NetMRI discovery depends on a collection of under-the-hood features to ensure that polling and addition of devices in the network proceed smoothly and accurately. This chapter describes the three following critical tasks.
...
- Port Scanning: If enabled, NetMRI probes the TCP and UDP ports listed at Settings icon –> Setup –> Port List, to determine whether they are open. See the results of this scanning action at Network Explorer –> Summaries –> Ports for the entire network, and Device Viewer –> Device/Network Explorer –> Open Services for an individual network device.
If Port Scanning is disabled, NetMRI attempts no port probes other than SNMP on any device. - Fingerprinting: (Available in full NetMRI license) If enabled, NetMRI attempts to identify each network device based on the response characteristics of its TCP stack. This information is used to determine the device type. In the absence of SNMP access, fingerprinting is usually the only way to identify non-network devices. If disabled, devices accessible via SNMP are identified correctly; all other devices are assigned a device type of Unknown.
Fingerprinting is disabled by default for network ppollingolling. You must enable fingerprinting to use the Automation Change Manager's Rogue DHCP Detection feature.
...
- SNMP Collection: If enabled, all data collectors start after this page is saved. If you disable SNMP collection in this tab (i.e., globally), data already collected by NetMRI remains available for viewing; no new data is added and no existing data is removed; this also disables group and device SNMP collection.
SNMP Collection is disabled, for example, when NetMRI is used for offline assessments. By disabling SNMP Collection before removing NetMRI from the network, data can be examined later without any data expiring. SNMP collection can also be enabled/disabled for groups and devices. - Performance Collection: If enabled, performance data such as CPU and memory statistics are collected.
- Use Vendor Community Strings: If enabled, NetMRI uses vendor default community strings when determining a device's community string. If disabled, NetMRI uses community strings with an Origination of User.
- NetBIOS Scanning: Global setting to enable NetMRI to collect the NetBIOS name for endpoint devices in the network. Device groups also enable NetBIOS scanning. The device group setting is dependent on the global setting; without enabling the NetBIOS Scanning check box, scanning at the device group will not take place. This feature can be enabled only by users with SysAdmin privileges. This feature is globally disabled by default (and also for device groups) to prevent unexpected scanning of the network by a new collector.
- Smart Subnet Ping Sweep (IPv4 only): Check box to enable subnet Ping sweeps on IPv4 networks, using a range of packets to detect the presence of a system on each IP in the specified range, using ports that are generally open across the network. Performs probes across ICMP Echo, ICMP Timestamp, TCP SYN to port 80, and TCP SYN to port 443. Subnet ping sweeps are used as a last resort in the discovery process. A subnet ping sweep is performed if NetMRI is unable to identify any network devices in a given subnet. Subnet ping sweeps are performed no more thatthan once per day, and will stop on a given subnet once NetMRI discovers a network device and is able to collect data.
Smart Subnet ping sweep is most useful for complete discovery of end-host network segments. Ping sweeps are a tool to aid in discovery, but most discovery operations take place through ARP tables and routing tables collected from infrastructure devices. Avoid using ping sweeps on a large number of discovery ranges, or discovery ranges that are too large (more than a /22 in size) as devices discovered through this method may expire from NetMRI's database before they are refreshed by another discovery cycle.
...
The Collection and Groups feature set also specifies the protocols allowed for configuration collection. You specify the Collectors of network data for NetMRI through the Config ManageManagementment section section of the Global page (Settings icon –> Setup –> Collection and Groups –> Global –> Config Management).
...
| Note |
|---|
|
See Creating Device Groups for information on the Groups tab and its associated functions. |
| Anchor |
|---|
| Adding and Editing Device Credentials |
|---|
| Adding and Editing Device Credentials |
|---|
|
Adding and Editing Device ...
Credentials
...
| Note |
|---|
|
SNMP and/or CLI Credentials can be specified within the Device Viewer for individual devices. Should such a credential not work for a given device, or if command-line access is lost for a given device, NetMRI will always re-guess credentials from the global credential list, including vendor defaults if available. See the sections Adding and Testing SNMP Credentials for a Device and Adding and Testing CLI Credentials for a Device for more information. |
...
NetMRI can periodically check for vendor default community strings. Checking for vendor default community strings can help ensure that the network meets compliance standards. You can add vendor-specific default community strings that may not be listed. NetMRI will only check for default vendor community strings when the Vendor Default Credential Collection option is enabled in the Settings icon –> Setup –> Collection and Groups –> Global tab –> Config Management panel.
| Anchor |
|---|
| SNMP Collection Logic |
|---|
| SNMP Collection Logic |
|---|
|
SNMP Collection ...
Logic
...
The following figure shows how SNMP collection settings control collection at the network, group, and device levels.
Features for enabling and disabling SNMP collection are available in the following locations:
...
Configuring IPAM Sync
To add a sync configuration, complete the following:
...
- Network sync: Newly-imported subnets are imported as “managed”.
- If the imported subnet conflicts with an existing subnet, it is not accepted. The imported subnet can go into a container as long as there is no conflict.
- If the subnet already exists, no changes are made.
- If the subnet is in IPAM but not in NetMRI, it is left in IPAM.
- IP address sync: New IP addresses are added and marked as “unmanaged”. If an IP address already exists, the field values is overwritten during the import.
- Before NetMRI 7.1.4 and NIOS 8.1, if the IP address exists in IPAM but it is not in the import file, it is left in IPAM.
- As of NetMRI 7.1.4 and NIOS 8.1, if the IP address exists in IPAM but it is not in the import file, its discovered data is cleared out. You can control the time that the IP address stays in the NetMRI database after it is no longer discovered under NetMRI. To do so, go to Setup -> General Settings -> Advanced Settings.
Delivering NetMRI Discovered Data to IPAM
Fields related to Cisco ACI data (tenant, bridge_domain, endpoint_groups) are specific for SND elements and controllers. Fields Wireless Access Point Name, IP, and SSID are related to the wireless access points to which a device is connected. Attached device information usually means neighbor switch or router to which a given device is directly connected. Only IP Address, MAC Address, Last Discovered, and First Discovered fields are filled for end hosts collected from ARP tables. VRF information is specified for corresponding interfaces of infrastructure devices.
...
| Anchor |
|---|
| Supporting Cisco Discovery Service |
|---|
| Supporting Cisco Discovery Service |
|---|
|
Supporting Cisco Discovery ServiceNetMRI automatically supports an Infoblox utility, Cisco Discovery Service, that enables network administrators to provide Cisco-validated reporting and analysis. NetMRI operates as a Cisco Discovery Service-enabled system supporting discovery of network systems for analysis and management. You can use the CDS Integration Tool as part of a new NetMRI installation, or use the tool to extract further insight and value from an existing deployment. Cisco Gold Partner status is required for effective use of the software utility.
NetMRI supports CDS API version 2.0 and uses a NetMRI device or virtual machine to inspect all aspects of a network's Cisco infrastructure to collect the following information:
...
