Cisco Prime Infrastructure and IP SLA.

Well, I just want to create a little note for myself about CPI 2.2 and IP SLA feature.

• Monitoring of IP SLA is possible, but you have to add it manually and I’ve found this way is very complicated ans isn’t usable - Cisco Prime Infrastructure 2.2 User Guide > Monitoring your network > Monitoring Third-Party Devices By Polling MIBs > Example: Monitoring IP SLA.

• “IP SLA provisioning” feature is not yet available in Prime Infrastructure. This is targeted for a yet to be named future release. Each subsequent PI release after 2.2 is targeted to get more of the feature LMS functionality into Prime Infrastructure with the intent of PI being the replacement for the outdated LMS software. Once this takes place, LMS will be retired. Expect this to take place over the next several release cycles for the PI software.

• In addition, I’ve found some publicly available thread: What are Prime Infrastructure’s IP SLA capabilities?.

Cisco Prime - How to configure Backup. [TESTED]

Tested on CPI 2.2.

Official documentation: Cisco Prime Infrastructure 2.2 Administrator Guide > Backing Up and Restoring Prime Infrastructure.


Prime Infrastructure creates two types of backups:

• Application backups: These contain all Prime Infrastructure application data, but do not include host-specific settings, such as the server hostname and IP address.
• Appliance backups: These contain all application data and host-specific settings, including the hostname, IP address, subnet mask, and default gateway.

Basically, it’s all about these two commands:

backup BACKUP_NAME repository REPO_NAME application NCS
backup BACKUP_NAME repository REPO_NAME

We recommend:

• If you are evaluating Prime Infrastructure: Use the default automatic application backup to the local repository.
• If you are running Prime Infrastructure in a production environment, either as a virtual or hardware appliance: Take regular application backups to a remote backup server. You can use the application backups to restore your server for all failures except complete failure of the server hardware.

• Prime Infrastructure provides automatic, scheduled application backups. This feature is enabled by default, and creates one application backup file each week, automatically, in the default local backup repository.
• Automatic application backup can create storage-space problems if the backup repository is local to the Prime Infrastructure server. While this is usually acceptable in test implementations, it s not intended to substitute for routine scheduled backups to remote servers in a production environment.
• By default, the automatic application backup feature stores backup files in the local backup repository /localdisk/defaultRepo. You can use the Prime Infrastructure interface to change the local automatic application backup repository, or create a new local repository.

prime-hostname/admin# dir disk:/defaultRepo/

Directory of disk:/defaultRepo/
  136123098 Jan 06 2015 03:31:30  prime-hostname-150106-0330__VER2.
  143964366 Jan 09 2015 03:31:44  prime-hostname-150109-0330__VER2.

           Usage for disk: filesystem
                  477233152 bytes total used
                123100844032 bytes free
                130304061440 bytes available

Automatic Application Backups

• Administrations > Settings > Background Tasks > Other Background Tasks area > Prime Infrastructure Server Backup task.
• You can create new “Backup Repository”, but FTP ONLY. If you would like to use SFTP you have to create it using ADE-OS CLI:

conf t
 repository Backup
  url sftp://
  user SFTPUSER password plain SFTPPASS

Some important notes:
• While configuring SFTP repository keep in mind that CPI and ACS works different (here you can find my old post about SFTP repository on ACS):
– ACS uses root catalog while CPI uses current folder.
– CPI does not require RSA key creation for repository.
– CPI does not use password to create/restore backup.
• CPI 2.2 still has a bug CSCun09225 - PI cannot upload to SFTP root directory of external server, so if you want to use current folder in repository without specification subfolder you must configure a dot as I mentioned above or you will get the following error:

prime-hostname/admin# show repository Backup
% Error opening directory on remote server

Normal behavior is like this:

prime-hostname/admin# show repository Backup
% Repository is empty

• The final step is to choose “Interval” and “Time of Day” and then press “Save”.

Manual Backup

Application backup

On a new system it takes ~3 minutes and ~160MB disk space.

prime-hostname/admin# backup test-initial-backup repository Backup application NCS

DO NOT press ^C while the backup is in progress
Aborting backup with a ^C may terminate the backup operation or the backup file may be corrupted

  Backup Started at : 01/13/15 01:45:49
  Stage 1 of 7: Database backup ...
  Database size: 15G
  -- completed at  01/13/15 01:47:35
  Stage 2 of 7: Database copy ...
  -- completed at  01/13/15 01:47:35
  Stage 3 of 7: Backing up support files ...
  -- completed at  01/13/15 01:47:35
  Stage 4 of 7: Compressing Backup ...
  -- completed at  01/13/15 01:47:37
  Stage 5 of 7: Building backup file ...
  -- completed at  01/13/15 01:47:50
  Stage 6 of 7: Encrypting backup file ...
  -- completed at  01/13/15 01:47:54
  Stage 7 of 7: Transferring backup file ...
  -- completed at 01/13/15 01:48:07
% Backup file created is: test-initial-backup-150113-0145__VER2.
  Total Backup duration is: 0h:2m:18s

Then you can check:

prime-hostname/admin# show backup history
Tue Jan 13 01:48:07 PST 2015: backup test-initial-backup-150113-0145__VER2.
4.tar.gpg to repository Backup: success
prime-hostname/admin# show repository Backup

Appliance backup

Exactly the same, but without specification of application name:

prime-hostname/admin# backup test-initial-backup repository Backup

Cisco Prime 2.2 and CDP. [TESTED]

Well, I have CPI v2.2 installed on hardware appliance with two physical interfaces connected: Gi0 is acting as Management/Runtime, Gi1 is acting as Runtime ONLY (the same thing as ACS has).

So, if you going to configure the 2nd interface, reboot is required, because CDP will not work without it. You can’t even add configuration statement:

prime/admin# conf t
prime/admin(config)# cdp run GigabitEthernet 1
prime/admin(config)# do sh run | i cdp
cdp timer 60
cdp holdtime 180
cdp run GigabitEthernet 0

After server reboot you will see configuration statement and CDP neighbors.

Cisco Prime - How to configure SMTP server. [TESTED]

There is a great document from Cisco about it - Configuring the Mail Server on the Prime Infrastructure, but it needs additional step to get it done. So, the whole procedure would be like this:

Administration > Settings > System Settings > Mail Server Configuration:
• Primary SMTP Server > Hostname/IP: (Make sure that you have configured DNS servers in ADE-OS “ip name-server“)
• Sender And Receivers > From:, To: > Save > Test.
• Configure email notification for individual alarm categories > Mark ALL of available options > Save.

Now you are good.

Cisco Prime - Configuring NTP and TimeZone. [TESTED]

• Loging as admin via SSH.
• Configure NTP and TimeZone. Available TimeZone listed [url]here (Getting Started Guide)[/url]:

prime/admin# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
prime/admin(config)# ntp server
prime/admin(config)# do show ntp
NTP Server 1 :

  time server re-starting
   polling server every 64 s

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================   2 u    1   64    1   37.636   -0.635   0.001

Warning: Output results may conflict during periods of changing synchronization.

prime/admin(config)# clock timezone PST8PDT
% Warning: System timezone was modified, NCS will need to be restarted.
prime/admin(config)# exit
prime/admin# wri memory
Generating configuration...

• Restart NCS process (it takes forever!, so be prepared):

prime/admin# ncs stop

Stopping Prime Infrastructure...

This may take a few minutes...

Prime Infrastructure successfully shutdown.

Plug and Play Gateway is being shut down..... Please wait!!!

Stop of Plug and Play Gateway Completed!!
Stopping SAM daemon...
Checking for SAM daemon again ...
SAM Daemon not found...
Stopping DA daemon ...
Checking for DA daemon again ...
DA Daemon not found...
Stopping strongSwan IPsec...
prime/admin# ncs start

Starting Prime Infrastructure...

This may take a while (10 minutes or more) ...

Prime Infrastructure started successfully.

Starting strongSwan 5.0.1 IPsec [starter]...
prime/admin# ncs status
Health Monitor Server is running.
Matlab Server Instance 1 is running
Ftp Server is running
Database server is running
Matlab Server is running
Tftp Server is running
NMS Server is running.
Plug and Play Gateway is running.
SAM Daemon is running ...
DA Daemon is running ...

• Check the result via SSH and HTTPs:

prime/admin# show clock
Fri Dec 26 00:55:04 PST 2014

Tested on CPI 2.2.

Admin area