Scribd Logo
Importer

Bienvenue sur Scribd !

  • Prime Part 3

    Transféré par

    Ratnesh Kumar
    73 vues10 pages
    Prime Part 3

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Prime Part 3

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    73 vues10 pages

    Prime Part 3

    Transféré par

    Ratnesh Kumar
    Prime Part 3

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 10

    CISCO PRIME INFRASTRUCTURE 3.

    1 V1
    30 MINUTES PART 3
    SCENARIO 4. CONFIGURATION
    Ratnesh
    Cisco Prime Infrastructure provides multiple options to manage, maintain, deploy and
    audit configurations for the entire network.
    1. From the Configuration > Network > Network Devices page, you can view all devices
    and device configuration information. You can add, edit, delete, sync, and export
    devices, add and delete devices from groups and sites, and perform a bulk import.
    2. Select one of the devices from the list and click Edit.
    3. Close the window after exploring the options.

    SCENARIO 4. CONFIGURATION
    The Compliance Services feature allows you to run Cisco PSIRT security and EOX obsolete-
    device compliance reports. You can also establish baseline device configuration
    standards, and then audit field configurations against these standards to identify devices
    that are non-compliant and how their configuration differs from the standards.
    Compliance Services are available only on the Professional virtual appliance and on the
    Cisco Unified Computing System (UCS) Gen 2 physical appliance.
    1. Go to Configuration > Compliance > Profiles.
    2. Select the dCloudTest profile.
    3. Select the third Policy in the list. You can see from the information for the rules defined
    for this policy that it will check that a device configured with a DNS server.
    4. Policies are defined by the user and then added to Profiles. Select Configuration >
    Compliance > Policies to see the policies that have been created on this system.
    5. Click the information icon next to a policy to see options for exporting or viewing the
    policy in XML format.
    6. To use the dCloudTest profile to audit network devices in this demonstration, select
    Configuration > Compliance > Profiles.

    DEVICE COMPLIANCE
    7. Select the dCloudTest policy and then click the Run Compliance Audit icon.
    8. Select the Location > All Locations > Asia Pacific box.
    9. Select the Use current device configuration radio box and then click Next.
    10. Give the job a name and click Finish.
    11. To check the progress of the compliance job, go to Configuration > Compliance > Jobs.
    10. Give the job a name and click Finish.
    11. To check the progress of the compliance job, go to Configuration > Compliance > Jobs.
    12. Your job should show as Running for some time. Once the job is complete, it will show a
    Last Run Result as Failure. This is because the devices are out of compliance with the policies
    assigned to the dCloudTest profile.
    13. Once the job has completed, click the Failure link to open the Compliance Audit
    Violations Details window.
    14. Click X to close the window. 15. Click the Violation Summary tab to see which devices
    and policies caused the compliance job to fail. The Violation Message will indicate which
    policy the device was not in compliance with.
    You can run a report to determine if any devices in your network have security
    vulnerabilities as defined by the Cisco Product Security Incident Response Team (PSIRT).
    You can also view documentation about the specific vulnerability that describes the
    impact of vulnerability and any potential steps needed to protect your environment.
    1. Go to Reports > PSIRT and EoX.
    2. Click the Device PSIRT tab to view PSIRT information.
    3. In the PSIRT Title column, click the hyperlink to view the full description of the security
    vulnerability.
    4. This will open a separate window where you can read details of the vulnerability and
    next steps. You can download the PSIRT report in PDF and CSV formats.
    Viewing End-of-Life Reports
    You can run a report to determine if any Cisco device hardware or software in your
    network have reached its end of life (EOX). This can help you determine product
    upgrade and substitution options. 1. Click each of the following EOX tabs to view the
    report information specific to that tab: Device Hardware EOX

    VIEWING DEVICE SECURITY VULNERABILITIES


    Device Software EOX
    Viewing Field Notices for Devices
    You can run a report to determine if any Cisco devices that are managed and have
    completed a full inventory collection have any field notices. Field Notices are
    notifications that are published for significant issues, other than security vulnerability-
    related issues, that directly involve Cisco products and typically require an upgrade,
    workaround, or other customer action.
    1. Click the Field Notice tab to view field notice information.
    2. Click on the information icon in the Vulnerable column to view more information on
    cisco.com.
    Manually upgrading your devices to the latest software version can be error prone and time
    consuming. Cisco Prime Infrastructure simplifies the version management and routine
    deployment of software updates to your devices by helping you plan, schedule, download,
    and monitor software image updates. You can also view software image details, view
    recommended software images, and delete software images.
    The software image management page provides a consolidated view of the various aspects of
    image management such as software image management lifecycle widget, software image
    summary, and job details. Prime Infrastructure stores all of the software images for the devices
    in your network.
    The images are stored according to the image type and version. Before you can upgrade
    software images, you must configure your devices with Telnet or SSH credentials. Also SNMP
    read-write community strings that match the community strings entered when the device was
    added to Prime Infrastructure must be configured.
    The Software Image workflow includes easy to follow steps for managing software images.
    Each quadrant of the workflow image provides useful information about adding, distributing,
    activating and optionally committing software images.
    1. Click the Add/Import section to see how to add or import software images.

    SOFTWARE IMAGE MANAGEMENT


    2. In the right frame, there are links to other useful tasks related to image management.
    Configuration Templates
    You can use Cisco Prime Infrastructure configuration templates to design the set of device
    configurations that you need to set up the devices in a branch. When you have a site, office,
    or branch that uses a similar set of devices and configurations, you can use configuration
    templates to build a generic configuration that you can apply to one or more devices in the
    branch. You can also use configuration templates when you have a new branch and want
    to quickly and accurately set up common configurations on the devices in the branch.
    Altering configurations across a large number of devices can be tedious and time-
    consuming, and templates save you time by applying the necessary configurations and
    ensuring consistency across devices.
    In this scenario, you will deploy a new SSID using Prime Infrastructure.
    1. From a wireless user device, such as an iPad, go to Settings > Wi-Fi. Note the current SSIDs.
    2. Open a new browser tab to the vWLC. a. If connecting via WKST1, use the browser
    bookmark. b. If connecting from your local browser, navigate to the vWLC Public IP
    address.
    3. Login using the credentials from the Session Details of your Active session.
    4. From the main Dashboard, click the checkbox in the Wireless Networks summary dashlet.
    5. Note that only one WLAN is configured: Demo_Internal.
    6. Return to the browser tab connected to Cisco Prime Infrastructure.
    7. Go to Configuration > Templates > Features and Technologies.
    8. In the left panel expand the My Templates folder.
    9. Select the information icon for the dcloud-ssid-create template to see actions. From here
    you can Edit the template if required.
    10. Click the dcloud-ssid-create template link..
    Navigate through the tabs to show all of the features that can be configured for an SSID
    deployment.
    This template will push a new SSID (dcloud-test) to the WLC when deployed.
    11. Click Deploy at the bottom of the window.
    12. In the Template Deployment popup, click the arrow next to All Devices and select the
    vwlc1 device.
    13. Click OK to deploy the template.
    14. Return to the browser tab open to vWLC1.
    15. Select WLANs. Refresh the page if necessary to show the newly deployed SSID.
    16. If the Admin Status shows the WLAN as Disabled, click the link for the WLAN ID and enable
    it.
    17. Check Enabled and click Apply.
    If you have an endpoint router with embedded AP or an AP connected to the Public IP of
    the vWLC, you will see the newly deployed SSIDs on your wireless device. (Refer to the Getting
    Started section of this guide for instructions.)
    18. You can connect your wireless device to the Demo_Internal SSID using the credentials
    itadmin with password C1sco12345.

    Vous aimerez peut-être aussi