NetMRI discovery depends on a collection of under-the-hood features to ensure that polling and addition of devices in the network proceed smoothly and accurately. This chapter describes the three following critical tasks.
Defining Data Collection and Device Groups: You must define important settings for network polling. This topic involves the processes of data collection and polling of devices across the network, including polling of switched Ethernet devices. The definition of device and interface groups is discussed in other topics later in this Guide. For more information, see Defining Group Data Collection Settings.
Note title Note See Creating Device Groups for information on the Groups tab and its associated functions.
- ManagingSNMPandCLICredentials: Credentials are a critical component for discovery and Configuration Management. You can define global default values for admin account logins, enable passwords, and also define admin account logins and enable passwords on individual devices. For more information, see Adding and Editing Device Credentials.
- DebuggingandManagingCollectionResults: When data collection and polling stops for any reason, NetMRI provides methods for determining the cause of the failure and ways to fix it. See Debugging Issues in Discovery and Data30802695 Collection and Running Discovery Diagnostics for more information.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
| Note | ||
|---|---|---|
| ||
See the section Global Switch Port Management Polling Settings for more information on global settings for switch port polling. |
...
- Config Collection: If enabled, the current NetMRI virtual is able to collect configuration data from network devices using enabled protocols.
- Config Locked: Devices with collected information that show changes during subsequent config collections can be reported as showing "Unauthorized Changes".
- Use Telnet Protocol: NetMRI opens Telnet terminal sessions with devices that support this option and reads the configurations. Individual devices can make use of Telnet login credentials.
- Use SSH Protocol: NetMRI opens SSH terminal sessions with devices that support this option and reads the configurations. Individual devices can make use of SSH login credentials.
- Use HTTP Protocol: NetMRI opens HTTP browser sessions with devices that support this option and reads the configurations. Individual devices can make use of HTTP login credentials.
- Use Vendor Default Credentials: Enables NetMRI to use its library of vendor-default credentials as part of the process of collecting configuration data.
| Note | ||
|---|---|---|
| ||
See Adding and Editing Device Credentials30802695 for more information on adding logins for specific devices in the Device Viewer. |
...
| Note | ||
|---|---|---|
| ||
SNMP and/or CLI Credentials can be specified within the Device Viewer for individual devices. Should such a credential not work for a given device, or if command-line access is lost for a given device, NetMRI will always re-guess credentials from the global credential list, including vendor defaults if available. See the sections Adding and Testing SNMP Credentials for a Device and Adding and Testing CLI Credentials for a Device for more information. |
...
- Go to Network Explorer > Inventory > Devices and click a device IP, or to Network Explorer > Discovery and click a device IP. The chosen device's Device Viewer appears.
- Click Settings and Status > SNMP Credentials to open the page for creating SNMP login credentials.
- Click the Edit button to enable changes to the current settings for device-specific SNMP information.
- Click either Use SNMP v1/2c or Use SNMP v3. The options are mutually exclusive. If using SNMP v1/2c, enter the community string for the device.
If using SNMP v3, enter the required authentication and privacy passwords and choose their encryption protocols from the Auth. Protocol and Privacy Protocol drop-downs. Click Test to try out the new credential. You can also click Show Password to verify that you've entered the correct values.
Note title Note When you click Show Password, the table of credentials for the selected device will display a new Password column.
For SNMP credentials, NetMRI tests against device-related OIDs such as sysUptime and sysDescr. The test is considered passed if these items are successfully polled. For SNMPv1/v2c tests, SNMP version 1 is used during the test.
A test example is shown below:
Test Starting+++ Checking SNMPv1/v2c [public] ................. Credential passedDiscovered working credential for device after testing 1 credentialsTest Completed
...
- Click Save to commit the changes.
Saved credentials can be deleted by clicking the Delete icon in the table row.
The lower panel is a history that lists all credentials attempted during the last credential guessing attempt for the given device. This data resets each time credentials are guessed for a device. The table indicates the time of each guess and the result of that attempt. If a device is manually configured with a credential, NetMRI updates the history once it attempts to use that credential for data collection.
...
- Go to Network Explorer > Inventory > Devices and click a device IP, or to Network Explorer > Discovery and click a device IP. The chosen device's Device Viewer appears.
- Click Settings and Status > CLI Credentials to open the page for creating CLI login credentials.
- Click Edit.
- For CLI Credentials, you may supply up to three different login tuples: for SSH, Telnet, and for the HTTP protocol. Enter the username and password for any or all three as required for the selected device. For SSH and Telnet, you also provide a port number. You can use the default or custom ports.
- Provide the Enable Password.
- Click Test to try out the new credential. You can also click Show Password to verify that you have entered the correct values.
For CLI credentials, NetMRI attempts to log in to the device using both telnet and SSH with the credentials configured for each, including empty credentials. The test passes if the login is successful. The HTTP protocol is not used during the test.
A test example is shown below, indicating that no SSH credential is provided but a successful telnet login tuple was provided:
Test Starting+++ SSH: Trying [] [] [] ........................... FAILED+++ Telnet: Trying [qagroup] [qalogin] [] .......... OK+++ Telnet: Credentials Successful [qagroup] [qalogin] []+++ Discovered working credential for device after testing 1 credentialsTest Completed
...
- Click Save to commit the changes.
Saved credentials can be deleted by clicking the Delete icon in the table row.
The lower panel is a history that lists all credentials attempted during the last credential guessing attempt for the given device. This data resets each time credentials are guessed for a device. The table indicates the time of each guess and the result of that attempt. If a device is manually configured with a credential, NetMRI updates the history once it attempts to use that credential for data collection.
...
- Go to Settings icon > General Settings > Advanced Settings > Data Collection category. The SNMPv1 Data Collection Fallback setting prevents NetMRI from attempting to collect from a device that has a spurious or incorrect SNMPv2c credential, and will 'fall back' to SNMPv1 for collection.
- Click the Actions icon and choose Edit.
- If you want SNMPv1 to be allowed for data collection, choose enabled for data collection;
- If you want SNMPv2c to be the specific data collection protocol, choose disabled for data collection.
- Click OK to commit settings.
- Go to Settings icon > General Settings > Advanced Settings > Discovery category. The SNMPv1/SNMPv2c Discovery Version setting allows a choice between three options:
- Use SNMPv1 for credential discovery.
- Use SNMPv2c for credential discovery.
- Use both SNMPv1/SNMPv2c for credential discovery.
Should you choose the third option, Use both SNMPv1/SNMPv2c for credential discovery, NetMRI continues to use SNMPv1 for credential discovery on devices that support only SNMPv1, and uses SNMPv2c whenever it is supported by target devices. Using the Use both SNMPv1/SNMPv2c option imposes some time delay for credential collection, in cases where non-working/incorrect credentials are attempted during data collection.
...
- Click the Actions icon and choose Edit.
- For exclusive use of SNMPv1, choose the Use SNMPv1 for credential discovery option.
- For exclusive use of SNMPv2c without fallback to SNMPv1, choose the Use SNMPv2c for credential discovery option.
- For default use of SNMPv2c with fallback to SNMPv1 for devices that support that protocol, choose the Use both SNMPv1 and SNMPv2c for credential discovery option.
...
- Click OK to save your settings.
| Anchor | ||||
|---|---|---|---|---|
|
Accounts using SNMPv3 can use a suite of authentication and privacy protocols. If NetMRI will use SNMPv3 to collect data from devices supporting the protocol, you can define specific user credentials with combinations of authentication and encyption encryption protocol, and the unique keys for each protocol.
...
For additional information about NIOS IPAM Sync, see Overlay/Overwrite Logic
Anchor Configuring IPAM Sync Configuring IPAM Sync
Configuring IPAM Sync
| Configuring IPAM Sync | |
| Configuring IPAM Sync |
This section describes the following:
...
- In Settings > Setup > NIOS IPAM Sync > Add Sync Configuration.
The Sync configuration wizard opens. - In Step 1 of the Wizard, enter the NIOS Grid Master IP address or host name, with user name and password. For standalone NIOS deployments, enter the IP address or host name of the NIOS device. The default login credentials are admin/infoblox.
- Click Next.
Note title Note Make sure the NIOS system is reachable before attempting a connection, and ensure you have the correct admin account and password. The specified username and password also must provide access to the Infoblox DMAPI (Data and Management API). Any NIOS administrator account can be set to allow API access from within NIOS with an Allowed Interfaces setting of API. Consult the Infoblox API Documentation guide for the version of NIOS in the current operation for more details, and consult the NIOS Administration Guide for the procedure on defining API interface access for an admin account.
- In Step 2, in NS1 Network View, select default as the view to which to export data. This information is obtained from the Infoblox Grid Master.
- In NetMRI Network View, select the required view.
- In Time restriction, select Include all data, regardless of polling time.
In versions prior to 7.3.1, NetMRI sent data collected from devices that were successfully polled within the last two hours. This restriction was removed in version 7.3.1. You can request to export all data regardless of last successful device polling time or data from devices successfully polled in the last several hours. - Activate Synchronize Device Information if devices (IP addresses) are to be included in the synchronization.
- If you enabled the synchronization of device information and you want to include end host IP addresses into NIOS IPAM Sync, select Include addresses from ARP tables.
By default, only routers IP addresses are included into NIOS IPAM Sync. Selecting this option allows you to export IP addresses of end hosts from ARP tables of discovered devices to NIOS IP Map, along with routers IP addresses. These end hosts are listed in a separate tab in NetMRI: Network Explorer > Switch Port Management > End Hosts > End Host Present. If the discovery engine does not recognize a device as infrastructure or network device, it is treated as end host. Data displayed for end hosts collected from ARP tables includes the IP address, MAC address, and Last Discovered and First Discovered stamps.Note title Note Retrieving end hosts IPs based on ARP entries does not guarantee accurate results as the lifetime of ARP tables entries on network devices is very limited (e.g., up to 5 minutes officially, 10 minutes in real life for Cisco IOS-based devices) and the amount of tables entries is relatively small.
- To add internal subnets as networks in NIOS, activate the Add IPAM networks for subnets within NetMRI discovery ranges option. This will export subnets discovered by NetMRI and classified as internal (i.e., within the defined discovery ranges). To export all internal subnets, select the All option. To limit the exported internal subnets, select the Restrict to subnet s within the following summary routes option, and enter a list of summary routes. Separate each route with a comma, or put each on a new line. Subnets within a listed summary route are exported. For example, to export only the subnets in a class A 10 network, enter 10.0.0.0/8.
- To add external subnets as networks in NIOS, activate the Add IPAM networks for subnets outside of NetMRI discovery ranges option. This will export subnets discovered by NetMRI and classified as external (i.e., outside the defined CIDR blocks). To export all external subnets, select the All option. To limit the exported external subnets, select the Restrict to subnets within the following summary routes option, and enter a list of summary routes as described above for internal subnets.
- Click Next.
- In Step 3, if you want to schedule synchronization, select Schedule Enabled. This is optional. If you do not schedule a synchronization, you can execute a synchronization at any time. For information, see the next section.
- Select a Recurrence Pattern, Execution Time, and day (this is the starting day for repetitive synchronizations).
- Click Next.
- In Step 4, review the sync configuration. Click < Previous if you need to change any settings.
- Click Finish.
...
| Data Field in IPAM Sync Export File | NetMRIModel >Attribute | Field Description |
|---|---|---|
| General Device Data | ||
| discovered_name | Device > DeviceName | DNS name of the IP address. |
| ip_address | Device > DeviceIPDotted | A valid IPv4 address. Required. |
| mac_address | Device > DeviceMAC | A valid mac address. Must be lowercase. Optional. |
| last_discovered_timestamp | Device > DeviceTimestamp | Timestamp of last time the discoverer has seen the device. A UTC timestamp. Required. |
| first_discovered_timestamp | Device > DeviceFirstOccurrence | Timestamp of the first time the discoverer has seen the device. A UTC timestamp. Optional. |
| netbios_name | N/A | The NetBIOS name of the device. String type. The maximum size is 15 characters. Optional. |
| os | Device > DeviceVersion | The OS of the IP address. String Type. The maximum size is 256 characters. Optional. |
| device_model | Device > DeviceModel | The model of the device. |
| device_vendor | Device > DeviceVendor | The vendor of the device. |
| device_location | Device > DeviceSysLocation | The location of the device. |
| device_contact | Device > DeviceSysContact | The contact of the device. |
| oui | Device > DeviceOUI | The OUI of the device. |
| discoverer | N/A | Always "NetMRI". |
| Attached Device Data (only for endhosts) | ||
| network_component_type | Device > DeviceType | The type of component connected to the IP address. Eg Switch, Router, Other. Optional. String type. Max size 32. |
| network_component_name | Device > DeviceName | The name of component connected to the IP address. Optional. String type. Max size 64. |
| network_component_ description | Device > DeviceSysDesc | The description of component connected to the IP address. Optional. String type. Max size 256. |
| network_component_ip | Device > DeviceIPDotted | The IP address of the component connected to the IP address. Optional. String type. IPv4 address format. |
| network_component_model | Device > DeviceModel | The model of the component connected to the IP address. |
| network_component_vendor | Device > DeviceVendor | The vendor of component connected to the IP address. |
| network_compInterface > ifNameonent_location | Device > DeviceSysLocation | The type of component connected to the IP address. |
| network_component_contact | Device > DeviceSysContact | The contact of the component connected to the IP address. |
| network_component_port_ number | Interface > SwitchPortNumber | The port number on the component connected to the IP address. Optional. Unsigned integer type. Range 0 - 9999. |
| network_component_port_ name | Interface > ifName | The port name on the component connected to the IP address. Optional. String type. Max size 64. |
| network_component_port _description | Interface > ifDescr | The description of the Port on the component connected to the IP address. Optional. String type. Max size 256. |
| Port Data | ||
| port_vlan_name | Vlan > VlanName | The name of the VLAN on the Port. Optional. String type. Max size 64. |
| port_vlan_number | Vlan > VlanIndex | The port VLAN Number. Optional. Unsigned integer type. Range 0 - 9999. |
| port_speed | Interface > ifSpeed | The speed settings on the switch port. Optional. String type. Valid values are 10M, 100M, 1G, 10G, 100G, and Unknown. |
| port_duplex | Interface > ifDuplex | The duplex settings on the switch port. Optional. String type. Valid values are Full and Half. |
| port_status | Interface > ifAdminStatus | Administratively up or down. Optional. String type. Valid values are Up, Down, and Unknown. |
| port_link_status | Interface > ifAdminStatus | Connected or not. Optional. String type. Valid values are: Connected, Not Connected, and Unknown. |
| Cisco ACI Data | ||
| tenant | N/A | The ACI tenant. |
| bridge_domain | N/A | The ACI bridge domain. |
| endpoint_groups | N/A | The ACI endpoint groups. |
| VRF and BGP Data | ||
| vrf_name | Interface > vrf_name | The VRF name of the IP address. |
| vrf_description | Interface > vrf_description | The VRF description of the IP address. |
| vrf_rd | Interface > vrf_rd | The VRF route distinguisher of the IP address. |
| bgp_as | N/A | The BGP autonomous system number of the device. |
| Wireless Access Point Data | ||
| ap_name | N/A | The name of the wireless access point. |
| ap_ip_address | N/A | The IP address of the wireless access point. |
| ap_ssid | N/A | SSID of the wireless access point. |
...
- Network sync: Newly-imported subnets are imported as “managed”.
- If the imported subnet conflicts with an existing subnet, it is not accepted. The imported subnet can go into a container as long as there is no conflict.
- If the subnet already exists, no changes are made.
- If the subnet is in IPAM but not in NetMRI, it is left in IPAM.
- IP address sync: New IP addresses are added and marked as “unmanaged”. If an IP address already exists, the field values are overwritten during the import.
- Before NetMRI 7.1.4 and NIOS 8.1, if the IP address exists in IPAM but it is not in the import file, it is left in IPAM.
- As of NetMRI 7.1.4 and NIOS 8.1, if the IP address exists in IPAM but it is not in the import file, its discovered data is cleared out. You can control the time that the IP address stays in the NetMRI database after it is no longer discovered under NetMRI. To do so, go to Setup > General Settings > Advanced Settings.
Viewing IPAM Sync Discovered Data in NetMRI and NIOS
In NIOS, you can view the data discovered by NetMRI and synchronized using IPAM Sync as follows:
...
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
NetMRI automatically supports an Infoblox utility, Cisco Discovery Service, that enables network administrators to provide Cisco-validated reporting and analysis. NetMRI operates as a Cisco Discovery Service-enabled system supporting discovery of network systems for analysis and management. You can use the CDS Integration Tool as part of a new NetMRI installation, or use the tool to extract further insight and value from an existing deployment. Cisco Gold Partner status is required for effective use of the software utility.
NetMRI supports CDS API version 2.0 and uses a NetMRI device or virtual machine to inspect all aspects of a network's Cisco infrastructure to collect the following information:
...