Versions Compared

Old Version 11

changes.mady.by.user Panna .

Saved on

compared with

New Version Current

changes.mady.by.user Uday Dubey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Device Groups and Interface Groups are the primary organizational units in NetMRI. You can create device groups in a nested structure, with some device groups subordinate to other device groups. You can apply device group membership criteria in the same ways with nested device groups as for device groups from earlier releases of NetMRI, which used a flat data structure and enforced all device groups as existing on the same peer level. You can now create a hierarchical list of device groups, comprised of top-level groups, with child device groups subordinate to them, and with child device groups further subordinate to their parent groups. For more information, see Creating Device Groups. 

NetMRI uses device groups to organize device discovery results, generate separate scorecards, filter issues, and manage polling and processing for each device in the network. Device groups also offer control of Switch Port Management processes, including the ability to immediately carry out Switch Port polling in a device group.

...

  • Device Viewer: Opens the Device Viewer for the selected device associated with the hyperlink.
  • Config Explorer: Opens the Config Explorer for the device associated with the hyperlink.
  • View Running Config: Queries the chosen device and displays the contents of its currently running configuration file.
  • Changes: Displays the device's Network Analysis > Changes page in the Device Viewer.
  • Issue List: Displays the chosen device's Network Analysis > Issues page in the Device Viewer. For more information, see Evaluating Issues in NetMRI. 
  • Policy Compliance: Opens the chosen device's Network Analysis > Policy Compliance page in the Device Viewer, which shows the status of any Policies deployed against the chosen device.
  • Topology Viewer: Opens the NetMRI Topology Viewer with the selected device as the central device shown in the map.
  • Schedule Job: Opens the Job Details window, to set up a job script to run against the chosen device. For more information, see Job Management and Automation Change Manager
  • Execute Command: Similar to Schedule Job, this option opens an Ad Hoc Command function to allow entry of a single command string to the chosen device. The command syntax needs to be compatible with the selected device like JunOS for Juniper, IOS or CatOS for Cisco, and so on.
  • Open Telnet Session: Activates the Telnet/SSH proxy to start a new Telnet session with the chosen device.
  • Open SSH Session: Activates the Telnet/SSH proxy to start a new SSH session with the chosen device.

...

For any Telnet or SSH session, administrative users can define user CLI credentials for other NetMRI user accounts. The location for configuring is Settings icon –> > User Admin –> > edit User –> > CLI Credentials tab. Accounts that can modify CLI credentials for themselves and other users include SysAdmin, UserAdmin and ChangeEngineer High. Without User CLI credentials, other users can still log in to devices using their own device-specific credentials. This is particularly handy for devices that are not directly managed by NetMRI, such as Linux systems, but for which a user has a specific account. Some devices that are detected and/or managed by NetMRI may not provide the same level of Telnet or SSH as NetMRI. This is an advantage of the Telnet/SSH proxy.

...

All session activity is logged. For more information, see User Audit Logs. 

Note
titleNote

All Telnet/SSH proxy sessions have an inactivity timeout of five minutes. This value cannot be changed. NetMRI allows only one session to a device from the same NetMRI instance.

...

  • Terminal: Open Session: This permits users to connect to network devices.
  • Terminal: User System Creds: This permits users to use the credentials stored on NetMRI to access network devices.

...

  • .

To connect to specific devices, users must also have permissions to the corresponding device groups to which the devices belong. Authorized users can use any SSH client to gain proxy connection using their NetMRI credentials, without the need to acquire the credentials for individual devices. With valid privileges, users can use the Connect command to connect to the devices from any SSH client. For information about the command, see Using the Connect Command. The CLI proxy feature connects only through the management interface on the NetMRI appliance. This helps eliminate the need to gain access to the user's computer through various networks, VRFs, and VLANs. Note that all connections and commands issued to any network devices through the CLI proxy are audited and logged. For information about audit logs, see User Audit Logs. 

Using the Connect Command

...

  1. Start a PuTTy session.
  2. In the PuTTy Configuration window, go to the Connection –> > Data –> > Category section.
  3. As illustrated below, perform the following in the Environment variables section: enter CLI_PROXY_HOST 210.20.20.5.
  4. Click Open.

...

  • Config collection disabled globally: The current instance of NetMRI has disabled all Config Collection features (go to the Settings icon –> > Setup –> > Collection and Groups –> > Config Management side tab to check and enable collection settings).
  • Config collection disabled globally for all protocols: The current instance of NetMRI has enabled Config Collection but none of the protocols for gathering data (telnet, SSH, HTTP) are enabled (go to Settings icon –> > Setup –> > Collection and Groups –> > Config Management side tab to check and enable collection settings).
  • Not Included by Discovery Settings: The device in question is not part of any IP range, is not specified as a static IP, and does not match any device Hints and is not a seed router. (go to Settings icon –> > Setup –>  Discovery Settings to check values for each of the four setting types. This message appears only for attempts to get configurations from the device.
  • Not Licensed: Device is not licensed under NetMRI. This message appears only for attempts to get configurations from the device.
  • Config collection disabled at device group level: NetMRI has disabled Config Collection features for a specific Device Group (go to Settings icon –> > Setup –> > Collection and Groups –> > Groups –> > Device Groups side tab to check and enable collection settings for a Device Group).
  • History Indicates Config not Changed: No configuration changes have occurred since the previous fetching of configuration data. This message appears only for regular device polling operations on managed devices.
  • CLI credentials unknown: All attempts at guessing or logging in to a device after discovery are unsuccessful.

To view a device's user audit log, go to Device Viewer –> > Settings & Status –> > User Audit Log. The audit log appears as a cumulative list for all Telnet/SSH sessions for the individual network device or end host for the last 30 days.

...

The Device Audit Log (Device Viewer –> > Settings & Status –> > Device Audit Log) provides a device-specific list of events related to the device's management by NetMRI. You can expect to see messages such as LicenseAdd, indicating when the device was added to NetMRI management into a Device Group for purposes of Switch Port Management or other licensing requirements. You may see DiscoveryDelete in a case where a device with a particular management port IP address was removed from NetMRI management due to another device being managed through the same IP.

A second Device Audit Log, in Settings icon –> > Notifications –> > Device Audit Log, provides a listing for all Discovery and Licensing messages for all devices managed by NetMRI.

...

NetMRI ships with pre-defined device groups. Discovered devices are grouped based on their types and assurance levels. For more information, see Default Device Groups. 

All device groups are divided into two types:

  • Basic device groups, which provide only basic categorization and processing features to limit processing loads on member devices. They are most useful for large collections of network devices that you know will not be actively managed, such as end-user network segments at the terminating end of Ethernet circuits.
  • Extended device groups, which provide the full set of NetMRI device processing features on member devices. They provide network scores for the NetMRI Dashboard and enable management through user Roles and Privileges. Extended device groups also may impose a higher computation load on the appliance.

For more information, see Controlling NetMRI with Device Groups.

Default Device Groups

Default device groups serve as good examples of how selection criteria and process settings can be defined to organize your network devices, but you should learn how to create your own device groups to gain all of the benefits of the device groups feature.

...

Basic device groups limit their processing options to a minimum. Basic device groups do not contribute to NetMRI Network Scorecard calculations and significantly reduce back-end processing. You can define group membership criteria. For more information, see Understanding Device Group Membership Criteria. 

Extended device groups provide a substantial collection of settings to determine how an extended device group processes its information. Along with defining group membership criteria, a number of options help determine the level and types of processing performed by an extended device group:

  • Include non-network devices: Enables collecting end-host network segments into a basic device group to avoid expanding system processing cycles on network devices that do not require them.
  • Rank: For more information, see Ranking Device Groups.
  • Polling Frequency: Allows you to modify the default polling frequency for all devices or for specific device groups. 
  • Switch Port data collection: Enable this only for device groups with L2/L3 Ethernet switching devices as members. This allows you to enforce custom periodic or scheduled polling settings for specific groups. For more information, see Device Groups and Switch Port Management. 
  • Collect performance and environmental data: Enable or disable device performance and environmental information. For more information, see Changing Performance Data Collection Settings. 
  • Probe for open ports: Allows NetMRI to probe for open TCP/UDP ports on member devices.
  • Identify device using fingerprinting: For more information, see Defining Group see Data Collection SettingsTechniques.
  • Probe for NetBIOS name: For more information, see Defining Group see Data Collection SettingsTechniques.
  • Analyze for Issues: For more information, see Evaluating Issues in NetMRI and Viewing Device Issues, Configurations, and ChangesInspecting Devices in the Network.
  • Test for default credentials: Allows NetMRI to test all devices in the group for the presence of vendor default SNMP credentials, which are a potential element for security breaches, but are also used for assistance in collecting device configurations. Credential default testing is also a compliance measure.
  • Collect config files: For more information, see beginning with Configuration Management.
  • Regard configurations as 'Locked': Disallows editing of any collection configuration files for members of the device group.
  • Allow script execution: Allows the execution of Perl and CCS scripts on group member devices.
  • Enable Discovery Blackout: Define time periods when NetMRI will not communicate with devices or networks for discovery.
  • Enable Change Blackout: Define blackouts for CLI interaction, scheduled or run-now job executions, Telnet/SSH proxy, and port control UI features for all devices in the group. For more information, see Defining Blackout Periods.

All settings are further described in the topic Creating Device Groups.

You can convert basic device groups to extended device groups, and also the reverse, at any time.

...

Through device groups, switch port management enables you to monitor and analyze the complement of Ethernet trunks and switch ports in their network. Switch port information gathering, or polling, is the key tool for doing this. Device groups can specify unique switch port management polling settings. Polling settings that are located under Settings icon –> Setup –> > Collection and Groups –> > Groups tab take precedence over the global settings defined in Settings icon –> > Setup –> > Collection and Groups –> > Global –> > Switch Port Management.

To poll a device group or create custom settings for polling, perform the following:

  1. In the Device Group Selector, right-click the Switching device group and select Edit Device Group. The Edit Device Group dialog opens. The Switching device group is an extended device group that provides several features designed for Ethernet switching devices management.
  2. Open the Switch port data Collection dropdown. Select from the following options:
    • Use Global Settings: Enforces the use of global periodic or scheduled polling settings for the current device group. For more information see
    3. Global Switch Port Management Polling Settings
    • Data Collection Techniques.
    • Specify polling Interval: Defines custom regular polling time periods for the group. Choose a polling interval of 1 or more Minutes or Hours, or click Poll Now to poll all devices that are members of the device droup.
    • Specify schedule: Select an existing custom group schedule or click Add New Schedule to create a new custom schedule for recurrent polling of the group. Select a Recurrence Pattern of Once, Hourly, Daily, Weekly, or Monthly. In all cases, you must choose an Execution Time. Click Add when finished defining the new schedule. To delete a schedule from the list, click the trashcan icon in the Actions column.
    • Disable: Disables device switch port data collection for the selected device group. Disabling switch port data collection prevents NetMRI from collecting VLAN and switch forwarding data. This can affect neighbor topology for the switch and any connected devices to the switch possibly resulting in NetMRI not being able to accurately locate devices on the network. Disabling switch port data collection also prevents analysis of any VLAN-related issues for a disabled switch.

3. Click Save & Close or Save & New.

...

The Collection and Groups page opens, showing the Groups –> > Device Groups tab (also reachable by Settings icon –> > Setup –> > Collection and Groups –> > Groups tab).

Note
titleNote

The number in parentheses after a device group name is the number of devices in the group.

...

The complete list of data points provided for every device group at all nested levels includes the following:

ARP (Refresh device caches)

Indicates whether member devices in the group will have their ARP caches refreshed before collecting discovery data. NetMRI uses ARP cache refresh to control LAN switches from which switch-forwarding data is collected. 

SNMP

Indicates whether the device group is set to enable SNMP data collection for member devices. SNMP collection can also be enabled/disabled for groups and devices.

PS (Port Scan)

Indicates whether members of the device group will be scanned for open protocol ports. If enabled, NetMRI probes the TCP and UDP ports listed at Settings icon

–>

> Setup

–>

> Port List, to determine whether they are open. 

FP (Fingerprint)

Indicates the device group setting to use the Identify device using fingerprinting setting for member devices. (This setting is dependent on the Probe for Open ports feature.) A polling technique to identify each network device based on the response characteristics of its TCP stack. This information is used to determine the device type. In the absence of SNMP access, fingerprinting is usually the only way to identify non-network devices. 

C (Collect configs)

Indicates the device group setting to allow config file collection for all members in the group (Collect config files).

CCS (CCS scripting)

Indicates the device group setting to allow CCS script file execution for all members in the group (Allow Script Execution).

PP (Privileged Polling)Indicates whether the option CLI polling in privileged mode (i.e. privileged exec (enable) mode) is enabled for the group the device belongs to. You can override this setting for an individual device in the Device Viewer.

DC (Default Credentials)

Indicates the device group setting for Test for Default Credentials, used to scan for the presence of vendor default credentials for all members in the group.

A (Issue Analysis)

Indicates the device group setting to allow Issue analysis for all members in the group (Analyze for Issues). 

CL (Config Lock)

Indicates the device group setting to collect config data but to consider all member device configs locked and not to be changed through NetMRI (Regard configurations as 'locked'). 

UGPF (Use Global Polling Frequency)Indicates whether the device group uses the global polling frequency value. 
PF (Polling Frequency)Indicates whether the device group uses a custom polling frequency value. 

NB (NetBIOS Scan)

Device polling method to collect the NetBIOS name for endpoint devices in the network. Device groups also enable NetBIOS scanning. 

DB (Discovery Blackout)

Indicates the device group setting to impose discovery blackouts. 

CB (Change Blackout)

Indicates the device group setting to impose configuration change blackouts. 

SPMC (SPM
Collection)

Indicates the device group setting to allow switch port data collection (Switch port data Collection). 

SPMS (Polling Schedule)

Indicates whether the device group provides a polling interval or scheduling for switch port data collection. This setting is dependent on an enabled Switch port data Collection setting for the device group.

MC (Membership Criteria)

Hovering the mouse over the check box in this column shows the complete regular expression for the selected device group. 

Creating a Top-Level or Sibling Device Group

...

  1. Click the Settings icon > Setup > Collection and Groups > Groups.
  2. Right-click a device group and select Add > Child from the shortcut menu.
    The Add Device Group dialog appears.
  3. Select either Basic or Extended. By default, Basic is selected. For more information about extended device groups, see Creating Extended Device Groups. 
  4. In the Parent ID field, NetMRI automatically sets the ID of the parent group.
  5. Enter a Name for the new child group. The group name is shown in all group-related displays and reports, so the group name should be meaningful without being too long.
  6. Enter a Membership Criteria regular expression. For more information, see Understanding Device Group Membership Criteria. 
  7. Click Save & Close or Save & New.
Note
titleNote

Nested device groups also operate with Issue Analysis. For information, see Issue Analysis Evaluating Issues in NetMRI and  and its subsections. Nested device groups inherit their Issue settings from their parent device groups, and may need editing to suppress Issues that are not relevant to them.

...

  1. Click the Settings icon > Setup > Collection and Groups > Groups.
  2. Click Add to create a top-level, sibling, or child extended group.
  3. In the Parent ID field, NetMRI automatically sets the ID of the parent group. It is "0" for a top-level or sibling group.
  4. Enter a Name for the group. The group name is shown in all group-related displays and reports, so the group name should be meaningful without being too long.

  5. Define a Membership Criteria regular expression.

    Note
    titleNote

    Infoblox recommends using regular expressions for refining the membership in device groups. The topic Understanding Device Group Membership Criteria provides the information you need to understand and define regular expressions for device groups. 


  6. If you want the device group to include collections of discovered non-network devices, select Include non-network devices. Leaving this setting unselected prevents non-network devices from occupying valuable licensing space.
  7. Next to Type, click Extended.
  8. Rank: Displays the Ranking value as the default sort order. For more information, see Ranking Device Groups. Ranking value is used as the default sort order for all group-related tables, with the highest rank shown first. Rank is also used to determine the individual device settings controlling processing for each device.

  9. Polling Frequency: Allows you to slow down or speed up the device polling frequency. 

  10. For Switch Port data Collection, choose from the following:

    • Use Global Settings: Select this to enable the device group to inherit global settings for switch port data collections. To find the global settings, click the Settings icon > Setup > Collection and Groups > Global > Switch Port Management.
    • Specify Polling Interval: Overrides the global polling interval with a custom polling interval for the current device group. You can define an interval of 1-60 Minutes or 1-24 Hours in the fields that appear.
    • Specify Schedule: Overrides the global scheduled polling setting with a custom schedule for the current device group. Existing schedules may appear in the list or, click Add New Schedule to create a new polling schedule instance. Choose a Recurrence Pattern of Once, Hourly, Daily, Weekly, or Monthly. In all cases, you must choose an Execution Time and select at least one day of the week check box.
    • Poll Now: Click to execute switch port polling on the device group right after it is created.

    • Disable: Completely disables switch port polling for the device group. The polling frequency modifier described in the previous step does not affect settings for switch port data collection frequency.

  11. Activate the processing options for the new Extended extended group:
    • Collect performance and environmental data Enable or disable device performance and environmental information for all member devices in the group. 
    • CLI polling in privileged mode: Enable or disable CLI polling in privileged exec mode for the device group. You can override this setting for individual devices in the Device Viewer.
    • Probe for open ports: If enabled, TCP and UDP ports listed at Settings icon > Setup section > Port List are probed to determine whether they are open.
    • Analyze device using fingerprinting: If enabled, fingerprinting attempts to identify each device based on the response characteristics of the TCP stack being used.
    • Probe for NetBIOS name: Setting to enable NetMRI to collect the NetBIOS names for endpoint device members in the device group. It is globally disabled by default to prevent unexpected scanning of the network by a new Operations Center Collector.
    • Analyze for Issues: NetMRI evaluates over 250 discrete Issues, plus custom Issues defined by the admin user. Issues are discovered and reported by NetMRI based on globally set schedules. Disabling this feature for a device group disallows the group from being selectable in the Device Group Selector panel in the main Network Analysis 
    12. –> 
    • Issues page. 
    • Test for default credentials: Allows NetMRI to test all devices in the group for the presence of vendor default SNMP credentials, which are a potential element for security breaches, but are also used for assistance in collecting device configurations. Credential default testing is also a compliance measure.
    • Collect config files: When enabled, this check box allows NetMRI to collect all present configuration files for devices in the device group. To participate in the Configuration Management feature set, which allows you to view and compare differences between running-config and saved-config configuration files, edit, and manage config files on devices. 
    • Regard configurations as 'Locked': Disallows editing of any collection configuration files for members of the device group.
    • Allow script execution: Allows the execution of Perl and CCS scripts on member devices.
    • Refresh device caches before collecting switch port data: Check box to enable refreshing of ARP caches on switches and switch-routers in the managed network before NetMRI performs polling of switch ports.
      Enabling this feature will not produce an automatic ping sweep of the managed network. The benefit of this feature is that it enables more accurate detection of all endpoint devices on switches. Without ARP refresh, some endpoint devices may not be detected. This feature is globally disabled by default. With this setting globally enabled, individual device groups can also be set to enable or disable this feature.
      For more detailed descriptions of these options, see Global
    13.  –>
    •  > Network Polling and Config Management.

...

  1. Select the Enable Discovery Blackout check box and click its Scheduling icon. The scheduling options appear

...

  1. :
    1. In the Recurrence Pattern dropdown, choose how often you want to execute the blackout period. You can select Once, Daily, Weekly, or Monthly.
  2. If you choose Once:
    3. Choose
    1. Based on the duration you select, choose an Execution Time from the drop-down list.
    2. Enter the date of the blackout, in the Day_of_ field.
    4. Specify
    1.  Specify the Duration: 10 or more
    5. Minutes
    1. minutes,
    6. Hours, or Days.

c. If you choose Daily, click either Every Day or Every Weekday:

      • Choose an Execution Time from the drop-down list.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.

d. If you choose Weekly, complete the following:

    Choose an Execution Time from the drop-down list
    1. hours, or days.
    2. Check the check boxes for one or more days from Sunday through Saturday.
  2. Specify the Duration: 10 or more Minutes, Hours, or Days.

...

  1. Choose an Execution Time from the drop-down list.
    1. (If you choose

...

    1. Weekly)
    2. Schedule the day of the month: A discovery blackout can be executed monthly on a specific day, or blackout instances can be executed more than one month apart on a specific day, in the Day of every month(s) field.
  2. Specify the Duration: 10 or more Minutes, Hours, or Days.

...

    1.  (If you choose Monthly)
  2. If necessary, select the Enable Change Blackout check box and click its Scheduling icon. The scheduling options appear. Follow steps 12a through 12e to define the change blackout schedule.

...

  1. Click Save & Close or Save & New.

Some devices in your network may have a locked Config Change setting (Device Viewer –>> Settings & Status –> > General Settings), which means that NetMRI will be disallowed from changing configurations on the device. In these cases, a device-level Enable Change Blackout setting is unnecessary. Similarly, each NetMRI device group has a Regard configurations as 'locked' setting. If a device group uses this setting, the Enable Change Blackout setting is unnecessary. If a device group does not enforce a change blackout, but a device in that group enables the Regard configurations as 'locked' setting, the device setting takes precedence.

...

Device Groups also determine how its member devices will be interacted with by NetMRI. For example, if SNMP Collection or Config Collection are disabled for the highest ranking group containing a given device, then no SNMP data collection or Configuration file collection is performed for that device (beyond the initial collection needed to detect its existence). You use the same processes and settings to define Interface Groups (described in Creating Interface Groups.) The  The process for Device Groups is straightforward.

...

You create and configure interface groups in the Interface Groups page (settings icon –> > Setup –> > Collection and Groups –> > Groups tab –> > Interface Groups side tab). The benefits of using interface groups include the following:

...

To create an interface group, perform the following:

  1. Go to Settings icon –> > Setup –> > Collection & Groups –> > Interface Groups side tab.
  2. Click the Add Group button (below the Interface Groups table). The Add Interface Group dialog appears.
  3. Type a Name for the interface group. The group name is shown in all group-related displays and reports, so it should be meaningful without being too long.
  4. Enter a Rank for the interface group. 
  5. Type a Membership Criteria expression. 

  6. Activate the processing options for the group.
    Performance Statistics Collection: If enabled, NetMRI collects performance data for interfaces in the group. If disabled, the appliance gathers minimal data for interfaces in the group. This setting can be overridden for an individual interface in the Interface Viewer

    –>

    > Settings icon

    –>

    > General Settings page.
    Frequency: Select the performance statistics collection interval. The default is set as Daily.

    Note
    titleNote

    You can set the Frequency to be more frequent than the default Daily setting.

...


  2. Click the Save & Close button.

or

Click the Save & New button to save/close the current group definition and start a new group definition.

...

  • To enable performance data collection for an interface group: In the Settings icon –> > Setup section –> > Collection and Groups page –> > Groups tab –> > Interface Groups side tab, hover the mouse over the Action icon and choose Edit, and activate the Performance Statistics Collection checkbox.

...

  • To enable performance data collection for a specific interface: Open the interface in the Interface Viewer. In the Settings section –> > General Settings page, enable Performance Statistics Collection by selecting Enabled from the dropdown menu and clicking Update. This setting overrides the parent interface group's setting.

...

Use interface groups for suppression of certain interface related issues and to modify thresholds for their appearance. Interface group issue suppression removes the need to manually suppress undesirable issue instances and allows for instances that have yet to be raised — and to be suppressed — to be suppressed before they are even raised. You can review interface group issue suppression settings at the Settings icon –> > Issue Analysis section –> > Issue Group Settings page.

Expressions in Group Definitions

...

The $Model and $IPAddress values work for creating device groups but cannot be used for building Rules with device attributes under Configuration Management –>> Policy Design Center –>> Rule.

$Model in ["cat4506", "3725"]

...