critical-resource
Profile Config Commands
Enables monitoring of resources
critical to the health of the service platform, wireless controller,
or access point managed network. These critical resources are
identified by their configured IP addresses. When enabled, the
system monitors these devices regularly and logs their status. Use
this command to create a CRM (critical resource
monitoring) policy.
A critical resource can be a gateway, AAA server, WAN interface, any hardware, or a service on which the stability of the network depends. Monitoring these resources is therefore essential. When enabled, this feature pings critical resources regularly to ascertain their status. If there is a connectivity issue, an event is generated stating a critical resource is unavailable. By default, there is no enabled critical resource policy and one needs to be created and implemented.
Critical resources can be monitored directly through the interfaces on which they are discovered. For example, a critical resource on the same subnet as an AP8132 access point can be monitored by its IP address. However, a critical resource located on a VLAN must continue to be monitored on that VLAN.
Critical resource monitoring can be enabled on service platforms, wireless controllers, and access points through their respective device profiles.
Supported in the following platforms:
- Access Points — AP310i/e, AP410i/e, AP460i/e, AP560i/h,
AP510i/e, AP505i, AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533
- Service Platforms
— NX5500, NX7500, NX9500, NX9600, VX9000
critical-resource [<CR-NAME>|monitor|retry-count]
critical-resource <CR-NAME> [monitor|monitor-using-flows]
critical-resource <CR-NAME> monitor [direct|via]
critical-resource <CR-NAME> monitor direct [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
critical-resource <CR-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan|wwan1]
critical-resource <CR-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only [vlan <1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
critical-resource <CR-NAME> monitor-using-flows [all|any] [criteria|dhcp|dns|sync-adoptees]
critical-resource <CR-NAME> monitor-using-flows [all|any] criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] dhcp vlan <1-4094> {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] dns <IP/HOST-ALIAS-NAME> {dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource <CR-NAME> monitor-using-flows [all|any] sync-adoptees criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp [vlan <1-4094>| <VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
critical-resource monitor interval <5-86400>
critical-resource retry-count <0-10>
Parameters
critical-resource <CR-NAME> monitor direct [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only [vlan <1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>|port [<LAYER2-IF-NAME>|ge <1-4>|port-channel <1-2>]}}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor |
Enables critical
resource(s) monitoring |
direct [all|any]
[<IP/HOST-ALIAS-NAME>| sync-adoptees] |
Monitors
critical resources using the default routing engine
- all – Monitors all
resources that are going down (generates an event when all specified
critical resources are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource is unreachable)
- <IP/HOST-ALIAS-NAME> – Configures the IP address of the
critical resource being monitored (for example, the DHCP or DNS
server). Specify the IP address in the A.B.C.D format. You can
use a host-alias to identify the critical resource. If using a
host-alias, ensure that the host-alias is existing and
configured.
- sync-adoptees –
Syncs adopted access points with the controller. In the
stand-alone AP scenario, where the CRM policy is running on the
AP, the AP is directly intimated in case a critical resource
goes down. On the other hand, when an AP is adopted to a
controller (running the CRM policy), it is essential to enable
the sync-adoptees option in order to sync the AP with the
controller regarding the latest CRM status.
|
arp-only vlan
[<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>| port
[<LAYER2-IFNAME>|ge| port-channel]} |
The following
keywords are common to the ‘all‘ and ‘any‘ parameters:
- arp-only vlan
<1-4094> – Optional. Uses ARP to determine if the IP address is
reachable (use this option to monitor resources that do not have IP
addresses). ARP is used to resolve hardware addresses when only the
network layer address is known.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Specifies the VLAN ID
on which to send the probing ARP requests. Specify the VLAN ID
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
- <IP/HOST-ALIAS-NAME> – Optional. Limits ARP to a
device specified by the <IP> parameter. You can use
a host-alias to specify the IP address. If using a
host-alias, ensure that the host-alias is existing and
configured.
- port
[<LAYER2-IF-NAME>|ge|port-channel] – Optional.
Limits ARP to a specified port
|
critical-resource <CRM-POLICY-NAME> monitor via [<IP/HOST-ALIAS-NAME>|<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [all|any] [<IP/HOST-ALIAS-NAME>|sync-adoptees] {<IP/HOST-ALIAS-NAME>|arp-only vlan [<1-4094>|<VLAN-ALIAS-NAME>] {<IP>|port [<LAYER2-IFNAME>|ge|port-channel]}}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor |
Enables critical
resource(s) monitoring |
via |
Specifies the
interface or next-hop via which the ICMP pings should be sent. Configures the interface or
next-hop via which ICMP pings are sent. This does not apply to IP
addresses configured for arp-only. For interfaces which learn the
default-gateway dynamically (like DHCP clients and PPP interfaces), use
an interface name for VIA, or use an IP address.
|
<IP/HOST-ALIAS-NAME> |
Specify the IP
address of the next-hop via which the critical resource(s) are monitored.
Configures up to four IP addresses for monitoring. All the four IP addresses
constitute critical resources. You can use a host-alias to specify the IP
address. If using a host-alias, ensure that the host-alias is existing and
configured. |
<LAYER3-INTERFACE-NAME> |
Specify the
layer 3 Interface name (router interface) |
pppoe1 |
Specifies PPP
over Ethernet interface |
vlan
[<1-4094>|<VLAN-ALIAS-NAME>] |
Specifies the
wireless controller or service platform‘s VLAN interface. Specify VLAN ID
from 1 - 4094. Alternately, use a vlan-alias to identify the VLAN. If using
a vlan-alias, ensure that the alias is existing and configured. |
wwan1 |
Specifies
Wireless WAN interface |
[all|any]
[<IP/HOST-ALIAS-NAME>| sync-adoptees] |
Monitors
critical resources using the default routing engine
- all – Monitors all
resources that are going down (generates an event when all specified
critical resource IP addresses are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource IP address is unreachable)
- <IP/HOST-ALIAS-NAME> – Configures the IP address of the
critical resource being monitored (for example, the DHCP or DNS
server). Specify the IP address in the A.B.C.D format. You can
use a host-alias to specify the IP address. If using a
host-alias, ensure that the host-alias is existing and
configured.
- sync-adoptees –
Syncs adopted access points with the controller. In the
stand-alone AP scenario, where the CRM policy is running on the
AP, the AP is directly intimated in case a critical resource
goes down. On the other hand, when an AP is adopted to a
controller (running the CRM policy), it is essential to enable
the sync-adoptees option in order to sync the AP with the
controller regarding the latest CRM status.
|
arp-only vlan
[<1-4094>|<VLAN-ALIAS-NAME>] {<IP/HOST-ALIAS-NAME>| port
[<LAYER2-IFNAME>|ge| port-channel]} |
The following
keywords are common to the ‘all‘ and ‘any‘ parameters:
- arp-only vlan
<1-4094> – Optional. Uses ARP to determine if the IP address is
reachable (use this option to monitor resources that do not have IP
addresses). ARP is used to resolve hardware addresses when only the
network layer address is known.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Specifies the VLAN ID to
send the probing ARP requests. Specify the VLAN ID from 1 - 4094.
Alternately, use a vlan-alias to identify the VLAN. If using a
vlan-alias, ensure that the alias is existing and configured.
- <IP‘HOST-ALIAS-NAME> – Optional. Limits ARP to a device
specified by the <IP> parameter. You can use a host-alias
to specify the IP address. If using a host-alias, ensure that
the host-alias is existing and configured.
- port
[<LAYER2-IF-NAME>|ge|port-channel] – Optional. Limits ARP
to a specified port
|
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] criteria [all|cluster-master|rf-domain-manager] (dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp [vlan <1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor-using-flows |
Enables critical
resource(s) monitoring using message flows for DHCP or DNS (DHCP discover,
DHCP offer, etc.) instead of ICMP or ARP packets in order to reduce the
amount of traffic on the network. |
[all|any] |
Configures how
critical resource event messages are generated. Options include all and
any.
- all – Monitors all
resources that are going down (generates an event when all specified
critical resources are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource is unreachable)
|
criteria
[all|cluster-master| rf-domain-manager] |
Configures the
resource that will monitor critical resources and update the rest of the
devices in a group. Options include all, rf-domain-manager, or
cluster-master.
- all – Configures all
devices within a group (cluster or RF Domain) as the monitoring
resource
- cluster-master –
Configures the cluster master as the monitoring resource
- rf-domain-manager –
Configures the RF Domain manager as the monitoring resource
|
dhcp vlan
[<1-4094>| <VLAN-ALIAS-NAME>] |
The following
parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and
‘rf-domain-manager‘ keywords:
- dhcp – Configures DHCP as
the mode of monitoring critical resources. When configured, DHCP
message flows (DHCP Discover, DHCP Offer, etc.) are used instead of
ICMP or ARP packets to confirm critical resource availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
|
dns
<IP/HOST-ALIAS-NAME> |
The following
parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and
‘rf-domain-manager‘ keywords:
- dns – Configures DNS as
the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
{dhcp [vlan
<1-4094>| <VLAN-ALIAS-NAME>]| dns
<IP/HOST-ALIAS-NAME>} |
The ‘dhcp‘ and
‘dns‘ parameters are recursive and you can optionally configure multiple
VLANs and critical resource IPv4 addresses (or host alias names).
- dhcp – Optional.
Configures DHCP as the mode of monitoring critical resources. When
configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are
used instead of ICMP or ARP packets to confirm critical resource
availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
- dns – Optional. Configures
DNS as the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>] {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor-using-flows |
Enables critical
resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover,
DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the
amount of traffic on the network. |
[all|any] |
Configures how
critical resource event messages are generated. Options include all and
any.
- all – Monitors all
resources that are going down (generates an event when all specified
critical resources are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource is unreachable)
|
dhcp vlan
[<1-4094>| <VLAN-ALIAS-NAME>] |
Configures DHCP
as the mode of monitoring critical resources. When configured, DHCP message
flows (DHCP Discover, DHCP Offer, etc.) are used instead of ICMP or ARP
packets to confirm critical resource availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN on
which the critical resource(s) is available. Specify the VLAN from 1 -
4094. Alternately, use a vlan-alias to identify the VLAN. If using a
vlan-alias, ensure that the alias is existing and configured.
|
{dhcp vlan
[<1-4094>| <VLAN-ALIAS-NAME>]| dns
<IP/HOST-ALIAS-NAME>} |
The following
parameters are recursive and optional. Use them to configure multiple VLANs
and critical resource IPv4 addresses (or host alias names):
- dhcp – Optional.
Configures DHCP as the mode of monitoring critical resources. When
configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are
used instead of ICMP or ARP packets to confirm critical resource
availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
- dns – Optional. Configures
DNS as the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] dns <IP/HOST-ALIAS-NAME> {dhcp vlan [<1-4094><VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor-using-flows |
Enables critical
resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover,
DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the
amount of traffic on the network. |
[all|any] |
Configures how
critical resource event messages are generated. Options include all and
any.
- all – Monitors all
resources that are going down (generates an event when all specified
critical resources are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource is unreachable)
|
dns
<IP/HOST-ALIAS-NAME> |
Configures DNS
as the mode of monitoring critical resources. When configured, DNS message
flows are used instead of ICMP or ARP packets to confirm critical resource
availability.
- <IP/HOST-ALIAS-NAME>
– Configures the IPv4 address or host alias of the critical resource.
Specify the IPv4 address or host alias name (should be existing and
configured).
|
{dhcp vlan
[<1-4094>| <VLAN-ALIAS-NAME>| dns
<IP/HOST-ALIAS-NAME>} |
The following
parameters are recursive and optional. Use them to configure multiple VLANs
and critical resource IPv4 addresses (or host alias names):
- dhcp – Optional.
Configures DHCP as the mode of monitoring critical resources. When
configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are
used instead of ICMP or ARP packets to confirm critical resource
availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
- dns – Optional. Configures
DNS as the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
critical-resource <CRM-POLICY-NAME> monitor-using-flows [all|any] sync-adoptees criteria [all|cluster-master|rf-domain-manager] (dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>) {dhcp vlan [<1-4094>|<VLAN-ALIAS-NAME>]|dns <IP/HOST-ALIAS-NAME>}
<CR-NAME> |
Identifies the
critical resource to be monitored. Provide the name of the critical
resource. |
monitor-using-flows |
Enables critical
resource(s) monitoring using message flows for DHCP or DNS (DHCP Discover,
DHCP Offer, etc.) instead of ICMP or ARP packets in order to reduce the
amount of traffic on the network. |
[all|any] |
Configures how
critical resource event messages are generated. Options include all and
any.
- all – Monitors all
resources that are going down (generates an event when all specified
critical resources are unreachable)
- any – Monitors any
resource that is going down (generates an event when any one of the
specified critical resource is unreachable)
|
syn-adoptees |
Syncs adopted
access points with the controller. In the stand-alone AP scenario, where the
CRM policy is running on the AP, the AP is directly intimated in case a
critical resource goes down. On the other hand, when an AP is adopted to a
controller (running the CRM policy), it is essential to enable the
sync-adoptees option in order to sync the AP with the controller regarding
the latest CRM status. |
criteria
[all|cluster-master| rf-domain-manager] |
Configures the
resource that will monitor critical resources and update the rest of the
devices in a group. Options include all, rf-domain-manager, or
cluster-master.
- all – Configures all
devices within a group (cluster or RF Domain) as the monitoring
resource
- cluster-master –
Configures the cluster master as the monitoring resource
- rf-domain-manager –
Configures the RF Domain manager as the monitoring resource
|
dhcp vlan
[<1-4094>| <VLAN-ALIAS-NAME>] |
The following
parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and
‘rf-domain-manager‘ keywords:
- dhcp – Configures DHCP as
the mode of monitoring critical resources. When configured, DHCP
message flows (DHCP Discover, DHCP Offer, etc.) are used instead of
ICMP or ARP packets to confirm critical resource availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
|
dns
<IP/HOST-ALIAS-NAME> |
The following
parameters are recursive and common to the ‘all‘, ‘cluster-master‘, and
‘rf-domain-manager‘ keywords:
- dns – Configures DNS as
the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
{dhcp vlan
{<1-4094>| <VLAN-ALIAS-NAME>]| dns
<IP/HOST-ALIAS-NAME>} |
The ‘dhcp‘ and
‘dns‘ parameters are recursive and you can optionally configure multiple
VLANs and critical resource IPv4 addresses (or host alias names).
- dhcp – Optional.
Configures DHCP as the mode of monitoring critical resources. When
configured, DHCP message flows (DHCP Discover, DHCP Offer, etc.) are
used instead of ICMP or ARP packets to confirm critical resource
availability.
- vlan
[<1-4094>|<VLAN-ALIAS-NAME>] – Configures the VLAN
on which the critical resource(s) is available. Specify the VLAN
from 1 - 4094. Alternately, use a vlan-alias to identify the
VLAN. If using a vlan-alias, ensure that the alias is existing
and configured.
- dns – Optional. Configures
DNS as the mode of monitoring critical resources. When configured, DNS
message flows are used instead of ICMP or ARP packets to confirm
critical resource availability.
- <IP/HOST-ALIAS-NAME> – Configures the IPv4 address or
host alias of the critical resource. Specify the IPv4 address or
host alias name (should be existing and configured).
|
critical-resource monitor interval <5-86400>
monitor interval
<5-86400> |
Configures the
critical resource monitoring frequency. This is the interval between two
successive pings to the critical resource being monitored.
- <5-86400> –
Specifies the frequency in seconds. Specify the time from 5 - 86400
seconds. The default is 30 seconds.
|
critical-resource retry-count <0-10>
retry-count
<0-10> |
Configures the maximum number of failed attempts allowed to connect to a critical resource, using DHCP/DNS message flows, before marking it as down
- <0-10> – Specifies the maximum number of retries from 0 - 10. The default value is 3 attempts.
|
Example
NOC-NX9500(config-profile-testNX9000)#critical-resource test monitor direct any 19.234.160.5 arp-only vlan 1
NOC-NX9500(config-profile-testNX9000)#show context include-factory | include cri
tical-resource
critical-resource monitor interval 30
service critical-resource port-mode-source-ip 0.0.0.0
critical-resource test monitor direct any 19.234.160.5 arp-only vlan 1
critical-resource retry-count 3
NOC-NX9500(config-profile-testNX9000)#