Page tree

Contents

A primary application for NetMRI is discovering the network and all its infrastructure devices.

NetMRI’s discovery features perform a crucial task, which is to locate and categorize all devices on a previously unmanaged network. By providing a high-level view of all devices in a network with which NetMRI can communicate, discovery enables managers to begin controlling a complex network topology, and drill down to individual devices to diagnose communication problems encountered during discovery.

You can define basic discovery settings during system setup (discussed in detail in Running the Setup Wizard), or manually perform discovery using a series of straightforward steps. The following section Discovery with a New NetMRI Deployment describes how to manually configure and run discovery.

If you are migrating your NetMRI platform to the current release, see Discovery with an Existing NetMRI Platform.

Note

Infrastructure devices are devices that form the network infrastructure. See Infrastructure Devices List for currently supported devices.

About Network Discovery

When network discovery starts after the Wizard setup or platform upgrade, it runs continuously as a background task, staying up to date with device and network changes as they happen. You can watch the progress of discovery as NetMRI learns your network, and adjust discovery settings to control what it finds and how it collects data.

Note

You can change discovery settings at any time either through the Setup Wizard (Settings icon –> Setup –> Setup Wizard) or through individual Settings pages (such as Settings icon –> Setup –> Discovery Settings).

You can also flexibly define discovery blackouts at the network, discovery range, device group, and device level to prevent discovery protocols and traffic from occupying network bandwidth at inopportune times, such as latency-sensitive trading or video applications operating during daytime hours. For information, see Configuring Network Discovery Settings and Defining Blackout Periods.

To perform network discovery, you use several fundamental tools: Network Views, Scan Interfaces, Discovery Settings, and SNMP/CLI credentials.

  • Network Views: NetMRI uses network views to create separate management domains for your networks and devices, including VRF-based virtual networks. You manage every network, including virtual networks, through a separate network view. For more information, see Configuring Network Views.
  • Scan Interfaces: You configure scan interfaces to physically or logically connect to multiple networks, enabling discovery and management in different network domains. Every scan interface you create maps to a network view. For more information, see Configuring Scan Interfaces.
  • Discovery Settings: You specify the IP prefixes, also called discovery ranges, to define the IP address space that is managed on each network. Another key setting is called a seed router, which is a gateway routing device considered to help speed discovery across more network spaces. For more information, see Configuring Network Discovery Settings.
  • SNMP and CLI Credentials: NetMRI requires SNMP for most discovery tasks. Many discovery and data collection tasks, including VRF discovery, also require the use of CLI and Enable password credentials to access device configurations. You collect and add these values to NetMRI through a Credentials page. For more information, see Adding and Editing Device Credentials.

Discovery with an Existing NetMRI Platform

When existing customers update a NetMRI deployment to the current release, a number of changes appear in the deployment.

  • Your currently managed network, with its current discovery settings, is managed through a new network view named after the previously defined network name. No further configuration is necessary for continued network management but changes can be made at any time. For more information, see Configuring Network Views.
  • Existing discovery settings, such as CIDR discovery ranges, are automatically assigned to the network view used for the managed network.
  • Your SCAN port for your appliance (or appliances, in the case of Operations Center deployments using Collectors) will automatically be assigned to the network view that is used for your present managed network. This port will be named LAN1. For more information, see Running Network Discovery#Configuring Scan Interfaces.
  • Depending on your appliance, a second LAN2 port is made available for further network connections.
  • Your MGMT port will continue to operate as the appliance's Web management interface.
  • All active Ethernet interfaces on your appliance(s), including the MGMT port, support Ethernet 802.1Q encapsulation for virtual scan interfaces. For more information, see Configuring Virtual Scan Interfaces.
  • If VRF-aware devices exist on your managed network, System Health banner messages will notify you about unassigned VRFs. To enable full network discovery and control for each virtual network, these networks need to be mapped to virtual scan interfaces. For more information, see Mapping Virtual Networks to Network Views and Configuring Virtual Scan Interfaces.

Existing Operations Center deployments will see the following changes:

  • For an OC deployment managing a single large network, you will see multiple entries in the pages under Settings icon –> Setup –> Discovery Settings for selectable network views. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.
  • Multi-Network Operations Center deployments automatically assign each managed network to a new Network View. Each network view is named based upon the original network name.
  • Multi-Network Operations Center deployments automatically define a new set of device groups for each managed network, along with the standard set of device groups. These network-specific device groups are named using the original network name as a prefix.
  • During the upgrade, a Multi-Network OC deployment creates a series of new network views, each of which corresponds to the networks managed under the prior software release. Each device listed in Network Explorer tables provides a link under a new Network View column, which opens the Network Viewer window. This window lists all devices that are members of the network view.
  • In Multi-Network Operations Center deployments, discovery settings for each network, such as CIDR discovery ranges and seed routers, are automatically associated to the network views for each managed network, that use each of the respective discovery settings.

The following section, Discovery with a New NetMRI Deployment, describes the sequence of high-level tasks you perform to configure and run discovery on your network.

Discovery with a New NetMRI Deployment

Complete the following procedure to perform your first network discovery:

  1. If necessary, install your NetMRI appliance or appliances. For more information, see the Infoblox Installation Guide for your NetMRI appliances. Ensure that you have the full feature licensing and device licensing entitlements for your deployment. For more information, see Understanding Platform Limits, Licensing Limits, and Effective Limits. If you are upgrading your NetMRI installation, check the installation instructions in the Release Notes for your software (and see the section below, Discovery with an Existing NetMRI Platform.
    Also, read the section Preparing for NetMRI VRF Access for information on checking and configuring VRF-aware devices to which NetMRI will connect for managing virtual networks.
  2. Configure your first network views for network management.
    For new installations, NetMRI automatically provides an initial network view, named Network 1, as part of the initial setup. For the initial discovery of the network, you may only need this first network view. For more information, see Configuring Network Views.
  3. You combine network views with scan interfaces to separate and manage networks. For new installations, the Network 1 network view is automatically bound to your appliance's LAN1 port. This may be the only interface you need for initial network discovery. This interface connects to the router through which NetMRI begins to discover the network. For more information, see Configuring Scan Interfaces.
  4. Configure your discovery settings. They include discovery IP address ranges, possible static IP addresses of devices you explicitly want to discover in your networks, a seed router for network discovery and possible device hints to improve odds of finding devices. The seed router might be, for example, the router to which NetMRI first connects for discovery of the network. For more information, see the sections Configuring Discovery RangesSpecifying Static IPsAdding Seed Routers, Configuring CISCO APIC, and Adding Device Hints.
  5. Add the necessary device SNMP credentials, and CLI admin login and Enable password credentials. For more information, see Adding and Editing Device Credentials and its various sections. You can also add and test credentials for individual devices; for more information, see Adding and Testing SNMP Credentials for a Device.
  6. Associate discovery settings to network views. Add your discovery settings from Step 4 to the network views and begin to discover the network. Initial discovery of your networks begins automatically after the discovery ranges and other discovery settings, such as a seed router, are added to the network view, which also must have a scan interface connection. For more information, see Discovery Using Network Views.
  7. Watch data collection. Network data collection and virtual network detection take place during your initial network discovery, which begins automatically when the network connection is established from NetMRI, to the network to be discovered. Perform the following to view discovered information about your network:
    • View summaries of discovery events: Click the All Devices device group in the right panel, and open the Network Explorer –> Discovery page to see a table of all devices being discovered by NetMRI. For more information about the features on this page, see Viewing and managing Discovery Results.
    • View a list of devices your appliance has recently discovered: Click the All Devices device group in the right panel, and open the Network Explorer –> Inventory page to see tables of all member devices. For more information about the features on this page, see Viewing Network Inventory.
    • View summaries of recently discovered network phenomena: Includes summary information of routed networks, VLANs, route targets, and virtual networks (VRFs). For more information about the features on this page, see Summarizing Network Topologies.
  8. Map virtual networks. If your network has virtual networks, NetMRI automatically discovers them on the devices where they are configured, and alerts you through System Health banner messages at the top of the screen to map those VRF-aware devices to the network views where they belong. By mapping each virtual network to network views, you provide more information to the discovery process. For more information, see Mapping Virtual Networks to Network Views.

Note

CLI credentials to devices are required to determine if devices are VRF-aware and to collect VRF-related data.

9. As NetMRI polls devices deeper into the network, it may find more VRF-based virtual networks. These networks need to be mapped to virtual scan interfaces to enable full network discovery and control for each virtual network. For more information, see Mapping Virtual Networks to Network ViewsConfiguring Virtual Scan Interfaces, and Configuring VRF-Aware Device Interfaces.

The following table summarizes both migrated and new installations (steps 6-9 are common to both procedures):

Step #

Migration/Upgrade

New Installation

1

Upgrade your software using normal Admin Shell utility.

Install new appliance(s) and perform system configuration through the Setup Wizard.

2

Currently managed network(s) are converted to new network views using the same network name.

Configure network views (if required) for multiple network management.

3

Scan ports are associated with the network views created from the previously defined Networks.

Configure NetMRI scan interfaces (if required) for multiple network management.

4

All existing discovery settings are automatically associated to their network view(s).

Configure discovery ranges/seed routers/static IPs and associate to network view(s) where needed.

5

Existing SNMP/CLI credentials configurations remain unchanged.

Configure SNMP/CLI credentials.

6

Discover through network views.

7

Automatic VRF detection/data collection/System Health notifications.

8

Map discovered VRFs to new network views.

9

Configure VRF-aware device interfaces (if necessary).

Preparing for NetMRI VRF Access

For effective use of NetMRI to connect to and manage virtual networks, complete all steps listed in this section before configuring NetMRI. The information in this section applies specifically to the non-Infoblox network devices (e.g., Cisco and Juniper) that route virtual networks:

  1. Identify the VRFs/virtual networks you want NetMRI to access and manage.
  2. Identify the single VRF-aware Switch/Router on the managed network, that is aware of all of the desired VRFs. NetMRI will need to access the VRFs through this device.
    • A VRF-aware device may not exist on the network that is aware of all of the VRFs. If it is not possible to consolidate all VRFs into a single trunked port, you can physically connect NetMRI to multiple places on the network. NetMRI has up to 3 physical scan interfaces available, labeled MGMT, LAN1, and LAN2, that may differ slightly per platform. For more information, see Configuring Scan Interfaces.
    • You also must identify a minimal set of VRF-Aware devices that collectively are aware of all the VRFs you wish NetMRI to manage.
  3. Reserve a valid routable IP address on each VRF. These IPs will be configured on NetMRI virtual scan interfaces that will connect to each virtual network. Prepare an IP, subnet mask, and gateway for each VRF.
  4. You must configure at least one network device to provide access to the virtual networks for NetMRI. NetMRI can connect to multiple VRFs on the same physical interface, using virtual scan interfaces, each associated with an encapsulated 802.1q tag. To access each VRF, complete the following:
    • The interface NetMRI connects to, should be configured to transport via an 802.1q encapsulated traffic (trunked port).
    • Each tag carried by the trunked port should be associated with a single VRF on the device.
    • If the device NetMRI is connected to is not VRF aware, and then the 802.1q configurations will be in the form of VLANs, with one VLAN for each VRF. In this case, the device must trunk the VLANs to another device that is VRF aware, and can be configured to associate each 802.1q tag to a VRF.

In general, connecting NetMRI directly to a VRF-aware device requires less network device configuration.

5. When connecting NetMRI to a trunk port, for each 802.1q tag in the trunk, create a Virtual Scan Interface by right clicking the physical scan interface in Settings –> Scan Interfaces. Specify the tag, IP, gateway, network mask, and other needed settings. You can also associate it with an existing Network View, or you may create a new Network View for the virtual scan interface. For more information, see Configuring Network Views.

Configuring Network Views

You can define network views to separately manage network domains that have the following characteristics:

  • Physically isolated and completely independent.
  • Logically separated networks for convenient management.
  • Virtual networks implemented with technologies such as a VRF.

You combine network views with scan interfaces to separate and manage networks. This prevents ambiguities that can occur through route leakage and possible overlapping IP address spaces, and provides further information to help in network and device discovery.

Network views provide a useful concept of isolation. Using network views, NetMRI enables you to manage networks that may have overlapping IP prefixes or address ranges, preventing addressing conflicts between separately managed networks. You can manage every network in complete isolation from other networks.

When you create discovery ranges, you can also directly associate them with a network view. For more information, see Configuring Discovery Ranges. When you also associate a virtual scan interface with that network view, the discovery range automatically becomes the range of IP addresses that are scanned and discovered on that scan interface.

For Operations Center deployments, you can create the same network view on different appliances. Each appliance uses its own scan interface to access the same network view.

Note

If you delete a network view at a later time, all discovery ranges and static IPs that are associated with the network view will be deleted. For more information, see Discovery Using Network Views.

Default Network Views

Most users and deployments will see a single network view, which differs in name based upon whether you are performing a new installation or an upgrade to the current release. 

  • New Installation: Initial setup for a new NetMRI appliance automatically creates a default network view, named Network 1, as a part of the procedure. This network view is automatically assigned to the appliance's LAN1 port before you perform discovery of the network. If the LAN1 port is not active, the MGMT port is associated with the Network 1 view.
  • Upgraded installations: The managed network's network name is automatically used to identify the network view used for managing the network. This value may be changed, but changes are not necessary. The network name value is found in the Settings icon –> Setup –> Settings Summary –> Network Configuration section. It is titled Database Name in the current release and Network Name in the prior release. For Multi-Network Operations Center deployments, the same principle applies.

Creating Network Views for the Global Network

Note

If you delete a network view from the Settings icon –> Setup –> Network Views page, all discovery ranges and static IPs that are associated with the network view will be deleted from their respective pages under Settings icon –> Setup –> Discovery Settings.

When you perform the initial setup of a NetMRI appliance using the configure server, the appliance automatically uses the default network view, named Network 1, for the first discovery. You can also create more 'unassigned' network views for use with other physical scan interfaces and other networks. To create network views for the global network, complete the following: 

  1. Choose Settings icon –> Setup –> Network Views.
  2. Click the Add icon [+]  to add a new view entry.

  3. Enter a Name and Description for the new view. Press the Tab key to navigate from the Name to Description fields.

  4. Click the Add icon [+] again if you wish to create another view, or close the Network Views settings page.

The new unassigned network view will appear with a caution icon () in other dialog boxes, such as a discovery range configuration. This indicates the network view is not associated with a scan interface. For more information, see Configuring Physical Scan Interfaces and Configuring Virtual Scan Interfaces.

Note

If you create unassigned network views, and the view is not assigned to a scan interface, any discovery settings for the view will not be processed and discovery will not take place for the network view.

For information on creating network views for virtual networks, see Mapping Virtual Networks to Network Views.

Mapping Virtual Networks to Network Views

User action is required to clearly associate each discovered virtual network with its correct network view in the Network View Editor. This provides additional context to collected data and enables NetMRI to fully discover and model the network topology. If you define any new network views in this step, you will also need to configure scan interfaces based on the steps in Configuring Scan Interfaces. If a network view does not have an assigned scan interface, discovery will not take place on that network.

If you do not wish to perform extensive management of VRF-based virtual networks in your deployment and receive a System Health banner alert reporting unassigned VRFs, do not ignore the alert. Simply map all the discovered VRF-based virtual networks to your existing network view (VRF examples include (Default) IOS (for Cisco IOS), default (for Cisco Nexus), or master (for JunOS), which are the global VRFs that may be present in some networks). Doing so automatically instructs NetMRI to use collected VRF data for further discovery.

Note

In NetMRI, the SysAdmin Role has access to the Network View editor.

To add a discovered VRF to a network view, perform the following:

  1. Go to the Settings icon –> Setup –> Network Views.
    The Network Views settings page appears, listing all currently defined views.
  2. Hover over the Action icon for the chosen network view and select Assign
    The Define and Configure Networks editor appears in a popup window.
  3. To see all currently discovered VRFs, click Search VRF Names.
    All discovered VRF instances in all devices are listed alphabetically. Unassigned VRFs appear in white in the left panel, and assigned VRFs are highlighted in gray. If you see more VRF entries then you can easily navigate, check the Show unassigned VRF Only check box.

Note

Each network view must have a discovery range associated with it. For more information, see Configuring Discovery Ranges.

4. To see all VRFs listed as discovered on each device, click Display VRFs per Device. All VRFs are listed under their respective device names.

5. To see all VRF instances that are associated with any Network View, click Display VRFs per Virtual Network. All VRFs are listed under their respective virtual networks. The same network view can manage all VRFs in a single virtual network.

6. To set an entire virtual network to the selected network view, check the check box for all discovered VRF routers in the list that are identified by a specific VRF Name (such as red or blue). In this case, each instance of the same VRF in the list shows its own unique Device Name.

    • For each discovered virtual network, you will see one or more devices that are running VRF instances in that virtual network.
    • To easily select an entire virtual network for the network view, select the Display VRFs per Virtual Network option. Then, check all the device check boxes listed for that network.

7. In the right panel of the editor, select the network view from the Network View drop down to which you want to assign the virtual network.

8. Click Add (–>) to add the selected VRFs to the network view. To remove a VRF from the view, select it from the right panel and click Remove (<–).

9. Click Save or Save and Close to commit the changes. Clicking Save keeps the Define and Configure Networks window open.

Your changes are saved into the network view. To begin seeing the practical effects of this action, go to Network Explorer –> Summaries and open the VRFs accordion panel. Click View All VRFs in the panel if necessary, and click a network view link in the Network View column in the center panel.

Note

A network view can contain different VRFs from the same router. This allows for route leaking between virtual networks.

Discovery Using Network Views

When the network views are configured with their associated discovery settings and scan interface, NetMRI automatically starts discovery across the connected network. After a few moments, newly discovered devices will begin to appear in the main Discovery pages under Network Explorer –> Discovery. Click device group names on the right-hand panel to see categories of devices discovered by NetMRI.

If NetMRI identifies a device inside any network view as using Cisco IOS, NXOS, or Juniper JunOS, it attempts to collect possible VRF configuration data on the device by using the device's CLI. If the CLI is not accessible, (or the device does not have VRF configurations), NetMRI treats the device as not configured for VRF. Full detection of VRF configurations on VRF-aware devices requires CLI credentials, including Enable password access. After discovery, you map VRFs to network views associated with virtual scan interfaces and discovery settings, to allow ARP and routing data collected inside the network view to be leveraged for further discovery.

After NetMRI discovers VRF-based virtual networks in your deployment, a System Health banner alert appears at the top of the screen. Click its link to view details about the alert, which appears in the Settings icon –> Notifications –> System Health page. For more information, see Managing and Tracking System Health.

Using the Network Viewer Window

Anywhere you can view device information, such as under Network Explorer –> Inventory, the devices table shows a column titled Network View. Each managed device belongs to a network view, and the Network View column shows the device's membership.

Each entry under the Network View column links to the Network Viewer window. It shows the complete list of devices that are members of the network view, broken into the following two categories:

  • Associated VRFs: The complete list, which are all of the VRF instances that route traffic for the current network, including the selected device's local VRF.
  • Imported VRFs: The list of imported VRFs, which are all VRF instances imported based on routing policy from other VRF-aware devices that route traffic in the virtual network. The Route Distinguisher values identify the VRF instance to help specify how routes will be shared between different VRF networks.

Some device types do not use Route Distinguisher values (also known as Route Targets) for VRF configuration and the value will be blank as a result.

You can assign other VRF instances to the current network by clicking the Assign button over the Associated VRFs list, which opens the network editor. For more information, see Mapping Virtual Networks to Network Views.

Deleting Network Views

Note

Exercise caution when deleting network views. After the network view is deleted, devices formerly within a deleted network view will not be immediately reachable by NetMRI. NetMRI will attempt to find an alternate IP address for such devices, perhaps from other virtual networks. If other reachable IP addresses for those devices are found, they will continue to be polled from the new location. If they are not located, their records will expire from the managed or discovered device databases.

If you delete a network view from the Settings icon –> Setup –> Network Views page, all discovery ranges and static IPs that are associated with the network view will also be deleted from their respective pages under Settings icon –> Setup –> Discovery Settings.

When you delete a network view from NetMRI, all VRFs (virtual networks) that are a part of the Network View will become unassigned. When this occurs, a System Health warning message banner appears at the top of the screen. You can then reassign the unassigned VRF to another network view.

The scan interface that is associated with a deleted network view also becomes an unassigned interface. To delete a network view, perform the following:

  1. Click the Settings icon –> Setup –> Network Views. The Network Views settings page appears, listing all currently defined views.
  2. Hover over the Action icon for the chosen view and select Delete. A confirmation message appears.
  3. Click Yes to delete the network view. Its previously assigned network becomes unassigned.

At least one network view will always be active in the system. Attempts to delete the last remaining network view, regardless of name, will be prevented by NetMRI.

Configuring Scan Interfaces

For each network view, NetMRI requires connections to each network that you discover, manage and control. Scan Interfaces are the ports on NetMRI appliances and virtual appliances that perform this function. Physical scan interfaces are actual Ethernet ports.

The following are two types of scan interfaces:

  • Physical scan ports: An entire Ethernet interface in the appliance discovers and manages a network.
  • Virtual scan interfaces: These use 802.1Q VLAN tagging between NetMRI and the connecting device, to exchange traffic for multiple networks across a single physical interface. To use virtual scan interfaces, connect one of NetMRI's physical scan interfaces to a device interface configured to route the desired networks with 802.1Q VLAN tags.

You can configure scan interfaces in Settings icon –> Setup –> Scan InterfacesScan Interfaces settings page lists all device interfaces that may be used by the appliance. Depending on the hardware and system type, the page displays one or more interfaces named MGMT and/or LANn (where n is the physical port number). If your system is an Operations Center, the collector name is shown alongside the interfaces. If any virtual scan interfaces are defined, they have names like LAN2.111.

If your network uses several domain name suffixes, you may want to derive device names from their FQDNs. You can do so by adding multiple search domains in a scan interface configuration. You can add up to 10 search domains.

For more information on configuring physical and virtual scan interfaces, see the next sections.

Configuring Physical Scan Interfaces

Your NetMRI appliance's physical scan interface configuration varies depending on your appliance's physical configuration, and even whether the appliance is a VM.

On physical ports, you can add virtual scan interfaces. You can assign a network view to a physical port on your appliance, such as LAN1. Doing so does not prevent the same port from supporting virtual scan interfaces, each of which supports its own network view. For more information, see Configuring Virtual Scan Interfaces.

To configure a physical scan interface, complete the following:

  1. Go to Settings icon –> Setup –> Scan Interfaces.
  2. Hover over the Action icon for any of the physical ports and select Edit from the menu.
  3. In Network View, choose one of the following:
    • Select Existing: Choose a network view from the list of existing ones that are defined on the system:
      • Select the view from the drop-down list.
      • Selecting Unassigned as the Network View leaves the interface in a disabled state.
    • Create New: Create a new network view:
      • Enter the name for the new network view.
      • Enter a comment describing the view. These values can be edited at a later time.
  4. Enter IPv4 or IPv6 information, or both:
    • IPv4 Address: The IPv4 address for the scan interface.
    • IPv4 Subnet Mask:  The IPv4 subnet mask for the scan interface.
    • IPv4 Default Gateway: The IPv4 default gateway for the scan interface.
    • IPv6 Address: The IPv6 address for the scan interface.
    • IPv6 Subnet Mask: The IPv6 subnet mask for the scan interface.
    • IPv6 Default Gateway: The IPv6 default gateway for the scan interface.
  5. In Primary DNS Server, specify the primary DNS server for the scan interface.
  6. In Secondary DNS Server, specify the primary DNS server for the scan interface.
  7. In Search Domains, specify valid hostnames separated by commas.
  8. Click Save.


Note

Though the MGMT port allows the same scanning discovery and device control capabilities as other appliance physical port types, Infoblox recommends limiting managing enterprise networks through the MGMT port, using it only for management access to the appliance's web, CLI, and tunnel interfaces, so those functions cannot be compromised by end-user traffic.

You cannot assign scan interfaces from MGMT ports on appliances in an Operations Center.

Note

Changing some parameters such as IP address, Network Mask, and Gateway when editing a management interface may cause crashes of connections to collectors. See the following procedure for an alternative way to change the management IP address.

To change the management IP address of the Operation Center, complete the following:

  1. In the OC's User Interface, delete a collector.
  2. Deregister the collector using the Admin Shell.
  3. Change the OC's management IP address.
  4. Reconfigure tunserver.
  5. Re-register the collector.

Configuring Virtual Scan Interfaces

You can define virtual scan interfaces and assign network views to them, and choose not to apply a network view to the physical LAN port hosting those virtual scan interfaces (LAN1, for example).

You can create a virtual scan interface with a tagging value, but not immediately assign it to a network view. The virtual scan interface is effectively disabled and you can assign its network view at a later time. You can also assign it to an existing network view or create a new one.

To configure a virtual scan interface, complete the following:

  1. Go to Settings icon –> Setup –> Scan Interfaces.
    The Scan Interfaces page appears, listing all device interfaces that may be used by the appliance. Depending on the hardware and system type, you will see one or more interfaces named MGMT and/or LANn (where n is the physical port number). If virtual scan interfaces are defined, they bear names such as LAN2.111.
  2. Hover over the Action icon for any of the physical ports and select Add Virtual Scan Interface from the menu.
  3. In Network View, choose one of the following:
    • Select Existing: Choose a network view from the list of existing ones that are defined on the system.
      • Select the view from the dropdown list.
      • Selecting Unassigned as the Network View leaves the interface in a disabled state.
    • Create New: Creates a new network view.
      • Enter the name for the new network view.
      • Enter a comment describing the view. These values can be edited at a later time.
  4. In the Tag field, enter the 802.1Q tag value defined on the facing device that transits the trunk port or router port.
  5. Enter IPv4 or IPv6 information, or both:
    • IPv4 Address: The IPv4 address for the scan interface.
    • IPv4 Subnet Mask:  The IPv4 subnet mask for the scan interface.
    • IPv4 Default Gateway: The IPv4 default gateway for the scan interface.
    • IPv6 Address: The IPv6 address for the scan interface.
    • IPv6 Subnet Mask: The IPv6 subnet mask for the scan interface.
    • IPv6 Default Gateway: The IPv6 default gateway for the scan interface.
  6. In Primary DNS Server, specify the primary DNS server for the scan interface.
  7. In Secondary DNS Server, specify the primary DNS server for the scan interface.
  8. In Search Domains, specify valid hostnames separated by commas.
  9. Click Save.

You can also edit or delete virtual scan interfaces.

Configuring VRF-Aware Device Interfaces

To give NetMRI access to the routed domain for a mapped VRF, the user must connect NetMRI to one of the interfaces, on the VRF-aware device, that belongs to that virtual network. The user needs to provide visibility on their virtual network to the scan interface that is discovering it.

  • If the VRF-aware device is directly connected to NetMRI: If the mapped NetMRI scan interface is a physical SCAN interface, the user must use or configure a physical interface on the target VRF-aware device to communicate with NetMRI without using 802.1Q encapsulation.

If the mapped scan-interface is a logical sub-interface using 802.1Q encapsulation, the user configures the directly connected physical interface of the VRF-aware device, and subdivides it using a logical subinterface with the same 802.1Q encapsulation. The user may otherwise use a VLAN interface with the same 802.1Q encapsulation and allow its traffic through the physical SCAN interface.

  • If the VRF-aware device is not directly connected to NetMRI: No additional configuration is required for these devices. NetMRI can reach different VRFs from the moment these resources are routed by a VRF mapped into a Network View which is accessible from a scan interface mapped on that same Network View.

You may apply different techniques, such as using VLANs all the way down to the desired VRF to discover, or using intermediate devices that are members of the routed domain of that VRF.

Special Considerations for Managing VRF Virtual Networks

When you define discovery settings and perform management of virtual routing and forwarding networks, the following considerations exist that you should be aware of:

  • If you limit the context of the SNMP community string in an individual VRF to the context of only that VRF, NetMRI will not be able to determine that the device it has discovered inside that VRF is the same device it has found inside other virtual networks. This will result in extra, un-correlated devices in the network.
  • NetMRI will become aware of some devices inside of virtual networks from the route and ARP tables of routers that it manages. Without network connectivity into those virtual networks through a virtual scan interface, NetMRI cannot discover all the devices or manage them. To create the necessary connectivity, you need to configure a NetMRI scan interface to be part of the VRF.
  • NetMRI will collect and parse the ARP and routing information from within a VRF context, but this data will not be used for further discovery unless the VRF virtual network is associated to a network view mapped on a scan interface.
  • Global VRFs are labeled as default(IOS) for IOS, default for Nexus and master for JunOS.
  • For discovery and periodic polling on Juniper devices through an interface that is not in the Juniper default VRF (master), the query must use a special "default@credential" format. This setting assumes that users do not have management interfaces in a VRF. Your defined SNMP credentials for VRF-aware Juniper devices must use syntax similar to "@vrfsnmp." Enter these values for SNMP credentials under Settings icon –> Setup –> Credentials –> SNMP v1/v2c tab. Note that when querying VRF-aware Juniper devices via an interface that is in the default VRF, a plain community string can be used without the "@" character.
  • When configuring NetMRI to discover networks where route-leaking is employed (the practice of sharing routes between two or more networks, such as VRFs), discovery ranges for each network views should only be defined to include IPs known as belonging to that network view. In other words, any given Device IP should only fall within the discovery ranges of one network view. If discovery ranges are defined such that a Device can be discovered by two different network views, the device may also be discovered via an unexpected network view.

Configuring Network Discovery Settings

Effective discovery of IP networks requires the following elements:

The Discovery Settings page (Settings icon –> Setup section –> Discovery Settings) defines the scope of the networks that NetMRI explores using CIDR (Classless Inter-Domain Routing) address blocks, IP address ranges, IP address wildcards, static IP addresses, and seed router definitions.

NetMRI applies discovery settings equally to IPv4 and IPv6 networks, with the polling protocols specified in Settings icon –> Setup –> Collection and Groups –> Network Polling.

To perform your first network discovery, go to Settings icon –> Setup –> Setup Wizard. When you use the Setup Wizard, the Wizard guides you through the process of performing discovery on the network. When specifying your first discovery ranges, you also select the network view to use for the discovered network. This step is required and is further explained in the topic Configuring Network Views.

Note

Use caution when entering address ranges, particularly if you are using IPv6 values. If you have a default route to the Internet and you enter an address range incorrectly, you may receive a call from your ISP asking about a network scanner running from your network.


Configuring Discovery Ranges

Note

For IPv6 network discovery, the use of discovery range definitions for all networks is required to ensure that you discover all the required hosts and network infrastructure. Also, consider using RFC 4193 local IPv6 network addresses (also called unique local IPv6 unicast). These values are globally routable within the enterprise but are independent of the ISP and allow for filtering at network boundaries. They are not globally routable prefixes. Their local IPv6 unicode address begins with FC00:/7. Examples of this type are used in this section. Globally routable prefixes begin with the 2000:/ or 2001:/ and are not used as examples in this document.

The Ranges tab defines the scope of the networks that NetMRI explores by defining CIDR address blocks, IP address ranges and IP address wildcards, and discovery blackout settings. The appliance limits its network exploration to the set of ranges defined in this tab.

  • CIDR: A CIDR address block is defined by a network address and bit mask (for example 192.168.1.0/24).
    An IPv6 example: FC00:56:aa12:ea23:a5:ac10:100/119. Any IPv6 CIDR values must include the IP address ranges that you want to discover.
  • IP Range: An IP address range defines a starting and ending IP address. For instance, in IPv4 you could define 192.168.1.0 as the start of the IP range and 192.168.1.255 as the end of the IP range. You cannot configure IP address range values for IPv6 networks.
  • IP Pattern: An IP address wildcard pattern defines IP address range using a wildcard character or range for a specific set of octets. A single wildcard can be an octet range specified by a dash (e.g., 10-254) or an asterisk (*) when the whole range for an octet is specified (0-255 for IPv4 and 0000-ffff for IPv6). For example, you can define either 192.*.1.* or 192.168.1-255.5 as the IP address wildcard pattern. An IP wildcard pattern will be rejected if it contains more than 65536 CIDRs. It is recommended to keep the total number of CIDRs under 1000, specifying more may affect performance.

The ranges table displays each defined range, its type (CIDR, IP Range, or IP Pattern), and its use in the discovery process. Ranges excluded for discovery indicate that any network device found matching that range is excluded from discovery by the appliance. See Range Examples for more information.

Creating Discovery Ranges

Every discovery range you create must be associated with a network view. If no network views are specifically defined in your deployment, your discovery ranges will automatically be assigned to the automatically created network view Network 1. For the first discovery of the network, this network view is automatically assigned to the SCAN1 port when you set up the appliance using the configure server command.

If more than one network view exists, you can choose the network view with which the discovery range will be associated, by clicking the Network View drop-down menu. If only one network exists in NetMRI, this setting does not appear. The chosen network view, must also be associated with a scan interface, otherwise discovery do not take place. Unassigned network views that do not have an assigned scan interface or virtual scan interface appear with a caution icon () in discovery ranges configuration. For more details, see Configuring Network Views.

Network views can contain multiple discovery ranges. So when you create other ranges, you can assign the same network view to each. However, you can assign each discovery range to only one network view. Also, ensure that the ranges you assign to each network view make sense. Selecting the network view in an Operations Center environment also involves other details. For more information, see Defining Discovery Ranges on Operations Center Collectors.

You can define discovery ranges that will be excluded from management. This is useful for devices you may not want to manage, but want to know about for inventory purposes. End Host network segments are a good example.

Note

For discovery ranges, configuring Discovery Blackouts requires the use of the Admin account.


To create a discovery range, complete the following:

  1. Obtain or calculate the network range values. You can define a Network address (expressed as CIDR: in effect, a subnet prefix), an IP range, or an IP pattern.
  2. Choose Settings icon –> Setup –> Discovery Settings –> Ranges.
  3. Click New.
  4. Choose an appropriate way to specify the range: 
    • CIDR: Enter the IP Prefix value and its CIDR subnet value in the drop-down.
    • IP Range: Specify an IP range using a beginning and ending value.
    • IP Pattern: Specify a wildcard pattern for matching IP addresses.
  5. For Discovery Mode, select one of the following:
    • Include in Discovery: Any device found matching that range is discovered and managed by NetMRI.
      Discovery gives the highest precedence to devices found in an Include in Discovery range, ensuring they will be the first to appear in information tables in the appliance.
    • Exclude from Discovery: Instructs NetMRI to ignore the specified values and do not discover them through any of the specified protocols. Ranges set to an Exclude from Discovery setting are simply excluded, given the lowest precedence, and will not be discovered.
    • Exclude from Management: Indicates that NetMRI discovers any device found matching that range, but NetMRI will not manage or collect data from the device. Network devices found in an Exclude from Management range are given moderate precedence and will, over time, appear in information tables applicable to unmanaged devices. End host network segments are an example.

Note

If you are discovering end host subnetworks for Switch Port Management, choose the Exclude From Management option for the end host discovery ranges.

Note

An advanced setting, Discovery Status Precedence (Settings icon –> NetMRI Settings –> Advanced Settings –> Discovery group –> Discovery Status Precedence), governs the global setting for exclusion ranges. Changing this Advanced setting to Longest Prefix Match enables an exclusion range to contain smaller IP ranges that can be matched against to allow discovery — for example, you can exclude a /23 network, but Include a /24 prefix within the EXCLUDE range, because the /24 is a longer prefix.

5. To use a discovery ping sweep for discovery on IPv4  networks, check the Enable Discovery Ping Sweep check box. This implies a probe that uses a range of packet types to detect the presence of a system on each IP in the specified range, with ICMP Echo, ICMP Timestamp, TCP SYN to port 80, and TCP SYN to ports 161, 162, 22, and 23 (for the SNMP, SNMPTRAP, SSH, and TELNET services correspondingly). A ping sweep is not available for IPv6 network values. For more information on ping sweeps, see Defining Group Data Collection Settings.

Note

The discovery ping sweep feature differs from the Smart Subnet ping sweep in the following ways: the discovery ping sweep will run only against the specified range, the sweep will run regardless of the range size, and the sweep will run regardless of the number of discovered devices within the specified range.

6. Select the Enable Discovery Blackout check box and click its Scheduling icon.

7. Define your schedule as follows:

    • In the Recurrence Pattern dropdown, choose how often you want to execute the blackout period. You can select OnceDailyWeekly, or Monthly.

    • If you choose Once:
      • Choose an Execution Time from the drop-down list.
      • Enter the date of the blackout in the Day_of_ field.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.

    • If you choose Daily, click either Every Day or Every Weekday.
      • Choose an Execution Time from the drop-down list.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
    • If you choose Weekly, complete the following:
      • Choose an Execution Time from the drop-down list.
      • Check the check boxes for one or more days from Sunday through Saturday.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
    • If you choose Monthly, complete the following:
      • Choose an Execution Time from the drop-down list.
      • Day __ of every __ month(s): Specify for the discovery blackout to be executed on day-of-month X of every Y month. Month numbering starts with January. You can see some examples below.
        Day 5 of every 1 month(s): means the blackout is executed on the 5th of the current and each next month.
        Day 5 of every 2 month(s): means the blackout is executed on the 5th of January, March, May, July and so on. 
      • Specify the Duration: 10 or more Minutes, Hours, or Days.

Note

For more information about discovery blackouts and change blackouts, see Defining Blackout Periods.


8. Select the Enable Change Blackout check box and click its Scheduling icon. Follow the instructions for the Enable Discovery Blackout setting in the previous step.


9. Click Add to place the new discovery range into the Range table.

Creating Blackouts for Individual Devices

To support discovery blackouts for individual devices, obtain the Management IP address for the device in question, and assign that IP address to a /32 or /128 discovery range. Define the discovery blackouts settings as you would for any other discovery range. This practice may be handy, for example, for strategic routers and switches that cannot incur excessive latency for transaction traffic. However, this approach means that you cannot create change blackouts for individual devices.

Defining Discovery Ranges on Operations Center Collectors

If you have an Operations Center with at least two Collector instances, you can assign different discovery ranges to different Collectors, or assign a range to all collectors in an OC for the same purpose. The Filter by Collector drop-down menu provides a listing of all Collectors and their respective device limits, which are associated with the licensing limits for each Collector appliance. You also choose the Network View, which lists all network views with their collector appliance names in brackets.

  • For an OC deployment managing a single large network, you choose the network view entry from the Network View list. You will see multiple entries in the pages under Settings icon –> Setup –> Discovery Settings for the Network View list. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.
    Examples:

Network 1 (NM35) 
Network 1 (NM36) 
Here each Collector, NM35 and NM36, is associated with the same network view.

  • For an OC deployment managing multiple networks, choose the desired Collector from the Filter by Collector list. Then, select the network view under the Network View list.

The licensing limits correspond to those described in the topic Understanding Platform Limits, Licensing Limits and Effective Limits. Each Collector entry listed in the Filter by Collector drop-down menu in the lists the following information:

Device Limit

Shows the maximum device license count for the Collector–the maximum number of devices the Collector is licensed to manage. This value does not apply to discovered device counts, which can be higher. The value in this column corresponds to an Effective Device Limit for the Collector.

Devices Licensed

The number of currently used device licenses for the listed Collector. The difference between this value and the Device Limit, if any, represents the number of unused device licenses remaining available to the Collector.

Note

Discovery ranges associated with network views unassigned to a scan interface are not used for discovery.

To assign a discovery range to an Operations Center Collector, complete the following:

  1. Obtain or calculate the network range values. You can define a Network address (in effect, a subnet prefix), an IP range, or an IP pattern.
  2. Choose Settings icon –> Setup –> Discovery Settings –> Ranges.
  3. Click New.
  4. Choose an appropriate way to specify the range:
    • CIDR: Enter the IP Prefix value and its CIDR subnet value in the drop-down.
    • IP Range: Specify an IP range using a beginning and ending value.
    • IP Pattern: Specify a wildcard pattern for matching IP addresses.
  5. For Discovery Mode, select one of the following:
    • Include in discovery: Any device found matching that range is discovered and managed by NetMRI.
    • Exclude from discovery: Ignore the specified values and do not discover them through any of the specified protocols.
    • Exclude from management: Indicates that NetMRI discovers any device found matching that range, but NetMRI will not manage or collect data from the device.

Note

If you are discovering end host subnetworks for Switch Port Management, choose the Exclude from management option for the end host discovery ranges.

8. To use a discovery ping sweep (an ICMP ping that is broadcast to all addresses in a subnet) during discovery on IPv4  networks, click the Enable Discovery Ping Sweep check box. Ping sweep is not available for IPv6 network values. For more information on ping sweeps, see Defining Group Data Collection Settings.

9. From the Filter by Collector drop-down menu, choose the Collector from the list or select All. Ensure that the chosen Collector has enough space in its license allocation to accommodate the number of devices you expect the Collector to manage in the discovery range.

If the discovery range you wish to assign to the Collector is designated as Exclude from Management, the range can be of greater scope.

10. From the Network View drop-down menu, choose the network view to which the range will be assigned. If the network view is divided among two or more Collectors as described above, select the desired network view entry based on the associated Collector name.

11. Click Add. The new range appears in the ranges table.

Defining Blackout Periods

Note

Only Admin users can configure Discovery Blackout and Change Blackout periods.

Discovery processes can occupy significant resources within the network when discovery is taking place. You can avoid possible interference with latency-sensitive network applications by creating time periods when NetMRI will not communicate with devices or networks for discovery. These time periods are called discovery blackout periods. You can create discovery blackout periods for each discovery range you define in NetMRI. Discovery blackout periods are optional and can be enabled and configured, or disabled, at any time. All communications are stopped with a given device, including but not limited to the following:

  • SNMP
  • SSH
  • Telnet
  • Ping
  • Traceroute

A second blackout type, change blackout, allows NetMRI to enforce blackouts for CLI interaction, scheduled or run-now job executions, Telnet/SSH proxy and port control UI features. Change blackouts will allow read-only discovery, device changes detection and device analysis for Issues without permitting any CLI communication or configuration changes. Change blackouts typically disallow operations such as enabling or disabling interfaces on devices.

Discovery blackouts and change blackouts can be applied to the following:

Discovery tasks may already be running when a blackout period takes effect. Current tasks will not be interrupted and will complete within their time. NetMRI will not activate new discovery tasks on the chosen network, device group or individual device during the blackout period.

Note

A common use case for discovery blackout windows and/or change blackout windows is to enforce them during normal working hours, such as 8AM to 5PM.

Configuring a Global Discovery Blackout or Change Blackout

You can separately configure discovery blackouts and change blackouts. No dependencies exist between blackout types. You may configure either type without defining new settings for the other type. At the Global level, discovery blackouts and change blackouts apply across all network views, discovery ranges, device groups, and devices unless otherwise disabled at the range or device group level.

Complete the following:

  1. Choose Settings icon –> Setup –> Collection and Groups.
  2. On the Global page (which appears by default), check the Enable Discovery Blackout check box and click its Scheduling icon. The Discovery Blackout Scheduling gadgets appear.
    • In the Recurrence Pattern drop-down, choose how often you want to execute the blackout period. You can select OnceDailyWeekly, or Monthly.
    • If you choose Once, complete the following:
      • Choose an Execution Time from the drop-down list.
      • Enter the date of the blackout, in the Day_of_ field.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
    • If you choose Daily, click either Every Day or Every Weekday.
      • Choose an Execution Time from the drop-down list.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
    • If you choose Weekly, complete the following:
      • Choose an Execution Time from the drop-down list.
      • Check the check boxes for one or more days from Sunday through Saturday.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
    • If you choose Monthly, complete the following:
      • Choose an Execution Time from the drop-down list.
      • Day __ of every __ month(s): Specify for the discovery blackout to be executed on day-of-month X of every Y month. Month numbering starts with January. You can see some examples below.
        Day 5 of every 1 month(s): means the blackout is executed on the 5th of the current and each next month.
        Day 5 of every 2 month(s): means the blackout is executed on the 5th of January, March, May, July, and so on.
      • Specify the Duration: 10 or more Minutes, Hours, or Days.
  3. If necessary, select the Enable Change Blackout check box and click its Scheduling icon. The Discovery Blackout Scheduling gadgets appear. Follow the steps above to define the change blackout schedule.
  4. Click Save to save your changes.

Specifying Static IPs

The Static IPs tab can specify IPv4 and IPv6 devices that must have a high priority of discovery and data collection by the appliance. Devices matching IP addresses listed in this tab are given priority over other discovered devices, for data collection and for priority in counting toward any device found matching the license limits. The process is similar to a seed router, except that in the latter, we assume the specified device is a router, and specifying it as such accelerates discovery and data collection on that device. A device specified through a static IP can also be excluded from discovery or management. Static IPs and prefixes can also be written in an Excel file to import into the appliance.

Devices in the Static IPs list also will be immediately rediscovered by NetMRI even after you delete the device and its discovered data by other means. If you remove a device from the network that may be in the Static IPs list, ensure that you also delete the device from this page to prevent attempts at rediscovering the device.

  • For an OC deployment managing a single large network, choose the network view entry from the Network View list. You will see multiple entries in the pages under Settings icon –> Setup –> Discovery Settings for the Network View list. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.

    Examples:

Network 1 (NM35) 
Network 1 (NM36) 
Here each Collector, NM35 and NM36, is associated with the same network view.

  • For an OC deployment managing multiple networks, choose the desired Collector from the Filter by Collector list. Then, select the network view under the Network View list.

It is also possible that a statically defined device in the Static IPs tab is in an Exclude or Ignore range in the Settings icon –> Setup –> Discovery Settings –> Ranges tab. In all such cases, the range is excluded or ignored but a statically defined device found matching an IP address within that range will be discovered and managed.

To create a new static IP entry, complete the following:

  1. Choose Settings icon –> Setup –> Discovery Settings –> Static IPs and click New.
  2. Enter the IP address for the static device  . The value can be IPv4 or IPv6.
  3. Select the desired Discovery Mode. Specify the Discovery Mode as:
    • Include in Discovery: NetMRI will discover and manage any device found matching that range.
    • Exclude from Discovery: Ignore the specified values and do not discover them through any of the specified protocols.
    • Exclude from Management: NetMRI will discover any device found matching that range, but will not manage or collect data from the device.
  4. (For Operations Center only) From the Filter by Collector: drop-down menu, choose the Collector from the list.
  5. Choose the network view with which the static IP will be associated, by clicking the Network View drop-down menu. This step is required.
    • If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose the network view from the list.
      Or
    • (For Operations Center only) From the Network View drop-down menu, choose the network view to which the static IP for discovery will be assigned. If the network view is divided among two or more Collectors, choose the desired network view based upon the associated Collector name.

6. Click Add to place the new static IP address into the table.

To import discovery setting data, click Import. In the dialog, click Browse to select the CSV file, and then click Import.

Note

When exporting discovery settings from an Operations Center (using CSV Export), the Collector will not be present in the exported data.

See Credential Import Formats for import file syntax.

Adding Device Hints

Note

Any device hint applies only to Router or Switch-Router device types during discovery. You can apply other hints to any supported device type to ensure detection and management by NetMRI.

The Device Hints tab provides hints to NetMRI's discovery engine for locating specific types of network devices (for discovery purposes, chiefly routers and switch-routers) by using IP address patterns and DNS name patterns. For instance, if most routers are found at an IP address ending with ".1", specifying "*.*.*.1" and associating the Router device type for an IP address hint allows the appliance to prioritize discovered devices matching that hint higher in its credential collection queue to help speed discovery. NetMRI considers this hint when it attempts to determine a device type for a discovered device.

  • Use a single asterisk (*) to wildcard an entire IPv4 octet (192.168.1.*). The " * " wildcard is not applicable for IPv6 hint rules. The double colon ("::") is used for IPv6 hint values.
  • Valid IP address patterns are either the numeric values of the octet or an asterisk for any number of octets in the IP address. For device name matches, valid DNS characters and the asterisk character are valid definitions. For instance, rtr will match any device name with "rtr" in its definition.
  • Device hints are optional and are used only to speed network discovery and to assist with the determination of device types absent other discovery data.

To create a new router hint, perform the following:

  1. Choose Settings icon –> Setup –> Discovery Settings –> Device Hints and click New.
  2. Select the Device Type from the dropdown list. Typically, this should be Router or Switch-Router.
  3. Enter the IP address pattern or DNS pattern needed for device detection.
  4. Click Add to place the new hint into the table.

Device Hints apply across the entire system and are not associated with network views.

IPv6 Hint Details

For IPv6, router hints are formatted to start with a double-colon designator ("::") and followed by the host-side identifier for the hint. IPv6 router rules can be up to 48 bits in length, applying only to networks where the rule fits. The shorter the hint, the broader the rule.

Such rules apply to Router or Switch-Router devices to be used during discovery.

For IPv6 networks, the process entails discovering routes and then sending probes, using those hints, into those networks to discover the intermediate hops leading to them. Discovery performance can be improved if a site uses static IPv6 addresses for routers, such as

<any 64-bit network prefix>:<first 56 bits of host IP>:10

These values can be added as hints. Further examples are as follows:

Discovered/Found Route

Hint

Resulting Discovery Target

FC00:db8:a2:b01::/64

::1

FC00:db8:a2:b01::1

FC00:2345:3400:1678::/64

::2022:0:1

FC00:2345:3400:1678::2022:0:1

FC00:2224:1353::/48

::2:0:10

FC00:2224:1353::2:0:10

Note

For /48 through /125 routes, NetMRI automatically attempts to discover any routers at <network address>::1 along with any subnet probes or additional hints as noted. For /126 and /127 routers, the first and last addresses are probed automatically. /128 prefixes are automatic direct discoveries.

Adding Seed Routers

You can define Seed Routers for NetMRI to speed up network discovery. The definition of seed routers is highly recommended for IPv4 networks and is required for IPv6 networks. Seed routers are also given priority (like static IP definitions) for determining which devices are counted toward NetMRI's license limits.

For discovery of any IPv6 network, at least one well-connected IPv6 router (preferably with routes to all other networks to be managed by NetMRI) must be placed in the Seed Router list. In some cases, seed routers may not have the full routing tables or be unable to provide full information for some reason. The general rule of thumb is that more seed routers are better, but the connectivity of the seed router(s) also helps determine how many seed routers you need. Avoid having more seed entries than necessary. Also, note that seed routers are included in the CIDRs count that should not exceed 1000 per the recommendation in the Infoblox Discovery Best Practices Guide.

Note

For effective use of seed routers, you must also provide admin credentials to NetMRI to allow it to pull the key routing and connectivity information, including the IPv6 routing table and the local Neighbor Discovery Cache, from the device. NetMRI uses the standard IPv6 counterparts to standard communications protocols, including SSH and SNMP.

The Seed Router table lists each defined seed router with its discovery status (as defined in the Network Explorer –> Discovery page). By reviewing the discovery status for each seed router, you can determine whether NetMRI should be able to discover the network successfully, or if there are possible configuration errors preventing network discovery without having to wait to see what NetMRI finds.

Note

If you have disabled discovery, or discovery is disabled because the NetMRI license is for evaluation, you can define static IP addresses and then only the Static IPs tab is available. If discovery is disabled, NetMRI restricts the number of static IPs to the device limit for which the system is licensed.

  • For an OC deployment managing a single large network, seed routers can be assigned to each Collector. Choose the network view-collector entry from the Network View list. You will see multiple entries in the pages under Settings icon –> Setup –> Discovery Settings for the Network View list. The entire network is assigned to a single network view. However, each network view entry is identified through the association of each Collector. This allows you to edit discovery settings for each Collector in the same network view.

    Examples:

Network 1 (NM35) 
Network 1 (NM36) 
Here each Collector, NM35 and NM36, is associated to the same network view.

  • For an OC deployment managing multiple networks, you choose the desired Collector from the Filter by Collector list. Then, select the network view under the Network View list. Also bear in mind that any single Collector can have multiple network views.

You can enter IPv6 seed router values in a different fashion from a conventional IPv4 router address, because the address value is longer and is formatted differently. You can use the same data entry field for adding a new seed router whether the entry is an IPv4 or IPv6 address.

Seed router values have other considerations when working with IPv6. Collected IPv6 routing information uses link-local unicast (indicated with the FE80: prefix) addresses as the next hops from a current device, but globally advertised routes (or local IPv6 unicast routes that are known throughout the enterprise network) will not automatically be available. Because NetMRI uses routing protocol advertisements and other elements to determine global addresses of next hops for further discovery, the lack of global routing advertisements in IPv6 limits the detection of IPv6 router addresses.

As a result, one or more globally accessible IPv6 router addresses must be added as seed routers (whether local unicast or global unicast is dependent on the network). Ideally, the seed router would have routes to all other locations in the network. Otherwise, you will need more than one seed router value to discover the full network. Do not enter link-local router addresses as seed routers, because link-local addresses have no significance for devices such as NetMRI that are not locally attached to that link.

After NetMRI discovers the routers and collects their routing tables, it uses that information to communicate with and discover adjacent routers, and other devices local to the seed router and otherwise discovered in that part of the topology–including any routers in defined Ranges–to discover the next series of hops in the IPv6 network. The process continues until all IPv6 devices are discovered, including endpoints.

To add new router values into the Seed Routers table, perform the following:

  1. Choose Settings icon –> Setup –> Discovery Settings –> Seed Routers and click New.
  2. Enter the new value into the Seed Router IP Address field.
  3. (For Operations Center only) From the Filter by Collector: dropdown menu, choose the Collector from the list.
  4. Choose the network view with which the seed router will be associated, by clicking the Network View drop-down menu. This step is required.
    • If this is part of the first discovery of the network, and no other network views are configured, the Network View selector does not appear, and the default Network 1 network view is automatically assigned. Otherwise, choose another network view from the list.

      Or

    • (For Operations Center only) From the Network View drop-down menu, choose the network view to which the seed router for discovery will be assigned. If a network view is divided among two or more Collectors, choose the desired network view based upon the associated Collector name.

5. Once the new value is entered into the Seed Routers table, click Add and Discover to immediately begin the discovery process, or click Add to place the router value into the table for later discovery.

Configuring Discovery for SDN and SD-WAN

NetMRI allows you to collect and manage data from SDN and SD-WAN environments. Currently, you can discover Cisco ACI, Cisco Meraki, and Cisco Viptela.

To do so, go to Settings icon –> Setup –> Discovery Settings –> SDN. You can do the following on this tab:

  • New: Add a new Cisco APIC, Cisco Meraki, or Cisco Viptela configuration. See the corresponding sections:
  • Edit: Modify information about a selected configuration.
  • Delete: Remove a selected configuration from the list.
  • Import: Import a CSV file containing Cisco ACI or Cisco Meraki information. For information about syntax formats, see Discovery Settings Import Formats.
  • Show/Hide Credentials: Display or hide the user name and password credentials of added configurations.
  • Discover Now: Start the discovery process immediately for a selected configuration.
  • (For Operations Center onlyFilter by Collector: Filter the added SDN configurations by Collectors that perform SDN discovery. Collector filter also displays respective device limits and licensing limits.

You can also define general SDN and SD-WAN settings as described in Configuring SDN and SD-WAN Polling Settings.

After executing SDN and SD-WAN discovery, you can see the results in Network Explorer -> Discovery. For more information, see Viewing and Managing Discovery Results.

Adding and Configuring Cisco ACI Discovery

Enabling discovery of Cisco ACI devices provides visibility into your Cisco ACI infrastructure. This allows you to view and manage discovered IP addresses of Cisco ACI fabric members such as APIC controllers and fabric switches with their attached end points.

For each configured Cisco ACI, NetMRI discovers the following information:

  • APIC Controller (managed device): Collects basic information on ACI fabric devices such as device model, vendor name, OS information, IP address, and the system name.
  • ACI specific endpoint information such as EPG, Bridge Domain, and Tenant.
  • General Endpoint (devices) information such as name, IP address, VRFs, and physical connection (fabric port).

NetMRI categorizes leaf and spine switches, API controller as network devices, and end points as end hosts.

Note

The APIC tab in the discovery settings was renamed to SDN. You can find all previously configured Cisco ACIs in this tab that is described below.


To add and configure a Cisco ACI fabric discovery, complete the following:

  1. Make sure that you enabled SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4.  In SDN Type, select Cisco ACI.
  5. Complete the following:
    • Fabric Name: Specify a short and unique name for the current Cisco ACI configuration.
    • Addresses: Click Add and enter the hostname or IP address of the Cisco APIC controller. If your fabric includes more than one controller, click Add again to add more addresses.
    • Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco ACI. In parentheses next to the network view name is displayed the name of the associated collector. The network view and collector are assigned to discover devices from the ACI fabric.
    • Protocol: Select HTTP or HTTPS.
      If you select HTTPS, you must use a Root CA or Intermediate CA certificate to allow communication with the Cisco APIC as described below. 
      If your ACI fabric includes multiple controllers, use a combined PEM certificate. To do so, copy the ASCII data from all of the certificates into a single file.
    • CA Certificate: Perform one of the following:
      • Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
      • Click Import CA Certificate and select a CA certificate directly from your machine.
        For how to prepare a CA certificate, see About CA Certificates for Cisco APIC. The APIC controller address must match either the certificate subject or one of subject alternative names.
    • Username: The login name for the Cisco ACI.
    • Password: The login password.
    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco ACI SDN per second to avoid overload.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods.
  6. Click Test Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

Adding and Configuring Cisco Meraki Discovery

Enabling discovery of Cisco Meraki provides visibility into your Cisco Meraki SD-WAN elements, for example:

  • Wireless access points
  • Switches
  • Routers
  • Cameras
  • Phones

NetMRI classifies Meraki cameras and phones as end hosts and other Meraki devices as network devices.

Note

NetMRI does not save configs from Meraki devices. As device components, it collects only chassis. For interfaces collected from Meraki devices, NetMRI displays only the enabled or disabled interface status in the Admin Status and Operational Status fields.

NetMRI uses Meraki API version 1.

To add and configure Cisco Meraki discovery, complete the following:

  1. Make sure that you enable SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4. In SDN Type, select Cisco Meraki.
  5. Complete the following:
    • Config Name: Specify a short and unique name for the current Cisco Meraki configuration.
    • Network Interface: Select the interface that will be used to access the device. In parentheses next to the interface name is displayed the name of the associated collector. As Cisco Meraki infrastructure may have overlapping IP addresses in different network views, you should explicitly specify a network interface exposed to the internet.
    • Protocol: HTTPS by default.
    • Address: Enter the hostname or IP address of the Cisco Meraki Dashboard API. By default it is api.meraki.com.
    • API Key: Access key required to use Cisco APIs.

    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Meraki SDN per second to avoid overload.
    • (Optional) Collect Devices in Offline Status: Specify if you want to discover Cisco Meraki devices that are offline.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods.
  6. Click Test Connection to check if the device is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

Adding and Configuring Cisco Viptela Discovery

Enabling discovery of Cisco Viptela devices provides visibility into your Cisco Viptela infrastructure. This allows you to view and manage discovered IP addresses of Cisco Viptela fabric members such as controllers and fabric switches with their attached end points. You can discover Cisco Viptela on-premise devices as well as cloud devices.

By default, Cisco Viptela discovery collects both connected and offline devices.

To add and configure a Cisco Viptela fabric discovery, complete the following:

  1. Make sure that you enabled SDN and SD-WAN polling in Settings icon –> Setup –> SDN/SD-WAN Polling. For more information, see Configuring SDN and SD-WAN Polling Settings.
  2. Choose Settings icon –> Setup –> Discovery Settings –> SDN.
  3. Click New.
  4. In SDN Type, select Cisco Viptela.
  5. Complete the following:
    • Fabric Name: Specify a short and unique name for the current Cisco Viptela configuration.
    • Address: Specify the hostname or IP address of the Viptela vManage controller.
    • Network View: Select the network view to identify the corresponding network interface for connectivity with the Cisco Viptela.
    • Network Interface: Select the required network interface.
    • Protocol: The default selection is HTTPS.
    • On-premise controllerCheck this if your Viptela setup is on-premises.
    • CA Certificate: Specify a Root CA or Intermediate CA certificate to allow communication with the Cisco Viptela vManage controller. Do one of the following:
      • Select a previously imported CA certificate. To learn how to import a CA certificate in NetMRI, see Installing CA Certificate.
      • Click Import CA Certificate and select a CA certificate directly from your machine.
    • Username: The login name for the Cisco Viptela vManage controller.
    • Password: The login password.
    • (Optional) Maximum Requests per Second: Specify the maximum number of HTTP requests from NetMRI to Cisco Viptela SDN per second to avoid overload.
    • (Optional) Enable Discovery Blackout: Select the check box and then click its Scheduling icon. For more information, see Defining Blackout Periods.
  6. Click Test Connection to check if the fabric is reachable and the provided credentials are correct. The connection test results are also written to the syslog.
  7. Click Add or Add & Discover.

Configuring SDN and SD-WAN Polling Settings

Under the Settings icon –> Setup –> SDN/SD-WAN Polling, you can enable or disable the SDN and SD-WAN polling globally and define network view mapping rules for Cisco Meraki. If SDN and SD-WAN polling is disabled, only traditional network devices are polled.

You can also modify the end host collection interval for SDN and SD-WAN. Controlling the polling setting and end host data collection allows you to reduce the load on your system if required.

For Cisco Meraki devices, you can select between different modes for mapping Meraki networks to NIOS network views. This mapping mechanism is required as your Meraki infrastructure may have overlapping IP ranges that can be supported under different network views. The mapping rules include the following:

  • Mapping to the predefined SDN network view
  • Automatic mapping
  • Custom mapping

To configure SDN/SD-WAN polling settings, complete the following:

  1. Choose Settings icon –> Setup –> SDN/SD-WAN Polling.
  2. Select Enable SDN/SD-WAN polling.
  3. Default SDN Network View: The network view that will be assigned to discovered Cisco Meraki devices for which the automatic network view mapping is disabled. You enable or disable automatic mapping in the Advanced panel. For more information, see the step below.
  4. In Network View Mapping, select one of the following:
    • Disable automatic mapping and use predefined SDN Network View: Select to map collected SDN/SD-WAN devices to the default SDN network view defined in the previous step.
    • Automatically create network views for unmapped networks: Select to automatically map collected networks to their network views using NetMRI internal rules. Network views that do not exist are created automatically. The mapped networks are displayed in the table that is not editable.
    • Enable network view mapping defined below: This is custom mapping. Select this to manually map collected networks to the appropriate network views. To change a network view entry, double-click it in the table.
  5. If necessary, override the global data collection interval that will be applied to the SDN/SD-WAN host polling:
    1. Go to the Settings icon –> Setup –> Collection and Groups –> Switch Port Management.
    2. Specify one of the following:
      • Periodic Collection: Specify the N minutes or hours when the collection should occur.
      • Scheduled Collection: Schedule recurrent collection based on hourly, daily, weekly, or monthly time periods. Click one of the tabs, OnceHourlyDailyWeekly, or Monthly to choose a recurrence pattern.
  6. Click Save.

Note

A network name in the mapping table is made up by combining the Cisco Meraki organization and network name. The Source column displays the fabric name or config name that you previously defined for the SDN or SD-WAN configuration. The network view name is made of the network and source values.

Configuring Proxy Settings for SDN Discovery

Based on your NetMRI deployment type, you can define Proxy settings in the following ways:

  • Standalone: you can define one proxy server for the standalone appliance.
  • Operation Center with collectors: you can define a separate Proxy server for each collector.

To configure a Proxy server, complete the following:

  1. When creating a new or editing an existing SDN configuration in Settings icon –> Setup –> Proxy Settings, select Use Global Proxy Settings.
  2. In the Setup panel, select Proxy Settings.
  3. In the Proxy For drop-down list, select a specific collector.
  4. Select Use Proxy Server.
  5. Complete the following:
    • Name or IP Address: An FQDN or IP address of the Proxy.
    • Port: The port number of the Proxy.
    • Username: The username that NetMRI will use to log in to the Proxy.
    • Password: The password that NetMRI will use to log in to the Proxy.
  6. Click Save.

Running Network Discovery on Routed and Switched Networks

After you establish your scan interface's connection to their network, discovery automatically begins polling the IP addresses in the network view (based on discovery settings) and begins to report what it finds to the Discovery tables under Network Explorer –> Discovery.

NetMRI automatically collects discovery data from pure L3 routing devices every 180 minutes. This setting cannot be changed.

Discovery identifies contacted devices by their IP address and hostname, and IP addresses are gathered under a few categories: ClassifiedReached, and Identified, which is the complete aggregate of all discovered IPs. Classified and Reached IPs are subsets of the Identified classification. These values appear in a simple bar graph at the bottom of the Discovery page.

Note

A device is considered an active device for management if NetMRI can poll and monitor the device using the SNMP protocol.

Note

Network polling settings can also be defined for managing a more or less continuous discovery process during NetMRI operation. Do this under Settings –> Collection and Groups which provides a second group of important settings for governing automatic discovery behavior.

For all networks, NetMRI discovers and stores the following information:

  • Globally routable interface IP addresses.
  • VRRP/HSRP virtual IP address (if applicable).
  • Associated VLANs.
  • BGP AS and neighbor adjacencies (if applicable).
  • Cisco VoIP endpoint devices.
  • GLBP virtual IP (if applicable).
  • VRF configurations, including their respective private network information. NetMRI notifies the user through a System Health alert when it discovers VRF configurations. The alert advises you to assign the VRFs to a network view.
  • IPv6 networks and subnet masks.
  • IPv6 Link-local interface IP addresses.

Controlling Switched Network Discovery

You can manually control the frequency of discovery polling of switched Ethernet networks. To fully discover them, you must define these settings. NetMRI's Switch Port Manager feature governs how L2 and L2/L3 Ethernet switching devices are polled for discovery and data collection. To enable automatic polling through ARP for switched devices (network devices that belong to the Switching and Switch-Router device groups), perform the following:

  1. Go to Settings icon –> Setup –> Collection and Groups –> Switch Port Management side tab.
  2. Set the Periodic Polling time interval. This defines the ARP polling interval for repeated data collection. The default value is 1 Hour.
  3. Go to the Advanced Settings page (Settings icon –> General Settings –> Advanced Settings –> Discovery group –> Poll ARP with SPM) and choose the True option. The setting is set to False by default.

Note

For more details on switch port management settings, see Global Switch Port Management Polling Settings.

Running Discovery on a Single Device

To refresh discovery for a single device, or force discovery for a single device, perform the following:

In the Device Viewer –> Settings & Status –> Management Status -> Discover Now. A pop-up dialog appears, displaying the command-line and SNMP directives that NetMRI immediately sends to the selected device. NetMRI executes the processes required against the device to complete discovery. These include SNMP credential collection, SNMP data collection, device group assignment, and CLI credential collection. Scroll through this listing to view specific details on what types of information are being obtained by NetMRI for the selected device. Some time may be required to finish the process.

To force a device to the top of the discovery queue, click Discover Next (below the table).

To remove a device from NetMRI Management, click Unmanage and confirm the operation. Unmanaged devices remain discovered, but the appliance will not collect data from them. NetMRI will not obtain details, (such as vendor, model, and operating system version) because SNMP access is required to complete those processes.

To delete the device from NetMRI's database, perform the following:

  1. Click Delete (below the table).
  2. In the Delete dialog, select Exclude from discovery (this is optional).
  3. If the device has duplicates, you can also select Delete devices instances on other collectors. For more information, see Deduplication of Devices Discovered by Multiple Collectors.
  4. Click Yes to confirm the deletion.

Note

If the device continues to appear in collected data, NetMRI will re-list it unless you choose to exclude the device from discovery when it is deleted.

Vendor-Specific Requirements for Virtual Device Discovery

NetMRI discovers Cisco-based virtual device contexts through the Cisco command-line interface. Telnet and/or SSH access must be enabled on the Virtual Host, and the credentials for the contexts must be known to NetMRI.

NetMRI discovers Juniper-based virtual device contexts through SNMP. Juniper's term for virtual routers/switches is Logical System. For uniformity, NetMRI labels all Juniper-based Logical Systems as Virtual Devices. SNMP must be enabled on the Juniper virtual host and access granted for the NetMRI appliance to all virtual devices/Logical Systems.

A Juniper command sequence illustrates how to enable the Juniper device's SNMP access using a community string snmppub on a virtual device/Logical System named M5VdcTest1:

community @snmppub {

   authorization read-only; 
   routing-instance M5VdcTest1/default {

     clients { 
        0.0.0.0/0; 
     } 
     } 
} 
routing-instance-access {

   access-list { 
     *; 
   } 
}

In all cases, the Juniper Virtual Host (i.e. the device hosting the virtual instances) acts as a proxy to the virtual devices for all SNMP communication. Direct SNMP access to Juniper Virtual Devices is not permitted. This is largely transparent in NetMRI. If connectivity to the Virtual Host is lost, SNMP collection of the Virtual Devices is not possible and the VDCs will appear on the Devices Not Present page.

Both the virtual hosts and their virtual devices must be discovered by NetMRI as independent network devices before it will identify them as Virtual Hosts and Virtual Devices.

Note

All IP addresses of the virtual hosts and virtual devices must be in NetMRI's discovery IP ranges.

You may see a specific report Issue type during discovery of virtual hosts and virtual devices. The issue will usually appear as unknown community string. This may report against Cisco devices for which VDC discovery is CLI-only. Should this issue appear, you can repress it for further VDC discovery procedures. See the Performing Issue Suppression topic for more information. Other Issues that may appear during indirect discovery include Down Device and Config Bad Password. These issues may need to be dealt with on a case-by-case basis or may be repressed as needed once it becomes clear that the virtual devices can be successfully managed after discovery.

Indirect Discovery

NetMRI supports indirect partial discovery of otherwise unreachable virtual device contexts. A minimal subset of information is gathered by NetMRI, consisting of the following:

  • Device type
  • Uptime
  • Vendor
  • Model

Cisco devices supporting CLI access through the physical host will also allow the collection of the configuration files.

This information is entered into the NetMRI database. Full discovery of any virtual device context requires SNMP access. On Cisco virtual devices for Cisco ASA, Pix, ACE load balancers, and Nexus switches, SNMP access is available only to each virtual device context. As noted SNMP access to Juniper virtual device contexts is done indirectly through the SNMP activation on the virtual host, acting as a proxy for the VDCs.

Note

If virtual devices on a specific virtual host do not provide direct access through SNMP, you will see a warning message on the virtual device's Device Viewer, nothing that CLI interaction is the only supported communication mode.

Viewing and Managing Discovery Results

The Discovery tab (Network Explorer –> Discovery) provides detailed information about NetMRI's discovery processes through a special Discovery drop-down menu. To open the menu, click the down arrow on the Discovery tab.

Use this tab and menu to perform the following:

  • View discovery and data collection processes in real time. IP addresses are listed as they are discovered from any source.
  • View discovery milestones and status, which provide a context for fixing problems.
  • Monitor IP address processing to gauge overall progress.
  • Correlate device IP addresses with management IP addresses.
  • Search all known IP addresses.
  • View and control credential guessing queues. You can see where a device falls in the sequence, and prioritize it if desired.
  • Tell NetMRI to immediately perform the full discovery process on a device. Results are displayed when received.
  • Administer devices to view and change licensed/unlicensed/unmanaged status.
  • "Unmanage" a discovered device, set the licensing status for a device, delete a device from the list, and other operations.

The following views are available via the Discovery menu:

Recent Activity

Lists all known IP addresses discovered by NetMRI.

License Management

Provides data similar to Recent Activity, sorting the list according to priority in the algorithm for determining where a device fits in the device license scheme. This view helps determine why a given device is or is not licensed, where it is on the list to change the NetMRI license (if necessary) or to adjust a setting so a given device is given license priority.

Problems

Provides data similar to Recent Activity, but filtered to devices reporting discovery errors.

Non-Detected IPs

Provides data similar to Recent Activity, but filtered to devices that NetMRI has not been able to communicate with.

SSH QueueTelnet Queue, and SNMP Queue

Shows whether a given device is in the processing queue for determining credentials. Data about each device in the queue includes the time of the prior attempt, time the device is going to be attempted again, and status. SNMP discovery is the key to complete device discovery. Until a device has fully discovered SNMP credentials, data collection and analysis cannot continue.

Note

Operations Center only: Data displayed in a view is limited to the Collector selected in the Filter by Collector field in the right side of the header.

The area at the bottom of the Discovery tab provides the following summary data for the selected collector:

  • Network Devices: The number of devices discovered.
  • Licensed Devices: The number of licensed devices discovered.
  • IP Addresses:
    • Classified: The number of IP addresses the appliance has fully discovered with SNMP collection and assigned to a device group.
    • Reached: The number of IP addresses NetMRI has touched.
    • Identified: The number of IP addresses known to exist on the network.

For more information about interpreting discovery data that the previous views display, see the next section Interpreting Discovery Table Data.

Sometimes a device may be discovered by more than one collector. In that case, a deduplication procedure occurs and the device is marked with a special icon in the UI. For more information, see Deduplication of Devices Discovered by Multiple Collectors.

Also, see Saving Table Views on how to save customized views of discovery results.

Interpreting Discovery Table Data

The Recent ActivityLicense ManagementProblems, and Non-Detected IPs tables organize information in the following columns:

E (Existing Status)

The listed IP address exists in the network. All devices will receive this status to indicate where NetMRI first discovered the address.

P (Fingerprint Status)

If NetMRI is configured to use fingerprinting, device fingerprint status is listed in this column.

R (Reached Status)

Shows whether NetMRI has sent a packet to the device and received a reply, establishing that the device is reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation.

S (SNMP Credentials Status)

Indicates the status of the SNMP credential guessing process.

SC (SNMP Collection Status)

Shows the status of SNMP data collection for the device. Success indicates that a device successfully allows data collection through SNMP. If this is not successful, check the S field to see whether the correct credential is given.

C (CLI Credentials Status)

Displays the status of the CLI credential guessing process.

CC (Config Collection Status)

Indicates whether a device supports command-line connectivity and whether the configuration collection is successful. If this is not successful, check the C field to see whether the correct credential is given.

G (Device Group Status)

Shows the status of the device group generation process. Success indicates that a device has been assigned to at least one group.

DB (Discovery Blackout Status)

Indicates whether or not the selected device is in a Discovery Blackout period. Two states are possible, In Blackout and Not in Blackout.

CB (Change Blackout Status)

Indicates whether or not the selected device is in a Change Blackout period. Two states are possible, In Blackout and Not in Blackout.

Status

Licensed devices are listed as such. Unlicensed devices are non-network devices or devices for which NetMRI license limits have been exceeded. Unmanaged devices are those which NetMRI will discover, but not manage.

Type

Lists the device type as determined by NetMRI.

Last Timestamp

Date and time the data in the device records were updated or verified as unchanged.

Last Action

The last action performed by NetMRI upon device after discovery takes place. For example, Device Groups: Successfully assigned to device groups indicates that the device was successfully discovered and added to a device group.

Last Seen

The date and time when the device was last seen on the network. For example, reading the IP address in the ARP table from a router.

First Seen

Date and time when the listed device was first detected by the NetMRI appliance.


You can pass the mouse over the EPRSSCCCC, and G columns to display an explanatory tooltip.

The following status icons appear in the tables:

  • Passed: The device passed the process.
  • Failed: The device failed the process.
  • Not Applicable: The process is not applicable to the device.

A pink row in the table indicates that there is at least one failed process for the device.

To see the action that generated a status, along with action’s timestamp and source, hover over a status icon.

Each of the column categories provides a reason or an explanation of how a discovery phenomenon took place upon each device. Consider the E (Exists) column, for example. Possible explanations for why a device was found to exist in the network include the following:

Exists: Device exists / Source: SNMP                                                             Exists: Device exists / Source: NIOS

Exists: Device exists / Source: Net-SNMP                                                     Exists: Device exists / Source: NetMRI

Exists: Device exists / Source: CIDR Table                                                     Exists: Device exists / Source: Seed

Exists: Device exists / Source: CDP                                                                Exists: Device exists / Source: Wireless Controller

Exists: Device exists / Source: Route Table                                                   Exists: Device exists / Source: IP Phone

Exists: Device exists / Source: ARP Table                                                      Exists: Device exists / Source: Call Server

Exists: Device exists / Source: Path                                                                Exists: Device exists / Source: VPN Table

Exists: Device exists / Source: CDP Table                                                      Exists: Device exists / Source: Wireless AP

Exists: Device exists / Source: LLDP                                                               Exists: Device exists / Source: Subnet Scan

Exists: Device exists / Source: HSRP                                                              Exists: Device exists / Source: Discover Now

Exists: Device exists / Source: VRRP

To expand all IP addresses of a device and the corresponding interfaces to which they are assigned, click the arrow to the left of the device IP address.

Deduplication of Devices Discovered by Multiple Collectors

When a device is discovered by more than one collector, NetMRI deduplicates the device to prevent unnecessary load on the device as well as data conflicts. Initially, the collector that first discovered the device is set as the temporary management collector. Next, NetMRI selects the permanent management collector for said device.

Also, if a device is discovered through different network views and different IP addresses, it is not deduplicated. If a device is discovered through different IP addresses but through one network view, it is deduplicated.

Deduplicated devices are marked by special icons next to their IP address. This means the following:

IconTooltip MessageDescription

This device has duplicates on other collectors.Two or more collectors, including the current one, discovered the device, i.e. the device has "duplicates" on multiple collectors. The current collector is set as the management collector for the device. The other collectors do not poll the device any more to avoid unnecessary load.

This device is managed by another collector.The current collector discovered the device along with other collectors. Another collector, not the current one, was assigned as the managing one. The device shows “Unlicensed” in the License Status column as the current collector does not manage it.


As to how NetMRI assigns the management collector for a device, see Algorithm for Assigning Management Collector.

The management collector is assigned to a device using the algorithm only once. However, you can change the management collector manually in the Device Viewer. To open the Device Viewer, click the device IP address. The Management Status page of the Device Viewer opens, showing the current device status on the management collector. To learn how to change the management collector, see Manually Changing Management Collector.

Note

If in discovery settings, you delete a range containing a device that has a "duplicate" on another collector, the device becomes licensed again on the other collector.

For devices that did not undergo deduplication, load balancing is performed automatically between collectors. NetMRI determines the less loaded collector in terms of devices and "moves" extra devices from other collectors to this collector. For information, see Deduplication and Load Balancing Settings.

Note

Despite the device deduplication functionality, Infoblox recommends defining your discovery settings in a way that collectors scan networks by discovery ranges that do not overlap nor are duplicates.

Algorithm for Assigning Management Collector

NetMRI Operation Center assigns the management collector for a device using an algorithm. It runs every hour against devices served by a temporary management collector.

The algorithm is as follows:

If the user manually assigned the management collector for the device, it is used as such.

If not, the following sequence applies to select it automatically:

  1. If the current collector guessed CLI credentials for the device, it is assigned as the management collector. The algorithm finishes.
  2. Else, a search is performed among the other collectors that discovered the device for the one that guessed CLI credentials. If such collector is found, it is assigned as the management collector. The algorithm finishes.
  3. If no such collector is found and the timeout for choosing the collector has not yet elapsed, the collector selection is postponed for an hour. This continues until a collector with device CLI credentials is found.
  4. If no collector with device CLI credentials is found and the timeout for choosing the collector has elapsed, the IP addresses of all those collectors are sorted in the following order of priority:
    1. Software Loopback interface with the lowest if Index and IP address with the lowest numeric value.
    2. Interface name of "mgmt" with lowest ifIndex and IP address with the lowest number value.
    3. ethernet-csmacd interface with lowest ifIndex and IP address with the lowest numeric value.
    4. Interface with lowest ifIndex and IP address with the lowest numeric value.
  5. The highest priority IP address is selected and the corresponding collector is assigned as the management collector for the device.

You can change the timeout for choosing the collector in Deduplication and Load Balancing Settings.

Manually Changing Management Collector

To manually change the management collector for a device, complete the following:

  1. Click the device IP address to open the Device Viewer.
  2. Under Settings & Status, click General Settings.
  3. In the Management Address drop-down list, select the desired collector.

    Note

    Sometimes the Management Address drop-down list is not available. This is due to the fact that unassigned VRFs are present in the network the device belongs to. If that happens, click the system health statuses message at the top of the window. In the System Health window that appears, click either Unassigned VRF or Network Editor link and assign VRFs for such device. After that, the Management Address drop-down list becomes available in the Device Viewer.

  4. Click Update.

After you manually set the management collector for the device, the automatic collector selection algorithm does not apply anymore.

Deduplication and Load Balancing Settings

To define settings for deduplication and load balancing of devices on collectors, complete the following:

  1. Click Settings icon -> General Settings -> Advanced Settings.
  2. In the settings list, navigate to the Deduplication settings group.
  3. Click the gear icon for each setting in the group and select Edit. You can edit the following settings:
    • Enable the load balancer: Enables the load balancing feature for moving devices from highly-loaded collectors to less loaded collectors. The load balancer runs on the weekly maintenance schedule.
    • Minimum capacity utilization: Sets the minimum percentage of devices, from collector's total capacity in terms of managed devices, at which moving devices from such collectors is allowed. For example, if a collector that can manage 1000 devices currently manages less than 40% percent of devices, NetMRI will not move devices from that collector to other collectors as its load is regarded as low.
    • Minimum capacity utilization difference: Sets the minimum difference, in percentage, the current device's utilization by collectors, and at which devices can be moved to the less loaded collector. For example, if a collector has a 47% load in terms of devices and another one has a 45% load, it does not make sense to move devices from the first one to the second.
    • Timeout for choosing the collector: Sets the maximum allowable time, in hours, for choosing the best management collector for the device.

Performing Discovery Operations on Multiple Devices

In the Network Explorer –> Discovery table, NetMRI displays data on multiple pages when the number of items to be displayed exceeds the maximum number of items that can appear on one page. Use the navigational buttons at the bottom of the table to page through the display.

You can select multiple rows in a table. For example, in a Windows browser, you can form the following to select multiple rows:

  • Click check boxes adjacent to each other to select contiguous rows.
  • Click check boxes for any row, separated by any number of rows, to select multiple non-contiguous rows.
  • Click the check box in the Select column of the table header to select all rows on a page, as shown in the figure.

When you click the check box in the Select column of the table header, in a table that contains multiple pages, only the rows on the current page are selected. All selected rows are greyed out on the table page, denoting their selection. After you select all rows on a page, you can deselect a specific row by clearing the check box for the row. Then, the remaining table rows remain selected.

For Discovery tasks, you can perform the following:

  • Click Discover Next to execute Discovery protocols on the selected devices. A prompt appears: Are you sure you want to discover the selected 23 device(s) next?
  • Click License to change the license status of all selected devices. For more information, see NetMRI Licensing.
  • Click Unmanage to remove the selected devices from management by NetMRI. A prompt appears: Are you sure you want to stop managing the selected xx devices? The chosen devices will be removed from their licensing and NetMRI will add the license allocation to its availability pool.

Viewing Device Discovery Status and Re-Discovering a Device

To view discovery status for any device, open the Device Viewer by navigating to Network Explorer -> Discovery and clicking a device link, or Device Viewer -> Settings & Status –> Management Status. You will see the Management Status for the device. This is an important block of information that immediately describes the effectiveness of communications to the device by NetMRI.

This page provides a subset of the same information listed on the Discovery page, showing the E (Exists), P (Port Scanned), R (Reached), S (SNMP), SC (SNMP Collection), C (Config Credential), CC (Config Collection), and G (Groups) data results for a single device, each with their respective explanation.

The Exists field indicates the listed device has been successfully discovered by the network. The R field stands for Reached. A device can be discovered by any method but not necessarily be reachable. Devices are typically tested for reachability through SNMP and the CLI, usually with an ICMP Ping operation. S and SC are the status indicators for SNMP Credentials and SNMP Collection, respectively.

Corresponding C (CLI Credentials) and CC (Config Collection) indicators also show whether a device supports command-line connectivity and whether configuration collection is successful. Finally, G indicates whether NetMRI successfully assigns the device to a device group.

At times, a device may need a discovery refresh because of significant configuration changes or because it has just been installed. You can choose to run discovery against any individual device at any time.

  • Click Discover Next to set the device to be the first one discovered in the device group's next discover cycle.
  • Click Discover Now to immediately re-discover the device listed in the Device Viewer.
  • Click License to change the licensing status of the current device. The default state for device licensing is Automatic (NetMRI uses global licensing guidelines to determine whether a device should occupy a license entitlement). For switches and firewall devices, you can choose to explicitly license the device by selecting Licensed and checking the check box for either category.
  • If the device is licensed and you wish to revoke it, or override the global licensing behavior, select Unlicensed.
  • To revoke the current device's Managed status, click Unmanage. The device will be removed from managed status under NetMRI and automatically be Excluded from management. The device will continue to be discovered, however.
  • To remove the device completely from the NetMRI database, click Delete.
  • You can export the device management data to an Excel-compatible .CSV spreadsheet. To do so, click Export. NetMRI creates the file and places it in your browser's Downloads directory.

Overriding Device Names and Types in the Device Viewer

During device discovery, NetMRI determines the Management IP address, device name, and device type and displays those values in several locations in the UI, including the Network Explorer –> Discovery page and the Config Explorer (Configuration Management –> Config Explorer). Once those values are discovered, should any of those values change at some point in network operation, NetMRI detects those changes and modifies the appropriate values in its database.

If the system admin changes the Name or Type of device in the Device Viewer's General Settings page (Device Viewer  –> Settings & Status –> General Settings), re-discovery of that device's settings will no longer be active. For more information, see Viewing and Changing General Settings for a Device.

To revert to the auto-discovery of changes to that device's identifying information in the network, you can delete the device from the Discovered Devices list in the Network Explorer –> Discovery tab. The device is removed from the table. You will need to wait for NetMRI to re-discover the device on the network, and then refresh or re-open the Network Explorer –> Discovery tab to view the updated information. Click the device group name in the right panel if you need to locate the updated device in its expected group.

Note

For more information about Device Viewer functions, see Inspecting Devices in the Network and its subsections.





  • No labels

This page has no comments.