Cisco Prime Network 3.9 Change and Configuration ... · Cisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide OL-26498-01 1 Introduction to Change

Cisco Prime Network 3.9 Change and Configuration Management User and Administrator GuideJune 13, 2012

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-26498-01

http://www.cisco.com

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide © 2012 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

Cisco Prime NeOL-26498-01

C O N T E N T S

Preface v

Audience v

Document Organization vi

Conventions vii

Related Documentation vii

Obtaining Documentation and Submitting a Service Request viii

C H A P T E R 1 Introduction to Change and Configuration Management 1-1

Features of Cisco Prime Network Change and Configuration Management 1-1

Setup Tasks to Perform Before Using Change and Configuration Management 1-6

Launching the GUI and GUI Basics 1-9

How To Launch the Change and Configuration Management GUI 1-9

Basics of the Change and Configuration Management GUI 1-13

C H A P T E R 2 Using the Change and Configuration Management Dashboard 2-1

C H A P T E R 3 Managing Configurations 3-1

Managing and Comparing Configurations in the Archive 3-3

Searching for a Configuration File in the Archive 3-5

Viewing the Contents of a Device Configuration File 3-6

Labelling Configuration Files 3-7

Comparing Configuration Files 3-11

Exporting Configuration Files 3-14

Synchronizing Out-of-Sync Configurations (Cisco IOS and Cisco Nexus Only) 3-15

Backing Up Device Configuration Files to the Archive 3-16

Restoring a Configuration from the Archive to Devices 3-20

Editing a Configuration File before Restoring it to a Device 3-22

Deleting Configuration Files from the Archive 3-24

Viewing Configuration Change Logs 3-25

C H A P T E R 4 Managing Software Images 4-1

Special Notes on Cisco IOS XR Package Management 4-3

Using the Prime Network Image Repository 4-3

iiitwork 3.9 Change and Configuration Management User and Administrator Guide

Contents

Browsing and Searching for Images in the Prime Network Image Repository 4-4

Importing Images into the Prime Network Image Repository 4-5

Editing Image Attributes in the Prime Network Image Repository 4-10

Deleting Images from the Prime Network Image Repository 4-10

Adding Packages to Cisco IOS XR Devices 4-11

Distributing Images and Performing an Upgrade Analysis 4-13

Activating and Deactivating Images and Checking Image Status 4-19

Committing Packages (Cisco IOS XR Only) 4-25

Rolling Back Cisco IOS XR Packages 4-26

C H A P T E R 5 Managing Device Groups 5-1

Managing User-Defined Device Groups 5-2

Creating a Device Group 5-3

Editing the Device Group Details 5-6

C H A P T E R 6 Managing Change and Configuration Management Jobs 6-1

C H A P T E R 7 Change and Configuration Management Administration 7-1

Configuring Global Settings for Configuration Management 7-1

Configuring Global Settings for Image and Package Management 7-7

Administration and Security 7-11

A P P E N D I X A Supported Devices for Change and Configuration Management A-1

IN D E X

ivCisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01

Preface

This guide describes how to use and administer Cisco Prime Network Change and Configuration Management. This preface contains the following sections:

• Audience, page v

• Document Organization, page vi

• Conventions, page vii

• Related Documentation, page vii

• Obtaining Documentation and Submitting a Service Request, page viii

AudienceThe intended audience for this documentation includes:

• Network viewers who monitor the network and perform basic (nonprivileged) system functions.

• Network operators who perform day-to-day operations such as creating business tags and maps, and managing alarms.

• Network configurators who activate services and configure network elements.

• System administrators who manage and configure users, network elements, the Change and Configuration Management system, and overall security.

• System managers or administrators who periodically review and manage the events list using Cisco Prime Network Events.

• Networking engineers who are interested in understanding how the Change and Configuration Management fault and root cause analysis mechanism works. These engineers should have networking knowledge at Cisco Certified Network Associate (CCNA) level, and should have received Change and Configuration Management basic and administrative training.

vCisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01

Preface

Document OrganizationThis guide includes the following chapters and appendixes:

Chapter/ Appendix Title Description

1 Introduction to Change and Configuration Management

Introduces the features of Change and Configuration Management and lists the prerequisites to using it.

2 Using the Change and Configuration Management Dashboard

Describes how to use the dashlets displayed on the Change and Configuration Management dashboard and the functions you can perform from them.

3 Managing Configurations

Explains how to use the Configuration Management (CM) functions to manage device configuration files. This includes using the CM archive to edit, view, label, compare, and export files; synchronizing Cisco IOS running and startup configurations; backing up files to the CM archive; restoring files from the CM archive to devices; and viewing change logs.

4 Managing Software Images

Explains how to use the Network Element Image Management (NEIM) functions to manage software images. This includes importing images into and deleting images from the image repository; adding packages to Cisco IOS XR devices, distributing images to devices; activating and deactivating images on devices; committing Cisco IOS XR packages; and rolling back Cisco IOS XR packages.

5 Managing Device Groups

Explains how to create and manage device groups with a specific set of devices, so all CM and NEIM operations can be performed for the devices collectively with ease. This includes creating a device group, editing the device groups details, and deleting a device group.

6 Managing Change and Configuration Management Jobs

Explains how to manage CM and NEIM jobs and view job status. This includes suspending and resuming jobs, rescheduling jobs, and canceling and deleting jobs.

7 Change and Configuration Management Administration

Explains how to configure the global settings that control CM and NEIM operations, such as transfer protocols, purging settings, e-mail settings, and information collection. Also addresses security concerns, such as communication security and user authentication and authorization; and provides a listing of Change and Configuration Management log files.

A Supported Devices for Change and Configuration Management

Lists the device series and software that were validated for Change and Configuration Management.

viCisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01

Preface

ConventionsThis document uses the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Caution Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.

Related Documentation

Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

For a complete list of Prime Network 3.9 documentation, see the Cisco Prime Network 3.9 Documentation Guide.

Cisco Prime Network 3.9 Integration Developer Guide is available on the Prime Network Technology Center. This guide describes how to use Prime Network integration interfaces.

The Prime Network Technology Center is an online resource for additional downloadable Prime Network support content, including help for integration developers who use Prime Network application programming interfaces (APIs). The website provides information, guidance, and examples to help you integrate your applications with Prime Network. It also provides a platform for you to

Convention Indication

bold font Commands and keywords and user-entered text appear in bold font.

italic font Document titles, new or emphasized terms, and arguments for which you supply values are in italic font.

[ ] Elements in square brackets are optional.

{x | y | z } Required alternative keywords are grouped in braces and separated by vertical bars.

[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by vertical bars.

string A nonquoted set of characters. Do not use quotation marks around the string, or the string will include the quotation marks.

courier font Terminal sessions and information the system displays appear in courier font.

< > Nonprinting characters such as passwords are in angle brackets.

[ ] Default responses to system prompts are in square brackets.

!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

viiCisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01

http://developer.cisco.com/web/prime-network/docs/-/document_library/view/2356901

http://www.cisco.com/en/US/products/ps11879/products_documentation_roadmaps_list.html

http://www.cisco.com/en/US/products/ps11879/products_documentation_roadmaps_list.html

Preface

interact with subject matter experts. To view the information on the Prime Network Technology Center website, you must have a Cisco.com account with partner level access, or you must be a Prime Network licensee.

You can access the Prime Network Technology Center at http://developer.cisco.com/web/prime-network/home.

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

viiiCisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01

http://developer.cisco.com/web/prime-network/home

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Cisco Prime Network 3.9 Change and ConfigOL-26498-01

C H A P T E R 1
Introduction to Change and Configuration Management
Cisco Prime Network Change and Configuration Management provides tools that allow you to manage the software and device configuration changes that are made to devices in your network. Device configuration management tools are provided by the Configuration Management (CM) function, and software image management tools are provided by the Image Management function.

These topics provide an overview of the features that Change and Configuration Management provides, some initial setup tasks you must perform, and how to start the GUI.

• Features of Cisco Prime Network Change and Configuration Management, page 1-1

• Setup Tasks to Perform Before Using Change and Configuration Management, page 1-6

• Launching the GUI and GUI Basics, page 1-9

Features of Cisco Prime Network Change and Configuration Management

The following topics provide an introduction to the features of Change and Configuration Management:

• Configuration Management, page 1-2

• Network Element Image Management, page 1-2

• Supporting Functions, page 1-3

• Supported Devices, page 1-5

• SDR Support, page 1-5

• IPv6 and Firewall Support, page 1-5

• ACE Module Support (For Cisco 7600 Series Routers only), page 1-5

1-1uration Management User and Administrator Guide

Chapter 1 Introduction to Change and Configuration Management Features of Cisco Prime Network Change and Configuration Management

Configuration Management

Configuration Management (CM) enables you to control and track changes that are made to a device configuration. CM uses a change management feature to detect ongoing changes to devices in two ways:

• Changes are detected when doing the periodic collection of device configurations; this is called periodic archiving. If CM detects a change in a configuration file, it will get the new version of the file from the device and copy it to the archive.

• Changes are detected when a configuration change notification is received from a device. This is called event-triggered archiving. You can configure CM to copy a new version of a configuration file to the archive whenever a change is detected, or to queue the changes and then copy the files to the archive according to a schedule.

By default, neither of these methods are enabled. You can configure them from the Configuration Management Settings page (see Configuration Management Setup Tasks, page 1-7).

Configuration file copies are stored in a configuration archive (the CM archive), from which you can compare configurations, restore configuration files to devices, edit the configuration files before restoring them, and for Cisco IOS devices, synchronize running and startup configuration files. Configuration files in the archive are stored in readable format, as received from the device. Significant configuration files can be labelled using the labeling facility of CM, and you can mark configurations so that purging them is prevented by CM.

For information on how to use the configuration management GUI, see Managing Configurations, page 3-1.

Change Logs provide information on the changes made to devices in the network, sorted by their time stamp. The Configuration Management Settings page controls how long these logs are saved. For information on Change Logs, see:

• Configuration Changes in the Last Week, page 2-3, which describes the change logs that are displayed in the dashboard.

• Viewing Configuration Change Logs, page 3-25, which describes the change logs that are displayed in the Configurations Change Logs page.

Note These Change Logs are different from the logs that record configuration and image management activities. Configuration and image management logs are described in Log Files, page 7-15.

Network Element Image Management

Network Element Image Management (NEIM) ensures rapid, reliable software upgrades, and automate the steps associated with upgrade planning and monitoring. Cisco IOS and Cisco IOS XR software images are stored in the Prime Network image repository, to which you can add new images by importing them from Cisco.com, from existing devices, from a local file system, or from an external image repository. Software images in the repository are stored in binary format. Before an image is distributed, NEIM performs an upgrade analysis to ensure that the network element is compatible with the image. For Cisco IOS XR devices, you can add individual packages, deactivate packages, test changes before committing them, commit changes, and roll packages back to stored rollback points. The image repository is located in the Cisco Prime database where images are stored in binary format.

For information on how to use the NEIM GUI, see Managing Software Images, page 4-1.

1-2Cisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01


Supporting Functions

Change and Configuration Management provides the following functions:

• Job Management, page 1-3

• Automatic E-mail Notifications, page 1-3

• Warm Upgrade (For Cisco IOS only), page 1-3

• User-Defined Device Grouping, page 1-4

• FTP support for Cisco IOS devices, page 1-4

• CM and NEIM Settings, page 1-4

Job Management

A job management GUI interface allows you to schedule the CM and NEIM tasks to happen immediately or at a future time. The GUI also provides additional details on each job, including a results report with details about all operations that were part of a job.

For information on how to use the job GUI, see Managing Change and Configuration Management Jobs, page 6-1.

Automatic E-mail Notifications

Change and Configuration Management facilitates automatic e-mail notification of the status of the CM and NEIM jobs upon completion. You can configure the e-mail address of the recipients either in the settings page or while scheduling the job. You can also specify when you want to send the e-mail by using the following options:

• All—To send a notification e-mail irrespective of the job result.

• Failure—To send a notification e-mail only when the job has failed.

• No Mail—Do not send a notification e-mail on the job status.

A notification e-mail is sent to the specified users with details such as job ID, job type, job result—Success or Partial Success, job scheduled and completion date and time, owner, and comments, if any. The e-mail also provides the list of successful and unsuccessful tasks, if any with the device name and a summary.

Note A notification e-mail is sent only if SMTP host and port are configured in the CA or NEIM settings. For more information, see Configuring Global Settings for Configuration Management, page 7-1 and Configuring Global Settings for Image and Package Management, page 7-7. Automatic e-mail notification of job results is not applicable for jobs pertaining to download of images from file system or Cisco.com.

Warm Upgrade (For Cisco IOS only)

The Warm Upgrade feature provides the capability for a Cisco IOS image to read and decompress another Cisco IOS image and then transfer control to this new image. This functionality reduces the downtime of a device during planned Cisco IOS software upgrades or downgrades.

Prior to the Warm Upgrade feature, a Cisco IOS image normally transfers control to ROM monitor mode (ROMMON) to perform a Cisco IOS software upgrade or downgrade. ROMMON, along with the help of the boot loader image, carries out the required upgrade or downgrade procedures. While this process is in progress, the networking device will be down.


OL-26498-01


With the introduction of the Warm Upgrade feature, packet forwarding will continue while the new Cisco IOS image is read and decompressed. The device is down only when the current image is overwritten with the new image, and the new image loads and reconfigures the operating system.

Change and Configuration Management allows you to activate the warm upgrade feature while scheduling image distribution and activation.

User-Defined Device Grouping

Change and Configuration Management supports user-defined device grouping. You can create a static or dynamic group with a specific set of devices, so all CM and NEIM operations can be performed for the devices collectively with ease.

For more information on user-defined device grouping, see Managing User-Defined Device Groups, page 5-2.

FTP support for Cisco IOS devices

For Cisco IOS devices, Change and Configuration Management supports FTP mode for all config and image transfers. You need to configure the username and password for the unit that manages the device by using the following commands:

ip ftp username usernameip ftp password password

If you have not configured these commands, the FTP transfers will fail.

However, adding FTP credentials of the unit to the device may not be safe if the network is not secure. Hence, we recommend that you:

• Configure the network device to add the “Prime Network Unit User” credentials of the unit that manages the device. You need not add the super user credentials of the “Prime Network Unit Server” to the device configuration.

• Restrict FTP configuration such that the “Prime Network Unit User” has read-write access only to the $PRIME_NETWORK_HOME/tftp directory ($ANAHOME/tftp directory) and hence does not have access to unwanted files outside the home directory.

CM and NEIM Settings

Both CM and NEIM have their own Settings pages to control the global and administrative behavior of the CM and NEIM features.

• For CM, this includes the default transport protocol, purging policy, export settings, configuration backup, sync, and restore settings, e-mail settings, and exclude commands (commands not to be considered when Change and Configuration Management compares configurations). For more information, see Configuring Global Settings for Configuration Management, page 7-1.

• For NEIM, this includes the default transfer protocol, flash and warm upgrade settings, staging and storing directories, external server settings, e-mail settings, proxy settings, and vendor credentials. For more information, see Configuring Global Settings for Image and Package Management, page 7-7.

In addition, user actions are restricted according to user access role and assigned device scopes. Users must have Configurator privileges on a device (through their device scope) to perform any of the advanced CA and NEIM tasks. More details are provided in Change and Configuration Management Administration, page 7-1.


OL-26498-01


Supported Devices

For a list of the device series and software supported by Change and Configuration Management, see Supported Devices for Change and Configuration Management, page A-1.

SDR Support

Change and Configuration Management provides Secure Domain Router (SDR) support. SDRs perform routing functions in the same manner as a physical router, but share resources with the rest of the system. Prime Network VNE layer identifies if a given Cisco IOS XR device is an SDR parent (owner) or child (non-owner). Based on this, the following CM and NEIM operations are supported for SDRs:

• Package management life cycle in parent and child SDRs.

• Commit and rollback operations in parent SDRs.

• Collection of running and admin configurations in parent SDRs.

• Collection of only running configuration in child SDRs.

IPv6 and Firewall Support

CM and NEIM functions run smoothly on a combination of network and devices with IPv6 addresses. Both the device and the unit must be configured with an IPv6 address to work. Note the following:

• IPv6 support is not available for Cisco IOS XR devices and Cisco Nexus 5000 and Cisco Nexus 7000 series devices.

• For Cisco IOS devices with IPv6 address, the CM and NEIM operations will work only in FTP mode.

The NEIM and CM functions run on units and gateway in a deployment environment in which the units are located behind firewalls and possibly Network Address Translation (NAT). You need not open special ports for the units to initiate communications. However, if a gateway is behind a firewall, that firewall will need ports opened for communications to the gateway. This approach prevents issues when the unit is behind NAT, as the unit does not require a publicly available IP address for the gateway to contact it.

ACE Module Support (For Cisco 7600 Series Routers only)

You can perform CM and image management operations at the module level for Cisco 7600 series routers with Application Control Engine (ACE) cards. Prime Network provides the following support for Cisco 7600 series routers with ACE cards:

• Configuration Management—Configuration files are collected, archived, and displayed for the ACE cards as part of the parent Cisco 7600 series device. Configuration Management supports only TFTP for configuration backup and restore operations on ACE cards.

Note To perform the configuration archive operations (backup and restore) on the ACE module, you need to use the same credentials used for accessing the parent Cisco 7600 supervisor module.

• Image Management—Upgrade and activation of images are supported for the ACE cards. Change and Configuration Management supports TFTP, FTP, and SCP for image baseline operation on ACE cards. However, the image should be available in the Cisco 7600 supervisor module filesystem to perform the import operation.


OL-26498-01

Chapter 1 Introduction to Change and Configuration Management Setup Tasks to Perform Before Using Change and Configuration Management

Setup Tasks to Perform Before Using Change and Configuration Management

Before using Change and Configuration Management, perform the following prerequisite tasks:

• Prime Network Setup Tasks, page 1-6

• Configuration Management Setup Tasks, page 1-7

• NEIM Setup Tasks, page 1-8

Prime Network Setup Tasks

Verify the following:

1. Verify that Change and Configuration Management is installed. The installation process is described in the Cisco Prime Network 3.9 Installation Guide. Change and Configuration Management can be installed using the network-conf command. The guide includes information about supported browsers, ports that must be available, and so forth.

To check if Change and Configuration Management is installed, log into the Prime Network gateway and enter the following command:

# cd $PRIME_NETWORK_HOME/Main# dmctl status

If you see the following in the output, Change and Configuration Management is installed and running.

- Checking Prime Network Web Server Status [UP]

2. Make sure that pop-up windows are enabled on the Firefox and Internet Explorer browsers.

3. For NEIM, verify that the gateway has sufficient space for the storing and staging directories (see Configuring Global Settings for Image and Package Management, page 7-7).

4. For CM, verify that devices are configured to forward configuration change notifications to Prime Network. This is documented as a prerequisite to adding VNEs, in the Cisco Prime Network 3.9 Administrator Guide. (Specifically, if you will be using event-triggered archiving, make sure the logging gateway-IP command is configured on all devices. This command should have been configured as a prerequisite to adding VNEs to Prime Network.)

5. Simple Network Management Protocol (SNMP) read-write community must be configured on devices. For more information on configuring SNMP community strings for devices, see the Cisco Prime Network 3.9 Administrator Guide.

6. SNMP read-write community in Cisco Prime Network Administration must match that on the devices.

7. Ensure reachability from Prime Network units to devices and vice versa.

8. Prime Network AVM 11 (gateway), AVM 77 (Prime Network web server), and AVM 83 (Prime Network TFTP server) must be up and running. To use AVM 83 for Change and Configuration Management, make sure the server port 69 is free and available. For more information, see the Cisco Prime Network Server, TCP, and UDP Ports section in the Cisco Prime Network 3.9 Installation Guide.

9. Make sure you have performed all of the device configuration prerequisites for adding VNEs. These commands are described in the Cisco Prime Network 3.9 Administrator Guide.


OL-26498-01

http://www.cisco.com/en/US/products/ps11879/prod_maintenance_guides_list.html


http://www.cisco.com/en/US/products/ps11879/prod_installation_guides_list.html





Configuration Management Setup Tasks

The CM features are disabled by default so that you do not encounter unexpected processing loads on your server. The following steps explain what you must do to set up CM. All of these items are configured from the Configuration Management Settings page (described in Configuring Global Settings for Configuration Management, page 7-1).

1. Configure the transport protocol that Prime Network will use between the device and the gateway. The options are TFTP, SFTP/SCP, and FTP. The default is TFTP. Note the following:

– The TFTP source interface on the devices must be able to reach the unit. Otherwise, the configuration management jobs that require TFTP may fail.

– To use SFTP/SCP for config transfers from a device to a unit, you need to ensure that an SSH server is configured and running on the device, such that the device acts as a server and the unit as a client during the transfer. For Cisco IOS XR devices, you need to configure the device with K9 security (k9sec) enabled images such that the SSH server is up and running on the device.

2. Enable CM to perform an initial synchronization of the CM archive files with the configurations that are running on the network devices. Whenever the Prime Network gateway is restarted, CM will perform this synchronization. By default, synchronization is disabled.

3. Configure the policies that control how often CM retrieves information from devices and copies configuration files to the archive. By default, all of these settings are disabled. You must answer the following basic questions:

a. How much disk space is available? Smaller space may require more frequent purging.

b. Should new configuration files be copied to the archive on a periodic basis or on an event-driven basis?

If configurations are changing frequently and the changes are not important to you, you should use periodic backups. This will minimize server workload.

Note The periodic setting is recommended.

If every change is considered significant, use event-driven backups.

c. For event-driven archiving, should information be copied to the archive immediately upon receiving a change, or should changes be queued and then copied at a certain interval (every 1-24 hours)? If information needs to be copied to the archive immediately, you must sync the archive on each configuration change. Otherwise, you can sync the archive with changed configurations at a certain interval (every 1-24 hours).

4. Enable CM to perform periodic synchronization of out-of-sync devices.

5. Enable CM to export archived configuration to an export server on a periodic basis.

6. Configure when configuration files should be purged from the archive. You should consider:

– How big are the configuration files?

– How often are changes made to devices?

7. Consider exporting files from the archive on a regular basis so you can free up disk space while keeping a permanent record of historical archives. You can export files from the GUI. To use this function, set up the export settings. You will need the server name, full pathname, username, and password.

8. Specify the default mode of restoring configuration files to the devices.


OL-26498-01


9. Configure the SMTP server and e-mail IDs to send notifications on the status of configuration management jobs to users.

10. Specify the commands that you want CM to exclude when comparing files (for example, clock rates). A set of common exclude commands is provided by default (for example, ntp-clock-period).

Note Configuring exclude commands is especially important if you are using event-driven archiving. Doing so avoids unnecessary file backups to the archive.

NEIM Setup Tasks

The following are the NEIM prerequisites, all of which are controlled by the Image Management Settings page (described in Table 7-4 Configuring Global Settings for Image and Package Management, page 7-7).

1. Configure the transport protocol that Prime Network will use between the device and the gateway. The options are TFTP, SFTP/SCP, and FTP. The default is TFTP. Note the following:

– The TFTP source interface on the devices must be able to reach the unit. Otherwise, the image management jobs that require TFTP may fail.

– To use SFTP/SCP for image transfers from a device to a unit, you need to ensure that an SSH server is configured and running on the device, such that the device acts as a server and the unit as a client during the transfer. For Cisco IOS XR devices, you need to configure the device with K9 security (k9sec) enabled images such that the SSH server is up and running on the device.

2. Configure the gateway staging directory to use when transferring images from Prime Network out to devices. The default is PRIME_NETWORK_HOME/NCCMComponents/NEIM/staging/. PRIME_NETWORK_HOME is the Cisco Prime Network installation directory (by default, /export/home/network-user; where network-user is the operating system user for the Prime Network application and an example of network-user is network39).

3. Use the Clear Flash option to recover the disk space occupied by files that were marked for deletion in the device, before distributing the image or package, if there is insufficient memory.

4. Enable the warm upgrade facility to reduce the downtime of a device during planned Cisco IOS software upgrades or downgrades.

5. Configure the gateway storing directory to use when transferring images from an outside source into the image repository (from Cisco.com or from another file system). The default is PRIME_NETWORK_HOME/NCCMComponents/NEIM/images/. PRIME_NETWORK_HOME is the Prime Network installation directory (by default, /export/home/network-user; where network-user is the operating system user for the Prime Network application and an example of network-user is network39).

6. If you plan to download images from an external repository, set up the details of the external server to import images to the Prime Network image repository.

7. Configure the SMTP server and e-mail IDs to send notifications on the status of image management jobs to users.

8. Configure the proxy server details to use while importing images to the archive from Cisco.com.

9. If you plan to download files from Cisco.com, configure the necessary vendor credentials to connect to Cisco.com.


OL-26498-01

Chapter 1 Introduction to Change and Configuration Management Launching the GUI and GUI Basics

Launching the GUI and GUI BasicsThese topics explain the following:

• How To Launch the Change and Configuration Management GUI, page 1-9

• Basics of the Change and Configuration Management GUI, page 1-13

How To Launch the Change and Configuration Management GUI You can launch the Change and Configuration Management GUI by entering the server name in a web browser or by launching the GUI from Cisco Prime Network Vision or Cisco Prime Network Web Server. By default, the GUI session is terminated after 30 minutes of inactivity and you will be redirected to the login page.

Change and Configuration Management runs on AVM 77 (Prime Network web server), so that AVM must be running. To check, start, stop, or restart the process, use the following commands:

dmctl statusdmctl startdmctl stopdmctl restart

Prime Network Change and Configuration Management requires some additional time to initialize after the Prime Network installation, or if Prime Network has been restarted using the dmctl command (which is described in the Cisco Prime Network 3.9 Administrator Guide). If you cannot log into the browser and you see an error message related to the Tomcat Server, the problem is this delay. Retry the operation after a few minutes.

Security Certificate Exception

When you launch the Change and Configuration Management GUI for the first time, the browser displays a security certificate error indicating that the connection is untrusted. To launch the Change and Configuration Management GUI, you must proceed further and confirm the Secure Socket Layer (SSL) security certificate exception within 90 seconds; otherwise the connection will be timed out.

Launch the GUI from a Web Browser

To launch the GUI from a web browser, enter the following URL in the address bar:

https://gateway-IP:8043/ccmweb/ccm/login.htm

where:

• gateway-IP is the IP address for the Prime Network gateway server.

• 8043 is the secure HTTP port enabled by default for Change and Configuration Management web client. However, you can still use port 8080 to launch the Change and Configuration Management GUI. To do so, you must manually enable it. For more information, see Enabling and Disabling Port 8080 Manually, page 1-10.

Change and Configuration Management displays a warning message, if the browser is not supported and provides a list of supported browsers. For information on supported browsers and minimum screen resolution, see the Cisco Prime Network 3.9 Installation Guide.

You can log in using the same username and password that you use to log into any of the Prime Network clients.


OL-26498-01




Enabling and Disabling Port 8080 Manually

To enable port 8080 manually:

Step 1 Run the following commands:

cd $NCCM_HOME/scripts/./nccmHTTP.csh enable

Step 2 Stop and then start Change and Configuration Management by using the following commands, for the change to take effect:

dmctl stopdmctl start

To disable port 8080 manually:

Step 1 Run the following commands:

cd $NCCM_HOME/scripts/./nccmHTTP.csh disable

Step 2 Stop and then start Change and Configuration Management by using the following commands, for the change to take effect:

dmctl stopdmctl start

Launch the GUI from Cisco Prime Network Vision

Cisco Prime Network Vision provides launch points for Change and Configuration Management. You can use the main menu and choose Tools > Change and Config Mgmnt, as shown in Figure 1-1.

Note However, for Internet Control Message Protocol (ICMP) VNEs, you cannot launch Change and Configuration Management from Cisco Prime Network Vision.

For information on the Prime Network Vision GUI, see the Cisco Prime Network 3.9 User Guide.


OL-26498-01

http://www.cisco.com/en/US/products/ps11879/products_user_guide_list.html


Figure 1-1 Launching the GUI from Cisco Prime Network Vision—Method 1

You can also launch it from a device in a Network Vision List or Map view. This will bring you directly to the CM or NEIM page, and will display contextual information for the device you choose. Figure 1-2 shows what happens when you right-click a device. From here, you can choose Image Mgmnt or Config Mgmnt.


OL-26498-01


Figure 1-2 Launching the GUI from Cisco Prime Network Vision—Method 2

Launch the GUI from Cisco Prime Network Web Server

To launch the GUI from the Cisco Prime Network web server, enter the following URL in the address bar, where gateway-IP is the IP address for the Prime Network web server:

https://gateway-IP:8043

The Prime Network web server home page is displayed. Click on the Prime Network Change and Configuration Management hyperlink as shown in Figure 1-3.


OL-26498-01


Figure 1-3 Launching the GUI from Prime Network Web Server

You can log in using the same username and password that you use to log into any of the Prime Network clients.

For information on supported browsers and minimum screen resolution, see the Cisco Prime Network 3.9 Installation Guide.

Note We recommend that you log out from the Change and Configuration Management GUI before closing the browser, so more users can connect to the application with the same username.

Basics of the Change and Configuration Management GUIFigure 1-4 shows the Change and Configuration Management Dashboard, which contains four dashlets or subdivisions to display real-time information about the most frequently used software images, devices with startup and running configurations that are not in sync, and recent configuration changes.


OL-26498-01




Figure 1-4 Change and Configuration Management Dashboard

Figure 1-5 displays the Change and Configuration Management GUI controls. You can move between the dashboard, configuration management, image management, and device groups functions by choosing one of the tabs in the top control bar. The selected tab is highlighted with a blue line above it. You can choose the various configuration and image management functions from the respective drop-down menus on the control bar.

Figure 1-5 Change and Configuration Management GUI Controls

Figure 1-6 shows what is displayed when you choose Images > Repository. This is the Prime Network Repository page, which displays the available filters for that page.

Figure 1-6 Images Repository Page


OL-26498-01


The top right corner provides some GUI controls. From here, you can identify the user who is logged into this session, as shown in Figure 1-5. You can also log out, launch the online help, and get version information about Prime Network Change and Configuration Management.

Sometimes, while using Microsoft Internet Explorer 8.0 or 9.0 with a low system resolution, the buttons on the footer of the content area may not be displayed properly. To overcome this issue, minimize and then maximize the browser.

Prime Network user authentication and authorization information applies to Change and Configuration Management as well. For information on the required access roles to use the GUI features, see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12. For information on how Prime Network performs user authentication, see the Cisco Prime Network 3.9 Administrator Guide.

Using Special Characters in the GUI Fields

Change and Configuration Management does not support special characters for any of the editable fields in the GUI, including filters. In the Configuration Management and Image Management Settings pages, Change and Configuration Management does not support the following special characters:

• For Password fields—>, <, ', /, \, !, :, ;, and "

• For all other fields—`, ~, @, #, $, %, ^, &, *, (, ), +, =, |, {, }, [, ], ', ?, >, <, /, \, !, :, ;, and "


OL-26498-01





OL-26498-01


C H A P T E R 2
Using the Change and Configuration Management Dashboard
The Change and Configuration Management Dashboard contains four dashlets, or subdivisions of the dashboard, that display real-time information about the most frequently used software images, devices with startup and running configurations that are not in sync, and recent configuration changes. You can also use the dashlets as quick launch points to other parts of the GUI from which you can get more information and perform related actions. You can refresh dashlets by clicking the refresh button at the top right corner of each dashlet.

Note Devices might not be listed if they are not included in the assigned device scopes for a user. For more information, see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12.

Dashlet Provides information about:For more information, see:

Top Families The device families with the largest number of devices in the network. From here, you can distribute and activate software images to a selected family.

Top Families, page 2-2

Configuration Sync Status

(Cisco IOS) Devices for which the startup and running device configurations are in sync or not in sync.

Configuration Sync Status, page 2-3

Configuration Changes in the Last Week

The number of device configuration changes detected for each day of the previous week.

Configuration Changes in the Last Week, page 2-3

Most Recent Configuration Changes

The last five device configuration changes that were made to devices in the network.

Most Recent Configuration Changes, page 2-4


Chapter 2 Using the Change and Configuration Management Dashboard

Use the following icons to toggle between different views in the Top Families, Configuration Sync Status, and Configuration Changes in the Last Week dashlets.

Figure 2-1 shows an example of the dashboard.

Figure 2-1 Change and Configuration Management Dashboard

Top Families

The Top Families dashlet displays the device families with the largest number of devices in the network. The four largest families are represented by four pie sectors, and the rest of the families are combined into an “Other” pie sector.

Note If the number of devices in a device family is very minimum (for example, one), it may not be visible in the pie chart. However, you can view that device when you toggle the view to tabular form.

From here, you can:

• Hover over a pie sector to see the number and percentage of devices in the network that are in each device family. Double-click the Other pie sector to open a popup that provides details about all of the smaller device families in the network.

Icon Description

Displays the details in the form of a pie or bar chart. If you hover your mouse cursor over a section in the pie chart, a tooltip displays the information associated with that section.

Displays the details in a tabular form.


OL-26498-01


• Click a pie sector to select a device family, and perform one of the following actions. (For the smaller families, double-click Other to open a popup from which you can perform the following actions.)

– Distribute—Takes you to the Distribute Images page, which is prefiltered to show only devices in the selected family. See Distributing Images and Performing an Upgrade Analysis, page 4-13.

– Activate—Takes you to the Activate Images page, which is prefiltered to show only devices in the selected family. See Activating and Deactivating Images and Checking Image Status, page 4-19.

Note You may face resizing issues when you hover the cursor over this dashlet, if you have enabled the Right to Left (Hebrew) settings in your browser.

Configuration Sync Status

The Configuration Sync Status dashlet shows the proportion of network devices that contain startup and running device configurations that are in or out of sync. Whenever a Cisco IOS configuration file is retrieved from a device and copied to the archive, Prime Network compares the latest version of the startup configuration with the latest version of the running configuration file. If there is a mismatch, Prime Network adds the device to the list of out-of-sync devices. The information is refreshed whenever you click the Dashboard.

Users can see only information on devices that are within their device scopes. For example, a user could see that 100% of devices are in sync, but there may be out-of-sync devices that are not in the scope of the user.

From here, you can:

• Hover over a pie sector to view the number of devices and percentage of devices with in sync or out of sync configurations.

• Click the pie to go to the Configurations Synchronize page, from which you can get more information and synchronize devices. See Synchronizing Out-of-Sync Configurations (Cisco IOS and Cisco Nexus Only), page 3-15.

This dashlet displays a “100% Unavailable” message, if there are no Cisco IOS devices or if the initial configuration sync up setting is not enabled. The setting is controlled by the “Enable/Disable Initial config sync up on restart” setting on the Configuration Management Settings page (see Configuring Global Settings for Configuration Management, page 7-1).

Configuration Changes in the Last Week

The Configuration Changes in the Last Week dashlet shows the number of device configuration changes detected for each day of the previous week. The configuration change count is based on notifications sent from devices to Prime Network.

Users can see only information on devices that are within their device scopes. For example, a user could see that no device configuration changes were made, but there may be changes that were made to devices outside of the scope of the user.

From here, you can:

• Hover over a bar to view the number of configuration changes made on that day.

• Click a bar to view the change log details for that day (see Viewing Configuration Change Logs, page 3-25). When viewing the logs, users can see only information about devices that are in their device scopes.


OL-26498-01


This dashlet is empty if configuration change notification is not enabled. It is controlled by the “Enable/Disable Event-Triggered Config Archive” setting on the Configuration Management Settings page (see Configuring Global Settings for Configuration Management, page 7-1).

Most Recent Configuration Changes

The Most Recent Configuration Changes dashlet lists the newest changes made to network devices. The configuration change count is based on notifications sent from devices to Prime Network. Users can see only information on devices that are within their devices scopes.

From here, you can:

• Click Go to Change Logs for complete details about the listed logs along with other device configuration change logs. See Viewing Configuration Change Logs, page 3-25.

• (Cisco IOS XR only) Hover over a Diff link to see all commands that were changed.

The Commit ID and Diff columns apply only to Cisco IOS XR devices. Other device types will display N/A in those columns.

This dashlet is empty if configuration change notification is not enabled. It is controlled by the “Enable/Disable Event Triggered Config Archive” setting on the Configuration Management Settings page (see Configuring Global Settings for Configuration Management, page 7-1).


OL-26498-01


C H A P T E R 3
Managing Configurations
The Configurations page is your starting point for managing device configurations for network elements managed by Cisco Prime Network by using the CM tools. The following table lists the main CM GUI navigation points and what you can do from them. You can select each of these functions from the Configurations drop-down menu.

Note All configuration management operations are performed only on devices with Communication State as Reachable and Investigation State as Operational, Partially Discovered, or Currently Unsynchronized. For a Cisco IOS device with SNMPv3 configuration, configuration management operations can be performed only if the device is configured with write permission for CISCO-CONFIG-COPY-MIB MIB group.

Configuration Function Description Described in:

Archive Lists all configurations stored in the CM archive. You can search for configurations using a variety of supported filters. From here, you can also add and manage labels, compare configurations, and export configurations as text files to a server.

Managing and Comparing Configurations in the Archive, page 3-3

Synchronize (Cisco IOS only) Lists devices that are out-of-sync, which means their running and startup configurations are not the same. From here, you can synchronize the configurations, which overwrites the startup configuration on the device with the configuration that is currently running on the device. This preserves the configuration across device reloads.

Synchronizing Out-of-Sync Configurations (Cisco IOS and Cisco Nexus Only), page 3-15

Backup Copies a current running configuration from a device to the archive, assigning the configuration a unique version number.

Note See this topic for information on what triggers Prime Network to back up configuration files to the archive.

Backing Up Device Configuration Files to the Archive, page 3-16


Chapter 3 Managing Configurations

The following topics explain how you can use Change and Configuration Management in your network. These topics do not provide details about how to manage Cisco IOS and Cisco IOS XR software. For that information, see:

• Cisco IOS—Configuration Fundamentals Configuration Guide for any Cisco IOS release.

• Cisco IOS XR—System Management Configuration Guide for the Cisco IOS XR device of interest.

Note Before using CM, make sure you have performed all prerequisites listed in Configuration Management Setup Tasks, page 1-7.

For information on the user access roles required to perform these activities, see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12.

CM saves messages that can be used for debugging in PRIME_NETWORK_HOME/XMP_Platform/logs/ConfigArchive.log.

Restore Allows you to perform one of the following:

• Overwrite the existing running or startup configuration on the device with the file you selected from the archive.

• Merge the existing running or startup configuration on the device with the configuration present in the version you selected from the archive.

You can also edit a configuration file before restoring it.

Restoring a Configuration from the Archive to Devices, page 3-20

Change Logs Lists the device configuration changes made on devices in the network.

Viewing Configuration Change Logs, page 3-25

Jobs Displays a list of jobs of the user. Managing Change and Configuration Management Jobs, page 6-1

Settings Controls a variety of administration settings for CM, such as when to collect configurations and store them in the archive, when to purge configurations from the archive, the location to which configuration files can be exported, commands CM should ignore when comparing configurations, and so forth.

Configuring Global Settings for Configuration Management, page 7-1

Configuration Function Description Described in:


OL-26498-01

http://www.cisco.com/en/US/products/ps6537/products_ios_sub_category_home.html

http://www.cisco.com/en/US/products/ps5845/products_installation_and_configuration_guides_list.html

Chapter 3 Managing Configurations Managing and Comparing Configurations in the Archive

Managing and Comparing Configurations in the ArchiveThe CM archive maintains copies of device configuration files, storing them in the Prime Network database. Configuration files are stored in readable format, as received from the device.

Choose Configurations > Archives to view the contents of the archive. The Archived Configurations page lists the most recent device configuration files that are stored in the Prime Network database, based on the filter criteria specified. The total number of archives available in the Prime Network database is also displayed in the header. Figure 3-1 provides an example of the Archived Configurations page with the filter group.

Note Devices will not be listed if they are not included in any of the assigned device scopes of the user. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Figure 3-1 Archived Configurations Page


OL-26498-01


The Archived Configurations page displays the following information about each configuration file.

Table 3-1 Configuration Information Displayed on Archived Configurations Page

Field Description

Device Name Device name.

Click the icon next to the device name to open a popup that displays device properties. In addition to the general information about the network element, the Device Properties window displays the following:

• Current active packages on the device—For Cisco IOS XR devices

• Active kickstart images—For Cisco Nexus series devices

• Priority list—For Cisco ASR 5000 series devices. The priority list displays various combinations of a configuration file and an image file in priority order for the device.

For descriptions of the device properties, see the Cisco Prime Network 3.9 User Guide.

Version Version number of the archived configuration. This number is internal to Configuration Archive.

A version will not have an associated configuration file under the following circumstances:

• The associated configuration file was deleted from the archive.

• The associated configuration file has not yet been copied to the archive. (Prime Network supports queueing change notifications and copying the configuration files to the archive at a later time. See Global Settings, page 7-3.)

Click a version number hyperlink to launch the Device Configuration Viewer, from which you can view the contents of a configuration file. See Viewing the Contents of a Device Configuration File, page 3-6.

Type Type of configuration:

• Cisco IOS and Cisco Nexus series devices—Running or Startup

• Cisco IOS XR devices—Running or Admin

• Cisco ASR 5000 series devices—Running or Boot. For boot configuration, the version is always displayed as 1.

Commit Id (Cisco IOS XR only) ID that identifies the last configuration change on the device. A commit ID is generated for every configuration change on the device upto a maximum of 100 configuration changes.

Date Changed The date and time when a configuration change was made on the device (relative to the device clock). The date and time are displayed accordingly to the local time zone settings of the client.

Label Displays the labels, assigned (if any) to the archived configuration.


OL-26498-01




From the Archived Configurations page, you can perform the following tasks, according to your user access role. (See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles).

• Searching for a Configuration File in the Archive, page 3-5

• Viewing the Contents of a Device Configuration File, page 3-6

• Labelling Configuration Files, page 3-7

• Comparing Configuration Files, page 3-11

• Exporting Configuration Files, page 3-14

Searching for a Configuration File in the ArchivePrime Network provides a robust search tool which you can use to find saved device configuration files in the archive. Files are stored in readable format. You can add and remove filters using the “-” and “+” buttons.

Filter settings are persisted until you exit the GUI session.

To find configurations in the archive:

Step 1 Choose Configurations > Archives.

Step 2 Create a filter to search for the configurations in which you are interested. The filter group is highlighted with a red outline in Figure 3-1.

If you want to create a compound filter, configure your additional filter rules:

a. Choose And or Or from the Filter drop-down list (for example, And).

b. Choose a filter type (for example, Change in the last).

c. Choose an operator (for example, equals).

d. Enter a value (for example, 5) (search is case-sensitive and does not support wildcards).

If you clicked Go, the list would be filtered to display all devices with configurations that changed in the last five days.

e. Add more filter rules by clicking the “+” sign. For example:

Element type equals Cisco 7609

If you clicked Go, the list would be filtered to display all Cisco 7609 devices with configurations that changed in the last five days.

Comments Free text added (if any) to the archived version by users.

Context / Module Name

For Cisco Nexus series devices, this field displays the virtual device context (VDC) name.

For Cisco 7600 series devices, this field displays the module name.

For other devices, this field displays N/A.

Table 3-1 Configuration Information Displayed on Archived Configurations Page (continued)

Field Description


OL-26498-01


Note If you create multiple filter rules, the operator (And or Or) that you chose for the first filter rule, will be defaulted for each subsequent filter. You can modify the operator only for the first filter rule and the subsequent filters will be displayed accordingly.

Step 3 To clear the filter and perform a new search, click Reset.

Viewing the Contents of a Device Configuration FileTo view the contents of a configuration file:

Step 1 Choose Configurations > Archives. You can search for a specific configuration file as described in Searching for a Configuration File in the Archive, page 3-5.

Step 2 From the Archived Configurations page, click the version number hyperlink for the configuration file in which you are interested. This launches the Device Configuration Viewer with the contents of the startup, admin, or running configuration on the device based on the selected configuration type.

Step 3 Alternately, select a device and choose one of the following:

• View > Active Startup (for Cisco IOS and Cisco Nexus series devices only)—Displays the latest startup configuration available on the device.

• View > Active Admin (for Cisco IOS XR devices only)—Displays the latest admin configuration file available on the device.

• View >Active Boot (for Cisco ASR 5000 series devices only)—Displays the latest boot configuration available on the device.

• View >Active Running—Displays the latest running configuration on the device.

For devices with a large configuration, Prime Network displays the details across multiple pages with 10,000 configuration lines in each page.

Step 4 Use the Show or Hide hyperlink above the viewing pane to view or hide the line numbers next to the configuration lines. You can perform this operation only in the current page, if the configuration details span across multiple pages.

Note When you are trying to view a configuration file, if there is a change in the device configuration, Prime Network initiates a backup job and creates a latest version of the device configuration file. You can view the latest version of the configuration file in the Archived Configurations page.

Step 5 From the Device Configuration Viewer you can search for a string within the configuration file.

Note If the device configuration spans across multiple pages, Prime Network searches for the string across all the pages and displays the results.


OL-26498-01


Labelling Configuration FilesAssigning labels to configuration files is a clear, simple way to identify important configurations and convey critical information.

While creating a new label, you can add a “do not purge” property. Any configuration using this label will not be purged from the archive. When calculating the total number of archives to see if the maximum has been reached and archives should be purged, CM does not include configurations with this label in the total (see Configuring Global Settings for Configuration Management, page 7-1).

Figure 3-1 provides an illustration of configuration files that have labels (highlighted with a green outline.) Note that the delete button is disabled for the file marked New; that is because the label named New is marked with the “do not purge” property. Also, note that in addition to labels, you can enter free-text comments in the Comments field.

These topics explain how to label configurations that are stored in the archive. Users must have Configurator privileges to manage labels; see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles.

• Managing the Label Catalog and Label Properties, page 3-7

• Assigning and Unassigning Labels from Configuration Files, page 3-9

• Searching for Labeled Configurations, page 3-11

Managing the Label Catalog and Label Properties

Whenever a label is created, it is added to a label catalog. The label catalog is a central location from which you can view the properties of all labels, and add, edit, or delete labels.

Changes you make in the label catalog are applied to all configurations using that label. In other words, if you delete a label from the label catalog, the label is unassigned from all configuration files that use it. If you edit a label in the label catalog, it is changed for all configuration files that use it. If you add a label to the label catalog, it is available for use by all configurations.

Note If you want to remove a label from a configuration file, you should unassign it, not delete it from the label catalog. See Assigning and Unassigning Labels from Configuration Files, page 3-9.

To use the label catalog:


Step 2 In the Archived Configurations page, choose Labels > Manage. The Manage Label dialog box opens and displays the contents of the label catalog, as shown in Figure 3-2. You can use the filter option from the Show menu to search for existing labels.


OL-26498-01


Figure 3-2 Manage Label Dialog Box

Step 3 To add a label and optionally mark it as “do not purge:”

a. In the Manage Label dialog box, click Add Row. A row is inserted at the end.

b. Enter the label name and description. The label name entered must be unique.

c. If you want to prevent configurations that use this label from ever being deleted, check the No Purge check box.

d. Click OK to add the new label to the label catalog. The No Purge option is set as true or false based on your selection. However, you can modify the label details as required. When you assign the label to an existing configuration, the delete configuration function will be disabled.

e. Click Save All to save the label details.

Note Click Undo All to undo the recent changes before saving.

f. Click OK.

The new label is saved to the label catalog and can be assigned to configurations. (See Assigning and Unassigning Labels from Configuration Files, page 3-9).

Step 4 To edit a label:

a. In the Manage Label dialog box, select a label and then click Edit.

b. Make your desired changes and click Save to save the label details. Changes you make will be applied to all configurations that are currently using the label.

Note Click Cancel to undo the recent changes before saving.


OL-26498-01


Step 5 To delete a label:

Note This procedure deletes a label from the label catalog and from all configuration files using the label. If you only want to remove a label from a file, use the procedure in Assigning and Unassigning Labels from Configuration Files, page 3-9.

a. In the Manage Label dialog box, select a label and then click Delete.

b. In the confirmation message, click OK. If the label is being used by any configurations in the archive, Prime Network will display a warning message. You can still proceed with the operation, but the label will be removed from both the label catalog and all configurations using the label.

The label is removed from the label catalog.

Assigning and Unassigning Labels from Configuration Files

When you assign a label to a configuration, the label is displayed when other users view the file. If the label is marked “do not purge,” users are prevented from deleting the file (the delete icon is disabled). To delete a configuration file with a “do not purge” label, you must first unassign the label from the file.

To assign labels to configuration files:


Step 2 Select the configuration file (or files) and choose Labels > Assign. Alternately, you can click the hyperlinked (add a label) string in the Labels field.

The Assign Labels dialog box opens. Figure 3-3 shows an example of the Assign Labels dialog box. The Select Available Labels section shows all labels that were created and are available to be assigned to devices. Note the icon to the left of the label named New; this indicates that the New label is marked with the “do not purge” attribute.


OL-26498-01


Figure 3-3 Assign Labels Dialog Box

Note Configurations marked as “do not purge” do not contribute to the total allowed number of archives for a device. For information on the maximum number of archives allowed per devices, see Configuring Global Settings for Configuration Management, page 7-1.

Step 3 Choose the labels to be assigned using either of these methods:

• Choose a hyperlinked label from the Select Available Labels area.

• Create a new label by filling out the Label and Description fields and clicking the Add button in the Add a New Label and Assign section.

Step 4 Click OK in the Assign Labels dialog box to confirm your changes.

The Archives page is refreshed and displays the configurations with the newly assigned labels. If a configuration file is assigned a label that is marked “do not purge,” the delete icon is disabled.

To unassign a label from a configuration:

Note When you unassign a label from a configuration, the label still remains in the label catalog. To delete a label from the label catalog (and from all configurations that use that label), use the procedure in Managing the Label Catalog and Label Properties, page 3-7.


OL-26498-01



Step 2 Choose the file (or files) that contain the label you want to unassign.

Step 3 Choose Labels > Assign to open the Assign Labels dialog box. Alternately, you can click the hyperlinked label name.

a. In the Assigned Labels section, locate the label you want to unassign and click the delete icon (red X) next to it.

b. Confirm that you want to unassign the label by clicking Yes, and click OK to close the Assign Labels dialog box.

The Archives page is refreshed and displays the device without the label.

Searching for Labeled Configurations

To search for all configurations that use a specific label:


Step 2 In the Filter area, do the following:

a. Choose Label from the Configuration Type drop-down list. The equals operator populates the equals field.

b. Enter part of the label name in the text box. An example would be:

Label equals Temporary

Step 3 Click Go. Prime Network displays all configurations that are assigned that label.

Comparing Configuration FilesPrime Network allows you to compare two configuration files that are saved in the archive and display them side by side, highlighting configuration differences and allowing you to move between them. You can compare any types of configurations as long as they run on the same operating system. However, you cannot compare a Cisco IOS configuration with Cisco IOS XR configuration.

The following are typical scenarios for using the compare function:

• Compare the latest and next-to-latest configuration to see the most recent change.

• Compare Cisco IOS running and startup configurations to see how they are out of sync.

• Compare the configurations on two different devices to find out how they are different.

You can list the commands that have to be excluded while comparing configurations. Prime Network excludes a small set of commands by default, such as the NTP clock rate (which constantly changes on a managed network element but is not considered a configuration change). You can change the excluded commands list as described in Configuring Global Settings for Configuration Management, page 7-1.


OL-26498-01


Users must have Configurator privileges to compare an archive with its latest configuration or to view the latest configuration.

Note Devices are listed only if they are in the assigned device scopes of a user. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

To compare configurations:


Step 2 Locate the archives you want to compare. You can click the Version hyperlink next to a device to open the Device Configuration Viewer and quickly view the contents of the configuration file.

Step 3 You can choose to do the following:

– Select different versions of the same device and choose Compare > Selected Archives.

– Select different devices and choose Compare > Selected Archives.

– Select a Cisco IOS device and choose Compare > To Active Startup or Compare > To Active Running. You can compare a running version with the latest startup version or vice versa. You can also compare the latest and next-to-latest running or startup configurations to see the most recent changes. However, a message is displayed if the selected running or startup version is the latest configuration.

– Select a Cisco ASR 5000 series device and choose Compare > To Active Boot or Compare > To Active Running. You can compare a running version with the latest boot version or vice versa. You can also compare the latest and next-to-latest running or boot configurations to see the most recent changes. However, a message is displayed if the selected running or boot version is the latest configuration.

– For Cisco IOS XR devices, select a running configuration and choose Compare > To Active Running or select an admin configuration and choose Compare > To Active Admin. However, a message is displayed if the selected running or startup version is the latest configuration.

Note For Cisco IOS XR devices, you cannot compare an admin configuration with a startup configuration or vice versa.

Step 4 You can view the comparison results in the Compare Configurations dialog box where the files are displayed side by side, as shown in Figure 3-4.

Note For devices with a large configuration, Prime Network displays the details across multiple pages with 10,000 configuration lines in each page.

Step 5 Use the Show or Hide hyperlink at the top right corner to view or hide the line numbers next to the configuration lines. You can perform this operation only in the current page, if the configuration details span across multiple pages.


OL-26498-01


Figure 3-4 Compare Configurations Dialog Box

Additions, deletions, and excluded commands are color-coded. From here, you can:

• Click Show all Lines or Only Differences to display the entire file contents or just the differences between the two files.

• Click Previous Diff or Next Diff to jump forward or backward to the previous or next difference between the two files in the current page.

• Click the arrow buttons or enter the page number to jump forward or backward to view the file contents that are running across pages.

Note All the above operations such as Show All Lines or Only Differences, and Previous Diff or Next Diff are performed only on the current page, if the configuration details span across multiple pages.

Step 6 Click OK to close the Compare Configurations dialog box.

Note When you are trying to compare configuration files, if there is a change in the device configuration, Prime Network initiates a backup job and creates a latest version of the device configuration file. You can view the latest version of the configuration file in the Archived Configurations page.


OL-26498-01


Exporting Configuration FilesYou can export configurations as a .cfg (configuration) file. The files are exported to an FTP or SFTP server that is specified on the Configuration Management Settings page. To check the settings, see Configuring Global Settings for Configuration Management, page 7-1.

Configuration files are saved using the following format:

deviceName-configurationType-version-configChangeTimestamp.cfg

For example, the following file would contain the 18th version of a running configuration for the device named 7200-5, saved on March 27, 2010 at 2:40:30 P.M:

7200-5-RUNNING_CONFIG-18-2010327144030.cfg

Users must have Configurator privileges to export configuration files. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Before You Begin

• Make sure an export location and the required credentials are configured on the Configuration Management Settings page as described in Configuring Global Settings for Configuration Management, page 7-1.

• The specified FTP or SFTP server must have sufficient free space to accommodate the exported configurations. Also, the destination subdirectory on the FTP or SFTP server must have the required permissions.

To export configuration files:


Step 2 Locate the archives you want to export. You can click the Version hyperlink next to a device to open the Device Configuration Viewer and quickly view the contents of the configuration file.

Step 3 Click Export. The Configuration Export Schedule window opens.

Step 4 Set the desired schedule and enter the e-mail ID(s) to which to send a notification after the scheduled export job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Configuration Management Settings page.

Note Before you enter the e-mail ID(s), ensure that you have set up the SMTP host and SMTP port in the Configuration Management Settings page (see Configuring Global Settings for Configuration Management, page 7-1). The e-mail ID(s) configured in the Configuration Management Settings page, if any, will be displayed by default. You can modify the e-mail ID(s) if required.

Step 5 Click Export. The export job is created and you are redirected to the Job Manager page, where you can monitor the status of the job.


OL-26498-01

Chapter 3 Managing Configurations Synchronizing Out-of-Sync Configurations (Cisco IOS and Cisco Nexus Only)

Synchronizing Out-of-Sync Configurations (Cisco IOS and Cisco Nexus Only)

Cisco IOS and Cisco Nexus series devices contain a startup and running configuration file. The startup configuration is loaded when a device is restarted. Ongoing changes to the device are applied to the running configuration. As a result, unless the running configuration is saved as the startup configuration, upon a device restart, any changes would be lost. Therefore, it is important to ensure that the device startup and running configurations are in sync.

Whenever a configuration file is retrieved from a device and copied to the archive, Prime Network compares the latest version of the startup configuration with the latest version of the running configuration file. If there is a mismatch, Prime Network adds the device to the list of out-of-sync devices.

When Prime Network synchronizes a file, it overwrites the startup configuration on the device with the configuration that is currently running on the device. Users must have Configurator privileges to synchronize configurations; see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles.

For Cisco Nexus series devices, CM backs up the startup and running configurations for all VDCs configured in the device. If there is a mismatch between the startup and running configurations of a VDC, CM creates an out-of-sync entry for that VDC.

Note The synchronize operation affects only the configurations running on the device. It does not affect any configuration files that are saved in the archive. The synchronize operation is not applicable for Cisco ASR 5000 series devices.

The Dashboard maintains a Configuration Sync Status pie chart that shows how many devices have out-of-sync startup and running configuration files. When you click the pie chart (or choose Configurations > Synchronize), you are directed to the Out of Sync Devices page, where Prime Network lists all of the out-of-sync devices in tabular format. The information is refreshed whenever you choose Configurations > Synchronize.

If you want to view the differences between startup and running files of a device before synchronizing them, you can do so from the Synchronize page, as described in the following steps.


Step 1 Choose Configurations > Synchronize. Prime Network lists all out-of-sync devices, the date and time when the device configurations were last changed, and when the files were last archived. Figure 3-5 provides an example.

Note The date and time are displayed according to the local time zone settings of the client.


OL-26498-01

Chapter 3 Managing Configurations Backing Up Device Configuration Files to the Archive

Figure 3-5 Configuration Synchronization - Out of Sync Devices Page

Step 2 Click the Compare icon to launch the Compare Configuration window, which provides a side-by-side view of the two configurations and highlights the differences.

Step 3 Choose the network elements you want to synchronize. This directs Prime Network to overwrite the startup configuration on the device with the configuration that is currently running.

Step 4 Click Synchronize. The Schedule Synchronization page opens.

Note You can click Restore to restore the configuration from the archive to the selected device. For more information, see Restoring a Configuration from the Archive to Devices, page 3-20.

Step 5 Set the desired schedule and enter the e-mail ID(s) to which to send a notification after the scheduled synchronization job is complete. For two or more users, enter a comma-separated list of e-mail IDs.


Step 6 Click Synchronize. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

Backing Up Device Configuration Files to the ArchiveBacking up a device configuration entails getting a copy of the configuration file from the device, and copying that file to the configuration archive. As part of the backup procedures, it is compared with the latest archived version of the same type (e.g. running with running, startup with startup). A new version of the file is archived only if the two files are different. If the number of archived versions exceeds the maximum, the oldest archive is purged (according to the values on the Configuration Management Settings page; see Configuring Global Settings for Configuration Management, page 7-1). Configurations marked with a “do not purge” label are not removed from the archive by the auto-purging procedures.

Whenever a Cisco IOS configuration file is backed up to the archive, Prime Network compares the new versions of the running and startup configurations. If there is a mismatch, Prime Network marks the device as out-of-sync. For Cisco IOS XR devices, backup operation includes active packages.

For Cisco Nexus series devices, CM backs up the startup and running configurations for all VDCs configured in the device. If there is a mismatch between the startup and running configurations of a VDC, CM creates an out-of-sync entry for that VDC.


OL-26498-01


For Cisco 7600 series devices with an ACE card, the backup operation archives running and startup configurations of the ACE card.

For Cisco ASR 5000 series devices, whenever a boot configuration file is backed up, Prime Network always overwrites the existing boot configuration in the archive.

Note Change and Configuration Management does not back up running configurations for Cisco IOS XR devices that are managed with non-system user credentials; because copy command is not available in the command-line interface (CLI) for non-system users.

Users must have Configurator privileges to back up files to the archive; see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles.

Methods for Backing Up Configuration Files to the Archive

Table 3-2 describes the methods you can use to back up configuration files to the archive. None of these methods are enabled by default.

Note You should choose the method that is appropriate to your network and how often changes are made to it. For more information, see Configuration Management Setup Tasks, page 1-7.

Table 3-2 Methods for Archiving Configuration Files

Method for Performing Archiving Description of Method For information, see:

Initial Sync Activates CM to perform an initial synchronization of the CM archive files with the configurations that are running on the network devices. If this setting is enabled, whenever the Prime Network gateway is restarted, CM performs this synchronization. This behavior is controlled by the Enable Initial Config sync up setting on the Configuration Management Settings page.

Global Settings, page 7-3

Manual A user-driven backup that is controlled from the Configurations > Backup page. Performing a backup from the Backup page overrides all other archive settings. You can schedule the file backup to occur immediately or according to a schedule.

Note Any backups scheduled using this method are completely independent of any schedules for ongoing archiving. However, users can only back up devices that are within their scope, and if they have a sufficient device scope-based role.

Manually Backing Up Configuration Files, page 3-19


OL-26498-01


Ongoing • Event-Driven—Backs up device files when Prime Network receives a configuration change notification. Use this method if you consider every configuration file change to be significant. This is controlled by the Enable Event-triggered Config Archive setting on the Configuration Management Settings page.

For this form of backup, you can choose one of the following methods for performing the archiving:

– Back up the files to the archive immediately when a change is detected.

– Queue the changes and back up the files to the archive according to a schedule.

Both of these settings are controlled from the Configuration Management Settings page.

If you are using event-driven archiving, you should also make sure that exclude commands are properly configured. Exclude commands are commands that Prime Network ignores when comparing configurations, and they are controlled from the Settings page. Using this mechanism eliminates unnecessary file backups to the archive.

• Periodic—Archives device files every 24 hours (system-defined). A new archive is created only if the newly-collected device configuration is different from the last version in the archive. Use this method if configurations change frequently and the changes are not important to you. This setting is controlled by the Enable Periodic Config Backup setting on the Configuration Management Settings page.

Note This CM collection is independent of the Prime Network inventory collection.

Global Settings, page 7-3

Table 3-2 Methods for Archiving Configuration Files (continued)

Method for Performing Archiving Description of Method For information, see:


OL-26498-01


Manually Backing Up Configuration Files


Files are automatically backed up to the archive according to the values on the Configuration Management Settings page. To perform an on-demand backup of configuration files to the archive:

Step 1 Choose Configurations > Backup. Prime Network lists all devices with the following status symbols as shown in Figure 3-6.

Step 2 Choose the devices with files you want to back up.

Figure 3-6 Configuration Backup Page

Step 3 To choose devices from a specific device group, click Select Groups.

In the Device Groups page, you can view the user-defined device groups. Click the hyperlinked device group name to view the list of devices that belong to the group. See Managing User-Defined Device Groups, page 5-2 for more information on user-defined device grouping.

Step 4 Select the required device group in the Device Groups page and click OK. The devices that belong to the selected device group are highlighted in the Configuration Backup page. You can also schedule a backup simultaneously for all the devices existing in a group. To do so:

• Select a device group and click Backup Groups.

• Enter the scheduling information as explained after Step 5 and click Backup Groups.

Step 5 In the Configuration Backup page, click Backup to configure the backup schedule.

By default, the backup is performed as soon as possible.

The other schedule choices (once, periodically, weekly, and so forth) are activated when you deselect Start as Soon as Possible.

Symbol Description

Device is available for backup.

Device is not available for backup. The device is most likely in the Maintenance investigation state or the Unreachable communication state. Click the device hyperlink and open the device properties popup to see details about the device.


OL-26498-01

Chapter 3 Managing Configurations Restoring a Configuration from the Archive to Devices

Step 6 Enter the e-mail ID(s) to which to send a notification after the schedule backup job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Configuration Management Settings page.


Step 7 Click Backup. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

Note If a backup is scheduled for an entire device group and if there is a change in the group by addition or deletion of devices after job creation, Prime Network updates the job accordingly such that all the devices available in the group at the time of execution of the job are considered for backup.

Restoring a Configuration from the Archive to DevicesPrime Network performs the configuration restore operation in the following modes:

• Overwrite mode—Prime Network overwrites the existing configuration on the device with the file you selected from the archive. The configuration on the device is restored to exactly match the archived version.

• Merge mode—Prime Network compares the file you selected for the restore with the existing running or startup configuration on the device. If they are different, the existing running or startup configuration on the device is merged with the configuration present in the version you selected from the archive.

For Cisco IOS XR devices, a restore operation basically rolls back the configuration file to a commit ID. If the commit ID associated with the archived version is not available on the device, the configuration is restored in merge mode.

For Cisco ASR 5000 series and Cisco ASR 903 devices, Prime Network allows restoring of running configuration only in Merge mode.

Note Restore operation is not applicable for boot configuration files of Cisco ASR 5000 series devices.

Prime Network uses the default restore mode (Overwrite or Merge) set up in the Configuration Management Settings page. However, you can modify the default mode while scheduling the restore operation. If you have selected the Overwrite mode, you can use the Use Merge on Failure option to restore the files in Merge mode, if Overwrite mode fails.


OL-26498-01


Users must have Configurator privileges to restore configurations to devices; see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles.


To restore a configuration:

Step 1 Choose Configurations > Restore. Prime Network lists all configuration files in the archive. Figure 3-7 shows an example of a filtered Restore page.

Figure 3-7 Configuration Restore Page

Step 2 (Cisco IOS only) Specify the type of configuration files you want to restore: Running, Startup, or both. If you choose to restore to startup configuration, Prime Network will first copy the file to running configuration and then to startup configuration.

Note Cisco IOS XR and Cisco ASR 5000 series device configuration files are always restored to the same type.

Step 3 Choose the configuration files you want to restore. You can click the Version hyperlink to view the contents of a file.

Step 4 Click Restore. The Configuration Restore Schedule dialog box opens.

Step 5 (Optional) To override the default transport protocol, you can choose it from the drop-down list. Optionally, you can also enter comments.

Step 6 (Optional) To override the default restore mode set up in the Configuration Management Settings page, choose an appropriate option. If you have selected Overwrite mode, you can check the Use Merge on Failure check box to restore the files in Merge mode, if Overwrite mode fails.


OL-26498-01


Step 7 Enter the e-mail ID(s) to which to send a notification after the scheduled restore job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Configuration Management Settings page.


Step 8 Click Restore. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

Editing a Configuration File before Restoring it to a DevicePrime Network allows you to edit a configuration file before restoring it to the device.

Note Edited configurations are always restored in Merge mode.

To edit a configuration file:

Step 1 Choose Configurations > Restore. Prime Network lists all configuration files in the archive. Figure 3-7 shows an example of a filtered Restore page.

Step 2 Choose a configuration file that you want to edit.

Step 3 Click Edit Config. You can view the details of the selected configuration file in the Configuration Editor page as shown in Figure 3-8.


OL-26498-01


Figure 3-8 Configuration Edit page

Step 4 Edit the configuration lines, as required. Note the following:

• To remove any command, add no in front of the command.

• To update any command, add no in front of the command and then add the new command.

• The restore job will fail, if there are any syntax errors in the modified commands.

Step 5 Click Restore. The Config Restore Schedule dialog box opens.

Step 6 (Optional) To override the default transport protocol, you can choose it from the drop-down list. Optionally, you can also enter comments.

Step 7 Enter the e-mail ID(s) to which to send a notification after the scheduled restore job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Configuration Management Settings page.



OL-26498-01

Chapter 3 Managing Configurations Deleting Configuration Files from the Archive

Step 8 Click Restore. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

Note To view the differences in the edited version from the original version of the configuration file, click View Diff in the Configuration Editor page.

Deleting Configuration Files from the ArchiveUsers must have Configurator or Administrator privileges to delete configurations from the archive; see User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information on user access roles.

You cannot delete an archived file if:

• It is marked “do not purge.”

• Deleting it would bring the number of versions below the minimum number of versions that must be retained (as specified on the Configuration Management Settings page).

To delete a configuration file from the archive:


Step 2 Choose the configuration file you want to delete. You can click the Version hyperlink to verify the contents of the configuration file.

Step 3 To delete a single configuration file, click the delete icon (red X) at the end of the row.

If the delete icon is disabled, this means the archive is assigned a label that is marked “do not purge.” To delete this type of configuration, you must first unassign the label from the configuration (see Assigning and Unassigning Labels from Configuration Files, page 3-9).

Step 4 To delete multiple configuration files, select the required files and then click the Delete button in the table header.

You cannot delete the files that are assigned a label that is marked “do not purge.” To delete this type of configuration, you must first unassign the label from the configuration (see Assigning and Unassigning Labels from Configuration Files, page 3-9).

Step 5 Confirm your choice. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

When a device is removed from Prime Network, its configuration files are also removed from the archive.


OL-26498-01

Chapter 3 Managing Configurations Viewing Configuration Change Logs

Viewing Configuration Change LogsThe Change Logs page displays a list of the latest device configuration changes detected by Prime Network. How Prime Network responds to these changes depends on the values on the Configuration Management Settings page. By default, Prime Network does not get new information from the device and copy it to the archive when a change occurs, but you can set it to do so. See Configuring Global Settings for Configuration Management, page 7-1.

All users can view the change logs, regardless of the user access role or assigned device scopes.

To view the latest changes, choose Configurations > Change Logs. Figure 3-9 provides an example.

Figure 3-9 Configuration Change Logs

The Configuration Change Logs page displays the following information, sorted according to the latest time stamp.

Note The date and time stamps are displayed according to the local time zone settings of the client.

Field Description

Device Name Device name.

Click the icon next to the device name to open a popup that displays device properties. In addition to the general information about the network element, the Device Properties window displays the following:

• Current active packages on the device—For Cisco IOS XR devices

• Active kickstart images—For Cisco Nexus series devices

• Priority list—For Cisco ASR 5000 series devices. The priority list displays various combinations of a configuration file and an image file in priority order for the device.


Changed Date and time when a change was made on the device (relative to the device clock).

Note This information is not displayed for Cisco ASR 5000 series devices.


OL-26498-01



Chapter 3 Managing Configurations Viewing Configuration Change Logs

User Name of the user who made the change.

Note This information is not displayed for Cisco ASR 5000 series devices.

Version Version number of the archived configuration. This number is internal to Configuration Archive.

A version will not have an associated configuration file under the following circumstances:

• The associated configuration file was deleted from the archive.

• The associated configuration file has not yet been copied to the archive. (Prime Network supports queueing change notifications and copying the configuration files to the archive at a later time. See Global Settings, page 7-3.)

Click a version number hyperlink to launch the Device Configuration Viewer, from which you can view the contents of a configuration file. See Viewing the Contents of a Device Configuration File, page 3-6.

Commit ID (Cisco IOS XR only) ID that identifies the last configuration change on the device.

Diff (Cisco IOS XR only) Displays only the commands that were changed. For long text, hover the cursor over the hyperlink to display the entire contents.

Compare Launches the Compare Configuration window, which displays the entire original and changed files side by side. This data is generated only if file versions are available.

Additions and deletions are color-coded. From here, you can:

• Click Show All Lines or Only Differences to display the entire file contents or just the differences between the two files.

• Click Previous Diff or Next Diff to jump forward or backward to the previous or next difference between the two files.

• Click the arrow buttons or enter the page number to jump forward or backward to view the file contents that are running across pages.

Field Description


OL-26498-01


C H A P T E R 4
Managing Software Images
The NEIM feature allows you to rapidly and reliably update the Cisco IOS and Cisco Nexus software images and Cisco IOS XR software packages for devices in your network. The following table lists the main NEIM GUI navigation points and what you can do at each of them. You can select each of these functions from the Images drop-down menu.

Note All image management operations are performed only on completely managed devices. (This means the Communication State of the device must be Reachable and Investigation State of the device must be Operational.)

Image Function Description Described in:

Repository Displays all software images stored in the Cisco Prime Network image repository. From here, you can import new images into the repository from Cisco.com, from a gateway file system, from an external image repository, or from existing devices. You can manage the images in the repository—View and edit image attributes, and delete images from the repository.

Using the Prime Network Image Repository, page 4-3

Package Add (Cisco IOS XR only) Allows you to add individual packages to Cisco IOS XR devices.

Adding Packages to Cisco IOS XR Devices, page 4-11

Distribute Takes an image from the repository and copies it onto a device in the network. To ensure a successful operation, Prime Network performs an upgrade analysis before distributing any images.

Distributing Images and Performing an Upgrade Analysis, page 4-13

Activate Makes an image the running image on a device. You can set activations to happen immediately or at a later scheduled time.

For Cisco IOS XR devices, you can test the activation before making any real changes. You can also deactivate and delete Cisco IOS XR packages.

Activating and Deactivating Images and Checking Image Status, page 4-19

Commit (Cisco IOS XR only) Identifies the software package as one that should persist across device reloads.

Committing Packages (Cisco IOS XR Only), page 4-25


Chapter 4 Managing Software Images

The following topics explain how you can use Prime Network Change and Configuration Management in your network. These topics do not provide details about how to manage Cisco IOS and Cisco IOS XR software. For that information, see:

• Cisco IOS—Configuration Fundamentals Configuration Guide for any Cisco IOS release.

• Cisco IOS XR—System Management Configuration Guide for the Cisco IOS XR device of interest.

Note Before using NEIM, make sure you have performed all prerequisites listed in NEIM Setup Tasks, page 1-8.

Note If you are managing Cisco IOS XR packages, be sure to read the topic Special Notes on Cisco IOS XR Package Management, page 4-3.


NEIM saves messages that can be used for debugging in PRIME_NETWORK_HOME/XMP_Platform/logs/NEIM.log.

Note We recommend that you verify that an image operation is correct on a single device, preferably in a lab, prior to distributing and activating a change in image on multiple devices in a production network.

Rollback (Cisco IOS XR only) Reverts the device packages to a previous installation state—specifically, to a package installation rollback point.

Rolling Back Cisco IOS XR Packages, page 4-26

Jobs Displays a list of the Cisco IOS or Cisco IOS XR jobs of the user. Prime Network lists other jobs related to image downloads from Cisco.com, from existing devices, from another file system, or from an external image repository.

Managing Change and Configuration Management Jobs, page 6-1

Settings Specifies the default image transport protocol and the default image staging and storing directories. Also allows you to configure credentials so that NEIM users can download images from Cisco.com.

Configuring Global Settings for Image and Package Management, page 7-7

Image Function Description Described in:


OL-26498-01


http://www.cisco.com/en/US/products/ps6537/products_ios_sub_category_home.html

Chapter 4 Managing Software Images Special Notes on Cisco IOS XR Package Management

Special Notes on Cisco IOS XR Package ManagementPackage management includes the add, activate, deactivate, commit, and rollback operations on Cisco IOS XR devices. Before you perform any of these operations, read the following:

• When doing a version upgrade (which upgrades the core package and involves a router reload) on a Cisco IOS XR device, all of the packages on the router should be upgraded at the same time, as part of the same job. For example, if the c12k-mini, c12k-mgbl, c12k-mpls, c12k-k9sec, and c12k-mcast packages are on the router at version 3.4.1, when upgrading to version 3.5.0, all of the packages must be upgraded at the same time to version 3.5.0.

Note An upgrade pie is required only when you upgrade Cisco IOS XR devices from version 3.x to 4.x. You must deactivate and remove the upgrade pie, if you wish to perform any install operations, including the install commit operation on the devices upgraded from 3.x to 4.x.

• When upgrading the core router package (such as c12k-mini or comp-hfr-mini), the manageability package (such as c12k-mgbl or hfr-mgbl-p) must be upgraded at the same time to ensure that the router remains manageable after the reload.

• Cisco IOS XR routers support the clear install rollback oldest x command, that allows you to manage the number of rollback points maintained on the router. Executing this CLI command periodically on the router allows you to limit the number of rollback points. When executing this command, you must ensure that at least one valid rollback point is always maintained to enable Prime Network to show the package status correctly. We recommend that you maintain about 20 rollback points on the router.

• NEIM does not support upgrading a router running Cisco IOS software to Cisco IOS XR software.

For more information, refer to the System Management Configuration Guide for the Cisco IOS XR release and device of interest.

Using the Prime Network Image RepositoryThe Prime Network image repository maintains copies of software image files, storing them in the Prime Network database. Image files are stored in binary format. Users can perform the following management functions from the image repository:

• Browsing and Searching for Images in the Prime Network Image Repository, page 4-4

• Importing Images into the Prime Network Image Repository, page 4-5

• Editing Image Attributes in the Prime Network Image Repository, page 4-10

• Deleting Images from the Prime Network Image Repository, page 4-10

All users can view images in the repository.

Choose Images > Repository to view the contents of the Prime Network image repository. The Images Repository page lists all images that are stored in the Prime Network database. Figure 4-1 provides an example of the Images Repository page with the filter group (highlighted with a red outline.)


OL-26498-01


Chapter 4 Managing Software Images Using the Prime Network Image Repository

Figure 4-1 Images Repository Page

The Images Repository page displays the following information about each image. Upgrade Analysis uses these image attributes to determine if a given image is compatible with a device.

Browsing and Searching for Images in the Prime Network Image RepositoryThe Images Repository page lists all software images that are stored in the Prime Network database. Change and Configuration Management provides filter options that allow you to find and display only the images in which you are interested (for example, only Cisco IOS XR images). Images are stored in binary format.

Field Description

Image Name Name of file in repository.

Family Cisco device family the image can be installed on.

Version Cisco IOS, Cisco IOS XR, Cisco Nexus, or Cisco ASR version that supports the image.

FeatureSet Description of image, if available.

Imported Date and time the software image was added to the repository. The date and time are displayed according to the local time zone settings of the client.

Size (MB) Size of the software image.

Min RAM/Flash (MB) Memory required on network element to properly run the image, if applicable.

Comments Information entered by the user.


OL-26498-01


To view and filter the image files on the Images Repository page:

Step 1 Choose Images > Repository. Images are sorted by image name.

Note If no images are displayed, it could be because preexisting filters are still in use. Click Clear Filter.

Step 2 From the Show drop-down menu, choose Quick Filter. A filter group appears as shown (with a red outline) in Figure 4-1.

Step 3 Place your cursor in any one of the fields (text boxes) in the filter group. The available options are displayed as a drop-down menu.

Step 4 Choose the desired value from the menu. The filtered images are displayed accordingly.

Note Filter entries are cumulative. To start a new filter, click the close (x) icon next to the selected value in the text box.

Importing Images into the Prime Network Image RepositoryYou can import software images into the Prime Network image repository from four sources, as explained in the following topics:

• Importing Images from Cisco.com to the Prime Network Image Repository, page 4-6

• Importing Images from Devices to the Prime Network Image Repository (Image baseline), page 4-6

• Importing Images from a File System to the Prime Network Image Repository, page 4-8

• Importing Images from an External Repository to the Prime Network Image Repository, page 4-9

When a file is imported, Prime Network verifies whether the file contents are different from the previous version in the repository. If there are no differences, Prime Network does not overwrite the file in the repository.

Files are imported into the storing directory specified on the Image Management Settings page (see Configuring Global Settings for Image and Package Management, page 7-7). By default, the storing directory is PRIME_NETWORK_HOME/NCCMComponents/NEIM/images/, where PRIME_NETWORK_HOME is the Prime Network installation directory (by default, /export/home/network-user; where network-user is the operating system user for the Prime Network application and an example of network-user is network39). From there, they are imported into the repository.

Only users with Configurator privileges can import images into the repository. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Note Before importing images, make sure internet connectivity is available to the server; otherwise, the imported images will not be populated with RAM, boot ROM, and feature set.


OL-26498-01


Importing Images from Cisco.com to the Prime Network Image Repository

Use this method to add software images from Cisco.com to the Prime Network image repository. To successfully connect to Cisco.com, the proxy server settings and the Cisco.com credentials of the user must be specified in the Image Management Settings page (see Configuring Global Settings for Image and Package Management, page 7-7).

When you download an image from Cisco.com, Prime Network creates a job for the download. The job information is saved, along with other job information, in the database.

Before You Begin

• Make sure the internet connection is up and Prime Network server has access to Cisco.com.

• Make sure the Cisco.com credentials of the user are properly set on the Image Management Settings page. For more information, see Configuring Global Settings for Image and Package Management, page 7-7.

• Make sure you have required privileges to download images from Cisco.com.

To import images from Cisco.com into the Prime Network image repository:

Step 1 Choose Images > Repository.

Step 2 From the Import drop-down list, choose From Cisco.com. The Upload Images dialog box appears.

Step 3 Make your selections in the Upload Images dialog box:

a. Choose a device type, software version, and then a feature set.

b. Click Add to Cart. The Import Cart window opens with the selected device details.

c. You can remove an item by clicking the delete icon (red X) to the right of the item. Click OK to close the Import Cart window. (This closes the cart but does not initiate the import.)

d. Repeat these steps until you have selected the images you want to import.

Step 4 Import the files by clicking Import in the Upload Images window or in the Import Cart window. Change and Configuration Management redirects you to the Jobs page, where you can monitor the status of the import job.

Step 5 Choose Images > Repository again to refresh the list of images. If any of the image information could not be retrieved, the field will display NA. (If preexisting filters are still in use, you may need to click Clear Filter.)

If an image attribute was not auto-populated, the image attributes were unavailable from the image header. We recommend that you manually enter the information to ensure the accuracy of the upgrade analysis. See Editing Image Attributes in the Prime Network Image Repository, page 4-10.

After the import, you can also add informational text to the Comments field. Normally at this point you will distribute the images; see Distributing Images and Performing an Upgrade Analysis, page 4-13.

Importing Images from Devices to the Prime Network Image Repository (Image baseline)

Use this method to import software images from existing devices to the Prime Network image repository. For Cisco IOS devices, images that are currently running on the devices are imported. For Cisco IOS XR devices, pie and .vm files corresponding to active packages are imported. If no such files are available on the devices, no images or packages will be imported.


OL-26498-01


For Cisco 7600 series devices with ACE cards, images that are available on the ACE card(s) are also imported into the repository. However, the image should be available in the Cisco 7600 supervisor module filesystem to perform the import operation. Change and Configuration Management supports TFTP, FTP, and SCP for image baseline operation on ACE cards.

Prime Network looks for software images on the device NVRAM and on the following flash disks: disk0, disk0a, disk1, disk1a, compactflash, configflash, and bootflash. Prime Network does not perform a recursive search because the operation could easily overload the device.

To import images from devices into the Prime Network image repository:


Step 2 From the Import drop-down list, choose From Devices. The Devices dialog box appears with the following fields.

You can filter the devices based on device name, IP address, element type, or software version using the Quick Filter option from the Show menu. For long texts in the Element Type, Software Version, and Running Image fields, hover the cursor over the hyperlink to display the entire contents.

Step 3 To import images from devices of a specific group, click Select Groups.

In the Device Groups page, you can view the user-defined device groups. Click the hyperlinked device group name to view the list of devices that belong to the group. See Managing User-Defined Device Groups, page 5-2 for more information on user-defined device grouping.

Step 4 Select the required device group in the Device Groups page and click OK.

The devices that belong to the selected device group are highlighted in the Devices page. You can also import all the devices existing in a group. To do so:

– Select a device group and click Import from Group.

– Enter the scheduling information as explained after Step 5 and click Import from Group.

Step 5 In the Devices page, click Import. A scheduler popup window appears.

Step 6 Enter the scheduling information. By default, jobs are scheduled to run as soon as possible.

Step 7 Select the transfer protocol that Change and Configuration Management should use when copying images from the device. Supported protocols are:

• TFTP (unsecured; Cisco ASR 5000 series devices use this protocol for importing images)

• SFTP/SCP (secured; Cisco IOS XR devices and Cisco Nexus 5000 and 7000 series devices use SFTP, and Cisco IOS devices use SCP)

• FTP (unsecured)

Field Description

Status The status of the device.

Device Name Name of the device.

IP Address The IP address used for managing the device.

Element Type The device type with the name of the manufacturer, for example Cisco 7200.

Software Version The software version running on the device.

Running Image The software image currently running on the device.


OL-26498-01


The protocol set up in the Image Management Settings page is displayed by default.

Step 8 If you have selected two or more devices, click one of the following to specify the operation mode:

• Parallel Order—Imports images from all devices at the same time.

• Sequential Order—Allows you to specify the order of the devices to import the images from. You can do so by moving the devices up and down in the Device Order box.

Note The Device Order box will not be available, if the number of devices is more than 300. Prime Network sequences the devices based on the default order (that you used while selecting the devices.)

Step 9 Enter the e-mail ID(s) to which to send a notification after the import job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.

Note Before you enter the e-mail ID(s), ensure that you have set up the SMTP host and SMTP port in the Image Management Settings page (see Configuring Global Settings for Image and Package Management, page 7-7). The e-mail ID(s) configured in the Image Management Settings page, if any, will be displayed by default. You can modify the e-mail ID(s) if required.

Step 10 Click Import. Prime Network redirects you to the Jobs page, where you can monitor the status of the import job.

Note If you chose to import all devices from a group and if there is a change in the group by addition or deletion of devices after job creation, Prime Network updates the job accordingly such that all the devices available in the group at the time of execution of the job are considered.

Step 11 Choose Images > Repository again to refresh the list of images. If any of the image information could not be retrieved, the field will display NA. (If preexisting filters are still in use, you may need to click Clear Filter.)

If an image attribute was not auto-populated, the image attributes were unavailable from the image header. We recommend that you manually enter the information to ensure the accuracy of the upgrade analysis. See Editing Image Attributes in the Prime Network Image Repository, page 4-10.

After the import, you can also add informational text to the Comments field. Normally at this point you will distribute the images; see Distributing Images and Performing an Upgrade Analysis, page 4-13.

Importing Images from a File System to the Prime Network Image Repository

Use this method to add software images from a local gateway file system to the Prime Network image repository. Prime Network copies files into the repository from the local gateway file system specified in the Image Management Settings page (as described in Configuring Global Settings for Image and Package Management, page 7-7).

Note After files are imported into the repository, we recommend that you delete them from the storing directory to free space for future imports.


OL-26498-01


To import images from a gateway storing directory into the Prime Network image repository:


Step 2 From the Import drop-down list, choose From Filesystem.

The Software Upload from File System dialog box displays available images, their size, and whether they are already available in the prime network image repository or not. You can filter the choices by using the Quick Filter option from the Show menu. You can choose the image name and the In Repository option to retrieve the desired image.

Step 3 Select the images you want to import and click OK. Prime Network redirects you to the Jobs page, where you can monitor the status of the import job.

Step 4 Click Refresh in the Repository page to display the imported images. If the information could not be retrieved, the field will say NA. (If preexisting filters are still in use, you may need to click Clear Filter.)

If the attributes of an image were not auto-populated, the image attributes were unavailable from the image header. We recommend that you manually enter the information to ensure the accuracy of the upgrade analysis. See Editing Image Attributes in the Prime Network Image Repository, page 4-10.

At this point, it is a good idea to remove the copied files from the storing directory. This will free space for future imports.

After the import, you can add informational text to the Comments field or edit its attributes (for example, if you want to make the minimum storage values more specific because you know a smaller size is sufficient). Normally, at this point, you will distribute the images; see Distributing Images and Performing an Upgrade Analysis, page 4-13.

Importing Images from an External Repository to the Prime Network Image Repository

Use this method to add software images from an external image repository to the Prime Network image repository. Prime Network allows importing images from IPv4 and IPv6 servers. You can view the images available in the external image repository and then import them to the internal repository in the Prime Network database. Prime Network copies files into the repository from the external server specified on the Image Management Settings page (as described in Configuring Global Settings for Image and Package Management, page 7-7).

Before You Begin

• Make sure the Prime Network server has access to the external server.

• Make sure the external server details and the required credentials are properly configured on the Image Management Settings page. For more information, see Configuring Global Settings for Image and Package Management, page 7-7.

• Make sure you have required privileges to download images from the external repository.

To import images from an external image repository into the Prime Network image repository:


Step 2 From the Import drop-down list, choose From External Repository.

The Software Upload from External Repository dialog box displays available images, their size, and whether they are already available in the prime network image repository or not. You can filter the choices by using the Quick Filter option from the Show menu. You can choose the image name and the In Repository option to retrieve the desired image.


OL-26498-01


Step 3 Select the images you want to import and click OK. Prime Network redirects you to the Jobs page, where you can monitor the status of the import job.

Step 4 Click Refresh in the Repository page to display the imported images. If the information could not be retrieved, the field will say NA. (If preexisting filters are still in use, you may need to click Clear Filter.)

If the attributes of an image were not auto-populated, the image attributes were unavailable from the image header. We recommend that you manually enter the information to ensure the accuracy of the upgrade analysis. See Editing Image Attributes in the Prime Network Image Repository, page 4-10.

At this point, it is a good idea to remove the copied files from the storing directory. This will free space for future imports.

After the import, you can add informational text to the Comments field or edit its attributes (for example, if you want to make the minimum storage values more specific because you know a smaller size is sufficient). Normally, at this point, you will distribute the images; see Distributing Images and Performing an Upgrade Analysis, page 4-13.

Editing Image Attributes in the Prime Network Image RepositoryYou can edit information associated with files that are in the Prime Network image repository. For example, you can enter a comment to notify users of an important feature of the image, or you might want to adjust the storage size for a device if you know a smaller size is sufficient.

Only users with Configurator privileges can edit image attributes. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

To edit the attributes of images stored in the Prime Network image repository:


Step 2 Select the desired image and click the Edit button in the table header. The selected row is available for editing.

Step 3 Make your changes to the following, as needed:

• Minimum RAM (MB) and Flash (MB)—You can adjust the storage size for the device.

• Comments—You can create new comments or edit earlier comments.

At any time, click Cancel to revert to the original attribute settings.

Step 4 Click Save to save your edits.

Deleting Images from the Prime Network Image RepositoryOnly users with Configurator privileges can delete images from the Prime Network image repository. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Deleting a package may cause a rollback point to become unexecutable. If a package or version of a package that is associated with a specific rollback point is removed, it will no longer be possible to roll back to that point. See Rolling Back Cisco IOS XR Packages, page 4-26.


OL-26498-01

Chapter 4 Managing Software Images Adding Packages to Cisco IOS XR Devices

To delete images from the Prime Network image repository:


Step 2 Select the image you want to delete and click the Delete button (with red X) in the table header.

Step 3 To collectively delete all images in the repository, click the Delete All button in the table header.

You will see a prompt asking you to confirm whether or not to proceed with the operation.

Step 4 Click OK to confirm and image(s) available in the repository will be deleted.

Deleting a file from the Prime Network image repository does not delete files that are installed on the device. For example, packages can only be removed from Cisco IOS XR devices using the procedure described in Activating, Deactivating, and Deleting Cisco IOS XR Packages, page 4-22.

Adding Packages to Cisco IOS XR DevicesImage Management supports package addition as a separate operation for Cisco IOS XR devices. To complete the package management life cycle, Image Management supports adding a package from a pie file, which is already present in the Cisco IOS XR device storage.

To add packages for Cisco IOS XR devices:

Step 1 Choose Images > Package Add. The Package Add wizard displays all the Cisco IOS XR devices in the Select Device(s) page. You can filter the results by device name, IP address, or element type by using the Quick Filter option from the Show menu.

Step 2 Select a device and click Next to open the Select Package(s) page as shown in Figure 4-2. Prime Network displays all the packages available for the selected device. You can filter the results by device name or package name.


OL-26498-01

Chapter 4 Managing Software Images Adding Packages to Cisco IOS XR Devices

Figure 4-2 Select Packages Page in the Package Add Wizard

Step 3 Choose the package(s) that you want to add for the selected device.

Step 4 Click Next to open the Schedule Package Addition page in the wizard.


Step 6 If you have selected two or more devices in the Select Devices page, click one of the following to specify the operation mode:

• In Parallel Order—Add packages for all devices at the same time.

• In Sequential Order—Allows you to specify the order of the devices to import the packages for.

Step 7 Enter the e-mail ID(s) to which to send a notification after the scheduled package addition job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.


1 Package Add wizard 4 Next Button—Takes you to the next page in the wizard

2 Select Devices page—Select a device for package addition

5 Previous Button—Takes you to the previous page in the wizard

3 Select Packages page—Select the package to add to the device

6 Schedule Package Addition—Schedule package addition job


OL-26498-01

Chapter 4 Managing Software Images Distributing Images and Performing an Upgrade Analysis

Step 8 Click Finished. Prime Network schedules the job and redirects you to the Jobs page, where you can monitor the status of the job.

Distributing Images and Performing an Upgrade AnalysisThese topics explain how NEIM performs image distribution and upgrade analysis:

• What Happens During Image Distribution?, page 4-13

• What Happens During Upgrade Analysis?, page 4-13

• Procedure for Distributing a Software Image and Using Upgrade Analysis, page 4-14

What Happens During Image Distribution?

The distribution process entails copying a software image to a network element without activating it (although you can choose to activate it as an optional part of the procedure).

Prime Network uses the image staging location and transport protocol (TFTP, by default) specified on the Image Management Settings page. During the distribution procedure, Prime Network prefilters your image choices to fit your selected devices (or vice versa, if you begin by selecting images and then devices). Prime Network displays the available upgradable modules and the storage partitions (if any) on the network element for the image distribution. You can choose the storage location you want to use. You can also choose to clear the disk space for distributing the image or package if there is insufficient memory.

Note Distribution job fails if there is insufficient memory on the device.

Prime Network then performs an upgrade analysis to check the suitability of the device for the chosen image (upgrade analysis is described in the following topic).

The final step is to schedule the distribution job to occur either as soon as possible or at a future date (the default is as soon as possible). If desired, you can specify a different transport protocol for the job. You can also specify the e-mail ID(s) of users to send a notification e-mail to upon completion of the distribution job. Optionally, you can also schedule the following as part of the same job:

• Package addition for Cisco IOS XR devices.

• Activation once the images or packages are distributed.

• Commit the packages after distribution for Cisco IOS XR devices.

• Warm upgrade for Cisco IOS images.

What Happens During Upgrade Analysis?

When Prime Network performs an upgrade analysis, it gets the attributes of the selected image and checks certain device features, and then generates a separate report for each device. Performing an upgrade analysis is a mandatory part of the distribution process. You must complete the upgrade analysis for all the selected devices to proceed with the distribution. However, even if the upgrade analysis reports errors, Prime Network will allow you to proceed with the distribution.

The upgrade analysis answers the following questions that are important to image distribution:


OL-26498-01


• Is there sufficient RAM or storage (depending on which is used)?

• Is the software image compatible with the device family?

• Is the software version compatible with the image version running on the device?

The following symbols are used on the Distribution page.

To enable Prime Network to perform a valid upgrade analysis, the required image and device data must be available. Prime Network gathers this information from two sources:

• The Prime Network image repository, which contains information about minimum RAM, minimum Flash, and so on, in the image header.

• The Prime Network inventory, which contains information about the active images on the device, as well as Flash memory, modules, and processor details.

Procedure for Distributing a Software Image and Using Upgrade Analysis

The following procedure explains how to perform an image distribution. You can also use this procedure to perform an upgrade analysis and then exit the procedure before performing the distribution.

Only users with Configurator privileges can distribute images to devices. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Before You Begin

• If you are doing a Cisco IOS XR version upgrade (which upgrades the core package), read Special Notes on Cisco IOS XR Package Management, page 4-3 for information about other packages that you should upgrade at the same time.

• The device VNE (the device model in Prime Network) must be in a managed state when you run the command. (This means the VNE Communication State must be Reachable, and the Investigation State must be Normal or Incomplete. For more information on VNE states, see the Cisco Prime Network 3.9 Administrator Guide.)

Table 4-1 Status Icons

Symbol

Description

In Device Status Column

In Distribution Upgrade Analysis Column or Activation Analysis Results

Device is available for upgrade analysis and distribution.

Device passed without warnings.

Device is not available for upgrade analysis or distribution. Most likely the device is in the Maintenance investigation state or the Unreachable communication state. Click the device hyperlink and open the device properties popup to see details about the device.

Device passed with warnings. Click the icon to get more information.

n/a Device did not pass analysis. Click the icon to get more information.


OL-26498-01



To distribute images and use upgrade analysis:

Step 1 Choose Images > Distribute and then choose the device type (IOS or IOS-XR) and selection method (by image or package, or by device).

a. If you start by using the Image or Package selection method, Prime Network displays the images or packages available in the internal repository. However, you can choose From External Repository from the drop-down list in the table header, to display the images or packages from the external image repository.

Note Make sure you have configured the required credentials for accessing the external image repository in the Image Management Settings page. For more information, see Configuring Global Settings for Image and Package Management, page 7-7.

Figure 4-3 shows an example of this type of distribution.

Figure 4-3 Distributing Cisco IOS Image

1 Distribute IOS Image wizard 5 Select Boot Config page—Select the boot configuration file for activation (applicable for Cisco ASR series devices only)

2 Select Image page—Select an image for distribution

6 Select Storage page—Select a storage location on the network element for distribution

3 Select Devices page—Select device(s) to distribute the image to.

7 Upgrade Analysis window—Indicates whether network element has sufficient space for distribution

4 Select Compatible Image page—Select a compatible image (for Cisco Nexus series devices only)

8 Schedule Distribution page—Schedule the distribution job


OL-26498-01


– Choose an image or package, and click Next to open Select Devices page in the wizard. You can filter your results by device name, IP address, element type, running image, software version, and recommended value (Yes or No).

– To choose devices of a specific device group, click Select Groups. In the Device Groups page, you can view the user-defined device groups. Click the hyperlinked device group name to view the list of devices that belong to the group. See Managing User-Defined Device Groups, page 5-2 for more information on user-defined device grouping.

– Select the required device group in the Device Groups page and click OK.

The eligible devices that belong to the selected device group are highlighted in the Select Devices page.

– Choose one or more devices and click Next.

Note An alert message is displayed if you select a device that is not compatible with the selected image or package. Check the Recommended field that shows Yes or No to identify the compatibility of the selected device for the image or package.

For Cisco Nexus 5000 or Cisco Nexus 7000 series devices, the Select Compatible Image page appears with kickstart images if you have selected a system image, and vice versa.

– (For Cisco Nexus 5000 or Cisco Nexus 7000 series devices) Select a compatible image if required, and click Next to open the Select storage page in the wizard.

– (For Cisco ASR 5000 series devices only) Select a boot configuration file for activation from the available list and click Save. You can activate a boot configuration file on the device while distributing an image. Then click Next to open the Select storage page in the wizard.

b. If you start by using the Device selection method, Prime Network displays the managed devices. You can filter by device name, IP address, element type, running image, and software version.

– To choose devices of a specific device group, click Select Groups in the table header. In the Device Groups page, you can view the user-defined device groups. Click the hyperlinked device group name to view the list of devices that belong to the group. See Managing User-Defined Device Groups, page 5-2 for more information on user-defined device grouping.


Note Prime Network does not include those devices that do not belong to the selected device family in the distribution job.


– Choose one or more devices and click Next. Prime Network displays all images or packages which are valid for the selected devices from the internal image repository. However, you can choose From External Repository from the drop-down list in the table header, to display the images or packages from the external image repository.

Note Change and Configuration Management allows image distribution from external repository only through FTP. Make sure you have configured the required credentials for accessing the external image repository in the Image Management Settings page. For more information, see Configuring Global Settings for Image and Package Management, page 7-7.


OL-26498-01


You can filter your results by using the filter options.

– Choose the image or package that you want to install on the devices, and click Next.

Note An alert message is displayed if you select an image or package that is not compatible with the selected device family. Check the Recommended field that shows Yes or No to identify the compatibility of the image or package with the selected device family.

If you have selected a Cisco Nexus 5000 or Cisco Nexus 7000 series device in the Select Devices page, Prime Network displays the system and kickstart images available for the selected device in the Select Image page. Select an image and click Next. The Select Compatible Image page appears with kickstart images if you have selected a system image, and vice versa.

– (Cisco Nexus 5000 or Cisco Nexus 7000 series devices only) Select a compatible image if required, and then click Next.

If you have selected a Cisco ASR 5000 series device in the Select Devices page, the Select Boot Config page appears.

– (For Cisco ASR 5000 series devices only) Select a boot configuration file for activation from the available list and click Save. You can activate a boot configuration file on the device while distributing an image. Then click Next to open the Select Storage page in the wizard.

Step 2 In the Select Storage page, choose a storage location. This specifies where on the network element the image or package will be copied when it is distributed.

You can do either of the following:

• Specify a storage location for all devices (a global location) by choosing a location from the drop-down list named Storage to be used for all devices in the table header.

• Specify storage locations by device, using the individual device storage drop-down lists. (You can override the global location by choosing another location from the drop-down list.)

Step 3 Perform an upgrade analysis to check whether the network element has sufficient space for the image or package. Click Upgrade Analysis. After a few moments, Prime Network displays the results of the analysis in the Upgrade Analysis column; it will be one of the icons listed in Table 4-1 on page 4-14. Click the symbol next to the icon to see the Upgrade Analysis report; an example is in Figure 4-3.

Note For Cisco Nexus 5000 or Cisco Nexus 7000 series devices, Prime Network displays the upgrade analysis results for both the system and kickstart images selected for the device.

If the upgrade analysis reports warnings, Prime Network will still allow you to proceed with the distribution. If an error is reported, you will see a prompt asking you to confirm whether or not to proceed with the operation.

Note Check the report to verify whether the storage location has sufficient space for the image or package. If the space is insufficient, the distribution will fail. If there is insufficient memory, you can choose to clear the disk space while scheduling the distribution in the Schedule Distribution page.

Step 4 If you do not want to distribute any images or packages (for example, if you only wanted to perform a manual upgrade analysis), click Cancel. Otherwise, proceed to Step 5.


OL-26498-01


Step 5 Click Next to open the Schedule Distribution page in the wizard, and complete the schedule information.

Note You can proceed with scheduling the distribution only if upgrade analysis is completed for all the devices (spanning across multiple pages) in the Select Storage page.

The following table describes the fields you will see on this page.

Field Description

Schedule Distribution

Controls whether the distribution job should run as soon as possible (the default) or at a future scheduled time.

File Transport Protocol

Allows you to override the default transfer protocol (as configured on the Image Management Settings page) by choosing another protocol from the drop-down list.

Clear Flash (Optional) Allows you to recover the disk space occupied by files that were marked for deletion in the device, if there is insufficient memory while distributing the image or package.

E-mail Id(s) The e-mail ID(s) to which to send a notification after the scheduled distribution job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.


Install Add Package(s)

(Optional) Allows you to add packages during distribution for Cisco IOS XR devices.

Schedule Activation

(Optional) Controls whether Prime Network should start an activation job once the images or packages are distributed. You can choose to run the activation job as soon as the distribution job is finished or at a future scheduled time.

Note When distributing images or packages to multiple devices, we recommend that you perform the activation separately from the distribution.


OL-26498-01

Chapter 4 Managing Software Images Activating and Deactivating Images and Checking Image Status

Step 6 Click Finished. You are redirected to the Jobs page, where you can check the status of the distribution job.

Note Distribution fails if a timeout occurs after 30 minutes. You can view the job results for information on why the distribution failed. Remember to delete older images and packages from the staging directory.

Activating and Deactivating Images and Checking Image Status For Cisco IOS devices, when a new image is activated, it becomes the running image on the disk. Deactivated images remain on the disk to be removed by a user. When a new image is activated, older images are automatically deactivated.

For Cisco IOS XR devices, there might be multiple packages running on each device. You can choose to activate, deactivate, or remove individual packages on the devices.

Note For Cisco IOS XR devices, we recommend that you do not commit the package change until the device runs with its configuration for a period of time, until you are sure the change is appropriate. In that way, the change is not yet persisted across device reloads.

You can also use this page to find out what image is currently running on a device.

Process Specifies how Prime Network should run the job processes for both distribution and activation jobs, if you have selected two or more devices in the Select Devices page.

If you chose Sequentially, you can also do the following:

• Specify the order in which the operations should be processed, by moving the items up and down in the Reorderable Rows box.

• To stop the job if an error is encountered, check the Stop if an error occurs check box. The default is to proceed even if an error is encountered. (When the job completes, Change and Configuration Management will provide a job report giving all results.)

Note When scheduling image or package activation jobs which can reload the router, we recommend that you choose Sequentially. If you choose In Parallel, routers which are in the connectivity path of other routers participating in the job may reload, causing problems.

Commit Controls whether Prime Network should commit the packages after distribution for Cisco IOS XR devices.

Warm Upgrade (For Cisco IOS only) Activates the Warm Upgrade feature to reduce the device downtime during the distribution process. For more information on the warm upgrade feature, see Warm Upgrade (For Cisco IOS only), page 1-3.

Field Description


OL-26498-01


Only users with Configurator privileges can activate, deactivate, or delete images. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Activating Cisco IOS Images

Before You Begin

The device VNE (the device model in Prime Network) must be in a managed state when you run the command. (This means the VNE Communication State must be Reachable, and the Investigation State must be Normal or Incomplete. For more information on VNE states, see the Cisco Prime Network 3.9 Administrator Guide.)

To activate a Cisco IOS image on a network element:

Step 1 Choose Images > Activate > IOS and the activation method (by Images or Devices).

a. If you choose to activate by images, Prime Network displays the images in the repository. You can filter the details by the Quick Filter option.

Note Prime Network displays only root level bin files for selection.

For a Cisco 7600 series device with ACE cards, you can choose to view the images from the ACE cards on that device by selecting an appropriate option from the Select Card drop-down list in the table header. The Select Card option is disabled otherwise.

– Choose an image and click Next to open the Select Devices page in the wizard. Prime Network displays all devices to which the image applies (however, the presence of the image on the devices will be validated in a later step). You can filter your results by device name, IP address, element type, running image, or software version.



Note Prime Network does not include devices that do not belong to the selected device family for the activation job.


– Select the required device and click Next.

If you have selected a Cisco 7600 series device with ACE cards and if you have set the Select Card option to Yes in the Select Image page, the Select Cards / Images page appears. Select the ACE card on which the image must be activated and click Next.

If you have selected a Cisco Nexus 5000 or Cisco Nexus 7000 series device, the Select Compatible Image page appears with kickstart images if you have selected a system image in the Select Image page, and vice versa.

– (Cisco Nexus 5000 or Cisco Nexus 7000 series devices only) Select a compatible image if required, and then click Next.


OL-26498-01




If you have selected a Cisco ASR 5000 series device in the Select Devices page, the Select Boot Config page appears.

– (For Cisco ASR 5000 series devices only) Select a boot configuration file for activation from the available list and click Save and then Next. You can activate a boot configuration file on the device in addition to an image.

Note However, if a device is activated with a boot configuration, which does not have the correct user credentials, a timeout error occurs during activation.

b. If you choose to activate by devices, Prime Network displays all managed devices. It also displays the images that are currently running on the devices. You can filter by device name, IP address, element type, running image, or software version.





– Choose one or more devices and click Next. If you have selected a Cisco 7600 series device with ACE cards, the Select Card option in the table header is enabled. Select Yes to choose an ACE card on which the image must be activated. Click Next after selecting the required ACE card, to proceed with the image selection process.

In the Select Images page, Prime Network displays all images which are valid for the selected devices. You can filter your results by image name and version.

Note Prime Network displays only root level bin files for selection. For a Cisco Nexus 5000 or Cisco Nexus 7000 series device, Prime Network displays the kickstart images available on the device in the Kickstart Images field. The field displays N/A if there are no kickstart images for the device.

– Choose the image that you want to activate on the devices, and click Next.

– For Cisco ASR 5000 series device, the Enter Boot Config page appears. You can activate a boot configuration file on the device in addition to an image. Select a boot configuration file from the available list and click Save and then Next.

Note However, if a device is activated with a boot configuration, which does not have the correct user credentials, a timeout error occurs during activation.


OL-26498-01


Step 2 The Image Analysis page is displayed. Check the Image Analysis page to see if analysis was successful. Click the icon in the Analysis column to get information about why the operation can or cannot proceed (it will be one of the icons listed in Table 4-1 on page 4-14). If it cannot proceed, you will not be permitted to continue. Otherwise, click Next.


Step 4 Enter the e-mail ID(s) to which to send a notification after the scheduled activation job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.


Step 5 (For Cisco IOS only) Activate the Warm Upgrade option to reduce the device downtime during the activation process. For more information on the warm upgrade feature, see Warm Upgrade (For Cisco IOS only), page 1-3.

Step 6 Click one of the following to specify the operation mode, if you have selected two or more devices in the Select Devices page.

• In Parallel—Activates all packages for the devices at the same time.

• Sequentially—Allows you to define the order of the devices to activate the packages for.

Step 7 Click Finished to schedule the activation.

Activating, Deactivating, and Deleting Cisco IOS XR Packages

Use this procedure to activate or deactivate a Cisco IOS XR package. From here, you can also delete a Cisco IOS XR package from a device, which frees the disk space that Cisco IOS XR devices retain after a package is deactivated. These are also known as Cisco IOS XR package operations.

Before You Begin

• If you are doing a Cisco IOS XR version upgrade (which upgrades the core package), read Special Notes on Cisco IOS XR Package Management, page 4-3 for information about other packages that you should upgrade at the same time.


To activate or deactivate a Cisco IOS XR package, or delete a Cisco IOS XR package from a device:

Step 1 Choose Images > Activate > IOS-XR and the activation method (by Packages or Devices.). The Activate IOS-XR Packages wizard appears.

a. If you choose to activate by packages, Prime Network displays the packages in the repository. You can filter the details by using the Quick Filter option.

Figure 4-4 shows an example of this type of activation.


OL-26498-01



Figure 4-4 Activating Cisco IOS XR Packages—Choosing the Packages

– Choose one or more packages and click Next. Prime Network displays all devices to which the package applies (however, the presence of the packages on the devices will be validated in a later step). You can filter your results by device name, IP address, element type, running image, or software version.





– Choose the devices on which you want the packages to be activated, and click Next.

1 Activate IOS-XR Packages wizard 5 Global option to set the desired operation for all packages

2 Select Packages page—Select package for activation

6 Choose the operation for individual packages

3 Select Devices page—Select device(s) to activate the image on.

7 Package Analysis page—View the results of the package analysis for activation

4 Select Operations page—Choose the operation to perform with the package

8 Schedule Job page—Schedule the activation job


OL-26498-01


b. If you choose to activate by devices, Prime Network displays all managed devices. (It also displays the packages that are currently running on the devices.) You can filter by device name, IP address, element type, or software version. From this page you can also view the running package of the Cisco IOS XR device.





– Choose one or more devices and click Next. Prime Network displays all packages which are valid for the selected devices. You can filter your results by package name and version.

– Choose the packages that you want to activate on the devices, and click Next. The Select Operations page appears as shown in Figure 4-4.

Step 2 Specify the operations you want to perform. You can perform different operations on different devices or the same operation on all devices (by selecting the desired operation from the Use the following Operation for all Packages drop-down list in the table header). When you select a device, Prime Network will display all of the packages that are installed on the device.

a. Choose a package operation for each package. Cisco IOS XR packages can be removed from a device only if they have been deactivated. If you want to apply the same operation to all packages, choose the operation from the Use the following Operation for all Packages drop-down list in the table header, and click Apply.

b. (Optional) Check Test Only to run a test of the activation (or deactivation) procedure on the device. This will not change the real device configuration. (This is similar to using the Compatibility Check option in the rollback process.)

c. Click Next. The Package Analysis page is displayed. Check the Package Analysis page to see if analysis was successful. Click the icon in the Analysis column to get information about why the operation can or cannot proceed (it will be one of the icons listed in Table 4-1 on page 4-14). If it cannot proceed, you will not be permitted to continue. Otherwise, click Next.


Step 4 Enter the e-mail ID(s) to which to send a notification after the scheduled activation job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.



OL-26498-01

Chapter 4 Managing Software Images Committing Packages (Cisco IOS XR Only)

Step 5 Check the Commit check box to commit the packages after activation.

Note We recommend that you do not commit the package change until the device runs with its configuration for a period of time, until you are sure the change is appropriate. In that way, the change is not yet persisted across device reloads.

Step 6 Click one of the following to specify the operation mode, if you have selected two or more devices in the Select Devices page.

• In Parallel—Activates packages for all devices at the same time.

• Sequentially—Allows you to define the order of the devices to activate the packages for.

Step 7 Click Finish to schedule the activation.

Step 8 After the job completes:

• For Test Only jobs, repeat this procedure to activate the packages.

• If you activated or deactivated a Cisco IOS XR package, remember to commit your changes. However, we recommend that you do not commit the package change until the device runs with its configuration for a period of time, until you are sure the change is appropriate. In that way, the change is not yet persisted across device reloads. See Committing Packages (Cisco IOS XR Only), page 4-25.

Committing Packages (Cisco IOS XR Only)Committing a Cisco IOS XR package makes the device package configurations persist across device reloads. The commit operation also creates a rollback point on the device. See Rolling Back Cisco IOS XR Packages, page 4-26, for more information on rollback points.

Note We recommend that you do not commit package changes until the device runs with its configuration for a period of time, until you are sure the change is appropriate. In that way, the change is not yet persisted across device reloads.

Only users with Configurator privileges can commit packages. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Before You Begin

• Verify that the package to be committed is operating properly (for example, by doing a show status command).


To commit a package after it has been activated, deactivated, or rolled back:

Step 1 Choose Images > Commit.


OL-26498-01


Chapter 4 Managing Software Images Rolling Back Cisco IOS XR Packages

Step 2 Choose the network elements with the packages you want to commit. Figure 4-5 shows an example of the Package Commit page.

Figure 4-5 Package Commit Page

Step 3 Click one of the following (in the table header) to specify the commit mode:

• Commit in Parallel—Commits all changes at the same time.

• Commit Sequentially—Allows you to define the order in which the changes are committed.

Step 4 Enter the scheduling information.

Step 5 Enter the e-mail ID(s) to which to send a notification e-mail after the scheduled commit job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.


Step 6 Click Commit. By default, jobs are scheduled to run as soon as possible.

Rolling Back Cisco IOS XR PackagesRolling back a Cisco IOS XR package reverts the device packages to a previous installation state—specifically, to a package installation rollback point. If a package has been removed from a device, all rollback points associated with the package are also removed and it is no longer possible to roll back to that point.

Only users with Configurator privileges can roll back packages. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more information.

Before You Begin

• Read Special Notes on Cisco IOS XR Package Management, page 4-3, for information about managing rollback points on Cisco IOS XR devices.



OL-26498-01



To roll back a Cisco IOS XR package:

Step 1 Choose Images > Rollback. Prime Network displays all Cisco IOS XR devices. You can filter the results by using the Quick Filter option.

Step 2 Choose the network elements. Prime Network populates the rollback points for the selected device package.

Step 3 Choose a rollback ID from the Rollback ID drop-down list. The Rollback Point Details field lists the packages that were active when that ID was created. Figure 4-6 shows an example of the Rollback page with packages and rollback points selected.

Figure 4-6 Package Rollback Page with Rollback Points

Step 4 To view all of the packages associated with the rollback point, place the mouse cursor on the Rollback Point Details field; see Figure 4-7 for an example. To view the time stamp associated with the selected rollback, see the value displayed in the Time Stamp field.

Note The date and time stamps are displayed according to the local time zone settings of the client.

Figure 4-7 Packages Rollback Page with Rollback Point Details

Step 5 Click OK to close the popup window.

Note If a package has been deleted from the repository, the rollback points of the package are still displayed in the GUI. If you choose a rollback point for a deleted package, the rollback will fail. The job results popup provides information explaining why it failed.


OL-26498-01


Step 6 (Optional) Click Compatibility Check in the table header to run a test of the rollback procedure on the device. This will not change the real device configuration. (This is similar to using the Test Only option in the activation process.)

Step 7 Click Rollback or Rollback and Commit.

Note We recommend that you do not commit package changes until the device runs with its configuration for a period of time, until you are sure the change is appropriate. In that way, the change is not yet persisted across device reloads. See Committing Packages (Cisco IOS XR Only), page 4-25.

Step 8 Enter the scheduling information and the e-mail ID(s) to which to send a notification after the scheduled rollback job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Image Management Settings page.


Step 9 Click Rollback.


OL-26498-01


C H A P T E R 5
Managing Device Groups
Cisco Prime Network Change and Configuration Management supports user-defined device grouping. You can create a group with a specific set of devices, so all Configuration Management (CM) and Network Element Image Management (NEIM) operations can be performed for the devices collectively with ease.

You can perform the following activities:

• Create a new device group with the existing set of devices from the Prime Network database. See Creating a Device Group, page 5-3 for more details. You can choose to create a group of one of the following types:

– Static—Create a device group with a specific set of devices. If you wish to add new devices to the group at a later stage, you must add them manually.

– Dynamic— Create a device group with certain membership rules or conditions such that all devices satisfying the specified conditions are automatically added to the group at any stage.

• You can also create a static device group from an existing static or dynamic group. You can choose to copy all or some of the devices belonging to the existing group to the new device group. See Creating a Static Device Group from an Existing Static or Dynamic Group, page 5-6 for more details.

• Edit the device group details. See Editing the Device Group Details, page 5-6 for more details.

• Delete a device group.


Configuration management functions like backup and image management functions like image baseline, package addition, distribution, and activation use the device grouping feature. Prime Network extracts the devices from the respective groups while creating CM and image management jobs. The created job will not be updated automatically if there is a change in the group by addition or deletion of devices after job creation. You need to delete and recreate the job if there is any change in the device group after job creation. However, for configuration backup and image baseline operations, Prime Network updates the job accordingly such that, all the devices available in the group at the time of execution of the job are considered.

Note To use this feature, devices must be available in the Prime Network database.


Chapter 5 Managing Device Groups Managing User-Defined Device Groups

Managing User-Defined Device GroupsThe Device groups page allows you to view the list of user-defined device groups existing in the Prime Network database.

To view the existing user-defined device groups:

Step 1 Click the Device Groups tab. The Device Groups page appears as shown in Figure 5-1.

Figure 5-1 Device Groups Page

The Device Groups page displays the following information about each device group.

A robust filter allows you to find and display only the device groups which you are interested. You can filter the results by group name, group description, or group type. Figure 5-1 shows the Device Group page with the filter group (highlighted with a red outline.)

Step 2 Click the hyperlinked group name to view the devices mapped to the group in the Group Members page. You can view the following details.

Field Description

Group Name Name of the device group.

Group Description Description of the device group, if available.

Group Type Type of the device group, which could be one of the following:

• Static—Allows adding devices to the group manually.

• Dynamic—Allows adding devices to the group automatically based on specified membership rules.

Delete Deletes the device group when user clicks the delete icon (red X). Only users with Configurator or Administrator privileges are allowed to delete a device group. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12 for more details.


OL-26498-01


You can filter the results by device name, IP address, or element type.

Step 3 Click OK to close the Group Members page and return to the Device Groups page.

Creating a Device Group

You can create a device group of one of the following types:

• Static—You can create a device group with a specific set of devices. If you wish to add new devices to the group at a later stage, you must add them manually.

• Dynamic—You can create a device group with certain membership rules or conditions. All devices satisfying the specified conditions are automatically added to the group at any stage.

To create a new device group:

Step 1 In the Device Groups page, click Create.

Step 2 In the Name field, enter a name for the device group. The group name entered must be unique.

Note You cannot use the reserved names adminGroup and ROOT-DOMAIN as device group names.

Step 3 In the Description field, enter a description for the device group. See Using Special Characters in the GUI Fields, page 1-15 for more information on valid characters for the device group name and description.

Step 4 In the Membership Update drop-down list box, choose one of the following options:

• Static—To create a device group with a specific set of devices.

• Dynamic—To create a device group with certain membership rules or conditions, such that devices satisfying the specified conditions are automatically added to the group.

Step 5 (For dynamic groups only) Set up a membership rule to indicate which devices must be added to the group. Figure 5-2 shows an example of the Create Device Group page for creating a dynamic group.

Field Description

Status The status of the device represented by status icons. Indicates whether the device is in operational or non-operational state. See Table 5-1 for more information on the status icons. Click the device hyperlink and open the device properties popup to see details about the device.

Device Device name.

Click the device name hyperlink to open a popup that displays device properties. For Cisco IOS XR devices, the device properties also include current active packages on the device.


IP Address The IP address used for managing the device.

Element Type The device type with the name of the manufacturer, for example Cisco 7200.


OL-26498-01




Figure 5-2 Creating a Dynamic Device Group

You can set up membership rules with parameters such as device name, range of device IP addresses, and the device element type. You can choose to include any one or a combination of these parameters in the rule by using the And/Or operator. You can configure the membership rules as explained in the example below.

a. Choose an operator (for example, equals) against Device Name and enter the device name in the text box. For example:

Device Name equals 1800

b. Against the IP Address between field, enter the range of device IP addresses and choose IPv4 or IPv6 to indicate the address type. For example:

IP Address between 10.77.214.107 And 10.77.214.171 IPv4

c. Choose an operator (for example, equals) against Element Type and enter the device element type in the text box. For example:

Element Type equals Cisco 1801

Note You can choose to include any one or a combination of these parameters in the rule by using the And/Or operator. Also, you can provide multiple values for the Device Name and Element Type parameters as a comma-separated list, if required.

For static device groups, in the Group Members section, under the Available Devices list, Prime Network lists all the devices that are available in the database. You can filter the results by device name, IP address, or element type. Figure 5-3 shows an example of the Create Device Group page for creating a static group.


OL-26498-01


Figure 5-3 Creating a Static Device Group

The following symbols are used in the Group Members section.

Step 6 (For static device groups only) Select the required devices from the Available devices list and click the Add icon to move the selected devices to the Selected Devices list.

Note To remove devices from the Selected Devices list, click the Remove icon. The removed devices will then appear in the Available Devices list.

Step 7 Click OK to save the device group details and return to the Device Groups page. Click the hyperlinked group name in the Device Groups page, to view the devices mapped to the selected group. See Managing User-Defined Device Groups, page 5-2 for more details.

Step 8 Click Cancel to return to the Device Groups page without saving the details.

Table 5-1 Status Icons

Symbol Description

Device is in operational state.

Device is not in operational state. Most likely the device is in the Maintenance investigation state or the Unreachable communication state. Click the device hyperlink and open the device properties popup to see details about the device.


OL-26498-01


Creating a Static Device Group from an Existing Static or Dynamic Group

To create a static device group from an existing dynamic or static group:

Step 1 In the Device Groups page, click Create.

Step 2 In the Name field, enter a name for the new device group. The group name entered must be unique.

Step 3 In the Description field, enter a description for the device group.

Step 4 In the Group Members section, click Show All Groups. Prime Network lists all the static and dynamic device groups that are available in the database. You can filter the results by group name and description.

Step 5 Click the Add icon. All devices belonging to the selected device group are displayed in the Selected Devices list.

Note To remove any devices from the Selected Devices list, click the Remove icon.

Step 6 Click OK to save the device group details and return to the Device Groups page.


Editing the Device Group Details

You can perform the following to edit an existing device group:

• Modify the description of the device group.

• (For static groups only) Add a new device to the group or remove an existing device from the group.

• (For dynamic groups only) Modify the membership rules to update the devices mapped to the group.

Only users with Configurator or Administrator privileges can edit the device group details. See User Authentication and Authorization (Access Roles and Device Scopes), page 7-12, for more details.

To edit the details of a device group:

Step 1 In the Device Groups page, select a device group and click Edit.

The selected device group details are displayed in the Edit Group page. You cannot modify the name of the device group.

Step 2 Modify the description of the device group, if required.

Step 3 (For dynamic device groups only) Modify the membership rules, if required, to update the devices mapped to the group.

Step 4 (For static device groups only) You can select any new devices from the Available Devices list and add them to the Selected Devices list; or, you can remove any devices from the Selected Devices list.

Step 5 Click OK to save the device group details and return to the Device Groups page.



OL-26498-01


C H A P T E R 6
Managing Change and Configuration Management Jobs
Use the Jobs page to manage jobs you created from the Images or Configuration page. Users with Configurator privileges can perform all job management functions.

When a job is created, Cisco Prime Network assigns it a job specification ID and attaches a time stamp, indicating when the job was created. Prime Network redirects you to the Jobs page whenever a CM or image management job is scheduled to run immediately. You can view the details of the new job here. However, if a job involves more than 1000 devices, you must refresh the Jobs page after some time to view the details of the new job.

Each job spec ID can have jobs or tasks that run periodically for a single configuration or image management operation. You can view the details of the successful tasks, unsuccessful tasks, and any scheduled (pending) tasks for each job specification in the Job Information page. However, if a job specification involves more than 300 devices, the Job Information page does not display the scheduled (pending) tasks; only successful and unsuccessful tasks are displayed.

Prime Network also facilitates automatic e-mail notification of the status of the CM and NEIM jobs upon completion based on the e-mail option you set up in the configuration and image management settings. The notification is sent to a list of e-mail IDs configured either in the settings page or while scheduling the job. For more details, see Configuring Global Settings for Image and Package Management, page 7-7.

A job cannot be edited; to change it, you must delete the old job and create a new one. Jobs are persisted even if the gateway is restarted.

Messages that can be used for debugging are saved in PRIME_NETWORK_HOME/XMP_Platform/logs/JobManager.log.

The following table explains the fields that are shown in job tables. From the Jobs page, you can also reschedule, suspend, resume, cancel, and delete jobs.

Field Description

Owner User who created the job. Only the user who created the job, or a user with Administrator privileges, can suspend, resume, cancel, or delete the job.

Job SpecID Job specification ID created for the configuration and image management job. Each job spec ID can have jobs that run periodically for a single configuration or image management operation.

Type Type of the configuration or image management job (for example, ConfigMgmt-ArchivePurge, ConfigMgmt-Restore).


Chapter 6 Managing Change and Configuration Management Jobs

Job Status Status of the job specification:

• Scheduled—If any job is scheduled to run at a future time for the spec ID.

• Running—If any job is running for the spec ID.

• Suspended—After completing the current job, future jobs will be suspended for the spec ID.

• Cancelled—The job spec was canceled from any future invocations (terminal state). Normally, jobs in this state are deleted from the display.

• Completed—All the jobs are completed for the spec ID and will no longer run.

• Aborted—The job is aborted.

Last Run Status

Status of the last run job for the spec ID:

• Running—If a job is currently running for the spec ID.

• Completed—If a job is completed and there is no job currently running for the spec ID.

• N/A—If no job is currently running or completed for the spec ID, so no data is available.

Last Run Results

The result of the last run job for the spec ID:

• Success—The job has successfully completed.

• Partial Success—Only parts of the job successfully completed.

• Failure—The job failed.

• N/A—The job has not yet run, so no data is available.

You can click on the result hyperlink to view the job information in detail.

Note If you encounter any script error on clicking the hyperlink, clear the browser history, open the page again, and then click on the hyperlink.

Next Run Start Time

The time at which the next job is scheduled for the spec ID. The time stamp is displayed according to the local time zone settings of the client.

Displays N/A if no jobs are scheduled for the spec ID.

Last Run Start Time

The time at which the last job started for the spec ID. The time stamp is displayed according to the local time zone settings of the client.

Last Run Completion Time

The time at which the last job completed for the spec ID (if job has not yet run, this field is blank.) The time stamp is displayed according to the local time zone settings of the client.

Action Click the hyperlinked ShowAllRuns to view the jobs that are completed for the spec ID.

Displays N/A if no jobs are completed for the spec ID.

Comments Comments entered by the job creator.

Field Description


OL-26498-01


You can perform the following actions by selecting a job and clicking one of the following buttons:

Note You cannot suspend or cancel running jobs. You must let them complete.

• Suspend—Stops all future instances of a scheduled job. This is normally used to temporarily stop future instances of a job.

• Resume—Restarts a suspended job.

• Reschedule—Change the settings for a scheduled job.

• Cancel—Stops all future instances of a scheduled job. This is normally used to permanently stop future instances of a job. You can then delete the job from the GUI.

• Delete—Deletes a failed or completed job instance from the GUI display.

• Refresh—Refreshes the Jobs page.


OL-26498-01



OL-26498-01


C H A P T E R 7
Change and Configuration Management Administration
These topics provide administrative information on Change and Configuration Management:

• Configuring Global Settings for Configuration Management, page 7-1—How to use the Configuration Management Settings page to specify when configurations should be collected, when they should be purged, commands to exclude from comparisons, and other global settings.

• Configuring Global Settings for Image and Package Management, page 7-7—How to use the Image Management Settings page to specify the default transfer protocol, staging and storing locations, and credentials for accessing a vendor website.

• Administration and Security, page 7-11—How Change and Configuration Management ensures communication security, authenticates and authorizes users, where log files for debugging purposes are located, and so forth.

You should also make sure you have properly set up Change and Configuration Management by reading Setup Tasks to Perform Before Using Change and Configuration Management, page 1-6.

Configuring Global Settings for Configuration ManagementThese topics explain how to configure:

• Export settings to use when a user wants to export a configuration file to another server.

• Purging policies for change logs and configuration files in the archive. When Prime Network purges the configuration archive, it follows the policies that are defined on this page. These policies are applied to all types of configurations (admin, startup, and running). Configurations that are marked “do not purge” are never purged, regardless of the purging policies. By default, five versions of each file type are retained.

• Global settings including default transport protocol, config sync, export, and backup options, default restore mode, and e-mail settings. If you plan to use event-triggered archiving, you should also make sure that logging is properly configured on devices, as specified in Setup Tasks to Perform Before Using Change and Configuration Management, page 1-6.

• Exclude commands that Prime Network should ignore when comparing configurations.

Figure 7-1 shows the Configuration Management Settings page. You can open this page by choosing Configurations > Settings. The red text indicates changes that were made but have not been saved.


Chapter 7 Change and Configuration Management Administration Configuring Global Settings for Configuration Management

Figure 7-1 Configuration Management Settings Page

Export Settings

The Export Settings in Table 7-1 specify the defaults that Prime Network should use when a user exports a file to another server. Files can be exported from the Archives page; see Exporting Configuration Files, page 3-14.

Table 7-1 Export Settings for Configuration Management

Field Description

Server Name DNS-resolvable server name.

Note Change and Configuration Management supports export servers with IPv4 or IPv6 address.

Location The full pathname of the directory to which Prime Network should copy the file on the server specified in the Server Name field.

Username The login username that Prime Network should use when connecting to the server specified in the Server Name field.

Password The login password that Prime Network should use when connecting to the server specified in the Server Name field.

Export Protocol Default export protocol that Prime Network should use when exporting configuration files to another server. The choices are FTP and SFTP. The default is FTP.

You can override this protocol while scheduling an export job, if required.


OL-26498-01


Archive Purge Settings

The Archive Purge Settings in Table 7-2 control when Prime Network should delete files from the CM archive. These settings apply to all types of configuration files (startup, running, and admin). Configurations that are marked “do not purge” are never purged, regardless of the purging policies.

A file that exceeds the allowed age will not be purged if doing so would bring the number of versions below the minimum versions. In other words, if the minimum number of versions that must be in the archive is two, Change and Configuration Management will not purge the file even if one of the versions exceeds the allowed age.

Note Make sure that the configuration change detection schedule does not conflict with purging, since both processes are database-intensive.

Configuration Change Purge Settings

The Configuration Change Purge setting in Table 7-3 controls when configuration Change Logs should be purged from the Prime Network database. These logs contain the configuration changes displayed on the Dashboard and on the Configuration Change Logs page.

Global Settings

The Global Settings in Table 7-4 control the following:

• Default transport protocol

• When Prime Network should retrieve configuration files from devices and copy them (back them up) to the archive

• When Prime Network should export archived configurations to an export server

• Mode of restoring configuration files to devices

Table 7-2 Archive Purge Settings for Configuration Management

Field Description

Minimum Versions to Retain

The minimum number of versions of each configuration that should be retained in the archive. The default is two. This prevents a user from deleting a configuration file if there are only two versions in the archive.

Maximum Versions to Retain

The maximum number of versions of each configuration that Prime Network should retain. The oldest configuration is purged when the maximum number is reached. The default is five. Configurations marked “Do Not Purge” are not included when calculating this number.

Minimum Age to Purge

The age (in days) at which configurations should be purged. The permitted range is 5-360. Prime Network does not purge configuration files unless there are more than two versions of the files in the archive.

Table 7-3 Configuration Change Purge Settings for Configuration Management

Field Description

Purge Change Logs after

The age (in days) at which configuration change notifications that are sent by devices should be purged. The default is 30 days.


OL-26498-01


• E-mail IDs to which to send a notification after a scheduled configuration management job is complete

By default, none of the following settings are enabled.

Note The settings you enter here do not affect the manual backups you can perform by choosing Configurations > Backup. The backups you perform from that page and the backups you configure on this Settings page are completely independent of each other.

Table 7-4 Global Settings for Configuration Management

Field Description

Transport Protocol Global Settings

Transport Protocol Default transport protocol that Prime Network should use when copying configuration files to and from a device. The choices are TFTP, SCP/SFTP, or FTP. The default is TFTP.

Configuration Backup Global Settings

Enable Periodic Config Backup (72Hours)

Detect ongoing configuration changes by performing a periodic collection of device information. Use this method if configurations change frequently and those changes are not important to you. When a change is detected, CM backs the new file to the archive immediately. By default, this is not enabled.

Note This CM collection is independent of the Prime Network inventory collection.

Enable Periodic Sync for Out of Sync Devices (24Hours)

(For Cisco IOS only) Enables automatic synchronization of the out-of-sync devices on a periodic basis. Prime Network adds a device to the list of out-of-sync devices whenever the latest version of the startup configuration is not in sync with the latest version of the running configuration file on the device.

Enable Periodic Config Export

Allows CM to export archived configurations periodically to the export server. You can set up an interval in the range of 1 - 100 hours to export the archived configurations. The default value for export interval is 24 hours.

If there are no configuration changes i.e. if the archived configuration is available in the export server, the periodic export job is skipped.


OL-26498-01


Enable Initial Config Syncup

Allows CM to fetch the configuration files from the network devices and archive it whenever a new device is added to Prime Network. If this setting is enabled:

• CM performs the configuration file fetch operation whenever the Prime Network gateway is restarted.

• The Disable Initial Config Syncup on Restart check box is enabled by default to prevent network device performance issues on subsequent Prime Network gateway restarts.

To preserve this setting such that CM fetches the configuration files from network devices on Prime Network gateway restarts, you must uncheck the Disable Initial Config Syncup on Restart check box after enabling the Enable Initial Config Syncup option.

Note The “sync up” described here pertains to making sure the archive correctly reflects the network device configurations. This is different from the CM Synchronize operation, where devices are checked to make sure their running and startup configurations are the same.

This “sync up” is required in order for Prime Network to populate the Configuration Sync Status dashlet (on the dashboard).

Disable Initial Config Syncup on Restart

Check the check box to set Enable Initial Config Syncup to its default setting (not enabled) if Prime Network restarts.

Enable Event-Triggered Config Archive

Detect ongoing configuration changes by monitoring device configuration change notifications. This setting also controls whether Prime Network populates the Configuration Changes in the Last Week and the Most Recent Configuration Changes dashlets (on the dashboard).

Use this method if you consider every configuration file change to be significant. When a notification is received, CM backs up the new running configuration file to the archive using one of the following methods.

Note If you are using event-triggered archiving, you should also make sure that exclude commands are properly configured. Exclude commands are commands that Prime Network ignores when comparing configurations, and they are controlled from the Settings page. Using this mechanism eliminates unnecessary file backups to the archive. This is addressed in Exclude Commands, page 7-6.

Sync archive on each configuration change

Upon receiving a change notification from a device, immediately backs up the device configuration file to the archive.

Sync archives with changed configurations every ___ hours and ___ minutes

Upon receiving a change notification from a device, queue the changes and backs up the device configuration files according to the specified schedule.

Table 7-4 Global Settings for Configuration Management (continued)

Field Description


OL-26498-01


Exclude Commands

The Exclude Commands specify any commands that Prime Network should ignore when comparing device configurations files of any type. Exclude commands are inherited; in other words, if three exclude commands are specified for Cisco routers, all devices is any of the Cisco router families will exclude those three commands when comparing configuration files.

Caution Exclude commands configured for a device family (such as Cisco 7200 Routers) will be applied to all device types in that family (Cisco 7201, Cisco 7204, Cisco 7204VXR, and so forth).

When you are working in the Exclude Commands GUI, your current selection will be highlighted in green. All exclude commands applied to that selection will be listed below the device selector. For example, in Figure 7-1, a Cisco 7201 router is selected. When Prime Network compares the router

Restore Mode Choose from one of the following options to specify the mode of restoring configuration files to devices:

• Overwrite—Prime Network overwrites the existing configuration on the device with the file you selected from the archive. Check the Use Merge on Failure check box to restore configuration files in Merge mode, if Overwrite mode fails.

• Merge—Prime Network merges the existing running or startup configuration on the device with the configuration present in the version you selected from the archive.

SMTP Host SMTP server to use for sending e-mail notifications on the status of configuration management jobs to users.

If an SMTP host is configured in the Image Management Settings page, the same value will be displayed here by default. You can modify it, if required.

E-mail Id(s) E-mail addresses of users to send a notification to after the scheduled job is complete. For two or more users, enter a comma-separated list of e-mail IDs. For example:

[email protected],[email protected]

The e-mail IDs configured here will appear by default while scheduling the configuration management jobs. However, you can add/modify the e-mail IDs then.

SMTP Port SMTP port ID to connect to the host server. The default port is 25.

Email Option Choose from the following options to specify when you want to send an e-mail notification for CM jobs:




The selected option will appear by default while scheduling CM jobs. However, you can modify the option then.

Table 7-4 Global Settings for Configuration Management (continued)

Field Description


OL-26498-01

Chapter 7 Change and Configuration Management Administration Configuring Global Settings for Image and Package Management

configuration files, it will exclude all of the commands listed in the Device Commands field. If a series is selected (example, Cisco 7200 Series), the commands listed in the Series Commands field will be excluded and so on.

The following procedure describes how to configure exclude commands.

Step 1 Choose Configurations > Settings.

Step 2 In the Exclude Commands area, navigate and choose one of the following (your selection is highlighted in green):

• A device category

• A device series

• A device type

Step 3 Enter a comma-separated list of commands you want to exclude when comparing configuration files for that device category, series, or type. You can also edit an existing list of commands.

Your entries change to red until they are saved, and all affected device types, series, or categories are indicated in bold font.

Step 4 If you want a device type to ignore the parent commands (that is, the series and category commands), check the Ignore Above check box.

Step 5 Click Save to save your changes.

Configuring Global Settings for Image and Package Management

These topics explain how to configure:

• Transfer Protocol, page 7-8

• Flash Properties, page 7-8

• Warm Upgrade, page 7-8

• File Locations, page 7-9

• External Server Details, page 7-9

• E-mail Settings, page 7-10

• Proxy Settings, page 7-10

• Vendor Credentials, page 7-10

Figure 7-2 shows an example of the Image Management Settings page. You can open this page by choosing Images > Settings.


OL-26498-01


Figure 7-2 Image Management Settings Page

Transfer Protocol

The default transfer protocol that Change and Configuration Management should use when copying images to and from a device. Supported protocols are:

• TFTP (unsecured)

• SFTP/SCP (secured; Cisco IOS XR devices use SFTP, and Cisco IOS devices use SCP)

• FTP (unsecured)

You can override this protocol when creating a distribution job (for example, if you know that a device does not support the default protocol).

Flash Properties

You can clear the disk space on a storage location before distributing the image or package if there is insufficient memory in the storage device. Check the Clear Flash check box to free the flash memory space for distribution of images or packages.

Warm Upgrade

Cisco Prime Change and Configuration Management provides a warm upgrade facility for Cisco IOS devices, by which one Cisco IOS image can read in and decompress another Cisco IOS image and transfer control to this new image. This functionality reduces the downtime of a device during planned Cisco IOS software upgrades or downgrades. For more information on the warm upgrade feature, see Warm Upgrade (For Cisco IOS only), page 1-3.

If you select this check box, the warm upgrade option is enabled by default for distribution and activation of Cisco IOS images. However, you can override this option while scheduling the distribution and activation jobs.


OL-26498-01


File Locations

The File Locations settings specify the directories where images are stored when they are being imported into the Prime Network image repository, or when they are being transferred out of the repository to devices.

If you are creating a new directory, make sure the directory is empty and has the proper permissions (read, write, and execute permissions for users).

The entries must be full pathnames. In the following default locations, PRIME_NETWORK_HOME is the Prime Network installation directory, normally /export/home/network-user; where network-user is the operating system user for the Prime Network application and an example of network-user is network39.

External Server Details

You can set up the details of an external server from which you can import images to the Prime Network image repository.

Field Description Default Location

Staging Directory

Location where images from the Prime Network image repository are placed before transferring them out to devices.

PRIME_NETWORK_HOME/NCCMComponents/NEIM/staging/

Storing Directory

Location where images from an outside source are placed before importing them into the Prime Network image repository (from Cisco.com, from existing devices, or from another file system).

PRIME_NETWORK_HOME/NCCMComponents/NEIM/images/

Field Description

Server Name IP address of the external server.

Note Change and Configuration Management supports external servers with IPv4 or IPv6 address.

Image Location Path where the image is located on the server.

User Name Username to access the external server.

Password Password to access the external server.

SSH Port SSH port ID to connect to the server.


OL-26498-01


E-mail Settings

You can set up the SMTP server and e-mail IDs to send automatic e-mail notifications regarding the status of image management jobs to users.

Proxy Settings

You can set up the proxy server details to use while importing images to the archive from Cisco.com.

Vendor Credentials

The Vendor Credentials settings specify the usernames and passwords that can be used to download images from Cisco.com. (See the procedure described in Obtaining Cisco.com Login Privileges, page 7-11).

• To add a new user, click Add and enter the username and password. (Cisco is the only supported vendor in this release.) The username and password must match those for the Cisco.com account.

• To change the username and password, click Edit and enter the new username and password. The new username and password must match those for the Cisco.com account.

• To delete a user, click the delete icon (red X) next to the username.

Click Save.

Field Description

SMTP Host SMTP server to use for sending e-mail notifications on the status of image management jobs to users.

If an SMTP host is configured in the Configuration Management Settings page, the same value will be displayed here by default. You can modify it, if required.

E-mail Id(s) E-mail address of the user to send a notification to after the scheduled job is complete. For two or more users, enter a comma-separated list of e-mail addresses. For example:

[email protected],[email protected]

The e-mail IDs configured here will appear by default while scheduling the image management jobs. However, you can add/modify the e-mail IDs then.

SMTP Port SMTP port ID to connect to the host server. The default port is 25.

Email Option Choose from the following options to specify when you want to send an e-mail notification for NEIM jobs:




The selected option will appear by default while scheduling NEIM jobs. However, you can modify the option then.

Field Description

HTTP Proxy HTTP proxy server to use for downloading images from Cisco.com.

Port The port address to use for downloading images from Cisco.com.


OL-26498-01

Chapter 7 Change and Configuration Management Administration Administration and Security

Obtaining Cisco.com Login Privileges

Login privileges are required for all Images operations that access Cisco.com. To get access, you must have a Cisco.com account. If you do not have a user account and password on Cisco.com, contact your channel partner or enter a request on the main Cisco website.

You can register by going to the following URL:

http://tools.cisco.com/RPF/register/register.do

To download cryptographic images from Cisco.com, you must have a Cisco.com account with cryptographic access.

To obtain the eligibility for downloading strong encryption software images:

Step 1 Go to the following URL:

http://tools.cisco.com/legal/k9/controller/do/k9Check.x?eind=Y&return_url=http://www.cisco.com

Step 2 Enter your Cisco.com username and password, and click Log In.

Step 3 Follow the instructions provided on the page and update the user details.

Step 4 Click Accept to submit the form.

Step 5 To verify whether you have obtained the eligibility to download encrypted software:

a. Go to the following URL:


b. Enter your username and password, and click Log In.

The following confirmation message is displayed:

You have been registered for download of Encrypted Software.

Administration and SecurityThese topics address the administration and security aspects of Change and Configuration Management.

Database Information

All device configuration files and repository images are kept in the Prime Network database. Device configuration files are stored in readable format (as received from the device). Software images are stored in binary format.

Change and Configuration Management data is stored in the network-user_xmp schema (where network-user is the operating system user for the Prime Network application when it is installed; and an example of network-user is network39). For information on how to change the database password, see the Cisco Prime Network 3.9 Administrator Guide.

Change and Configuration Management can be installed on a Prime Network installation that uses an encrypted connection to the database, but the connection used by Change and Configuration Management will not be encrypted.


OL-26498-01

http://tools.cisco.com/RPF/register/register.do





Communication Security

Figure 7-3 provides a simplified illustration of the methods and protocols that Prime Network, Change and Configuration Management, and devices use to communicate with each other. (For information on the Prime Network communication architecture, see the Cisco Prime Network 3.9 Administrator Guide.)

Figure 7-3 Communication Security in Change and Configuration Management

Caution FTP is not a secure mode of transfer. Use SCP/SFTP instead, for secure config and image transfers.

User Authentication and Authorization (Access Roles and Device Scopes)

Change and Configuration Management performs user authentication and authorization using the methods and rules configured on the Prime Network gateway.

• User authentication can be controlled locally (by Prime Network) or externally by an LDAP application. Change and Configuration Management will use the method as it is configured on the gateway.

• User authorization is managed according to the user access roles and device scopes that were assigned to the user when the user account was created on the Prime Network gateway. The user access role determines the actions the user can perform in the Change and Configuration Management GUI. The device scope determines which devices the user can access and manage.

A user can have different access roles: one that controls the GUI-based operations they are allowed to perform, and another that controls the devices they can view and to what degree they can manage those devices. The first is configured when user accounts are created and is called the user access role. The second is configured when a device scope is assigned to the user account.

Change and Configuration

Management Web Client

HTTP/HTTPS

Change and Configuration Management (AVM 77)

AVM 11

Prime NetworkGateway Server

AVMs

Unit Servers

SCP/SFTPFTP/TFTP

BQL

28

36

28

Devices

SCP


OL-26498-01



Here is an example:

• A user may have the OperatorPlus access role which controls all GUI functions they can perform. The user would be prevented from configuring the export directory for configuration files because that function requires the Configurator access role. (Note that this function does not perform anything on a specific device.)

• The user may have the Configurator role for the device scopes that are assigned to them. That controls all device-based functions the user can perform. If the user wanted to distribute a software image to a device in their scope, they would be permitted to do so.

Note The name of the current user is displayed at the top right of the Change and Configuration Management GUI window. See Basics of the Change and Configuration Management GUI, page 1-13, for an example.

Note If authentication fails, check the status of AVM 77 (XMP runtime DM) and Prime Network using Cisco Prime Network Administration. Cisco Prime Network Administration displays AVM 77 only when Change and Configuration Management is installed. For information on how to use Cisco Prime Network Administration, see the Cisco Prime Network 3.9 Administrator Guide.

The GUI-based functions and required roles are listed in Table 7-5. Note that these functions do not perform any actions on devices.

Table 7-5 GUI-Based Access Roles Required to Use Change and Configuration Management

Function Viewer Operator OperatorPlus Configurator Administrator

Dashboard

Access top families X X X X X


Delete files from archive 1 X X

Add, change, delete archive file labels1

X X

Add change, delete archive file comments1

X X

Export files from archive1 X X

Image Management

View images in repository X X X X X

Add images to repository X X

Delete images from repository X X

Global Tasks

View jobs X X X X X

Administer jobs (suspend, delete, and so forth)

X X

Change settings X X


Create device groups X X X X X


OL-26498-01



Table 7-6 lists all of the Change and Configuration Management functions that are that filtered to only show devices in the device scope of a user, along with the role required to perform any functions on those devices.

Edit device group details X X

Delete device groups X X

1. Configuration files are filtered according to the device scope of a user.

Table 7-5 GUI-Based Access Roles Required to Use Change and Configuration Management

Function Viewer Operator OperatorPlus Configurator Administrator

Table 7-6 Device Scope-Based Roles Required to Use Change and Configuration Management

Function Viewer Operator Operator Plus Configurator Administrator

Dashboard

Access configuration sync status1

1. Although users can view configuration files for devices in their scopes, the actions they can perform on those configuration files are controlled by the GUI-based access roles in Table 7-5.

X X X X X

Access configuration changes in the last week1

X X X X X

Access most recent configuration changes1

X X X X X


View files in archive1 X X X X X

Compare files in archive X X X X X

Synchronize configurations X X

Back up (copy) files from devices to archive

X X X

Restore files from archive to devices

X X

Edit configuration files before restoring them to devices

X X

View configuration change logs X X X X X

Image Management

Distribute images X X

Activate and deactivate images X X

Commit image changes X X

Rollback images X X


Create device groups X X

Edit device group details X X

Delete device groups X X


OL-26498-01


For information on how Prime Network performs user authentication and authorization, including an explanation of user access roles and device scopes, see the Cisco Prime Network 3.9 Administrator Guide.

Data Purging

To maintain system stability, CM data is purged according to the settings you specify in the Configuration Management Settings page. All other data are purged using to the Prime Network settings and schedule. For information on how Prime Network performs data purging, see the Cisco Prime Network 3.9 Administrator Guide.

Checking, Stopping, and Restarting the Change and Configuration Management Processes

Change and Configuration Management runs on AVM 77. To check, start, stop, or restart the process, use the following commands:

dmctl statusdmctl startdmctl stopdmctl restart

Log Files

Table 7-7 provides a list of the Change and Configuration Management log files which contain messages that can be used for debugging. PRIME_NETWORK_HOME is the installation directory (normally /export/home/network-user; where network-user is the operating system user for the Prime Network application and an example of network-user is network39).

Log files are archived and purged according to the settings on the Prime Network gateway. For more information, see the Cisco Prime Network 3.9 Administrator Guide.

Table 7-7 Change and Configuration Management Log Files

Log File Description

PRIME_NETWORK_HOME/Main/logs/77.log Manages Change and Configuration Management processes in Prime Network

PRIME_NETWORK_HOME/XMP_Platform/logs/ConfigArchive.log

CM activities log file

PRIME_NETWORK_HOME/XMP_Platform/logs/JobManager.log

Job Manager activities log file

PRIME_NETWORK_HOME/XMP_Platform/logs/NEIM.log

NEIM log file

PRIME_NETWORK_HOME/XMP_Platform/logs/NccmGUI.log

Change and Configuration Management GUI log file


OL-26498-01







OL-26498-01

Cisco Prime Network 3.9 Change and ConfigurationOL-26498-01

A
P P E N D I X A Supported Devices for Change and Configuration Management
The following table identifies the device series and software that were validated for Cisco Prime Network Change and Configuration Management.

Table A-1 Device Series and Software Validated for Change and Configuration Management

Device Series Software Release Software Version Version

Cisco 800 Series Routers Cisco IOS 12.3, Cisco IOS 15.1

Cisco IOS 12.3.2-XA7, Cisco IOS 15.1.3-T

Cisco ANA 3.7.2

Cisco 1700 Series Routers Cisco IOS 12.3T, Cisco IOS 12.4

Cisco IOS 12.3.14-T7, Cisco IOS 12.4.25-d

Cisco ANA 3.7.2

Cisco 1800 Series Routers Cisco IOS 12.4T, Cisco IOS 15.1T

Cisco IOS 12.4.9-T, Cisco IOS 15.1.1-T1

Cisco ANA 3.7.2

Cisco 2500 device series Cisco IOS 12.3 Cisco IOS 12.3.26 Cisco ANA 3.7.2

Cisco 2600 Series Multiservice Platform Routers Cisco IOS 12.3 Cisco IOS 12.3-16a, Cisco IOS 12.3.26

Cisco ANA 3.7.2

Cisco 2800 Series Integrated Services Routers Cisco IOS 12.3T, Cisco IOS 15.1T

Cisco IOS 12.3.14-YT1, Cisco IOS 15.1.2_T1

Cisco ANA 3.7.2

Cisco 2900 Series Integrated Services Routers Cisco IOS 15.1T Cisco IOS 15.1(3)T Cisco ANA 3.7.2

Cisco 3700 Series Multiservice Access Routers Cisco IOS 12.4T Cisco IOS 12.4.9-T7 Cisco ANA 3.7.2

Cisco 3900 Series Integrated Services Routers Cisco IOS 15.1T Cisco IOS 15.1(3)T Cisco ANA 3.7.2

Cisco 3800 Series Integrated Services Routers Cisco IOS 12.4T Cisco IOS 12.4(24)T1 Cisco ANA 3.7.1

Cisco 7200 Series Routers Cisco IOS 12.4T Cisco IOS 12.4(24)T Cisco ANA 3.7.1

Cisco 7300 device series Cisco IOS 12.2SB Cisco IOS 12.2.33-SB8a Cisco ANA 3.7.2

A-1 Management User and Administrator Guide

Appendix A Supported Devices for Change and Configuration Management

Cisco 7600 Series Routers1 Cisco IOS 12.2SX, Cisco IOS 12.2SR

Cisco IOS 12.2(18)SXF16, Cisco IOS 12.2(33)SRD4

Cisco ANA 3.7.1

Cisco IOS 15.0S Cisco IOS 15.0(1)S1 Cisco ANA 3.7.1

Cisco 7600 Series Routers with Application Control Engine (ACE)2

(ACE10-6500-K9 and ACE30-MOD-K9)

A2(3.4) A2(3.4) Prime Network 3.8

Cisco 10000 Series Routers3 Cisco IOS 12.2SB, Cisco IOS 15.0S

Cisco IOS 12.2.33-SB8a, Cisco IOS 12.2.31-SB9, Cisco IOS 15.0(1)S

Cisco ANA 3.7.1.1

Cisco 12000 Series Routers (IOS) Cisco IOS 12.0S Cisco IOS 12.0.32-SY4 Cisco ANA 3.7.1.1

Cisco Adaptive Security Appliance (ASA) 5550 Series4

Cisco Adaptive Security Appliance Software version 8.4.1

8.4.1 Cisco ANA 3.7.3

Cisco ASA 5580 Series4 Cisco Adaptive Security Appliance Software version 8.4.1

8.4.1 Cisco ANA 3.7.3

Cisco ASR 901 Series Aggregation Services Routers5

Cisco IOS 15.1(2) Cisco IOS 15.1(2)SNG, Cisco IOS 15.1(2)SNH

Prime Network 3.8.1

Cisco ASR 903 Series Aggregation Services Routers5

Cisco IOS XE 35, Cisco IOS XE 351, Cisco IOS XE 36

Cisco IOS 15.2(1)S, Cisco IOS 15.2(1)S1, Cisco IOS 15.2(2)S

Prime Network 3.8.1

Cisco ASR 1000 Series Aggregation Services Routers

Cisco IOS XE Release 2, Cisco IOS XE Release 3, Cisco IOS XE Release 3S

Cisco IOS XE 2.6.2, Cisco IOS XE 3.2, Cisco IOS XE 3.1.0S

Cisco ANA 3.7.1

Cisco ASR 5000 Series Mobile-Gateway5 StarOS 12.2 N/A Prime Network 3.8.1

StarOS 12.3 N/A Prime Network 3.9

Cisco ASR 9000 Series Aggregation Services Routers

Cisco IOS XR Release 3 Cisco IOS XR 3.9.1, Cisco IOS XR 3.9.0

Cisco ANA 3.7.1

Cisco CRS Carrier Routing System6 Cisco IOS XR Release 4 Cisco IOS XR 4.0.0 Cisco ANA 3.7.2

Cisco CRS-1 Carrier Routing System Cisco IOS XR Release 3 Cisco IOS XR 3.6.0 Cisco ANA 3.7.1

Cisco MWR 2900 Series Mobile Wireless Routers Cisco IOS 12.2MR Cisco IOS 12.2(33)MRA Cisco ANA 3.7.1

Cisco XR 12000 Series Routers Cisco IOS XR Release 3 Cisco IOS XR 3.7.0 Cisco ANA 3.7.1

Table A-1 Device Series and Software Validated for Change and Configuration Management (continued)


A-2Cisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide

OL-26498-01


Cisco Catalyst 2900 Series Switches Cisco IOS 12.1E, Cisco IOS 15.1

Cisco IOS 12.1.22-EA6, Cisco IOS 15.1.3-T

Cisco ANA 3.7.2

Cisco Catalyst 3500XL Series Switches Cisco IOS 12.0 Cisco IOS 12.0.5-WC17 Cisco ANA 3.7.2

Cisco Catalyst 3550 Series Switches Cisco IOS 12.2SE Cisco IOS 12.2.44-SE6, Cisco IOS 12.2.53-SE2

Cisco ANA 3.7.2

Cisco Catalyst 3560 Series Switches Cisco IOS 12.2SE Cisco IOS 12.2.53-SE2, Cisco IOS 12.2.44-SE6

Cisco ANA 3.7.2

Cisco Catalyst 3750 Metro Series Switches Cisco IOS 12.2SE Cisco IOS 12.2(52)SE Cisco ANA 3.7.1

Cisco Catalyst 3750 Series Switches Cisco IOS 12.2SE Cisco IOS 12.2.55-SE Cisco ANA 3.7.2

Cisco Catalyst 4500 Series Switches Cisco IOS 12.2SG Cisco IOS 12.2(53)SG, Cisco IOS 12.2(54)SG194

Cisco ANA 3.7.1

Cisco Catalyst 4900 Series Ethernet Switch Cisco IOS 12.2SG Cisco IOS 12.2.(50)SG6, Cisco IOS 12.2(53)SG, Cisco IOS 12.2(54)SG

Cisco ANA 3.7.1.1

Cisco Catalyst 6500 Series Switches (IOS)7 Cisco IOS 12.2SX Cisco IOS 12.2(33)SXI3 Cisco ANA 3.7.1

Cisco IOS 12.2.33-SX14 Cisco ANA 3.7.1.1

Cisco ME 3400 Series Ethernet Access Switches Cisco IOS 12.2SE Cisco IOS 12.2(25)SEG3, Cisco IOS 12.2(53)SE

Cisco ANA 3.7.1

Cisco ME 3600X Ethernet Access Switches Cisco IOS 12.2EY Cisco IOS12.2(52)EY Cisco ANA 3.7.1.1

Cisco ME 3800X Carrier Ethernet Switches Cisco IOS 12.2EY Cisco IOS12.2(52)EY Cisco ANA 3.7.1.1

Cisco ME 6500 Series Ethernet Switches (cisco6524)8

Cisco IOS 12.2SX Cisco IOS 12.2.33-SX13 Cisco ANA 3.7.1.1

Cisco Nexus 5000 Series Switches Cisco NX-OS 5.0(2)N2(1) Cisco NX-OS 5.0(2)N2(1) Prime Network 3.8

Cisco Nexus 7000 Series Switches Cisco NX-OS 5.0(3) Cisco NX-OS 5.0(3) Prime Network 3.8

1. Image activation and distribution operations are not supported for Cisco 7600 Series Routers with Supervisor Engine 32 or Supervisor Engine 2.

2. You can perform certain configuration and image management operations at the module level for Cisco 7600 series routers with ACE.

3. Image activation and distribution operations are not supported for Cisco 10000 Series Routers with Performance Routing Engine 1 (PRE-1) or PRE-4.

4. These devices support configuration restore only in the merge mode.

5. You can follow the same workflow as that of the Cisco IOS devices.

6. Cisco CRS series includes Cisco CRS-1 and Cisco CRS-3 Carrier Routing Systems.

7. Image activation and distribution operations are not supported for Cisco Catalyst 6500 IOS Series Switches with Supervisor Engine 2 or Supervisor Engine 1/Multilayer Switch Feature Card1 (MSFC1).

8. Image activation and distribution operations are not supported for Cisco ME 6500 Series Ethernet Switches with Supervisor Engine 2 or Supervisor Engine 1/Multilayer Switch Feature Card1 (MSFC1).

Table A-1 Device Series and Software Validated for Change and Configuration Management (continued)



OL-26498-01



OL-26498-01


I N D E X

A

Activate (NEIM GUI) 4-1

activating images on devices (NEIM) 4-1, 4-19

Cisco IOS XR devices and 4-3

permissions 7-13, 7-14

Adding packages (NEIM) 4-11

administration

global settings 7-1

log files 7-15

overview 1-3

user access roles 7-12

user authentication and authorization 7-12

Archive (CM GUI) 3-1

AVM (Cisco Prime Network) 7-15

B

backing up files to archive (CM) 3-1, 3-16, 7-13, 7-14

default settings 7-3

Backup (CM GUI) 3-1

browsers, supported 1-9

C

Change and Configuration Management

dashboard 2-1

global settings 7-1

GUI, launching 1-9

launching the GUI 1-9

logging in 1-9

processes 7-15

change logs (CM) 3-2, 3-25, 7-13, 7-14

Change Logs (CM GUI) 3-2

Cisco.com credentials for NEIM 4-6, 7-10, 7-11

Cisco IOS XR devices

adding packages (NEIM) 4-11

committing image changes (NEIM) 4-25

logical routers and 4-3

rolling back images (NEIM) 4-26

special notes for NEIM 4-3

Cisco Prime Network

AVM 7-15

launching from 1-9

setup tasks 1-6

clear flash

image distribution 4-18

NEIM settings 7-8

CM

archive, using 3-1, 3-3, 3-6, 7-13, 7-14

backing up files to archive 3-1, 3-16, 7-3

change logs 3-2, 3-25

comparing files 3-11, 7-6

deleting files from archive 3-24

editing configuration file before restoring 3-22

exporting files 3-14, 7-2

global settings 3-2

GUI, launching 1-9

jobs 3-2, 6-1

labels and 3-7

log file 7-15


purging

change logs 7-3

configuration files 7-3

restoring files from archive to devices 3-2, 3-20

IN-1uration Management User and Administrator Guide

Index

searching for a file in archive 3-5

setup tasks 1-7

synchronizing files 3-1, 3-15

transport protocols 7-3

Commit (NEIM GUI) 4-1

committing image changes (NEIM) 4-1, 4-25, 7-13, 7-14

comparing files (CM) 3-11, 7-6, 7-13, 7-14

Configuration Changes in the Last Week (dashboard) 2-3

configuration management

overview 1-2


see also CM

Configuration Sync Status (dashboard) 2-3

D

dashboard

Configuration Changes in the Last Week 2-3

Configuration Sync Status 2-3

empty windows 2-3, 2-4

Most Recent Configuration Changes 2-4

overview 2-1

Top Families 2-2

database (Cisco Prime Network)

CM archive 3-5

NEIM repository 4-3

purging change logs (CM) 7-3

purging configuration files from archive (CM) 7-3

database connection 7-11

deactivating images on devices (NEIM) 4-19

default settings

CM

backing up files to archive 7-3

exclude commands from file comparisons 7-6

exporting files 7-2

purging change logs 7-3

purging configuration files 7-3


NEIM

IN-2Cisco Prime Network 3.9 Change and Configuration Management U

Cisco.com downloads 7-10

flash properties 7-8

staging directory 7-9

storing directory 7-9


warm upgrade 7-8

deleting files from archive (CM) 3-24

deleting images from repository (NEIM) 4-10

device support 1-5, A-1

Distribute (NEIM GUI) 4-1

distributing images to devices (NEIM) 4-1, 4-3, 4-13, 7-13, 7-14

dmctl process 7-15

E

editing configuration files (CM) 3-22

editing image attributes (NEIM) 4-10

e-mail notification

configuration settings 1-8, 7-6

image management settings 1-8, 7-9, 7-10

encrypted database 7-11

excluding commands from file comparisons (CM) 7-6

exporting files (CM) 3-14, 7-2, 7-13, 7-14

G

getting started 1-6

global settings 7-1

CM 3-2

NEIM 4-2, 7-7

GUI

access control 7-12

launching 1-9

log file 7-15

overview of 1-13

special characters 1-15

timeout 1-9

ser and Administrator GuideOL-26498-01

Index

I

image management

overview 1-2


see also NEIM

importing images into archive (NEIM) 4-5

Cisco.com credentials 7-10

from Cisco.com 4-6

proxy settings 7-10

vendor credentials settings 7-10

from devices 4-6

from external repository 4-9

from file system 4-8

J

jobs

CM 3-2, 7-13, 7-14

details 6-1

e-mail notification 1-3, 6-1

log file 7-15

managing 6-1

NEIM 4-2, 7-13, 7-14

overview 1-3

results 6-2

Jobs (CM GUI) 3-2

L

labeling files (CM) 3-7, 7-13, 7-14

launching the GUI 1-9

from Cisco Prime Network Vision 1-10

from Cisco Prime Network web server 1-12

from web browser 1-9

log files 7-15

logging into the GUI 1-9

logical routers (Cisco IOS XR) 4-3

Cisco Prime Network 3.9 Change anOL-26498-01

M

Managing device groups 5-1

Most Recent Configuration Changes (dashboard) 2-4

N

NEIM

activating images on devices 4-1, 4-19

adding packages 4-11

Cisco.com downloads 7-10

Cisco IOS XR devices and 4-3

committing image changes 4-1, 4-25

deactivating images on devices 4-19

deleting images from repository 4-10

distributing images to devices 4-1, 4-13

editing image attributes 4-10

e-mail settings 7-10

external server details 7-9

global settings 4-2, 7-7

GUI, launching 1-9

importing images 4-5

jobs 4-2, 6-1

log file 7-15


proxy settings 7-10

repository, using 4-1, 4-3

rolling back images on devices 4-2, 4-26

searching for an image 4-4

setup tasks 1-8

staging directory 7-9

storing directory 7-9


upgrade analysis and 4-13

viewing repository 7-13, 7-14

Network Element Image Management feature (Cisco Prime Network). See NEIM

IN-3d Configuration Management User and Administrator Guide

Index

P

Package Add 4-1

package management, defined 4-3

processes, checking 7-15

proxy server

importing images from Cisco.com 1-8, 7-10

purging change logs (CM) 7-3

purging configuration files (CM) 7-3

R

related documentation ii-vii

Repository (NEIM GUI) 4-1

Restore (CM GUI) 3-2

restore mode (CM) 1-7, 3-2, 7-6

merge 3-2, 7-6

overwrite 3-2, 7-6

restoring files from archive to devices (CM) 3-2, 3-20, 7-13, 7-14

editing configuration file before restoring 3-22

Rollback (NEIM GUI) 4-2

rolling back images on devices (NEIM) 4-2, 4-3, 4-26, 7-13, 7-14

routers, logical (Cisco IOS XR) 4-3

S

SDR support 1-5

security

default permissions 7-12

log files 7-15

scopes 7-12

user access roles 7-12

security certificate exception 1-9

Settings (CM GUI) 3-2

Settings (NEIM GUI) 4-2

setup tasks 1-6

Cisco Prime Network 1-6

IN-4Cisco Prime Network 3.9 Change and Configuration Management U

CM 1-7

global settings 7-1

NEIM 1-8

special characters

GUI fields 1-15

staging directory (NEIM) 7-9

storing directory (NEIM) 7-9

supported devices 1-5, A-1

Synchronize (CM GUI) 3-1

synchronizing files (CM) 3-1, 3-15, 7-13, 7-14

T

timeout 1-9

Top Families (dashboard) 2-2

transport protocols

CM 7-3

NEIM 7-8

troubleshooting 7-15

U

upgrade analysis (NEIM) 4-13

User-defined device group

create device group 5-3

create device group from another group 5-6

delete device group 5-2

edit device group 5-6

User-defined device groups


W

warm upgrade 1-3

NEIM settings 7-8

ser and Administrator GuideOL-26498-01

Documents

Cisco Prime Network 3.9 Change and Configuration ... · Cisco Prime Network 3.9 Change and Configuration Management User and Administrator Guide OL-26498-01 1 Introduction to Change