in LMS 4.1? for the new features in Work Centers.

The two dashboards in Work Centers are:

• Identity Dashboard. See Understanding the Identity Dashboard for more information.

• EnergyWise. See Understanding the EnergyWise Dashboard for more information.

• Medianet. See Understanding the Medianet Dashboard for more information.

Other than the portlets in the above dashboards, you can also view Technology portlet. See Technology Portlet for more information.

What’s New in LMS 4.1?LMS 4.1 has the following new features:

• MACsec configuration

– Enable MACsec on supported devices

– Select the policy to be applied for the session after the supplicant passes 802.1x authentication.

– Specify the MKA policy.

For more information on:

– Understanding MACsec, see Understanding Media Access Control Security (MACsec).

– Configuring MACsec using LMS, see Configuring Identity.

• Medianet Work Center

LMS simplifies the deployment, and allows you to manage day-to-day configuration of the Cisco Medianet 2.2 solution.

LMS provides workflows for setting up auto configuration, and for configuring location settings to aid the provisioning and tracking of Medianet endpoints such as digital media players (DMP) and IP video surveillance cameras (IPVSC). The LMS Medianet workflows enable the network operator to prepare the network for deployment and to ensure that appropriate location attributes are configured on the endpoints for tracking and monitoring purposes.

For more information, see Managing Medianet Endpoints Using LMS.

• Device Classification using AutoSmartports

Device Classification provides an easy way for users to create triggers and dynamically configure the switch ports based on the device classification. You can create a specific trigger for a specific type of device. By default, Device classification will be enabled by default in the devices.

1-2Technology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01

Chapter 1 Overview of Work Centers Technology Portlet

Technology PortletIn Technology portlet, we group some technologies such as Auto Smartport (ASP), Generic OnLine Diagnostics (GOLD), Smart Call Home (SCH), and Embedded Event Manager (EEM) related links.

You can configure the portlet to display ASP, GOLD, SCH, and EEM.

Technology is a multi-instance portlet, and you can add this portlet to any dashboard.

To view this portlet, perform the following steps:

Step 1 Go to any dashboard and click on the Add portlet icon. The Add portlets pop-up appears with a list of all the portlets in LMS.

Step 2 Select Technology Portlet and click Add. The portlet appears in your dashboard.

To configure this portlet, perform the following:

Step 1 Move the mouse over the title bar of the Technology Portlet to view the icons.

Step 2 Click the Configuration icon.

The Select Technology drop-down list is displayed.

Step 3 You can select either ASP, GOLD, SCH, or EEM from the drop-down list.

Step 4 Click Save to view the configured portlet with the updated settings.


OL-23861-01

Chapter 1 Overview of Work Centers Technology Portlet


OL-23861-01


C H A P T E R 2
Managing Cisco Trust and Identity Management Solutions
Cisco TrustSec Identity, earlier known as Cisco Identity-based Networking Services (IBNS), a part of the Cisco Trust and Identity Management Solution, is the foundation for providing access control to corporate networks. The Cisco TrustSec Identity solution is a set of Cisco IOS Software services designed to enable secure user and host access to enterprise networks powered by Cisco Catalyst switches and Wireless LANs (WLANs).

Cisco TrustSec Identity offers authentication, access control, and user policies to secure network resources and connectivity. With Cisco TrustSec Identity you can ensure greater security for your network and manage network changes throughout your organization in a cost-effective manner. Having a secure Identity framework in place helps enterprises manage employee mobility, and reduce network access expenses.

Cisco TrustSec Identity enables you to grant customized access to the network based on the identity of a user or device, and the corporate security policy. An Identity is an indicator of a client in a trusted domain; it is used as a pointer to a set of rights or permissions that is allowed for a client.

Cisco TrustSec Identity improves the network’s ability to identify, prevent, and adapt to threats. It also provides automated AAA services for switch-based network access; automates security policy enforcement and provides dynamic VLAN provisioning.

This chapter contains:

• Identity in LMS

• Features and Benefits of Identity in LMS

• Terms and Definitions in Identity

• Understanding the Identity Dashboard

• Supported Devices and Images for Identity

• Getting Started with Identity

• Assessing Identity Readiness of Your Network

• Configuring RADIUS

• Provisioning Identity

• Scheduling Identity Configuration Jobs

• Identity Readiness Assessment

• Managing Identity Devices

• Monitoring Identity


Chapter 2 Managing Cisco Trust and Identity Management Solutions Identity in LMS

Identity in LMSIn LMS, IBNS or Identity provides a set of management functions to simplify and automate the Identity management lifecycle. The Identity dashboard organizes all the Identity functions into a single portal for quick navigation and real-time Identity updates.

Identity management in LMS consists of:

• Assessing the Identity readiness of your network using the Identity Readiness Assessment. See Assessing Identity Readiness of Your Network for more information.

• Identifying Identity-capable devices, Identity-software-incapable devices, Identity-hardware-incapable devices, and RADIUS-capable devices through a readiness report.

• Preparing the network for Identity provisioning

– Configuring RADIUS Settings

See Configuring RADIUS for more information.

• Provisioning Identity on Identity-capable devices

– Configuring security modes, authentication profile, and host mode

– Configuring MACsec on capable devices.

– Dynamically assigning resources

See Provisioning Identity for more information.

• Monitoring and reporting on user activity

• Troubleshooting authentication and authorization issues

The sections describes the following:

• Features and Benefits of Identity in LMS

• Terms and Definitions in Identity

• Understanding the Identity Dashboard


• Getting Started with Identity

• Provisioning Identity

• Identity Readiness Assessment

• Monitoring Identity

• Managing Identity Jobs


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Features and Benefits of Identity in LMS

Features and Benefits of Identity in LMSIdentity in LMS provides comprehensive support for automating the provisioning of Identity in the network, and for monitoring various authentication and authorization details. Table 2-1 lists the features and benefits of Identity in LMS.

Table 2-1 Features and Benefits of Identity in LMS

Feature Benefits

View identity enabled devices You can quickly identify Identity enabled devices in the Getting Started page.

For more information, see Identity Readiness Assessment.

Enable Identity on devices You can easily upgrade images on Identity-software-incapable devices and configure Identity.

Enable phased deployment of Cisco IBNS services using various modes

You can

• Gain visibility to your network

• Strengthen access security

• Provide differentiated services

• Minimize impact to end users.

• Assign resources dynamically to the correct VLAN.

• Automate security policy enforcement.

For more information, see Provisioning Identity.

Configure MACsec You can

• Enable MACsec on supported devices

• Select the policy to be applied for the session after the supplicant passes 802.1x authentication.

• Specify the MKA policy.

For more information on:

• Understanding MACsec, see Understanding Media Access Control Security (MACsec).

• Configuring MACsec using LMS, see Configuring Identity.

Monitor user activity • You can identify the authentication and authorization trends through charts and graphs; provides real-time status for quickly isolating potential issues.

For more information, see Understanding the Identity Dashboard.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Terms and Definitions in Identity

Terms and Definitions in IdentityThis section explains certain terms and definitions used in Identity:

• Understanding the Security Modes

• Understanding Authentication Profiles

• Understanding Host Modes

• Understanding MAC Move and MAC Replace

• Understanding Change of Authorization (CoA)

• Understanding Media Access Control Security (MACsec)

Understanding the Security ModesLMS allows you to deploy Identity in phases with minimal impact to end users. You can deploy Identity in three security modes. They are:

• Monitor Mode

• Low Impact Mode

• High Security Mode

Monitor Mode

In Monitor Mode, you can enable authentication (802.1X and MAB) without enforcing any type of authorization. There will be no interruption to the existing network services. In the background, however, the network queries each endpoint as it connects, and validates its credentials.

This mode enables you to create an inventory of the MAC addresses and determine any 802.1X devices before enforcing any access control. It provides visibility into the end-user network access activities, assessment, and policy evaluation information.

Note MACSec is not supported in monitor mode.

Identity dashboard • You can have fast and easy access to Identity-related data.

• Provides a snapshot of the effect of provisioning Identity in the network; you can monitor, and reduce the time required to isolate, and troubleshoot problems.


Troubleshooting You can quickly isolate and troubleshoot Identity related issues through the Identity dashboard.


Table 2-1 Features and Benefits of Identity in LMS

Feature Benefits


OL-23861-01


Low Impact Mode

In Low Impact Mode, you can incrementally increase the level of port-based access control without affecting the existing network infrastructure. This mode neither requires the addition of any new VLANs nor does it impact your existing network addressing scheme. With the Low Impact Mode, you can add as little or as much access control as you want.

Low Impact Mode builds on top of Monitor Mode. In Monitor Mode, the Pre-Authentication authorization level is completely open, whereas in Low Impact Mode, the Pre-Authentication level is selectively open. This mode enables differentiated access through policy-driven downloadable access control lists (dACLs), based on user identity information.

High Security Mode

The High Security Mode ensures the highest security level using 802.1X, where access is not granted unless authentication succeeds.

In High Security Mode, the port is kept completely closed until a successful authentication takes place. There is no concept of Pre-Authentication access. After a successful authentication, network access will change the authorization from completely closed to completely open. To add more granular access control, this mode uses dynamic VLAN assignment to isolate different classes of users into different broadcast domains.

Understanding Authentication ProfilesThe different types of authentication profiles available in Identity in LMS are:

• 802.1x Port-Based Authentication

• MAC Authentication Bypass (MAB)

• Web-Based Authentication (WebAuth)

• Flexible Authentication (FlexAuth)

• Local WebAuth

802.1x Port-Based Authentication

IEEE 802.1X protocol allows Cisco Catalyst switches to offer network access control at the port level. Every port on the switch is individually enabled or disabled based on the identity of the user or device connecting to it.

First, a client, such as a laptop equipped with an 802.1X supplicant, connects to an IEEE 802.1X-enabled network and sends a start message to the LAN switch (the authenticator). Once the start message is received, the LAN switch sends a login request to the client and the client replies with a login response. The switch forwards the response to the policy database (the authentication server), which authenticates the user. After the user identity is confirmed, the policy database authorizes network access for the user and informs the LAN switch. The LAN switch then enables the port connected to the client. User or device credentials are processed by AAA server.


OL-23861-01


MAC Authentication Bypass (MAB)

Devices that cannot authenticate themselves using 802.1X can use MAB to get network access. MAB enables differentiated access control for devices and not for users. With this method the MAC address of the connected devices is used, as user name and password, to grant or deny network access. This method requires a database of pre-defined MAC addresses.

Web-Based Authentication (WebAuth)

WebAuth is an alternate or fallback method for 802.1X and MAB to authenticate end users or client connecting to the network. In wired networks, WebAuth begins after IEEE 802.1X has timed out or failed, or MAB has failed. WebAuth is only for users and not for devices because it requires a browser and manual entry of user name and password.

On a wired port, network access is restricted by a pre-authentication port access control list (ACL). This ACL must be configured and applied to the WebAuth fallback profile. The contents of the pre-authentication ACL are arbitrary and can be defined to allow or limit as much access as the network security policy allows. At a minimum, however, the ACL should allow access for DHCP and DNS, so that a host can acquire an IP address and resolve host names in URLs. In addition, the pre-authentication ACL should allow redirected traffic to the Cisco Network Admission Control (NAC) Guest Server (NGS).

Flexible Authentication (FlexAuth)

Flexible authentication (FlexAuth) is a set of features that allows IT administrators to configure the sequence and priority of IEEE 802.1X, MAB, and Local WebAuth.

The Cisco IOS Flex-Auth feature allows you to create a flexible, adaptable deployment in the high security mode. It allows secondary authentication methods to 802.1X, such as MAB or WebAuth for guest access authorization.

Local WebAuth

WebAuth authenticates the user at the access edge by providing a web-based login page on which you can enter your credentials. After the user is identified, the user's identity can be used by mapping identities to policies that grant or deny granular network access.

Integrated local WebAuth enables network administrators to use webpages that are centrally managed and hosted on the Cisco NAC Guest Server (NGS). Centralized management greatly reduces the operating expenses associated with maintaining a WebAuth solution because webpage updates and changes can be made in a single place.

Understanding Host ModesYou can select a host mode in a switch to determine the number of hosts that can be authenticated on a given port. The different types of host modes are:

• Single Host Mode

• Multiple Host Mode

• Multiple Domain Authentication

• Multiple Authentication Mode


OL-23861-01


Single Host Mode

In this mode, only one user is allowed per port with only one MAC address. When you add a second MAC address to the network, a security violation will be generated and the port will shutdown or change to the error-disable state based on the security violation behavior.

Multiple Host Mode

Multiple host mode supports multiple hosts on the same port in a single domain. In this mode, multiple users can get connected to the switch through a hub; however, among all hosts on this port only one of the hosts will be authorized to have access to the network.

Multiple Domain Authentication

Multiple Domain Authentication (Multi-domain) mode, an IP phone (Cisco or a third-party IP phone) and a host behind the IP phone can authenticate independently, using one of the three authentication mechanisms: 802.1X, MAC authentication bypass (MAB), or web-based authentication (webauth) for the host only. Only two MAC addresses are allowed per port, one in the data domain and one in the voice domain. Multi-domain refers to two domains — data and voice — and only two MAC addresses are allowed per port.

Multiple Authentication Mode

Multiple Authentication Mode (Multi-auth) allows only one client on the voice VLAN and multiple authenticated clients on the data VLAN. If there are multiple users behind a hub connected to a phone, all the users behind the hub have to be authenticated individually. Multi-auth mode provides enhanced security over multiple hosts mode by requiring authentication of each connected client. It also allows you to detect virtualized endpoints or unauthorized hubs.

Note You cannot use MACsec and the MKA Protocol in High Security Mode with Multiple authentication mode.

Understanding MAC Move and MAC ReplaceHost Movement of mobile hosts that are indirectly connected (for example, hosts connected behind an IP phone or a hub) to the switch can be problematic. A switch may trigger a security violation, not knowing that an indirectly connected host has disconnected, when a new host plugs into the same port or when the original host plugs into a different port on the same switch.

Cisco IP phones can work in conjunction with Cisco switches to facilitate host movement using the Cisco Discovery Protocol (CDP), but, for non-Cisco phones or other intermediary devices that cannot signal a link down event, Cisco switches support two additional features to enable host movement such as:

• MAC Move

• MAC Replace


OL-23861-01


MAC Move

MAC Move allows a host to move to another port on the switch, even if an authenticated session already exists on a different port. For example, you unplug your laptop from behind a non-Cisco phone in your cube and plug directly into a port in a nearby conference room that is connected to the same switch as the phone. Not knowing that the laptop had unplugged, the switch would detect the same MAC address on two ports and, by default, trigger a security violation. Although this default behavior helps prevent MAC spoofing, it also impedes host movement. If MAC Move is enabled, however, the switch will delete the session on the first port and authenticate the laptop on the second port.

MAC Replace

MAC Replace allows one host to replace a previously authenticated host on the same port. For example, you temporarily plug your laptop into a phone. After you leave the room, another user tries to plug into the phone. Not knowing that the original laptop had disconnected, the switch detects a second MAC on the port and, by default, triggers a security violation that can cause packets from the second MAC to be dropped, or even shuts down the port.

Although this mitigates against port piggybacking, it also impedes host movement. If MAC Replace is enabled, however, the switch will still trigger a security violation but instead of shutting down the port or dropping packets from the second host, the switch will delete the first session on the port and authenticate the second device, effectively replacing the first authenticated session with the second authenticated session.

Understanding Change of Authorization (CoA)CoA provides a mechanism for changing the attributes of a session after it has been authenticated. When a change in authentication, authorization, and accounting (AAA) policy occurs for a user or user group, administrators can send the RADIUS CoA packets from the AAA server, such as the Cisco Secure Access Control Server (ACS), to re-initialize authentication and apply the new policies.

In LMS, you can use the CoA system-defined template to generate and deploy the configuration commands on devices in your network. You can deploy the template by selecting Configuration > Tools > Template Center > Deploy from the LMS home page.

LMS provides you with a list of system-defined templates. These templates generate configuration commands that can be deployed on devices in your network. These templates are deployed using Deploy Template job in LMS.

You can modify the system-defined templates and save them as user-defined templates. You can also import templates from a server repository or a client machine and these templates are stored as system-defined templates in LMS.

Understanding Media Access Control Security (MACsec)MACsec, defined in IEEE 802.1AE, provides secure, encrypted communication on wired LANs. MACsec is capable of identifying and preventing threats from denial of service, intrusion attacks, and other attacks launched from behind the firewall.

This protocol allows unauthorized LAN connections to be identified and excluded from communication within the network. MACsec defines a security infrastructure to provide data confidentiality and data integrity. MACsec can mitigate attacks on Layer 2 protocols and works with any type of traffic carried over Ethernet links.


OL-23861-01


Each packet on the wire is encrypted using symmetric key cryptography. This encryption ensures that communication is not monitored or altered on the wire.

The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys. MKA discovers MACsec peers and negotiates the keys used by MACsec. MKA is defined in IEEE 802.1X-2010.

Note You cannot use MACsec and the MKA Protocol in High Security Mode with Multiple authentication mode.

When a device connects to a MACSec-capable switch and authentication is successful, the switch has three options:

• Optionally secure sessions

The switch will attempt MKA. If MKA succeeds, the switch will send and receive encrypted traffic only.

If MKA times out or fails, the switch will permit unencrypted traffic. This policy is the default security policy.

• Always secure sessions


If MKA times out or fails, the switch will treat this as an authorization failure by terminating the IEEE 802.1X-authenticated session, and retrying authentication after a period of time. No traffic will be allowed from the endpoint unless you configure a MACsec failure policy. The policy can be set to try the next authentication method or authorize into a special VLAN.

• Never secure sessions

The switch will not perform MKA. If the supplicant sends MKA protocol frames, they will be ignored. The switch will send and receive unencrypted traffic.

• No Change

If you select this option, the default policy will occur. The default policy, Optionally secure sessions, will be used.

Advantages of MACsec

MACsec offers the following benefits on wired networks:

• Confidentiality

MACsec ensures data confidentiality by providing strong encryption at Layer 2.

• Integrity

MACsec provides integrity checking to ensure that data cannot be modified in transit.

• Flexibility

You can selectively enable MACsec using a centralized policy. You can enforce MACSec on supported devices and also allow non-MACSec-capable components to access the network.

• Network Intelligence

MACsec encrypts packets on a hop-by-hop at Layer 2, allowing the network to inspect, monitor, mark and forward traffic according to the existing policies.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Understanding the Identity Dashboard

Understanding the Identity DashboardYou can access the Identity dashboard using:

• Work Centers > Identity > Dashboard

• My Menu > Default Dashboards > Identity

• Monitor > Dashboards > Identity

The Identity Dashboard displays all the Identity portlets. The various Identity portlets are:

• Identity - Authentication Trend

• Identity - Authorization Trend

• Identity - Security Modes Distribution

• Identity - 802.1x Agentless Portlet

• Identity - Authenticated Users Portlet

• User Tracking Summary

Note You need Adobe flash player 9 or later to view some Identity portlets. You can install the flash player from the portlet. Reload the page after installing the flash player.

Identity - Authentication TrendThe Authentication Trend Portlet displays a line graph of successful or failed authentications for a selected time period. You can generate separate reports for successful and failed authentications.

When you select a time period, the graph will show the data only for the last accessed time of the users.

For example, in the following scenario, the selected time period is one week.

For the selected week if you have four users, A, B, C, and D, who have successfully authenticated on Monday, on Wednesday, only A and B are authenticated, and on Friday only C and D are successfully authenticated. Here, the graph will show only two users for Wednesday, and two for Friday.

To configure this portlet, see Configuring Identity Portlets for more information. Click Show Grid to view the details in a tabular format.

Identity - Authorization Trend The Authorization Trend Portlet displays a line graph of successful or failed authorization for a selected time period. You can generate separate reports for successful and failed authorizations.

When you select a time period, the graph will show the data only for the last accessed time of the users.

For example, in the following scenario, the selected time period is one week.

For the selected week if you have four users, A, B, C, and D, who are successfully authorized on Monday, on Wednesday, only A and B are authorized, and on Friday only C and D are successfully authorized.

In the above case, the graph will show only two users for Wednesday, and two for Friday.

You can also see the details of the graph in a tabular format. To configure this portlet, see Configuring Identity Portlets for more information.


OL-23861-01


Configuring Identity PortletsTo configure the portlet:

Step 1 Move the mouse over the title bar of the Identity portlet to view the icons.


Step 3 Select the Auto refresh check box to set the refresh time.

Step 4 Select the minute or hour from the Refresh Every drop-down list to change the Refresh time. The items in the portlet get refreshed according to the specified refresh time.

Step 5 Select the number of rows to be displayed from the drop-down list.

Step 6 Click Select Devices to launch the device selector.

Step 7 Select an Identity-enabled switches from the device selector.

Step 8 Click Save to save your settings for this portlet.

Identity - Security Modes DistributionYou can view this portlet in the Identity dashboard using:




The Identity Modes Portlet displays a pie chart of the different types of security modes that are deployed in your network and also the devices that are not in any security mode. The security modes are:

• Monitor Mode

• Low Impact Mode


• Unsecured Mode

When you click a slice of the pie chart, the Manage Identity Devices page appears. You can change the security mode or disable Identity of an Identity-enabled device. For more information, see Managing Identity Devices.

You can also click the View as Grid icon at the bottom of the portlet and see the same information in a tabular format.

To set the refresh time of this portlet:

Step 1 Move the mouse over the title bar of the Identity Modes portlet to view the icons.





OL-23861-01


Identity - 802.1x Agentless PortletYou can view this portlet in the Identity dashboard using:




The 802.1x Agentless Portlet displays a pie chart of the current number of successful or failed authentications through MAC Authentication Bypass (MAB), or Web-Based Authentication (WebAuth). When you click a slice of the pie chart, the corresponding report appears.

You can select a time interval to view the details for that time period.

To configure this portlet, see Configuring Identity Portlets for more information.

Identity - Authenticated Users PortletYou can view this portlet in the Identity dashboard using:




The Authenticated Users Portlet displays a pie chart of the current number of users authenticated using one of the following authentication profiles:

• 802.1x Port-Based Authentication

• MAB

• WebAuth

You can select a time interval to view the users authenticated during that time period.

To configure this portlet, see Configuring Identity Portlets for more information.

User Tracking SummaryYou can view this portlet in the Identity dashboard using:




The User Tracking Summary portlet displays the number of MACs. These are:

• Rogue MAC— MAC addresses that are not authorized to exist in your network. MAC addresses that are configured as Rogue in the User Tracking setting will be displayed here.

• New MAC— MAC addresses that are newly added to your network.

• Dormant MAC— MAC addresses that are inactive for a specified number of days.

This portlet also gives the summary about the last User Tracking information such as the number of end hosts, active, connected, dormant, new and rogue end hosts.


OL-23861-01


End hosts are hosts that are currently connected to the network. The regular end hosts report shows both active end hosts and end hosts that were previously connected to the network but are disconnected now.

You can also view details of the Connected End Hosts. These hosts have MAC entries that are not available in the CAM table but are in active state.

Table 2-2 lists the User Tracking Summary portlet details.

You can configure the User Tracking Summary portlet.

To configure the User Tracking Summary:

Step 1 Configure the refresh time.

Step 2 Enter the number of days to view the list of Dormant, New, and Rogue hosts in the corresponding text fields for the specified number of days.

Table 2-2 User Tracking Summary

Field Description

Number of End hosts Displays the number of end hosts.

You can click the number to navigate to the End Hosts Immediate Reports page.

Number of Active End hosts Displays the number of active end hosts.

You can click the number link to navigate to the Active End Hosts Immediate Report page.

Number of Connected End Hosts Displays the number of connected end hosts. These hosts have MAC entries that are not available in the CAM table but are in active state.

You can click the number link to navigate to the Connected End Hosts Immediate Report page.

Number of Dormant hosts in last 7 days

Displays the number of hosts that are inactive for 7 days.

The number of days depends on the days configured in the configuration screen.

You can click the number link to navigate to the Dormant MAC Report page.

Number of New hosts in last 7 days Displays the number of new hosts in the last 7 days.


You can click the number link to navigate to the New MAC Report page.

Number of Rogue hosts in last 7 days Displays the number of rogue hosts in the last 7 days.


You can click the number link to navigate to the Rogue MAC Report page.


OL-23861-01


Step 3 Click Save to save all the settings.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Supported Devices and Images for Identity

Supported Devices and Images for IdentityTable 2-3 lists the devices and images, that support Identity.

Note The minimum supported version for MACsec is 12.2(53)SE2 Software image for Cisco Catalyst 3750-X and 3560-X switches. Table 2-4 lists the devices and images, that support MACsec.

Getting Started with IdentityThe Getting Started workflow guides you on provisioning Identity for Day 1 operations. For advanced configurations you can choose the corresponding link in the Identity TOC.

The Getting Started workflow for Identity is:

1. Assessing Identity Readiness of Your Network

2. Configuring RADIUS

3. Provisioning Identity

Table 2-3 Supported Devices and Images for Identity

Device Type Minimum Software

Catalyst 2960 12.2(52)SE




Catalyst 3750 (Stack Mode) 12.2(52)SE

Catalyst 4500 12.2(50)SG

Catalyst 6500 12.2(33)SXI

Table 2-4 Supported Devices and Images for MACsec

Device Type sysObjectID Minimum Software

Cisco Catalyst 3750X-24T-L,S 1.3.6.1.4.1.9.1.1222 12.2(53)SE2

Cisco Catalyst 3750X-48T-L,S Switch 1.3.6.1.4.1.9.1.1223 12.2(53)SE2

Cisco Catalyst 3750X-24P-L,S Switch 1.3.6.1.4.1.9.1.1224 12.2(53)SE2

Cisco Catalyst 3750X-48PF-L,S Switch 1.3.6.1.4.1.9.1.1225 12.2(53)SE2






OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Getting Started with Identity

Assessing Identity Readiness of Your Network

Note Config collection and inventory collection must be successful to assess the Identity readiness of your network.

The Identity readiness assessment in the Getting Started Assistant displays Identity based device details after assessing the network. A pie chart appears with the following types of devices.

• Identity-capable Devices

• Identity-software-incapable Devices

• RADIUS-capable Devices

• Identity-hardware-incapable Devices

Click on any of the pie chart slices to view the details of the devices. Config collection and inventory collection must be successful to assess the Identity readiness of your network.

Note You need Adobe flash player 9 or later to display the readiness assessment pie chart. You can install the flash player from LMS. Reload the page after installing the flash player.

Identity-capable Devices

Click the Identity-capable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have the supported Identity-capable IOS image. However, Identity is not configured on these devices. RADIUS is enabled on these devices.

Select one or more devices and click Enable Identity to configure Identity on the selected devices. See, Configuring Identity for more details.

Identity-software-incapable Devices

Click the Identity-software-incapable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices do not have the Identity-capable IOS images. You can upgrade to the Identity-capable image version. See Supported Devices and Images for Identity for more information. Select one or more devices and click Upgrade Software Image to upgrade to the Identity-capable IOS image.

RADIUS-capable Devices

Click the RADIUS-capable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have RADIUS-capable IOS images, but RADIUS is not configured on these devices.

Select one or more devices and click Configure RADIUS to configure RADIUS and AAA settings on the selected devices. See, Configuring RADIUS for more details.

Note If a device has the Identity-capable IOS image, and RADIUS is not configured on it, the device will appear as a RADIUS-capable and not an Identity-capable device.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Configuring RADIUS

Identity-hardware-incapable Devices

Click the Identity-hardware-incapable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices do not have the provision for Identity technology. You can upgrade the devices with the latest Identity-supported hardware from Cisco.com.

See Supported Devices and Images for Identity for more information.

See Known List of Hardware-incapable Devices for more information.

Note After you enable Identity, configure RADIUS, or upgrade the software image on a device, LMS performs a config archive on the affected devices. The device state updates appear in the Readiness Assessment pie chart after a while.

Configuring RADIUS You can configure the RADIUS server for authentication, authorization, and accounting.

You can configure the RADIUS server in the Getting Started workflow and also from the Identity TOC.

The following users alone can perform this configuration:

• Network Operator

• Network Administrator

• Super Admin

To configure the RADIUS server settings:

Step 1 Select Work Centers > Identity > Configure > Configure RADIUS.

The Configure RADIUS page appears.

Step 2 Click the Select Devices tab and select the devices for which you want to configure the RADIUS server.

Step 3 Click Next. The Configure RADIUS server page appears.

Step 4 Select one of the following:

• Single RADIUS Host radio button to specify a RADIUS server host. The following information appears:

Field Description

Server Name or IP DNS name or IP address of the RADIUS server host.

Authentication port Specify the port number for authentication requests.

Note Authentication and Accounting port numbers cannot be the same. Do not enter the port numbers used by LMS server.

The host is not used for authentication if port number is set to 0. The default authorization port number is 1645.


OL-23861-01


Or

• RADIUS Group radio button to specify a RADIUS server group. The RADIUS settings page appears. You can create only single RADIUS group, that can contain multiple RADIUS servers.

Note The order of addition is important as the first entry acts as the primary RADIUS, the second acts as the secondary, and so on.

You must enter the RADIUS Group name, Shared key, and Verify Shared key of the group.

The RADIUS Server details table appears with the following fields:

Accounting port Specify the port number for accounting requests.


The host is not used for accounting if the port number is set to 0. The default accounting port number is 1646.

Shared key Specify the authentication and encryption key to the RADIUS server.

The key is a text string that must match the encryption key used on the RADIUS server. The leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in the key, do not enclose the key in quotation marks unless the quotation marks themselves are part of the key.

Verify Shared key Specify the key for verification.

AAA Configuration

Enable AAA for 802.1X/MAB Select this check box to enable AAA for 802.1X and MAB authentication. In LMS 4.0 and LMS 4.0.1, AAA was automatically enabled for 802.1X and MAB authentication.

Enable AAA for Web Authentication Select this check box to enable AAA for Web-Based Authentication (WebAuth). In LMS 4.0 and LMS 4.0.1, AAA was automatically enabled for WebAuth.

Field Description

Button Description

Server Name or IP Address DNS name or IP address of the RADIUS server host.


OL-23861-01


In the RADIUS Server details table, you can:

a. Click Add to add a RADIUS server.

b. Select a RADIUS server and click Edit to change its IP Address, Authentication port, or Accounting port.

c. Select a RADIUS server and click Delete to remove the RADIUS server from the RADIUS group.

d. Click Filter to view RADIUS servers based on their Server Name or IP Address, Authentication port, or Accounting port.

Step 5 Click Next. The Schedule Deployment page appears.

Authentication port Specify the port number for authentication requests.


The host is not used for authentication if port number is set to 0. The default authorization port number is 1645.

Accounting port Specify the port number for accounting requests.


The host is not used for accounting if the port number is set to 0. The default accounting port number is 1646.

Button Description


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Provisioning Identity

Provisioning IdentityBefore you configure Identity using LMS, you must read the prerequisites, see Prerequisites for Configuring Identity Using LMS.

Prerequisites for Configuring Identity Using LMS

1. You must manually configure the device and user policies in the RADIUS server.

2. Config collection and inventory collection must be successful to assess the Identity readiness of your network.

Workflow for Configuring Identity

The workflow for configuring Identity on the required devices is:

1. Select devices from the list of Identity-capable devices. These devices are also RADIUS-enabled.

2. Select access port groups from the Port Selector.

3. Verify the selected devices and their ports. Unselect the ports that you want to exclude from Identity configuration.

4. Configure Identity.Using the Configuration pane, you can configure the security mode, authentication profile, related VLANs, MACsec, and enable SNMP MAC notifications. See, Configuring Identity for more information.

5. Schedule deployment. See, Scheduling Identity Configuration Jobs for more information.


OL-23861-01


Configuring IdentityTo configure Identity on the devices:

Step 1 Select Work Centers > Identity > Configure > Enable Interfaces. The Enable Interfaces for Identity page appears.

Step 2 In the Select Devices and Port Groups tab, select devices from the list of Identity-capable devices, and ports groups from the Port Selector.

If you select a MACsec-capable and a MACsec-software-incapable device, a warning message appears. Table 2-4 lists the devices and images, that support MACsec.

Step 3 Click Next. Verify the selected devices and ports.

Step 4 Click Next. The Configuring Identity page has the following information.

Field Description

Security mode Select the security mode based on the level of security you wish to implement in your network. The three types of security modes are:

• Monitor Mode

• Low Impact Mode


See, Understanding the Security Modes for more information.

Associated ACL Enter the Associated ACL. The ACL allows selective access control, and introduces a high level of access security in the Low Impact mode.

Note This ACL should be configured on the device.

This feature allows you to restrict access, while enabling network connectivity for devices that need basic network service to function.

Authentication profile Select the authentication profile from the drop-down list. The authentication profile selects the method of authentication to be used. Multi-method profiles provide a fallback order, if the first method fails, the second method will take over.

See, Understanding Authentication Profiles for more information.

Note You cannot configure MACsec if you select an Authentication profile that does not contain 802.1x.

Host Mode Select the host mode. It determines the number of hosts that can be authenticated on a given port. You can choose one of the following:

• Single Host

• Multiple Host Mode

• Multiple Authentication

• Multiple Domain Authentication

See, Understanding Host Modes for more information.


OL-23861-01


Action to be taken on security violation

Select the action to be taken when a port security violation is detected due to the following reasons:

• An unauthorized device connects to a port.

• If traffic with a secure MAC address is configured on one secure port, and attempts to access another secure port in the same VLAN.

• If the maximum number of secure MAC addresses have been added to the address table and the port receives traffic from a MAC address that is not in the address table.

You can choose from the following:

• Restrict – When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets from any new device that sends traffic to the port are dropped. When this security violation occurs a syslog message is logged.

• Protect – When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets from any new device that sends traffic to the port are dropped. When this security violation occurs you are not notified.

• Shutdown – The port becomes error-disabled and shuts down immediately.

• No Change – No configurations will be deployed on the device.

Local WebAuth Settings This is an optional field.

This grid appears when you choose WebAuth as the main or fallback authentication profile. For more information, see Configuring Local WebAuth Settings.

VLAN configuration Specify the VLAN for dynamic VLAN provisioning.

This field appears only when you select the high security mode.

Auth Fail VLAN After a failed authentication, this VLAN will be applied to the port, and it is configured to grant limited access based on the type of failed authentication method.


Access VLAN After a successful authentication, the client connecting to the port will be placed in this VLAN.


Critical VLAN The port will be moved to this VLAN when the switch determines that the AAA server has failed during an IEEE 802.1X or MAB authentication. The range is from 1 to 4094.


Voice VLAN After a successful authentication, the client IP phone connecting to the port will be placed in this voice VLAN.


MAC Configuration

MAC Move/Replace This feature allows movement of non-Cisco phones or other intermediary devices that cannot signal a link-down event.

MAC Replace is a corrective action for the security violation that is triggered when one host replaces another authenticated host. MAC Replace takes precedence over other actions like Restrict, Protect, and Shutdown, which might be configured in this page.

For more information, see Understanding MAC Move and MAC Replace.

Enable MAC Move Select this check box to allow a host to move to another port on the switch, even if an authenti-cated session already exists in the current port.

Field Description


OL-23861-01


Enable MAC Replace Select this check box to allow a host to replace a previously authenticated host on the same port.

SNMP MAC notification

SNMP MAC notification MAC address notification enables you to track users on a network by storing the MAC address activity on the switch. Whenever the switch learns about or removes a MAC address, an SNMP notification can be generated and sent.

Notify MAC addition Select this check box to enable notification whenever a MAC address is connected to an inter-face.

Notify MAC removal Select this check box to enable the MAC address notification whenever a MAC address is dis-connected from an interface.

MACsec Configuration

Enable MACsec Select this check box to enable MACsec on the interface.

MACsec provides secure, encrypted communication on wired LANs.

For more information on MACsec, see Understanding Media Access Control Security (MACsec).

Security Policy Select the policy to be applied for the session after the supplicant passes 802.1x authentication. You can choose one of the following:

• Optionally secure sessions

The switch will attempt MKA. If MKA succeeds, the switch will send and receive encrypted traffic only. If MKA times out or fails, the switch will permit unencrypted traffic. This policy is the default security policy.

• Always secure sessions


If MKA times out or fails, the switch will treat this as an authorization failure. No traffic will be allowed from the endpoint unless you configure a MACsec failure policy.

• Never secure sessions

The switch will not perform MKA. If the supplicant sends MKA protocol frames, they will be ignored. The switch will send and receive in unsecure sessions.

• No Change

If you select this option, the default policy will occur. The default policy, Optionally secure sessions, will be used.

Field Description


OL-23861-01


Failure Policy This field appears when you select Always secure sessions as the security policy.

You can specify a MACsec failure policy after a failed authentication attempt. The switch will not fallback to a particular policy unless you specify it. You can choose one of the following:

• Re-authenticate with MAB or WebAuth

After the failed authentication attempt, the switch will re-authenticate with MAB or WebAuth. This option will enabled only if the Authentication profiles are:

– 802.1x, then MAB, then WebAuth

– 802.1x, then MAB

– 802.1x, then WebAuth

• Authorize into a VLAN

You can authorize a restricted VLAN on the port.

When you select this option, a text box, VLAN into which the supplicant is to be placed appears. You can specify the VLAN ID to use when the security authentication fails.

• No Change

If you select this option, the default action will occur. By default, denies access to the network.

Note MACSec fallback policies are not the same as authentication fallback policies that you choose from the Authentication profile drop-down list.

MKA Policy You must apply a defined MKA policy to the interface to enable MKA on the interface.

You can choose one of the following:

• Default Policy

Select this radio button to apply the default MKA policy that is configured on the device, to the interface.

• Other Policy

Select this radio button to specify the MKA policy. Enter the MKA policy in the Provide MKA Policy Name text box.

Ensure that this policy is configured on the device. If the policy is not configured on the device, you can add use the Additional configuration section to deploy the required commands on the device.

Advanced Options Select this option to enter any global commands that you want to deploy on the selected Identi-ty-capable device, in the Adhoc Commands text box.

For example, If you have selected Low Impact or High Security mode and if ACL is not config-ured on the device, you can enter the ACL configuration here.

Note Ensure that the ACL name you enter here is the same as the one you specified earlier in the associated ACL text box.

Apart from ACL, you can use this text area for any additional global commands.

Field Description


OL-23861-01



The Identity configurations will be deployed on the Identity-enabled devices only when you schedule a job. See Scheduling Identity Configuration Jobs for more details.

Step 6 Click Finish. A notification message appears along with the Job ID.

The newly created job appears in the Identity Job Browser (Work Centers > Identity > Jobs). See Managing Identity Jobs for more details.

This section contains Configuring Local WebAuth Settings.

Configuring Local WebAuth Settings

The Local WebAuth Settings grid appears in the Configure Identity pane when you choose WebAuth as the main or fallback authentication profile.

This is an optional setting.

Note When you configure Local WebAuth settings in a device, you must select the Config transport setting protocol as TELNET or SSH. The Local WebAuth configurations will fail when you deploy them on the device using protocols like RCP,TFTP, and SCP.

To configure the Config transport setting protocol, select Admin > Collection Settings > Config > Config Transport Settings.

You can:

• Click Add to configure the local WebAuth settings. The Local WebAuth Settings page appears with the following information:

Field Description

File Type Select the type of file for centralized webpage management from the drop-down list. You can choose from the following:

• Login

• Success

• Failure

• Login_Expired

File Name in NGS Specify a name for the type of file that you chose from the File Type list. The file in the NAC Guest Server (NGS) should have the same name.

For example, if you have chosen the file type as Login, then enter Login.html as the file name.

Device Storage Location Specify the location where the files pointing to the customized web pages will be stored on the switch.

For example, it can be disk1, disk0, or flash of the switch.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Scheduling Identity Configuration Jobs

Click Save, the customized web pages will be created in the specified location of the switch.

Note LMS can create the customized web pages only on the Identity-capable switch and not on the NGS server.

You have to manually load the NGS server with these customized web pages. You have to configure some ACL commands on the switch to get the customized web pages from the NGS server.

Permit udp any any eq domain

Permit TCP any host [IP address of NAC Guest Server] eq 8443

You can enter these commands in the Adhoc Commands text box, after you enable the Advanced Options check box.

• Click Edit to edit the local WebAuth settings.

• Click Delete to delete the local WebAuth settings.

Scheduling Identity Configuration JobsEvery configuration is deployed as a job. In many workflows, the Schedule Deployment pane appears at the end.You can schedule a job and set the job options. By default, parallel job execution order will run on the devices.

Note Identity in LMS uses NetConfig protocol order to communicate with the device. See Defining the NetConfig Protocol Order, for more information.

NGS IP Address Enter the IP address of the NGS server.

NGS Hotspot Name Enter the name of the directory where the customized web pages will be stored on the Cisco NGS. The directory should be available in the NGS at /guest/www/html/sites/<name of hotspot>.

For example, if you enter LWA as the NGS Hotspot Name, the files will be stored in /guest/www/html/sites/LWA.

Field Description


OL-23861-01


Table 2-5 describes the fields and options in the Schedule Deployment page.

Table 2-5 Fields in the Schedule Deployment Page Description

Field Description

Scheduler Specifies when you want to run the job. Select one of the following:

• Immediate—Runs the job immediately.

• Once—Runs the job once at the specified date and time.

• Daily—Runs daily at the specified date and time.

• Weekly—Runs weekly at the specified days of the week and at the specified time.

• Monthly—Runs monthly at the days of the month and at the specified time.

Job Description Enter a description for the job. This is mandatory. You can enter only al-phanumeric characters.

E-mail Enter e-mail addresses to which the job sends messages. You can enter multiple e-mail addresses separated by commas.

Job Options

Fail on Mismatch of Config Versions

Select this check box to cause the job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configu-ration archive when you created the job.

Sync Archive before Job Execution

Select this check box to cause the job to archive running configuration before making configuration changes.

Copy Running Config to Startup

Select this check box to cause the job to write the running configuration to the startup configuration on each device after configuration changes are made.

Enable Job Password

Login User name Enter the login user name to access the device. This option is available to you if you have set the appropriate job password policy in Admin > Network > Configuration Job Settings > Config Job Policies.

These credentials override the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module.

Login Password Enter the login password to access the device. This option is available to you if you have set the appropriate job password policy in Admin > Network > Configuration Job Settings > Config Job Policies.



OL-23861-01


• Click Preview CLI to see the CLI commands that will be applied to the Identity devices. You can select a device from the Preview CLI pop-up and see the CLI commands.

You can modify an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.

• Click Finish after you review the CLI commands.

A notification message appears along with the Job ID. The newly created job appears in the Identity Job Browser (Work Centers > Identity > Jobs). See Managing Identity Jobs for more details.

Enable Password Enter the Enable password to access the device. This option is available to you if you have set the appropriate job password policy in Admin > Network > Configuration Job Settings > Config Job Policies.


Failure Policy Select one of these options to specify what the job should do if it fails to run on a device.

• Stop on failure—If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully.

• Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices.

The database is updated only for the devices on which the job was executed successfully.

• Rollback device and stop—Rolls back the changes on the failed device and stops the job.

• Rollback device and continue—Rolls back the changes on the failed device and continues the job.

• Rollback job on failure—Rolls back the changes on all devices and stops the job.


Field Description


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Identity Readiness Assessment

Defining the NetConfig Protocol OrderTo define or modify the NetConfig protocol order:

Step 1 Select Admin > Collection Settings > Config > Config Transport Settings. The Transport Settings page appears.

Step 2 Select NetConfig from the Application drop-down list.

Step 3 Select a protocol from the Available Protocols pane and click Add.

If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol again.

The list of protocols that you have selected appears in the Selected Protocol Order pane.

Step 4 Click Apply.

A message appears, New settings saved successfully.

Step 5 Click OK.

Identity Readiness AssessmentThe Identity Readiness Assessment (Work Centers > Identity > Readiness Assessment) displays Identity based device details after assessing the network. A pie chart appears with the following types of devices:

• Identity-capable Devices

• Identity-software-incapable Devices

• Radius-capable Devices

• Identity-hardware-incapable Devices

Click any section of the pie chart to view the details of the devices.

Config collection and inventory collection must be successful to assess the Identity readiness of your network.


Identity-capable DevicesClick the Identity-capable devices slice in the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have Identity-capable IOS images, but Identity is not yet configured on these devices. RADIUS is enabled on these devices.

Select one or more devices and click Enable Identity to configure Identity on the selected devices. See, Configuring Identity for more details.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Identity Readiness Assessment

Identity-software-incapable DevicesClick the Identity-software-incapable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices do not have the Identity-capable IOS images. You can upgrade to the Identity-capable image version. See Supported Devices and Images for Identity for more information.

Select one or more devices and click Upgrade Software Image to upgrade to the Identity-capable IOS image.

Radius-capable DevicesClick the Radius-capable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have RADIUS-capable IOS images, but RADIUS is not configured on these devices.

Select one or more devices and click Configure RADIUS to configure RADIUS and AAA settings on the selected devices. See, Configuring RADIUS for more details.

Note If a device has the Identity-capable IOS image, and RADIUS is not configured on it, the device will appear as a RADIUS-capable and not an Identity-capable device.

Identity-hardware-incapable DevicesClick the Identity-hardware-incapable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices do not have the provision for Identity technology. You can upgrade the devices with the latest Identity-supported hardware from Cisco.com.

See Supported Devices and Images for Identity for more information.

See Known List of Hardware-incapable Devices for more information.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Managing Identity Devices

Managing Identity DevicesYou can view the Identity security mode distribution in your network as a pie chart. You can select a section of the pie to view the ports of devices configured in the respective security mode. The corresponding table appears at the bottom of the page.

Step 1 Select Work Centers > Identity > Configure > Manage Identity Devices.

The Identity security mode pie chart appears. Select a section of the pie to view the devices and the ports configured in the respective security mode. For more information on security modes, see Understanding the Security Modes.

Step 2 Select the device from the table and:

• Change the security mode of any device. See, Configuring Identity for more details.

Or

• Disable Identity for any device. See, Disabling Identity for more details.

You can click the count to view details of the ports configured in the chosen security mode.

Disabling IdentityYou can select a device and disable Identity, RADIUS, or a specific RADIUS group. Identity cannot be disabled for the ports that are in unsecured mode.

To do this:

Step 1 Select Work Centers > Identity > Configure > Manage Identity Devices. The Identity security mode pie chart appears. Select a slice of the pie to view the devices configured in the respective security mode.

Step 2 Select the device from the table and click Disable Identity. The Disable Identity page appears.

Step 3 Select the check box next to the feature you want to disable. The different options are:

• Disable Identity

• Disable security mode

• Disable authentication

• Disable host modes

• Disable security violation

• Fallback policies (Critical and AuthFail VLAN)

• Disable SNMP MAC Notification

• Disable MACsec

• Disable RADIUS

• Disable RADIUS Hosts

• Disable RADIUS Groups

If you select Disable RADIUS hosts, you must enter the name of the RADIUS host that you want to remove. If you select Disable RADIUS Groups, you must enter the name of the RADIUS group that you want to remove.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Monitoring Identity


The Identity configurations will be deployed on the Identity-enabled devices only when you schedule a job. See Scheduling Identity Configuration Jobs for more details.

Step 5 Click Finish. A notification message appears along with the Job ID.

The newly created job appears in the Identity Job Browser (Work Centers > Identity > Jobs). See Managing Identity Jobs for more details.

Monitoring IdentityFor LMS to monitor Identity, User Tracking acquisition should be successful. After a successful UT, Identity collection occurs and the data is available through Identity portlets and reports. The data is not be dynamically updated, and depends on the User Tracking acquisition schedule. For more details on User Tracking, see User Tracking and Dynamic Updates in Administration Online Help.

If you want dynamic updates in the Identity portlets and reports, you should configure Dynamic UT.

LMS will query the CISCO-AUTH-FRAMEWORK-MIB on Identity-enabled device and get details for generating Identity reports.

You can monitor Identity using the following reports:

• Authenticated Users

• Authentication Failure

• Authorized Users

• Authorization Failure

• User-specific

For more information see Technology Report in Reports Management with Cisco Prime LAN Management Solution 4.1 User Guide.

You can also use Identity portlets to monitor the Identity-related information , in your network. For more information, see Understanding the Identity Dashboard.


OL-23861-01

Chapter 2 Managing Cisco Trust and Identity Management Solutions Managing Identity Jobs

Managing Identity JobsYou can browse the Identity jobs that are deployed on the system. Using the Identity Job Browser you can manage Identity jobs; you can stop, refresh, or delete jobs using this job browser.

To invoke the Identity job browser:

Select Work Centers > Identity > Identity Jobs.

The Identity job browser appears with a detailed list of all scheduled Identity jobs. The browser has the following information:

You can filter the jobs displayed in the Identity Job Browser using any of the following criteria and clicking Filter. When you click Filter, you can select any of the following criteria from the Filter by drop-down list; enter the details in the text box; and click Go.

Column Description

Job ID Unique number assigned to job when it is created.

For periodic jobs such as Daily, and Weekly, the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Click on the hyperlink to view the Job details (see Viewing Job Details).

Status Status of the job:

• Successful—When the job is successful.

• Failed—When the job has failed.

The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.

For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.

• Stopped—When the job has been stopped.

• Running—When the job is in progress.

• Waiting—When the job is awaiting approval (if job approval has been enabled).

• Rejected—When the job has been rejected (if job approval has been enabled).

Description Description of the job, entered at the time of job creation.

Owner Username of the job creator.

Scheduled at Date and time at which the job was scheduled.

Completed at Date and time at which the job was completed.

Schedule Type Type of job schedule—Immediate, Once, Daily, Weekly, Monthly.

For periodic jobs, the subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not been completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.


OL-23861-01


You can click Refresh icon to refresh the Identity job browser, and Refresh Job icon to refresh the selected Identity job.

Filter Criteria Description

Job ID Select Job ID and enter the Job IDs that you want to display. For a non-periodic job, the specified Job ID appears in the browser. For periodic jobs, all the instances of the selected Job ID will also be displayed in the browser.

Status Select Status and then enter any one of these:

• Successful

• Failed

• Stopped

• Running

• Scheduled

• Approved

• Waiting

• Rejected

Description Select Description and enter the complete description.

Owner Select Owner and enter the full name.

Scheduled at Select Scheduled at and enter the date and time at which the job was scheduled.

Completed at Select Completed at and enter the date and time at which the job was completed.

Schedule Type Select the schedule type and enter any one of these:

• Immediate

• Once

• Daily

• Weekly

• Monthly


OL-23861-01


You can perform the following operations using the Identity job browser. (See Table 2-6):

Viewing Job DetailsFrom the Job Browser dialog box, you can learn more about any job by viewing its details. Select a job to view its details.

The Job Details appears below the list of Identity jobs. The details are grouped into three parts:

• Work Order

• Device Details

• Job Summary

Table 2-6 Operations Using the IdentityJob Browser

Button Description

Stop Stops or cancels a running job.

You can stop or cancel a running job. You will be asked to confirm the cancellation of the job.

However, the job will be stopped only after the devices currently being processed are successfully completed. This is to ensure that no device is left in an inconsistent state.

If the job that you want to stop is a periodic job, you will also be asked whether you want to cancel all the instances of the job.

Click OK to cancel all instances.

If you click Cancel, only the selected instance of the job is cancelled. The next instance of the job will appear in the Job browser with the status Scheduled.

Unless you own the job, your login determines whether you can use this option. You cannot restart the stopped job.

Delete Deletes the selected job from the job browser. You can select more than one job to delete.

You will be asked to confirm the deletion. If the job that you have selected for deletion is a periodic job, this message appears:

If you delete periodic jobs, or instances of a periodic job, that are yet to be run, the jobs will no longer run, nor will they be scheduled to be run again. You must then recreate the deleted jobs. Do you want to continue?

Click OK to confirm the deletion. The job, and its instances will be deleted.

You can delete a job that has been successful, failed, or stopped, but you cannot delete a running job.

Unless you own the job, your login determines whether you can use this option. You must stop a running job before you can delete it.

Refresh Refreshes the Identity job browser.

Refresh Job Refreshes the job and you can see the current status of the job.


OL-23861-01


Page/Folder Description

Work Order Displays general information about the job:

• Job policies

• Job approval details (if you have enabled job approval)

• Device details

• Task

• CLI commands that will be executed on the selected devices as part of this job

Device Details Contains detailed job results for each device in a table:

• Device—List of devices on which the job ran.

• Status—Status of job (success, failure, etc.)

• Message—A message about the status of a job.

– If the job failed on the device, the reason for failure is displayed.

– If the job was a success on that device, the message Deploy Successful is dis-played.

You can filter the devices by selecting a status and clicking Filter.

You can navigate among the pages of the report using the navigation icons at the right bottom of this table.

Click on a device to view the details such as protocol, status and reason when applicable, task used, and the CLI output for that device. These details appear in a pop-up window.

Double-click to display status folders that correspond to possible device status.

Job Summary Click to display summary of completed job:

• Job Summary:

– Status

– Start Time

– End Time

• Job Messages:

– Pre-job Execution

– Post-job Execution

• Device Update:

– Successful

– Failed

– Not attempted

– Pending


OL-23861-01


C H A P T E R 3
Managing Cisco EnergyWise Using LMS
Cisco EnergyWise is a comprehensive program for power management in your network. Cisco EnergyWise enables companies to save costs by measuring, managing, and reducing the power consumption of network infrastructure, and of devices attached to the network. EnergyWise reduces the time and effort required to transform business energy policy to real energy savings.

Cisco Prime LMS provides a set of management functionalities to simplify and automate the energy management lifecycle.

Power management for EnergyWise in LMS consists of the following:

• Assessing EnergyWise readiness of the network

• Upgrading IOS, wherever required, to make the device EnergyWise capable

• Defining EnergyWise Domains

• Associating devices to the EnergyWise domain

• Defining Endpoint group and configuring EnergyWise policies

• Monitoring and reporting on energy consumption

• Troubleshooting power-related issues

Note EnergyWise in LMS does not support IPv6 address.

This section contains:

• What is EnergyWise?

• Features and Benefits of EnergyWise in LMS

• Understanding the EnergyWise Dashboard

• EnergyWise Supported Devices and Images

• Getting Started with EnergyWise

• Enabling EnergyWise on Devices

• Configuring EnergyWise Attributes on Endpoints

• Applying EnergyWise Policies to Endpoints

• Checking EnergyWise Policy Compliance

• Managing EnergyWise Domain

• Managing EnergyWise Devices


Chapter 3 Managing Cisco EnergyWise Using LMS What is EnergyWise?

• Managing EnergyWise Endpoint Groups

• Managing EnergyWise Policies

• Managing EnergyWise Jobs

• Configuring EnergyWise Settings

• Viewing EnergyWise Collection Summary

What is EnergyWise?Cisco® EnergyWise lets your Cisco network act as a platform that can measure, monitor, and manage the way your devices consume energy. In a Cisco EnergyWise network, EnergyWise monitors and manages the power usage of powered devices, Cisco devices in a domain, and the endpoints connected to them.

From the Cisco EnergyWise perspective, your network has three kinds of devices:

• Endpoints: Devices that use power. They are Power over Ethernet (PoE) and non-PoE devices that connect to the network.They can receive power from an AC power source, a DC power source, or a power supply.They only respond to queries. For example, IP phone, access point, or PC.

• Domain members: Cisco switches, and network devices that use power. They forward messages across the network to form an EnergyWise domain with other Cisco devices and end points connected to them. They also forward and reply to queries from the management station and aggregate power-usage information from the end points.A domain is treated as one unit of power management and is similar to a network-management community.

• Management stations: These are the control applications and devices that use Cisco EnergyWise features to measure, monitor, and manage power consumption. Management solutions can use Cisco EnergyWise queries to act as the point of control for one or more Cisco EnergyWise domains.For example, a server with LMS is a management solution.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Features and Benefits of EnergyWise in LMS

Features and Benefits of EnergyWise in LMSEnergyWise in LMS provides comprehensive support for automating and monitoring power for networking devices in the enterprise. Table 3-1 lists the features and benefits of EnergyWise in LMS.

Table 3-1 Features and Benefits of EnergyWise in LMS

Feature Benefits

Assess EnergyWise readiness of the network • You can quickly identify EnergyWise-enabled and EnergyWise-capable devices.

• Easily upgrade images on EnergyWise-software-incapable devices to support EnergyWise.

See, Getting Started with EnergyWise for more details.

Enable EnergyWise on devices • You can select EnergyWise Capable devices and assign them to EnergyWise domains.

• You can configure EnergyWise attributes like role, keyword, and importance on the devices.

See, Enabling EnergyWise on Devices for more details.

Configure EnergyWise endpoints • Supports both PoE and non-PoE endpoints.

Note You must install an EnergyWise client, like Verdiem, Orchestrator, on non-PoE endpoints for them to become EnergyWise endpoints.

• You can configure EnergyWise attributes like role, keyword, and importance on the endpoints.

• You can export or import the list of EnergyWise endpoints to or from a client.

See, Configuring EnergyWise Attributes on Endpoints for more details.

Configure and implement energy management policies

• You can deploy energy policy through easy workflows; configure power policy, using events, for devices based on time of day for groups and classes of devices

Using events you can set the power level of endpoints for a specific time period.

• You can configure multiple endpoints in a single workflow: reduces the error-prone setup associated with manual configuration; improves overall network availability and accuracy of policy

• You can update and provision EnergyWise policies automatically on all endpoints in a domain.

See, Applying EnergyWise Policies to Endpoints for more details.

Monitor and report on power consumption • You can identify power usage of EnergyWise domains quickly through charts and graphs; with real-time status for quickly isolating potential power issues

• You can understand pattern of power consumption; identify peak usage and trends to plan for power and utility savings

See, Understanding the EnergyWise Dashboard for more details.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Understanding the EnergyWise Dashboard

Understanding the EnergyWise DashboardYou can access the EnergyWise dashboard using:

• Work Centers > EnergyWise > Dashboard

• My Menu > Default Dashboards > EnergyWise Dashboard

• Monitor > Dashboards > EnergyWise

The EnergyWise Dashboard displays all the EnergyWise portlets. The various EnergyWise portlets are:

• EnergyWise - Power Consumption Graph

• EnergyWise - Total Savings Graph

• EnergyWise - Savings Trend Graph

• EnergyWise - Current Power Consumption

• EnergyWise - Policy Override

• EnergyWise - Endpoint Group

• EnergyWise - Capability Summary

Generates syslogs and traps on energy violations • You can configure the power consumption threshold, which when violated, generates a trap, generates a syslog of a specified severity, sends notifications to the specified mail IDs, and executes the specified commands.

• Notifies when there is a threshold violation

See, Configuring Threshold Settings for more details.

EnergyWise dashboard • Organizes all EnergyWise functions into a single portal for quick navigation and real-time energy updates

• Provides a snapshot of the effect of EnergyWise in the network; you can monitor power consumption of your network.

See, Understanding the EnergyWise Dashboard for more details.

Table 3-1 Features and Benefits of EnergyWise in LMS

Feature Benefits


OL-23861-01


EnergyWise - Power Consumption GraphYou can view this portlet in the EnergyWise dashboard using:


• My Menu > Default Dashboards > EnergyWise


EnergyWise Power Consumption portlet provides information about the power consumed by an endpoint group in kwh. You can regenerate the graph by specifying a duration in the time slider. You can click the View as Chart and View as Grid to view the portlet information in the required format.

To configure the portlet:

Step 1 Move the mouse over the title bar of the EnergyWise Power Consumption portlet to view the icons.


Step 3 Select the Auto Refresh check box to set the refresh time.


Step 5 Select an EnergyWise endpoint group from the Groups drop-down list. You can select a maximum of five groups.



OL-23861-01


EnergyWise - Total Savings GraphYou can view this portlet in the EnergyWise dashboard using:




EnergyWise Total Savings Graph Portlet provides information about the energy savings, tree savings and carbon emissions, of the selected groups. The EnergyWise Total Savings table displays the following information:

It also displays a bar chart that shows the actual and maximum power usage based on the selected groups. during a specific time period.

Note The cost savings for the specified period is calculated as: the average daily savings (calculated using the available data) x number of days in specified period. For example, if you selected the periodicity of the report as weekly, the weekly cost savings would be the average cost savings per day multiplied by 7.

Field Description

Endpoint Groups Displays the name of the endpoint group.

Entity Count Displays the number of endpoints in the endpoint group.

Actual Usage Displays the average amount of energy used.

Savings (kwh) Displays the savings in kwh according to:

Energy Saving (kwh) = Maximum Energy Usage (kwh) – Actual Energy Usage (kwh)

Savings (%) Displays the above savings in %.

Money Savings Displays the savings according to the cost per kwh in US dollars.

Tree Savings Displays the number of trees you do not have to plant, because of the energy you have saved using EnergyWise in your network. This value is according to the formula:

1 Urban Tree planted = 39 Kg CO2

The number of trees planted is directly proportional to the amount of carbon emitted.

Carbon Emissions Displays the carbon emissions savings in kilograms according to:

1 kwh = 0.718 Kg CO2 (Carbon Emission)


OL-23861-01



Step 1 Move the mouse over the title bar of the EnergyWise Total Savings Graph portlet to view the icons.




Step 5 Select an EnergyWise endpoint group from the Groups drop-down list. You can select a maximum of five groups.

Step 6 Enter the Cost per kwh in the text box. The currency is US dollar.

Step 7 You can select the following check boxes if you want them to appear in the chart or the grid:

• Money Savings

• Tree Savings

• Carbon Emissions


EnergyWise - Savings Trend GraphYou can view this portlet in the EnergyWise dashboard using:




The EnergyWise Savings Trend Graph provides information about the average and actual power usage of a selected group over a specific time period. You can select the time using the time slider. You can click the View as Chart and View as Grid to view the portlet information in the required format.


Step 1 Move the mouse over the title bar of the EnergyWise Power Consumption portlet to view the icons.




Step 5 Select an EnergyWise endpoint group from the Groups drop-down list.



OL-23861-01


EnergyWise - Current Power ConsumptionYou can view this portlet in the EnergyWise dashboard using:




The EnergyWise Current Power Consumption portlet displays the total current power consumption of an endpoint, domain or a subset of a domain depending on the keyword.

The fields that appear in this portlet are:

Click Current Power Consumption to view the current power consumption of the endpoint.

Field Description

Select Domain Select an EnergyWise domain from the drop-down list.

The name will be the name of the end point.

Select Attribute Select Keyword or Name as the attribute for listing the keywords or endpoints.

Select Importance Enter the value of EnergyWise Importance.

This value differentiates the devices in a domain based on their power usage. For example, a desk phone has a lower importance than a business-critical emergency phone.

Select Keyword Select a keyword for the domain, based on which you will get to know current power consumption. These keywords are defined when you create domains.

This field appears when you select Keyword as an attribute.

Select Name Select the endpoint whose power consumption you want to measure.

This field appears when you select Name as an attribute.


OL-23861-01


EnergyWise - Policy Override You can view this portlet in the EnergyWise dashboard using:




The EnergyWise Policy Override portlet allows you to change the power level of an EnergyWise endpoint.

To override an EnergyWise event for an endpoint:

Step 1 Enter one of the following parameters of the endpoint:

• User Name—User name of the endpoint.

• IP Address—IP Address of the endpoint.

• MAC Address —MAC Address of the endpoint.

Note Ensure that the endpoint is discovered through User Tracking in LMS.

Step 2 Click Get End Host Details to get the details of the endpoint. The following endpoint details appear in the End host Details grid:

• User Name—User name of the endpoint.

• IP Address—IP Address of the endpoint.

• Host Name—Name of the host.

• Device Name—Name of the endpoint.

• MAC Address —MAC Address of the endpoint.

• Port Name—Port number to which the host is connected.

• ifindex— Interface index of the port. For example, 10

• Port Description—Description of the port number to which the endpoint is connected.

• Power Level—This level indicates the current power state of the endpoint.

Step 3 Select the power level that you want to change to. The range is from 0 to 10.

Select one of the following:

• 0 - Shut Down

• 1 - Hibernate

• 2 - Sleep

• 3 - Standby

• 4 - Ready

• 5 - Low

• 6 - Frugal

• 7 - Medium


OL-23861-01


• 8 - Reduced

• 9 - High

• 10 - Full

Step 4 Select one of the following Scheduler options:

• Override immediately—Select this option to apply the event immediately on the endpoint.

• Override at—Select this option and select a start date, and the start time in the HH:MM format to apply the event at the specified time and day.

Step 5 Click Override to apply the event on the specified endpoint.

EnergyWise - Endpoint GroupYou can view this portlet in the EnergyWise dashboard using:




You can apply EnergyWise policies to the endpoints only if they are part of endpoint groups. The EnergyWise Policy Groups portlet provides information about the number of compliant and non-complaint endpoints, and power consumption of the endpoint groups.

The following are the details of the portlet:

Move the mouse over the title bar of the EnergyWise Policy Groups portlet.

Click the configuration icon. You can specify the refresh interval and number of rows to appear in the portlet. Select the Auto Refresh interval to refresh the portlet automatically at the specified interval.

Field Description

Endpoint Group Name Displays the name of the endpoint group.

Entity Count Displays the number of endpoints in the domain.

Non-compliant Entities Displays the number of non-compliant endpoints.

If the power level of an interface is different from that specified in the policy, then the interface is shown as a non-compliant entity.

Power Consumption (Last Cycle) Displays the power consumption of the endpoint group in the last cycle, that is, the period after the last collection.


OL-23861-01


EnergyWise - Capability SummaryThe EnergyWise - Capability Summary displays the EnergyWise readiness of your network. You can click the View as Grid icon to view the number of devices of each category.

This portlet is not part of the EnergyWise dashboard, you can add this portlet to any dashboard.

To view this portlet in the EnergyWise dashboard:

Step 1 Go to EnergyWise dashboard and click on the Add portlet icon. The Add portlets pop-up appears with a list of all the portlets in LMS.

Step 2 Select EnergyWise - Capability Summary and click Add. The portlet appears in your dashboard.

A pie chart appears with the following types of devices.

• EnergyWise Enabled Devices

• EnergyWise Capable Devices

• EnergyWise Software Incapable Devices

• EnergyWise Hardware Incapable Devices

Click on any of the pie chart slices to view the EnergyWise Readiness Assessment page.

EnergyWise Enabled Devices

These devices have the supported IOS image for EnergyWise, and have EnergyWise enabled.

EnergyWise Capable Devices

These devices have the supported IOS image for EnergyWise, however, EnergyWise is not enabled on them. See, Enabling EnergyWise on Devices for more details.

EnergyWise Software Incapable Devices

These devices do not have the supported IOS image for EnergyWise. See EnergyWise Supported Devices and Images for more information.

EnergyWise Hardware Incapable Devices

These devices do not support the EnergyWise technology. You can get the latest EnergyWise supported hardware from Cisco.com. See Known List of Hardware-incapable Devices for more information.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS EnergyWise Supported Devices and Images

EnergyWise Supported Devices and ImagesTable 3-2 lists the devices and images, that support EnergyWise.

Table 3-2 Supported Devices and Images for EnergyWise


Cisco 3750 Stack 12.2(58)SE

Cisco Catalyst 3750G-12S Switch 12.2(58)SE

Cisco Catalyst 3750-24PS Switch 12.2(58)SE

Cisco 2600,2800,3700,3800 Series 16-Port Ether Switch Service Module

12.2(58)SE

Cisco 2800,3800 Series 23-Port Ether Switch Service Module

12.2(58)SE


12.2(58)SE

Cisco 2851,3800 Series 24-Port Ether Switch (with Stackwise Connectors) Service Module

12.2(58)SE

Cisco Catalyst 3560G-24PS Switch 12.2(58)SE

Cisco Catalyst 3560G-24TS Switch 12.2(58)SE





Cisco Catalyst 3560-24TS Switch 12.2(58)SE


Cisco Catalyst 3560E-24TD-E,S Switch 12.2(58)SE


Cisco Catalyst 3560E-24PD-E,S Switch 12.2(58)SE


Cisco Catalyst 3560-8PC Compact Switch 12.2(58)SE

Cisco Catalyst 3560E-12D-S,E Switch 12.2(58)SE

Cisco Catalyst 3560E-12SD-E,S Switch 12.2(58)SE

Cisco Catalyst 3560-12PC-S Compact Switch 12.2(58)SE

Cisco Catalyst 2960-24TC Switch 12.2(58)SE


Cisco Catalyst 2960G-24TC Switch 12.2(58)SE


Cisco Catalyst 2960-24TT Switch 12.2(58)SE


Cisco Catalyst 2960-8TC Compact Switch 12.2(58)SE


OL-23861-01


Cisco Catalyst 2960G-8TC Compact Switch 12.2(58)SE

Cisco Catalyst 2960-24-S Switch 12.2(58)SE

Cisco Catalyst 2960-24TC-S Switch 12.2(58)SE


Cisco Catalyst 2960-24PC-L Switch 12.2(58)SE

Cisco Catalyst 2960-24LT-L Switch 12.2(58)SE

Cisco Catalyst 2960PD-8TT-L Compact Switch 12.2(58)SE

Cisco Catalyst 2960-8TC-S Compact Switch 12.2(58)SE

Cisco Catalyst 2960-48TT-S Switch 12.2(58)SE

Cisco Catalyst 3750G-12S-SD Switch 12.2(58)SE





Cisco Catalyst 3750G-24 Switch 12.2(58)SE



Cisco Catalyst 3750G-24T Switch 12.2(58)SE





Cisco Catalyst 3750G-24TS-1U Switch 12.2(58)SE

Cisco Catalyst 3750-24FS Switch 12.2(58)SE

Cisco Catalyst 2960-48PST-L Switch 12.2(58)SE

Cisco Catalyst 2960-24LC-S Switch 12.2(58)SE

Cisco Catalyst 2960-24PC-S Switch 12.2(58)SE

Cisco Catalyst 2960-48PST-S Switch 12.2(58)SE

Cisco Enhanced Layer 2 Ether Switch Service Module

12.2(58)SE

Cisco Catalyst 3560V2-24DC Switch 12.2(58)SE

Cisco Catalyst 3560V2-24TS Switch 12.2(58)SE

Cisco Catalyst 3560V2-24PS Switch 12.2(58)SE





Table 3-2 Supported Devices and Images for EnergyWise (continued)



OL-23861-01



Cisco Catalyst 2960x 48tsS 12.2(58)SE

Cisco Catalyst 2960 stack 12.2(58)SE

Cisco Catalyst 4507R Switch 12.2(52)SG

Cisco Catalyst 4506 Switch 15.0(2)SG




Cisco Catalyst 4948 10 Gigabit Ethernet Switch 12.2(52)SG

Cisco ME 4924-10GE Switch 12.2(52)SG


Cisco Catalyst 4506-E Switch 12.2(52)SG

Cisco Catalyst 4510R-E Switch 12.2(52)SG




Cisco Catalyst 4948E Ethernet Switch 12.2(54)XO

Cisco 2951 Integrated Services Router 15.0(1)M2



Cisco 1941W Integrated Services Router 15.0(1)M2


Cisco 1905 Serial Integrated Services Router 15.0(1)M2

Cisco CGS-2520-24TC Connected Grid Switch 12.2(53)EX

Cisco CGS-2520-16S-8PC Connected Grid Switch

12.2(53)EX

Cisco 2010 Connected Grid Router 15.1(1)T

Cisco IE 3000-4TC Industrial Ethernet Switch 12.2(53)SE


Rockwell Stratix MS06T 12.2(53)SE


Cisco ME 3400G-12CS-A Switch 12.2(53)SE

Cisco ME 3400G-12CS-D Switch 12.2(53)SE


Cisco ME 3400-24FS-A Switch 12.2(53)SE

Cisco ME 3400EG-2CS-A Switch 12.2(53)SE

Cisco ME 3400EG-12CS-M Switch 12.2(53)SE




OL-23861-01


Cisco ME 3400E-24TS-M Switch 12.2(53)SE

Cisco ME 3400-24TS-A Switch 12.2(53)SE

Cisco ME 3400-24TS-D Switch 12.2(53)SE

Cisco 3925E Integrated Services Router 15.1(1)T


Cisco 861,861W Integrated Services Router 15.0(1)M2




Cisco IAD881,IAD881W Integrated Access Device

15.0(1)M2

Cisco 881SRST,881SRSTW Integrated Services Router

15.0(1)M2


15.0(1)M2



15.0(1)M2


15.0(1)M2

Cisco 887,887W Integrated Services Routers 15.0(1)M2


15.0(1)M2


15.0(1)M2



15.0(1)M2


15.0(1)M2




Cisco IAD885F-D-3 15.0(1)M2

Cisco IAD888E,IAD888EW Integrated Access Device

15.0(1)M2


Cisco 861 Npe 15.0(1)M2

Cisco 881npe 15.0(1)M2




OL-23861-01


Cisco 881gnpe 15.0(1)M2




Cisco 887V Integrated Services Router 15.0(1)M2





Cisco 888E,888EW Integrated Services Router 15.0(1)M2

Cisco 888ESRST,888ESRSTW Integrated Services Router

15.0(1)M2

Cisco Catalyst 2960S-48TS-S Switch 12.2(53)SE2


Cisco Catalyst 2960S-48FPD-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48LPD-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48TD-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-24PD-L Switch 12.2(53)SE2


Cisco Catalyst 2960S-48FPS-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48LPS-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-24PS-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48TS-L Switch 12.2(53)SE2


Cisco Catalyst 3750X-24T-L,S Switch 12.2(58)


Cisco Catalyst 3750X-24P-L,S Switch 12.2(58)

Cisco Catalyst 3750X-48PF-L,S Switch 12.2(58)





Cisco Catalyst 2975 Switch 12.2(50)SE

Cisco Catalyst 2350-48TD-S Switch 12.2(52)SE

Cisco Catalyst 2360-48TD-S 12.2(53)EY

Cisco Catalyst 4507R plus E Switch 03.01.00.SG





OL-23861-01


Cisco ME 3600X-24FS-M Switch 12.2(52)EY

Cisco ME 3600X-24TS-M Switch 12.2(52)EY

Cisco ME 3800X-24FS-M Switch Router 12.2(52)EY

Cisco 887VA M Integrated Services Router 15.0(1)M2

Cisco 886VA Integrated Services Router 15.0(1)M2


Cisco 892F Integrated Services Router 15.1(2)T2

Cisco Catalyst 4948E-F Switch 12.2(54)WO

Cisco Catalyst 6506 Switch 12.2(33)SXI4

Cisco Catalyst 6509-NEB Switch 12.2(33)SXI4


Cisco Catalyst 6504-E Switch 12.2(33)SXI4

Cisco Catalyst 6509-V-E Switch 12.2(33)SXI4


Cisco Catalyst 6509-NEB-A Switch 12.2(33)SXI4


Cisco Virtual Switching System 12.2(33)SXI4

Cisco Catalyst C2928-48TC-C Switch 12.2(55)EZ

Cisco Catalyst 2928-24TC-C Switch 12.2(55)EZ

Cisco Catalyst C2928-24LT-C Switch 12.2(55)EZ

Cisco Catalyst 3560CG-8PC-S Compact Switch 12.2(55)EX

Cisco Catalyst 3560CG-8TC-S Compact Switch 12.2(55)EX

Cisco Catalyst 2960CPD-8PT-L Switch 12.2(55)EX

Cisco Catalyst 2960CG-8TC-L Compact Switch 12.2(55)EX

Cisco Enhanced Layer 2 EtherSwitch Service Module

12.2(58)SE

Cisco Enhanced Layer2, Layer3 EtherSwitch Service Module

12.2(53)SE2





OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Getting Started with EnergyWise

Getting Started with EnergyWiseThe Getting Started workflow guides you on provisioning EnergyWise for Day 1 operations. For advanced configurations you can choose the corresponding link in the EnergyWise TOC.

In LMS 4.1, there are two new options that are part of the Getting Started workflow:

• Upgrading Images of Devices having Lower EnergyWise Image

• Configuring Secrets of Discovered EnergyWise Domains

Upgrading Images of Devices having Lower EnergyWise Image

Some EnergyWise Capable devices might appear as EnergyWise Software Incapable Devices if they do not have the latest EnergyWise Capable IOS image. We recommend you to upgrade to the latest EnergyWise Capable IOS image to avail all the EnergyWise features in LMS 4.1. You can click the link to view the details of these devices and to upgrade to the recommended image version.

When you click the link, the EnergyWise Devices Running Below Recommended Image Version popup appears with the details of the devices like Device Name, IP Address, Subnet Mask, Device Type, Running Image Version, and the Recommended Image Version. You can view this link only if there are any EnergyWise Capable devices running with lower EnergyWise images.

Configuring Secrets of Discovered EnergyWise Domains

LMS collects secrets of domains if they are in plain text, if they are in encrypted format, LMS cannot collect the secrets.

If the secrets are in encrypted format or they are not configured on the device, you can update them in the Manage Domains page. When you click the link in the Getting Started page, the Manage Domains page appears in another tab where you can configure secrets of the domains. You can view this link only if there are any domains that have secrets in the encrypted format, or are not configured in the device.

The Getting Started workflow for EnergyWise is:

1. Assessing EnergyWise Readiness of Your Network

2. Enabling EnergyWise on Devices

3. Configuring EnergyWise Attributes on Endpoints

4. Applying EnergyWise Policies to Endpoints

Assessing EnergyWise Readiness of Your NetworkThe EnergyWise (EW) readiness assessment in the Getting Started Assistant displays EnergyWise-based device details after assessing your network. A pie chart appears with the following types of devices.

• EnergyWise Enabled Devices

• EnergyWise Capable Devices

• EnergyWise Software Incapable Devices

• EnergyWise Hardware Incapable Devices

Click on any of the pie chart slices to view the details of the devices.



OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Getting Started with EnergyWise

EnergyWise Enabled Devices

Click the EnergyWise Enabled devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have the supported IOS image for EnergyWise, and have EnergyWise enabled.

To manage the power consumption of these devices, you need to configure EnergyWise attributes such as Name, Role, Keywords and Importance for the devices and for the endpoints connected to the devices. Select Work Centers > EnergyWise > Configure > Configure EnergyWise Attributes on Endpoints.

You will then need to create EnergyWise policies, and endpoint groups for your network. The policies can be applied to endpoints through endpoint groups.

EnergyWise Capable Devices

Click the EnergyWise Capable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have the supported IOS image for EnergyWise. However, EnergyWise is not enabled on them.

Select one or more device and click Enable EnergyWise to enable EnergyWise on the selected devices. See, Enabling EnergyWise on Devices for more details.

EnergyWise Software Incapable Devices

Click the EnergyWise Software Incapable devices slice of the pie chart. The details of the corresponding devices appear in the table at the bottom of the page. These devices do not have the supported IOS image for EnergyWise. You can upgrade to the EW-capable IOS image.

Some EnergyWise Capable devices might appear as EnergyWise Software Incapable Devices if they do not have the latest EnergyWise Capable IOS image. We recommend you to upgrade to the latest EnergyWise Capable IOS image to avail all the EnergyWise features in LMS 4.1.

Select one or more device and click Upgrade Software Image to upgrade to the EnergyWise Capable IOS image.

EnergyWise Hardware Incapable Devices

Click the EnergyWise Hardware Incapable devices slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices do not support the EnergyWise technology. You can get the latest EnergyWise supported hardware from Cisco.com. See Known List of Hardware-incapable Devices for more information.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Enabling EnergyWise on Devices

Enabling EnergyWise on DevicesTo enable EnergyWise on the EnergyWise Capable devices, go to Work Center > EnergyWise > Enable EnergyWise on Devices.

As a best practice, LMS recommends an EnergyWise domain to be restricted to a Layer 2 domain or subnet.

The workflow for configuring EnergyWise on the required devices is:

1. Select devices from the list of EnergyWise Capable devices.

2. Associate devices to an EnergyWise domain.

To enable EnergyWise on a device, it has to be part of a domain. Select the domain to which you wish to assign the selected devices. See Associating Devices to an EnergyWise Domain for more information.

3. Configure EnergyWise attributes for each device.

This is an optional step. You can configure EnergyWise attributes like entity name, role, importance, and keyword on the device.

4. Schedule deployment.

You must schedule a job to deploy the EnergyWise configurations on the EnergyWise-enabled devices. You can view the details of the EnergyWise jobs in the EnergyWise Job Browser (Work Centers > EnergyWise > Jobs). See, Scheduling EnergyWise Configuration Jobs for more details.

Associating Devices to an EnergyWise DomainSelect EnergyWise Capable devices and the required domain, to add the devices to the domain. You can also create, edit, and delete EnergyWise domains. See Managing EnergyWise Domain for more information.

You can also click Filter to view the EnergyWise domains based on the domain name, description of the domain, or number of devices in the domain.

Note For a successful EnergyWise Endpoint collection, you must configure the EnergyWise secrets like Domain Secret, Endpoint Secret, and Management Secret.

When you select a domain you have to enter the following passwords if they are not configured:

• Domain Secret—Enter the domain secret used by the EnergyWise protocol to enable communication between devices within the domain. You must enter this secret if you do not want EnergyWise operations to be in sync with the NTP server.

• Management Secret—Enter the management secret used by the LMS server to collect data from the devices in the domain.

• Endpoint Secret—Enter the Endpoint secret used by EnergyWise protocol to communicate with the endpoint devices in the domain.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Configuring EnergyWise Attributes on Endpoints

• Network Time Protocol (NTP) Secret—Enter the NTP secret used by the EnergyWise protocol to enable communication between devices in the domain. If you want EnergyWise operations to be in sync with the NTP server, you must enter this secret.

You must configure NTP server details to ensure correct execution of EnergyWise operations. NTP server synchronization is recommended, as EnerygWise events are time based. You can select the IP Address option and enter the IP address of the NTP server, or select the Host Name option and enter the host name of the NTP server. NTP Server, when configured on a device, synchronizes the system time of the device with the system time of the NTP server.

Note If you select devices which do not belong to the same subnet, you must manually configure some commands on the device. LMS will manage policies and provide EnergyWise monitoring after you configure the commands on the devices. For more details, see Enabling EnergyWise on Devices in Disjoint Domains.

Enabling EnergyWise on Devices in Disjoint Domains

If devices are in disjoint domains, neighbors might not be discovered automatically. If you want to enable EnergyWise on these devices, you must manually assign one device as a static neighbor or the reverse. You must configure:

energywise neighbor <IP Address of the device>

For example, Switch A (192.168.1.2) and Switch B (192.168.2.2) are in disjoint domains. To prevent a disjointed domain, you must manually assign Switch 2 as a static neighbor or the reverse on Switch 1. You must configure the following command on Switch A:

energywise neighbor 192.168.2.2 43440

Configuring EnergyWise Attributes on EndpointsYou can configure EnergyWise attributes on endpoints, which can further be used for defining the Endpoint Group. You can configure EnergyWise attributes like role, keyword, and importance of endpoints. Before you configure EnergyWise attributes on endpoints, see Prerequisites and Important Notes.

Prerequisites

• You must install an EnergyWise client, like Verdiem, Orchestrator, on non-PoE endpoints for them to become EnergyWise endpoints.

Note EnergyWise in LMS does not support DMP endpoints, as you cannot install the EnergyWise client on these endpoints.

Except for supported images of Catalyst 2K and 3K for EnergyWise (see, EnergyWise Supported Devices and Images), to discover IP phones and manage their power level using all other EnergyWise devices, you must:

• Install the Cisco Call Manager (CCM) in an Application server or MCS.

• Register the IP phones with the CCM. LMS does not support CME.


OL-23861-01


• The CCM must be managed in the DCR of LMS with the SNMP-RO credentials.

• After LMS discovers and manages CCM, you can trigger Data Collection (Admin > Collection Settings > Data Collection > Data Collection Schedule) and User Tracking for IP phones (Inventory > User Tracking Settings > Acquisition Actions).

• You can launch the IP phones report (Reports > Inventory > User Tracking > All IP Phone Entries). If data appears in the report, the CCM is properly managed and you can proceed with Endpoint Attribute Configuration.

Important Notes

• If an endpoint is connected to a non-PoE port of a device then EnergyWise will not discover the endpoint.

If an EnergyWise Client or Agent runs in this endpoint, then EnergyWise will discover the endpoint, and LMS will support and manage it.

• If PoE endpoint like VOIP, IPVSC are connected to a PoE port of a device, then EnergyWise will discover the endpoints and LMS will support and manage them.

• If any non-PoE endpoints like Linux, or WinXP machine are connected to a PoE port or a non-PoE port, the endpoints will not get discovered or supported by LMS.

If EnergyWise Client or Agent runs in these endpoints, then EnergyWise will discover the endpoints and LMS will support and manage them.

To configure EnergyWise endpoints:

Step 1 Select Work Centers > EnergyWise > Configure > Configure EnergyWise Attributes on Endpoints. The EnergyWise Endpoint Configuration page appears.

Step 2 Select one or more devices from the Select EnergyWise devices pane.

Click Filter to view the EnergyWise devices based on a specific type.

Step 3 Click Next to view the Configure EnergyWise Attributes on Endpoints pane. The Configure EnergyWise Endpoints table appears with the following information:

Field Description

Host Name Displays the host name of the endpoint.

IP Address Displays the IP address of the endpoint.

MAC Address Displays the MAC address of the endpoint.

Device Shows the display name of the device, as defined in the Device Management page (DCR), to which the endpoint is connected.

Port Displays the port to which the endpoint is connected.

VLAN Displays the VLAN to which the endpoint belongs.

Device Type Displays the type of the endpoint.

Entity Name Displays the unique name of the endpoint. If you do not specify an entity name, the hostname is taken as the entity name.


OL-23861-01


You can do one of the following:

• Select an endpoint and click Configure to configure its name, role, keyword, and importance.

If you select only one endpoint, then the attributes will be pre-populated from the device, if they are available. If you select more than one endpoint, then you must configure the attributes.

• Click Show Details to view the details of the endpoint.

• Click Filter to view the EnergyWise endpoints based on a specific type.

Step 4 Click Next to schedule the configurations to the selected endpoints Schedule Deployment pane. For more information, see Scheduling EnergyWise Configuration Jobs.

Role Displays the role or function of the device in the EnergyWise domain.

By default the model number appears.

Keyword Displays the word that will help you identify a specific device or group of devices.

When assigning multiple keywords, separate the keywords with commas, and do not use spaces between keywords.

Importance Displays the value of EnergyWise Importance of the endpoint.

This value differentiates the endpoints in a domain based on their power usage. For example, a desk phone has a lower importance than a business-critical emergency phone.

Field Description


OL-23861-01


Scheduling EnergyWise Configuration JobsEvery configuration is deployed as a job. In many workflows the Schedule Deployment pane appears at the end. It displays details of the schedule and job options.

Note All the EnergyWise jobs except the Apply EnergyWise policies jobs use the NetConfig protocol order. See Defining the NetConfig Protocol Order, for more information.



• Click Preview CLI to see the CLI commands that will be applied to the selected devices. You can select a device from the Preview CLI pop-up and see the CLI commands.


• Click Previous to go back to the previous panes.


A notification message appears along with the Job ID. The newly created job appears in the EnergyWise Job Browser (Work Center > EnergyWise > Jobs). See Managing EnergyWise Jobs for more details.

Defining the NetConfig Protocol Order

To define or modify the NetConfig protocol order:




If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol, again.



Field Description




Job Description Enter a description for the job. This is mandatory. You can enter alphanumeric and special characters.



OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Applying EnergyWise Policies to Endpoints

Step 4 Click Apply.


Step 5 Click OK.

Applying EnergyWise Policies to EndpointsTo apply EnergyWise policies to endpoints, they have to be part of an EnergyWise endpoint group.

To apply EnergyWise policies to the required endpoint groups, select Work Centers > EnergyWise > Configure > Apply EnergyWise Policies.

The workflow for applying EnergyWise policies to the required endpoint group is:

1. Select the endpoint group.

You can also create, delete, and edit endpoint groups. See Managing EnergyWise Endpoint Groups for more details.

2. Select the EnergyWise policies.

This is an optional step. You can also create and edit the EnergyWise policies and their events. See Managing EnergyWise Policies, for more details.

3. Apply EnergyWise policies to endpoint groups.

See Applying EnergyWise Policies to Endpoint Groups, for more details.

4. Schedule deployment.

You must schedule a job to deploy the EnergyWise configurations to the EnergyWise-enabled devices. You can view the details of the EnergyWise jobs in the EnergyWise Job Browser (Work Centers > EnergyWise > Jobs). See, Scheduling EnergyWise Configuration Jobs for more details.

Note LMS uses the EnergyWise protocol and not the NetConfig protocol order to apply EnergyWise policies to the endpoints.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Applying EnergyWise Policies to Endpoints

Applying EnergyWise Policies to Endpoint GroupsYou can configure an EnergyWise device to automatically change the power level of an end point. This configuration is called an EnergyWise event. If you configure an event to change the power level of an endpoint, you have to create another event to restore the power level of that endpoint. For example, if you create an event to power down an IP phone at the end of the business day, you need to configure another event to power up the IP phone at the beginning of the next business day.

If there are endpoints that are not part of any endpoint group, click the link to view details of the ungrouped endpoints like name, role, keyword, and importance.

To apply EnergyWise policies to endpoint groups:

Step 1 Select Work Centers > EnergyWise > Configure > Apply EnergyWise Policies.

You can view the Endpoint Groups.

Step 2 Click Next to view the EnergyWise Policies pane.

Step 3 Click Next to view the Apply Policies to Endpoints pane. The pane appears with the following information:

Step 4 You can do one of the following:

• Select an EnergyWise endpoint group and click Apply Policy to apply an EnergyWise policy to the endpoint group.

The Assign Policy to Endpoint Groups page appears with a list of all the created EnergyWise policies.

Select a policy and click Save to apply the policy to the endpoint group.

• Click Filter to view the endpoint groups based on their name, number of endpoints in the endpoint group, or number of non-compliant endpoints in the endpoint group.

• Click Previous to go to the Define EnergyWise Policies page.

• Click Next to go to the Schedule Deployment page and deploy the job. See Scheduling EnergyWise Configuration Jobs for more information.

Field Description

Endpoint Group Displays the name of the endpoint group.

Entities Count Displays the number of endpoints in the endpoint group. Click the link to view details of the endpoints.

Non-compliant Entries Displays the number of non-compliant endpoints in the endpoint group. Click the link to view details of the Non-compliant endpoints. If the power level of an interface is different from that specified in the policy, then the interface is shown as a non-compliant entity.

Policy Applied Specifies if any EnergyWise policy has been applied to the endpoint group.

Assigned Policies Specifies the policies that are mapped to an endpoint group.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Checking EnergyWise Policy Compliance

Checking EnergyWise Policy ComplianceIf there are endpoints that are not part of any endpoint group, click the link to view details of the ungrouped endpoints like name, role, keyword, and importance.

To check the compliance of EnergyWise policies in your network:

Step 1 Select Work Center > EnergyWise > Configure > Policy Compliance. The EnergyWise policy compliance status page appears with the details of the endpoint groups:

Step 2 Click Filter to view the endpoint groups based on their name, number of endpoints in the endpoint group, or number of non-compliant endpoints in the endpoint group.

Field Description


Entities Count Displays the number of endpoints in the endpoint group. Click the number to view details of the endpoints like entity name, role, keyword, and importance.

Non-compliant Entities Displays the number of non-compliant endpoints in the endpoint group. Click the number to view details of the Non-compliant entities.


Policy Applied Specifies if any EnergyWise policy has been applied to the endpoint group.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Devices

Managing EnergyWise DevicesYou can configure the unique EnergyWise device attributes like entity name, role, keyword, importance for the managed EnergyWise devices in the network. You can also change the domain of the EnergyWise device.

For domains for which LMS does not know the secrets, you can select the Enable Encryption of Secrets check box to encrypt secrets, and enter the secrets.

Note Disabling the check box will display the secrets in unencrypted format in the device running configuration.

To manage EnergyWise devices:

Step 1 Select Work Center > EnergyWise > Configure > Manage Devices. The Configure Unique EnergyWise Attributes page appears with a list of managed EnergyWise devices.

The Configure Unique EnergyWise Device Attributes page appears with details of the device like Device Name, IP Address, Domain, Entity Name, Role, Keyword, and Importance.

Step 2 To edit the device attributes, select a device and click Edit. The Configure Unique Device Attribute page appears with the details mentioned in the table below. You can view and modify the required details. Some of the fields will appear only if there are no secrets configured in the domain.

Field Description

Device Name Name of the device.

Domain From the drop-down list, select a domain to which the device should belong.

Enable Encryption of Secrets Select the check box to encrypt secrets.


Do you want EnergyWise oper-ations to be in sync with NTP server?

Click Yes if you want EnergyWise operations to be in sync with the NTP serve. You must configure NTP Secret along with the Manage-ment Secret, and Endpoint Secret.

Click No if you do not want EnergyWise operations to be in sync with the NTP server. You must enter the Domain Secret along with the Management Secret, and Endpoint Secret.

Domain Secret Enter the domain secret used by the EnergyWise protocol to enable communication between devices within the domain.

You can enter alphanumeric characters and symbols such as. , and_. Do not enter an asterisk (*) or a blank space between the characters and symbols.

You must enter this secret if you do not want EnergyWise operations to be in sync with the NTP server.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Devices

Step 3 Click Save, or Save and Edit Next, or Cancel.


• Click Filter to view the EnergyWise devices based on a specific type.

• Select a device and click Import to import the device attributes.

Use the Browse button to select the file to the device attributes.

• Select a device and click Export to export the device attributes. The file will be in CSV format.

• Select a device and click Edit to edit the device attributes.

Management Secret Enter the management secret used by the LMS server to collect EnergyWise data from the devices in the domain.

You can enter alphanumeric characters and special characters like #, (, $,!, and &. Do not enter an asterisk (*) or a blank space between the characters and symbols.

Endpoint Secret Enter the endpoint secret used by EnergyWise protocol to communicate with the endpoint devices in the domain.

You can enter alphanumeric characters and special characters like such as #, (, $,!, and &. Do not enter an asterisk (*) or a blank space between the characters and symbols.

NTP Secret Enter the NTP secret used by the EnergyWise protocol to enable communication between devices in this domain.


If you want EnergyWise operations to be in sync with the NTP server, you must enter this secret.

Entity Name Specify a unique name for the device. If you do not specify an entity name, the hostname is taken as the entity name.

Role Specify the role or function of the device in the EnergyWise domain.

For a PoE port, the default is interface.

For a switch, the default is the model number.

Keyword Specify a word that will help you identify a specific device or group of devices.

When assigning multiple keywords, separate the keywords with commas, and do not use spaces between keywords.

Importance Displays the value of EnergyWise Importance of the device.


Field Description


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Domain

Note If you select devices which do not belong to the same subnet, you must manually configure some commands on the device. LMS will manage policies and provide EnergyWise monitoring after you configure the commands on the devices. For more details, see Enabling EnergyWise on Devices in Disjoint Domains.

Enabling EnergyWise on Devices in Disjoint Domains

If devices are in disjoint domains, neighbors might not be discovered automatically. If you want to enable EnergyWise on these devices, you must manually assign one device as a static neighbor or the reverse. You must configure:

energywise neighbor <IP Address of the device>

For example, Switch A (192.168.1.2) and Switch B (192.168.2.2) are in disjoint domains. To prevent a disjointed domain, you must manually assign Switch 2 as a static neighbor or the reverse on Switch 1. You must configure the following command on Switch A:

energywise neighbor 192.168.2.2 43440

Managing EnergyWise DomainAn EnergyWise domain consists of Cisco domain members and end points. A domain can represent a geographic location, a specific place in the network, or any energy specific logical representation.

The domain members forward messages to other members and to end points. Neighbor relationships are set among the domain members (EnergyWise-enabled devices). Each domain member also sets up a parent-child relationship with an attached end point. The child is one of the end points, and the parent is the domain member.

For example, if you have a building with 10 access switches, and 400 end points, such as phones, access points, and PCs running the end point SDK, you can create an EnergyWise domain called MyBuilding with the switches as domain members.

When the devices are added in DCR, and EnergyWise collection is successful, the domains present in the EnergyWise Enabled device will be discovered, and the secrets of the domain will be discovered as part of a successful config collection.

You can view all the configured EnergyWise domains. You can also create, and edit EnergyWise domains.


OL-23861-01


To manage the configured EnergyWise domains:

Step 1 Select Work Center > EnergyWise > Configure > Manage Domains. The Managed EnergyWise Domain page appears with the following details.


• Click Create to create an EnergyWise domain. See, Creating EnergyWise Domain for more information.

• Select an EnergyWise domain and click Edit to edit it. While editing the domain details, you can click the link, Click here to view the secrets, to view the masked secrets in the View EnergyWise Secrets popup.

• Select an EnergyWise domain and click Delete to delete an EnergyWise domain. You can only delete domains that do not have any members.

• Click Filter to view the EnergyWise domains based on a specific type.

Field Description

Domain Name Displays the name of the domain.

Description Displays a description about the domain.

No. of Devices Displays the number of endpoints in the domain.

When you click on the count, the Device Details for EnergyWise Domain pop-up appears. You can get the details of the devices like device name, IP address, device type, and running image version.

Does LMS know secret Specifies if LMS knows the domain secret.

If LMS does not know the domain secret, you can only:

• Perform EnergyWise device collection.

If LMS does not know the domain secret, you cannot:

• Monitor endpoints.

• Apply EnergyWise policies on endpoints.

• Perform endpoint collection

• Check EnergyWise policy compliance.

LMS collects secrets of domains only if they are in plain text, if they are in encrypted format, LMS will not collect the secrets. If the secrets are in encrypted format or they are not configured on the device, you can select the domain and click Edit and update the secrets.


OL-23861-01


Creating EnergyWise DomainTo create an EnergyWise domain:

Step 1 Select Work Center > EnergyWise > Configure > Manage Domains. The Managing EnergyWise Domain page appears.

Step 2 Click Create. The Create Domain page appears with the following details.

Field Description

Domain Name Enter the name of the domain. You can enter alphanumeric charac-ters.

Description Enter a description about the domain. You can use a maximum of 256 characters.

Enable Encryption of Secrets Select the check box to encrypt secrets.


Do you want EnergyWise oper-ations to be in sync with NTP server?

Click Yes if you want EnergyWise operations to be in sync with the NTP serve. You must configure NTP Secret along with the Manage-ment Secret, and Endpoint Secret.

You can select the IP Address option and enter the IP address of the NTP server, or select the Host Name option and enter the host name of the NTP server.

Click No if you do not want EnergyWise operations to be in sync with the NTP server. You must enter the Domain Secret along with the Management Secret, and Endpoint Secret.

Click here to view the secrets (link)

Click this link to view the configured secrets in the View EnergyWise Secrets popup.

LMS collects secrets of domains only if they are in plain text, if they are in encrypted format, LMS cannot collect the secrets. If the secrets are in encrypted format or they are not configured on the device, you can update it in this page, or in the Edit page. If you want to deploy the updated secrets to the EnergyWise devices, go to the Manage Devices page.

Domain Secret Enter the domain secret used by the EnergyWise protocol to enable communication between devices within the domain.

You can enter alphanumeric characters and symbols such as. , and_. Do not enter an asterisk (*) or a blank space between the characters and symbols.

You must enter this secret if you do not want EnergyWise operations to be in sync with the NTP server.

Management Secret Enter the management secret used by the LMS server to collect EnergyWise data from the devices in the domain.

You can enter alphanumeric characters and special characters like #, (, $,!, and &. Do not enter an asterisk (*) or a blank space between the characters and symbols.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Endpoint Groups

Step 3 Click Save or Save and Add Another.

Managing EnergyWise Endpoint GroupsYou can create endpoint groups based on certain filters like role, importance, and keywords. The endpoints can be part of one or more domains. After you create an endpoint group, you can apply policies to the group.

You must create EnergyWise domains before creating endpoint groups. To create domains, select Work Centers > EnergyWise > Configure > Manage Domains.

For example, you can create an endpoint group of IP phones in a floor based on their role, importance, and keyword called FirstfloorIPphones. The IP phones can be part of different domains. You can create a policy to switch on and switch off the phones at specified periods, and apply the policy to the endpoint group.

Endpoint Secret Enter the endpoint secret used by EnergyWise protocol to communicate with the endpoint devices in the domain.


Network Time Protocol (NTP) Server

You must configure NTP server details to ensure correct execution of EnergyWise operations.

NTP server synchronization is recommended, as EnerygWise events are time based.

You can select the IP Address option and enter the IP address of the NTP server, or select the Host Name option and enter the host name of the NTP server.

NTP Server, when configured on a device, synchronizes the system time of the device with the system time of the NTP server.

NTP Secret Enter the NTP secret used by the EnergyWise protocol to enable communication between devices in this domain.


If you want EnergyWise operations to be in sync with the NTP server, you must enter this secret.

Field Description


OL-23861-01


To create an Endpoint Group:

Step 1 Select Work Center > EnergyWise > Configure > Manage Endpoint Groups. The Manage Endpoint Group page appears with the following details.


• Click Create to create an EnergyWise endpoint group. See, Creating EnergyWise Endpoint Groups for more information.

• Select an EnergyWise endpoint group and click Edit to edit it.

• Select an EnergyWise endpoint group and click Delete to delete it.

• Select an endpoint group and click Monitor Settings. You have the following options:

– Click Enable Monitoring to enable the monitor settings of the endpoint group.

– Click Disable Monitoring to disable the monitor settings of the endpoint group.

– Click Edit to edit the monitor settings of the endpoint group. The Edit Monitor Settings page appears.

You can monitor power usage of the endpoint group for a specific interval, and configure the threshold settings of the power usage of the endpoint group.

• Select an EnergyWise endpoint group and click Apply Policies to select an EnergyWise policy and apply it on the EnergyWise endpoint group.

• Click Filter to view the EnergyWise endpoint groups based on a specific type.

• You can also view the list of the endpoints that are not part of any endpoint group.

Note After you create or edit an EnergyWise endpoint group, go to EnergyWise > Apply EnergyWise Policies to apply the EnergyWise policies to endpoint groups.

Field Description


Entity Count Displays the number of endpoints in the group.

Non Compliant Entities Displays the number of non-compliant endpoints in the group.

Click the count to view the details of non-compliant endpoints in the endpoint group.

A non-compliance occurs when the power level of an interface is different from that specified in the policy, then the interface is shown as a non-compliant entity.

Policy Applied Specifies if an EnergyWise policy has been applied to the endpoint group.

Monitoring Information Specifies if power usage is monitored at a specified interval.


OL-23861-01


Creating EnergyWise Endpoint GroupsTo create an Endpoint Group:

Step 1 Select Work Center > EnergyWise > Configure > Manage Endpoint Groups. The Manage Endpoint Group page appears.

Step 2 Click Create. The Create Endpoint Group page appears with the following details.

Step 3 If you want to configure the threshold settings for the endpoint group, select the Monitor power usage at every interval check box, and click the Threshold settings link.

The Threshold settings page appears. See Configuring Threshold Settings for more information.

Field Description

Name Enter the name of the endpoint group.

Group Name can contain alphanumeric characters and special characters like hyphen(-), un-derscore(_), and period(.). You cannot use blank spaces in Group Names.

Description Enter a description about the endpoint group.

Domains From the list, select an EnergyWise domain. You can use the Ctrl key to select multiple domains.

You can view the Roles, Importance, and Keywords according to the domains that you select here. These fields will be used as filters to select the endpoints that will be part of the endpoint group.

Role The roles available for the selected domains are displayed. Select the required role from the drop-down list.

Importance value less than or equal to

The importance values available for the selected domains are displayed here. Select the required importance value from the drop-down list.


LMS will group all the entities having an importance less than or equal to the selected value.

Keywords The keywords available for the selected domains are displayed. Select the required keywords. You can use the Ctrl key to select multiple keywords.

Auto Push Select this check box to automatically apply the policies to the newly-discovered endpoints in the endpoint group.

Monitor power usage at every interval

Select this check box to monitor power usage of the endpoint group for a specific interval. You can choose from:

• 30 minutes

• 1 hour

• 2 hours

• 4 hours

• 8 hours

The default value is 30 min.


OL-23861-01


Step 4 Click View Applicable Endpoints to view the endpoints that match the filter values. The Applicable Endpoints popup appears with the list of endpoints that belong to the selected domains and have the selected role, keyword, and importance.

Step 5 Click Save to save your settings.

Note After you create an EnergyWise endpoint group, go to EnergyWise > Configure > Apply EnergyWise Policies to apply the EnergyWise policies to endpoint groups.

Configuring Threshold Settings

You can configure the threshold settings of the power usage of endpoint groups.

You can set the power consumption threshold, which when violated, generates a trap, generates a syslog of a specified severity, sends notifications to the specified mail IDs and executes the specified commands.

You can set the threshold as a percentage of the average power consumed over a specified period. The trap receiver groups that you configure in Admin > Network Administration > Notification & Action Settings > Performance - SNMP Trap notification, will receive traps when the violation occurs.

To configure the threshold settings of endpoint groups:

Step 1 Select Work Center > EnergyWise > Configure > Manage Endpoint Groups. The Manage Endpoint Group page appears.


• Click Create. The Create Endpoint Group page appears. Select the Monitor power usage at every interval check box and click the link that appears.

• Select an endpoint group and click Edit. The Edit Endpoint Group page appears. Select the Monitor power usage at every interval check box and click the link that appears.

• Select an endpoint group and click Monitor Settings and click Edit to edit the monitor settings of the endpoint group. The Edit Monitor Settings page appears.

The Threshold Settings page appears with the following details.

Field Description

Threshold Enter the threshold value, expressed as a percentage of the average power consumed over a specified duration.

Enter any number between 1 and 100.

Last Select the duration from the drop-down list. The average power consumed over the duration specified here is considered for calculating the threshold violation.

The options are:

• Week

• Month

• Quarter


OL-23861-01


Step 3 Click Apply to save your settings or Reset to reset the values.

Severity From the drop-down list, select the severity to create a trap. You can choose from:

• Low

• Medium

• Critical

Trap From the drop-down list, select the trap receiver groups that will receive traps when there is a threshold violation.

You can configure the trap receiver groups using Admin > Network > Notification and Action Settings > Performance - SNMP Trap notification.

Syslog From the drop-down list, select the syslog to be generated when there is a threshold violation.

Severity Select the severity of the syslog from the drop-down list. You can choose from:

• Alert—Severity level 1

• Critical—Severity level 2

• Debug—Severity level 7

• Emergency—Severity level 0

• Error—Severity level 3

• Informational—Severity level 6

• Notice—Severity level 5

• Warning—Severity level 4

Email ID Enter an email ID to send e-mail notification to a user. You can enter multiple email ids, separated by a comma.

Script Click Browse to choose a file, from the client, that contains the commands to be executed when there is a threshold violation.

Field Description


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Policies

Managing EnergyWise PoliciesYou can configure EnergyWise policies, a set of recurring events, to manage the power usage of devices in the network. In LMS, you can create EnergyWise policies and map them to any endpoint group.

To manage the EnergyWise policies:

Step 1 Select Work Center > EnergyWise > Configure > Manage Policies. The Managing EnergyWise Policies page appears with the following details.

Step 2 You can do the following:

• Click Create to create an EnergyWise policy. See Adding EnergyWise Policies for more information.

• Select a policy and click Edit to modify an EnergyWise policy. You can edit policies associated with endpoint groups.

• Click Delete to delete an EnergyWise policy. You cannot delete policies associated with endpoint groups.

Note After you create or edit an EnergyWise policy, go to EnergyWise > Configure > Apply EnergyWise Policies to apply these policies to endpoint groups.

Adding EnergyWise PoliciesYou can configure an EnergyWise endpoint to power an end point on and off, or change the power level to any value from one to ten, thereby, automatically managing power usage. This configuration acts on the endpoint as an EnergyWise event. For more details on the EnergyWise power levels, see EnergyWise Level.

For example, LMS allows you to configure an EnergyWise event on a switch to control devices in offices to go to power level standby at 8pm and power level full at 7am.

An EnergyWise policy consists of one or more EnergyWise events. You can create EnergyWise policies and apply them to any endpoint group. You can create events while you create a policy. An event occurs when the importance of the event is less than or equal to the importance value of the endpoint.

Field Description

Policy Name Displays the name of the policy.

Description Displays the description about the policy.

Event Count Displays the number of events associated with the policy. Click the number to view the event details.


OL-23861-01


To add EnergyWise policies:

Step 1 Select Work Center > EnergyWise > Configure > Manage Policies. The Managing EnergyWise Policies page appears.

Step 2 Click Create to create an EnergyWise policy. The Create Policy page appears with the following details.

Step 3 Click Save to save your settings.


• Click Add Event to create EnergyWise events. See Configuring EnergyWise Events for more information.

• Click Filter to view the EnergyWise policies based on a specific type.

:

Configuring EnergyWise Events

You can configure an EnergyWise-capable switch to power an end point on and off (or any EnergyWise power level), automatically managing power usage. This configuration acts on the endpoint as an EnergyWise event.

After you configure an EnergyWise event, it is applied on the endpoint when the importance of the event is less than or equal to the importance value of the endpoint.

For example, you can create an event to switch off (power level is zero) an endpoint, with an importance of 2, at 7 am every weekday.

Field Description

Policy Name Enter the name of the policy.

Policy Description Enter a description about the policy.

EnergyWise Event

Importance Displays the value of EnergyWise Importance.

An event occurs when the importance of the event is less than or equal to the importance value of the endpoint. The range is from 1 to 100, where a value of 1 is the lowest and a value of 100 is the highest.

Power Level Displays the EnergyWise power level. This level specifies the power state of the endpoint at the defined time.

Hour Displays the hourly interval of the event recurrence. The range is from 0 to 23 hours.

Minutes Displays the minute interval of the event recurrence. The range is from 0 to 59 minutes.

Days of the Week Displays the days of the week when the event recurs.


OL-23861-01


To configure EnergyWise events:

Step 1 Select Work Center > EnergyWise > Configure > Manage Policies. The Managing EnergyWise Policies page appears.

Step 2 Click Create to create an EnergyWise policy. The EnergyWise Policy Configuration page appears.

Step 3 Enter the name and description of the EnergyWise policy. You must create an event. After you create an event, you can click Delete to delete the configured EnergyWise event.

Step 4 Click Add Event to create an EnergyWise event.

Note If EnergyWise is not running on the end point (such as a PoE end point), the specified times are based on the switch time zone. If a daemon is running on the end point, the specified times are based on the end point time zone.

The EnergyWise Event Configuration page appears with the following details:

Field Description

EnergyWise Level Select the EnergyWise power level from the slider. This level indicates the power state of an entity.

The range is from 0 to 10. The default power level is 0. A Cisco switch does not support level 0 as you cannot turn off it’s power.


• 0 - Shut Down

• 1 - Hibernate

• 2 - Sleep

• 3 - Standby

• 4 - Ready

• 5 - Low

• 6 - Frugal

• 7 - Medium

• 8 - Reduced

• 9 - High

• 10 - Full

Importance Enter the value for EnergyWise Importance.

An EnergyWise event is applied on the endpoint when the importance of the event is less than or equal to the importance value of the endpoint. The range is from 1 to 100, where a value of 1 is the lowest and a value of 100 is the highest.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Managing EnergyWise Jobs


• Click Save Event to save your settings.

• Click Save and Add Another to save your settings and add another event.

Managing EnergyWise JobsYou can browse the EnergyWise jobs that are deployed on the system. Using the EnergyWise Job Browser you can manage EnergyWise jobs; you can retry, stop, or delete jobs using this job browser.

To invoke the EnergyWise job browser:

Select Work Center > EnergyWise > Jobs.

The EnergyWise job browser appears with a detailed list of all EnergyWise jobs. The browser has the following information:

Hours and Minutes Specify the start time of the event.

You can select the hourly time between 0 and 23 hours.

You can select the minute interval between 0 and 59 minutes.

Days of the Week Select the day of the week by selecting the check box. The event will occur on the specified days every month.

Field Description

Column Description


Click on the hyperlink to view the Job details (seeViewing Job Details).





For example, If the status displays Failed (5), then the count of devices that had failed is 5.








OL-23861-01


You can filter the jobs displayed in the EnergyWise Job Browser using any of the following criteria and clicking Filter. When you click Filter, you can select any of the following criteria from the Filter by drop-down list, enter the details in the textbox, and click Go.

You can click Refresh icon to refresh the EnergyWise job browser, and Refresh Job icon to refresh the selected EnergyWise job.

Schedule Type Type of job schedule—Immediate, Once.

Job Type The different types of EnergyWise jobs are:

• EnergyWise—EnergyWise device level jobs

• EnergyWise Domain—EnergyWise endpoint level jobs.

• EnergyWise Monitoring—Jobs scheduled for generating EnergyWise Cost Saving Report or EnergyWise Power Usage Report.

• EnergyWise Data Purge—Jobs scheduled for purging EnergyWise data.

Column Description




• Successful

• Failed

• Stopped

• Running

• Scheduled





Schedule Type Select Schedule Type and enter any one of these:

• Immediate

• Once

Job Type Select Job Type and enter any one of these:

• EnergyWise

• EnergyWise Domain

• EnergyWise Monitoring

• EnergyWise Power Usage Report.

• EnergyWise Data Purge


OL-23861-01


Records for all EnergyWise jobs need to be purged periodically. You can schedule a default purge job for all EnergyWise monitoring jobs using Work Centers > EnergyWise > Settings > Purge.

You can perform the following operations using the EnergyWise job browser. (See Table 3-4):

Viewing Job DetailsFrom the Job Browser dialog box, you can learn more about any job by viewing its details.

The Job Details appears below the list of EnergyWise jobs details are grouped into three parts:

• Work Order

• Device Details

• Job Summary

Table 3-4 Operations Using the EnergyWise Job Browser

Button Description






Unless you own the job, your login determines whether you can use this option. You cannot re-start the stopped job.





Refresh Refreshes the EnergyWise job browser.



OL-23861-01




• Job policies

• Job details


• Device—List of devices on which the job was scheduled.


• Message Summary—A message about the status of a job.


– If the job was a success on that device, the message Deploy Successful is displayed.

You can filter the devices by selecting a status or message summary and clicking Filter.

This page displays the number of rows you have set for display in the Rows per Page field. You can increase the rows up to 500 in each page.


Select a device and click Show Details to view the details such as protocol, status and reason when applicable, task used and the CLI output for that device. These details appear in a pop-up window.

Note Device details will not appear for any EnergyWise Monitoring jobs as they occur only for endpoint groups.


• Job Summary:

– Status

– Start Time

– End Time

• Job Messages:



• Device Update:

– Successful

– Failed

– Not attempted

– Pending

Note Job Summary will not appear for any EnergyWise Monitoring jobs as they occur only for endpoint groups.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Monitoring EnergyWise

Monitoring EnergyWiseYou can monitor the EnergyWise-related information in your network using EnergyWise portlets and reports. For more information on EnergyWise portlets, see Understanding the EnergyWise Dashboard.

Generating EnergyWise ReportsYou can view the EnergyWise report using Work Centers > EnergyWise > Reports.

You can monitor EnergyWise using the following reports:

• EnergyWise Device Power Usage

• EnergyWise Port Power Usage

• EnergyWise Power Usage Report

• EnergyWise Cost Saving Report

For more information see Technology Reports in Reports Management with Cisco Prime LAN Management Solution 4.1 User Guide.

Configuring EnergyWise SettingsYou can configure the following EnergyWise settings:

• Configuring EnergyWise Collection Settings

• Viewing Device Collection Summary

• Viewing Endpoint Collection Summary

• Viewing Compliance Check Summary

• Configuring EnergyWise Cost Settings

• Configuring EnergyWise Data Purge Settings


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Configuring EnergyWise Settings

Configuring EnergyWise Collection SettingsYou can configure the time to perform EnergyWise Device Collection, EnergyWise Endpoint Collection, EnergyWise Compliance Check from a specified set of values. If you want to immediately start any of the above EnergyWise collection, select Work Centers > EnergyWise, click Collection Summary from the Navigator on the left, and start the required EnergyWise collection.

To configure EnergyWise settings:

Step 1 Select Work Center > EnergyWise > Settings > General. The EnergyWise Settings page appears.

Step 2 Configure the time to perform EnergyWise Device Collection, EnergyWise Endpoint Collection, EnergyWise Compliance Check. You can choose the time for each EnergyWise collection from:

• 4 hours

• 8 hours

• 12 hours

• 24 hours

• 48 hours

Step 3 Click Save to save your settings or Reset to reset the settings.

Configuring EnergyWise Cost SettingsTo configure EnergyWise cost settings:

Step 1 Select Work Centers > EnergyWise > Settings > Cost Savings. The EnergyWise Monitoring Cost Settings page appears.

Step 2 Select the currency from the drop-down list.

Step 3 Specify the cost per kwh.

Step 4 You can:

• Click Save to save your changes.

• Click Clear to reset the values.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Configuring EnergyWise Settings

Configuring EnergyWise Data Purge SettingsTo configure EnergyWise data purge settings:

Step 1 Select Work Centers > EnergyWise > Settings > Purge. The EnergyWise Monitoring Data Purge Settings page appears.

Step 2 Configure the purge schedule.

• Run Type: Select the frequency at which the job should be scheduled.

– Hourly—Runs hourly at the specified time.

– Daily—Runs daily at the specified time.

– Weekly—Runs weekly on the specified day of the week and at the specified time.

– Monthly—Runs monthly on the specified day of the month and at the specified time. (A month comprises 30 days).

For periodic jobs, the subsequent instances of jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2, only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.

• Start Date: Click on the date picker icon and select the date, month, and year.

– Your selection appears in the Date field in this format:dd Mmm yyyy (example: 14 Nov 2004).

– Select the time (hh and mm) from the drop-down lists in the at field.

Step 3 Configure the EnergyWise Purge Policy. Specify the number of days in the EnergyWise monitoring records older than field.

Only the records older than the number of days that you specify here, will be purged. The default value is 365 days. This is a mandatory field.

Caution You might delete data by changing these values. If you change the number of days to values lower than the current values, messages over the new limits will be deleted.

If the data of a particular day is being accessed either through Immediate reports, Report jobs, or by any other means, it will not be purged. However, during the successive purge operations this data will be purged.

Step 4 You can:

• Click Purge Now to purge the EnergyWise data.

• Click Reset to reset the values.


OL-23861-01

Chapter 3 Managing Cisco EnergyWise Using LMS Viewing EnergyWise Collection Summary

Viewing EnergyWise Collection SummaryYou can view a summary of the EnergyWise collection from devices, and endpoints. Select Work Centers > EnergyWise, click the Collection Summary link from the Navigator on the left. For a successful EnergyWise Endpoint collection, you must configure the EnergyWise secrets like Domain Secret, Endpoint Secret, and Management Secret.

The different types of EnergyWise summary are:

• Viewing Device Collection Summary

• Viewing Endpoint Collection Summary

• Viewing Compliance Check Summary

Viewing Device Collection SummaryYou can view the summary of EnergyWise device collection and start the collection for any device, if required. By default, the EnergyWise device collection will occur at the time specified in Work Centers > EnergyWise > Settings >General.

To view the summary of EnergyWise device collection:

Step 1 Select Work Centers > EnergyWise.

Step 2 Click the Collection Summary link from the Navigator on the left. The EnergyWise Collection Summary page appears.

The EnergyWise Device Collection Summary table has the following details:

Field Description

Device Name Displays the name of the device.


EnergyWise Type

Specifies the state of EnergyWise in the device. It can be:

• Software-incapable—Specifies that the device does not have EnergyWise-capable IOS image. You can go to Work Centers > EnergyWise > Readiness Assessment, and upgrade to the EnergyWise-capable IOS image

• Enabled—Specifies that EnergyWise is enabled on the device.

• Disabled—Specifies that EnergyWise is disabled on the device.

Last Collection Time

Displays the time at which the collection was completed.

Last Collection Status

Displays the status of the collection. It can be:

• Running

• Success

• Failure

Last Collection Message

Displays the collection message after a collection.


OL-23861-01


Step 3 Select a device and click Collect EnergyWise to start the EnergyWise device collection.

Viewing Endpoint Collection SummaryYou can view the summary of EnergyWise endpoints collection and start the collection for any device, if required. By default, the EnergyWise endpoints collection will occur at the time specified in Work Centers > EnergyWise > Settings >General.

Note For a successful EnergyWise Endpoint collection, you must configure the EnergyWise secrets like Domain Secret, Endpoint Secret, and Management Secret.

To view the summary of EnergyWise endpoints collection:


Step 2 Click the Collection Summary link from the Navigator on the left. The EnergyWise Collection Summary page appears.

Step 3 The EnergyWise Endpoint Collection Summary table has the following details:

Step 4 Select a domain and click Collect Endpoints to start the EnergyWise endpoints collection.

Step 5 Select a domain and click Clear Endpoint Cache to clear the endpoints of the domains from the cache of the EnergyWise devices.

Field Description


No. of Devices Displays the number of EnergyWise-enabled devices in the domain.

Click the count to view details of the devices in the Device Details popup.

No. of Endpoints Displays the number of endpoints in the domain.

Click the count to view details of the endpoints in the Endpoints Details popup.

Last Collection Time Displays the time at which the collection was completed.

Last Collection Status Displays the status of the collection. It can be:

• Running

• Success

• Failure

Last Collection Message Displays the collection message after a collection.


OL-23861-01


In an EnergyWise endpoint, if you do not use the Clear Endpoint Cache option, the endpoint entry will remain in the connected EnergyWise device. To clear the cache entry you can use this option. When you click this option, the message Query submitted for clearing cache of EnergyWise endpoints appears, which will be reflected in the next endpoint collection in the domain. Hence, the cached endpoint entry will be removed in the next endpoint collection.

Viewing Compliance Check SummaryYou can view the summary of EnergyWise policy compliance check and start the compliance check for any endpoint group, if required. By default, the EnergyWise policy compliance check will occur at the time specified in Work Centers > EnergyWise > Settings >General.


To view the summary of EnergyWise policy compliance:


Step 2 Click the Collection Summary link. The EnergyWise Collection Summary page appears.

Step 3 The EnergyWise Compliance Check Summary table has the following details:

Step 4 Select a device and click Check Compliance to start the EnergyWise endpoints collection.

Field Description

Endpoint Group Name Displays the name of the endpoint group.

No. of Endpoints Displays the number of endpoints in the domain.

Click the count to view details of the endpoints in the Endpoints Details popup.

No. of Non-compliant Entities Specifies the number of non-compliant endpoints.

Click the count to view the details of the non-compliant endpoints.

You can view accurate details of non-compliant endpoints only if you have the latest EnergyWise IOS image for the supported devices.

Last Compliance Check Time Displays the time at which the compliance check was completed.

Last Compliance Check Status Displays the status of the compliance check. It can be:

• Running

• Success

• Failure

Last Compliance Check Message

Displays the collection message after a compliance check.


OL-23861-01


C H A P T E R 4
Managing Auto Smartports in LMS
This chapter tells you how to configure, apply and manage Auto Smartports macros on the ASP-capable devices using LMS.


• What are Auto Smartports?

• Auto Smartports Supported Devices and Images

• Getting Started with Auto Smartports

• Managing Auto Smartports Templates

• Configuring Auto Smartports Using LMS

• Auto Smartports Readiness Assessment

• Configuring ASP Interfaces

• Managing Auto Smartports

• Viewing Auto Smartport Reports

• Managing Auto Smartports Jobs


Chapter 4 Managing Auto Smartports in LMS What are Auto Smartports?

What are Auto Smartports?Macros contain multiple interface-level switch commands. You can reduce switch configuration errors and the administrative time required for performing repetitive tasks like configuring multiple interfaces with the same configuration.

Auto Smartports macros dynamically configure switch ports based on the device type detected on the port. When the switch detects a new device on a port it applies the appropriate Auto Smartports macro to the port.

For example, when you connect a Cisco IP phone to a port, Auto Smartports automatically applies the IP phone macro to the port. The IP phone macro ensures quality of service (QoS), security features, and a dedicated voice VLAN to ensure proper handling of delay-sensitive voice traffic.

Auto Smartports uses event triggers to map devices to macros. The most common event triggers are based on Cisco Discovery Protocol (CDP) messages received from connected devices. The detection of a device invokes a CDP event trigger: Cisco IP phone, Cisco wireless access point, Cisco switch, or Cisco router. Other event triggers use MAC authentication bypass (MAB) and 802.1x authentication messages.

The Auto Smartports macros embedded in the switch software are groups of CLI commands. For example, the CISCO_PHONE event detected on a port triggers the switch to apply the commands in the CISCO_PHONE_AUTO_SMARTPORT macro.

Table 4-3 explains the mapping between the System-defined events and the System-defined macros.

Device Profiling or Classifier is a new feature in LMS that provides an easy way for users to create triggers and dynamically configure the switch ports based on the device classification. You can create a specific trigger for a specific type of device.

The Device Profiling feature provides more granularity in device classification. The Device Profiling module has a rule-based device classification engine that can process attributes from various protocols.

Auto Smartports Supported Devices and ImagesTable 4-1 and Table 4-2 lists the devices and images, that support Auto Smartports.

Note Minimum supported IOS version for Device Profiling is 15.0(1)SE.

Table 4-1 Supported Devices and Images for Auto Smartports


Cisco Catalyst 2960S and 2960 Series Switches 12.2(52)SE

Cisco Catalyst 3750, 3750-E, 3750v2 12.2(52)SE

Cisco Catalyst 3750-X, 3750-G 12.2(55)SE

Cisco Catalyst 3560, 3560v2, 3560-E 12.2(52)SE

Cisco Catalyst 3560-X 12.2(55)SE




OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Auto Smartports Supported Devices and Images

Table 4-2 Auto Smartports Supported Switch Modules of ISRs

Routers

Auto Smartports Supported Switch Module Switch Image

Minimum IOS Software

3900 Series ISRs SM-D-ES3G-48-P 12.2(55)EX 15.1(4)M

SM-D-ES3-48-P 12.2(55)EX

SM-D-ES2-48 12.2(55)EX

SM-ES3G-24-P 12.2(55)EX

SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ

2900 Series ISRs SM-ES3G-24-P 12.2(55)EX 15.1(4)M

SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ

3800 Series ISRs NME-16ES-1G-P 12.2(55)EZ 15.1(4)M

NME-X-23ES-1G 12.2(55)SEC

NME-X-23ES-1G-P 12.2(55)EZ

NME-XD-24ES-1S-P 12.2(55)EZ




NME-X-23ES-1G-P 12.2(55)EZ


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Getting Started with Auto Smartports

Getting Started with Auto SmartportsThe Getting Started Assistant guides you on provisioning Auto Smartports for Day 1 operations. For advanced configurations you can choose the corresponding link in the Auto Smartports TOC.


The Getting Started workflow for Auto Smartports is:

1. Assessing Auto Smartports Readiness of Your Network

2. Configuring Auto Smartports Using LMS

3. Configuring ASP Interfaces

Assessing Auto Smartports Readiness of Your NetworkThe Auto Smartports Readiness Assessment displays Auto Smartports (ASP) based device details after assessing the network. A pie chart appears with the following types of devices.

• ASP-enabled Devices

• ASP-capable Devices

• ASP-software-incapable Devices

• ASP-hardware-incapable Devices


ASP-enabled Devices

Click the ASP-enabled devices slice of the pie chart. The details of the corresponding devices in a table. Auto Smartport feature is enabled in these devices.

Click Filter to filter the listed devices based on device name, IP address, device type, and version of the running image.

ASP-capable Devices

Click the ASP-capable devices slice of the pie chart. The details of the corresponding devices in a table. These devices have Auto Smartport capable IOS images, but Auto Smartport is not yet configured on these devices. Click Filter to filter the listed devices based on device name, IP address, device type, and version of the running image.

Select one or more devices and click Enable ASP to enable ASP on the selected devices. See, Configuring ASP Interfaces for more details.


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Getting Started with Auto Smartports

ASP-software-incapable Devices

Click the ASP-software-incapable devices slice of the pie chart. The details of the corresponding devices in a table. The IOS image in these devices does not support Auto Smartport. You can upgrade to the IOS image version that supports Auto Smartport. See Auto Smartports Supported Devices and Images for more information.

Click Filter to filter the listed devices based on device name, IP address, device type, version of the running image, and recommended image version. Select one or more device and click Upgrade Software Image to upgrade to the Auto Smartports-capable IOS image.


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Managing Auto Smartports Templates

ASP-hardware-incapable Devices

Click the ASP-hardware-incapable devices slice of the pie chart. The details of the corresponding devices in a table. These devices do not support Auto Smartports technology.

Click Filter to filter the listed devices based on device name, IP address, device type, and location.

You can get the latest ASP-supported hardware information from Cisco.com. See Auto Smartports Supported Devices and Images for more information. See Known List of Hardware-incapable Devices for more information.

Managing Auto Smartports TemplatesLMS provides Auto Smartports templates, which allow you to group multiple Auto Smartports events and their associated macros. You can also define user-defined templates.

You can select a template and deploy it on devices using Work Center > Auto Smartports > Configure > Auto Smartports. Using this workflow, you can auto configure the interface to which the Medianet endpoints are connected.

You can use ASP Management (Work Centers > Auto Smartports > Configure > Manage Auto Smartports) to edit the configuration for CDP-based events that are fetched from the device.

LMS supports two types of system-defined templates:

• Cisco Standard Events

This template contains all the system-defined events and their associated system-defined macro with default VLANs. Table 4-3 shows the mapping between the system-defined events and the system-defined macros, and Table 4-4 lists the Auto Smartports system-defined macros.

• Cisco Medianet Template

This template contains only ASP events that are mapped to their corresponding system-defined macros for DMP and IPVSC.

Device Profiling or Device Classification

Device Profiling is a new feature in LMS that provides an easy way for users to create triggers and dynamically configure the switch ports based on the device classification. You can create a specific trigger for a specific type of device.

The Device Profiling feature provides more granularity in device classification. The Device Profiling module has a rule-based device classification engine that can process attributes like device platform and OUI type from various protocols like CDP and LLDP. Device Profiles are created based on these attributes and are available on the device by default.You can select specific Device Profiles, Device Types, or OUI/MAC addresses for applying ASP macros.


OL-23861-01


To manage ASP templates:

Step 1 Select Work Centers > Auto Smartports > Manage Templates. The Manage Templates page appears with the list of ASP templates.

Click Filter to filter the listed templates based on the template name, description, or last modified date.

Step 2 You can:

• Select a template and click Edit to edit the ASP template. The Edit Auto Smartports Template page appears. See Editing Auto Smartports Templates for more details.

You cannot edit system-defined templates, however, you can select any, click Edit and save it with a new name.

• Click New to create a new ASP template. You can add Auto Smartports events and their associated macros to an ASP template. The Add Auto Smartports Template page appears. See Creating New ASP Templates for more details.

• Select one or more templates and click Remove to remove the ASP templates. You cannot delete system-defined ASP templates.

• Click Reset to reset to the default values.

This sections contains:

• Creating New ASP Templates

• Editing Auto Smartports Templates

Creating New ASP TemplatesYou can add Auto Smartports events and their associated macros to an ASP template. For endpoints which do not support CDP, you can select MAC-based events. When an endpoint connects to a switch port, LMS identifies the corresponding event using either the MAC Address or the OUI that is tracked in the switch.

To create new ASP templates:


Step 2 Click New. The Add page appears.

Step 3 Enter the name and description of the template.

You must not use any of the following special characters for Template Name:

\, /, :, *, ‘, ?, < , >, |

You can enter alphanumeric and special characters for Template Description.


OL-23861-01


Step 4 Click Add in the Auto Smartports Configuration Details table to add macros to the system-defined events.

Step 5 Select one of the following methods to identify the endpoint types:

• Device Profiles

• Device Type

• OUI/MAC Address

Step 6 Enter the following information:

Fields Description

Device Profiles

Event Name Specify the event trigger. The switch recognizes the trigger and applies the corresponding macro to the device.

You can enter a maximum of 200 characters, and use all special characters other than space.

Profiles Select a specific device or a class of devices to which the macro should be applied.

Each trigger can have many devices, but each device can be associated to only one trigger.

Select one or more profiles from the drop-down list and click Add to add the profile to the Selected Profiles list. You can use the Ctrl key to select or unselect multiple profiles.

If the required profile name is not available in the list, you can enter the profile name in the text box and click Add. You can enter multiple profile names separated by commas.

You can enter a maximum of 200 characters, and use all special characters other than space.


OL-23861-01


Device Type

Event Type You can select one of the following:

• System-defined

Select an event to trigger the macro associated with it on the ASP-capable switch. Table 4-3 shows the mapping between the system-defined events and system-defined macros in LMS.

• User-defined

Enter the following:

• Event Name

Specify the name of the event trigger. You can enter a maximum of 200 characters, and use all special characters other than space.

• Device Types

Specify a specific device or a class of devices to which the macro should be applied. You can use the following:

– access-point—Autonomous access point

– ip-camera—Cisco IP video surveillance camera

– lightweight-ap—Lightweight access point

– media-player—Digital media player

– phone—Cisco IP phone

– router—Cisco router

– switch—Cisco switch

For example, access-point, phone, 3750-switch

OUI/MAC Address

Event Name Specify the name of the event. You can enter a maximum of 200 characters, and use all special characters other than space.

MAC Address Specify the MAC Address of the endpoint. You can enter one or more MAC addresses separated by commas. For example, 0123.4567.89ab, 0129.4568.99ab

OUIs Specify the OUI of the endpoint. You can enter one or more OUIs separated by commas. For example, 00-1D-E5, 00-1E-BD

OUI is the first three bytes of the MAC address and identifies the manufacturer of the product. You can specify the OUI to allow devices that do not support neighbor discovery protocols like Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) to be recognized.

Fields Common for all Options

Macro Type Specifies the type of macro. It can be:

• System-defined Macro

• User-defined Macro

• Remote Macro

Fields Description


OL-23861-01


Step 7 You can:

• Click Save to save your changes and return to the New Auto Smartports Template page.

• Click Save and Add Another to save your changes and add more events and macros to the template.

Step 8 Click Save to save your changes.

Step 9 Click Reset to restore the default values.

Select Macro This field appears when you select System-defined Macro.

Select a macro associated with the selected event from the list. Table 4-4 lists the ASP system-defined macros in LMS.

Access VLAN Devices connected to the port will be placed into this VLAN.

The default data VLAN is VLAN 1.

Voice VLAN Devices with voice traffic will be placed into this voice VLAN.

The default voice VLAN is VLAN 2.

Native VLAN The VLAN ID used for untagged packets on the trunk interface.

The default Native VLAN is VLAN 1.

Select Configuration Macro from file This field appears when you select User-defined Macro.

Click Browse to open a file browser, add a user-defined macro and associate it with the event. See, Sample User-defined Macro.

Configuration Macro This field appears when you select User-defined Macro.

The contents of the macro will appear in the Configuration Macro text box. You can also paste the user-defined macro in the Configuration Macro text box.

Remote Macro Location Enter the location of the remote macro, the syntax is<transfer protocol>://<IP address or hostname>/<filename>. For example, tftp://<IP address or hostname>/macro.txt.For more information, see Understanding the Remote Macro Feature

Fields Description


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Configuring Auto Smartports Using LMS

Editing Auto Smartports TemplatesYou can modify the existing ASP templates by modifying existing event-to-macro associations, adding new Auto Smartports event-to-macro associations, or removing unnecessary events. The template that you create will be saved as a user-defined ASP template.

You cannot edit system-defined templates, however, you can select any, click Edit and save it with a new name.

To edit Auto Smartports templates:


Step 2 Click Edit. The Edit Auto Smartports Template page appears.

Step 3 Modify the description of the template, if required. You can view details of:

• User who last modified the template

• Creation date

• Modification date

Step 4 You can:

• Select an event and click Edit to edit the event and the associated macro.

You cannot change the method to identify the endpoint types.

• Click Add to add more Auto Smartports events and macros. The Add Auto Smartports Template page appears. See Creating New ASP Templates for more details.

• Select a template and click Remove to remove the event and the associated macro.

• Click Reset to reset to the last saved values.

• Click Filter to filter the listed events based on the event, macro type, macro name, and the associated VLANs.

Step 5 You can:

• Click Save to save your changes and edit the templates.

• Click Save As to save the template with a different name.

Configuring Auto Smartports Using LMSLMS provides you with Auto Smartports templates that contains events and associated macros to be deployed on the selected devices. You can select a template and customize it, if required.

To deploy Auto Smartports templates on ASP-capable and ASP-enabled devices, select Work Centers > Auto Smartports> Configure > Auto Smartports. You can view both categories of devices for Day 1 or Day N operations.

Device Profiling is a new feature introduced for ASP in LMS 4.1. For more details, see Device Profiling or Device Classification.


OL-23861-01


The workflow for deploying ASP templates on the ASP-capable and ASP-enabled devices is:

1. Select devices

Select the devices on which you want to deploy ASP macros from the list of devices from the Select Device pane.

Click Filter to filter the listed devices based on device name, IP address, ASP status, device type and version of the running image.

2. Configure Auto Smartports

You can select templates from the list and deploy them on the selected devices. See Configuring Auto Smartports, for more details.

3. Schedule deployment

You must schedule a job to deploy the ASP configurations to the ASP-enabled devices. See Scheduling Auto Smartports Configuration Jobs, for more details.

Note A port should not be a member of an EtherChannel when applying Auto Smartports macros, LMS automatically excludes all ether-channel ports in the ASP-capable switches and ASP-enabled devices.

Configuring Auto SmartportsYou can easily configure switches to automatically apply Auto Smartports macros using the Auto Smartports templates. The Auto Smartports templates contain groups of multiple Auto Smartports events and their associated macros, system-defined or user-defined. These macros will be deployed on all ports, when a device connects to the port.

You can deploy Auto Smartports templates on ASP-capable and ASP-enabled devices. You can view both categories of devices for Day 1 or Day N operations.

To deploy Auto Smartports templates on devices:

Step 1 Select Work Center > Auto Smartports > Configure > Auto Smartports. The Configure Auto Smartports single-page wizard appears.

Step 2 From the Select Devices pane, select the devices on which you want to deploy ASP templates from the list of ASP-capable and ASP-enabled devices.

Step 3 Click Next. The Configure Auto Smartports page appears with a list of Auto Smartports templates.

By default, LMS provides two templates:

• Cisco Standard Events

Contains all the seven system-defined events and the system-defined macros. Table 4-3 shows the mapping between the system-defined events and system-defined macros in LMS . Table 4-4 lists the Auto Smartports System-defined Macros in LMS .

• Cisco Medianet Template

Contains all the system-defined events and the system-defined macros for the Medianet endpoints.


OL-23861-01


When you select a template, the list of events and the associated macros appears with the following details:


• You can select an event and click Edit to edit the macro associated with it.

You can map a user-defined macro, or add a remote macro. See Adding and Editing Macros Associated With Events, for more details.

• You can click Add to configure Device Profiling and add a new system-defined, user-defined macro, or a remote macro. The fields in the Add page are the same as the Create new template page. For more details, see Creating New ASP Templates.

Device Profiling is a new feature introduced for ASP in LMS 4.1. For more details, see Device Profiling or Device Classification.

• You can select an event and click Remove to delete any macro associated with it.

• You can click Reset to restore the default values.

• You can click Filter to filter the listed events and macros based on event, macro type, macro name, and VLANs.

Step 5 After you add or edit an Auto Smartports template, you can choose to:

• Click Save as ASP Template to save the changes and create a new template.

• Click Save Template to save the changes in the selected template.

Step 6 Click Next. The Other Configuration pane appears.

You can enable CDP Fallback and enable Macro Sticky here. You can:

• Enable CDP Fallback—Select this check box to enable the ASP-enabled device to use Cisco Discovery Protocol (CDP) when 802.1x and the RADIUS server does not send an event trigger.

Fields Description

Event Select an event to trigger the macro associated with it on the ASP-capable switch. Table 4-3 shows the mapping between the system-defined events and system-defined macros in LMS .

Macro Type Specifies the type of macro. It can be:

• System-defined macro

• User-defined macro

• Remote macro

Select Macro Select a macro associated with the selected event. Table 4-4 lists the ASP system-defined macros in LMS. You can view the commands of the macro in the text box.

Access VLAN Devices connected to the port will be placed into this VLAN.

The default data VLAN is VLAN 1.

Voice VLAN Devices with voice traffic will be placed into this voice VLAN.

The default voice VLAN is VLAN 2.

Native VLAN The VLAN ID used for untagged packets on the trunk interface.

The default Native VLAN is VLAN 1.


OL-23861-01


• Enable Macro Sticky—Select this check box to enable the ASP macros to remain active on the ASP-enabled device after a link-down event.

Macro Sticky keeps down the number of syslog events. In most cases, the same device reconnects to the switch in the same port. In those cases where the device changes, a syslog will be generated, and the appropriate device configuration will be configured on the interface.

When you disable the Macro Sticky option, a config change syslog is generated whenever there is a link flap. LMS will trigger a config fetch for every link up and link down event.

Step 7 Click Next. The Schedule Deployment pane appears. See Scheduling Auto Smartports Configuration Jobs, for more details.

Step 8 You can preview the commands that will be applied to the switch by selecting Preview CLI button, and click Finish. A new job is created.

Table 4-3 shows the mapping between the System-defined events and the System-defined macros.

Table 4-4 lists the Auto Smartports System-defined Macros in LMS .

Table 4-3 System-defined events and the associated System-defined macros

System Defined Events System Defined Macros

CISCO_PHONE_EVENT CISCO_PHONE_AUTO_SMARTPORT

CISCO_ROUTER_EVENT CISCO_ROUTER_AUTO_SMARTPORT

CISCO_SWITCH_EVENT CISCO_SWITCH_AUTO_SMARTPORT

CISCO_AP_EVENT CISCO_AP_AUTO_SMARTPORT

CISCO_DMP_EVENT CISCO_DMP_AUTO_SMARTPORT

CISCO_LWAP_EVENT CISCO_LWAP_AUTO_SMARTPORT

CISCO_IPVSC_EVENT CISCO_IP_CAMERA_AUTO_SMARTPORT

Table 4-4 Auto Smartports System-Defined Macros in LMS

Macro Name Description

CISCO_PHONE_AUTO_SMARTPORT Use this macro to apply the IP phone macro for Cisco IP phones. It enables Quality of Service (QoS), port security, DHCP snooping, storm control and spanning-tree protection on the port.

CISCO_ROUTER_AUTO_SMARTPORT Use this macro to apply the router macro for Cisco routers. It enables QoS, trunking, and spanning-tree protection on the port.

CISCO_SWITCH_AUTO_SMARTPORT Use this macro to apply the switch macro for Cisco switches. It enables trunking on the port.

CISCO_AP_AUTO_SMARTPORT Use this macro to apply the wireless access point (AP) macro for Cisco APs. It enables support for an autonomous wireless access point and QoS on the port.

CISCO_LWAP_AUTO_SMARTPORT Use this macro to apply the light-weight wireless access point macro for Cisco light-weight wireless APs. It enables QoS, port security, DHCP snooping, storm control, and spanning-tree protection on the port.


OL-23861-01


Adding and Editing Macros Associated With Events

LMS allows you to add or edit macros, system-defined, user-defined, or remote macro, associated to an event. To do this:

Step 1 Select Work Center > Auto Smartports > Configure > Auto Smartports. The Configure Auto Smartports single-page wizard appears.

Step 2 From the Select Devices pane, select the devices on which you want to deploy ASP templates, from the list of ASP-capable devices.

Step 3 Click Next. The Configure Auto Smartports page appears

Step 4 You can select an event and click:

• Add to add a macro and associate it with the event. The Add page appears for the selected event.

• Edit to edit the macro associated with it. The Edit page appears for the selected event.

Step 5 For an event you can choose to add or edit a:

• System-defined Macro

You can view the macro in the text box.

Enter the Native, Access, or Voice VLAN, as applicable to the macro, into which the device is placed after authentication. The default data VLAN is VLAN 1 and the default voice VLAN is VLAN 2.

• User-defined Macro

Click Browse to open a file browser, add a user-defined macro and associate it with the event. The contents of the macro will appear in the Configuration Macro text box. See, Sample User-defined Macro.

• Remote Macro

Enter the location of the remote macro, the syntax is<transfer protocol>://<IP address or hostname>/<filename>. For example, tftp://<IP address or hostname>/macro.txt.For more information, see Understanding the Remote Macro Feature

Step 6 After you update the template:

• For the Add page: Click Save, Save and Add another or Cancel.

• For the Edit page: Click Save, Save and Edit next or Cancel.

The details get updated in the Event and macro association table.

CISCO_DMP_AUTO_SMARTPORT Use this macro to apply the digital media player macro for Cisco digital media players. It enables QoS trust, port security, and spanning-tree protection. It configures the access VLAN for the interface and provides network protection from unknown unicast packets.

CISCO_IP_CAMERA_AUTO_SMARTPORT Use this macro to apply the IP camera macro for Cisco video surveillance IP camera. It enables QoS trust and port security.

Table 4-4 Auto Smartports System-Defined Macros in LMS

Macro Name Description


OL-23861-01


Understanding the Remote Macro Feature

The remote macro feature enables you to store Auto Smartports macros in a central location. This allows you to maintain and update the Auto Smartports macro files so that multiple switches can use them. There are no specific file extension requirements for saved macro files.

Sample User-defined Macro

Switch(config)# macro auto execute MP_EVENT {

if [[ $LINKUP -eq YES ]]; then

conf t

interface $INTERFACE

macro description $TRIGGER

switchport access vlan 1

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

exit

fi

}

Scheduling Auto Smartports Configuration JobsEvery configuration is deployed as a job. In many workflows the Schedule Deployment pane appears at the end. It displays details of the schedule and job options.

Note Auto Smartports in LMS uses NetConfig protocol order to communicate with the device. See Defining the NetConfig Protocol Order, for more information.


Table 4-5 Fields in the Schedule Deployment Page

Field Description






• Monthly—Runs monthly at the specified day of the month and at the specified time.

Job Description Enter a description for the job. This is mandatory. You can enter only al-phanumeric characters.


OL-23861-01



Job Options


Select this check box to cause the job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configu-ration archive when you created the job.




Select this check box to cause the job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

Enable Job Password

Login Username Enter the login username to access the device. This option is available to you if you have set the appropriate job password policy in Admin > Network > Configuration Job Settings > Config Job Policies.

This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module.




Field Description


OL-23861-01


• Click Preview CLI to see the CLI commands that will be applied to the ASP-enabled devices. You can select a device from the Preview CLI pop-up and see the CLI commands.



A notification message appears along with the Job ID. The newly created job appears in the Auto Smartports Job Browser (Work Center > Auto Smartports > Jobs). See Managing Auto Smartports Jobs for more details.

Defining the NetConfig Protocol OrderTo define or modify the NetConfig protocol order:
















Field Description


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Auto Smartports Readiness Assessment

Step 4 Click Apply.


Step 5 Click OK.

Auto Smartports Readiness AssessmentThe Auto Smartports Readiness Assessment (Work Centers > Auto Smartports > Readiness Assessment) displays Auto Smartports (ASP) based device details after assessing the network. A pie chart appears with the following types of devices.

• ASP-enabled Devices

• ASP-capable Devices

• ASP-software-incapable Devices

• ASP-hardware-incapable Devices


ASP-enabled DevicesClick the ASP-enabled devices slice of the pie chart. The details of the corresponding devices in a table. Auto Smartport feature is enabled in these devices. If you configure the Auto Smartport macro on these devices then the macro will be applied to the ports to which devices will be connected.

You can select an ASP-enabled device click Filter to filter the listed devices based on device name, IP address, device type, and version of the running image.

ASP-capable DevicesClick the ASP-capable devices slice of the pie chart. The details of the corresponding devices in a table. These devices are running with Auto Smartport capable IOS images, but Auto Smartport is not yet configured on these devices.

Click Filter to filter the listed devices based on device name, IP address, device type, and version of the running image.

Select one or more devices and click Enable ASP to enable ASP on the selected devices. See, Configuring ASP Interfaces for more details.

ASP-software-incapable DevicesClick the ASP-software-incapable devices slice of the pie chart. The details of the corresponding devices in a table. The IOS image in these devices does not support Auto Smartport. You can upgrade to the IOS image version that supports Auto Smartport. See Auto Smartports Supported Devices and Images for more information.

Click Filter to filter the listed devices based on device name, IP address, device type, version of the running image, and recommended image version.


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Configuring ASP Interfaces

Select one or more device and click Upgrade Software Image to upgrade to the Auto Smartports-capable IOS image.

Note You can perform a software upgrade only if you have the privileges of a Network Operator, Network Administrator, or a Super Admin.

ASP-hardware-incapable DevicesClick the ASP-hardware-incapable devices slice of the pie chart. The details of the corresponding devices in a table. These devices do not support Auto Smartports technology.

Click Filter to filter the listed devices based on device name, IP address, device type, and location.

You can get the latest ASP-supported hardware from Cisco.com. See Auto Smartports Supported Devices and Images for more information. See Known List of Hardware-incapable Devices for more information.

Configuring ASP InterfacesYou can enable or disable ASP on selected interfaces of the selected devices.

When ASP is enabled, it is automatically applied to all ports unless explicitly disabled on a port. We recommend you to disable ASP on interfaces that you do not wish to have changed should a link down/up transition occur (for example, switch to switch trunk interfaces), or any interface for which the macro configuration for a specific port is not desired.

To configure ASP interfaces:

Step 1 Select Work Centers > Auto Smartports > Configure > Auto Smartports Interfaces.

Step 2 Select devices from the list of ASP-enabled devices.

Click Filter to filter the listed devices based on display name, IP address, and device type.

Step 3 Select ports groups from the Port Group Selector.

Step 4 Click Next. The Review Port Groups page appears with a list of selected devices and the ports associated with each device. Unselect the ports that you want to exclude from ASP configuration.

Step 5 Click Next. The Configure Interface for Auto Smartports page appears.

Step 6 Select the Enable or Disable radio button to enable or disable ASP on the selected interface.

Step 7 Click Next to proceed to the Schedule Deployment page. See Scheduling Auto Smartports Configuration Jobs for more information.


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Managing Auto Smartports

Managing Auto SmartportsYou can edit or disable Auto Smartports configuration on ASP-enabled devices.

To manage ASP:

Step 1 Select Work Centers > Auto Smartports > Configure > Manage Auto Smartports. The ASP-enabled devices appear.

Click Filter to filter the listed devices based on the device name, IP address, device type, and running image version.

Step 2 Select devices to edit or disable Auto Smartports configuration.

Step 3 You can either:

• Click Edit ASP Configuration to edit the ASP configurations of the selected ASP-enabled devices. The Edit Auto Smartports Configurations page appears.

You can import macros and their associated events from a client, and export the same to a client.

LMS uses the sh macro auto device command to display the macro details of the device, and uses telnet credentials to execute this command on the device. The macro details will appear only if the telnet credentials of the device is configured in DCR.

• Click Disable ASP to disable the ASP configurations from the selected ASP-enabled devices. The Schedule Deployment page appears.

Viewing Auto Smartport ReportsSelect Work Centers > Auto Smartports > Reports.

Or

Select Reports > Fault and Event > Syslog > Auto Smartports.

The Syslog Custom Report page appears. To generate this report:

Step 1 Select the required devices using the Device Selector or Group Selector.

Step 2 Enter the information required to generate the required report.

Step 3 After you enter the required information, click Finish.

The columns in the Auto Smartports Syslog Report are:

Column Description

Device Name Name of the Auto Smartports device.

Interface Name or IP address of the interface in that device generating the Syslog message.


OL-23861-01

Chapter 4 Managing Auto Smartports in LMS Managing Auto Smartports Jobs

Managing Auto Smartports JobsYou can browse the Auto Smartports jobs that are deployed on the ASP-enabled devices. Using the Auto Smartports Job Browser you can manage Auto Smartports jobs; you can stop, or delete jobs using this job browser.

To invoke the Auto Smartports job browser:

Select Work Center > Auto Smartports > Jobs.

Timestamp Time when the Syslog message was generated.

The format used by timestamp is:

mmm dd yyyy hh:mm:ss

where:

mmm represents month

dd represents date

yyyy represents year

hh represents hour

mm represents minute

ss represents second

Example:

Nov 18 2010 12:24:36

Facility Facility is AUTOSMARTPORT.

Sub-Facility Sub-Facility is the sub facility, if any, in the device that generated the Syslog message. In most cases, this is blank. An example of an entry in this field isCCM_CDR_INSERT-GENERIC-0-OutOfMemory.

Severity The severity level for the messages. The following are the severity codes:

0—Emergencies

1—Alerts

2—Critical

3—Errors

4—Warnings

5—Notifications

6—Informational

Mnemonic Code that uniquely identifies the error message. For example, UPLOAD, RELOAD,CONFIG.

Description Description of the Syslog message.

Column Description


OL-23861-01


The Auto Smartports job browser appears with a detailed list of all scheduled Auto Smartports jobs. The browser has the following information:

You can filter the jobs displayed in the Auto Smartports Job Browser using any of the following criteria and clicking Filter. When you click Filter, you can select any of the following criteria from the Filter by drop-down list, enter the details in the textbox, and click Go.

Column Description


















All Select All to display all jobs in the job browser



OL-23861-01


You can click Refresh icon to refresh the Auto Smartports job browser, and Refresh Job icon to refresh the selected Auto Smartports job.

Records for all jobs need to be purged periodically. You can schedule a default purge job for this purpose (Admin > Purge Settings > Config Job Purge Settings).


• Successful

• Failed

• Stopped

• Running

• Scheduled






• Immediate

• Once

• Daily

• Weekly

• Monthly



OL-23861-01


You can perform the following operations using the Auto Smartports job browser. (See Table 4-6):

You can click Refresh icon to refresh the Auto Smartports job browser, and Refresh Job icon to refresh the selected Auto Smartports job.


The Job Details appears below the list of Auto Smartports jobs. The details are grouped into three parts:

• Work Order

• Device Details

• Job Summary

Table 4-6 Operations Using the Auto Smartports Job Browser

Button Description















OL-23861-01




• Job policies


• Device details

• Task














• Job Summary:

– Status

– Start Time

– End Time

• Job Messages:



• Device Update:

– Successful

– Failed

– Not attempted

– Pending


OL-23861-01


C H A P T E R 5
Managing Medianet Endpoints Using LMS
This chapter tells you how to simplify the deployment and how to manage day-to-day configuration of the Cisco Medianet 2.2 solution using LMS.

LMS provides workflows for setting up auto configuration, and for configuring location settings to aid the provisioning and tracking of Medianet endpoints such as digital media players (DMP) and IP video surveillance cameras (IPVSC). The LMS Medianet workflows enable the network operator to prepare the network for deployment and to ensure that appropriate location attributes are configured on the endpoints for tracking and monitoring purposes. LMS helps in reducing the errors in configuring location attributes on the Medianet-supported devices at port level and the time required to set up an end-to-end video infrastructure.


• What is Medianet?

• Features and Benefits of Medianet in LMS

• Medianet Supported Devices and Images

• Getting Started with Medianet and Assessing Medianet Readiness of Your Network

• Prerequisites for Configuring and Monitoring Medianet Endpoints

• Medianet Endpoints Connected Group

• Port and Module Groups for Medianet

• Enabling Location Collection

• Configuring Devices with Medianet Endpoints

• Configuring Location Settings Using Templates

• Understanding the Medianet Dashboard

• Generating Medianet Reports

• Troubleshooting Medianet Endpoints

• Managing Medianet Jobs


Chapter 5 Managing Medianet Endpoints Using LMS What is Medianet?

What is Medianet?Media applications, especially video-oriented media applications are exploding in today’s networks. Converging media applications onto an IP network is very complex as they are bandwidth-intensive and are of different types. These media applications include

• Streaming media

• IP video surveillance

• Telepresence

• Desktop collaboration

Each video application has a unique traffic and QoS (Quality of Service) requirement.

The Cisco Medianet solution is an end-to-end architecture for a media-optimized network comprising advanced, intelligent technologies and devices in a platform that is optimized for the delivery of rich-media applications.

A medianet is

• Media-aware: Detects and optimizes different media and application types to deliver the best experience.

• Endpoint-aware: Detects and configures media endpoints automatically.

• Network-aware: Detects and responds to changes in device, connection, and service availability

Cisco Medianet enables intelligent services in the network infrastructure for a variety of video applications. Medianet extends the boundary of networks to include the endpoints to scale, optimize, and enhance the performance of video.

Cisco Medianet aids in configuring and provisioning of video endpoints using:

• Cisco Auto Smartports on switches

• Location Services

• Cisco AutoQoS for video endpoints

Cisco Auto Smartports

With the Auto configuration capability of Auto Smartports, when endpoints connect to an access switch, the access switch recognizes the type of endpoint and automatically configures the port for VLAN, QoS, or AutoQoS, security features, and location information on the endpoints.

To recognize and auto-configure an endpoint, the access switch must have the Auto Smartports feature enabled. For more information, see Auto Smartports Supported Devices and Images.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS What is Medianet?

Access switches with Auto Smartports can recognize endpoint devices based on the Cisco Discovery Protocol (CDP), or the MAC address range of the endpoint device. Figure 5-1 shows an example of Cisco Medianet deployment with a Cisco digital media player (DMP) and a Cisco IP Video Surveillance (IPVS) camera connected to a Cisco Catalyst switch.

Figure 5-1 Example of Cisco Medianet Deployment

Location Services

Location Services is a feature of the Cisco Medianet solution that provides the Catalyst switch, or a switch module with the ability to send location information to an endpoint. The total size of the location information that can be sent via CDP and Link Layer Discovery Protocol (LLDP) is limited to 256 bytes. The network administrator should keep the location information size under 256 bytes.

1 Digital Media Player (DMP)

2 IP video surveillance cameras (IPVSC)

Auto Smartports macroconfiguration applied to the port

Switch with AutoSmartports enabled

Device Identified through CDP, 802.1x,MAB, LLDP, MAC address, or OUI

2375

28

2

1


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Features and Benefits of Medianet in LMS

Features and Benefits of Medianet in LMSTable 5-1 lists the features and benefits of Medianet in LMS.

Table 5-1 Features and Benefits of Medianet in LMS

Feature Benefits

View Medianet dashboard You can

• Monitor the operational status of Medianet endpoints.

• View the configuration changes on Medianet Endpoints connected devices.

• View the faults that have occurred on devices, which have Medianet endpoints connected to them.

• View details of the missing Medianet Endpoints, which are connected to Medianet devices.

• Generate reports and troubleshoot the endpoints using portlets.

For more information, see Understanding the Medianet Dashboard.

Manage Auto Smartports templates You can

• Group multiple Auto Smartports events and their associated macros into ASP templates.

• Deploy the templates on multiple switches.

• Customize system-defined Auto Smartports templates in LMS to suit your needs.

• Define new Auto Smartports template.

For more information, see Managing Auto Smartports Templates.

Auto configure Medianet endpoints You can

• Deploy the system-defined or any user-defined Medianet templates, available in LMS, on devices

• Auto configure endpoints with Auto Smartports macros when they connect to a switch or switch module.

• Reduce configuration costs.

• Ensure that the devices are deployed correctly.

For more information, see Configuring Auto Smartports.

Deploy Location configuration You can

• Deploy location attributes on the Medianet-supported devices at port level to configure location settings of the Medianet endpoints.

• Automate physical location configuration.

• Customize device configuration based on its location.

For more information, see Configuring Location Settings Using Templates.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Features and Benefits of Medianet in LMS

Configure Medianet devices You can perform the following configurations on Medianet devices:

• Auto Smartports

• Video Conferencing

• Video Transcoding

• RSVP

• PfR

• QoS

• Performance Monitoring

• IPSLA Video Operations

• Dynamic User Tracking

For more information, see Configuring Devices with Medianet Endpoints.

Monitor Medianet endpoints You can

• View and monitor real-time status of Medianet endpoints using Medianet portlets and the Medianet inventory report.

• Confirm if the Medianet endpoints are registered with the Digital Media Manager (DMM) or Video Surveillance Manager (VSM) in your network, using the Medianet inventory report.

You can compare the data of the report with the DMPs and IPVSCs registered in the DMM or VSM in your network.

For more information, see Generating Medianet Reports.

Troubleshoot Medianet endpoints You can

• Troubleshoot problems, if any, using the troubleshooting workflows of LMS.

• Mouse over the Medianet endpoints in the Dashboard or Search results, click Troubleshoot and view details of:

– Access port to which the endpoint is connected.

– Host information

– Active Faults and Events associated with the port

• Reset the access port to which the endpoint is connected.

For more information, see Troubleshooting Medianet Endpoints.

Table 5-1 Features and Benefits of Medianet in LMS

Feature Benefits


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Medianet Supported Devices and Images

Medianet Supported Devices and ImagesTable 5-2 and Table 5-3 list the devices, switch modules, and images, that support Medianet.

Table 5-4 lists the Medianet Supported DMPs and IPVSCs.

Note Support for location deployment is available for Cat 2K devices and SM ES2 Module, but Location MIB collection is not supported through Inventory.

Table 5-2 Supported Devices and Images for Medianet


Cisco Catalyst 3750, 3750-E, 3750-X, 3750-G 12.2(58)SE


Table 5-3 Medianet Supported Switch Modules of ISRs

RoutersMedianet Supported Switch Module Switch Image



SM-D-ES3-48-P 12.2(55)EX

SM-D-ES2-48 12.2(55)EX

SM-ES3G-24-P 12.2(55)EX

SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ


SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Medianet Supported Devices and Images



NME-X-23ES-1G-P 12.2(55)EZ





NME-X-23ES-1G-P 12.2(55)EZ

Table 5-4 Medianet Supported DMPs and IPVSCs

Endpoint OUI

Camera PID

CIVS-IPC-4300 00-1E-BD

CIVS-IPC-4500 00-21-IB

CIVS-IPC-2421 00-1D-E5

CIVS-IPC-2520V/CIVS-IPC-2521V

00-21-1B

CIVS-IPC-2530VCIVS-IPC-2531V

00-1E-BD

CIVS-IPC-2500 00-21-1B

CIVS-IPC-2500W 00-1D-E5

DMP

DMP 0023.AC

DMP 000F.44

Table 5-3 Medianet Supported Switch Modules of ISRs




OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Getting Started with Medianet and Assessing Medianet Readiness of Your Network

Getting Started with Medianet and Assessing Medianet Readiness of Your Network

The Getting Started workflow guides you on provisioning Medianet for Day 1 operations.

Both, the Getting Started and the Medianet Readiness Assessment pages help you to assess the Medianet readiness of your network. A pie chart appears with the following types of devices:

• Medianet Devices

• Medianet Software Incapable Devices

• Medianet Hardware Incapable Devices



Medianet DevicesClick the Medianet Devices slice of the pie chart. These devices run with Medianet-capable images.

You can select devices and enable the required Medianet sub-technology on these devices. You can view the number of Medianet endpoints connected to each device and also the supported technologies of each Medianet device.

Medianet Software Incapable DevicesClick the Medianet Software Incapable Devices slice of the pie chart. These devices does not have Medianet-capable images. You can upgrade to the Medianet-capable image version.

Medianet Hardware Incapable DevicesClick the Medianet Hardware Incapable Devices slice of the pie chart. These devices do not support the Medianet technology. You can get the latest Medianet supported hardware from Cisco.com.

See, Medianet Supported Devices and Images for more details.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Prerequisites for Configuring and Monitoring Medianet Endpoints

Prerequisites for Configuring and Monitoring Medianet Endpoints

The prerequisites for configuring and monitoring Medianet endpoints are:

• Ensure that the devices with Medianet endpoints are managed in LMS.

• To configure the location attributes for Medianet endpoints, select Configuration > Tools > Template Center.

• To collect location attributes from devices, you must configure SNMPv3 AuthPriv credentials on the devices, and update these credentials in the Device Management page. To update the credentials in the Device Management page, select Inventory > Device Administration > Add / Import / Manage Devices.

• To enable LMS to collect location attributes from the devices, select Admin > Collection Settings > Inventory > Location Collection Settings.

• To monitor Medianet endpoints in real time and not wait till the next UTMajor Acquisition cycle using LMS, you must enable dynamic tracking of Medianet endpoints. To enable dynamic tracking, select Admin > Collection Settings > User Tracking > Device Trap Configuration.

Device Groups and Port Groups for MedianetThis section explains the following new groups that have been added for Medianet in LMS:

• Medianet Endpoints Connected Group

• Port and Module Groups for Medianet

Medianet Endpoints Connected Group

This is a new system-defined group to group all the devices connected with Medianet Endpoints (DMP and IPVSC).

To collect location attributes from these devices, you must configure SNMPv3 AuthPriv credentials on the devices, and update these credentials in the Device Management page.

To update the credentials in the Device Management page, select Inventory > Device Administration > Add / Import / Manage Devices.

To enable LMS to collect location attributes from the devices, select Admin > Collection Settings > Inventory > Location Collection Settings.

Port and Module Groups for Medianet

Two new system-defined PMC groups have been introduced in LMS for Medianet. They are:

• DMP Ports —Contains all ports connected to DMP endpoints.

• IPVSC Ports—Contains all ports connected to IPVSC endpoints.

LMS also allows you to define rules to create port and module groups using location attributes (Admin > System > Group Management > Port and Module). Some of the location attributes are Location.Floor, Location.House, Location.Place, and Location.City. For more information, see Defining Rule Expression for Port or Module Groups in Admin Online Help.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Enabling Location Collection

Enabling Location CollectionLMS can collect the location attributes configured on access layer ports to which Medianet endpoints are connected. You must enable the collection settings for location attributes to view details of the location attributes in the Medianet endpoint inventory reports. By default, the location collection settings are disabled.

To enable LMS to collect location attributes from the devices, select Admin > Collection Settings > Inventory > Location Collection Settings.

Select Yes and click Apply to enable the collection settings for location attributes.

Select No and click Apply to disable the collection settings for location attributes.

When you disable the Location Collection Settings, the collected location attributes of the Medianet devices will not be lost. You can view the location attributes for Medianet devices in the Medianet Endpoint Inventory Report. However, you must enable Location collection to view the latest location attributes.

Note For the location collection of the Medianet devices, configure SNMPv3 AuthPriv credentials on the devices, and update these credentials in the Device Management page (Inventory > Device Administration > Add / Import / Manage Devices).

To view location attributes of Medianet endpoints:

Step 1 Run Inventory Collection (Inventory > Job Browsers > Inventory Collection).

Step 2 Ensure Inventory Collection has completed, and then run User Tracking (Admin > Collection Settings > User Tracking > Acquisition Schedule).

Step 3 Launch Medianet Endpoint Inventory Report (Reports > Technology > Medianet).

Note You can use IC_Server.log to debug the location attributes collection of the Medianet devices.

Configuring Devices with Medianet EndpointsFrom the Medianet Workcenter, you can do the following on devices with Medianet endpoints:

• Configure Auto Smartports

• Configure Location Settings Using Templates

• Configure Video Conferencing

• Configure Video Transcoding

• Configure RSVP

• Configure PfR

• Configure QoS


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Configuring Devices with Medianet Endpoints

• Configure Performance Monitoring

• Configure IPSLA Video Operations

• Configure Dynamic User Tracking

Configure Auto SmartportsWhen you select a Medianet device, click Configure, and choose Auto Smartports from the drop-down list, the Auto Smartports configuration page appears (Work Centers > Auto Smartports > Configure > Auto Smartports).

LMS provides Medianet templates that contains all the system-defined events and the system-defined macros for the Medianet endpoints. You can select a template and customize it, if required. You can select an event to trigger the macro associated with it on the ASP-capable switch. For more information, see Configuring Auto Smartports.

Configure Location Settings Using TemplatesWhen you select a Medianet device, click Configure, and choose Location from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the Location templates.

Three templates are available to facilitate configuration of location attributes on the Medianet-connected devices in your network. The system-defined location templates that are available in LMS are:

• DMP Location Configuration—Configures location information on access ports that are connected to the Digital Media Player. This is a port-based template.

• IPVSC Location Configuration—Configures location information on access ports that are connected to the IP Video Surveillance Camera. This is a port-based template.

• Location Configuration—Configures location information on access ports that are connected to any Medianet endpoint. This is a port-based template.

For more information, see Configuring Location Settings Using Templates.

Configure Video ConferencingWhen you select a Medianet device, click Configure, and choose Video Conferencing from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the Video Conferencing templates.

You can configure different video endpoints for video conferences.

You can configure three types of video profiles:

• Homogeneous conferences (video switching)

• Heterogeneous conferences (video mixing)

• Guaranteed audio conferences (best-effort video)


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Configuring Devices with Medianet Endpoints

Configure Video TranscodingWhen you select a Medianet device, click Configure, and choose Video Transcoding from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the Video Transcoding templates.

This template provides video transcoding services, where video can be converted from one format to another.

You can configure video transcoding when the bit rate, frame rate, resolution, or codec is different between two endpoints.

Configure RSVPWhen you select a Medianet device, click Configure, and choose RSVP from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the RSVP templates.

Resource Reservation Protocol (RSVP) signals the QoS needs of an application's traffic along the devices, in the end-to-end path through the network.

You can configure:

• User or application that requires an RSVP request

• Bandwidth that has to be reserved

• Admission policy, which the devices use, to admit the RSVP message

Configure PfRWhen you select a Medianet device, click Configure, and choose PfR from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the PfR templates.

Performance Routing (PFR) provides best path optimization and advanced load balancing of traffic over the WAN and to the Internet for enterprise networks with multiple paths.

You can:

• Configure traffic classes for performance routing

• Configure performance metrics of these individual traffic classes

• Control the traffic by applying suitable traffic class and link policies.

Configure QoSWhen you select a Medianet device, click Configure, and choose QoS from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the QoS templates.

This template provides QoS macros to switch ports upon detection of a Medianet endpoint.

You can:

• Select specific network traffic

• Prioritize it according to its relative importance

• Use QoS macros to provide preferential treatment of traffic in your network.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Configuring Location Settings Using Templates

Configure Performance MonitoringWhen you select a Medianet device, click Configure, and choose Performance Monitoring from the drop-down list, the Template Center (Configuration > Tools > Template Center) page appears with the Performance Monitoring templates.

Using these templates, you can configure a flow record and specify how the collected data is aggregated and presented.

You can configure the following for endpoints like CUVA, Movi, Tandberg, and Webex Servers:

• Configure a flow record to specify the fields you want to monitor.

• Configure a policy to include one or more classes

• Reaction ID, jitter and threshold of lost packets

You can also configure voice data on all endpoints.

Configure IPSLA Video OperationsWhen you select a Medianet device that supports IPSLA, click Configure, and choose IPSLA from the drop-down list, the IPSLA Operations (Monitor > Performance Settings > IPSLA > Operations) page appears. You cannot select multiple devices and perform this configuration.

You can configure specific collectors for video operation to analyze Latency, Availability, one-way delay, one-way packet loss, one-way jitter and connectivity of networks that carry the video traffic.

Configure Dynamic User TrackingWhen you select a Medianet device, click Configure, and choose Dynamic UT from the drop-down list, the Configure Trap on Devices page appears (Admin > Collection Settings > User Tracking > Device Trap Configuration) page appears.

You must configure the Cisco devices for sending SNMPv1/SNMPv2 MAC Notification Traps when a host is connected to or disconnected from that port.

Configuring Location Settings Using TemplatesThe Template Center (Configuration > Tools > Template Center) in LMS provides both system-defined and user-defined location templates. In LMS, three new templates are available to facilitate configuration of location attributes on the Medianet-connected devices in your network.

You can export the system-defined template, modify it, import it and save it as a user-defined location template. The system-defined location templates that are available in LMS are:

• DMP Location Configuration—Configures location information on access ports that are connected to the Digital Media Player. This is a port-based template.

• IPVSC Location Configuration—Configures location information on access ports that are connected to the IP Video Surveillance Camera. This is a port-based template.

• Location Configuration—Configures location information on access ports that are connected to any Medianet endpoint. This is a port-based template.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Configuring Location Settings Using Templates

To configure location attributes on access ports:

Step 1 Select Configuration > Tools > Template Center > Deploy. The Template Deployment page appears with the list of system-defined and user-defined templates.

Step 2 Select a location template.

Step 3 Click Next. Select devices from the Device Selector.

Step 4 Click Next. Select port groups from the Port Selector.

Step 5 Click Next. The Configure Location Attributes page appears.

Step 6 Click Export device level attributes to export the template information to an excel sheet.

A dialog box appears, prompting you to open or save the template file.

Step 7 Enter the applicable values in the template.

Note The location data, which includes metadata and the corresponding location attributes, can have a maximum of 256 characters.

Step 8 Click Import device level attributes to import the template and click Upload to upload it to the LMS server.

Step 9 Click Next. The Adhoc Configuration for Selected Port Groups pane appears.

You can enter more configuration commands that will be deployed on the selected devices or ports in addition to the commands in the template. The commands that you enter here will not be validated by LMS. Entering additional commands is optional.

Step 10 Click Next. The Schedule Deployment pane appears, displaying Scheduler and Job Options details.

Enter the Job Description, select the Schedule and Job options and click Finish. A notification message appears along with the Job ID. The newly created job appears in the Template Center Jobs.

To view location attributes of Medianet endpoints:

Step 1 Trigger Inventory Collection (Inventory > Job Browsers > Inventory Collection).

Step 2 Ensure Inventory Collection has completed, and then run User Tracking (Admin > Collection Settings > User Tracking > Acquisition Schedule).

Step 3 Launch Medianet Endpoint Inventory Report (Reports > Technology > Medianet).


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Understanding the Medianet Dashboard

Understanding the Medianet DashboardYou can access the Medianet dashboard using My Menu > Default Dashboards > Medianet.

The Medianet dashboard provides a quick snapshot of the operational status of Medianet endpoints. You can also view the configuration changes for all the Medianet devices after every inventory or configuration collection, and view faults that have occurred on devices, which have Medianet endpoints connected to them.

The various Medianet portlets are:

• Last N Faults on Devices with Medianet Endpoints

• Last N Unreachable Medianet Endpoints Portlet

• Last N Connected Medianet Endpoints Portlet

• Config Changes on Devices with Medianet Endpoints Portlet

• Medianet Endpoints Status Across Locations Portlet

When you mouse over some columns in the Medianet portlets like MAC address of the Medianet endpoint, you can view the location attributes in the Endhost details popup. You can customize the display of the location attributes in this popup. For more details, see Customizing the Display of Location Attributes.

For details on troubleshooting Medianet portlets, see Troubleshooting Medianet Portlets.


OL-23861-01


Customizing the Display of Location AttributesWhen you move the mouse over the MAC address columns of the Medianet portlets, you can view the location attributes in the Endhost details popup. You can customize the display of the location attributes in this popup using the medianet.properties file located at:

• For Windows-NMSROOT\lib\classpath

• For Solaris and Soft Appliance-NMSROOT/lib/classpath

NMSROOT is the LMS install directory. For Solaris and Soft Appliance, it will be /opt/CSCOpx.

LMS also has the medianet.properties.orig file with the default layout of the location attributes. You can use this file if the medianet.properties file gets corrupted. If the medianet.properties file gets corrupted, you should take a copy of the medianet.properties.orig file and replace the corrupted medianet.properties file.

The location attributes that appear in the Endhost details popup vary according to the type of Medianet endpoint. See, Sample Default medianet.properties File.

You can add any location attribute to any address line. By default, the address of the Medianet endpoint is 5 lines. If the you want to add or remove a line, you should change the value of the property MOUSEHOVER.DMP.LOCATION.NUMBER_OF_LINES.

For example, to add the sixth line to the DMP endpoint address in the Endhost details popup, you should:

• Add MOUSEHOVER.DMP.LINE6={1}, {2},

• Modify the MOUSEHOVER.DMP.LOCATION.NUMBER_OF_LINES to 6.

The number within the braces refers to the location attribute listed in the properties file. In this example, it is State and County respectively. See, Sample Default medianet.properties File.

If you choose to add a line in between, you need to modify the subsequent lines.

You can also move the mouse over the end host records in the search results and view the location attributes only for Medianet endpoints.

Sample Default medianet.properties File### Location attributes order

#

#SNo Fields Description

#-----------------------------------------------------------------------------

#1 State National subdivision (state)

#2 County Land area of local government

#3 City City

#4 City Division City division

#5 Neighborhood Neighborhood

#6 Street Group Group of streets

#7 Leading Street Direction Leading street direction

#8 Trailing Street Direction Trailing street direction

#9 Street Suffix Street suffix

#10 House House number

#11 Street Number Street number suffix

#12 Landmark Landmark

#13 Additional Location Additional location information

#14 Name Name of the resident


OL-23861-01


#15 Zipcode Postal/Zip Code

#16 Building Building name

#17 Unit Unit

#18 Floor Floor number

#19 Room Room number

#20 Place Place type

#21 PostalCommunity Name Postal community name

#22 PostOffice Box PO Box

#23 Additional Code Additional code information

#24 Seat Seat number

#25 Primary Road primary road or street name

#26 Road Section Road section name

#27 Road Branch Road branch name

#28 Road SubBranch Road sub-branch name

#29 StreetName PreMod Street pre modifier name

#30 StreetName PostMod Street post modifier name

#31 Country Code Country

# Location Attributes format for DMP Mouse Hover

MOUSEHOVER.DMP.LOCATION.NUMBER_OF_LINES=5

MOUSEHOVER.DMP.LINE1={14},

MOUSEHOVER.DMP.LINE2={17}, {18}, {19},

MOUSEHOVER.DMP.LINE3={25}, {9},

MOUSEHOVER.DMP.LINE4={5},

MOUSEHOVER.DMP.LINE5={3}, {1}- {15}

# Location Attributes format for IPVSC Mouse Hover

MOUSEHOVER.IPVSC.LOCATION.NUMBER_OF_LINES=5

MOUSEHOVER.IPVSC.LINE1={14},

MOUSEHOVER.IPVSC.LINE2={17}, {18},

MOUSEHOVER.IPVSC.LINE3={25}, {9},

MOUSEHOVER.IPVSC.LINE4={5},

MOUSEHOVER.IPVSC.LINE5={3}, {1}- {15}

# Location Attributes format for End Host Troubleshooting

TS.LOCATION.NUMBER_OF_LINES=12

TS.LOCATION.LINE1={14},

TS.LOCATION.LINE2={18}, {17}, {24}, {19},

TS.LOCATION.LINE3={16}, {10},

TS.LOCATION.LINE4={11}, {7}, {29}, {30}, {8}, {9},


TS.LOCATION.LINE6={25}, {29}, {27}, {28},


TS.LOCATION.LINE8={20}, {13}, {5},

TS.LOCATION.LINE9={22}, {21},



OL-23861-01


TS.LOCATION.LINE11={3}, {2}, {1}, {31},

TS.LOCATION.LINE12={15}, {23}

# Property to enable/disable location collection. Default is TRUE

# To disable, change it to FALSE

LOCATION_COLLECTION=TRUE

Last N Faults on Devices with Medianet EndpointsIn the Last N Faults on Devices with Medianet Endpoints portlet, you can view the faults that have occurred on devices, which have Medianet endpoints connected to them. By default, you can view the latest five events and a maximum of ten events by changing the value of the No. of Alerts to be displayed field in the configuration page.

Before you monitor the devices with Medianet endpoints, you must read the prerequisites, see Prerequisites for Configuring and Monitoring Medianet Endpoints.

You can click the title bar to navigate to the Fault Monitor page with Medianet device faults.

To configure Last N Faults on Devices with Medianet Endpoints portlet:

Step 1 Move the mouse over the title bar of the portlet to view the icons.


You can:

• Select the minute and hour from the Refresh Every drop-down list to change the Refresh time. The items in the portlet get refreshed at the changed Refresh time.

• Select the number of faults to be displayed in the portlet from the No.of Alerts to be Displayed drop-down list.

For example, if you select four faults, the details of any four faults appear in the portlet.

Step 3 Click Save to view the configured portlet with the changed settings.

Table 5-5 provides the details of Last N Faults on Devices with Medianet Endpoints portlet.


OL-23861-01


Last N Unreachable Medianet Endpoints Portlet Before you monitor the Medianet endpoints, you must read the prerequisites, see Prerequisites for Configuring and Monitoring Medianet Endpoints.

In the Last N Unreachable Medianet Endpoints portlet, you can view details of the missing Medianet Endpoints, which are connected to Medianet devices.

The missing Medianet Endpoints include the following endpoints, after every User Tracking collection:

• Endpoints connected to the interfaces of the switch that are down.

• Endpoints missing on the interfaces of the switch that are up.

These endpoints were found in one cycle of User Tracking and were missing in the next cycle.

Users with the following roles can access this portlet:

• Network Admin


• System Administrator

• Approver

• Super Admin

• Help Desk

Table 5-5 Details of Last N Faults on Devices with Medianet Endpoints portlet

Field Description

Severity Displays the severity of the event. It can be Critical, Warning, or Informational.

Status Lists the faults status such as

• Active—Fault is active. All suspended devices remain active.

• Cleared—Fault is no longer alive. When the fault is in the Cleared state for 20 minutes, it expires and is removed from the display.

• User Cleared—User has cleared the fault. When the fault is in the Cleared state for 20 minutes, it expires and is removed from the display.

• Acknowledged—Fault is manually acknowledged by the user from the Alerts and Activities Detail page.

Device Name Name of the device which has the fault.

You can move the mouse over the name to view its details in the Device Details popup.

Event Name Displays the name of the event

Component Name

Displays the component name of the device

Creation Time Displays the time at which the fault occurred.

Owned By Displays the user who owns the fault.


OL-23861-01


You can click the title bar to navigate to the Medianet Endpoint Inventory Report generator page.

To configure the Last N Unreachable Medianet Endpoints portlet:

Step 1 Move the mouse over the title bar of the Last N Unreachable Medianet Endpoints portlet to view the icons.


You can


• Select the type of Medianet endpoint

• Select the number of endpoints to be displayed in the portlet from the Show Last N Unreachable Medianet Endpoints drop-down list.

For example, if you select 4 endpoints, the details of any four endpoints appear in the portlet.


Table 5-6 provides details of the Last N Unreachable Medianet Endpoints portlet.

Table 5-6 Details of Last N Unreachable Medianet Endpoints portlet

Field Description

MAC Address Displays the MAC address of the Medianet endpoint.

You can move the mouse over the MAC address to view the details of the endpoint in the Endhost Details popup. You can troubleshoot the endpoint and view its location details in this popup. You can also customize the display of the location attributes, see Customizing the Display of Location Attributes.

IP Address Displays the IP address of the switch or switch module.

Note IP Address will be blank if the endpoint does not have an ARP entry in the router.

Connected Device

Displays the name of the switch or switch module.


Port Displays the port of the switch or switch module, to which the Medianet endpoint is connected. You can move the mouse over the port to view details of the port in the Port Details page.

In the Port Details popup, you can click the Reset Port link to shutdown the port and then enable it. The reset action is logged as part of syslogs for audit purposes. You can view the changes in the Change Audit report (Reports > Change Audit), if syslogs are enabled in the device.

Last Connected Date and time when User Tracking last found an entry for this endpoint in the switch.

The format is dd mon yyyy hh:mm:ss.


OL-23861-01


Last N Connected Medianet Endpoints PortletIn the Last N Connected Medianet Endpoints portlet, you can view the following Medianet endpoints, during the last N specified time period:

• Endpoints connected to a switch or switch module.

• Endpoints that were down in the previous UT collection and up in the current collection.

Before you monitor the Medianet endpoints, you must read the prerequisites, see Prerequisites for Configuring and Monitoring Medianet Endpoints.

You can select one from the following time intervals:

• Last 24 hours

• Last Week

• Last Month

• Last Year

Only users following roles can use this portlet:

• Network Admin


You can click the title bar to navigate to the Medianet Endpoint Inventory Report generator page.

To configure the Last N Connected Medianet Endpoints portlet:

Step 1 Move the mouse over the title bar of the Last N Connected Medianet Endpoints portlet to view the icons.


You can:


• Select the type of Medianet endpoint.


Step 4 Select the time interval such as, Last 24 hours, Last Week.

Table 5-7 lists details of Last N Connected Medianet endpoints portlet.


OL-23861-01


Config Changes on Devices with Medianet Endpoints PortletIn the Config Changes on Devices with Medianet Endpoints portlet, you can view the changes in the configuration information for all the Medianet devices after every inventory or configuration collection. However, the VLAN config change details will not be displayed.

Before you monitor the devices with Medianet endpoints, you must read the prerequisites, see Prerequisites for Configuring and Monitoring Medianet Endpoints.


• Network Admin


• Approver

• Super Admin

• Help Desk

Table 5-7 Details of Last N Connected Medianet Endpoints portlet

Field Description

MAC Address Displays the MAC address of the Medianet endpoint.

You can move the mouse over the MAC address to view the details of the endpoint in the Endhost Details popup. You can troubleshoot the endpoint and view its location details in this popup. You can also customize the display of the location attributes, see Customizing the Display of Location Attributes.

IP Address Displays the IP address of the switch or switch module.

Note IP Address will be blank if the endpoint does not have an ARP entry in the router.

Device Name Displays the name of the switch or switch module.


Port Displays the port of the switch or switch module, to which the Medianet endpoint is connected. You can move the mouse over the port to view details of the port.

In the Port Details popup, click the Reset Port link to shutdown the port and then enable it. You can monitor the changes in the Change Audit report (Reports > Change Audit), if syslogs are enabled in the device.

VLAN VLAN associated with the MAC address or port

First Connected

Date and time when User Tracking first found an entry for this endpoint in the switch.

The format is dd mon yyyy hh:mm:ss.


OL-23861-01


Table 5-8 provides details of the Config Changes on Devices with Medianet Endpoints portlet.

To configure the Config Changes on Devices with Medianet Endpoints portlet:

Step 1 Move the mouse over the title bar of the Config Changes on Devices with Medianet Endpoints portlet to view the icons.


Step 3 Select the minute and hour from the Refresh Every drop-down list to change the Refresh time. The items in the portlet get refreshed at the changed Refresh time.

Step 4 Select the numbers of records that should appear in the portlet.

Step 5 Select the View exception period data over the last 24 hours check box to view the exception period data.

An Exception period is a time you specify when no network changes should occur. This period does not prevent you from making any changes in your network. You can define Exceptions periods in the Change Audit Settings (Admin > Network Administration > Change Audit Settings > Exception Periods).


Table 5-8 Details of Config Changes on Devices with Medianet Endpoints portlet

Field Description

Connected Device

Name of the device to which the endpoint is attached.

You can mouse over the name to view details of the device in the Device Details page.

User Name Name of the user who performed the change on the device. This is the name entered when the user logged in.

The User Name field may not always reflect the user name.

The User Name is reflected only when:

• Config change was performed using LMS

• Config change was performed outside LMS, and the network has username based on AAA security model where the authentication is performed by a AAA server (such as TACACS/RADIUS or local server)

Date and Time Date and the time at which the application communicated the network change or when Change Audit saw the change record.

View Changes Click Details to view the config diff report


OL-23861-01


Medianet Endpoints Status Across Locations PortletIn the Medianet Endpoints Status Across Locations portlet, you can view a bar chart that displays the operational status of the Medianet endpoints grouped according to a specific location attribute.

By default, the bar chart appears for the Medianet Endpoints grouped by the location attribute city.

Before you monitor the Medianet endpoints, you must read the prerequisites, see Prerequisites for Configuring and Monitoring Medianet Endpoints.

You can configure the location attribute used to group endpoints. A maximum of 15 endpoint groups with the highest number of unavailable endpoints can be displayed. You can view the status of up to fifty endpoint groups.


• Network Admin


To configure the Medianet Endpoints Status Across Locations portlet:

Step 1 Move the mouse over the title bar of the Medianet Endpoints Status Across Locations portlet to view the icons.


Step 3 Select the minute and hour from the Refresh Every drop-down list to change the Refresh time. The items in the portlet get refreshed at the changed Refresh time.

Step 4 Select the type of Medianet endpoint.

Step 5 Select the Location attribute from the list.

Step 6 Select the number of locations that you want in the chart. A maximum of five endpoint groups with the highest number of unavailable endpoints can be displayed.


Troubleshooting Medianet PortletsTable 5-9 provides details of log files to troubleshoot Medianet portlets.

.Table 5-9 Log Files for Medianet Portlets

Portlet Log File Enable Debugging Option

Last N Faults on Devices with Medianet Endpoints

AAD.log 1. Select Admin > System > Debug Settings > Fault Debugging Settings.

2. Enable Alert and Activities log (AAD.log)

Last N Config Changes on Devices with Medianet Endpoints

RMEPortlets.log 1. Select Admin > System > Debug Settings > Config and Image Management Debugging settings.

2. Select Application as portlet.

3. Enable RMEportlets log.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Generating Medianet Reports

You can use cwportal.log for troubleshooting other portlets. To enable debugging for this porlet, select Admin > System > Debug Settings > Common Services Log Configurations. Enable CiscoWorks Portal log.

Generating Medianet Reports LMS allows you to generate a Medianet Endpoint Inventory Report. For more information, see Medianet Endpoint Inventory Report

You can customize the Medianet endpoint inventory report with different layouts using Reports > Report Designer > Medianet Custom Layouts. For more information, see Using Medianet Custom Layouts.

Using Medianet Custom LayoutsYou can customize the columns displayed in the Medianet Endpoint Inventory Report using Reports > Report Designer > Medianet Custom Layouts.

You can view, create, and copy Medianet Custom Layouts. You can customize the inventory report by selecting the required location attributes and end host attributes. You cannot edit or delete the standard layouts.

Last N Unreachable Medianet Endpoints

campusportal.log To enable debug for campusportal.log go to:

NMSROOT/campus/www/classpath/log4j-cm-portal.properties

ERROR should be changed to DEBUG for the following lines

log4j.category.com.cisco.nm.portalapi=ERROR

log4j.category.com.cisco.nm.portalapi.ds=ERROR

log4j.category.com.cisco.nm.portalapi.qtopo=ERROR

log4j.category.com.cisco.nm.portalapi.qtopo.ds=ERROR

log4j.category.com.cisco.nm.util.systemstatus=ERROR

log4j.category.com.cisco.nm.util.systemstatus.ds=ERROR

Last N Connected Medianet Endpoints

Medianet Endpoints Status Across Locations

Table 5-9 Log Files for Medianet Portlets

Portlet Log File Enable Debugging Option


OL-23861-01


The following Medianet default layouts are available after a fresh install:

• Digital Media Player Standard—Standard layout for Digital Media Player (DMP) endpoints

• IP Video Surveillance Camera Standard—Standard layout for IP Video Surveillance Camera (IPVSC) endpoints

• Medianet Endpoints Standard—Standard layout for all Medianet endpoint types.

Medianet Endpoint Inventory ReportThe Medianet Endpoint Inventory Report provides information about the Medianet endpoints such as the subnets on which LMS has detected the endpoints, any state changes, and the number of discrepancies found associated with the port. The details of the report vary according to the layout that you choose.

You can use this information to register the Medianet endpoints in Medianet management systems like Cisco Digital Media Manager (DMM) or Cisco Video Surveillance Manager (VSM).

To generate this report:

Step 1 Select Reports > Technology > Medianet


Step 3 Select the Endpoint type. You can choose to generate reports for:

• Digital Media Player

• IP Video Surveillance Camera

Step 4 Select the Layout from the list. By default, the following layouts for the report are available:

• Medianet Endpoints Standard

• Digital Media Player Standard

• IP Video Surveillance Camera Standard

Step 5 Enter the information required to add a Filter Rule and click Add.

Step 6 Click Validate Rule to validate the filter rule you have added.

Step 7 Enter the scheduling details and the job information.

Step 8 After you enter the required information, click Submit. You can click Reset to reset all the information.

The Medianet Endpoint Inventory Report page appears. For more details, see Interpreting Medianet Endpoint Inventory Report.

The mini job browser appears at the bottom of the Medianet report generator screen; it shows only the Medianet report jobs.


OL-23861-01


Interpreting Medianet Endpoint Inventory Report

Table 5-10 displays details of the columns in the Medianet Endpoint Inventory Report. Some of the columns might vary according to the Layout you choose. This section contains Printing Medianet Endpoint Inventory Reports.

Table 5-10 Details of Medianet Endpoint Inventory Report

Fields Description

MAC Address MAC address of network interface card in end-user node.

For Ethernet topology, the MAC address is displayed in the format, xx-xx-xx-xx-xx-xx.

Host Name Name of the host

IP Address IP address of the host

Subnet Subnet of IP address

Status Operational status of the port

Device Name Name of the device

Port User assigned port name (port label) in the device to which a host is connected

VLAN VLAN associated with the MAC address or port

Last Seen Date and time when User Tracking last found an entry for this user or host in a switch. Last Seen is displayed in the format dd mon yyyy hh:mm:ss.

IPv6 Address IPv6 address of the host, if any

Prefix Length Length of the IPv6 address prefix

Prefix IPv6 address prefix

Device IP address of device to which end user node is attached. Click on the value to launch the Troubleshooting page for that device.

Port Name User assigned port name (port label)

Port State Configured port mode

Port Duplex Operational duplex

Port Speed Operational speed

VTP Domain VTP Domain with which the switch is associated.

VLAN ID VLAN identifier associated with the MAC address or port

VLAN Type Ethernet, FDDI, unassigned, or unknown

Parent VLAN Parent VLAN of the host

Secondary VLAN Secondary VLAN of the host

dot1xEnabled Status of Dot 1x authentication on the device. Two status are:

• True—When authentication is enabled on the device.

• False—When authentication is disabled on the device.

Associated Routers IP addresses of the routers associated with the host.

Discrepancies Found Number of discrepancies found on the port. Click on the number to launch the Discrepancies report.


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Troubleshooting Medianet Endpoints

Printing Medianet Endpoint Inventory Reports

You can print only 10,000 records at a time.

Comma separated values are not accepted in the print range. For example, specifying the range as 10-40, 70-80 will not work. Specify the range as 10-40 to print from the 10th record to the 40th record. Repeat it for the 70-80 range.

Troubleshooting Medianet EndpointsYou can quickly locate the Medianet endpoints and get their network details by entering the MAC address or IP address of the Medianet endpoints in the LMS Search text box. You can also search the Medianet endpoints configured with various location attributes by using the pattern:<location attribute>=<value>, example: city=Chicago. There should be no blank space between the attribute type and the delimiter in the LMS Search text box.

You can move the mouse over the end host records in the search results and troubleshoot them it by using the Troubleshoot button.

LMS runs a standard troubleshooting check to provide the following information:

• Details about the port to which the end host is connected:

– IfSpeed

– Duplex

– VLAN

– Admin Status

– Operational status

– Discrepancies found in the port

– Port level configuration

• Host

– IP address, host name, firmware version, OS version, and CPU utilization

– Ping and trace route statistics to host from LMS

– Active Faults and Events associated to the ports

You can also reset a port using the Reset Port link to shutdown the port and then enable it. The reset action is logged as part of syslogs for audit purposes. You can view the changes in the Change Audit report (Reports > Change Audit), if syslogs are enabled in the device.

Best Practice Deviations Found

Number of best practice deviations found associated with the port. Click on the number to launch the Best Practice Deviations report.

Name Name of the resident

Location Attributes The location attributes that appear in the report depend on the layout that you choose. There are 31 attributes like, State, City, Neighborhood, and Street Number.

Table 5-10 Details of Medianet Endpoint Inventory Report (continued)

Fields Description


OL-23861-01

Chapter 5 Managing Medianet Endpoints Using LMS Managing Medianet Jobs

Managing Medianet JobsYou can browse the Medianet jobs that are deployed on the system. Using the Medianet Job Browser you can manage Medianet jobs; you can retry, stop, or delete jobs using this job browser.

To invoke the Medianet job browser:

Select Work Center > Medianet > Jobs.

The Medianet job browser appears with a detailed list of all Medianet jobs. The browser has the following information:

You can filter the jobs displayed in the Medianet Job Browser using any of the following criteria and clicking Quick Filter. You can select any of the following criteria from the respective drop-down list, enter the details in the textbox.

Column Description


Click on the hyperlink to view the Job details (seeViewing Job Details).





For example, If the status displays Failed (5), then the count of devices that had failed is 5.







Schedule Type Type of job schedule—Immediate, Once.

Job Type The types of Medianet job.


OL-23861-01


You can click Refresh icon to refresh the Medianet job browser, and Refresh Job icon to refresh the selected Medianet job.




• Successful

• Failed

• Stopped

• Running

• Scheduled





Schedule Type Select Schedule Type and enter any one of the following:

• Immediate

• Once

Job Type Select Job Type and enter any one of the following:

• Autosmartport

• Config Template

• Dynamic User Tracking


OL-23861-01


You can perform the following operations using the Medianet job browser. (See Table 5-11):


The Job Details appears below the list of Medianet jobs. details are grouped into three parts:

• Work Order

• Device Details

• Job Summary

Table 5-11 Operations Using the Medianet Job Browser

Button Description


You can stop or cancel a running job. You will be alerted to confirm the cancellation of the job.





Delete Deletes the selected job from the job browser. You can delete more than one job.

Click OK to confirm the deletion. The job and its instances will be deleted.



Refresh Refreshes the Medianet job browser.



OL-23861-01




• Job policies

• Job details


• Device—List of devices on which the job was scheduled.


• Message Summary—A message about the status of a job.



You can filter the devices by selecting a status or message summary and clicking Filter.



Select a device and click Show Details to view the details such as protocol, status, and reason when applicable, task used and the CLI output for that device. These details appear in a pop-up window.


• Job Summary:

– Status

– Start Time

– End Time

• Job Messages:



• Device Update:

– Successful

– Failed

– Not attempted

– Pending


OL-23861-01


C H A P T E R 6
Smart Install in LMS
Smart Install (SI) is a plug-and-play configuration and image management feature that provides zero-touch deployment for new switches.

You can configure SI on a switch which will then be the SI director. Customer can ship switches to a location, place them in the network, and power them on with no configuration or image required on the switches. The configuration will be performed by the SI director.

Using Smart Install in LMS you can:

• Assess the readiness of your network for SI-capable directors.

• Discover and enable Smart Install on SI-capable directors.

• Manage configuration files and images of clients in the Smart Install director.

• Configure DHCP settings for Smart Install.

• Monitor and troubleshoot SI-related issues through the Smart Install report.

This sections explains:

• Getting Started with Smart Install

• Supported Devices and Images for Smart Install

• Assessing Your Network for SI Directors

• Managing Config and Image for Clients

• Configuring Smart Install Director

• Managing Smart Install Director

• Generating Smart Install Reports

• Managing Smart Install Jobs


Chapter 6 Smart Install in LMS Getting Started with Smart Install

Getting Started with Smart InstallThe Smart Install Getting Started Assistant workflow guides you on provisioning Smart Install for Day 1 operations.

You can access the Smart Install Getting Started Assistant using Work Centers > Smart Install > Getting Started.

For advanced configurations you can choose the corresponding link in the Smart Install TOC.

The Getting Started workflow for Smart Install is:

1. Assessing Smart Install Director Readiness of Your Network

2. Managing Config and Image for Clients

3. Configuring Smart Install Director

Assessing Smart Install Director Readiness of Your Network


The Smart Install Getting Started Assistant helps you assess the readiness of your network for Smart Install, configure, and manage SI director.

The Smart Install (SI) director readiness assessment analyzes your network and displays a pie chart appears with the following types of switches.

• SI-director-capable Switches

• SI-director-enabled Switches

• SI-software-incapable Switches

• SI-hardware-incapable Switches

Click on any of the pie chart slices to view the details of the switches.


SI-director-capable Switches

Click the SI-director-capable switches slice of the pie chart. The details of the corresponding switches appear at the bottom of the page. These switches have the supported IOS image for Smart Install. However, Smart Install is not enabled on them.

Select a switch and click Configure SI to enable Smart Install on the selected switch. See, Configuring Smart Install Director for more details. At a time, you can provision only a single device a SI director.

You can click Filter to filter the listed switches based on device name, device type, location, and running image version.


OL-23861-01

Chapter 6 Smart Install in LMS Getting Started with Smart Install

SI-director-enabled Switches

Click the SI-director-enabled switches slice of the pie chart. The details of the corresponding switches appear at the bottom of the page. These switches have the supported IOS image for Smart Install, and have Smart Install enabled.

You can select a Smart Install director and:

• Click Download Status to view the status of the Smart Install image and configuration download.

• Click Syslog Report to view the Smart Install syslog report. See Generating Smart Install Reports for more information.

Click Filter to filter the listed switches based on device name, device type, location, and running image version.

SI-software-incapable Switches

Click the SI-software-incapable switches slice of the pie chart. The details of the corresponding switches appear at the bottom of the page. These switches do not have the supported IOS image for Smart Install.

Some SI-capable devices might appear as SI-software-incapable devices if they do not have the latest Smart Install Capable IOS image. We recommend you to upgrade to the latest Smart Install Capable IOS image to avail all the Smart Install features in LMS 4.1.

Select a switch and click Upgrade Software Image to upgrade to the SI-capable IOS image.


You can click Filter to filter the listed switches based on device name, device type, location, running image version, and recommended image version.

SI-hardware-incapable Switches

Click the SI-hardware-incapable switches slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These switches do not support the Smart Install technology.

You can get the details of the latest Smart Install supported hardware from Cisco.com. See Known List of Hardware-incapable Devices for more information.


OL-23861-01

Chapter 6 Smart Install in LMS Supported Devices and Images for Smart Install

Supported Devices and Images for Smart InstallTable 6-1 lists the devices and images that support SI.

Assessing Your Network for SI Directors


You can assess the readiness of your network for Smart Install using the Smart Install Readiness Assessment (Work Centers > Smart Install > Readiness Assessment), and perform the following:

• Enable Smart Install on SI-capable switches

• Update the configurations for SI directors

• Download the SI-capable IOS image for SI-software-incapable switches.

The Smart Install (SI) director readiness assessment assesses your network and a pie chart appears with the following types of switches.

• SI-director-capable Switches

• SI-director-enabled Switches

• SI-software-incapable Switches

• SI-hardware-incapable Switches


SI-director-capable SwitchesClick the SI-director-capable switches slice of the pie chart. The details of the corresponding switches appear at the bottom of the page. These switches have the supported IOS image for Smart Install, however, Smart Install is not enabled on them.

Select a switch and click Configure SI to enable Smart Install on the selected switch. See, Configuring Smart Install Director for more details.

You can click Filter to filter the listed switches based on device name, device type, location, and running image version.

Table 6-1 Supported Devices and Images for Smart Install

Device Type Director Client Supported Software

Catalyst 3750, 3750-X, 3750E Yes Yes 12.2(58)SE

Catalyst 3560, 3560E, 3560-X, 3560 8 port, 3560 12 port Yes Yes 12.2(58)SE


OL-23861-01

Chapter 6 Smart Install in LMS Configuring Smart Install Director

SI-director-enabled SwitchesClick the SI-director-enabled switches slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These devices have the supported IOS image for Smart Install, and have Smart Install enabled on them.

You can select a Smart Install director and:

• Click Download Status to view the status of the Smart Install image and configuration download.

• Click Syslog Report to view the Smart Install syslog report. See Generating Smart Install Reports for more information.

Click Filter to filter the listed switches based on device name, device type, and location.

SI-software-incapable SwitchesClick the SI-software-incapable switches slice of the pie chart. The details of the corresponding switches appear at the bottom of the page. These switches do not have the supported IOS image for Smart Install. You can go to Readiness Report in the Smart Install TOC in the left pane and upgrade to the SI-capable IOS image.

Some SI-capable devices might appear as SI-software-incapable devices if they do not have the latest Smart Install Capable IOS image. We recommend you to upgrade to the latest Smart Install Capable IOS image to avail all the Smart Install features in LMS 4.1.

Select a switch and click Upgrade Software Image to upgrade to the SI-capable IOS image.


You can click Filter to filter the listed switches based on device name, device type, location, and running image version, and recommended image version.

SI-hardware-incapable SwitchesClick the SI-hardware-incapable switches slice of the pie chart. The details of the corresponding devices appear at the bottom of the page. These switches do not support the Smart Install technology. You can get the details of the latest Smart Install supported hardware from Cisco.com.

You can click Filter to filter the listed switches based on device name, device type, location, and running image version. See Known List of Hardware-incapable Devices for more information.

Configuring Smart Install DirectorTo configure a device as a Smart Install director, you need to select a device, define a minimum of one Smart Install group. You can also specify DHCP settings, hostname prefix, and join window if required, and schedule the deployment.

If you want the client switches to download config files and images from the Smart Install director, it must have a repository of image and configuration files.


OL-23861-01


The workflow for configuring a Smart Install director is:

1. Select a device

From the Select Device pane, select an SI-capable device to configure as SI director. Click Filter to filter the listed devices based on device name, IP address, device type, and running image version.

2. Add Smart Install groups to the director

You must define a minimum of one Smart Install group. See Configuring Smart Install Groups, for more information.

3. Configure DHCP settings

This step is optional if you have an external DHCP server configured in your network. See Configuring DHCP Settings, for more information

4. Specify hostname and join window settings

You can specify the hostname prefix and the join window in this pane.

Join window is the period during which the director will act on clients that send DHCP requests to the SI director. Clients that send DHCP requests outside of the join window will not become managed clients. See Configuring Host Name and Join Window, for more information.

5. Schedule deployment

You must schedule a job to deploy the SI configurations to the SI director. You can view the details of the Smart Install jobs in the Smart Install Job Browser (Work Centers > Smart Install > Jobs). See Scheduling Smart Install Configuration Jobs, for more information.

Configuring Smart Install GroupsYou must define a minimum of one Smart Install group to configure an SI director.

To configure Smart Install groups:

Step 1 Select Work Centers > Smart Install > Configure > Setup Smart Install Director. The Configure Smart Install Director single-page wizard appears.

Step 2 From the Select Device pane, select an SI-capable device to configure it as an SI director.

Step 3 Click Next. The Define Smart Install groups pane appears.

Step 4 You can:

• Click Add to add new Smart Install groups. The Add New Group page appears. See Adding Smart Install Groups for more information.

• Select a newly added Smart Install group and click Edit to modify its settings.

• Select a Smart Install group and click Delete to delete a group.

• Click Export all to export all the Smart Install groups to the LMS server.

• Click Import all to import all the Smart Install groups from the LMS server.

Step 5 Click Next. The DHCP Settings pane appears.

Configure DHCP settings if you do not have an external DHCP server configured in your network. See Configuring DHCP Settings for more information.


OL-23861-01


Step 6 Click Next. The Specify Hostname and Join Window pane appears.

Step 7 Click Next. The Schedule Deployment pane appears.

Adding Smart Install Groups

To add new Smart Install groups:


Step 2 From the Select Device pane, select an SI-capable device to configure it as SI director.

Step 3 Click Next. The Define Smart Install groups pane appears with the list of Smart Install groups.

Step 4 Click Add to add new Smart Install groups. The Add New Group page appears with the following information:

Field Description

Group Type Select the type of group from the drop-down list.

The five types of groups are:

• Built-in—In a Smart Install network, these groups are used to configure homogenous groups. For example, you can create a group of switches that have one product ID with an image and configuration file, and create another to configure a second group of switches that have another product ID with another image file and configuration.

• Connectivity—This is a custom group that is used to set up the image and configuration file for all client switches that match connectivity. You can create a custom group based on the connectivity or topology of switches in a Smart Install network. See, Understanding Custom Group Based on Connectivity for more information.

• Stack—This is a custom group that is used to set up the image and configuration file for all client switches that match stack number for switches in a stack. Any switch in a stack that matches the stack number and product ID gets the same configuration.

• Product—This is a custom group is based on the model number of the switch associated with the group.

• Default—This group is for devices that are not part of the above groups. The default image and configuration file will be deployed to the group.

Group Name Enter the name of the group. This should be a unique name.

You can enter alphanumeric characters and underscore (_).

This field appears for Connectivity, Product groups, and Stack groups.


OL-23861-01


Host Details Host is the upstream neighbor of the client switch. You can add, edit, or delete details of the host.

This field appears for Connectivity groups.

To add details of a host:

1. Click Add to launch the Add host details pop-up.

2. Enter the IP address of the host device which is managed in LMS.

3. Select the interfaces of the host to which new devices can be connected.

4. Click Save to save your changes, or click Cancel.

Product Family Enter the product ID for the group. For example, WS-C2960-48TC-L.

This field appears for Product groups.

Select Product Family This field appears for Built-in groups. The supported product families for this release are:

• 2918—Catalyst 2918 product family

• 2960c—Catalyst 2960c product family


• 2960g—Catalyst 2960 Gigabit product family

• 2960s—Catalyst 2960s product family



• 3560c—Catalyst 3560-C product family

• 3560e—Catalyst 3560-E product family

• 3560g—Catalyst 3560 Gigabit product family

• 3560x—Catalyst 3560-X product family


• 3750e—Catalyst 3750-E product family

• 3750g—Catalyst 3750-G Gigabit product family

• 3750x—Catalyst 3750-X Gigabit product family

• nme-es—NME-ES product family

• sm-d-es2—Cisco enhanced EtherSwitch service module, SM-D-ES2 product family

• sm-d-es3—Cisco enhanced EtherSwitch service module, SM-D-ES3 product family

• sm-d-es3g—Cisco enhanced EtherSwitch service module, SM-D-ES3G product family

• sm-es2—Cisco enhanced EtherSwitch service module, SM-ES3 product family

• sm-es3—Cisco enhanced EtherSwitch service module, SM-ES3 product family

• sm-es3g—Cisco enhanced EtherSwitch service module, SM-ES3 product family

Select Port Config Enter the switch port configuration.

This field appears for Built-in groups.

Stack Product Family Select the stack product family from the drop-down list.

This field appears for Stack groups.

Field Description


OL-23861-01


Step 5 Click Save to save your group, click Save and Add Another to save the group and open another screen or click Cancel to cancel the flow. The details get updated in the Smart Install groups table.

Switch Membership Numbers

Enter the switch membership number. The range is from 1 to 9. Enter the numbers separated by commas.

This field appears for Stack groups.

TFTP Server Select one of the following as the TFTP server:

• LMS

The LMS server can function as the TFTP server to store the image and configuration files. The files are stored in the flash memory of the server.

• Director

The director can function as the TFTP server to store the image and configuration files. The files are stored in the flash memory of the director.

When there is not enough space in the device, the image file will not be copied to the device, but, the job will be successful. Smart Install command will be deployed even when the image or config copy fails. You can get more information about the status of image and config copy, from the File_Copy_Info file, which is available at:

NMSROOT\files\rme\Jobs\Smartinstall\Jobid (On Windows)

/var/adm/CSCOpx/files/rme/Jobs/Smartinstall/Jobid (On Solaris and Soft Appliance)

NMSROOT is the LMS install directory

• External Server

Select this option and enter the IP address of the external TFTP server.

You can store all the client image and configuration files on the external server, which can act as TFTP server.

You must have three files on this external TFTP server:

– Configuration file

– Cisco IOS image

– Image file

Image File If you choose LMS or Director as the TFTP server, select the image file from the drop-down list.

If you choose an external server as the TFTP server, enter the name of the image file that is available in the TFTP boot directory of the server.

Configuration File If you choose LMS or Director as the TFTP server, select the configuration file from the drop-down list. The configuration files are stored in:

NMSROOT\files\rme\smartinstall\configs (On Windows)

/var/adm/CSCOpx/files/rme/smartinstall/configs/ (On Solaris and Soft Appliance)

If you choose an external server as the TFTP server, enter the location of the configuration file that is available in the TFTP boot directory of the server.

Field Description


OL-23861-01


Understanding Custom Group Based on Connectivity

You can configure a custom group based on the connectivity or topology of switches in a Smart Install network. For example, you would use a connectivity match to configure a group of switches that are connected to the director through a single interface or switches that are connected to the director through a specific intermediate switch. A connectivity match takes priority over other custom groups (PID or stack number) and over built-in groups. The switches that do not match the connectivity configuration will get the configuration and image in a built-in group or the default configuration.

Configuring DHCP SettingsTo use the zero-touch upgrades, the Smart Install network must have a DHCP server. You can configure the DHCP settings using LMS, if you do not have an external DHCP server configured in your network.

To configure DHCP settings for Smart Install groups:


Step 2 From the Select Devices pane, select one or more SI-capable devices to provision as SI directors.


Step 4 Click Next. The DHCP Settings pane appears with the following details:

Step 5 You can select one of the following:

• Click Add to add new DHCP pools. The Add New DHCP Pool pop-up appears. See Adding DHCP Pools for more information.

• Select a DHCP pool and click Edit to modify its settings.

• Select a DHCP pool and click Delete to delete a DHCP pool.


Step 7 Click Next. The Schedule Deployment pane appears. See Scheduling Smart Install Configuration Jobs, for more information

Field Description

Pool Name Displays the name of the DHCP pool.

Network Address Displays the subnet network number of the DHCP pool.

Network Mask Displays the subnet mask of the DHCP pool network.

Gateway Address Displays the IP address of the default gateway.

File Server Displays the IP address of TFTP server.

VLAN Displays the VLAN of the DHCP server.

The VLAN details appear based on the network address you have entered while configuring the DHCP pool.

To view the VLAN values, the data collection must finish.

Selected VLANs Click Select VLANs to enable snooping on more VLANs.


OL-23861-01


Step 8 Click Finish to deploy the configurations on the SI director.

Adding DHCP Pools

To add new DHCP pools:


Step 2 From the Select Devices pane, select one or more SI-capable devices to provision as SI directors.


Step 4 Click Next. The DHCP Settings pane appears

Step 5 Click Add to add new DHCP pools.


OL-23861-01


The Add New DHCP Pool pop-up appears with the following details:

Step 6 Click Save, or Save and Add Another, or Cancel.

Configuring Host Name and Join WindowYou can specify a hostname prefix and the join window in this pane.

The last three bytes of the client switch MAC address prefixed by the string entered in the Hostname Prefix text box will form a hostname.

Join window is the period during which DHCP requests are processed by the SI director. See, Understanding Join Window for more information.

Field Description

Pool Name Enter the name of the DHCP pool.

Network Address Enter the subnet network number of the DHCP pool.

For example, 1.1.1.0

Network Mask Enter the subnet mask of the DHCP pool network.

For example, 255.255.255.0

Default Gateway Enter the IP address of the default gateway.

File Server Enter the IP address of TFTP server. It can be the IP address of:

• LMS Server

• SI Director

• External TFTP Server


OL-23861-01


To configure hostname and join window for Smart Install groups:


Step 2 From the Select Devices pane, select one SI-capable device to provision as SI director.

Step 3 Click Next. The Define Smart Install groups pane appears. You must configure a minimum of one SI group. See Configuring Smart Install Groups, for more information.

Step 4 Click Next. The DHCP Settings pane appears. See Configuring DHCP Settings, for more information.


• Enter the Hostname Prefix—The last three bytes of the client switch MAC address prefixed by the string you specify here will form a hostname. This field cannot be blank.

• For the Join Window

– Enter the start date and start time.

– Enter the end date and end time.

– If you do not enter the end date and end time, you can select the Recurring check box to schedule the join window at the same time every day of the week.

Step 6 Click Next. The Schedule Deployment pane appears. See Scheduling Smart Install Configuration Jobs, for more information.

Step 7 Click Finish to deploy the configurations on the SI director.

Understanding Join Window

If a join window is not configured, then a zero touch upgrade can happen at any time. If a join window is configured, a zero touch upgrade is possible only during join window. If a switch connects to the director at a time other than during the join window, the Smart Install configuration and image files are not automatically downloaded. Instead the new switch receives the default files from the DHCP server. This feature provides more control and prevents unauthorized switches from receiving the Smart Install configuration.

Scheduling Smart Install Configuration JobsEvery configuration is deployed as a job. In many workflows the Schedule Deployment pane appears at the end. It displays details of the schedule and job options.

Note Smart Install uses NetConfig protocol order to communicate with the device. See Defining the NetConfig Protocol Order, for more information.



OL-23861-01



Field Description






• Monthly—Runs monthly at the specified day of the month and at the specified time.

Job Description Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.


Job Options


Select this check box to cause job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.




Select this check box to cause the job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

This does not apply to Catalyst OS devices.

Enable Job Password

Login Username Enter the login username to access the device. This option is available to you if you have set the appropriate job password policy in Admin > Network > Configuration Job Settings > Config Job Policies.





OL-23861-01


• Click Preview CLI to see the CLI commands that will be applied to the Smart Install devices. You can select a device from the Preview CLI pop-up and see the CLI commands.



A notification message appears along with the Job ID. The newly created job appears in the Smart Install Job Browser (Work Center > Smart Install > Jobs). See Managing Smart Install Jobs for more details.











Field Description


OL-23861-01

Chapter 6 Smart Install in LMS Managing Config and Image for Clients

Defining the NetConfig Protocol Order

To define or modify the NetConfig protocol order:






Step 4 Click Apply.


Step 5 Click OK.

Managing Config and Image for ClientsTo manage the configuration files and the image files of the client switches select Work Centers > Smart Install > Configure > Manage Config and Image files for Client.

For the Smart Install director to configure the client switches, the client switches must download config files and images from one of the following:

• Smart Install director

The SI director will take the image and configuration files from the LMS server, and place them in the flash memory. See Location of the configuration and image files in the LMS server for more information.

• TFTP boot directory of the LMS server

See Location of the configuration and image files in the LMS server for more information.

• An external TFTP server

If you select an external TFTP server as the server for downloading images and configuration files, you must have the image files, and copy the image files and config files to the TFTP boot directory before provisioning Smart Install director. The Smart Install director points the client switches to the TFTP server from which the images and config files can be downloaded.


OL-23861-01

Chapter 6 Smart Install in LMS Managing Config and Image for Clients

Location of the configuration and image files in the LMS server

The configuration files should be available in:

• On Windows, NMSROOT\files\rme\smartinstall\configs

• On Solaris and Soft Appliance, /var/adm/CSCOpx/files/rme/smartinstall/configs/

The image files need to be in the Software Image Management (SWIM) repository located at:

• On Windows, NMSROOT\files\rme\repository

• On Solaris and Soft Appliance, /var/adm/CSCOpx/files/rme/repository

These files will be listed when you configure the SI director.

To manage the configuration files and the image files:

Step 1 Create configuration files using Config Editor.

Step 2 Click the link to the Config Editor from the Manage Config Files and Images page.

To load the config files from the LMS server, or the Smart Install director, you need to create the files using Config Editor. The files that you create here will be listed when you provision the Smart Install director.

To create configuration files using Config Editor, you must open the configuration file in RAW mode and click the Export to Server icon in the Config Editor page to save the config to:

• NMSROOT\files\rme\smartinstall\configs (On Windows)

• /var/adm/CSCOpx/files/rme/smartinstall/configs (On Solaris and Soft Appliance)

You can click the Export to Client icon in the Config Editor page to download the config file to client.

Step 3 Add images to the SWIM repository in LMS.

To load the images from the LMS server, or the Smart Install director, you need to add images to SWIM repository (Configuration > Tools > Software Image Management).

Note You can add only tar images to the SWIM repository. Bin images will not appear as Smart Install uses archive download command to push the images to the clients. If you have tar images in the SWIM repository, they will be listed when you provision the Smart Install director.

Step 4 Click the link to the SWIM repository from the Manage Config Files and Images page.


OL-23861-01

Chapter 6 Smart Install in LMS Managing Smart Install Director

Managing Smart Install DirectorYou can manage the Smart Install director in your network. You can also disable the director capability as well as delete specific Smart Install configurations from the selected director.

To view the SI groups configured on the director, the Telnet and SSH credentials of the director must match the credentials in DCR.

To manage the Smart Install director in your network:

Step 1 Select Work Centers > Smart Install > Configure > Manage Director. The Manage Smart Install Director page appears with the details of the Smart Install directors.

Step 2 You can:

• Select a Smart Install director and click Edit SI Configurations to edit its configuration and other settings.

The Edit Smart Install Groups pane and the related panes appear in the single-page wizard.

For more information, see:

– Configuring Smart Install Groups

– Configuring DHCP Settings

– Configuring Host Name and Join Window

– Scheduling Smart Install Configuration Jobs

Or

• Select a Smart Install director and click Disable SI Configurations to disable the director capability as well as delete specific Smart Install configurations from the selected director.

The Remove Smart Install Configurations pane appears. For more information, see Removing Smart Install Configurations from an SI Director.

Removing Smart Install Configurations from an SI DirectorTo disable the director capability as well as delete specific Smart Install configurations from the selected director:

Step 1 Select Work Centers > Smart Install > Configure > Manage Director. The Manage Smart Install Director page appears

Step 2 Select a Smart Install director and click Disable SI Configurations. The Remove Smart Install Configurations pane appears.

Step 3 You can select the Disable the director capability check box to disable the director capability of the selected SI director.


OL-23861-01

Chapter 6 Smart Install in LMS Generating Smart Install Reports

Step 4 You can also exclude specific Smart Install configurations from the selected director. The available options are:

• Delete all Smart Install configurations

• Delete default image and configuration settings

• Delete Smart Install Custom groups. Click Select Custom groups and select the SI groups that you want to delete.

• Delete Smart Install Built-in groups. Click Select Built-in groups and select the built-in SI groups that you want to delete.

• Delete DHCP pool Select DHCP pool. Click DHCP pool and select the DHCP pools that you want to delete.

• Delete DHCP Snooping on. Click VLANs and select the VLANs that you want to delete.

• Delete hostname prefix for client

• Delete join window.

Step 5 Click Next. The Schedule Deployment pane appears. See Scheduling Smart Install Configuration Jobs, for more information

Step 6 Click Finish in the Schedule Deployment pane to deploy the configurations on the SI director.

Generating Smart Install ReportsSelect Work Centers > Smart Install > Reports.

Or

Select Reports > Fault and Event > Syslog > Smart Install.

The Syslog Custom Report page appears. To generate this report:


Step 2 Enter the information required to generate the required report.

Step 3 After you enter the required information, click Finish.

The columns in the generated Syslog Analyzer Smart Install report are:

Column Description

Device Name Name of the Smart Install device.

Interface Name or IP address of the interface in that device generating the Syslog message.


OL-23861-01

Chapter 6 Smart Install in LMS Generating Smart Install Reports

Timestamp Time when the Syslog message was generated.

The format used by timestamp is:

mmm dd yyyy hh:mm:ss

where:

mmm represents month

dd represents date

yyyy represents year

hh represents hour

mm represents minute

ss represents second

Example:

Nov 18 2010 12:24:36

Facility Facility is SMI.

Sub-Facility Sub-Facility is the subfacility in the device that generated the Syslog message. In most cases, this is blank. An example of an entry in this field isCCM_CDR_INSERT-GENERIC-0-OutOfMemory.

Severity The severity level for the messages. The following are the severity codes:

0—Emergencies

1—Alerts

2—Critical

3—Errors

4—Warnings

5—Notifications

6—Informational

Mnemonic Code that uniquely identifies the error message. For example, UPLOAD, RELOAD,CONFIG.

Description Description of the Syslog message.

Column Description


OL-23861-01

Chapter 6 Smart Install in LMS Managing Smart Install Jobs

Managing Smart Install JobsYou can browse the Smart Install jobs that are deployed on the SI director. Using the Smart Install Job Browser you can manage Smart Install jobs; you can stop, or delete jobs using this job browser.

To invoke the Smart Install job browser:

Select Work Center > Smart Install > Jobs.

The Smart Install job browser appears with a detailed list of all scheduled Smart Install jobs. The browser has the following information:

You can filter the jobs displayed in the Smart Install Job Browser using any of the following criteria and clicking Filter. When you click Filter, you can select any of the following criteria from the Filter by drop-down list, enter the details in the textbox, and click Go.

Column Description










• Waiting—When the job is awaiting approval (if job approval has been enabled).

• Rejected—When the job has been rejected (if job approval has been enabled).









OL-23861-01


You can click Refresh icon to refresh the Smart Install job browser, and Refresh Job icon to refresh the selected Smart Install job.

Records for all jobs need to be purged periodically. You can schedule a default purge job for this purpose (Admin > Network > Purge Settings > Config Job Purge Settings).



Status Select Status and enter any one of these:

• Successful

• Failed

• Stopped

• Running

• Scheduled

• Approved

• Waiting

• Rejected






• Immediate

• Once

• Daily

• Weekly

• Monthly


OL-23861-01


You can perform the following operations using the Smart Install job browser. (See Table 6-3):


The Job Details appears below the list of Smart Install jobs. The details are grouped into three parts:

• Work Order

• Device Details

• Job Summary

Table 6-3 Operations Using the Smart Install Job Browser

Button Description







Unless you own the job, your login determines whether you can use this option. You cannot restart the stopped job.






Unless you own the job, your login determines whether you can use option. You must stop a running job before you can delete it.

Refresh Refreshes the Smart Install job browser.



OL-23861-01




• Job policies


• Device details

• Task














• General Info:

– Status

– Start Time

– End Time

• Job Messages:



• Device Update:

– Successful

– Failed

– Not attempted

– Pending


OL-23861-01

Technology Work Centers iOL-23861-01

A
P P E N D I X A Supported Devices and Images for Technology Work Centers
This section contains information about the following:


• Supported Devices and Images for EnergyWise

• Supported Devices and Images for Auto Smartports

• Supported Devices and Images for Smart Install

• Supported Devices and Images for Medianet

• Known List of Hardware-incapable Devices

Supported Devices and Images for IdentityTable A-1 lists the devices and images that support Identity.

Note The minimum supported software image for MACsec is 12.2(53)SE2 for Cisco Catalyst 3750-X and 3560-X switches. Table A-2 lists the devices that support MACsec.

Table A-1 Supported Devices and Images for Identity






Catalyst 3750 (Stack Mode) 12.2(52)SE

Catalyst 4500 12.2(50)SG

Catalyst 6500 12.2(33)SXI

A-1n Cisco Prime LAN Management Solution 4.1

Appendix A Supported Devices and Images for Technology Work Centers Supported Devices and Images for EnergyWise

Supported Devices and Images for EnergyWiseTable A-3 lists the devices and images that support EnergyWise.

Table A-2 Supported Devices and Images for MACsec

Device Type sysObjectID Minimum Software









Table A-3 Supported Devices and Images for EnergyWise


Cisco 3750 Stack 12.2(58)SE

Cisco Catalyst 3750G-12S Switch 12.2(58)SE


Cisco 2600,2800,3700,3800 Series 16-Port Ether Switch Service Module

12.2(58)SE


12.2(58)SE


12.2(58)SE

Cisco 2851,3800 Series 24-Port Ether Switch (with Stackwise Connectors) Service Module

12.2(58)SE










A-2Technology Work Centers in Cisco Prime LAN Management Solution 4.1

OL-23861-01





Cisco Catalyst 3560-8PC Compact Switch 12.2(58)SE

Cisco Catalyst 3560E-12D-S,E Switch 12.2(58)SE

Cisco Catalyst 3560E-12SD-E,S Switch 12.2(58)SE

Cisco Catalyst 3560-12PC-S Compact Switch 12.2(58)SE







Cisco Catalyst 2960-8TC Compact Switch 12.2(58)SE

Cisco Catalyst 2960G-8TC Compact Switch 12.2(58)SE

Cisco Catalyst 2960-24-S Switch 12.2(58)SE



Cisco Catalyst 2960-24PC-L Switch 12.2(58)SE

Cisco Catalyst 2960-24LT-L Switch 12.2(58)SE

Cisco Catalyst 2960PD-8TT-L Compact Switch 12.2(58)SE

Cisco Catalyst 2960-8TC-S Compact Switch 12.2(58)SE

Cisco Catalyst 2960-48TT-S Switch 12.2(58)SE

Cisco Catalyst 3750G-12S-SD Switch 12.2(58)SE








Cisco Catalyst 3750G-24T Switch 12.2(58)SE





Table A-3 Supported Devices and Images for EnergyWise (continued)



OL-23861-01


Cisco Catalyst 3750G-24TS-1U Switch 12.2(58)SE

Cisco Catalyst 3750-24FS Switch 12.2(58)SE

Cisco Catalyst 2960-48PST-L Switch 12.2(58)SE

Cisco Catalyst 2960-24LC-S Switch 12.2(58)SE

Cisco Catalyst 2960-24PC-S Switch 12.2(58)SE

Cisco Catalyst 2960-48PST-S Switch 12.2(58)SE

Cisco Enhanced Layer 2 Ether Switch Service Module

12.2(58)SE

Cisco Catalyst 3560V2-24DC Switch 12.2(58)SE








Cisco Catalyst 2960x 48tsS 12.2(58)SE

Cisco Catalyst 2960 stack 12.2(58)SE







Cisco ME 4924-10GE Switch 12.2(52)SG







Cisco Catalyst 4948E Ethernet Switch 12.2(54)XO




Cisco 1941W Integrated Services Router 15.0(1)M2





OL-23861-01


Cisco 1905 Serial Integrated Services Router 15.0(1)M2

Cisco CGS-2520-24TC Connected Grid Switch 12.2(53)EX

Cisco CGS-2520-16S-8PC Connected Grid Switch

12.2(53)EX

Cisco 2010 Connected Grid Router 15.1(1)T






Cisco ME 3400G-12CS-D Switch 12.2(53)SE


Cisco ME 3400-24FS-A Switch 12.2(53)SE

Cisco ME 3400EG-2CS-A Switch 12.2(53)SE

Cisco ME 3400EG-12CS-M Switch 12.2(53)SE

Cisco ME 3400E-24TS-M Switch 12.2(53)SE

Cisco ME 3400-24TS-A Switch 12.2(53)SE

Cisco ME 3400-24TS-D Switch 12.2(53)SE








15.0(1)M2


15.0(1)M2


15.0(1)M2



15.0(1)M2


15.0(1)M2



15.0(1)M2




OL-23861-01



15.0(1)M2



15.0(1)M2


15.0(1)M2




Cisco IAD885F-D-3 15.0(1)M2

Cisco IAD888E,IAD888EW Integrated Access Device

15.0(1)M2


Cisco 861 Npe 15.0(1)M2






Cisco 887V Integrated Services Router 15.0(1)M2





Cisco 888E,888EW Integrated Services Router 15.0(1)M2

Cisco 888ESRST,888ESRSTW Integrated Services Router

15.0(1)M2



Cisco Catalyst 2960S-48FPD-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48LPD-L Switch 12.2(53)SE2


Cisco Catalyst 2960S-24PD-L Switch 12.2(53)SE2


Cisco Catalyst 2960S-48FPS-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-48LPS-L Switch 12.2(53)SE2

Cisco Catalyst 2960S-24PS-L Switch 12.2(53)SE2




OL-23861-01












Cisco Catalyst 2975 Switch 12.2(50)SE

Cisco Catalyst 2350-48TD-S Switch 12.2(52)SE

Cisco Catalyst 2360-48TD-S 12.2(53)EY



Cisco ME 3600X-24FS-M Switch 12.2(52)EY

Cisco ME 3600X-24TS-M Switch 12.2(52)EY

Cisco ME 3800X-24FS-M Switch Router 12.2(52)EY

Cisco 887VA M Integrated Services Router 15.0(1)M2



Cisco 892F Integrated Services Router 15.1(2)T2

Cisco Catalyst 4948E-F Switch 12.2(54)WO


Cisco Catalyst 6509-NEB Switch 12.2(33)SXI4


Cisco Catalyst 6504-E Switch 12.2(33)SXI4

Cisco Catalyst 6509-V-E Switch 12.2(33)SXI4


Cisco Catalyst 6509-NEB-A Switch 12.2(33)SXI4


Cisco Virtual Switching System 12.2(33)SXI4

Cisco Catalyst C2928-48TC-C Switch 12.2(55)EZ

Cisco Catalyst 2928-24TC-C Switch 12.2(55)EZ

Cisco Catalyst C2928-24LT-C Switch 12.2(55)EZ

Cisco Catalyst 3560CG-8PC-S Compact Switch 12.2(55)EX




OL-23861-01

Appendix A Supported Devices and Images for Technology Work Centers Supported Devices and Images for Auto Smartports

Supported Devices and Images for Auto Smartports Table A-4 and Table A-5 lists the devices and images that support Auto Smartports.

Note Minimum supported IOS version for Device Profiling is 15.0(1)SE.

Cisco Catalyst 3560CG-8TC-S Compact Switch 12.2(55)EX

Cisco Catalyst 2960CPD-8PT-L Switch 12.2(55)EX

Cisco Catalyst 2960CG-8TC-L Compact Switch 12.2(55)EX

Cisco Enhanced Layer 2 EtherSwitch Service Module

12.2(58)SE

Cisco Enhanced Layer2, Layer3 EtherSwitch Service Module

12.2(53)SE2




Table A-4 Supported Devices and Images for Auto Smartports


Cisco Catalyst 2960S and 2960 Series Switches 12.2(52)SE

Cisco Catalyst 3750, 3750-E, 3750v2 12.2(52)SE

Cisco Catalyst 3750-X, 3750-G 12.2(55)SE

Cisco Catalyst 3560, 3560v2, 3560-E 12.2(52)SE

Cisco Catalyst 3560-X 12.2(55)SE




OL-23861-01

Appendix A Supported Devices and Images for Technology Work Centers Supported Devices and Images for Auto Smartports

Table A-5 Auto Smartports Supported Switch Modules of ISRs

Routers

Auto Smartports Supported Switch Module Switch Image



SM-D-ES3-48-P 12.2(55)EX

SM-D-ES2-48 12.2(55)EX

SM-ES3G-24-P 12.2(55)EX

SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ


SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ



NME-X-23ES-1G-P 12.2(55)EZ





NME-X-23ES-1G-P 12.2(55)EZ


OL-23861-01

Appendix A Supported Devices and Images for Technology Work Centers Supported Devices and Images for Smart Install

Supported Devices and Images for Smart InstallTable A-6 lists the devices and images that support SI.

Supported Devices and Images for Medianet Table A-7 and Table A-8 list the devices, switch modules, and images, that support Medianet.

Table A-9 lists the Medianet Supported DMPs and IPVSCs.

Note Support for location deployment is available for Cat 2K devices and SM ES2 Module, but Location MIB collection is not supported through Inventory.

Table A-6 Supported Devices and Images for Smart Install

Device Type Director Client Supported Software

Catalyst 3750, 3750-X, 3750E Yes Yes 12.2(58)SE

Catalyst 3560, 3560E, 3560-X Yes Yes 12.2(58)SE

Table A-7 Supported Devices and Images for Medianet




Table A-8 Medianet Supported Switch Modules of ISRs




SM-D-ES3-48-P 12.2(55)EX

SM-D-ES2-48 12.2(55)EX

SM-ES3G-24-P 12.2(55)EX

SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ


OL-23861-01

Appendix A Supported Devices and Images for Technology Work Centers Supported Devices and Images for Medianet


SM-ES3-24-P 12.2(55)EX

SM-ES2-24-P 12.2(55)EX

SM-ES2-24 12.2(55)EX

SM-ES3G-16-P 12.2(55)EX

SM-ES3-16-P 12.2(55)EX

SM-ES2-16-P 12.2(55)EX

NME-16ES-1G-P 12.2(55)EZ



NME-X-23ES-1G-P 12.2(55)EZ





NME-X-23ES-1G-P 12.2(55)EZ

Table A-8 Medianet Supported Switch Modules of ISRs




OL-23861-01

Appendix A Supported Devices and Images for Technology Work Centers Known List of Hardware-incapable Devices

Known List of Hardware-incapable DevicesTable A-10 lists the hardware-incapable devices for EnergyWise, ASP, SI, and Identity.

Table A-9 Medianet Supported DMPs and IPVSCs

Endpoint OUI

Camera PID

CIVS-IPC-4300 00-1E-BD

CIVS-IPC-4500 00-21-IB

CIVS-IPC-2421 00-1D-E5

CIVS-IPC-2520V/CIVS-IPC-2521V

00-21-1B

CIVS-IPC-2530VCIVS-IPC-2531V

00-1E-BD

CIVS-IPC-2500 00-21-1B

CIVS-IPC-2500W 00-1D-E5

DMP

DMP 0023.AC

DMP 000F.44

Table A-10 Known List of Hardware-incapable Devices for EnergyWise, ASP, SI, and Identity

Device Family Device

Cisco Catalyst 2900 Series Switches Cisco Catalyst 2980G-A Switch

Cisco Catalyst 2902 Switch


Cisco Catalyst 2926G Switch

Cisco Catalyst 2926G-L3 Switch

Cisco Catalyst 2926GL Switch


Cisco Catalyst 2926GS Switch

Cisco Catalyst 2926T Switch

Cisco Catalyst 2948G-GE-TX Switch




OL-23861-01


Cisco Catalyst 2900 XL Series Switches (contd.) Cisco Catalyst 2908 XL Switch


Cisco Catalyst 2912 XL Switch

Cisco Catalyst 2912MF XL Switch

Cisco Catalyst 2916M XL Switch



Cisco Catalyst 2924C XL Switch

Cisco Catalyst 2924M XL DC Switch

Cisco Catalyst 2924M XL Switch

Cisco Catalyst 2940 Series Switches Cisco Catalyst 2940-8TF Switch

Cisco Catalyst 2940-8TT Switch

Cisco Catalyst 2950 Series Switches Cisco Catalyst 2950 12 Switch

Cisco Catalyst 2950 24 Switch

Cisco Catalyst 2950C 24 Switch

Cisco Catalyst 2950G 12 EI Switch

Cisco Catalyst 2950G 24 EI DC Switch



Cisco Catalyst 2950SX 24 Switch

Cisco Catalyst 2950SX 48 SI Switch

Cisco Catalyst 2950T 24 Switch

Cisco Catalyst 2950T 48 SI Switch

Cisco Catalyst 3500 XL Series Switches Cisco Catalyst 3508G XL Switch


Cisco Catalyst 3524 PWR XL Switch






OL-23861-01


Cisco Catalyst 3550 Series Switches Cisco Catalyst 3550 12G Switch

Cisco Catalyst 3550 12T Switch

Cisco Catalyst 3550 24 DC SMI Switch

Cisco Catalyst 3550 24 EMI Switch

Cisco Catalyst 3550 24 FX SMI Switch

Cisco Catalyst 3550 24 PWR Switch

Cisco Catalyst 3550 24 SMI Switch

Cisco Catalyst 3550 48 EMI Switch

Cisco Catalyst 3550 48 SMI Switch



Cisco Catalyst 2955 Series Switches Cisco Catalyst 2955C 12 Switch

Cisco Catalyst 2955S 12 Switch

Cisco Catalyst 2955T 12 Switch




OL-23861-01


I N D E X

A

ACL commands

customized web pages from NGS server 2-26

ASP interfaces

configure 4-20

Auto Smartports

about 4-2

configure 4-11

ASP interfaces 4-20

Getting Started 4-4

Macros

edit 4-15

Readiness Assessment 4-19

Remote Macro 4-16

reports 4-21

System Defined Events 4-14

System Defined Macros 4-14

C

cautions

resetting EnergyWise data purge policy 3-47

Collection Summary 3-48

compliance check 3-50

device collection 3-48

endpoints collection 3-49

commands

enable EnergyWise on devices in different subnets 3-21, 3-30

compliance check 3-50

configure

Apply EnergyWise Policies to Endpoints 3-25

Auto Smartports 4-11

endpoint group

threshold settings 3-36

EnergyWise Attributes on Endpoints 3-21

EnergyWise events 3-39

SI groups 6-6

add 6-7

configure Identity

Local WebAuth Settings 2-25

workflow 2-20

configure RADIUS server

RADIUS Group 2-18

Single RADIUS host 2-17

Connectivity groups 6-7

D

dashboard

EnergyWise 3-4

Default groups 6-7

E

enable

EnergyWise on switches

assign devices to domain 3-20

disjoint domains 3-21, 3-30

Endpoint 3-29, 3-33

endpoint group

threshold settings 3-36

syslog severity 3-37

threshold 3-36

trap 3-37

IN-1nters in Cisco Prime LAN Management Solution 4.1

Index

endpoint groups

about 3-33

add 3-35

manage 3-33

EnergyWise

about 3-2

Domain members 3-2

endpoints 3-2

management stations 3-2

advantages 3-3

Collection Summary 3-48

configure

Apply Policies to Endpoints 3-25

Apply Policies to Endpoints Groups 3-26

Attributes on Endpoints 3-21

dashboard 3-4

enable EnergyWise on switches 3-20

assign devices to domain 3-20

features 3-3

Getting Started 3-18

policies

add 3-38

Policy Compliance 3-27

portlets

Capability Summary 3-11

Current Power Consumption 3-8

Endpoint Group 3-10

Policy Override 3-9

Power Consumption 3-5

Savings Trend Graph 3-7

Total Savings Graph 3-6

settings 3-45

Collection Settings 3-46

cost settings 3-46

data purge settings 3-47

Supported Devices and Images 3-12

EnergyWise Devices

managing 3-28

EnergyWise Domain

IN-2Technology Work Centers in Cisco Prime LAN Management Soluti

add 3-32

managing 3-30

EnergyWise Level 3-40

G

Getting Started

Auto Smartports 4-4

EnergyWise 3-18

Identity 2-15

Smart Install 6-2

H

host 6-8

host modes

multi-auth mode 2-7

multi-domain host mode 2-7

multiple host mode 2-7

single host mode 2-7

Host Name 6-12

I

Identity

configure RADIUS server 2-17

dashboard 2-10

features 2-3

Getting Started 2-15

jobs 2-26

Readiness Assessment 2-29

reports 2-32

Security Modes 2-4

Supported Devices and Images 2-15

Identity portlets

802.1x agentless 2-12

authenticated users 2-12

authorization trend 2-10

on 4.1OL-23861-01

Index

authotication trend 2-10

configuring 2-11

security modes distribution 2-11

user tracking 2-12

Image File 6-9

Importance 3-39

event 3-40

J

job

Smart Install

details 6-23

jobs

Auto Smartports

manage 4-22

schedule 4-16

EnergyWise 3-41, 5-29

details 3-43, 5-31

Identity 2-26

schedule

EnergyWise 3-24

Smart Install

manage 6-21

schedule 6-13

Join Window 6-12

L

Local WebAuth Settings

Device Storage Location 2-25

NGS Hotspot Name 2-26

Location collection

configure 5-13

enable 5-10

TechnologyOL-23861-01

M

Macros

edit 4-15

MACsec security policies 2-9

manage


EnergyWise

policies 3-38

SI client config and image 6-16

SI director 6-18

delete 6-18

manage jobs

Identity 2-33

details 2-35

Management Secret 3-29, 3-32

managing

EnergyWise Devices 3-28

EnergyWise Domain 3-30

add 3-32

Medianet

dashboard 5-15

features 5-4

Medianet Endpoint Inventory Report 5-26

Medianet Endpoint Inventory Report, interpreting 5-27

prerequisites 5-9

reports 5-25

reports, custom layouts 5-25

supported device, images 5-6

Troubleshooting endpoints 5-28

Medianet portlets

Faults on Devices with Medianet Endpoints 5-18

Last N Config Changes 5-22

Last N Connected Medianet endpoints 5-21

Medianet Endpoints Status Across Locations 5-24

Unreachable Medianet Endpoints 5-19

MKA protocol 2-9

IN-3 Work Centers in Cisco Prime LAN Management Solution 4.1

Index

N

NetConfig Protocol Order

defining 2-29

Network Time Protocol (NTP) Server 3-33

P

Policy Compliance

EnergyWise 3-27

portlet

Technology 1-3

prerequisites

configure Identity 2-20

Product groups 6-7

R

Readiness Assessment


Identity 2-29

Remote Macro 4-16

reports


EnergyWise 3-45

Smart Install 6-19

S

Secret

Domain 3-28, 3-32

Endpoint 3-29, 3-33

Management 3-29, 3-32

NTP 3-29, 3-33

SI director

configure 6-5

SI groups

Built-in 6-7

IN-4Technology Work Centers in Cisco Prime LAN Management Soluti

Connectivity 6-7

Default 6-7

host 6-8

Product 6-7

Stack 6-7

TFTP Server 6-9

Smart Install

about 6-1

client config and image 6-16

configure

SI director 6-5

SI groups 6-6

features 6-1

Getting Started 6-2

reports 6-19

SI director

DHCP settings 6-10

Stack groups 6-7

Supported Devices and Images

EnergyWise 3-12

Identity 2-15

System Defined Events 4-14

System Defined Macros 4-14

T

TFTP server

Configuration File 6-9

image file 6-9

types 6-9

U

understanding

authentication profiles 2-5

802.1X 2-5

FlexAuth 2-6

Local WebAuth 2-6

on 4.1OL-23861-01

Index

MAB 2-6

WebAuth 2-6

Change of Authorization (CoA) 2-8

host modes 2-6

multi-auth mode 2-7

multi-domain 2-7

single host mode 2-7

MAC move 2-8

MAC replace 2-8

MACsec 2-8

security modes 2-4

high impact mode 2-5

low impact mode 2-5

monitor mode 2-4

User-defined Macro

example 4-16

TechnologyOL-23861-01
IN-5
Work Centers in Cisco Prime LAN Management Solution 4.1

Documents

Technology Work Centers in Cisco Prime LAN Management ... · Contents v Technology Work Centers in Cisco Prime LAN Management Solution 4.1 OL-23861-01 EnergyWise - Current Power Consumption