Versions Compared

Old Version 48

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 49

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
Running Network Discovery
Running Network Discovery
Anchor
#bookmark91
#bookmark91
A primary application for NetMRI is discovering the network and all its infrastructure devices.

...

You can define basic discovery settings during system setup (discussed in detail in Running the Setup Wizard), or manually perform discovery using a series of straightforward steps. The following section Discovery with a New NetMRI Deployment describes how to manually configure and run discovery.

If you are migrating your NetMRI platform to the current release, see Discovery with an Existing NetMRI Platform.

Note
titleNote

Infrastructure devices are devices that form the network infrastructure. See Infrastructure Devices List for currently supported devices.

...

Note
titleNote

You can change discovery settings at any time either through the Setup Wizard (Settings icon –> Setup –> Setup Wizard) or through individual Settings pages (such as Settings icon –> Setup –> Discovery Settings).

You can also flexibly define discovery blackouts at the network, discovery range, device group, and device level to prevent discovery protocols and traffic from occupying network bandwidth at inopportune times, such as latency-sensitive trading or video applications operating during daytime hours. For information, see Configuring Network Discovery Settings and Defining Blackout Periods.

To perform network discovery, you use several fundamental tools: Network Views, Scan Interfaces, Discovery Settings, and SNMP/CLI credentials.

  • Network Views: NetMRI uses network views to create separate management domains for your networks and devices, including VRF-based virtual networks. You manage every network, including virtual networks, through a separate network view. For more information, see Configuring Network Views.
  • Scan Interfaces: You configure scan interfaces to physically or logically connect to multiple networks, enabling discovery and management in different network domains. Every scan interface you create maps to a network view. For more information, see Configuring Scan Interfaces.
  • Discovery Settings: You specify the IP prefixes, also called discovery ranges, to define the IP address space that is managed on each network. Another key setting is called a seed router, which is a gateway routing device considered to help speed discovery across more network spaces. For more information, see Configuring Network Discovery Settings.
  • SNMP and CLI Credentials: NetMRI requires SNMP for most discovery tasks. Many discovery and data collection tasks, including VRF discovery, also require the use of CLI and Enable password credentials to access device configurations. You collect and add these values to NetMRI through a Credentials page. For more information, see Adding and Editing Device Credentials.

...

  • Your currently managed network, with its current discovery settings, is managed through a new network view named after the previously defined network name. No further configuration is necessary for continued network management but changes can be made at any time. For more information, see Configuring Network Views.
  • Existing discovery settings, such as CIDR discovery ranges, are automatically assigned to the network view used for the managed network.
  • Your SCAN port for your appliance (or appliances, in the case of Operations Center deployments using Collectors) will automatically be assigned to the network view that is used for your present managed network. This port will be named LAN1. For more information, see Configuring Scan Interfaces.
  • Depending on your appliance, a second LAN2 port is made available for further network connections.
  • Your MGMT port will continue to operate as the appliance's Web management interface.
  • All active Ethernet interfaces on your appliance(s), including the MGMT port, support Ethernet 802.1Q encapsulation for virtual scan interfaces. For more information, see Configuring Virtual Scan Interfaces.
  • If VRF-aware devices exist on your managed network, System Health banner messages will notify you about unassigned VRFs. To enable full network discovery and control for each virtual network, these networks need to be mapped to virtual scan interfaces. For more information, see Mapping Virtual Networks to Network Views30802054 and Configuring Virtual Scan Interfaces.

Existing Operations Center deployments will see the following changes:

  • For an OC deployment managing a single large network, you will see multiple entries in the pages under the Settings icon –> Setup –> Discovery Settings for selectable network views. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.
  • Multi-Network Operations Center deployments automatically assign each managed network to a new Network View. Each network view is named based upon the original network name.
  • Multi-Network Operations Center deployments automatically define a new set of device groups for each managed network, along with the standard set of device groups. These network-specific device groups are named using the original network name as a prefix.
  • During the upgrade, a Multi-Network OC deployment creates a series of new network views, each of which corresponds to the networks managed under the prior software release. Each device listed in Network Explorer tables provides a link under a new Network View column, which opens the Network Viewer window. This window lists all devices that are members of the network view.
  • In Multi-Network Operations Center deployments, discovery settings for each network, such as CIDR discovery ranges and seed routers, are automatically associated to the network views for each managed network, that use each of the respective discovery settings.

The following section, Discovery with a New NetMRI Deployment, describes the sequence of high-level tasks you perform to configure and run discovery on your network.

...

  1. If necessary, install your NetMRI appliance or appliances. For more information, see the Infoblox Installation Guide for your NetMRI appliances. Ensure that you have the full feature licensing and device licensing entitlements for your deployment. For more information, see Understanding Platform Limits, Licensing Limits, and Effective Limits. If you are upgrading your NetMRI installation, check the installation instructions in the Release Notes for your software (and see the section below, Discovery with an Existing NetMRI Platform.
    Also, read the section Preparing for NetMRI VRF Access for information on checking and configuring VRF-aware devices to which NetMRI will connect for managing virtual networks.
  2. Configure your first network views for network management.
    For new installations, NetMRI automatically provides an initial network view, named Network 1, as part of the initial setup. For the initial discovery of the network, you may only need this first network view. For more information, see Configuring Network Views.
  3. You combine network views with scan interfaces to separate and manage networks. For new installations, the Network 1 network view is automatically bound to your appliance's LAN1 port. This may be the only interface you need for initial network discovery. This interface connects to the router through which NetMRI begins to discover the network. For more information, see Configuring Scan Interfaces.
  4. Configure your discovery settings. They include discovery IP address ranges, possible static IP addresses of devices you explicitly want to discover in your networks, a seed router for network discovery and possible device hints to improve odds of finding devices. The seed router might be, for example, the router to which NetMRI first connects for the discovery of the network. For more information, see the sections Configuring Discovery RangesSpecifying Static IPsAdding Seed Routers, Configuring CISCO APIC, and Adding Device Hints.
  5. Add the necessary device SNMP credentials, and CLI admin login and Enable password credentials. For more information, see Adding and Editing Device Credentials and its various sections. You can also add and test credentials for individual devices; for more information, see Adding and Testing SNMP Credentials for a Device.
  6. Associate discovery settings to network views. Add your discovery settings from Step 4 to the network views and begin to discover the network. Initial discovery of your networks begins automatically after the discovery ranges and other discovery settings, such as a seed router, are added to the network view, which also must have a scan interface connection. For more information, see Discovery Using Network Views.
  7. Watch data collection. Network data collection and virtual network detection take place during your initial network discovery, which begins automatically when the network connection is established from NetMRI, to the network to be discovered. Perform the following to view discovered information about your network:
    • View summaries of discovery events: Click the All Devices device group in the right panel, and open the Network Explorer –> Discovery page to see a table of all devices being discovered by NetMRI. For more information about the features on this page, see Viewing and Managing Discovery Results.
    • View a list of devices your appliance has recently discovered: Click the All Devices device group in the right panel, and open the Network Explorer –> Inventory page to see tables of all member devices. For more information about the features on this page, see Viewing Network Inventory.
    • View summaries of recently discovered network phenomena: Includes summary information of routed networks, VLANs, route targets, and virtual networks (VRFs). For more information about the features on this page, see Summarizing Network Topologies.
  8. Map virtual networks. If your network has virtual networks, NetMRI automatically discovers them on the devices where they are configured, and alerts you through System Health banner messages at the top of the screen to map those VRF-aware devices to the network views where they belong. By mapping each virtual network to network views, you provide more information to the discovery process. For more information, see Mapping Virtual Networks to Network Views.

Note
titleNote

CLI credentials to devices are required to determine if devices are VRF-aware and to collect VRF-related data.

9. As NetMRI polls devices deeper into the network, it may find more VRF-based virtual networks. These networks need to be mapped to virtual scan interfaces to enable full network discovery and control for each virtual network. For more information, see Mapping Virtual Networks to Network ViewsConfiguring Virtual Scan Interfaces, and Configuring VRF-Aware Device Interfaces.

...

  1. Identify the VRFs/virtual networks you want NetMRI to access and manage.
  2. Identify the single VRF-aware Switch/Router on the managed network, that is aware of all of the desired VRFs. NetMRI will need to access the VRFs through this device.
    • A VRF-aware device may not exist on the network that is aware of all of the VRFs. If it is not possible to consolidate all VRFs into a single trunked port, you can physically connect NetMRI to multiple places on the network. NetMRI has up to 3 physical scan interfaces available, labeled MGMT, LAN1, and LAN2, that may differ slightly per platform. For more information, see Configuring Scan Interfaces.
    • You also must identify a minimal set of VRF-Aware devices that collectively are aware of all the VRFs you wish NetMRI to manage.
  3. Reserve a valid routable IP address on each VRF. These IPs will be configured on NetMRI virtual scan interfaces that will connect to each virtual network. Prepare an IP, subnet mask, and gateway for each VRF.
  4. You must configure at least one network device to provide access to the virtual networks for NetMRI. NetMRI can connect to multiple VRFs on the same physical interface, using virtual scan interfaces, each associated with an encapsulated 802.1q tag. To access each VRF, complete the following:
    • The interface NetMRI connects to, should be configured to transport via an 802.1q encapsulated traffic (trunked port).
    • Each tag carried by the trunked port should be associated with a single VRF on the device.
    • If the device NetMRI is connected to is not VRF aware, and then the 802.1q configurations will be in the form of VLANs, with one VLAN for each VRF. In this case, the device must trunk the VLANs to another device that is VRF aware, and can be configured to associate each 802.1q tag to a VRF.

...

5. When connecting NetMRI to a trunk port, for each 802.1q tag in the trunk, create a Virtual Scan Interface by right clicking the physical scan interface in Settings –> Scan Interfaces. Specify the tag, IP, gateway, network mask, and other needed settings. You can also associate it with an existing Network View, or you may create a new Network View for the virtual scan interface. For more information, see Configuring Network Views.

Anchor
Configuring Network Views
Configuring Network Views
Anchor
bookmark98
bookmark98
Anchor
bookmark99
bookmark99
Configuring Network Views

...

When you create discovery ranges, you can also directly associate them with a network view. For more information, see Configuring Discovery Ranges. When you also associate a virtual scan interface with that network view, the discovery range automatically becomes the range of IP addresses that are scanned and discovered on that scan interface.

...

For information on creating network views for virtual networks, see Mapping Virtual Networks to Network Views.

Anchor
Mapping Virtual Networks to Network Views
Mapping Virtual Networks to Network Views
Anchor
bookmark102
bookmark102
Mapping Virtual Networks to Network Views

User action is required to clearly associate each discovered virtual network with its correct network view in the Network View Editor. This provides additional context to collected data and enables NetMRI to fully discover and model the network topology. If you define any new network views in this step, you will also need to configure scan interfaces based on the steps in Configuring Scan Interfaces. If a network view does not have an assigned scan interface, discovery will not take place on that network.

...

Note
titleNote

Each network view must have a discovery range associated with it. For more information, see Configuring Discovery Ranges.

4. To see all VRFs listed as discovered on each device, click Display VRFs per Device. All VRFs are listed under their respective device names.

...

You can assign other VRF instances to the current network by clicking the Assign button over the Associated VRFs list, which opens the network editor. For more information, see Mapping Virtual Networks to Network Views.

Anchor
Deleting Network Views
Deleting Network Views
Anchor
bookmark105
bookmark105
Deleting Network Views

...

...

To perform your first network discovery, go to Settings icon –> Setup –> Setup Wizard. When you use the Setup Wizard, the Wizard guides you through the process of performing discovery on the network. When specifying your first discovery ranges, you also select the network view to use for the discovered network. This step is required and is further explained in the topic Configuring Network Views.

Note
titleNote

Use caution when entering address ranges, particularly if you are using IPv6 values. If you have a default route to the Internet and you enter an address range incorrectly, you may receive a call from your ISP asking about a network scanner running from your network.

...

If more than one network view exists, you can choose the network view with which the discovery range will be associated, by clicking the Network View drop-down menu. If only one network exists in NetMRI, this setting does not appear. The chosen network view must also be associated with a scan interface, otherwise, discovery does not take place. Unassigned network views that do not have an assigned scan interface or virtual scan interface appear with a caution icon () in discovery ranges configuration. For more details, see Configuring Network Views.

Network views can contain multiple discovery ranges. So when you create other ranges, you can assign the same network view to each. However, you can assign each discovery range to only one network view. Also, ensure that the ranges you assign to each network view make sense. Selecting the network view in an Operations Center environment also involves other details. For more information, see Defining Discovery Ranges on Operations Center Collectors.

...

...

You can also define general SDN and SD-WAN settings as described in Configuring SDN and SD-WAN Polling Settings 30802054.

After executing SDN and SD-WAN discovery, you can see the results in Network Explorer -> Discovery. For more information, see Viewing and Managing Discovery Results30802054.

Anchor
Adding and Configuring Cisco ACI Discovery
Adding and Configuring Cisco ACI Discovery
Adding and Configuring Cisco ACI Discovery

...

  1. Make sure that you enabled SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings 30802054.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4.  In SDN Type, select Cisco ACI.
  5. Complete the following:
    • Fabric Name: Specify a short and unique name for the current Cisco ACI configuration.
    • Addresses: Click Add and enter the hostname or IP address of the Cisco APIC controller. If your fabric includes more than one controller, click Add again to add more addresses.
    • Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco ACI. In parentheses next to the network view name is displayed the name of the associated collector. The network view and collector are assigned to discover devices from the ACI fabric.
    • Protocol: Select HTTP or HTTPS.
      If you select HTTPS, you must use a Root CA or Intermediate CA certificate to allow communication with the Cisco APIC as described below. 
      If your ACI fabric includes multiple controllers, use a combined PEM certificate. To do so, copy the ASCII data from all of the certificates into a single file.
    • CA Certificate: Perform one of the following:
      • Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
      • Click Import CA Certificate and select a CA certificate directly from your machine.
        For how to prepare a CA certificate, see About CA Certificates for Cisco APIC. The APIC controller address must match either the certificate subject or one of subject alternative names.
    • Username: The login name for the Cisco ACI.
    • Password: The login password.
    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco ACI SDN per second to avoid overload.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods 30802054.
  6. Click Test Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

...

  1. Make sure that you enable SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings 30802054.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4. In SDN Type, select Cisco Meraki.
  5. Complete the following:
    • Config Name: Specify a short and unique name for the current Cisco Meraki configuration.
    • Network Interface: Select the interface that will be used to access the device. In parentheses next to the interface name is displayed the name of the associated collector. As Cisco Meraki infrastructure may have overlapping IP addresses in different network views, you should explicitly specify a network interface exposed to the internet.
    • Protocol: HTTPS by default.
    • Address: Enter the hostname or IP address of the Cisco Meraki Dashboard API. By default it is api.meraki.com.

    • API Key: Access key required to use Cisco APIs.

    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Meraki SDN per second to avoid overload.
    • (Optional) Collect Devices in Offline Status: Specify if you want to discover Cisco Meraki devices that are offline.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods 30802054.
  6. Click Test Connection to check if the device is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

...

  1. Make sure that you enabled SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings 30802054.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4. In SDN Type, select Cisco Viptela.
  5. Complete the following:
    • Fabric Name: Specify a short and unique name for the current Cisco Viptela configuration.
    • Address: Specify the hostname or IP address of the Viptela vManage controller.
    • Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco Viptela.
    • Network Interface: Select the required network interface.
    • Protocol: The default selection is HTTPS.
    • On-premise controllerCheck this if your Viptela setup is on-premises.
    • CA Certificate: Specify a Root CA or Intermediate CA certificate to allow communication with the Cisco Viptela vManage controller. Do one of the following:
      • Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
      • Click Import CA Certificate and select a CA certificate directly from your machine.
    • Username: The login name for the Cisco Viptela vManage controller.
    • Password: The login password.
    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Viptela SDN per second to avoid overload.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods 30802054.
  6. Click Test Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

...

  1. Click Delete (below the table).
  2. In the Delete dialog, select Exclude from discovery (this is optional).
  3. If the device has duplicates, you can also select Delete devices instances on other collectors. For more information, see Deduplication of Devices Discovered by Multiple Collectors.
  4. Click Yes to confirm the deletion.

...

For more information about interpreting discovery data that the previous views display, see the next section Interpreting Discovery Table Data.

Sometimes a device may be discovered by more than one collector. In that case, a deduplication procedure occurs and the device is marked with a special icon in the UI. For more information, see Deduplication of Devices Discovered by Multiple Collectors.

Also, see Saving Table Views on how to save customized views of discovery results.

...

E (Existing Status)

The listed IP address exists in the network. All devices will receive this status to indicate where NetMRI first discovered the address.

P (Fingerprint Status)

If NetMRI is configured to use fingerprinting, device fingerprint status is listed in this column.

R (Reached Status)

Shows whether NetMRI has sent a packet to the device and received a reply, establishing that the device is reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation.

S (SNMP Credentials Status)

Indicates the status of the SNMP credential guessing process.

SC (SNMP Collection Status)

Shows the status of SNMP data collection for the device. Success indicates that a device successfully allows data collection through SNMP. If this is not successful, check the S field to see whether the correct credential is given.

C (CLI Credentials StatusCredential Status)

Displays the status of the CLI credential guessing process.

CC (Config Collection Status)

Indicates whether a device supports command-line connectivity and whether the configuration collection is successful. If this is not successful, check the C field to see whether the correct credential is given.

G (Device Group Status)

Shows the status of the device group generation process. Success indicates that a device has been assigned to at least one group.

DB (Discovery Blackout Status)

Indicates whether or not the selected device is in a Discovery Blackout period. Two states are possible, In Blackout and Not in Blackout.

CB (Change Blackout Status)

Indicates whether or not the selected device is in a Change Blackout period. Two states are possible, In Blackout and Not in Blackout.

Status

Licensed devices are listed as such. Unlicensed devices are non-network devices or devices for which NetMRI license limits have been exceeded. Unmanaged devices are those which NetMRI will discover, but not manage.

Type

Lists the device type as determined by NetMRI.

Last Timestamp

Date and time the data in the device records were updated or verified as unchanged.

Last Action

The last action performed by NetMRI upon device after discovery takes place. For example, Device Groups: Successfully assigned to device groups indicates that the device was successfully discovered and added to a device group.

Last Seen

The date and time when the device was last seen on the network. For example, reading the IP address in the ARP table from a router.

First Seen

Date and time when the listed device was first detected by the NetMRI appliance.

...


As to how NetMRI assigns the management collector for a device, see Algorithm for Assigning Management Collector.

The management collector is assigned to a device using the algorithm only once. However, you can change the management collector manually in the Device Viewer. To open the Device Viewer, click the device IP address. The Management Status page of the Device Viewer opens, showing the current device status on the management collector. To learn how to change the management collector, see Manually Changing Management Collector.

Note
titleNote
If in discovery settings, you delete a range containing a device that has a "duplicate" on another collector, the device becomes licensed again on the other collector.

For devices that did not undergo deduplication, load balancing is performed automatically between collectors. NetMRI determines the less loaded collector in terms of devices and "moves" extra devices from other collectors to this collector. For information, see Deduplication and Load Balancing Settings.

Note
titleNote

Despite the device deduplication functionality, Infoblox recommends defining your discovery settings in a way that collectors scan networks by discovery ranges that do not overlap nor are duplicates.

...

You can change the timeout for choosing the collector in Deduplication and Load Balancing Settings.

Anchor
Manually Changing Management Collector
Manually Changing Management Collector
Manually Changing Management Collector

...

Anchor
bookmark141
bookmark141
Anchor
bookmark142
bookmark142
Anchor
Viewing Device Discovery Status and Re-Discovering a Device
Viewing Device Discovery Status and Re-Discovering a Device
Viewing Device Discovery Status and Re-Discovering a Device

To view discovery status for any device, open the Device Viewer by navigating to Network Explorer -> Discovery and clicking a device link, or Device Viewer -> Settings & Status –> Management Status. You will see the Management Status for the device. This is an important block of information that immediately describes the effectiveness of communications to the device by NetMRI.

This page provides a subset of the same information listed on the Discovery page, showing the E (Exists), P (Port Scanned), R (Reached), S (SNMP), SC (SNMP Collection), C (CLI Credential Status), CC (Config Collection), and G (Groups) data results for a single device, each with their respective explanation.

The Exists field indicates the listed device has been successfully discovered by the network. The R field stands for Reached. A device can be discovered by any method but not necessarily be reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation. S and SC are the status indicators for SNMP Credentials and SNMP Collection, respectively.

Corresponding C (CLI CredentialsCredential Status) and CC (Config Collection) indicators also show whether a device supports command-line connectivity and whether configuration collection is successful. Finally, G indicates whether NetMRI successfully assigns the device to a device group.

...