Managing Devices and Hosts

Managing Your Device Inventory

The Device Inventory window displays the results of the discovery scan. To access the Discovery window, from the Navigation pane, click Device Inventory.

Figure 1. Device Inventory Window

Note
The information that is displayed depends on the Layout that you selected.

After the initial discovery, network devices are polled every 30 minutes. Polling occurs for each device, link, host, and interface. Only devices that have been active for less than a day are displayed. This prevents any stale device data from being displayed. On average, polling 500 devices takes approximately 20 minutes.

For information about the actions that you can perform from the Device Inventory window, see Device Inventory Tasks.

The following table describes the main elements in the Device Inventory table.

Window Element

Description

Device Selection check boxes

Allows you to select devices to perform tasks.

When you select a device, the action buttons appear above the Device Inventory table. For information about these buttons and the actions that you can perform with them, see Device Inventory Tasks.

Filters

Allows you to refine the list of devices that are displayed in the table by name, location tag, and IP address.

To remove filters, click Clear Filters.

Layout

Allows you to choose from three predefined layouts or a customized layout:

  • Status—Layout shows the device name, IP address, state of the device, how long it has been up, and the last time it was updated.

  • Hardware—Layout shows the device name, IP address, device family, platform, serial number, MAC address, and role, along with its IOS/firmware version and a link to its configuration file.

  • Tagging—Layout shows the device name, IP address, MAC address, device role, location, and tags.

  • Customize—Layout shows the information in the columns that you have selected to display.

For descriptions of the columns of information that you can display, see the Device Inventory Information table below.

Below the Device Inventory table, you can adjust the number of devices displayed in the table (10, 25, 50, 100), and you can click First, Previous, Next, Last, or the page number to navigate through the table.

Device Inventory Information

The Device Inventory table displays the following information for each discovered device. All of the columns, except the Config column, support sorting. Clicking on the column header sorts the rows in an ascending order. Clicking on the column header again sorts the rows in descending order.

For more information, see the Cisco Application Policy Infrastructure Controller Enterprise Module Configuration Guide.

Table 1. Device Inventory Information

Column Name

Description

Device Status

State of the device.

  • Connecting—Controller is connecting to the device.

  • Reachable:

    • Discovered—Controller has connected to the device and is able to execute Cisco commands using the CLI .

    • Failure—Controller has connected to the device, but is unable to execute Cisco commands using the CLI. This status usually indicates that the device is not a Cisco device.

  • Authentication Failed—Controller has connected to the device but is unable to determine what type of device it is. This device status also usually indicates that the device is not a Cisco device.

  • Unreachable—Controller is unable to connect to the device.

    Note 
    If credentials are not provided at the time a discovery request is made or earlier, then the device status could be displayed as "Not reachable." You need to perform a new discovery with the correct credentials.

Device Name

Name of the device. Click the device name to display the Device Overview dialog box with the following information:

  • Device serial number

  • Device IP address

  • MAC address

  • Cisco OS version

  • Up time

  • Product ID

  • Vendor

  • Memory size

Note 

The device name appears red for any device whose inventory has not been updated for more than 30 minutes.

The Device Overview dialog box also includes an Interfaces tab with the following interface data:

  • Status—Up or down

  • Interface name—Name of the interface.

  • MAC address—MAC address of the interface.

MAC Address

MAC address of the device.

IP Address

IP address of the device.

IOS/Firmware

Cisco IOS software currently running on the device.

Platform

Cisco product part number.

Serial Number

Cisco device serial number.

Up Time

Period of time that the device has been up and running.

Config

Click View to display detailed configuration information similar to the CLI show running-config command output.

Note 

This feature is not supported for access points and wireless LAN controllers, therefore configuration data is not returned for these device types.

Device Role

Role assigned to each discovered device during the scan process. The device role is used to identify and group devices according to their responsibilities and placement within the network. If the controller is unable to determine a device role, it sets the device role as unknown.

Note 

The controller can change the device role as the network topology changes, but if you manually change the device role, then the role will not change as the network topology changes.

If desired, you can use the drop-down list in this column to change the assigned device role. The following device roles are available:

  • Unknown

  • Access

  • Core

  • Distribution

  • Border Router

Location

Tag that you can apply to a device to denote its geographic location. By applying the same tag to several devices, you can group them based on a common attribute. The Device Inventory window and Topology window support location tags.

Use the following guidelines when creating location tags:

  • Location tag information is maintained on the controller only and not deployed to or dirived from the device itself.

  • A location defined on the controller is not the "civic-location" property that some devices support.

  • You cannot create, use, or search for location tags in the Topology window.

  • Location tags cannot be attached to hosts.

  • You can apply only one location tag to a device. However, you can use both a location tag and a device tag together.

For information about adding location tags, see Adding or Removing Location Tags.

Along with the location tag, you can add a geographical marker on a world map to a device. For information, see Adding or Changing a Location Marker.

Device Tag

Tag assigned to devices to identify them by a common attribute. For example, you can create a tag and use it to group devices based on a platform ID or Cisco IOS release.

A number in the Tag column indicates how many tags have been applied to that device.

Note 

You are permitted to use both a location tag and a device tag together.

For information about adding or removing device tags, see Adding or Removing a Device Tag in Device Inventory.

For information about deleting a tag from the controller database, see Deleting a Tag.

Policy Tag

Tag applied to a group of devices that will share the same policy.

After applying a policy tag, you need to configure the policies that will be applied to the devices with the same policy tag. For information about configuring QoS policies, see the Cisco EasyQoS Application for APIC-EM User Guide.

Last Updated Time

Date and time that the device was last scanned and the controller database was updated.

Device Family

Group of related devices, as follows:

  • Cisco Interfaces and Modules

  • Routers

  • Switches and Hubs

  • Third Party Device

  • Unsupported Cisco Device

  • Wireless Controller

Device Series

Series number of the device, for example, Cisco Catalyst 4500 Series Switches.

Last Inventory Collection Status

Status of the last discovery scan for the device:

  • Managed—Device is in a fully managed state.

  • Partial Collection Failure—Device is in a partial collected state and not all the inventory information has been collected. Move the cursor over the Information (i) icon to display additional information about the failure.

  • Unreachable—Due to device connectivity issues, the device could not be reached and no inventory information was collected. This condition can occur when periodic collection happens.

  • Wrong Credentials—If the device credentials are changed after adding the device to the inventory, this condition is noted.

  • In Progress—Inventory collection is occurring.

Device Inventory Tasks

The actions that you can perform from the Device Inventory window depend on the layout that you choose. When you select one or more devices, you can click any of the following buttons to perform the corresponding action.

Table 2. Device Inventory Buttons

Button

Action

Add Device

Allows you to discover a specific device and add it to your inventory. If authentication of the device fails due to invalid credentials, the device enters the collection failure state. For information, see Adding a Device Manually.

Set Location

Sets the location of the devices associated with a location tag on a geographical map. For information, see Adding or Changing a Location Marker.

Set Device Tags

Groups devices according to common attributes. For information, see Adding or Removing a Device Tag in Device Inventory.

Set Policy Tag

Groups devices so that you can deploy the same QoS policy to those devices at the same time. For information, see Adding or Removing a Policy Tag in Device Inventory.

Delete

Deletes the selected devices from inventory. For information, see Deleting a Device.

Update Credentials

Changes the credentials of the selected devices. In future discoveries, these credentials are used for the selected devices instead of the global or discovery job-specific credentials. For information, see Updating Device Credentials

Update Polling Interval

You can update the polling interval of selected devices. These device-specific settings override the global and job-specific settings for the selected devices. For information, see Updating a Device's Polling Interval.

Resync (Resynchronize Devices)

Immediately polls the selected device for updated device information and status. For information, see Resynchronizing Device Information.

Command Runner

Sends CLI commands to the selected devices using API commands. Currently, show and other read-only commands are permitted. For information, see Running Commands on Devices.

Adding a Device Manually

You can manually add a device to your inventory.

Figure 2. Add Device Dialog box

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Click Add Device.

Step 3

From the Add Device dialog box, enter the device's IP address in the Device IP field.

Step 4

In the Version field, choose the SNMP version from the drop-down list: V2C or V3 and complete the corresponding fields:

Table 3. SNMP V2C Fields

Field

Description

Read Community

Read-Only community string value configured on devices that allows the controller to connect to and access the devices. This community string value must match the community string value that was pre-configured on the devices.

Write Community

Write community string value configured on devices that allows the controller to connect to, access, and change the devices. This community string value must match the community string value pre-configured on the devices.

Table 4. SNMP V3 Fields

Field

Description

Mode

Authentication mode to be used. Valid modes are Authentication and Privacy, Authentication, No Privacy, No Authentication, No Privacy.

Auth. Type

Valid only if you chose Authentication and Privacy or Authentication, No Privacy. Two authentication types are available:

  • SHA—Authentication based on the Secure Hash algorithm (SHA). SHA is a hash algorithm that is used to authenticate packet data.

  • MD5—Authentication based on the Message Digest 5 (MD5) algorithm. MD5 is a hash algorithm that is used to authenticate packet data.

Username

Valid only if you chose SHA or MD5.

Text string associated with the SNMP user and the chosen authentication type (SHA or MD5).

Auth. Password

Valid only if you chose SHA or MD5.

Encrypted text string stored as the SNMP user password and associated with the authentication type (SHA or MD5).

Privacy Type

Valid only if you chose Authentication and Privacy mode. Two privacy types are available:

  • DES—Data Encryption Standard (DES) 56-bit encryption in addition to authentication based on the Cipher Block Chaining (CBC) DES (DES-56) standard.

  • AES128—Cipher Block Chaining (CBC) mode AES for encryption.

Privacy Password

SNMPv3 privacy password associated with the chosen privacy type (DES or AES128) and used to generate the secret key to encrypt messages that are exchanged with devices.

Step 5

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and complete the following fields:

Table 5. SNMP Retries and Timeout Fields

Field

Description

Retries

Number of attempts the controller makes to communicate with the devices using SNMP. The default is 3 tries.

Timeout

Number of seconds the controller waits while attempting to communicate with the devices using SNMP before the attempt fails. The default is 5 seconds.

Step 6

Expand the CLI area, if it is not already expanded, and complete the following fields:

Table 6. CLI Fields

Field

Description

Protocol

Protocol used from a remote management station to connect device CLI. Valid options are Telnet (Telnet TCP/IP) or SSH2 (Secure Shell 2.0).

Username

Identification used to log into a device's CLI.

Password

Password used to log into a device's CLI.

Enable Password

After successful login to the CLI, password used to access Privileged EXEC mode.
Step 7

Click Add.

Deleting a Device

You can delete devices from the Cisco APIC-EM database.

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Click the check box next to the device that you want to delete.

A toolbar opens.

Note 

Even after the toolbar opens, you can select multiple devices by clicking additional check boxes, or you can select all devices by clicking the checkbox at the top of the list.

Step 3

From the open toolbar, click Delete.

Filtering Devices in the Device Inventory Window

You can filter the devices displayed in the Devices Inventory window by device name, location, IP address and VRF instance.


Note

To remove the filters, click Clear Filters.

Figure 3. Device Inventory Window Showing Filters

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Device Inventory toolbar, click Filters.

The following filters display:

  • Device Name

  • Device Location

  • Device IP Address

  • Device VRF
Step 2

Enter the appropriate value in the selected filter field.

For example, for the Device Name filter, enter the name of a device.

The controller presents you with auto-complete values as you enter values in the other fields. Choose one of the suggested values or finish entering the desired value.

Note 

You can also use a wildcard (asterisk) with these filters. You can enter values with the asterisk at the beginning, end, or in the middle of the string value.

Step 3

Click the plus (+) icon to perform the filter.

The data displayed in the Devices table automatically updates according to your filter selection.

Step 4

(Optional) If needed, add more filters following the above steps.

Note 

You can filter on more than one value per filter or across several different filter types.

Step 5

To remove the filter, click the x icon next to the filter value.

What to do next

Review the updated information displayed in the Device Inventory window. If required for your network configuration, make changes to the displayed columns within the Devices table view.

Changing the Devices Layout View

You can change the information that is displayed in the Devices table by selecting different layout views or by customizing a layout view for the devices in your network.

Figure 4. Device Inventory Window Showing Layout Options

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Device Inventory toolbar, click the Layout field and choose one of the following layout options from the drop-down list:

  • Status—Displays general device status information, including up time, update frequency, and number of updates.

  • Hardware—Displays hardware information, including IOS/firmware, serial number, and device role.

  • Tagging—Displays tagging information, including device role, location, and tag.

  • Customize—Displays a list of options to choose from to create your own layout.

APIC-EM displays the information for the chosen layout.
Step 2

To customize a specific layout, choose Customize and select the desired display options.

Display options toggle on and off. Blue options with checkmarks indicate that the option is on and is displayed in the table.

What to do next

Review the updated information displayed in the Device Inventory window. If required for your network configuration, make any adjustments.

Changing the Device Role

During the scan process, the controller assigns a role to each discovered device. The device role is used to identify and group devices according to their responsibilities and placement in the network.

A device can have one of the following roles:

  • Unknown—Device role is unknown.

  • Access—Device is located in and performs tasks required of the access layer or first tier/edge of the network.

  • Border Router—Device performs tasks required of a border router.

  • Distribution—Device is located in and performs tasks required of the distribution layer of the network.

  • Core—Device is located in and performs tasks required of the core of the network.

Figure 5. Device Roles and Network Locations

You can change the device role in the Device Inventory window.


Note

You can also change the device role from the Topology window. See Changing a Device's Role From the Topology Window.

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to perform this procedure.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

The Devices Inventory window appears.

Step 2

From the Device Inventory toolbar, choose one of the options from the Layout drop-down list.

Valid options are Hardware, Tagging, or Customize > Device Role. The table refreshes and includes a column for the Device Role.

Step 3

Locate the device you want to change and choose a new role from the drop-down list in the Device Role column.

Valid choices are Unknown, Access, Core, Distribution, or Border Router.

What to do next

If required, change the role of other devices in the Device Inventory window.

Adding or Removing a Device Tag in Device Inventory

You can group devices according to common attributes by applying device tags. For example, you may want to apply device tags to group devices by their platform ID or Cisco IOS release. A single device can have multiple device tags; similarly, a single device tag can be applied to multiple devices.


Note

For information about Policy tags and Location tags, see Adding or Removing a Policy Tag in Device Inventory and Adding or Removing Location Tags.

Figure 6. Device Tags Dialog Box

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.

The table refreshes and displays a Device Tag column in addition to other columns.

Step 3

Select the check box to the left of the desired devices and click Set Device Tags.

Note 
For a single device, you can also click the number displayed in the Device Tag column.
Step 4

Do one of the following:

  • To apply a device tag, from the Available Tags list, click the tags that you want to apply to the selected devices.

Note 
If the desired tag is not in the list, enter a name for the tag and click +New Tag.

  • To remove a device tag, from the Applied Tags list, click the Trash can icon next to the tag that you want to remove from the selected devices.

Note 

The Applied Tags list is populated only if at least one of the selected devices has a tag applied to it.

Step 5

Click x to close the dialog box.

What to do next

If required for your network configuration, add location or policy tags to your devices.

Adding or Removing a Policy Tag in Device Inventory

You can apply a policy tag applied to a group of devices so that you can deploy the same QoS policy to those devices at the same time.

Figure 7. Policy Tag Dialog Box

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

SUMMARY STEPS

  1. From the Navigation pane, click Device Inventory.
  2. From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.
  3. Select the check box to the left of the desired devices and click Set Policy Tag.
  4. Do one of the following:
  5. Click x to close the dialog box.

DETAILED STEPS

Step 1

From the Navigation pane, click Device Inventory.

Step 2

From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.

The table refreshes and displays a Policy Tag column in addition to other columns.

Step 3

Select the check box to the left of the desired devices and click Set Policy Tag.

Note 
For a single device, you can also click Add displayed in the Policy Tag column.
Step 4

Do one of the following:

  • To apply a policy tag, from the Available Tags list, click the tag that you want to apply to the selected devices.

Note 
If the desired tag is not in the list, enter a name for the tag and click +New Tag.

  • To remove a policy tag, from the Applied Tags list, click the Trash can icon next to the tag that you want to remove from the selected devices.

Note 

The Applied Tags list is populated only if at least one of the selected devices has a tag applied to it.

Step 5

Click x to close the dialog box.

What to do next

If you added a policy tag to devices and now want to configure QoS policies, see the Cisco EasyQoS Application for APIC-EM User Guide.

Adding or Removing Location Tags

You can apply a location tag to a device to name a device's geographic location. By applying the same tag to several devices, you can group them based on their common location. You can create a location tag and, optionally, place a corresponding location marker on a geographical map. For information, see Adding or Changing a Location Marker.

Use the following guidelines when adding location tags:

  • Location tag information is maintained on the controller only and not deployed to or dirived from the device itself.

  • When location tags and markers are used, the Topology window displays them on a geographical map.

  • A location defined on the controller is not the "civic-location" property that some devices support.

  • Location tags cannot be attached to hosts.

  • You can apply only one location tag to a device. However, you can use both a location tag and a device tag together.

Figure 8. Set Location Tag Dialog Box

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.

The table refreshes and displays a Location column in addition to other columns.

Step 3

Select the check box to the left of the desired devices (or select the check box at the top of the list to select all devices) and click Set Location.

Note 
For a single device, you can also click the Add link displayed in the Location column for that device.
Step 4

Do one of the following:

  • To apply a location tag, from the Available Tags list, click the tag that you want to apply to the selected devices. If the desired tag is not in the list, click the plus icon (+), enter a name for the tag, and click the check mark icon.

  • To remove a location tag assignment from the devices, in the Edit Location field, click the x icon . The devices now have no location tag assignment.

  • To change the current location tag to another one, click the new location tag that you want to assign.

  • To delete the location tag, first make sure that it is not in use (either change device assignments to other location tags or remove the tag assignment altogether). Then, click the trash can icon next to the location tag that you want to delete.

Step 5

When you are done, click x to close the dialog box.

What to do next

If required for your network configuration, add or remove other location tags to other devices or add location markers.

Adding or Changing a Location Marker

A location marker is an icon used to indicate the location of the devices associated with a location tag on a geographical map. You can add a location marker to devices in the Device Inventory window.

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

You have already added location tags to your devices.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.

The table refreshes and displays a Location column in addition to other columns.

Step 3

(Optional) To display devices with a specific location tag, from the Device Inventory toolbar, click Filters, enter a location tag in the Device Location field, and click the + icon.

Step 4

Select the desired location tag from the Locations column.

Note 

Because you are not assigning a location tag, it is not important which device you choose. When you add or remove a location marker, the change is applied to the location tag, and all devices that have the location tag will be updated.

Step 5

To add or change a location marker, select the location tag from the Available Locations pane and do one of the following:

  • In the Address of Location field on the right side of the geographical map, enter the address where you want to place the location marker. You can enter a complete address or part of an address, for example, a city name or zip code. Cisco APIC-EM displays the location on the map. Click the map where you want the marker to be placed and confirm the action in the confirmation dialog box that appears.

  • Position the map as close to the desired location as possible using your mouse to drag and drop, zoom in, and zoom out on the map, then click the map.

Note 
If you need to reposition the marker, click the map again where you want the marker to be placed.
Figure 9. Edit Location Dialog Box Showing Location Marker
Step 6

(Optional) To add additional location markers, click another location tag and repeat Step 5.

Step 7

When you are done, click x to close the dialog box.

Deleting a Tag

When a device tag, policy tag, or location tag is no longer needed, you can delete it, and it is removed permanently from the controller. You can delete device tags using the Device Inventory window or the Topology window. Policy tags and location tags can be deleted only from the Device Inventory window. This procedure shows you how to delete tags from the Device Inventory window.

Before you begin

You must have administrator (ROLE_ADMIN) permissions and access to all devices (RBAC Scope set to ALL) to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Before you can delete a tag, you need to remove it from all devices that have been assigned the tag.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

From the Device Inventory toolbar, choose Layout > Tagging from the drop-down list.

Step 3

Do one of the following:

  • To delete a device tag, click any number in the Device Tag column. From the Available Tags list, click the Trash can icon next to the tag or tags that you want to delete.

  • To delete a policy tag, click Add or the name of a policy tag in the Policy Tag column. From the Available Tags list, click the Trash can icon next to the tag or tags that you want to delete.

  • To delete a location tag, click Add or the name of a location tag in the Location column. From the Available Locations list, click the Trash can icon next to the tag or tags that you want to delete.

Step 4

Click OK to confirm the deletion.

The tag is removed permanently from the controller.

If the deletion fails, the tag might still be assigned to devices. Remove the tag from these devices and try to delete the tag again.

Step 5

Click x to close the dialog box.

Updating Device Credentials

You can update the discovery credentials of selected devices. The updated settings override the global and job-specific settings for the selected devices.

Figure 10. Update Device Credentials Dialog Box

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to perform this procedure.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Select the devices that you want to update.
Step 3

Click Update Credentials.

Step 4

Click OK to confirm this action.

Step 5

From the Update Credentials dialog box, expand the SNMP area, if it is not already expanded.

Step 6

In the Version field, choose the SNMP version from the drop-down list: V2C or V3 and complete the corresponding fields:

Note 

Both the SNMP and CLI credentials are updated together, so you need to provide both credentials. If you provide only SNMP credentials, Cisco APIC-EM saves only the SNMP credentials. The CLI credentials are not updated.

Table 7. SNMP V2C Fields

Field

Description

Read Community

Read-Only community string value configured on devices that allows the controller to connect to and access the devices. This community string value must match the community string value that was pre-configured on the devices.

Write Community

Write community string value configured on devices that allows the controller to connect to, access, and change the devices. This community string value must match the community string value pre-configured on the devices.

Table 8. SNMP V3 Fields

Field

Description

Mode

Authentication mode to be used. Valid modes are Authentication and Privacy, Authentication, No Privacy, No Authentication, No Privacy.

Auth. Type

Valid only if you chose Authentication and Privacy or Authentication, No Privacy. Two authentication types are available:

  • SHA—Authentication based on the Secure Hash algorithm (SHA). SHA is a hash algorithm that is used to authenticate packet data.

  • MD5—Authentication based on the Message Digest 5 (MD5) algorithm. MD5 is a hash algorithm that is used to authenticate packet data.

Username

Valid only if you chose SHA or MD5.

Text string associated with the SNMP user and the chosen authentication type (SHA or MD5).

Auth. Password

Valid only if you chose SHA or MD5.

Encrypted text string stored as the SNMP user password and associated with the authentication type (SHA or MD5).

Privacy Type

Valid only if you chose Authentication and Privacy mode. Two privacy types are available:

  • DES—Data Encryption Standard (DES) 56-bit encryption in addition to authentication based on the Cipher Block Chaining (CBC) DES (DES-56) standard.

  • AES128—Cipher Block Chaining (CBC) mode AES for encryption.

Privacy Password

SNMPv3 privacy password associated with the chosen privacy type (DES or AES128) and used to generate the secret key to encrypt messages that are exchanged with devices.

Step 7

Expand the SNMP RETRIES AND TIMEOUT area, if it is not already expanded, and complete the following fields:

Table 9. SNMP Retries and Timeout Fields

Field

Description

Retries

Number of attempts the controller makes to communicate with the devices using SNMP. The default is 3 tries.

Timeout

Number of seconds the controller waits while attempting to communicate with the devices using SNMP before the attempt fails. The default is 5 seconds.

Step 8

Expand the CLI area, if it is not already expanded, and complete the following fields:

Note 

Both the SNMP and CLI credentials are updated together, so you need to provide both credentials. If you provide only SNMP credentials, Cisco APIC-EM saves only the SNMP credentials. The CLI credentials are not updated.

Table 10. CLI Fields

Field

Description

Protocol

Protocol used from a remote management station to connect device CLI. Valid options are Telnet (Telnet TCP/IP) or SSH2 (Secure Shell 2.0).

Username

Identification used to log into a device's CLI.

Password

Password used to log into a device's CLI.

Enable Password

After successful login to the CLI, password used to access Privileged EXEC mode.
Step 9

Click Update.

Resynchronizing Device Information

You can select devices to be polled immediately for updated device and status information, regardless of the polling interval that is set. A maximum of 40 devices can be resynchronized at the same time.

Figure 11. Device Inventory Window Showing Resync in Progress

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Select the device or devices on which you want to gather information about.
Step 3

Click Resync.

Step 4

Confirm the resynchronization by clicking OK.

Running Commands on Devices

You can run show commands and other read-only commands on selected devices and display the output in Cisco APIC-EM. To determine the allowed command keywords, from the global toolbar, click API > Network Poller > network-device-poller > /network-device-poller/cli/legit-reads > Try it out!

From the GUI, you can run a maximum of 5 commands per device, with a maximum of 20 devices per request. When a device is part of another request that has not completed yet, no other commands are executed on it.

Access points are not supported. If you choose access points, they are omitted from executing commands. Commands are only run on the other selected devices.

Before you begin

The command runner application is not installed on Cisco APIC-EM by default. To use the command running application, you need to download the image from Cisco.com, install it, and enable the Command Runner application. For information, see the Cisco Application Policy Infrastructure Controller Enterprise Module Administrator Guide.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to perform this procedure.

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Select the device on which you want to run commands.
Step 3

Click Command Runner.

Step 4

In the Command field, enter the command that you want to run and click the plus sign (+) icon to add the command to the list of commands to be run.

You can add only one command at a time and up to 5 commands total.
Step 5

When you have defined all of the commands that you want to run, click Run.

Cisco APIC-EM runs the commands on the selected devices and displays the command output.
Note 

Command Runner does not maintain any cache or history of the command results. If you run commands and then close or navigate to a different window, all actions performed in command runner and their results are lost.

Updating a Device's Polling Interval

You can update the polling interval at the global level for all devices on the Settings > Polling Interval page or at the device level for a specific device in the Device Inventory window. When you set the polling interval at the device level, that value takes precedence over the global polling interval value.

For information about setting the polling interval at the global level, see the Cisco Application Policy Infrastructure Controller Enterprise Module Administrator Guide.

Figure 12. Update Polling Interval Dialog Box

Before you begin

Make sure that you have devices in your inventory. If not, discover devices using the Discovery function.

You must have either administrator (ROLE_ADMIN) or policy administrator (ROLE_POLICY_ADMIN) permissions and the appropriate RBAC scope to perform this procedure.

Procedure

Step 1

From the Navigation pane, click Device Inventory.

Step 2

Select the devices that you want to update.
Step 3

Click Update Polling Interval.

Step 4

Click OK to confirm this action.

Step 5

From the Update Polling Interval dialog box, in the Status field, click Enabled to turn on polling or click Disabled to turn off polling.

Step 6

In the Polling Time field, enter the time interval (in minutes) between successive polling cycles. Valid values are from 25 to 1440 minutes (24-hours).

Note 

The device-specific polling time supersedes the global polling time. If you set the device-specific polling time and then change the global polling time, Cisco APIC-EM continues to use the device-specific polling time.

Step 7

Click Update.

Managing Your Host Inventory

Cisco APIC-EM displays information about the discovered hosts in the Host Inventory window.

The following table describes the information that is displayed about the hosts in your inventory.


Note

Use the filters located below the Host Inventory table to limit the number of hosts displayed in the table (10, 25, 50, 100) or to view groups of hosts at a time (First, Previous, Next, Last, or 1-3).

Figure 13. Host Inventory Window

The following table describes the information that is displayed about the hosts in your inventory.

Table 11. Host Inventory

Host Inventory

Description

Host Name

Name of the host.

Host MAC address

MAC address of the host.

Host IP address

IP address of the host.

Host type

Type of host (wired or wireless).

Connected Network Device IP Address

IP address of the device that is connected to the host.

Note 

IP addresses of only wired devices are shown.

Connected Interface Name

Name of the interface that the device is connected to. For example, GigabitEthernet1/0/24.

Filtering Hosts in the Host Inventory Window

You can filter the hosts displayed in the Host Inventory window by host MAC address, host IP address, host name, host type, connected network device IP address, or connected interface name.

Figure 14. Host Inventory Window Showing Filters Pane

Before you begin

Make sure that you have hosts in your inventory. If not, discover them using the Discovery function.

Procedure

Step 1

From the Host Inventory toolbar, click Filters.

You can choose from the following filter options:

  • Host MAC Address

  • Host IP Address

  • Host Name

  • Host Type

  • Connected Network Device IP Address

  • Connected Interface Name
Step 2

Enter the appropriate value in the selected filter field.

For example, for the Host Name filter, enter the name of the host.

The controller presents you with auto-complete values as you enter values in the other fields. Choose one of the suggested values or finish entering the value.

Note 

You can also use a wildcard (asterisk) with these filters. You can enter values with the asterisk at the beginning, end, or in the middle of the string value.

Step 3

Click the plus (+) icon to perform the filter.

The data displayed in the Devices table automatically updates according to your filter selection.

Step 4

(Optional) If needed, add more filters following the above steps.

Note 

You can filter on more than one value per filter or across several different filter types.

Step 5

To remove the filter, click the x icon next to the filter value.