Versions Compared

Old Version 13

changes.mady.by.user Panna .

Saved on

compared with

New Version Current

changes.mady.by.user Uday Dubey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For any Telnet or SSH session, administrative users can define user CLI credentials for other NetMRI user accounts. The location for configuring is Settings icon –> > User Admin –> > edit User –> > CLI Credentials tab. Accounts that can modify CLI credentials for themselves and other users include SysAdmin, UserAdmin and ChangeEngineer High. Without User CLI credentials, other users can still log in to devices using their own device-specific credentials. This is particularly handy for devices that are not directly managed by NetMRI, such as Linux systems, but for which a user has a specific account. Some devices that are detected and/or managed by NetMRI may not provide the same level of Telnet or SSH as NetMRI. This is an advantage of the Telnet/SSH proxy.

...

  1. Start a PuTTy session.
  2. In the PuTTy Configuration window, go to the Connection –> > Data –> > Category section.
  3. As illustrated below, perform the following in the Environment variables section: enter CLI_PROXY_HOST 210.20.20.5.
  4. Click Open.

...

  • Config collection disabled globally: The current instance of NetMRI has disabled all Config Collection features (go to the Settings icon –> > Setup –> > Collection and Groups –> > Config Management side tab to check and enable collection settings).
  • Config collection disabled globally for all protocols: The current instance of NetMRI has enabled Config Collection but none of the protocols for gathering data (telnet, SSH, HTTP) are enabled (go to Settings icon –> > Setup –> > Collection and Groups –> > Config Management side tab to check and enable collection settings).
  • Not Included by Discovery Settings: The device in question is not part of any IP range, is not specified as a static IP, and does not match any device Hints and is not a seed router. (go to Settings icon –> > Setup –>  Discovery Settings to check values for each of the four setting types. This message appears only for attempts to get configurations from the device.
  • Not Licensed: Device is not licensed under NetMRI. This message appears only for attempts to get configurations from the device.
  • Config collection disabled at device group level: NetMRI has disabled Config Collection features for a specific Device Group (go to Settings icon –> > Setup –> > Collection and Groups –> > Groups –> > Device Groups side tab to check and enable collection settings for a Device Group).
  • History Indicates Config not Changed: No configuration changes have occurred since the previous fetching of configuration data. This message appears only for regular device polling operations on managed devices.
  • CLI credentials unknown: All attempts at guessing or logging in to a device after discovery are unsuccessful.

To view a device's user audit log, go to Device Viewer –> > Settings & Status –> > User Audit Log. The audit log appears as a cumulative list for all Telnet/SSH sessions for the individual network device or end host for the last 30 days.

...

The Device Audit Log (Device Viewer –> > Settings & Status –> > Device Audit Log) provides a device-specific list of events related to the device's management by NetMRI. You can expect to see messages such as LicenseAdd, indicating when the device was added to NetMRI management into a Device Group for purposes of Switch Port Management or other licensing requirements. You may see DiscoveryDelete in a case where a device with a particular management port IP address was removed from NetMRI management due to another device being managed through the same IP.

A second Device Audit Log, in Settings icon –> > Notifications –> > Device Audit Log, provides a listing for all Discovery and Licensing messages for all devices managed by NetMRI.

...

Through device groups, switch port management enables you to monitor and analyze the complement of Ethernet trunks and switch ports in their network. Switch port information gathering, or polling, is the key tool for doing this. Device groups can specify unique switch port management polling settings. Polling settings that are located under Settings icon –> Setup –> > Collection and Groups –> > Groups tab take precedence over the global settings defined in Settings icon –> > Setup –> > Collection and Groups –> > Global –> > Switch Port Management.

To poll a device group or create custom settings for polling, perform the following:

  1. In the Device Group Selector, right-click the Switching device group and select Edit Device Group. The Edit Device Group dialog opens. The Switching device group is an extended device group that provides several features designed for Ethernet switching devices management.
  2. Open the Switch port data Collection dropdown. Select from the following options:
    • Use Global Settings: Enforces the use of global periodic or scheduled polling settings for the current device group. For more information see Data Collection Techniques.
    • Specify polling Interval: Defines custom regular polling time periods for the group. Choose a polling interval of 1 or more Minutes or Hours, or click Poll Now to poll all devices that are members of the device droup.
    • Specify schedule: Select an existing custom group schedule or click Add New Schedule to create a new custom schedule for recurrent polling of the group. Select a Recurrence Pattern of Once, Hourly, Daily, Weekly, or Monthly. In all cases, you must choose an Execution Time. Click Add when finished defining the new schedule. To delete a schedule from the list, click the trashcan icon in the Actions column.
    • Disable: Disables device switch port data collection for the selected device group. Disabling switch port data collection prevents NetMRI from collecting VLAN and switch forwarding data. This can affect neighbor topology for the switch and any connected devices to the switch possibly resulting in NetMRI not being able to accurately locate devices on the network. Disabling switch port data collection also prevents analysis of any VLAN-related issues for a disabled switch.

3. Click Save & Close or Save & New.

...

The Collection and Groups page opens, showing the Groups –> > Device Groups tab (also reachable by Settings icon –> > Setup –> > Collection and Groups –> > Groups tab).

Note
titleNote

The number in parentheses after a device group name is the number of devices in the group.

...

The complete list of data points provided for every device group at all nested levels includes the following:

ARP (Refresh device caches)

Indicates whether member devices in the group will have their ARP caches refreshed before collecting discovery data. NetMRI uses ARP cache refresh to control LAN switches from which switch-forwarding data is collected. 

SNMP

Indicates whether the device group is set to enable SNMP data collection for member devices. SNMP collection can also be enabled/disabled for groups and devices.

PS (Port Scan)

Indicates whether members of the device group will be scanned for open protocol ports. If enabled, NetMRI probes the TCP and UDP ports listed at Settings icon

–>

> Setup

–>

> Port List, to determine whether they are open. 

FP (Fingerprint)

Indicates the device group setting to use the Identify device using fingerprinting setting for member devices. (This setting is dependent on the Probe for Open ports feature.) A polling technique to identify each network device based on the response characteristics of its TCP stack. This information is used to determine the device type. In the absence of SNMP access, fingerprinting is usually the only way to identify non-network devices. 

C (Collect configs)

Indicates the device group setting to allow config file collection for all members in the group (Collect config files).

CCS (CCS scripting)

Indicates the device group setting to allow CCS script file execution for all members in the group (Allow Script Execution).

PP (Privileged Polling)Indicates whether the option CLI polling in privileged mode (i.e. privileged exec (enable) mode) is enabled for the group the device belongs to. You can override this setting for an individual device in the Device Viewer.

DC (Default Credentials)

Indicates the device group setting for Test for Default Credentials, used to scan for the presence of vendor default credentials for all members in the group.

A (Issue Analysis)

Indicates the device group setting to allow Issue analysis for all members in the group (Analyze for Issues). 

CL (Config Lock)

Indicates the device group setting to collect config data but to consider all member device configs locked and not to be changed through NetMRI (Regard configurations as 'locked'). 

UGPF (Use Global Polling Frequency)Indicates whether the device group uses the global polling frequency value. 
PF (Polling Frequency)Indicates whether the device group uses a custom polling frequency value. 

NB (NetBIOS Scan)

Device polling method to collect the NetBIOS name for endpoint devices in the network. Device groups also enable NetBIOS scanning. 

DB (Discovery Blackout)

Indicates the device group setting to impose discovery blackouts. 

CB (Change Blackout)

Indicates the device group setting to impose configuration change blackouts. 

SPMC (SPM
Collection)

Indicates the device group setting to allow switch port data collection (Switch port data Collection). 

SPMS (Polling Schedule)

Indicates whether the device group provides a polling interval or scheduling for switch port data collection. This setting is dependent on an enabled Switch port data Collection setting for the device group.

MC (Membership Criteria)

Hovering the mouse over the check box in this column shows the complete regular expression for the selected device group. 

Creating a Top-Level or Sibling Device Group

...

  1. Click the Settings icon > Setup > Collection and Groups > Groups.
  2. Click Add to create a top-level, sibling, or child extended group.
  3. In the Parent ID field, NetMRI automatically sets the ID of the parent group. It is "0" for a top-level or sibling group.
  4. Enter a Name for the group. The group name is shown in all group-related displays and reports, so the group name should be meaningful without being too long.

  5. Define a Membership Criteria regular expression.

    Note
    titleNote

    Infoblox recommends using regular expressions for refining the membership in device groups. 


  6. If you want the device group to include collections of discovered non-network devices, select Include non-network devices. Leaving this setting unselected prevents non-network devices from occupying valuable licensing space.
  7. Next to Type, click Extended.
  8. Rank: Displays the Ranking value as the default sort order. Ranking value is used as the default sort order for all group-related tables, with the highest rank shown first. Rank is also used to determine the individual device settings controlling processing for each device.

  9. Polling Frequency: Allows you to slow down or speed up the device polling frequency. 

  10. For Switch Port data Collection, choose from the following:

    • Use Global Settings: Select this to enable the device group to inherit global settings for switch port data collections. To find the global settings, click the Settings icon > Setup > Collection and Groups > Global > Switch Port Management.
    • Specify Polling Interval: Overrides the global polling interval with a custom polling interval for the current device group. You can define an interval of 1-60 Minutes or 1-24 Hours in the fields that appear.
    • Specify Schedule: Overrides the global scheduled polling setting with a custom schedule for the current device group. Existing schedules may appear in the list or, click Add New Schedule to create a new polling schedule instance. Choose a Recurrence Pattern of Once, Hourly, Daily, Weekly, or Monthly. In all cases, you must choose an Execution Time and select at least one day of the week check box.
    • Poll Now: Click to execute switch port polling on the device group right after it is created.

    • Disable: Completely disables switch port polling for the device group. The polling frequency modifier described in the previous step does not affect settings for switch port data collection frequency.

  11. Activate the processing options for the new Extended extended group:
    • Collect performance and environmental data Enable or disable device performance and environmental information for all member devices in the group. 
    • CLI polling in privileged mode: Enable or disable CLI polling in privileged exec mode for the device group. You can override this setting for individual devices in the Device Viewer.
    • Probe for open ports: If enabled, TCP and UDP ports listed at Settings icon > Setup section > Port List are probed to determine whether they are open.
    • Analyze device using fingerprinting: If enabled, fingerprinting attempts to identify each device based on the response characteristics of the TCP stack being used.
    • Probe for NetBIOS name: Setting to enable NetMRI to collect the NetBIOS names for endpoint device members in the device group. It is globally disabled by default to prevent unexpected scanning of the network by a new Operations Center Collector.
    • Analyze for Issues: NetMRI evaluates over 250 discrete Issues, plus custom Issues defined by the admin user. Issues are discovered and reported by NetMRI based on globally set schedules. Disabling this feature for a device group disallows the group from being selectable in the Device Group Selector panel in the main Network Analysis 
    12. –> 
    • Issues page. 
    • Test for default credentials: Allows NetMRI to test all devices in the group for the presence of vendor default SNMP credentials, which are a potential element for security breaches, but are also used for assistance in collecting device configurations. Credential default testing is also a compliance measure.
    • Collect config files: When enabled, this check box allows NetMRI to collect all present configuration files for devices in the device group. To participate in the Configuration Management feature set, which allows you to view and compare differences between running-config and saved-config configuration files, edit, and manage config files on devices. 
    • Regard configurations as 'Locked': Disallows editing of any collection configuration files for members of the device group.
    • Allow script execution: Allows the execution of Perl and CCS scripts on member devices.
    • Refresh device caches before collecting switch port data: Check box to enable refreshing of ARP caches on switches and switch-routers in the managed network before NetMRI performs polling of switch ports.
      Enabling this feature will not produce an automatic ping sweep of the managed network. The benefit of this feature is that it enables more accurate detection of all endpoint devices on switches. Without ARP refresh, some endpoint devices may not be detected. This feature is globally disabled by default. With this setting globally enabled, individual device groups can also be set to enable or disable this feature.
      For more detailed descriptions of these options, see Global
    13.  –>
    •  > Network Polling and Config Management.

...

  1. Select the Enable Discovery Blackout check box and click its Scheduling icon. The scheduling options appear

...

  1. :
    1. In the Recurrence Pattern dropdown, choose how often you want to execute the blackout period. You can select Once, Daily, Weekly, or Monthly.
  2. If you choose Once:
    3. Choose
    1. Based on the duration you select, choose an Execution Time from the drop-down list.
    2. Enter the date of the blackout, in the Day_of_ field.
    4. Specify
    1.  Specify the Duration: 10 or more
    5. Minutes
    1. minutes,
    6. Hours
    1. hours, or
    7. Days
  7. Choose an Execution Time from the drop-down list.
    1. days.

c. If you choose Daily, click either Every Day or Every Weekday:

      • Choose an Execution Time from the drop-down list.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.

d. If you choose Weekly, complete the following:

      • Choose an Execution Time from the drop-down list.
      • Check the check boxes for one or more days from Sunday through Saturday.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.

e. If you choose Monthly, complete the following:

    1. Check the check boxes for one or more days from Sunday through Saturday. (If you choose Weekly)
    2. Schedule the day of the month: A discovery blackout can be executed monthly on a specific day, or blackout instances can be executed more than one month apart on a specific day, in the Day of every month(s) field.
  2. Specify the Duration: 10 or more Minutes, Hours, or Days.

...

    1.  (If you choose Monthly)
  2. If necessary, select the Enable Change Blackout check box and click its Scheduling icon. The scheduling options appear. Follow steps 12a through 12e to define the change blackout schedule.

...

  1. Click Save & Close or Save & New.

Some devices in your network may have a locked Config Change setting (Device Viewer –>> Settings & Status –> > General Settings), which means that NetMRI will be disallowed from changing configurations on the device. In these cases, a device-level Enable Change Blackout setting is unnecessary. Similarly, each NetMRI device group has a Regard configurations as 'locked' setting. If a device group uses this setting, the Enable Change Blackout setting is unnecessary. If a device group does not enforce a change blackout, but a device in that group enables the Regard configurations as 'locked' setting, the device setting takes precedence.

...

You create and configure interface groups in the Interface Groups page (settings icon –> > Setup –> > Collection and Groups –> > Groups tab –> > Interface Groups side tab). The benefits of using interface groups include the following:

...

To create an interface group, perform the following:

  1. Go to Settings icon –> > Setup –> > Collection & Groups –> > Interface Groups side tab.
  2. Click the Add Group button (below the Interface Groups table). The Add Interface Group dialog appears.
  3. Type a Name for the interface group. The group name is shown in all group-related displays and reports, so it should be meaningful without being too long.
  4. Enter a Rank for the interface group. 
  5. Type a Membership Criteria expression. 

  6. Activate the processing options for the group.
    Performance Statistics Collection: If enabled, NetMRI collects performance data for interfaces in the group. If disabled, the appliance gathers minimal data for interfaces in the group. This setting can be overridden for an individual interface in the Interface Viewer

    –>

    > Settings icon

    –>

    > General Settings page.
    Frequency: Select the performance statistics collection interval. The default is set as Daily.

    Note
    titleNote

    You can set the Frequency to be more frequent than the default Daily setting.

...


  2. Click the Save & Close button.

or

Click the Save & New button to save/close the current group definition and start a new group definition.

...

  • To enable performance data collection for an interface group: In the Settings icon –> > Setup section –> > Collection and Groups page –> > Groups tab –> > Interface Groups side tab, hover the mouse over the Action icon and choose Edit, and activate the Performance Statistics Collection checkbox.

...

  • To enable performance data collection for a specific interface: Open the interface in the Interface Viewer. In the Settings section –> > General Settings page, enable Performance Statistics Collection by selecting Enabled from the dropdown menu and clicking Update. This setting overrides the parent interface group's setting.

...

Use interface groups for suppression of certain interface related issues and to modify thresholds for their appearance. Interface group issue suppression removes the need to manually suppress undesirable issue instances and allows for instances that have yet to be raised — and to be suppressed — to be suppressed before they are even raised. You can review interface group issue suppression settings at the Settings icon –> > Issue Analysis section –> > Issue Group Settings page.

Expressions in Group Definitions

...

The $Model and $IPAddress values work for creating device groups but cannot be used for building Rules with device attributes under Configuration Management –>> Policy Design Center –>> Rule.

$Model in ["cat4506", "3725"]

...