BRKNMS-2701 – How I Learned to Stop Worrying and Love Prime Infrastructure


  • Lewis Hickman, Consulting Systems Engineer
  • Jennifer Valentine, Systems Engineer

Quick survey in the room: 60-70% of attendees running PI 3.x; 10-20 PI 2.x; some still on LMS.

“There are 37 different ‘Cisco Prime’ products” — Lewis

“Cisco Prime” isn’t a product; “Cisco Prime Infrastructure” is. Cisco Prime is a family of products.

PI traces its lineage back to 1996: CWSI > Cisco Works LMS > Cisco Prime LMS > WCS > NCS > Prime Infrastructure.

“1232 SysObjIds supported in PI today” — Lewis (aka, 1232 different devices supported by PI)

Two people (only!!) in the room running Network Analysis Module.

UCS Server Assurance module: enables mgmt of UCS servers; will integrate into vCenter and map VMs to physical hosts for you. 

Operations Center: manager of managers for PI

Licensing in PI 3.x:

  • One license for Lifecycle and Assurance now
  • Different license files for different device types
  • Different device types require a specific number of “tokens”
  • When a license is installed in PI 3.x, it gets converted into the appropriate number of tokens
  • As you add devices to PI, it draws down on the number of free tokens in the pool
  • Hint: You don’t have to install the matching license file for the type of device you want to manage (eg, you can install a Cat3k license to manage an AP)
  • PI 2.x licenses can be installed in PI 3.x; only the functionality enabled by the 2.x license will be enabled (eg, only Life Cycle)

No more Flash (!!) in 3.x; HTML5 interface and tablet friendly, too.

Finding devices with discovery:

  • Import CSV, CDP discovery or add single device at a time
  • Can use different discovery methods for different places in the network
  • Use a Credential Profile to store CLI and SNMP creds so they’re reusable
  • Device Groups: static (manual) or dynamic (by policy) assignment of devices to a group


  • “Hardware Detail Report” — useful when you need a detailed inventory at Smartnet true-up time!
  • PSIRT and EoX reports: security and end of sale/life reports

Config Archives:

  • Administration > Settings > System Settings > Inventory > Configuration Archive
  • Checkbox for archiving the configs as soon as the device is added
  • Checkbox for archiving config on receiving config change events (syslog SYS-CONFIG messages); there is a hold off timer for this setting
  • Archives can also be scheduled
  • Archives are gathered when interesting things have changed; some commands are “not interesting” and will not trigger a new archive (full list in Config Archive settings, Advanced)
  • View archives by drilling into the device from Device Inventory and Configuration Archive tab
  • Supports side-by-side config diffing!
  • Will identify when startup and running-configs are not in sync

Device configuration:

  • Dozens of out of the box config templates
  • Of course, create your own from scratch
  • Or, modify an existing template and save it as a new template
  • Templates have a built-in template language (Apache Velocity); if the user didn’t specify a value for MTU, don’t try to configure an MTU on the interface
  • Templates can be confined to specific device types or specific operating systems
  • Variables within the template can have its input validated to avoid users entering bogus data (and breaking the config)
  • Templates can pull out data from the PI inventory about the device (eg, interface speed, device serial number)
  • When templates are executed, user is displayed a form and asked to fill in the boxes; then they hit go to execute the config push.

Admin > Settings > System Settings > Inventory > Configuration > Deploy CLI Thread Pool Count:

  • Default is 5
  • Means PI will deploy to 5 devices at a time
  • On beefy installations of PI, may way to raise this number

Config compliance:

  • Supports IOS, XE, XE, NX-OS, AirOS (in PI 3.1+), and ASA
  • Only supported on Pro OVA or Generation 2 appliance (PI-UCS… SKU)
  • Support for Standard OVA coming PI 3.1 Maintenance Release 1
  • Feature is disabled by default; needs to be enabled and services restarted to enable
  • Define a baseline policy; run a report to validate compliance
  • Many sample policies
  • Policy has pretty complex logic rules
  • The compliance policy can do auto remediation (unsure how smart this is, but it’s there); can run remediation on a per device or per violation basis
  • There is a 2-hour breakout on just compliance on
  • By default, the compliance check uses the archived configuration and not the on-box config; can be overridden  at time the job is launched

Fault monitoring:

  • Admin > Settings > System Settings > Alarms and Events > …
  • Customize this! –Jenn; make it suitable and tuned for your environment
  • Alarms can be cleared, ack’d, annotated, and assigned to specific users
  • “Events” are SNMP traps or syslog messages
  • “Alarms” are a roll up of 1 or more events

Client tracking:

  • Combines contextual data from WLC, ISE, and the wired network to track a device as it moves through the network
  • Integration with CMX (MSE) can enable physical location tracking of wired devices

Application performance:

  • With the Assurance license, PI can ingest NetFlow data

Topology maps:

  • Network topology!
  • Initial topology view is based on device groups; drill down to see individual devices

Software image management (SWIM):

  • Can manually upload images to PI or have PI suck images down from the device
  • Defect in PI 3.x prevents importing software images directly from; will be fixed in future PI maintenance release
  • Have PI archive all your deployed IOS images! –Lewis; don’t depend on your specific image to always be available on
  • PI does efficient image downloads from your devices; won’t download the same image over and over if it’s on multiple devices
  • Push images with scp, ftp, tftp, http

Leave a Reply

Your email address will not be published. Required fields are marked *

Would you like to subscribe to email notification of new comments? You can also subscribe without commenting.