critical-resource

Profile Config Commands

Enables monitoring of resources critical to the health of the service platform, wireless controller, or access point managed network. These critical resources are identified by their configured IP addresses. When enabled, the system monitors these devices regularly and logs their status. Use this command to create a CRM (critical resource monitoring) policy.

A critical resource can be a gateway, AAA server, WAN interface, any hardware, or a service on which the stability of the network depends. Monitoring these resources is therefore essential. When enabled, this feature pings critical resources regularly to ascertain their status. If there is a connectivity issue, an event is generated stating a critical resource is unavailable. By default, there is no enabled critical resource policy and one needs to be created and implemented.

Critical resources can be monitored directly through the interfaces on which they are discovered. For example, a critical resource on the same subnet as an AP8132 access point can be monitored by its IP address. However, a critical resource located on a VLAN must continue to be monitored on that VLAN.

Critical resource monitoring can be enabled on service platforms, wireless controllers, and access points through their respective device profiles.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

critical-resource [<CR-NAME>|monitor|retry-count]
critical-resource <CR-NAME> [monitor|monitor-using-flows]
critical-resource <CR-NAME> monitor [direct|via]
critical-resource <CR-NAME> monitor direct [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
critical-resource <CR-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan|wwan1]
critical-resource <CR-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only [vlan <1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
critical-resource <CR-NAME> monitor-using-flows [all|any] [criteria|dhcp|dns|sync-adoptees]
critical-resource <CR-NAME> monitor-using-flows [all|any] criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] dhcp vlan <1-4094> {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] dns <IP/HOST-ALIAS-NAME> {dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] sync-adoptees criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp [vlan <1-4094>| <VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource monitor interval <5-86400>
critical-resource retry-count <0-10>

Parameters

critical-resource <CR-NAME> monitor direct [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only [vlan <1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor Enables critical resource(s) monitoring
direct [all|any] [<IP/HOST-ALIAS-NAME>| sync-adoptees] Monitors critical resources using the default routing engine
  • all – Monitors all resources that are going down (generates an event when all specified critical resources are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource is unreachable)
    • <IP/HOST-ALIAS-NAME> – Configures the IP address of the critical resource being monitored (for example, the DHCP or DNS server). Specify the IP address in the A.B.C.D format. You can use a host-alias to identify the critical resource. If using a host-alias, ensure that the host-alias is existing and configured.
    • sync-adoptees – Syncs adopted access points with the controller. In the stand-alone AP scenario, where the CRM policy is running on the AP, the AP is directly intimated in case a critical resource goes down. On the other hand, when an AP is adopted to a controller (running the CRM policy), it is essential to enable the sync-adoptees option in order to sync the AP with the controller regarding the latest CRM status.
arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>| port [<LAYER2-IFNAME>|ge| port-channel]} The following keywords are common to the ‘all‘ and ‘any‘ parameters:
  • arp-only vlan <1-4094> – Optional. Uses ARP to determine if the IP address is reachable (use this option to monitor resources that do not have IP addresses). ARP is used to resolve hardware addresses when only the network layer address is known.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Specifies the VLAN ID on which to send the probing ARP requests. Specify the VLAN ID from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
      • <IP/HOST-ALIAS-NAME> – Optional. Limits ARP to a device specified by the <IP> parameter. You can use a host-alias to specify the IP address. If using a host-alias, ensure that the host-alias is existing and configured.
      • port [<LAYER2-IF-NAME>|ge|port-channel] – Optional. Limits ARP to a specified port
critical-resource <CRM-POLICY-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP>|port [<LAYER2-IFNAME>|ge|port-channel]}}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor Enables critical resource(s) monitoring
via Specifies the interface or next-hop via which the ICMP pings should be sent.

Configures the interface or next-hop via which ICMP pings are sent. This does not apply to IP addresses configured for arp-only. For interfaces which learn the default-gateway dynamically (like DHCP clients and PPP interfaces), use an interface name for VIA, or use an IP address.

<IP/HOST-ALIAS-NAME> Specify the IP address of the next-hop via which the critical resource(s) are monitored. Configures up to four IP addresses for monitoring. All the four IP addresses constitute critical resources. You can use a host-alias to specify the IP address. If using a host-alias, ensure that the host-alias is existing and configured.
<LAYER3-INTERFACE-NAME> Specify the layer 3 Interface name (router interface)
pppoe1 Specifies PPP over Ethernet interface
vlan [<1-4094>|<VLAN-ALIAS-NAME>] Specifies the wireless controller or service platform‘s VLAN interface. Specify VLAN ID from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
wwan1 Specifies Wireless WAN interface
[all|any] [<IP/HOST-ALIAS-NAME>| sync-adoptees] Monitors critical resources using the default routing engine
  • all – Monitors all resources that are going down (generates an event when all specified critical resource IP addresses are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource IP address is unreachable)
    • <IP/HOST-ALIAS-NAME> – Configures the IP address of the critical resource being monitored (for example, the DHCP or DNS server). Specify the IP address in the A.B.C.D format. You can use a host-alias to specify the IP address. If using a host-alias, ensure that the host-alias is existing and configured.
    • sync-adoptees – Syncs adopted access points with the controller. In the stand-alone AP scenario, where the CRM policy is running on the AP, the AP is directly intimated in case a critical resource goes down. On the other hand, when an AP is adopted to a controller (running the CRM policy), it is essential to enable the sync-adoptees option in order to sync the AP with the controller regarding the latest CRM status.
arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>| port [<LAYER2-IFNAME>|ge| port-channel]} The following keywords are common to the ‘all‘ and ‘any‘ parameters:
  • arp-only vlan <1-4094> – Optional. Uses ARP to determine if the IP address is reachable (use this option to monitor resources that do not have IP addresses). ARP is used to resolve hardware addresses when only the network layer address is known.
  • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Specifies the VLAN ID to send the probing ARP requests. Specify the VLAN ID from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
    • <IP‘HOST-ALIAS-NAME> – Optional. Limits ARP to a device specified by the <IP> parameter. You can use a host-alias to specify the IP address. If using a host-alias, ensure that the host-alias is existing and configured.
    • port [<LAYER2-IF-NAME>|ge|port-channel] – Optional. Limits ARP to a specified port
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor-using-flows Enables critical resource(s) monitoring using message flows for DHCP or DNS (DHCP discover, DHCP offer, etc.) instead of ICMP or ARP packets in order to reduce the amount of traffic on the network.
[all|any] Configures how critical resource event messages are generated. Options include all and any.
  • all – Monitors all resources that are going down (generates an event when all specified critical resources are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource is unreachable)
criteria [all|cluster-master| rf-domain-manager] Configures the resource that will monitor critical resources and update the rest of the devices in a group. Options include all, rf-domain-manager, or cluster-master.
  • all – Configures all devices within a group (cluster or RF Domain) as the monitoring resource
  • cluster-master – Configures the cluster master as the monitoring resource
  • rf-domain-manager – Configures the RF Domain manager as the monitoring resource
dhcp vlan [<1-4094>| <VLAN-ALIAS-NAME>] The following parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and ‘rf-domain-manager‘ keywords:
  • dhcp – Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
dns <IP/HOST-ALIAS-NAME> The following parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and ‘rf-domain-manager‘ keywords:
  • dns – Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
{dhcp [vlan <1-4094>| <VLAN-ALIAS-NAME>]| dns <IP/HOST-ALIAS-NAME>} The ‘dhcp‘ and ‘dns‘ parameters are recursive and you can optionally configure multiple VLANs and critical resource IPv4 addresses (or host alias names).
  • dhcp – Optional. Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
  • dns – Optional. Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>] {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor-using-flows Enables critical resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover, DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the amount of traffic on the network.
[all|any] Configures how critical resource event messages are generated. Options include all and any.
  • all – Monitors all resources that are going down (generates an event when all specified critical resources are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource is unreachable)
dhcp vlan [<1-4094>| <VLAN-ALIAS-NAME>] Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
  • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
{dhcp vlan [<1-4094>| <VLAN-ALIAS-NAME>]| dns <IP/HOST-ALIAS-NAME>} The following parameters are recursive and optional. Use them to configure multiple VLANs and critical resource IPv4 addresses (or host alias names):
  • dhcp – Optional. Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
  • dns – Optional. Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] dns <IP/HOST-ALIAS-NAME> {dhcp vlan [<1-4094><VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor-using-flows Enables critical resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover, DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the amount of traffic on the network.
[all|any] Configures how critical resource event messages are generated. Options include all and any.
  • all – Monitors all resources that are going down (generates an event when all specified critical resources are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource is unreachable)
dns <IP/HOST-ALIAS-NAME> Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
  • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
{dhcp vlan [<1-4094>| <VLAN-ALIAS-NAME>| dns <IP/HOST-ALIAS-NAME>} The following parameters are recursive and optional. Use them to configure multiple VLANs and critical resource IPv4 addresses (or host alias names):
  • dhcp – Optional. Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
  • dns – Optional. Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] sync-adoptees criteria [all|cluster-master|rf-domain-manager] (dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> Identifies the critical resource to be monitored. Provide the name of the critical resource.
monitor-using-flows Enables critical resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover, DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the amount of traffic on the network.
[all|any] Configures how critical resource event messages are generated. Options include all and any.
  • all – Monitors all resources that are going down (generates an event when all specified critical resources are unreachable)
  • any – Monitors any resource that is going down (generates an event when any one of the specified critical resource is unreachable)
syn-adoptees Syncs adopted access points with the controller. In the stand-alone AP scenario, where the CRM policy is running on the AP, the AP is directly intimated in case a critical resource goes down. On the other hand, when an AP is adopted to a controller (running the CRM policy), it is essential to enable the sync-adoptees option in order to sync the AP with the controller regarding the latest CRM status.
criteria [all|cluster-master| rf-domain-manager] Configures the resource that will monitor critical resources and update the rest of the devices in a group. Options include all, rf-domain-manager, or cluster-master.
  • all – Configures all devices within a group (cluster or RF Domain) as the monitoring resource
  • cluster-master – Configures the cluster master as the monitoring resource
  • rf-domain-manager – Configures the RF Domain manager as the monitoring resource
dhcp vlan [<1-4094>| <VLAN-ALIAS-NAME>] The following parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and ‘rf-domain-manager‘ keywords:
  • dhcp – Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
dns <IP/HOST-ALIAS-NAME> The following parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and ‘rf-domain-manager‘ keywords:
  • dns – Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
{dhcp vlan {<1-4094>| <VLAN-ALIAS-NAME>]| dns <IP/HOST-ALIAS-NAME>} The ‘dhcp‘ and ‘dns‘ parameters are recursive and you can optionally configure multiple VLANs and critical resource IPv4 addresses (or host alias names).
  • dhcp – Optional. Configures DHCP as the mode of monitoring critical resources. When configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP packets to confirm critical resource availability.
    • vlan [<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on which the critical resource(s) is available. Specify the VLAN from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using a vlan-alias, ensure that the alias is existing and configured.
  • dns – Optional. Configures DNS as the mode of monitoring critical resources. When configured, DNS message flows are used instead of ICMP or ARP packets to confirm critical resource availability.
    • <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or host alias of the critical resource. Specify the IPv4 address or host alias name (should be existing and configured).
critical-resource monitor interval <5-86400>
monitor interval <5-86400> Configures the critical resource monitoring frequency. This is the interval between two successive pings to the critical resource being monitored.
  • <5-86400> – Specifies the frequency in seconds. Specify the time from 5 - 86400 seconds. The default is 30 seconds.
critical-resource retry-count <0-10>
retry-count <0-10> Configures the maximum number of failed attempts allowed to connect to a critical resource, using DHCP/DNS message flows, before marking it as down
  • <0-10> – Specifies the maximum number of retries from 0 - 10. The default value is 3 attempts.

Example

NOC-NX9500(config-profile-testNX9000)#critical-resource test monitor direct any 19.234.160.5 arp-only vlan 1

NOC-NX9500(config-profile-testNX9000)#show context include-factory | include cri
tical-resource
 critical-resource monitor interval 30
 service critical-resource port-mode-source-ip 0.0.0.0
 critical-resource test monitor direct any 19.234.160.5 arp-only vlan 1
 critical-resource retry-count 3
NOC-NX9500(config-profile-testNX9000)#