Versions Compared

Version Old Version 1 New Version 2
Changes made by

Panna .

Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To ensure a successful discovery, complete the following configurations for the Grid and Grid members that are acting as the Consolidator and Probes before you start a discovery:

  • Define polling methods and schedule. 

  • Define advanced polling settings for TCP scanning and Ping sweeps. Also, specify routers and logging options. 

  • To collect data from SDN and SD-WAN devices, add and configure them as described in Configuring Discovery for SDN and SD-WAN below.

  • If you use SNMP or CLI collection as the polling methods, define device credentials for data collection. .

  • Assign credentials to device groups. 

  • Enable and schedule blackout periods for discovery and port configuration. For more information, see Defining Blackout Periods.

  • Configure automatic network view mapping for unassigned VRFs that have been discovered. For more information, see Configuring Automatic VRF Mapping.

  • Configure settings to monitor the lifecycle and vulnerabilities of discovered devices. For more information, see Configuring Advisor Properties below.

The following sections describe in detail how to configure discovery for the Grid, Grid members, and networks.

Note

Note

You must be a superuser to configure discovery properties for the Grid.

...

  1. For the Grid: From the Grid tab, select Grid Manager > Discovery service, and then select Edit > Grid Discovery Properties from the Toolbar.
    For Probe members: From the Grid tab, select Grid Manager > Discovery service, select a member, and then select Edit > Member Discovery Properties from the Toolbar.
    For networks: From the IPAM tab, click a network name, and then click the Edit icon.

  2. In the Grid Discovery Properties or Member Discovery Properties editor, click Polling > Basic.
    In the Network editor, click Discovery.

  3. If you want to override the inherited Grid settings for Probe members and networks, click Override and define the following settings.

  4. SNMP Collection: Select this to execute SNMP protocols to discover and collect information such as traceroute/path collection, vendor and model, SNMP credential collection, routing and ARP tables, switch port data, and VLAN configuration data. If you disable SNMP collection, previously discovered data remains available for viewing. No new data is added and no existing data is removed.
    Some devices may not support SNMP, and some devices may not enable SNMP by default.
    Note When you disable SNMP collection on a network with enabled discovery, Network Insight still attempts to authenticate the SNMP credentials of devices that are newly discovered under this network. All newly discovered devices are automatically bound to a default group with enabled SNMP collection.

  5. CLI Collection: Select this if you expect to use Network Insight to discover devices that support CLI connectivity through Telnet or SSH, and that you possess admin account information. NIOS can use device admin account logins to query network devices for discovery data collection, including IP configuration, port configuration, routing and forwarding tables, and much more.

    Note that for SNMP and CLI Collection methods, configure device polling credentials in the Credentials tab of the editor. For more information, see Configuring Device Credentials below.

  6. Port Scanning: Select this to probe the TCP ports. Ensure that you go to the Advanced tab to configure more settings for this option as described in the next section. If you disable Port Scanning, NIOS attempts no port probes other than SNMP on any device.

    • Profile Device: If enabled, NIOS attempts to identify the network device based on the response characteristics of its TCP stack, and uses this information to determine the device type. In the absence of SNMP access, the Profile Device function is usually the only way to identify non-network devices. If disabled, devices accessible via SNMP are identified correctly. All other devices are assigned a device type of Unknown. Profile Device is disabled by default for network polling.

  7. Smart IPv4 Subnet Ping Sweep: Select this to execute Ping sweeps only on subnetworks that are known to exist but no IPs can be found within the subnet, such as through ARP or other means.

  8. Complete Ping Sweep: Select this to enable brute-force subnet Ping sweeps on IPv4 networks. This method executes Nmap that uses ICMP echo requests, ICMP timestamp requests, and TCP SYN to ports 161, 162, 22, and 23 (for the SNMP, SNMPTRAP, SSH, and TELNET services correspondingly). Subnet ping sweeps are used as a last resort in the discovery process. Perform a subnet ping sweep if NIOS cannot identify any network devices in a given subnet. Subnet ping sweeps should be performed no more than once per day, and will stop on a given subnet once NIOS Discovery locates a network device and is able to collect data from it. Ensure that you configure advanced settings for this option in the Advanced tab as described in the next section.
    Note that NIOS does not perform Smart Subnet Ping sweeps on subnets larger than /22. NIOS also does not perform Ping sweeps on IPv6 networks, because of the dramatically greater scale of network addresses in the IPv6 realm. The Complete Ping Sweep differs from the Smart Subnet Ping Sweep in the following ways:

    • The Complete Ping Sweep will run only against the specified range.

    • The sweep will run regardless of the range size.

    • The sweep will run regardless of the number of discovered devices within the specified range.

  9. NetBIOS Scanning: Select this to enable NIOS to collect the NetBIOS name for endpoint devices in the network. This feature can be enabled only by users with SysAdmin privileges. This feature is globally disabled by default (and also for device groups) to prevent unexpected scanning of the network by a new collector.

  10. Automatic ARP Refresh Before Switch Port Polling: Select this Select this to enable refreshing of ARP caches on switches and switch-routers in the managed network before NIOS performs polling of switch ports. Enabling this feature applies only to switched Ethernet devices. This feature enables more accurate detection of all endpoint devices on L2 switches. Without ARP refresh, some endpoint devices may not be detected. This feature is globally disabled by default. Individual ARPs can also be set to enable or disable this feature.

  11. Switch Port Data Collection: Select this to enable the Probe member to poll L2 enterprise switches. You can completely disable switch port polling by deselecting this checkbox. You can also separately schedule polling for switch port data collection as follows:

  12. Periodic Polling: Define regular polling time periods. Choose a polling interval of 30 or more minutes or 1-24 hours.

  13. Scheduled Polling: Schedule recurrent polling based on hourly, daily, weekly, or monthly time periods. Choosing this option, click the Calendar icon and a Polling Scheduler appears; click the Edit icon to make scheduling changes. Choose a recurrence pattern of Once, Hourly, Daily, Weekly, or Monthly. In all cases, you must choose an Execution Time.

  14. In the Polling Frequency Modifier field, specify the coefficient that modifies the polling frequency modifier.
    For example, by default it happens once a day. With the Polling Frequency Modifier option you can set the polling frequency modifier to occur once every two days or twice a day.
    You can set values between 0.5 and for the global level polling frequency modifier. Interpret the values as follows:

    • 0.5: Makes polling twice as slow.

    • 1: Takes the default setting, which is once a day.

    • 2: Makes polling twice as fast.
      To set the Polling Frequency Modifier value for global settings, ensure that you enable the Use Global Polling Frequency Modifier checkbox for network configuration.

  15. Save the configuration.

Defining Advanced Polling Settings

...

  1. For the Grid: From the Grid tab -> Grid Manager tab -> Discovery service, select Edit -> Grid Discovery Properties from the Toolbar.
    For members: From the Grid tab -> Grid Manager tab -> Discovery service, select Edit -> Member Discovery Properties from the Toolbar.
    For networks: From the IPAM tab, select the network checkbox and click the Edit icon.

  2. In the Grid Discovery Properties, Member Discovery Properties, or (IPv4 or IPv6) Network editor, click Polling -> Advanced and define the following settings.

  3. If you want to override the inherited Grid settings for Probe members and networks, click Override and define the following settings.

  4. TCP Scan Technique: Select the TCP technique you want to use for the discovery. The default is SYN. For more information, see TCP.

    • SYN: Select this to quickly perform scans on thousands of TCP ports per system, never completing connections across any well-known port. SYN packets are sent and the poller waits for a response while continuing to scan other ports. A SYN/ACK response indicates the protocol port is listening while an RST indicates it is not listening. The SYN option presents less impact on the network.

    • CONNECT: Select this to scan IPv6 networks. Unlike the SYN option, complete connections are attempted on the scanned system and each successive TCP protocol port being scanned.

  5.  Specify the TCP ports settings:

    • In the table, select the checkboxes of the TCP ports you want to discover. To select all ports, click the checkbox in the header.

    • To add a new port, click the Add icon.

  6. Specify other advanced polling settings:

    • Purge expired assets data after: Removes records of discovered assets that are no longer reachable after a specified period of time. The default is set to one day.

    • Purge expired device data after: Removes records of discovered network infrastructure devices that are no longer reachable after a specified period of time. The default is set to seven days, a more forgiving value given that devices sometimes require maintenance, upgrades or repairs, or in cases where hosts leave the network on long trips.

    • ARP Aggregate Limit: Sets a limit for the number of entries (IP addresses) per MAC address in ARP tables. If there are too many entries associated with a MAC address, this can be treated, for example, as a "honeypot". Therefore, MAC addresses with more entries than the specified limit are ignored and filtered out during data extraction and parsing. The default limit is 30 ARP table entries (IP addresses) per MAC address.

    • Route Limit: Limits the size of the routing table that discovery is required to collect from any given device. Some routers can have tables in the hundreds of thousands of entries, and collecting such a large body of data can impose performance problems in the network and in discovery data collection. This setting defaults to 3000, and automatically excludes BGP routes from the collection. Consult Infoblox Technical Support before making changes to this value.

    • Ping Sweep Timeout (ms): Period of time allowed, in milliseconds, before a Ping times out to any given device.

    • Ping Sweep Attempts: The number of attempts on each address in a Ping sweep before the sweep continues.

    • Ping Sweep Frequency: Defaults to 1, because ping sweep should not be executed more than once a day when the feature is enabled at the grid level or for a given discovery range. This setting affects the SmartPingSweep and CompletePingSweep features under GridDiscoveryProperties.

    • ARP Cache Refresh: Defines the time period between ARP refreshes by Network Insight across all switch ports. Before any other switch port polling and discovery operations take place (including any global discovery polling operations initiated by the administrator), another ARP refresh is carried out by the Probe appliance regardless of the time interval. The default is five minutes, because switch forwarding tables are frequently purged from LAN switching devices. The default on Cisco switches is five minutes/300 seconds. Network Insight primarily uses ARP Cache refreshes to improve the accuracy of end-device discovery. Without this feature, some endpoints may not be discovered and cataloged.

    • Ignore Conflict Duration: Used when resolving conflicts and when choosing the option to Ignore the conflict when resolving it. The length of time during which conflicts is ignored is defined with this settings. Increments can be defined in Hours or Days.

    • Number of discovered unmanaged IP addresses per notification: The maximum number of unmanaged IP addresses that the appliance discovers before it sends SNMP and email notifications, if enabled. The appliance resets the counter after it hits this number and sends notifications. The default is 20.

    • Interval between notifications for discovered unmanaged IP addresses: This number determines how often the appliance sends SNMP and email notifications, if enabled, when it discovers the maximum number of unmanaged IP addresses (configured for Number of discovered unmanaged IP addresses per notification ). This is the time interval between two notifications for discovered unmanaged objects. Select the time unit from the drop-down menu. The default is five minutes.

    • DNS Lookup Option: Specify whether you want to perform a reverse DNS lookup from discovered IP addresses. Select one of the following from the drop-down list:

      • Network Devices: Select this to resolve network device (switches and routers) IP addresses. This option is selected by default.

      • Network Devices and End Hosts: Select this to resolve both network device (switches and routers) and end host IP addresses.

      • Off: Select this to turn off reverse DNS lookups for discovered IP addresses.

      • DNS Lookup Throttle: This is the value in a percentage that throttles the traffic on the DNS servers. Setting a lower value reduces the number of requests to DNS servers. You can specify a value between 1 and 100. The default value is 100.

    • Disable discovery for networks not in IPAM: Disables executing discovery on any infrastructure networks that are not presented in the Infoblox IPAM system; e.g. present and managed in a network view or network container.

    • Authenticate and poll using SNMPv2c or later only: For credential discovery and device polling exclusively using SNMPv2c and up, preventing use of SNMPv1, enable this checkbox.

    • Use DHCP Routers as Seed Routers: Select this so the Probe members can use the default gateways for associated DHCP ranges and networks as seed routers to more quickly discover and catalog all devices (such as endpoint hosts, printers and other devices). All such default gateways are automatically leveraged by discovery, and no further configuration is necessary unless you wish to exclude a device from usage.
      Use this option carefully and avoid continuous updating of DHCP routers by a third-party component such as Microsoft servers, as it may trigger a discovery service restart when attempting to apply the new configuration.

      Ensure to check for a list of configured DHCP seed routers for any discovery Probe member in the Seed tab -> Advanced tab of the Member Discovery Properties editor.

    • Log IP Discovery events in Syslog: Sends a message to the configured Syslog service when an IP address of an active host is discovered.

    • Log network discovery events in Syslog: Sends a message to the configured Syslog service when a network discovery process takes place in the Grid.

  7. Save the configuration.

...

For more information on configuring device credentials, see the following sections:

  • Configuring SNMPv1/v2 Credentials

  • Configuring SNMPv3 Credentials

  • Configuring CLI Credentials

  • Defining CLI Credentials for Objects

  • Testing SNMP and CLI Credentials

If any SNMP or CLI credentials become obsolete, you can reset them for all affected devices at once. After that, Network Insight re-guesses the credentials for each device. This does not apply to CLI credentials manually set for specific devices. For more information, see the reset snmp andreset cli Administrative Shell commands.

...

See the following sections on how to add device credentials of different types to a credential group:

  • Configuring SNMPv1/v2 Credentials

  • Configuring SNMPv3 Credentials

  • Configuring CLI Credentials

Assigning a Credential Group

Probe members, networks and ranges inherit the credential groups assignment from the Grid. You can override this assignment with another credential group for networks and ranges. For members, you cannot assign a credential group as they always use the default group for credential guessing.

Assigning a Credential Group to the Grid

...

For more information, see the following sections:

  • Adding and Configuring Cisco ACI Discovery

  • Adding and Configuring Cisco Meraki Discovery

  • Adding and Configuring Cisco Viptela Discovery

  • Configuring SDN and SD-WAN Polling Properties

To view discovery results for SDN and SD-WAN, go to Data Management Devices. For information, see Viewing Discovered Devices and their Properties.

...

For Meraki devices, you can select between different modes for mapping Meraki networks to NIOS network views. This mapping mechanism is required as your Meraki infrastructure may have overlapping IP ranges that can be supported under different network views. The mapping rules include:

  • Mapping to the predefined SDN network view

  • Automatic mapping

  • Custom mapping

To configure SDN/SD-WAN polling properties, complete the following:

...