Add Devices to the Inventory
There are different ways to add devices to Crosswork. Each has its own set of prerequisites, which you must fulfill if the device addition is to succeed. Ensure that your devices are configured properly for communication and telemetry. See guidelines and example configurations in Telemetry Prerequisites for New Devices and Sample Configuration for Cisco NSO Devices.
In order of preference for most users, the methods and their prerequisites are:
-
Importing devices using the Crosswork APIs: : This is the fastest and most efficient of all the methods, but requires programming skills and API knowledge. For more, see the Inventory Management APIs On Cisco Devnet.
-
Importing devices from a Devices CSV file: This method can be time-consuming. To succeed with this method, you must first:
-
Create the provider(s) that will be associated with the devices. See About Adding Providers.
-
Create corresponding credential profiles for all of the devices and providers listed in the CSV file. See Create Credential Profiles.
-
Create tags for use in grouping the new devices. See Create Tags.
-
Download the CSV template file from Crosswork and populate it with all the devices you will need.
-
-
Adding them via the UI: This method is the least error-prone of the three methods, as all data is validated during entry. It is also the most time-consuming, being suitable only for adding a few devices at a time. Note that the providers, credential profiles and tags you want to apply to them must exist beforehand. For more information, see Add Devices through the UI.
-
Auto-onboarding from a Cisco SR-PCE provider: This method is highly automated and relatively simple. Note that the device and provider credential profiles and tags you want to apply to these devices must exist beforehand. After onboarding devices from this source, you will need to edit each device to add device information that is not automatically discovered. For more information, see the provider properties in Add Cisco SR-PCE Providers.
-
Auto-onboarding using Zero Touch Provisioning: This method is automated, but requires that you create device entries first and modify your installation's DHCP server. Note that the device and provider credential profiles and tags you want to apply to these devices must exist beforehand. After provisioning and onboarding devices using this method, you will need to edit each device to add information that is not automatically supplied. For more information, see Zero Touch Provisioning.
Note |
Cisco Crosswork only supports single-stack deployment modes. The devices can be onboarded with either an IPv4 address or an IPv6 address, not both. If a device onboarded in Cisco Crosswork is on the same subnet as a Cisco Crosswork Data Gateway interface, then it must be on the Cisco Crosswork Data Gateway's southbound network. This is because Cisco Crosswork Data Gateway implements RPF checks and the source address of devices cannot be on the management or northbound networks if multitple NICs (2 or 3 NIC) are deployed. |
Telemetry Prerequisites for New Devices
Before onboarding new devices, you must ensure that the devices are configured to collect and transmit telemetry data successfully with Cisco Crosswork. The following sections provide sample configurations for several telemetry options, including SNMP, NETCONF, SSH, GNMI and Telnet. Use them as a guide to configuring the devices you plan to manage.
Note |
|
Configure Devices to Forward Events to Crosswork
To ensure that Crosswork can query devices and receive events and notifications from them, you must configure devices to forward events to the Crosswork server. For most devices, this means you must configure the devices to forward SNMP traps and syslogs, and the Data Gateway IP acts as the receiver IP.
If you have a high availability deployment, you must configure devices to forward events to both the primary and secondary servers (unless you are using a virtual IP address).
In most cases, you should configure this using the snmp-server host command.
Pre-Onboarding Device Configuration
Note |
Ensure that you set the snmp-server packetsize to 4096 to avoid getting duplicate packets and "unable to acquire feed" errors. |
logging console debugging
logging monitor debugging
telnet vrf default ipv4 server max-servers 100
telnet vrf default ipv6 server max-servers 100
crypto key generate rsa
exec-timeout 0 0
width 107
length 37
absolute-timeout 0
!
snmp-server community public RO
snmp-server community robot-demo2 RO
snmp-server ifindex persist
snmp-server packetsize 4096
ntp
server <NTPServerIPAddress>
!
ssh server v2
ssh server vrf default
ssh server netconf vrf default
ssh server logging
ssh server rate-limit 100
ssh server session-limit 100
!
netconf agent tty
!
netconf-yang agent
ssh
!
Required Settings—Cisco IOS XR Device Operating System
Note that <SystemOwner> is user supplied variable.
snmp-server community community_name SystemOwner
snmp-server community community_name RO
snmp-server entityindex persist
snmp-server ifindex persist
logging cdg_virtualIP
logging on
logging buffered <307200-125000000>
logging source-interface interface_name
logging trap informational
logging events level informational
logging events link-status
logging events link-status software-interfaces
no cli whitespace completion
domain ipv4 host server_name cdg_virtualIP
line default
exec-timeout 10 0
session-limit 10
session-timeout 100
transport input ssh
transport output ssh
vty-pool default 0 99 line-template default
telnet ipv4 server max-servers no-limit
telnet vrf default ipv4 server max-servers 100
ssh server v2
ssh server rate-limit 60
cinetd rate-limit 60
xml agent tty
netconf agent tty
ipv4 virtual address use-as-src-addr
ipv4 virtual address Virtual_IP_Address/Subnet_Mask
snmp-server view all 1.3.111.2.802.1.1.8 included
snmp-server community ReadonlyCommunityName RO SystemOwner
snmp-server user User Group v3 auth sha encrypted Password priv des56 encrypted
Password SystemOwner
snmp-server view Group 1.3.6 included
snmp-server view Group 1.0.8802.1.1.2 included
snmp-server group Group v3 priv notify Group read Group
snmp-server group Group v3 priv read v1default write v1default notify v1default
snmp-server ifmib stats cache
snmp-server interface subset 2 regular-expression Forty*
notification linkupdown
!
snmp-server interface subset 3 regular-expression Ten*
notification linkupdown
!
snmp-server interface subset 1 regular-expression Hun*
notification linkupdown
!
snmp-server interface subset 1 regular-expression TwoHun*
notification linkupdown
!
snmp-server interface subset 1 regular-expression FourHun*
notification linkupdown
snmp-server traps fru-ctrl
clock timezone TimeZone
service timestamps log datetime show-timezone msec year
ntp server NTP_Server
logging facility local7
logging cdg_virtualIP vrf name
controller oduX R/S/I/P
per-mon enable
SNMPv3 Pre-Onboarding Device Configuration
If you want to enable SNMPv3 data collection, repeat the SNMPv2 configuration commands in the previous section, and add the following commands:
snmp-server group grpauthpriv v3 priv notify v1default
snmp-server user <user-ID> grpauthpriv v3 auth md5 <password> priv aes 128 <password>
Pre-Onboarding SNMPv2 and SNMPv3 Trap Configuration
If you want the device to send SNMP traps to Cisco Crosswork, use the following commands to perform a pre-onboarding device configuration and test for the trap version you want.
For SNMP v2 traps:
snmp-server trap link ietf
snmp-server host <CrossworkDataGatewaySouthboundIPAddress> traps version 2c cisco123 udp-port 1062
snmp-server community cisco123
snmp-server traps snmp linkup
snmp-server traps snmp linkdown
For SNMP v3 traps:
snmp-server trap link ietf
snmp-server host <CrossworkDataGatewaySouthboundIPAddress> traps version 3 cisco123 udp-port 1062
snmp-server community cisco123
snmp-server traps snmp linkup
snmp-server traps snmp linkdown
Please note that, for traps to be received, the node_ip field for the device as listed in the Cisco Crosswork inventory must match the IP address of the device interface from which the traps are sent. If they do not, Cisco Crosswork will reject the traps. Also, the device needs to be in ADMIN_UP state for traps to be received.
Required Settings—Cisco IOS and IOS-XE Device Operating System
snmp-server host cdg_virtualIP
snmp-server community public-cmty RO
snmp-server community private-cmty RW
snmp-server ifindex persist
logging cdg_virtualIP
logging on
logging buffered 64000 informational
logging source-interface interface_name
logging trap informational
logging event link-status default
Note |
The <CrossworkDataGatewaySouthboundIPAddress> denotes the virtual IP address used in the Crosswork Data Gateway pool creation. |
no ip domain-lookup
crypto key generate rsa
ip ssh rsa keypair-name keypair-name
crypto key generate rsa usage-keys label key-label modulus modulus-size
ip ssh version [1 | 2]
line vty <number of vty>
exec-timeout
session-timeout
transport input ssh (requird only if ssh is used)
transport output ssh (required only if ssh isused)
snmp-server community ReadonlyCommunityName RO
snmp-server user User Group v3 auth sha Password priv des Password
snmp-server view Group 1.3.6 included
snmp-server view Group 1.0.8802.1.1.2 included
snmp-server group Group v3 priv notify Group read Group
snmp-server group Group v3 priv read v1default write v1default notify v1default
snmp-server group Group v3 priv
snmp-server group Group v3 priv notify crosswork read crosswork
snmp-server cache
clock timezone TimeZone
service timestamps log datetime show-timezone msec year
ntp server NTP_Server
update-calendar
logging facility local7
logging cdg_virtualIP vrf default severity info [port default]
Sample Configuration for Cisco NSO Devices
If you plan to use Cisco Network Services Orchestrator (Cisco NSO) as a provider to configure devices managed by Cisco Crosswork, be sure that the Cisco NSO device configurations observe the guidelines in the following example.
This example shows a Cisco NSO configuration that uses the hostname as the device ID. If you are using a CSV file to import devices, use ROBOT_PROVDEVKEY_HOST_NAME as the enum value for the provider_node_key field. The example hostname RouterFremont used here must match the hostname for the device in the CSV file.
configure
set devices device RouterFremont address 198.18.1.11 port 22
set devices device RouterSFO address 198.18.1.12 port 830
In the following example, we are creating an authgroup called "cisco", with a remote name and password of "cisco". Next, we are setting all the devices that have a name starting with "Router" to a device type of "netconf" using the ned-id "cisco-iosxr-nc-6.6". Finally, we are assigning all of the devices with a name starting with "Router" to the "cisco" authgroup. Edit these settings to match your environment:
set devices authgroups group cisco default-map remote-name cisco remote-password cisco
set devices device Router* device-type netconf ned-id cisco-iosxr-nc-6.6
set devices device Router* authgroup cisco
The following CLI commands unlock and retrieve the SSH keys from all of the devices. Cisco NSO synchronizes itself with the devices by uploading each device's current configuration and then storing the present configuration. It is important to use these commands to ensure that the devices, Cisco NSO, and your Cisco Crosswork applications are starting from a common configuration:
set devices device Router* state admin-state unlocked
request devices device Router* ssh fetch-host-keys
request devices device Router* sync-from
commit
Add Devices through the UI
Follow the steps below to add devices one by one, using the UI. Under normal circumstances, you will want to use this method only when adding a few devices.
Procedure
Step 1 |
From the main menu, choose . |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Step 2 |
Click . |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Step 3 |
Enter values for the new device, as listed in the table below. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Step 4 |
Click Save. The Save button is disabled until all mandatory fields are completed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Step 5 |
(Optional) Repeat these steps to add more devices.
|
Add Devices By Import From CSV File
Complete the steps below to create a CSV file that specifies multiple devices and then import it into Crosswork.
Importing devices from a CSV file adds any devices not already in the database, and overwrites the data in any device record with an Inventory Key Type field value that matches those of an imported device (this excludes the UUID, which is set by the system and not affected by import). For this reason, it is a good idea to export a backup copy of all your current devices before an import
Attention |
|
Procedure
Step 1 |
From the main menu, choose The Network Devices tab is displayed by default. . |
||
Step 2 |
Click to open the Import CSV File dialog box. |
||
Step 3 |
If you have not already created a device CSV file to import: |
||
Step 4 |
Click Browse to navigate to the CSV file you just created and then click Open to select it. |
||
Step 5 |
With the CSV file selected, click Import.
|
||
Step 6 |
Resolve any errors and confirm device reachability. It is normal for devices to show as unreachable or not operational when they are first imported. However, if they are still displayed as unreachable or not operational after 30 minutes, there may be an issue that needs to be investigated. To investigate, select Status column. Common issues include failure to ensure the associated credential profile contains the correct credentials. You can test this by opening a terminal window on the server and then trying to access the device using the protocol and credentials specified in the associated credential profile. and click on any error icon you see in the |
||
Step 7 |
Once you have successfully onboarded the devices, you must map them to a Cisco Crosswork Data Gateway instance. |
Export Device Information to a CSV File
When you export the device list, all device information is exported to a CSV file. Exporting the device list is a handy way to keep a record of all devices in the system at one time. You can also edit the CSV file as needed, and re-import it to overwrite existing device data.
The exported device CSV file will contain only the name of the credential profile for each device, not the credentials themselves.
Procedure
Step 1 |
From the main menu, choose The Network Devices tab is displayed by default. . |
Step 2 |
(Optional) Filter the device list as needed. |
Step 3 |
Check the check boxes for the devices you want to export. Check the check box at the top of the column to select all the devices for export. |
Step 4 |
Click the . Your browser will prompt you to select a path and the file name to use when saving the CSV file, or to open it immediately |