...
- If necessary, install your NetMRI appliance or appliances. For more information, see the Infoblox Installation Guide for your NetMRI appliances. Ensure that you have the full feature licensing and device licensing entitlements for your deployment. For more information, see Understanding Platform Limits, Licensing Limits, and Effective Limits. If you are upgrading your NetMRI installation, check the installation instructions in the Release Notes for your software (and see the section below, Discovery with an Existing NetMRI Platform.
Also, read the section Preparing for NetMRI VRF Access for information on checking and configuring VRF-aware devices to which NetMRI will connect for managing virtual networks. - Configure your first network views for network management.
For new installations, NetMRI automatically provides an initial network view, named Network 1, as part of the initial setup. For the initial discovery of the network, you may only need this first network view. For more information, see Configuring Network Views. - You combine network views with scan interfaces to separate and manage networks. For new installations, the Network 1 network view is automatically bound to your appliance's LAN1 port. This may be the only interface you need for initial network discovery. This interface connects to the router through which NetMRI begins to discover the network. For more information, see Configuring Scan Interfaces.
- Configure your discovery settings. They include discovery IP address ranges, possible static IP addresses of devices you explicitly want to discover in your networks, a seed router for network discovery and possible device hints to improve odds of finding devices. The seed router might be, for example, the router to which NetMRI first connects for discovery of the network. For more information, see the sections Configuring Discovery Ranges, Specifying Static IPs, Adding Seed Routers, Configuring CISCO APIC, and Adding Device Hints.
- Add the necessary device SNMP credentials, and CLI admin login and Enable password credentials. For more information, see Adding and Editing Device Credentials and its various sections. You can also add and test credentials for individual devices; for more information, see Adding and Testing SNMP Credentials for a Device.
- Associate discovery settings to network views. Add your discovery settings from Step 4 to the network views and begin to discover the network. Initial discovery of your networks begins automatically after the discovery ranges and other discovery settings, such as a seed router, are added to the network view, which also must have a scan interface connection. For more information, see Discovery Using Network Views.
- Watch data collection. Network data collection and virtual network detection take place during your initial network discovery, which begins automatically when the network connection is established from NetMRI, to the network to be discovered. Perform the following to view discovered information about your network:
- View summaries of discovery events: Click the All Devices device group in the right panel, and open the Network Explorer –> Discovery page to see a table of all devices being discovered by NetMRI. For more information about the features on this page, see Viewing and managing Discovery Results.
- View a list of devices your appliance has recently discovered: Click the All Devices device group in the right panel, and open the Network Explorer –> Inventory page to see tables of all member devices. For more information about the features on this page, see Viewing Network Inventory.
- View summaries of recently discovered network phenomena: Includes summary information of routed networks, VLANs, route targets, and virtual networks (VRFs). For more information about the features on this page, see Summarizing Network Topologies.
- Map virtual networks. If your network has virtual networks, NetMRI automatically discovers them on the devices where they are configured, and alerts you through System Health banner messages at the top of the screen to map those VRF-aware devices to the network views where they belong. By mapping each virtual network to network views, you provide more information to the discovery process. For more information, see Mapping Virtual Networks to Network Views.
...
- Go to Settings icon –> Setup –> Scan Interfaces. The Scan Interfaces Settings page appears, listing all device interfaces that may be used by the appliance. Depending on the hardware and system type, you will see one or more interfaces named MGMT and/or LANn (where n is the physical port number). If your system is an Operations Center, the Collector Name is shown alongside the interfaces. If any virtual scan interfaces are defined, they will have names like LAN2.111. See Configuring Virtual Scan Interfaces below for more information.
- Hover over the Action icon for any of the physical ports and select Edit from the menu.
- Choose from the Network View configuration section:
- Select Existing: Choose a network view from the list of existing ones that are defined on the system.
- Select the view from the drop-down list.
- Selecting Unassigned as the Network View leaves the interface in a disabled state.
- Select Existing: Choose a network view from the list of existing ones that are defined on the system.
- OR
- Create New: Creates a new network view.
...
The Ranges table displays each defined range, its type (CIDR, RANGE, or WILDCARD), and its use in the discovery process. Ranges excluded for discovery indicate that any network device found matching that range is excluded from discovery by the appliance. See Range Examples for more information.
Creating Discovery Ranges
...
- Choose Settings icon –> Setup –> Collection and Groups.
- On the Global page (which appears by default), check the Enable Discovery Blackout check box and click its Scheduling icon. The Discovery Blackout Scheduling gadgets appear.
- In the Recurrence Pattern drop-down, choose how often you want to execute the blackout period. You can select Once, Daily, Weekly, or Monthly.
- If you choose Once, complete the following:
- Choose an Execution Time from the drop-down list.
- Enter the date of the blackout, in the Day_of_ field.
- Specify the Duration: 10 or more Minutes, Hours, or Days.
- If you choose Daily, click either Every Day or Every Weekday.
- Choose an Execution Time from the drop-down list.
- Specify the Duration: 10 or more Minutes, Hours, or Days.
- If you choose Weekly, complete the following:
- Choose an Execution Time from the drop-down list.
- Check the check boxes for one or more days from Sunday through Saturday.
- Specify the Duration: 10 or more Minutes, Hours, or Days.
- If you choose Monthly, complete the following:
- Choose an Execution Time from the drop-down list.
- Day __ of every __ month(s): Specify for the discovery blackout to be executed on day-of-month X of every Y month. Month numbering starts with January. You can see some examples below.
Day 5 of every 1 month(s): means the blackout is executed on the 5th of the current and each next month.
Day 5 of every 2 month(s): means the blackout is executed on the 5th of January, March, May, July, and so on. - Specify the Duration: 10 or more Minutes, Hours, or Days.
- If necessary, select the Enable Change Blackout check box and click its Scheduling icon. The Discovery Blackout Scheduling gadgets appear. Follow the steps above to define the change blackout schedule.
- Click Save to save your changes.
...
Network 1 (NM35) Network 1 (NM36)
Here each Collector, NM35 and NM36, is associated to with the same network view.
- For an OC deployment managing multiple networks, choose the desired Collector from the Filter by Collector list. Then, select the network view under the Network View list.
...
- Choose Settings icon –> Setup –> Discovery Settings –> Static IPs and click New.
- Enter the IP address for the static
device. The value can be IPv4 or IPv6.Anchor bookmark125 bookmark125 - Select the desired Discovery Mode. Specify the Discovery Mode as:
- Include in Discovery – NetMRI : NetMRI will discover and manage any device found matching that range;.
- Exclude from Discovery – Ignore Discovery: Ignore the specified values and do not discover them through any of the specified protocols;.
- Exclude from Management: Management – NetMRI will discover any device found matching that range, but will not manage or collect data from the device.
- (For Operations Center only) From the Filter by Collector: dropdown drop-down menu, choose the Collector from the list.
- Choose the network view with which the static IP will be associated, by clicking the Network View drop-down menu. This step is required.
- If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose the network view from the list.
Or - (For Operations Center only) From the Network View dropdown drop-down menu, choose the network view to which the static IP for discovery will be assigned. If the network view is divided among two or more Collectors, choose the desired network view based upon the associated Collector name.
- If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose the network view from the list.
...
To import discovery setting data: Click , click Import. In the dialog, click Browse to select the CSV file, and then click Import.
| Note | ||
|---|---|---|
| ||
When exporting discovery settings from an Operations Center (using CSV Export), the Collector will not be present in the exported data. |
See Credential Import Formats for for import file syntax.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
For discovery of any IPv6 network, at least one well-connected IPv6 router (preferably with routes to all other networks to be managed by NetMRI) must be placed in the Seed Router list. In some cases, seed routers may not have the full routing tables or be unable to provide full information for some reason. The general rule of thumb is that more seed routers are better, but the connectivity of the seed router(s) also helps determine how many seed routers you need. Avoid having more seed entries than necessary. Also, note that seed routers are included in the CIDRs count that should not exceed 1000 per the recommendation in the Infoblox Discovery Best Practices Guide.
| Note | ||
|---|---|---|
| ||
For effective use of seed routers, you must also provide admin credentials to NetMRI to allow it to pull the key routing and connectivity information, including the IPv6 routing table and the local Neighbor Discovery Cache, from the device. NetMRI uses the standard IPv6 counterparts to standard communications protocols, including SSH and SNMP. |
...
As a result, one or more globally accessible IPv6 router addresses must be added as seed routers (whether local unicast or global unicast is dependent on the network). Ideally, the seed router would have routes to all other locations in the network. Otherwise, you will need more than one seed router value to discover the full network. Do not enter link-local router addresses as seed routers, because link-local addresses have no significance for devices such as NetMRI that are not locally attached to that link.
...
- Choose Settings icon –> Setup –> Discovery Settings –> Seed Routers and click New.
- Enter the new value into the Seed Router IP Address field.
- (For Operations Center only) From the Filter by Collector: dropdown menu, choose the Collector from the list.
- Choose the network view with which the seed router will be associated, by clicking the Network View drop-down menu. This step is required.
- If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose another network view from the list.
Or - (For Operations Center only) From the Network View dropdown drop-down menu, choose the network view to which the seed router for discovery will be assigned. If a network view is divided among two or more Collectors, choose the desired network view based upon the associated Collector name.
- If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose another network view from the list.
...
You can also define general SDN and SD-WAN settings as described in Configuring SDN and SD-WAN Polling Settings.
After executing SDN and SD-WAN discovery, you can see the results in Network Explorer -> Discovery. For more information, see Viewing and Managing Discovery Results.
...
- APIC Controller (managed device): Collects basic information on ACI fabric devices such as device model, vendor name, OS information, IP address, and the user system name.
- ACI specific endpoint information such as EPG, Bridge Domain, and Tenant.
- General Endpoint (devices) information such as name, IP address, VRFs, and physical connection (fabric port).
...
- Make sure that you enabled SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings.
- Choose Settings icon –> Setup –> Discovery Settings –> SDN.
- Click New.
- In SDN Type, select Cisco ACI.
- Complete the following:
- Fabric Name: Specify a short and unique name for the current Cisco ACI configuration.
- Addresses: Click Add and enter the hostname or IP address of the Cisco APIC controller. If your fabric includes more than one controller, click Add again to add more addresses.
- Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco ACI. Also, this network view will be assigned to discovered devices from this ACI.. In parentheses next to the network view name is displayed the name of the associated collector. The network view and collector are assigned to discover devices from the ACI fabric.
- Protocol: Select HTTP or HTTPS.
If you select HTTPS, you must use a Root CA or Intermediate CA certificate to allow communication with the Cisco APIC as described below.
If your ACI fabric includes multiple controllers, use a combined PEM certificate. To do so, copy the ASCII data from all of the certificates into a single file. - CA Certificate: Do Perform one of the following:
- Select a previously imported CA certificate. For To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
- Click Import CA Certificate and select a CA certificate directly from your machine.
For how to prepare a CA certificate, see About CA Certificates for Cisco APIC. The APIC controller address must match either the certificate subject or one of subject alternative names.
- Username: The login name for the Cisco ACI.
- Password: The login password.
- to or from
- Click Test Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
- Click Add or Add & Discover.
...
To add and configure Cisco Meraki discovery, complete the following:
- Make sure that you enabled enable SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings.
- Choose Settings icon –> Setup –> Discovery Settings –> SDN.
- Click New.
- In In SDN Type, select Cisco Meraki.
- Complete the following:
- Config Name: Specify a short and unique name for the current Cisco Meraki configuration.
- Network Interface: Select the interface that will be used to access the device. In parentheses next to the interface name is displayed the name of the associated collector. As Cisco Meraki infrastructure may have overlapping IP addresses in different network views, you should explicitly specify a network interface exposed to the internet.
- Protocol: HTTPS by default.
- Address: Enter the hostname or IP address of the Cisco Meraki Dashboard API. By default , it is api.meraki.com.
- API Key: Access key required to use Cisco APIs.
- to or from
- Click Test Connection to check if the device is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
- Click Add or Add & Discover.
| Anchor | ||||
|---|---|---|---|---|
|
In Under the Settings icon –> Setup –> SDN/SD-WAN Polling, you can enable or disable the SDN and SD-WAN polling globally and define network view mapping rules for Cisco Meraki. If SDN and SD-WAN polling is disabled, only traditional network devices are polled.
...
For Cisco Meraki devices, you can select between different modes for mapping Meraki networks to NIOS network views. This mapping mechanism is required as your Meraki infrastructure may have overlapping IP ranges that can be supported under different network views. The mapping rules include the following:
- Mapping to the predefined SDN network view
- Automatic mapping
- Custom mapping
...
- Choose Settings icon –> Setup –> SDN/SD-WAN Polling.
- Select Enable SDN/SD-WAN polling.
- Default SDN Network View: The network view that will be assigned to discovered Cisco Meraki devices for which the automatic network view mapping is disabled. You enable or disable automatic mapping in the Advanced panepanel. For more information, see the step 3 below.
- In Network View Mapping, select one of the following:
- Disable automatic mapping and use predefined SDN Network View: Select to map collected SDN/SD-WAN devices to the default SDN network view defined in the previous step 2 above.
- Automatically create network views for unmapped networks: Select to automatically map collected networks to their network views using NetMRI internal rules. Network views that do not exist are created automatically. The mapped networks are displayed in the table that is not editable.
- Enable network view mapping defined below: This is custom mapping. Select this to manually map collected networks to the appropriate network views. To change a network view entry, double-click it in the table.
- If necessary, override the global data collection interval that will be applied to the SDN/SD-WAN host polling:
- Go to Settings to the Settings icon –> Setup –> Collection and Groups –> Switch Port Management.
- Specify one of the following:
- Periodic Collection: Specify the N minutes or hours when the collection should occur.
- Scheduled Collection: Schedule recurrent collection based on hourly, daily, weekly, or monthly time periods. Click one of the tabs, Once, Hourly, Daily, Weekly, or Monthly, to to choose a recurrence pattern.
- Click Save.
| Note | ||
|---|---|---|
| ||
| A network name in the mapping table is made up by combining the Cisco Meraki organization and network name. The Source column displays the fabric name or config name that you previously defined for the SDN or SD-WAN configuration. The network view name is made of the network and source values. |
...
To configure a Proxy server for SDN and SD-WAN connectivity, complete the following:
- Choose the Settings icon –> Setup –> Proxy Settings.
- In the Proxy For drop down list, select the required collector.
- Select Use Proxy Server.
- Complete the following:
- Name or IP Address: An FQDN or IP address of the Proxy.
- Port: The port number of the Proxy.
- Username: The username that NetMRI will use to log in to the Proxy.
- Password: The password that NetMRI will use to log in to the Proxy.
- Click Save.
...
Discovery identifies contacted devices by their IP address and hostname, and IP addresses are gathered under a few categories: Classified, Reached, and Identified, which is the complete aggregate of all discovered IPs. Classified and Reached IPs are subsets of the Identified classification. These values appear in a simple bar graph at the bottom of the Discovery page.
...
To refresh discovery for a single device, or force discovery for a single device, perform the following:
| Anchor | ||||
|---|---|---|---|---|
|
In the Device Viewer –> Settings & Status –> Management Status -> Discover Now. A pop-up dialog appears, displaying the command-line and SNMP directives that NetMRI immediately sends to the selected device. NetMRI executes the processes required against the device to complete discovery. These include SNMP credential collection, SNMP data collection, device group assignment, and CLI credential collection. Scroll through this listing to view specific details on what types of information are being obtained by NetMRI for the selected device. Some time may be required to finish the process.
...
To remove a device from NetMRI Management, click Unmanage and confirm the operation. Unmanaged devices remain discovered, but the appliance will not collect data from them. NetMRI will not obtain details, (such as vendor, model, and operating system version) because SNMP access is required to complete those processes.
...
- Click Delete (below the table).
- In the Delete dialog, select Exclude from discovery (this is optional).
- If the device has duplicates, you can also select Delete devices instances on other collectors. For more information, see Deduplication of Devices Discovered by Multiple Collectors.
- Click Yes to confirm the deletion.
| Note | ||
|---|---|---|
| ||
If the device continues to appear in collected data, NetMRI will re-list it unless you choose to exclude the device from discovery when it is deleted. |
...
In all cases, the Juniper Virtual Host (i.e. the device hosting the virtual instances) acts as a proxy to the virtual devices for all SNMP communication. Direct SNMP access to Juniper Virtual Devices is not permitted. This is largely transparent in NetMRI. If connectivity to the Virtual Host is lost, SNMP collection of the Virtual Devices is not possible and the VDCs will appear on the Devices Not PresentDevices Not Present page.
Both the virtual hosts and their virtual devices must be discovered by NetMRI as independent network devices before it will identify them as Virtual Hosts and Virtual Devices.
...
Cisco devices supporting CLI access through the physical host will also allow the collection of the configuration files.
...
Recent Activity | Lists all known IP addresses discovered by NetMRI. |
License Management | Provides data similar to Recent Activity, sorting the list according to priority in the algorithm for determining where a device fits in the device license scheme. This view helps determine why a given device is or is not icensedlicensed, where it is on the list to change the NetMRI license (if necessary) or to adjust a setting so a given device is given license priority. |
Problems | Provides data similar to Recent Activity, but filtered to devices reporting discovery errors. |
Non-Detected IPs | Provides data similar to Recent Activity, but filtered to devices that NetMRI has not been able to communicate with. |
SSH Queue, Telnet Queue, and SNMP Queue | Shows whether a given device is in the processing queue for determining credentials. Data about each device in the queue includes the time of the prior attempt, time the device is going to be attempted again, and status. SNMP discovery is the key to complete device discovery. Until a device has fully discovered SNMP credentials, data collection and analysis cannot continue. |
...
- Network Devices: The number of devices discovered.
- Licensed Devices: The number of licensed devices discovered.
- IP Addresses:
- Classified: The number of IP addresses the appliance has fully discovered with SNMP collection and assigned to a device group.
- Reached: The number of IP addresses NetMRI has touched.
- Identified: The number of IP addresses known to exist on the network.
For more information about interpreting discovery data that the previous views display, see the next section, section Interpreting Discovery Table Data.
...
E (Existing Status) | The listed IP address exists in the network. All devices will receive this status to indicate where NetMRI first discovered the address. |
P (Fingerprint Status) | If NetMRI is configured to use fingerprinting, device fingerprint status is listed in this column. |
R (Reached Status) | Shows whether NetMRI has sent a packet to the device and received a reply, establishing that the device is reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation. |
S (SNMP Credentials Status) | Indicates the status of the SNMP credential guessing process. |
SC (SNMP Collection Status) | Shows the status of SNMP data collection for the device. Success indicates that a device successfully allows data collection through SNMP. If this is not successful, check the S field to see whether the correct credential is given. |
C (CLI Credentials Status) | Displays the status of the CLI credential guessing process. |
CC (Config Collection Status) | Indicates whether a device supports command-line connectivity and whether the configuration collection is successful. If this is not successful, check the C field to see whether the correct credential is given. |
G (Device Group Status) | Shows the status of the device group generation process. Success indicates that a device has been assigned to at least one group. |
DB (Discovery Blackout Status) | Indicates whether or not the selected device is in a Discovery Blackout period. Two states are possible, In Blackout and Not in Blackout. |
CB (Change Blackout Status) | Indicates whether or not the selected device is in a Change Blackout period. Two states are possible, In Blackout and Not in Blackout. |
Status | Licensed devices are listed as such. Unlicensed devices are non-network devices or devices for which NetMRI license limits have been exceeded. Unmanaged devices are those which NetMRI will discover, but not manage. |
Type | Lists the device type as determined by NetMRI. |
Last Timestamp | Date and time the data in the device records were updated or verified as unchanged. |
Last Action | The last action performed by NetMRI upon device after discovery takes place. For example, Device Groups: Successfully assigned to device groups indicates that the device was successfully discovered and added to a device group. |
Last Seen | The date and time when the device was last seen on the network. For example, reading the IP address in the ARP table from a router. |
First Seen | Date and time when the listed device was first detected by the NetMRI appliance. |
...
The management collector is assigned to a device using the algorithm only once. However, you can change the management collector manually in the Device Viewer. To open the Device Viewer, click the device IP address. The Management Status page of the Device Viewer opens, showing the current device status on the management collector. To learn how to change the management collector, see Manually Changing Management Collector.
| Note | ||
|---|---|---|
| ||
| If , in discovery settings, you delete a range containing a device that has a "duplicate" on another collector, the device becomes licensed again on the other collector. |
...
- Click Settings icon -> General Settings -> Advanced Settings.
- In the settings list, navigate to the Deduplication settings group.
- Click the gear icon for each setting in the group and select Edit. You can edit the following settings:
- Enable the load balancer: Enables the load balancing feature for moving devices from highly-loaded collectors to less loaded collectors. The load balancer runs on the weekly maintenance schedule.
- Minimum capacity utilization: Sets the minimum percentage of devices, from collector's total capacity in terms of managed devices, at which moving devices from such collectors is allowed. For example, if a collector that can manage 1000 devices currently manages less than 40% percent of devices, NetMRI will not move devices from that collector to other collectors as its load is regarded as low.
- Minimum capacity utilization difference: Sets the minimum difference, in percentage, the current device's utilization by collectors, and at which devices can be moved to the less loaded collector. For example, if a collector has a 47% load in terms of devices and another one has a 45% load, it does not make sense to move devices from the first one to the second.
- Timeout for choosing the collector: Sets the maximum allowable time, in hours, for choosing the best management collector for the device.
...
When you click the check box in the Select column of the table header, in a table that contains multiple pages, only the rows on the current page are selected. All selected rows are greyed out on the table page, denoting their selection. After you select all rows on a page, you can deselect a specific row by clearing the check box for the row; . Then, the remaining table rows remain selected.
For Discovery tasks, you can do perform the following:
- Click Discover Next to execute Discovery protocols on the selected devices. A prompt appears: Are you sure you want to discover the selected 23 device(s) next?
- Click License to change the license status of all selected devices. For more information, see NetMRI Licensing.
- Click Unmanage to remove the selected devices from management by NetMRI. A prompt appears: Are you sure you want to stop managing the selected xx devices? The chosen devices will be removed from their licensing and NetMRI will add the license allocation to its availability pool.
...
To view discovery status for any device, open the Device Viewer by navigating to Network Explorer –> -> Discovery and clicking a device link, or Device Viewer –> -> Settings & Status –> Management Status. You will see the Management Status for the device. This is an important block of information that immediately describes the effectiveness of communications to the device by NetMRI.
This page provides a subset of the same information listed on the Discovery page, showing the E (Exists), P (Port Scanned), R (Reached), S (SNMP), SC (SNMP Collection), C (Config Credential), CC (Config Collection), and G (Groups) data results for a single device, each with their respective explanation.
...
If the system admin changes the Name or Type of device in the Device Viewer's General Settings page (Device Viewer –> Settings & Status –> General Settings), re-discovery of that device's settings will no longer be active. For more information, see Viewing and Changing General Settings for a Device.
To revert to the auto-discovery of changes to that device's identifying information in the network, you can delete the device from the Discovered Devices list in the Network Explorer –> Discovery tab. The device is removed from the table. You will need to wait for NetMRI to re-discover the device on the network, and then refresh or re-open the Network Explorer –> Discovery tab to view the updated information. Click the device group name in the right panel if you need to locate the updated device in its expected group.
...