A primary application for NetMRI is discovering the network and all its infrastructure devices.
...
You can define basic discovery settings during system setup (discussed in detail in Running the Setup Wizard), or manually perform discovery using a series of straightforward steps. The following section Discovery with a New NetMRI Deployment describes how to manually configure and run discovery.
Infrastructure devices are devices that form the network infrastructure. See Infrastructure Devices List for currently supported devices.
...
Note
title
Note
You can change discovery settings at any time either through the Setup Wizard (Settings icon –> Setup –> Setup Wizard) or through individual Settings pages (such as Settings icon –> Setup –> Discovery Settings).
You can also flexibly define discovery blackouts at the network, discovery range, device group, and device level to prevent discovery protocols and traffic from occupying network bandwidth at inopportune times, such as latency-sensitive trading or video applications operating during daytime hours. For information, see Configuring Network Discovery Settings and Defining Blackout Periods.
To perform network discovery, you use several fundamental tools: Network Views, Scan Interfaces, Discovery Settings, and SNMP/CLI credentials.
Network Views: NetMRI uses network views to create separate management domains for your networks and devices, including VRF-based virtual networks. You manage every network, including virtual networks, through a separate network view. For more information, see Configuring Network Views.
ScanInterfaces: You configure scan interfaces to physically or logically connect to multiple networks, enabling discovery and management in different network domains. Every scan interface you create maps to a network view. For more information, see Configuring Scan Interfaces.
DiscoverySettings: You specify the IP prefixes, also called discovery ranges, to define the IP address space that is managed on each network. Another key setting is called a seed router, which is a gateway routing device considered to help speed discovery across more network spaces. For more information, see Configuring Network Discovery Settings.
SNMPandCLICredentials: NetMRI requires SNMP for most discovery tasks. Many discovery and data collection tasks, including VRF discovery, also require the use of CLI and Enable password credentials to access device configurations. You collect and add these values to NetMRI through a Credentials page. For more information, see Adding and Editing Device Credentials.
...
Your currently managed network, with its current discovery settings, is managed through a new network view named after the previously defined network name. No further configuration is necessary for continued network management but changes can be made at any time. For more information, see Configuring Network Views.
Existing discovery settings, such as CIDR discovery ranges, are automatically assigned to the network view used for the managed network.
Your SCAN port for your appliance (or appliances, in the case of Operations Center deployments using Collectors) will automatically be assigned to the network view that is used for your present managed network. This port will be named LAN1. For more information, see Configuring Scan Interfaces.
Depending on your appliance, a second LAN2 port is made available for further network connections.
Your MGMT port will continue to operate as the appliance's Web management interface.
All active Ethernet interfaces on your appliance(s), including the MGMT port, support Ethernet 802.1Q encapsulation for virtual scan interfaces. For more information, see Configuring Virtual Scan Interfaces.
If VRF-aware devices exist on your managed network, System Health banner messages will notify you about unassigned VRFs. To enable full network discovery and control for each virtual network, these networks need to be mapped to virtual scan interfaces. For more information, see Mapping Virtual Networks to Network Views30802054and ConfiguringVirtualScanInterfaces.
Existing Operations Center deployments will see the following changes:
For an OC deployment managing a single large network, you will see multiple entries in the pages under the Settings icon –> Setup –> DiscoverySettings for selectable network views. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.
Multi-Network Operations Center deployments automatically assign each managed network to a new Network View. Each network view is named based upon the original network name.
Multi-Network Operations Center deployments automatically define a new set of device groups for each managed network, along with the standard set of device groups. These network-specific device groups are named using the original network name as a prefix.
During the upgrade, a Multi-Network OC deployment creates a series of new network views, each of which corresponds to the networks managed under the prior software release. Each device listed in Network Explorer tables provides a link under a new NetworkView column, which opens the Network Viewer window. This window lists all devices that are members of the network view.
In Multi-Network Operations Center deployments, discovery settings for each network, such as CIDR discovery ranges and seed routers, are automatically associated to the network views for each managed network, that use each of the respective discovery settings.
The following section, Discovery with a New NetMRI Deployment, describes the sequence of high-level tasks you perform to configure and run discovery on your network.
...
If necessary, install your NetMRI appliance or appliances. For more information, see the Infoblox Installation Guide for your NetMRI appliances. Ensure that you have the full feature licensing and device licensing entitlements for your deployment. For more information, see UnderstandingPlatformLimits,LicensingLimits,andEffectiveLimits. If you are upgrading your NetMRI installation, check the installation instructions in the Release Notes for your software (and see the section below, Discovery with an Existing NetMRI Platform. Also, read the section Preparing for NetMRI VRF Accessfor information on checking and configuring VRF-aware devices to which NetMRI will connect for managing virtual networks.
Configure your first network views for network management. For new installations, NetMRI automatically provides an initial network view, named Network 1, as part of the initial setup. For the initial discovery of the network, you may only need this first network view. For more information, see ConfiguringNetworkViews.
You combine network views with scan interfaces to separate and manage networks. For new installations, the Network 1 network view is automatically bound to your appliance's LAN1 port. This may be the only interface you need for initial network discovery. This interface connects to the router through which NetMRI begins to discover the network. For more information, see Configuring Scan Interfaces.
Configure your discovery settings. They include discovery IP address ranges, possible static IP addresses of devices you explicitly want to discover in your networks, a seed router for network discovery and possible device hints to improve odds of finding devices. The seed router might be, for example, the router to which NetMRI first connects for the discovery of the network. For more information, see the sections ConfiguringDiscoveryRanges, SpecifyingStaticIPs, AddingSeedRouters, Configuring CISCO APIC, and AddingDeviceHints.
Add the necessary device SNMP credentials, and CLI admin login and Enable password credentials. For more information, see AddingandEditingDeviceCredentialsand its various sections. You can also add and test credentials for individual devices; for more information, see AddingandTestingSNMPCredentialsforaDevice.
Associate discovery settings to network views. Add your discovery settings from Step 4 to the network views and begin to discover the network. Initial discovery of your networks begins automatically after the discovery ranges and other discovery settings, such as a seed router, are added to the network view, which also must have a scan interface connection. For more information, see DiscoveryUsingNetworkViews.
Watch data collection. Network data collection and virtual network detection take place during your initial network discovery, which begins automatically when the network connection is established from NetMRI, to the network to be discovered. Perform the following to view discovered information about your network:
View summaries of discovery events: Click the All Devices device group in the right panel, and open the Network Explorer –> Discovery page to see a table of all devices being discovered by NetMRI. For more information about the features on this page, seeViewing and Managing Discovery Results.
View a list of devices your appliance has recently discovered: Click the All Devices device group in the right panel, and open the Network Explorer –> Inventory page to see tables of all member devices. For more information about the features on this page, see Viewing NetworkInventory.
View summaries of recently discovered network phenomena: Includes summary information of routed networks, VLANs, route targets, and virtual networks (VRFs). For more information about the features on this page, see SummarizingNetworkTopologies.
Map virtual networks. If your network has virtual networks, NetMRI automatically discovers them on the devices where they are configured, and alerts you through System Health banner messages at the top of the screen to map those VRF-aware devices to the network views where they belong. By mapping each virtual network to network views, you provide more information to the discovery process. For more information, see Mapping Virtual Networks to Network Views.
Note
title
Note
CLI credentials to devices are required to determine if devices are VRF-aware and to collect VRF-related data.
Identify the VRFs/virtual networks you want NetMRI to access and manage.
Identify the single VRF-aware Switch/Router on the managed network, that is aware of all of the desired VRFs. NetMRI will need to access the VRFs through this device.
A VRF-aware device may not exist on the network that is aware of all of the VRFs. If it is not possible to consolidate all VRFs into a single trunked port, you can physically connect NetMRI to multiple places on the network. NetMRI has up to 3 physical scan interfaces available, labeled MGMT, LAN1, and LAN2, that may differ slightly per platform. For more information, seeConfiguring Scan Interfaces.
You also must identify a minimal set of VRF-Aware devices that collectively are aware of all the VRFs you wish NetMRI to manage.
Reserve a valid routable IP address on each VRF. These IPs will be configured on NetMRI virtual scan interfaces that will connect to each virtual network. Prepare an IP, subnet mask, and gateway for each VRF.
You must configure at least one network device to provide access to the virtual networks for NetMRI. NetMRI can connect to multiple VRFs on the same physical interface, using virtual scan interfaces, each associated with an encapsulated 802.1q tag. To access each VRF, complete the following:
The interface NetMRI connects to, should be configured to transport via an 802.1q encapsulated traffic (trunked port).
Each tag carried by the trunked port should be associated with a single VRF on the device.
If the device NetMRI is connected to is not VRF aware, and then the 802.1q configurations will be in the form of VLANs, with one VLAN for each VRF. In this case, the device must trunk the VLANs to another device that is VRF aware, and can be configured to associate each 802.1q tag to a VRF.
...
5. When connecting NetMRI to a trunk port, for each 802.1q tag in the trunk, create a Virtual Scan Interface by right clicking the physical scan interface in Settings –> ScanInterfaces. Specify the tag, IP, gateway, network mask, and other needed settings. You can also associate it with an existing Network View, or you may create a new Network View for the virtual scan interface. For more information, see ConfiguringNetworkViews.
Anchor
Configuring Network Views
Configuring Network Views
Anchor
bookmark98
bookmark98
Anchor
bookmark99
bookmark99
Configuring Network Views
...
When you create discovery ranges, you can also directly associate them with a network view. For more information, see ConfiguringDiscoveryRanges. When you also associate a virtual scan interface with that network view, the discovery range automatically becomes the range of IP addresses that are scanned and discovered on that scan interface.
User action is required to clearly associate each discovered virtual network with its correct network view in the Network View Editor. This provides additional context to collected data and enables NetMRI to fully discover and model the network topology. If you define any new network views in this step, you will also need to configure scan interfaces based on the steps in Configuring Scan Interfaces. If a network view does not have an assigned scan interface, discovery will not take place on that network.
...
Note
title
Note
Each network view must have a discovery range associated with it. For more information, see ConfiguringDiscoveryRanges.
4. To see all VRFs listed as discovered on each device, click DisplayVRFsperDevice. All VRFs are listed under their respective device names.
...
You can assign other VRF instances to the current network by clicking the Assign button over the AssociatedVRFs list, which opens the network editor. For more information, see Mapping Virtual Networks to Network Views.
Blackout settings for a defined range to ensure that discovery traffic takes place during policy-mandated time periods. For more information, see DefiningBlackoutPeriods.
Static IP addresses that define devices with high priority of discovery. For more information, see Specifying Static IPs30802054.
At least one seed router that can be the router to which NetMRI first connects. For more details, see AddingSeedRouters.
Credentials to access network devices for data collection. For more information, see AddingandEditingDeviceCredentials in the "Data Collection Techniques" section.
...
To perform your first network discovery, go to Settings icon –> Setup –> SetupWizard. When you use the Setup Wizard, the Wizard guides you through the process of performing discovery on the network. When specifying your first discovery ranges, you also select the network view to use for the discovered network. This step is required and is further explained in the topic ConfiguringNetworkViews.
Note
title
Note
Use caution when entering address ranges, particularly if you are using IPv6 values. If you have a default route to the Internet and you enter an address range incorrectly, you may receive a call from your ISP asking about a network scanner running from your network.
...
If more than one network view exists, you can choose the network view with which the discovery range will be associated, by clicking the Network View drop-down menu. If only one network exists in NetMRI, this setting does not appear. The chosen network view must also be associated with a scan interface, otherwise, discovery does not take place. Unassigned network views that do not have an assigned scan interface or virtual scan interface appear with a caution icon () in discovery ranges configuration. For more details, see ConfiguringNetworkViews.
Network views can contain multiple discovery ranges. So when you create other ranges, you can assign the same network view to each. However, you can assign each discovery range to only one network view. Also, ensure that the ranges you assign to each network view make sense. Selecting the network view in an Operations Center environment also involves other details. For more information, see DefiningDiscoveryRangesonOperationsCenterCollectors.
...
Globally across the entire NetMRI deployment. For more information, see the next section, "Configuring a Global Discovery Blackout or Change Blackout".
Edit: Modify information about a selected configuration.
Delete: Remove a selected configuration from the list.
Import: Import a CSV file containing Cisco ACI or Cisco Meraki information. For information about syntax formats, see Discovery SettingsImportFormats.
Show/Hide Credentials: Display or hide the user name and password credentials of added configurations.
Discover Now: Start the discovery process immediately for a selected configuration.
(ForOperationsCenteronly) Filter by Collector: Filter the added SDN configurations by Collectors that perform SDN discovery. Collector filter also displays respective device limits and licensing limits.
Fabric Name: Specify a short and unique name for the current Cisco ACI configuration.
Addresses: Click Add and enter the hostname or IP address of the Cisco APIC controller. If your fabric includes more than one controller, click Add again to add more addresses.
Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco ACI. In parentheses next to the network view name is displayed the name of the associated collector. The network view and collector are assigned to discover devices from the ACI fabric.
Protocol: SelectHTTPorHTTPS. If you select HTTPS, you must use a Root CA or Intermediate CA certificate to allow communication with the Cisco APIC as described below. If your ACI fabric includes multiple controllers, use a combined PEM certificate. To do so, copy the ASCII data from all of the certificates into a single file.
CA Certificate: Perform one of the following:
Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
ClickImport CA Certificateand select a CA certificate directly from your machine. For how to prepare a CA certificate, see About CA Certificates for Cisco APIC. The APIC controller address must match either the certificate subject or one of subject alternative names.
Username: The login name for the Cisco ACI.
Password: The login password.
(Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco ACI SDN per second to avoid overload.
(Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods30802054.
ClickTest Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
Config Name: Specify a short and unique name for the current Cisco Meraki configuration.
Network Interface: Select the interface that will be used to access the device. In parentheses next to the interface name is displayed the name of the associated collector. As Cisco Meraki infrastructure may have overlapping IP addresses in different network views, you should explicitly specify a network interface exposed to the internet.
Protocol: HTTPS by default.
Address: Enter the hostname or IPaddress of the Cisco Meraki Dashboard API.By default it isapi.meraki.com.
(Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Meraki SDN per second to avoid overload.
(Optional) Collect Devices in Offline Status: Specify if you want to discover Cisco Meraki devices that are offline.
(Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods30802054.
ClickTest Connection to check if the device is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
Fabric Name: Specify a short and unique name for the current Cisco Viptela configuration.
Address: Specify the hostname or IP address of the Viptela vManage controller.
Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco Viptela.
Network Interface: Select the required network interface.
Protocol: The default selection is HTTPS.
On-premise controller: Check this if your Viptela setup is on-premises.
CA Certificate: Specify a Root CA or Intermediate CA certificate to allow communication with the Cisco Viptela vManage controller. Do one of the following:
Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
ClickImport CA Certificateand select a CA certificate directly from your machine.
Username: The login name for the Cisco Viptela vManage controller.
(Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Viptela SDN per second to avoid overload.
(Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods30802054.
ClickTest Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
ClickAdd or Add & Discover.
...
Click Delete (below the table).
In the Delete dialog, select Exclude from discovery (this is optional).
For more information about interpreting discovery data that the previous views display, see the next section Interpreting Discovery Table Data.
Sometimes a device may be discovered by more than one collector. In that case, a deduplication procedure occurs and the device is marked with a special icon in the UI. For more information, see Deduplication of Devices Discovered by Multiple Collectors.
Also, see Saving Table Views on how to save customized views of discovery results.
...
E (Existing Status)
The listed IP address exists in the network. All devices will receive this status to indicate where NetMRI first discovered the address.
P (Fingerprint Status)
If NetMRI is configured to use fingerprinting, device fingerprint status is listed in this column.
R (Reached Status)
Shows whether NetMRI has sent a packet to the device and received a reply, establishing that the device is reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation.
S (SNMP Credentials Status)
Indicates the status of the SNMP credential guessing process.
SC (SNMP Collection Status)
Shows the status of SNMP data collection for the device. Success indicates that a device successfully allows data collection through SNMP. If this is not successful, check the S field to see whether the correct credential is given.
C (CLI Credentials StatusCredential Status)
Displays the status of the CLI credential guessing process.
CC (Config Collection Status)
Indicates whether a device supports command-line connectivity and whether the configuration collection is successful. If this is not successful, check the C field to see whether the correct credential is given.
G (Device Group Status)
Shows the status of the device group generation process. Success indicates that a device has been assigned to at least one group.
DB (Discovery Blackout Status)
Indicates whether or not the selected device is in a Discovery Blackout period. Two states are possible, In Blackout and NotinBlackout.
CB (Change Blackout Status)
Indicates whether or not the selected device is in a Change Blackout period. Two states are possible, In Blackout and NotinBlackout.
Status
Licensed devices are listed as such. Unlicensed devices are non-network devices or devices for which NetMRI license limits have been exceeded. Unmanaged devices are those which NetMRI will discover, but not manage.
Type
Lists the device type as determined by NetMRI.
LastTimestamp
Date and time the data in the device records were updated or verified as unchanged.
LastAction
The last action performed by NetMRI upon device after discovery takes place. For example, DeviceGroups:Successfullyassignedtodevicegroups indicates that the device was successfully discovered and added to a device group.
LastSeen
The date and time when the device was last seen on the network. For example, reading the IP address in the ARP table from a router.
FirstSeen
Date and time when the listed device was first detected by the NetMRI appliance.
The management collector is assigned to a device using the algorithm only once. However, you can change the management collector manually in the Device Viewer. To open the Device Viewer, click the device IP address. The Management Status page of the Device Viewer opens, showing the current device status on the management collector. To learn how to change the management collector, see Manually Changing Management Collector.
Note
title
Note
If in discovery settings, you delete a range containing a device that has a "duplicate" on another collector, the device becomes licensed again on the other collector.
For devices that did not undergo deduplication, load balancing is performed automatically between collectors. NetMRI determines the less loaded collector in terms of devices and "moves" extra devices from other collectors to this collector. For information, see Deduplication and Load Balancing Settings.
Note
title
Note
Despite the device deduplication functionality, Infoblox recommends defining your discovery settings in a way that collectors scan networks by discovery ranges that do not overlap nor are duplicates.
Viewing Device Discovery Status and Re-Discovering a Device
Viewing Device Discovery Status and Re-Discovering a Device
Viewing Device Discovery Status and Re-Discovering a Device
To view discovery status for any device, open the Device Viewer by navigating to NetworkExplorer -> Discovery and clicking a device link, or DeviceViewer -> Settings&Status –> ManagementStatus. You will see the Management Status for the device. This is an important block of information that immediately describes the effectiveness of communications to the device by NetMRI.
This page provides a subset of the same information listed on the Discovery page, showing the E (Exists), P (PortScanned), R (Reached), S (SNMP), SC (SNMPCollection), C (CLI Credential Status), CC (ConfigCollection), and G (Groups) data results for a single device, each with their respective explanation.
The Exists field indicates the listed device has been successfully discovered by the network. The R field stands for Reached. A device can be discovered by any method but not necessarily be reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation. S and SC are the status indicators for SNMP Credentials and SNMP Collection, respectively.
Corresponding C (CLI CredentialsCredential Status) and CC (Config Collection) indicators also show whether a device supports command-line connectivity and whether configuration collection is successful. Finally, G indicates whether NetMRI successfully assigns the device to a device group.