In addition to the browser-based interface accessible via HTTP (port 80) and HTTPS (port 443), NetMRI supports a command-line interface accessible via SSH (port 22). The administrative shell accepts a variety of commands that are useful for troubleshooting and maintenance.
For security purposes, you must access the administrative shell using the Secure Shell (SSH) client application on your workstation. By encrypting all session traffic, the SSH client prevents local network users from monitoring your administrative session.
Access Using the Command Line SSH client
Initially connecting to the administrative shell using the SSH command-line client requires that you provide a username as one of the command line parameters, as shown in this example:
ssh –l admin <system>
where <system> is the hostname or IP address assigned to NetMRI. At that point, you are prompted for the admin account password, which is the same as that used for the browser interface.
Administrative Shell Menu
After a successful login, the shell displays a list of commands.
To do this... | Type this at the command prompt... |
---|---|
Display the list of commands | ? |
Display a description of a command | <command> ? |
View previously executed commands | UP-ARROW or DOWN-ARROW |
Edit a previously executed command | LEFT-ARROW, RIGHT-ARROW, BACKSPACE, DELETE |
Shell Commands
The administrative shell commands are listed in the following subsections. Many of these commands are self-explanatory and are similar to those provided by other network appliances.
acl command
The acl
command enables you to restrict users' access to NetMRI to a list of IP addresses or subnets, thereby reducing the likelihood of unauthorized access. By default, the appliance accepts user connections via HTTP (port 80), HTTPS (port 443), SSH (port 22), and SYSLOG (port 514). If an access control list is defined, any or all of these ports can be restricted to a specific list of IP addresses.
The following sub-commands are supported by the acl
command:
list
lists all ACL entries.flush
clears all ACL entries (no access restrictions).accept
accepts connections from a given CIDR block.reject
rejects connections from a given CIDR block.commit
saves the ACL and makes it active.
The accept
and reject
commands accept the following arguments:
accept <CIDR 22 | 80 | 443 | 514 | ssh | http | https | syslog | amqps |all
reject <CIDR 22 | 80 | 443 | 514 | ssh | http | https | syslog | amqps | all
where <CIDR
is formatted as A.B.C.D/NN. For example, the following commands:
flush
accept 192.168.12.0/24
all commit
would allow connections from any host in the specified subnet to any of the access ports supported by NetMRI. If you'd like to exclude specific hosts from a range of addresses, you should use one or more reject
commands before the accept
command as in the following example:
flushreject 192.168.12.66/32 all
reject 192.168.12.99/32 all
accept 192.168.12.0/24 all commit
If at least one ACL entry is defined, all access attempts other than those specifically listed are rejected; if no ACL entries are defined, all access attempts are accepted.
Typing acl
? at the prompt provides a brief list of all options:
rgrace64-212.inca.infoblox.com> acl ?
ACL Commands
------------
?- display this list
commit - save working ACLs and make active
exit - exit ACL mode
flush - clear all working ACL entries
list - list all working ACL entries
reload - clear working entries and reload from disk
The following commands add or remove entries to the ACL to either allow or reject access from given CIDRs. The order of ACL entries is important, with the first matching
rule from top to bottom used to determine if a given host can access the system.
accept <CIDR> 22|80|443|514|ssh|http|https|syslog|amqps|all
reject <CIDR> 22|80|443|514|ssh|http|https|syslog|amqps|all
delete <CIDR> 22|80|443|514|ssh|http|https|syslog|amqps
where <CIDR> is formatted as A.B.C.D/NN or <IPv6 Address>/<Prefix>
Use "0.0.0.0/0" CIDR to refer to all IPv4 sources, or "::/0" CIDR for all IPv6 sources. The ACL list must be committed to take effect.
autoupdate command
The autoupdate
command is used to upgrade NetMRI software via the Internet, CD, or upgrade file provided by Infoblox. For more information, see Manually Updating NetMRI Software. The command’s syntax is
autoupdate <filename> [auto | force-major]
Where:
auto
command-line mode to set AutoUpdate to function automatically without user prompting. This mode does not allow automatic major updating. Example:autoupdate auto
force-major
used in anautoupdate auto
command to allow automatic updates in all circumstances, including major updates. Example:autoupdate auto force-major
benchmark run command
The benchmark run
command executes the Infoblox Benchmark tool to test the hardware performance of your NetMRI VM.
The output is the following:
SA-4-100> benchmark run
Do you want to run the benchmark on the next boot? (y or n): y
***************************************************************************
The benchmarking is a long-running process and can take up to 1 hour.
During this process system will respond only to pings, the CLI and UI
will be unavailable. Please be patient.
***************************************************************************
Do you want to reboot right now? (y or n): n
The benchmark tool will be launched on the next boot.
SA-4-100>
benchmark show command
The benchmark show
command displays the benchmark results for the NetMRI VM performance in terms of device count.
The output is the following:
SA-4-100> benchmark show
Device Capacity (the benchmark was executed on 2020-03-09 03:07:47.939190)
Current compatibility mode: Operations Center
---------------------------+----------------------+------------------------
Calculated Based On | Standalone/Collector | Operations Center
---------------------------+----------------------+----+-------------------
CPU (40 cores, 67883 MIPS) | 3650 | 18600
Storage (30061 IOPS) | 5000+ | 20000+
RAM (205 Gb) | 5000+ | 20000+
---------------------------+----------------------+------------------------
Result | 3650 | 18600
cac command
The cac
command allows the configuration of the OCSP authentication service. It includes the following subcommands:
cac status
: Prints out the CAC status: “Certificate authentication”, “OCSP”, "Configured CA".
cac enable
: Enables the certificate validity check.
cac disable
: Disables the certificate validity check.
cac ocsp-enable
: Enables the certificate revocation check.
cac ocsp-disable
: Disables the certificate revocation check.
cat command
Use the cat
command to concatenate files or display the contents of a file.
The following is the command syntax::
cat [options] [files]
The cat
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
clear command
Use the clear
command to clear the terminal screen.
configure command
The configure
command is essentially the command-line equivalent of the Settings icon > General Settings > Security page. The command’s syntax is
configure <setting> [show | reset]
where <setting>
is
ssh
configures SSH client and servers
http
configures HTTP and HTTPS servers
snmp
configures SNMP servers
auth
configures authentication methods
and reset
resets all protocols to the factory defaults.
The configure
command supports the following sub-commands:
| Define the external authentication service, if any, that NetMRI uses to authenticate user logins. |
| Install an SSL certificate into the NetMRI system for HTTPS sessions. |
| Define the basic device Discovery device expiration period, which is the time period that elapses before NetMRI automatically re-discovers any given device in its database. The default is seven (7) days; |
| Determines whether the HTTP and HTTPS servers are activated in the NetMRI system. You can also enable or disable individual encryption protocols in the HTTPS suite. By default, NetMRI enables all protocol options. You must restart the services after making any changes, which consists of a full restart of NetMRI. |
| Define the NetMRI management IP address, which is the IP used to communicate with the appliance. Should you change this value, the system will require a restart and your current terminal session will lose connectivity. Exercise caution when using this command. |
| Starts the configuration for standalone NetMRI and Operations Center Controllers and Collectors. During this configuration you specify network name, NetMRI server name, domain name, time server, time zone, NetMRI IP address and subnet mask, and several other basic operating parameters. |
| Enable or disable support for specific SNMP protocol types, define the community string and the SNMP passphrase. |
| Define basic settings for SSH client and NetMRI SSH server, including enabling or disabling of either communications protocol and the type or types of encryption protocols supported by each. Under most circumstances, the defaults should be retained unless organization policy requires specific settings. You must restart the services after making any changes. |
connect command
Use the connect
command to connect to the command-line interface of a discovered device using the internal functionality of NetMRI.
The following is the command syntax:
connect <host> [network view]
Example:
rgrace64-212.inca.infoblox.com> connect device1-name "Network 1"
Connecting to device1-name on Network 1 network ...
+++ Determining source address ......................................... OK
+++ Determining device credentials ..................................... FAILED
Username: username
username@10.10.10.10's password:
device1-name#
device1-name# exit
rgrace64-212.inca.infoblox.com>
debug command
The debug
command enables debugging logs from NetMRI processes to be displayed and compiled into a text file.
Note
Do not run the debug
command from your system without instructions from Infoblox Support.
deregister command
The deregister
command allows the deregistration of a Collector instance or appliance from the NetMRI Operations Center.
Example: netmrivm193> deregister
diagnostic command
Use the diagnostic
command to execute diagnostic scripts provided by Infoblox Technical Support for troubleshooting or customization purposes. If a diagnostic script is required, it is provided by Infoblox as a digitally signed, compressed TAR file to be uploaded to the administrative shell directory (placed by the Admin account only in the admin/Backup folder) and executed using the diagnostic <filename>
command where <filename>
is the name of the diagnostic script file.
exit command
Use the exit(quit)
command to terminate the command line interface and end the CLI session.
Both commands produce the same results. There are no arguments for either command.
Command | Description |
---|---|
| Terminates the current CLI session. |
| Terminates the current CLI session. |
export cert command
Use the export cert
command to export the built-in appliance PKCS certificate to a file titled netmri.crt.
netmrivm193> export cert
Certificate has been exported to netmri.crt
netmrivm193>
ftp command
FTP is the user interface to the internet standard File Transfer Protocol. The program allows a user to transfer files to and from a remote network site.
The ftp
command does not take any arguments.
When you run the ftp
command in the administrative shell, it enters the command mode that is indicated by its prompt ftp
>. In the command mode, run the necessary commands. To exit the command mode and return to the NetMRI administrative shell, run the quit
command.
Example:
netmrivm193> ftp
ftp>
grep command
Use the grep
command to search a file for a particular pattern of characters. The command displays all lines that contain that pattern. By default, the pattern is a regular expression.
The following is the command syntax:
grep [options] pattern [files]
Example:
netmrivm193> grep -i 'hello world' menu.h main.c
The grep
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
halt command
Use the halt
command to shut down NetMRI, shut down the server, and then power off.
help command
Use the help
command to display a list of commands available in the administrative shell.
installdsb command
Use the installdsb
command to install a device support bundle in the system. Device support bundles can contain changes in the database tables, CSS scripts, and MIB files that are necessary for the correct discovery of devices.
The following is the command syntax:
installdsb <DSB filename> [--nomibs]
If the device support bundle contains a MIB file that you do not want to import, use the --nomibs
command option.
For more information, see Automating Device Support Request Data Collection.
installmib command
Use the installmib
command to install MIB files from device vendors into the system. NetMRI needs this information to convert the names of object identifiers (OIDs) to numeric values.
The following is the command syntax:
installmib <MIB filename>
installhelpfiles command
Use the installhelpfiles
command to install custom help information to appear on a specified Issue Details page for a custom issue. Should no custom Issues information be found, the command will terminate with a "No issue titles found" message. For more information, see Creating Custom Issue Help Files.
license generate command
Use the license generate
command to obtain a new NetMRI license or modify an existing license on the physical appliance. To use this command on a NetMRI virtual appliance, contact Infoblox Technical Support at the following URL http://support.infoblox.com to generate a license file or to enable this command, so you can generate a license file on your own. You can modify the installed evaluation license file before rebooting the system.
You can choose to deploy the NetMRI appliance as a standalone appliance or the Operations Center. When you configure a standalone appliance, you can convert it to the Operations Center mode. Once you configure an appliance as the Operation Center, you cannot revert it to the standalone mode. You can choose to install the following license types: Full NetMRI, ACM (Automation Change Management), SPM2 (Switch Port Manager), or Keep existing. In addition, you can modify the device limit and license expiration date. The device limit indicates the number of devices the appliance is licensed to manage.
The NetMRI NT-1400 appliance is licensed as standalone even if the OC license is applied. For information about the NetMRI NT-1400 appliance, see Operations Center Appliances and Requirements.
For the Customer Name field, use only US-ASCII symbols.
Example 1 Sample output when you continue to use an existing license
netmrivm193> license
Usage: license show|log|generate|<LicenseFile>
netmrivm193> license generate
Do you want to start license generate now? (y/n) [n]: y
Current License:
License Type: Full NetMRI (Customer)
License Source: N/A
Customer Name: FULLNM
Controller role: Standalone
Device Limit: 1000
Maintenance Expiration: 2020-03-09
Modules Info:
Full NetMRI: on, Expired: Never
Automation Change Manager: off, Expired: Expired
Switch Port Management: off, Expired: Expired
NetMRI without SPM: off, Expired: Expired
IPAM Insight (Discovery): off, Expired: Expired
Network Automation: off, Expired: Expired
Customer Name [FULLNM]:
Choose your controller role
1. Standalone
2. OC
Enter choice [1]:1
Choose license
1. Full NetMRI
2. ACM
3. SPM2
4. Keep existing
Enter choice [4]: 4
INFO: No specific platform file found for this model (Unknown). Using defaults.
Device Limit [1000]:
Maintenance expiration date [2020-03-09]:
No changes in license are made
Example 2 Sample output when you run this command on a NetMRI virtual appliance
SA193> license generate
*** This option is disabled for Virtual Appliances. Please contact Customer Support to enable it or to generate a license file
Example 3 Sample output when you have configured an Operations Center environment
netmrivm193> license generate
Do you want to start license generate now? (y/n) [n]: y
Current License:
License Type: Full NetMRI (Customer)
License Source: N/A
Customer Name: FULLNM
Controller role: OC
Device Limit: 1000
Maintenance Expiration: 2020-02-20
Modules Info:
Full NetMRI: on, Expired: Never
Automation Change Manager: off, Expired: Expired
Switch Port Management: off, Expired: Expired
NetMRI without SPM: off, Expired: Expired
IPAM Insight (Discovery): off, Expired: Expired
Network Automation: off, Expired: Expired
Customer Name [FULLNM]:
The Choose your controller role option will not be available when you have configured OCs.
Please ensure OC and collectors have the same license type and device limit on OC matches the sum of device limits on collectors
Choose license
1. Full NetMRI
2. ACM
3. SPM2
4. Keep existing
Enter choice [4]:
INFO: No specific platform file found for this model (Unknown). Using defaults.
Device Limit [1000]:
Maintenance expiration date [2020-02-20]:
No changes in license are made
Example 4 Sample output when you modify an existing license to SPM2 license
netmrivm193> license generate
Do you want to start license generate now? (y/n) [n]: y
Current License:
License Type: Full NetMRI (Customer)
License Source: N/A
Customer Name: FULLNM
Controller role: Standalone
Device Limit: 1000
Maintenance Expiration: 2020-05-20
Modules Info:
Full NetMRI: on, Expired: Never
Automation Change Manager: off, Expired: Expired
Switch Port Management: off, Expired: Expired
NetMRI without SPM: off, Expired: Expired
IPAM Insight (Discovery): off, Expired: Expired
Network Automation: off, Expired: Expired
Customer Name [FULLNM]: Name
Choose your controller role
1. Standalone
2. OC
Enter choice [1]:
Choose license
1. Full NetMRI
2. ACM
3. SPM2
4. Keep existing
Enter choice [4]: 3
INFO: No specific platform file found for this model (Unknown). Using defaults.
Device Limit [1000]:
Maintenance expiration date [2020-05-20]:
Apply license changes? (y/n) [n]: Y
Applying license...
INFO: No specific platform file found for this model (Unknown). Using defaults.
Setting up CAM modules
license is applied
+++ NetMRI is being restarted ...
result of initial stop '/usr/bin/nohup: ignoring input
systemctl stop skipjack.service
systemctl stop httpd.service
'
result of stop kill 'systemctl stop skipjack.service
systemctl stop httpd.service
'
netmrivm193>
License generation FULLNM to SPM
license show command
The license show
command displays your current NetMRI license configuration. You can also view your license features, controller mode, expiration date, and license type information.
netmrivm193> license show
License Type: Full NetMRI (Customer)
License Source: N/A
Customer Name: FULLNM
Controller role: Standalone
Device Limit: 1000
Maintenance Expiration: 2020-03-09
Modules Info:
Full NetMRI: on, Expired: Never
Automation Change Manager: off, Expired: Expired
Switch Port Management: off, Expired: Expired
NetMRI without SPM: off, Expired: Expired
IPAM Insight (Discovery): off, Expired: Expired
Network Automation: off, Expired: Expired
license log command
The license log
command displays the license information and timestamps for all your NetMRI license activities. The following example shows sample output from the license log
command:
2017-08-01 23:41:49 [info] License Type: Full NetMRI (Temporary)
2017-08-01 23:41:49 [info] License Source: set temp_license
2017-08-01 23:41:49 [info] Customer Name: FULLNM
2017-08-01 23:41:49 [info] Controller role: Standalone
2017-08-01 23:41:49 [info] Device Limit: 1000
2017-08-01 23:41:49 [info] Maintenance Expiration: 2020-08-20
2017-08-01 23:41:49 [info] Modules Info:
2017-08-01 23:41:49 [info] Full NetMRI: on, Expired: Never
2017-08-01 23:41:49 [info] Automation Change Manager: on, Expired: 2017-10-27
2017-08-01 23:41:49 [info] Switch Port Management: on, Expired: 2017-10-27
2017-08-01 23:41:49 [info] NetMRI without SPM: off, Expired: Expired
2017-08-01 23:41:49 [info] IPAM Insight (Discovery): off, Expired: Expired
2017-08-01 23:41:49 [info] Network Automation: off, Expired: Expired
2017-08-02 22:17:38 [info] License Type: Full NetMRI (Customer)
2017-08-02 22:17:38 [info] License Source: N/A
2017-08-02 22:17:38 [info] Customer Name: FULLNM
2017-08-02 22:17:38 [info] Controller role: Standalone
2017-08-02 22:17:38 [info] Device Limit: 1000
2017-08-02 22:17:38 [info] Maintenance Expiration: 2020-07-20
2017-08-02 22:17:38 [info] Modules Info:
2017-08-02 22:17:38 [info] Full NetMRI: on, Expired: Never
2017-08-02 22:17:38 [info] Automation Change Manager: off, Expired: Expired
2017-08-02 22:17:38 [info] Switch Port Management: off, Expired: Expired
2017-08-02 22:17:38 [info] NetMRI without SPM: off, Expired: Expired
2017-08-02 22:17:38 [info] IPAM Insight (Discovery): off, Expired: Expired
2017-08-02 22:17:38 [info] Network Automation: off, Expired: Expired
ls command
The ls
command lists files and directories within the file system and displays detailed information about them.
The syntax for the ls
command is as follows:
ls [options] [files]
The ls
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
maintenance command
Note
Do not run the maintenance
command from your system without instructions from Infoblox Support.
Use the maintenance
command to manually execute the NetMRI database maintenance process. Normally, database maintenance is performed weekly to archive the network database and fix any problems in the database.
md5sum command
Use the md5sum
command to print or check MD5 (128-bit) checksums.
The md5sum
command uses the following syntax:
md5sum [option] [file]
The md5sum
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
more command
Use the more
command to view long text files. The command displays one section of the file at a time and allows you to scroll all the way to the end of the file.
The syntax of the more
command is as follows:
more [options] file
The more
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
netstat command
Use the netstat
command to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
The following is the command syntax:
netstat [address_family_options] [--tcp|-t] [--udp|-u] [--raw|-w]
[--listening|-l] [--all|-a] [--numeric|-n] [--numeric-hosts][--numeric-
ports][--numeric-ports] [--symbolic|-N] [--extend|-e[--extend|-e]]
[--timers|-o] [--program|-p] [--verbose|-v] [--continuous|-c] [delay]
netstat {--route|-r} [address_family_options]
[--extend|-e[--extend|-e]][--verbose|-v] [--numeric|-n] [--numeric-
hosts][--numeric-ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--ver‐
bose|-v] [--program|-p] [--numeric|-n] [--numeric-hosts][--numeric-
ports][--numeric-ports] [--continuous|-c] [delay]
netstat {--groups|-g} [--numeric|-n] [--numeric-hosts][--numeric-
ports][--numeric-ports] [--continuous|-c] [delay]
The netstat
command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
ping and ping6 commands
The ping
and ping6
commands verify if a remote IPv4 or IPv6 host is functioning and accessible across the network. When you execute the ping
or ping
6 command, it sends ICMP ECHO requests to the host and displays the results; ping6
can also send Node Information Queries (RFC4620).
The following is the command syntax:
ping [ options ] hostname | IPv4 address
ping6 [ options ] hostname | IPv6 address
The ping and ping6
commands are basic Linux commands. Depending on the system you are working in, the available options for these commands may vary.
provision disk command
Use the provision disk
command to extend the NetMRI VM storage per volume
The NetMRI volumes and their size are displayed on the Settings icon > Database Settings > Storage Management page. For more information, see Storage Management.
Example:
hostname> provision disk
Do you want to provision disks? (y/n) [n]: y
Unused disks found.
You can select a disk to attach to NetMRI storage:
Please select a disk to add to NetMRI storage (0 to exit provision):
1 /dev/sdb (17612.8 MB)
Enter disk number: 1
*** Adding '/dev/sdb' to NetMRI storage ***
Creating partition: Device /dev/sdb1 has been successfully added to NetMRI storage.
This machine has 23 gigabytes of unused space.
Do you want to extend partitions? (y/n) [n]: y
Please select storage to provision (0 to exit provision):
1 - Backup Storage
2 - Database Storage
3 - Log Storage
4 - Application Storage
5 - Temporary Storage
6 - OS storage
1 - 6 [1]> 3
Space to add to Log Storage in gigabytes. (0 to exit provisioning): 16
Will add 16 GB to Log Storage
Are you sure? This action cannot be undone. (y/n) [n]: y
Shutting down NetMRI: OK
Extending 'log_storage' volume: OK
Resizing filesystem (this may take a while, please be patient): OK
*** Disk space successfully provisioned ***
Starting NetMRI: OK
Warning
Do not detach hard disks that you already attached and added to the NetMRI storage. This may result in a broken NetMRI appliance.
rdtclient command
Note
Do not run the rdtclient
command in your system before obtaining instructions from Infoblox Support.
Use the rdtclient
command to diagnose issues from any NetMRI Operations Center or standalone NetMRI appliance. The RDT (remote diagnostic tool) automates complex troubleshooting procedures through the use of the following:
- Opening a NetMRI support case with Infoblox;
- Receipt of a token from Infoblox Support;
- Entry of this token into NetMRI through the
rdtclient
command, which triggers an automated action process; - The action process collects the logs generated from the automated procedure and sends those logs to Infoblox through a temporary SSH encrypted tunnel.
The benefit of using rdtclient
is that the NetMRI admin avoids being tied to troubleshooting tasks and can pursue normal activities while NetMRI executes the remote diagnostic. All communications, including possible support engineer interaction with the system, are carried out with strict security and procedural limitations.
Before using rdtclient
, establish a support case with Infoblox Support and receive the token string file and further instructions on command execution, including the action
argument.
Example:
netmrivm193> rdtclient
Usage: rdtclient [options] ([action] | [action] [token] )
-V, --version
-h, --help
-v, --verbose
-q, --quiet
Action can be in one of three categories: Registration, Tunnel Control, and Remote Transfers
Tunnel Control: (None enabled until after registration)
Remote Transfers/Actions: (None enabled until after registration)
Registration: (register)
Some of the above Actions require a token, provided by Infoblox:
(None enabled until after registration)
reboot command
Use the reboot
command to restart the appliance when it appears to be frozen.
Example:
netmrivm193> reboot
Enter 'y' to REBOOT the system: y
recalculate-spm command
A command to allow re-population of all Switch Port Manager data tables with information from one day to 30 days in the past. The function is similar to selecting a date for re-populating a single SPM table from the calendar selector in the top left corner of the UI, but the recalculate-spm command repopulates the entire set of SPM tables.
Note
Do not run the recalculate-spm
command from your system without instructions from Infoblox Support.
corp100_west> recalculate-spm
Enter time period in days for SPM generation ( should be between 1 and 30 ): 1
corp100_west>
refreshgroups command
Note
Do not run the refreshgroups
command from your system without instructions from Infoblox Support.
The refreshgroups
command directs NetMRI to rebuild all defined Interface Groups and Device Groups in the local appliance. The refreshed groups data appears in the NetMRI UI after a few moments.
Example:
netmrivm193> refreshgroups
Requesting regeneration of 22 device groups...
App Servers...request sent.
App Servers w/o SNMP...request sent.
Development Lab Network...request sent.
IT Services...request sent.
IT Services w/o SNMP...request sent.
NAME ONLY...request sent.
Network Low-Level...request sent.
Network Management...request sent.
Network Pending...request sent.
Network w/o SNMP...request sent.
NIOS...request sent.
Optimizers...request sent.
Routing...request sent.
Security...request sent.
Switching...request sent.
UNKNOWN...request sent.
Video...request sent.
Voice...request sent.
Wireless...request sent.
Workstations...request sent.
Workstations w/o SNMP...request sent.
Requesting regeneration of 4 interface groups...
Active Router Interfaces...request sent.
Admin Down...request sent.
Switch Ports...request sent.
Trunk Ports...request sent.
Depending on the size of the network, it may take a few minutes for the results to be reflected in the user interface. On an OC, it will take an extra minute or so as the calculations are done on the collectors and transferred up to the OC.
register command
Use the register
command to register collectors with the operations center. For more information, see 6th Step: Registering NetMRI Collectors.
Example:
admin-na206.corp100.local> register
NOTICE: The inactivity timeout is being disabled temporarily while this command is run.
+++ Configuring Tunnel Registration Settings
Registration Server/IP [e.g., example.com]: 10.1.21.2
Registration protocol (http|https) [https]:
Registration username: admin
Registration password:#$^%#*#$
Register this system? (y/n) [y]:y
remoteCopy command
Use remoteCopy
to send files to another host system from the local NetMRI appliance.
Example:
netmrivm193> remoteCopy
Enter filename: netmri122.dat
Enter destination host: SC-L-RGRACE3
Enter destination directory: \dev\local\data\
Enter username: rgrace
Warning: Permanently added '10.120.32.193' (RSA) to the list of known hosts.
NetworkAutomation rgrace
ALL UNAUTHORIZED ACCESS TO THIS SYSTEM WILL BE PROSECUTED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAWS.
rgrace@10.120.32.193's password: ********
netmri122.dat 100% 704 221.7KB/s 00:00
removedsb command
Note
Before running the removedsb
command in your system, obtain instructions from Infoblox Support.
Use removedsb
to delete device support bundle files from the default directory /var/local/netmri/dsb in the local NetMRI appliance. This is generally a housekeeping command, but exercise caution when deleting database files.
removemib command
Use removemib
to delete vendor SNMP MIB files from the MIB library in NetMRI. The removemib
command automatically points to a location in the system, that contains all MIBs installed by admins into NetMRI. (For a list of installed MIBs, you can go to the Settings icon > Setup > MIB Management.) Removemib is limited to MIBs that are installed by admins of the system; MIBs that are bundled with NetMRI cannot be deleted using this command. You should also know the file name for the MIB before deleting it. Files of this type are placed into the /var/local/netmri/dsb/mibmanager/source
directory. If no MIB files are located in this folder, you will not be able to remove any other MIB files.
Example:
netmrivm193> removemib A3Com-products-rev2-MIB
repair command
Use repair
to fix tables in the database that were corrupted by an improper shutdown. The repair
command runs automatically during the startup but is provided here for troubleshooting purposes.
repartition command
Use the repartition
command to change the partitioning scheme of your system. When the system is repartitioned, you can enable the failover feature.
Note
Before running the repartition
command, do the following:
- Create a system archive if you don’t already have one.
- Upload the system archive to another system.
- Do a factory reset (reset the database).
Example:
netmrivm193> repartition
This operation will repartition your system to the new partitioning scheme, and reformat filesystems using a more robust format.
This operation is required to enable the fail over feature.
Once started, this process cannot be cancelled or interrupted. During this process, the server will reboot several times.
Before you can proceed with this operation you must perform a factory reset.
Therefore, if you want to retain data, you must first create a system archive, and download it to another system.
After the system is re-partitioned, you can restore your data.
In summary, before you can proceed, you should:
1. Perform a system archive if you don’t already have one.
2. Download the system archive to another system.
3. Do a factory reset (reset database).
Have you completed the above steps (y|n)? [n]: y
This operation will repartition your system to the new partitioning scheme.
Once started, this process cannot be cancelled or interrupted.
During this process, the server will reboot several times.
Do you want to proceed (y|n)? [n]: y
reset command
Use the reset
command with due caution; changes imposed by resetting parts of the NetMRI system may result in loss of data that you do not intend to lose. Read this entire topic before proceeding.
The reset
command has the following sub-commands:
system
resets NetMRI to the factory default state, erasing all network database information, network database archive files, custom issue help files, ACL settings, user accounts, etc. After areset system
, reconfigure NetMRI using instructions in the Infoblox Deployment Guide for NetMRI and Operations Center.reset
admin
resets the administrator password to admin.
If the administrator password has been forgotten, neither the administrative shell nor the browser interface can be accessed. In this case, contact Infoblox Support for further assistance. If desired, the unit can still be manually reset from the console interface using the following steps:
- Attach a keyboard and monitor to the appliance or connect through a terminal session to the serial port.
- Log in using the username reset. No password is needed for that account that can only perform a reset.
- Confirm the reset.
| Resets the current NetMRI instance's installed licenses. Reset all_licenses does not reset the NetMRI database, which allows portability of data from one product to another (from a virtual appliance to a physical appliance, for example). |
| Resets the assigned CLI credentials to every discovered device, forcing NetMRI to re-guess CLI credentials. |
| Resets the NetMRI instance's database removing all collected device information, all license entitlements and any scripts, policies, or templates you created. Retains only user-defined configuration from "configure server" (i.e. IP address, host mask, gateway, database name, DNS and NTP server). This command purges all previously discovered network devices and all associated data for those devices. |
| Resets the assigned SNMP credentials to every discovered device, forcing NetMRI to reguess SNMP credentials. |
| Resets the NetMRI system in its entirety to factory defaults. Should you previously have run the |
| Resets all Automation Change Manager registration settings for the current NetMRI instance. |
| Clears any existing tunnel client configuration in an Operations Center collector system. This command is present in all NetMRI standalone appliances but can be ignored if the appliance is not acting as a collector. This process is included in a reset system, but can be run manually if a new key pair is needed for the tunnel client, or if the tunnel client must be re-registered with another Operations Center Controller. |
| (Only available on Operations Center servers) Clears all VPN tunnel configuration information, including all keying material and client configurations. When run, any existing client configuration is invalidated. You must then run |
| Displays the software version of the current NetMRI instance. |
| Displays statistics about virtual memory usage, including operating system memory, interrupts, paging and disk I/O. |
restore command
With the restore
command, you can reconstruct previously backed up NetMRI data from the archive file.
The command’s syntax is:
restore <archiveFile>
Restoring an archive overwrites current data.
rm command
Use rm
to delete files and file directories on the NetMRI file system. As with any command involving modification of files, exercise caution when using the rm command.
sandbox command
For more information, see Sandbox Commands.
sapwalk command
Use the sapwalk
command to receive information from an SNMP device that contains object IDs, their values, and types.
The following is the command syntax:
sapwalk
To get data from an SNMP device:
- At the command prompt of the administrative shell, enter
sapwalk
and press Enter. - Enter the SNMP hostname or IP address and then press Enter.
- If the network view is not determined automatically, enter the network view and press Enter.
- Enter the SNMP version (1,2c, or 3) and press Enter.
- Depending on the SNMP version you entered, do one of the following:
- For SNMP v1 or 2c, enter the SNMP community string.
- For SNMP v3, do the following:
- Enter the SNMP username and press Enter.
- If SNMP authentication is configured on your device, enter y, and then provide the SNMP authentication passphrase and authentication protocol (MD5 or SHA). If not, enter n and press Enter.
- If SNMP privacy is configured on your device, enter y, and then provide the SNMP privacy passphrase and the SNMP privacy protocol (DES, 3DES, AES128, AES192, AES256, AES192C, or AES256C). If not, enter n and press Enter.
- Enter the root OID.
The data is stored in a file with the following file name: sapwalk-<SNMP hostname>.txt
set temp_license command
You can set up and install a single 60-day evaluation license for any of the following NetMRI product licenses:
- Automation Change Manager
- Full NetMRI
- Add Switch Port Manager
The appliance limits set temp_license
to a single 60-day license. If you wish to extend the operation of a particular license, a new license must be purchased from Infoblox Customer Service.
Automation Change Manager may be licensed without the use of full NetMRI.
Example 1:
LosAngeles> set temp_license
1. Add Switch Port Manager license
2. Add Automation Change Manager license
3. Add NetMRI license
Select license (1-3) or q to quit: 2
This action will generate a temporary 60-day Automation Change Manager license.
Are you sure you want to do this? (y or n): y
Automation Change Manager temporary license installed.
Expiration: 2017-10-27
Temporary license installed.
setup command
The setup
command enables the configuration of the management port (MGMT) IP address, IP subnet mask, default gateway, and DNS servers. Other critical settings include the network name (for the network over which NetMRI will collect data), the local Domain Name, the NTP time server, and the time zone.
Example:
navm193 > setup
This option allows you to configure system settings such as IP address,
subnet mask, default gateway, and DNS servers.
Do you want to start system setup now? (y/n) [n]: y
Default values, when available, are given within [].
You may clear defaults by typing a SPACE and pressing Enter.
+++ Configuring Network Identification Settings
Database Name is a descriptive name for this deployment. It is used in reports titles, headers, etc.
Recommended: Begin name with uppercase letter.
Database Name [corp100]:
The Server Name identifies this system in SNMP and HTTPS server certificates.
The installed HTTPS certificate contains the following subject:
subject= /CN=rgrace-dev/O=Network Automation
Server Name [corp100-dev]:
Do you want to generate a new HTTPS Certificate? (y/n) [n]:
Domain Names are used to truncate device names in NetMRI tables and reports.
Recommended: specify local domain name(s).
Domain Name 1 (e.g., example.com) [west.corp100.local]:
Domain Name 2 (optional) [east.corp100.local]:
Time Servers are used to synchronize time with reliable time sources.
Recommended: use a local ntp server if available.
Time Zone Regions
Choose your local region.
0. Africa 1. Antarctica 2. Arctic 3. Asia
4. Atlantic 5. Australia 6. Brazil 7. Canada
8. CET 9. Chile 10. EET 11. GMT
12. GMT-1 13. GMT+1 14. GMT-2 15. GMT+2
16. GMT-3 17. GMT+3 18. GMT-4 19. GMT+4
20. GMT-5 21. GMT+5 22. GMT-6 23. GMT+6
24. GMT-7 25. GMT+7 26. GMT-8 27. GMT+8
28. GMT-9 29. GMT+9 30. GMT-10 31. GMT+10
32. GMT-11 33. GMT+11 34. GMT-12 35. GMT+12
36. Europe 37. Hongkong 38. Iceland 39. Indian
40. Israel 41. Mexico 42. NZ 43. NZ-CHAT
44. Pacific 45. US 46. UTC 47. WET
Enter choice (0-47) [45]:
+++ Configuring Management Port Settings
You must configure an IPv4 or IPv6 address/mask on the management port.
NetMRI can perform analysis from the management port or a separate scan port.
IP Address (optional):
Subnet Mask (optional):
IPv6 Address (optional):
IPv6 Prefix (optional):
...
You can also configure the SCAN port for the appliance. No network view configuration is defined during setup.
show command
The show
command displays information about specified NetMRI components.
RG_Standalone> show
Show Commands:
acl | disk |
| severs | updatelog |
certificate | dsb | license | settings | version |
date | ethernet | load | stats | virtual |
dbprocs | id | memory | tech | |
diagnosticlog | idmethods | process | tunclient | |
discovery | interfaces | route | updatehistory |
The show
command supports the following sub-commands:
| Displays the internal ACL filter list automatically generated by the NetMRI appliance (this is a security measure to protect the NetMRI system. |
| Displays the currently installed NetMRI HTTPS certificate. |
collectors | Allows you to run some subcommands of the The following is the command syntax:
You can run the following commands on the collector: Example:
When you run the |
| Shows the current system date and time. |
| Shows the complete lists of system tasks tied to database management in the system, Process ID, User, database being modified, and other information. |
| Executes a diagnostic script in NetMRI to perform a check on the system. |
| Lists the complete table of the discovery database for the current NetMRI system. |
| Shows the file system disk space usage. The output of the |
diskusage | Shows the disk space usage of the file system and the size of the following folders:
|
drbd | Shows the version of the distributed replicated block device (DRBD). Example:
|
dsb | Shows detailed information about the installed device support bundles (DSB). Example:
|
| Shows the complete Ethernet port configuration for the current NetMRI appliance. |
| Lists the current appliance's serial number. |
| Show the system settings for device identification methods during Discovery, including Vendor (1), Model (2), OS Version (3) or Device Type (4). entering a number from 1-4 displays a table of a category of network device identity properties currently defined in NetMRI. |
| Displays the complete list of physical and virtual interfaces built into or bound to the current NetMRI instance. |
| Displays a quick assessment of the current system load and throughput. May be useful in troubleshooting. |
| Shows the current licensing status for the NetMRI instance; also displays the current Platform Device Limit, License Device Limit and Effective Device Limit for all licenses installed in the system. Warning alerts also appear if any license limits are overridden for any cause. |
load | Shows how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes. |
| Provides a listing of memory usage for the current NetMRI instance. |
| Lists all the computing processes running in the current NetMRI instance. |
| Displays the routing table for the current appliance. For more information, see the 15703612. |
| Separately lists the server processes running in NetMRI, the number of CPU cycles and memory each occupies, and other information. |
| Lists the key configuration settings for the current NetMRI instance, including the management and scan port IPs and assigned names. |
| Displays basic system statistics including the current date, average CPU usage, average level of free memory, and the disk usage by the current system. |
| Displays a broad overview of information about the current NetMRI instance for use by technical support, including the system timestamp, discovery settings, network connections, port configuration, and other elements. |
| Displays Collector VPN settings and connection status to the Operations Center Controller. |
| Displays Operations Center Controller's VPN settings and lists attached Controllers (applies only to OC Controllers). |
| Lists the brief version of the update history for the current NetMRI instance. |
| Lists the verbose information about the current NetMRI instance's history of system software updates. |
| Displays NetMRI version, serial number, network name, and server name. |
| Displays information about the appliance's virtual memory usage (swap file partitions, etc.) including memory, processes, interrupts, paging, and block I/O. Similar to the Unix vmstat command. |
show license command
The show license
command displays your current NetMRI license configuration. You can also view your license features, license type, expiration date, and license ID information.
Example:
netmrivm193> show license
License Information:
--------------------------------
Serial Number: VM-94AD-61B27
License ID: VM-94AD-61B27-20170308-0124361
License Expires: Never
License Type: Customer
Mode: standalone
Maintenance Expires: 2020-03-09
Licensed Device Limit: 1,000
License Features:
Switch Port Manager Support: off
Switch Port Manager Expiration: N/A
Automation Change Manager Support: off
Automation Change Manager Expiration: N/A
NetMRI Support: on
NetMRI Expiration: Never
show route command
You can use the show route
command to display the routing table for the current appliance.
Example:
rgrace64-212.inca.infoblox.com> show route
Kernel IP routing table
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
| ||||||
| |||||||||||||
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
|
snmpwalk command
Obtain a tree of information from a network device using automatic SNMP GETNEXT commands. In NetMRI’s administrative shell version of the snmpwalk
command, you can specify the SNMP version, the community string, and the desired Root Object ID (OID).
For SNMP v3, you can additionally specify the encryption protocol from the following:
- aes-128
- aes-192
- aes-192C (for Cisco devices only)
- aes-256
- aes-256C (for Cisco devices only)
- des
- 3des
The command’s syntax is:
snmpwalk 22
The command prompts for further information before executing (if only one network view exists in the NetMRI appliance, you will not be prompted to enter that value):
SA4-17> snmpwalk
Enter SNMP hostname or IP address []: 172.19.4.192
Enter Network View []: MGMT
Enter SNMP version (1, 2c, 3) [2c]: 3
Enter SNMP Username [ ]: aes_username
SNMP Authentication [no]: yes
Enter SNMP Authentication Passphrase [ ]: my_passwd
Enter SNMP Authentication Protocol [MD5]: sha
SNMP Privacy [no]: yes
Enter SNMP Privacy Passphrase [ ]: my_aes_passwd
Enter SNMP Privacy Protocol [DES]: aes-256
Enter Root OID to start walk [system]:
Use legacy snmpwalk tool [n]:
+++ Executing snmpwalk ...
#######################################################################
# Generated by NetMRI Administrator SNMP Walk
# SerialNo : 4850201904810449
# SNMP Host: 172.19.4.192
# SNMP Root: system
# StartTime: Mon Aug302:01:06 PDT 2020
#######################################################################
sysDescr.0 = DisplayString : Linux stsitou-deb10 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64
sysObjectID.0 = ObjectIdentifier : 1.3.6.1.4.1.8072.3.2.10 (Net-SNMP Net-SNMP)
sysUpTime.0 = TimeTicks : 40923950
sysContact.0 = DisplayString : Me <me@
example.org
>
sys
Name
.0 = DisplayString : stsitou-deb10
sysLocation.0 = DisplayString : Sitting on the Dock of the Bay
sysServices.0 = Integer32 : 4
sysORLastChange.0 = TimeStamp : 0
sysORID.1 = ObjectIdentifier : 1.3.6.1.6.3.10.3.1.1 (snmpFrameworkMIBCompliance)
sysORID.2 = ObjectIdentifier : 1.3.6.1.6.3.11.3.1.1 (snmpModules)
sysORID.3 = ObjectIdentifier : 1.3.6.1.6.3.15.2.1.1 (snmpModules)
sysORID.4 = ObjectIdentifier : 1.3.6.1.6.3.1 (snmpMIB)
sysORID.5 = ObjectIdentifier : 1.3.6.1.6.3.16.2.2.1 (vacmBasicGroup)
sysORID.6 = ObjectIdentifier : 1.3.6.1.2.1.49 (tcpMIB)
sysORID.7 = ObjectIdentifier : 1.3.6.1.2.1.4 (ip)
sysORID.8 = ObjectIdentifier : 1.3.6.1.2.1.50 (udpMIB)
sysORID.9 = ObjectIdentifier : 1.3.6.1.6.3.13.3.1.3 (snmpModules)
sysORID.10 = ObjectIdentifier : 1.3.6.1.2.1.92 (mib-2)
sysORDescr.1 = DisplayString : The SNMP Management Architecture MIB.
sysORDescr.2 = DisplayString : The MIB for Message Processing and Dispatching.
sysORDescr.3 = DisplayString : The management information definitions for the SNMP User-based Security Model.
sysORDescr.4 = DisplayString : The MIB module for SNMPv2 entities
sysORDescr.5 = DisplayString : View-based Access Control Model for SNMP.
sysORDescr.6 = DisplayString : The MIB module for managing TCP implementations
sysORDescr.7 = DisplayString : The MIB module for managing IP and ICMP implementations
sysORDescr.8 = DisplayString : The MIB module for managing UDP implementations
sysORDescr.9 = DisplayString : The MIB modules for managing SNMP Notification, plus filtering.
sysORDescr.10 = DisplayString : The MIB module for logging SNMP Notifications.
sysORUpTime.1 = TimeStamp : 0
sysORUpTime.2 = TimeStamp : 0
sysORUpTime.3 = TimeStamp : 0
sysORUpTime.4 = TimeStamp : 0
sysORUpTime.5 = TimeStamp : 0
sysORUpTime.6 = TimeStamp : 0
sysORUpTime.7 = TimeStamp : 0
sysORUpTime.8 = TimeStamp : 0
sysORUpTime.9 = TimeStamp : 0
sysORUpTime.10 = TimeStamp : 0
#######################################################################
# EndTime: Mon Aug 3 02:01:06 PDT 2020
#######################################################################
+++ Results stored in snmpwalk-172-19-4-192.txt
Use SCP to connect to the NetMRI appliance to obtain the file. You can also view the file from the administrative shell using the cat [snmpwalk-172-19-4-192.txt]
command.
ssh-key commands
ssh-key create
ssh-key delete
ssh-key export
ssh-key import
NetMRI provides support for outside SCP applications to use SSH keys in lieu of passwords. You can manage SSH keys through a series of administrative shell commands (ssh-key create
, ssh-key export
, ssh-key delete, and ssh-key import
). You create SSH keys with a variety of key types and bit sizes using the ssh-keycreate
command.
Example:
rgrace-dev> ssh-key create
Specify the type of key to create. The possible values are 'dsa' or 'rsa' for protocol version 2.
1. dsa
2. rsa
Enter choice [2]:
Specify the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
1. 768
2. 1024
3. 2048
4. 4096
Enter choice [3]:
Selected Options:
Key Type : rsa
Bits : 2048
Create SSH keys using these options? (y or n):y
Successfully created SSH keys.
After creating SSH keys, you can enable the Use SSH Keys option in the Archive Database, Scheduled Archive and Remote Config Archive feature pages (available under the Settings icon > Database Settings).
When enabled, the SSH public key needs to be installed on the remote SCP servers for operations to be successful. To do so, export the SSH public key from NetMRI in a variety of formats by running the ssh-key export
command in the NetMRI administrative shell. In an OC environment, SSH keys are created only on the Operations Center Controller; in that case, operations that use SSH keys only run on the Controller and not on the Collectors.
supportbundle command
Use the supportbundle
command to specify the number of days you want NetMRI to collect logs for the support bundle. You can specify from one to 99 days. The default is zero, which means NetMRI collects all the logs without time restriction.
The following is the command syntax:
supportbundle create [c]
supportbundle delete nnn
supportbundle resend nnn
supportbundle list
where
[c]
is the number of days you want NetMRI to collect logs for the support bundle. You can specify from 1 to 99 days. The default is 0, which means NetMRI collects all the logs without time restriction.nnn
is the number of files in the support bundle list.
telnet command
Use the telnet
command to communicate with another host using the TELNET protocol.
The telnet
command does not take any arguments.
When you run the telnet
command in the administrative shell, it enters the command mode that is indicated by its prompt telnet>
. In the command mode, run the necessary commands. To exit the command mode and return to the NetMRI administrative shell, run the quit
command.
Example:
netmrivm193> telnet
telnet>
top command
Use the top
command to display Linux tasks. It provides a dynamic real-time view of the running system. This command shows the summary information of the system and the list of processes or threads which are currently managed by the Linux Kernel.
The following is the command syntax:
top -hv | -bcHisS -d delay -n iterations -p pid [, pid ...]
The traditional switches '-' and whitespace are optional.
The top command is a basic Linux command. Depending on the system you are working in, the available options for this command may vary.
traceroute and traceroute6 commands
The traceroute
and traceroute6
commands display information on the route IPv4 or IPv6 packets. You can use the commands to determine the path of an IPv4 or IPv6 query. The commands provide information on the path packets travel and the time it takes to reach the IPv4 or IPv6 destination address.
The following is the command syntax:
traceroute [ options ] hostname | IPv4 address
traceroute6 [ options ] hostname | IPv6 address
The traceroute and traceroute6 commands are basic Linux commands. Depending on the system you are working in, the available options for these commands may vary.