Search

Page tree

Contents

To automate the conversion of IP addresses of discovered entities from "unmanaged" to "managed" in a specific network view, you can configure conversion rules that Network Insight uses to automatically create new DNS records or update existing data for the discovered IP addresses. Network Insight automatically converts newly discovered IP addresses to host records, A and PTR records, or fixed addresses based on your configuration. You can define templates that Network Insight uses to create new records by using supported variables and functions. For information about supported variables, see Supported Variables for Templates.
Note that corresponding DNS zones in a selected network view must already exist in order for Network Insight to add DNS records during the conversion. Otherwise, Network Insight does not add any DNS records and it logs a message to the syslog.
Network Insight automatically adds DNS records based on the following conditions:

  • The corresponding DNS zones must already exist in the NIOS database. Network Insight does not automatically create DNS zones for the records.
  • To create a PTR record, the corresponding reverse-mapping zone must exist.
  • A DNS zone cannot be associated with more than one DNS view. Network Insight does not create DNS records for zones that are associated with multiple DNS views.
  • NIOS adds new DNS records only if the discovered_name for the discovered IP address is available and there is no conflict with information about the associated network view.

On subsequent discovery jobs, if an IP for a VM is removed, the corresponding DNS records are removed accordingly. If the IP for a VM is changed, the IP address in the corresponding DNS record is changed accordingly. If the DNS record name template is changed, all the DNS records are replaced with the DNS records using the new template. All administrative actions for these change are recorded in the audit log. Summary of the changes are logged in the syslog.

Note

Network Insight updates only records that are created by the Network Insight process. It does not create or update DNS records that are originally created by other admin users.


Configuring Automatic Conversion Rules

To add automatic conversion rules:

  1. From the Grid tab, select the Grid Manager tab, and click Edit –> Grid Discovery Properties from the Toolbar.
  2. Click the Conversion Policy tab and complete the following:
    • Enable the automatic conversion rules defined for newly discovered IP addresses: Select this check box to enable the automatic conversion of unmanaged IP addresses of newly discovered entities to managed objects in a specific network view. This is disabled by default.
    • Update discovered data for managed objects: Select this check box if you want the appliance to update discovered data for all corresponding NIOS objects (if they exist in NIOS). If you do not select this check box, the appliance updates only the discovered data for unmanaged objects. None of the managed data will be updated. This check box is selected by default, but is disabled if you do not enable the automatic conversion feature.

Click the Add (+) icon and Grid Manager adds a row to the table (this table is enabled only when you enable the automatic conversion feature). Complete the following:

    • NetworkView: From the drop-down list, select the network view in which your conversion rule will take effect. Note that this rule applies only to objects in the selected network view. If you have multiple network views, you must configure a separate policy for each network view.
    • Template: Define a naming template that Network Insight uses to automatically create DNS records for the unmanaged IP addresses in the network view. You can use the following syntax: ${substitution}, where substitution can be a supported variable or function. Note that each IPv6 address substitution is unwrapped into dotted presentation. For information about supported variables and functions, see Supported Variables for Templates.
      For example, when you enter ${discovered_name}.corpxyz.com and the discovered_name for the asset is XYZ , the DNS name for this IP becomes XYZ.corpxyz.com . When you enter  $dev-{ip_address_octet3}.corpxyz.com and the IP for the asset is2dba::db8::1 , the DNS name for this IP becomes dev-3.corpxyz.com . When you enter ${ip_address[7]}.corpxyz.com for an IPv6 address and if the IP for the asset is 2001:db8:acad::1 , the DNS name becomes b.corpxyz.com.
      You can also use the following functions in the naming template: dashed, reversed, and underscored. For example, when you enter ${dashed(${ip_address})}-corpxyz.com and the IP is 1.2.3.4, the DNS name becomes 1-2-3-4-corpxyz.com. When you enter ${reversed(${ip_address})}-corpxyz.com  and the IP is 1.2.3.4 , the DNS name becomes 4.3.2.1-corpxyz.com.
    • Conditions: Enter the matching conditions for the conversion rule. You can use magic variables, supported variables, operators, and functions in the condition. When Network Insight finds IP addresses that match this condition, it will convert the IP addresses into DNS records (Hosts, A/PTR records, or fixed addresses) based on your selected conversion type. For information about supported parameters, see Supported Conversion Parameters.
      For example, if you want to match IP addresses that do not have an FQDN in the discovered_name , you can enter this condition: ${is_fqdn(${discovered_name})} == false AND ${discovered_name} == 'unknown'. That is, you can use unknown as the filter value for IP addresses that do not have FQDN.
      If you want to match devices from the network 192.168.1.0/24 with the name starting with " Serial0 ", you can enter this condition: ${ip_belongs_to("192.168.1.0/24")} == true AND  ${discovered_name} like "Serial0".
      ConversionType: From the drop-down list, select the DNS record type that you want Network insight to convert the unmanaged IP addresses into. You can convert an unmanaged IP into Host, A/PTR, or FixedAddress. When you select A/PTR, Network Insight converts each IP into A and PTR records simultaneously.
      Comment: Enter description about this policy to distinguish it from others. For example, if the policy is used to identify and convert IP addresses with discovered_name that does not contain an FQDN, you can enter "No FQDN in discovered_name." as the comment to remind yourself about this conversion rule.

Supported Variables for Templates

The following tables list the supported variables and functions that you can use in templates.
Table 15.1 Supported Variables

Name

Example

Result

Description

1

vm${1}-example.com
vm172-example.com / 192.168.1.1The first octet (quad for IPv6) of the discovered asset. Alias for "ip_address_octet1".
2
vm${2}-example.com
vm41-example.com / 192.168.1.1

The second octet (quad for IPv6) of the discovered asset. Alias for "ip_address_octet2".

3
vm${3}-example.com
vm13-example.com / 192.168.1.1

The third octet (quad for IPv6) of the discovered asset. Alias for "ip_address_octet3".

4
vm${4}-example.com
vm9-example.com / 192.168.1.1

The fourth octet (quad for IPv6) of the discovered asset. Alias for "ip_address_octet4".

discovered_name
iface-${discovered_name}.example.org
iface-example09.example.org / iface-example09

The discovered name of the asset.

ip_address
${ip_address}.example.org
1.2.3.4.example.org / 1.2.3.4

The IP address of the discovered asset.

ip_address[index]
${ip_address[7]}.example.com
b.example.com / 2001:db8:acad::1

The IP address octet (quad) substitution. Useful for IPv6 addresses. Throws an error if address have less octets (quads) than specified.

ip_address_octet1
dev-${ip_address_octet1}.example.com
dev-2.example.com / 2dba::db8::1

The first octet (quad) of the discovered asset.

ip_address_octet2
dev-${ip_address_octet2}.example.com
dev-d.example.com / 2dba::db8::1

The second octet (quad) of the discovered asset.

ip_address_octet3
dev-${ip_address_octet3}.example.com
dev-b.example.com / 2dba::db8::1

The third octet (quad) of the discovered asset.

ip_address_octet4
dev-${ip_address_octet4}.example.com
dev-a.example.com / 2dba::db8::1

The fourth octet (quad) of the discovered asset.

Table 15.2 Supported Functions

Name

Example

Result

Description

dashed

${dashed(${ip_address})}-vm.example.com
1-2-3-4-vm.example.com / 1.2.3.4Replaces the dot "." and colon ":" symbols with the hyphen symbol "-".
reversed
${reversed(${ip_address})}-vm.example.com
4.3.2.1-vm.example.com / 1.2.3.4Reverts the octets of the IP address. IPv6 address is converted to the dotted representation.
underscored
${underscored(${ip_address})}-vm.example.com
1_2_3_4-vm.example.com / 1.2.3.4Replaces the dot "." and colon ":" symbols with the underscore symbol "_".

Supported Conversion Parameters

The following tables list the supported magic variables, variables, operators, and functions that you can use to build the formula for the automatic conversion rules.

Table 15.3 Magic Variables for Conversion Rules
Some of the functions or predicates use the following magic variables to calculate the matching results.

Name

Example

Description

ip_address

${ip_address}

The IP address. Used in is_ipv4, is_ipv6 predicates.

mgmt_ip_address

${mgmt_ip_address}

The management IP address. Used in is_interface predicate.


Table 15.4 Supported Variables for Conversion Rules
This tables lists all the variables you can use in the condition syntax.


Name

Discovered by Network Insight


Description

ip_address

Y

Discovered IP address.

mac_address

Y

Discovered MAC address.

duid

Y

DUID associated with the IPv6 address.

netbios_name

Y

Discovered NetBIOS name.

os

Y

OS guessed by network discovery.

method

Y

The method being used for network discovery: FULL, ICMP, NETBIOS, TCP, or CSV.

network_component_type

Y

The type of network component, such as Switch, Router, and others.

network_component_name

Y

The name of the network component.

network_component_description

Y

A descriptive string for the network component

network_component_ip

Y

IP Address of the network component.

network_component_port_number

Y

Port number on the network component on which the IP was discovered.

network_component_port_name

Y

Port name on the network component on which the IP was discovered.

network_component_vendor

Y

Vendor name of the network component to which the device is connected.

network_component_model

Y

Model name of the network component to which the device is connected in the vendor terminology.

network_component_port_id

Y

Interface ID of the connected switch/switch-router.

port_vlan_name

Y

Name of the VLAN on the port on the network component.

port_vlan_description

Y

Description of the VLAN on the port on the network component.

port_vlan_number

Y

Number of the VLAN on the port on the network component.

port_speed

Y

Speed settings on the port on the network component: 10M, 100M, 1G, 10G, 100G, or Unknown.

port_duplex

Y

Duplex settings on the port on the network component.

port_status

Y

Status of the port on the network component.

port_link_status

Y

Link Status of the port on the network component.

port_type

Y

Type of interface on the network component to which the device is connected.

open_ports

Y

List of opened ports on the IP address, represented as: "TCP: 21,22,23 UDP: 137,139". Limited to max total of 1000 ports.

last_discovered_timestamp

Y

The timestamp when this data discovered.

first_discovered_timestamp

Y

The timestamp when this IP was first seen by the discovery station.

discovered_name

Y

Name of the IP as seen by the discovery station.

discoverer

Y

Name of the discoverer or Grid member.

device_vendor

Y

Vendor name of the device.

device_type

Y

Type of the device in the vendor terminology.

device_model

Y

Model name of the device in the vendor terminology.

mgmt_ip_address

Y

Management IP address of the device if the device has more than one IP.

device_port_name

Y

System name of the interface with which the IP associates.

device_port_type

Y

Hardware type of the interface with which the IP associates.

is_end_host

Y

Whether this object is an end host or an infrastructure device for the purpose of discovery.

iprg_id

Y

Port Redundant Group ID of this device interface.

iprg_no

Y

Port Redundant Group no of this device interface.

iprg_type

Y

Type of Port Redundant Group

iprg_state

Y

State of this IP address in the group.

vmi_name

N/A

Name of the virtual machine.

vmi_id

N/A

ID of the virtual machine.

vlan_port_group

N/A

Port group to which the virtual machine belongs.

vswitch_name

N/A

Name of the virtual switch.

vswitch_id

N/A

ID of the virtual switch.

vswitch_type

N/A

Type of the virtual switch: standard or distributed: Unknown, Standard, or Distributed

vswitch_ipv6_enabled

N/A

Indicates whether the virtual switch has IPV6 enabled: true or false

vport_name

N/A

Name of the network adapter on the virtual switch connected with the virtual machine.

vport_mac_address

N/A

MAC address of the network adapter on the virtual switch to which the virtual machine is connected.

vport_link_status

N/A

Link status of the network adapter on the virtual switch to which the virtual machine is connected.

vport_conf_speed

N/A

Configured speed of the network adapter on the virtual switch to which the virtual machine is connected. Unit is Kib.

vport_conf_mode

N/A

Configured mode of the network adapter on the virtual switch to which the virtual machine is connected: Unknown, Full-duplex, or Half-duplex

vport_speed

N/A

Actual speed of the network adapter on the virtual switch to which the virtual machine is connected. Unit is Kib.

vswitch_segment_type

N/A

Type of network segment on which the current virtual machine/vport is connected.

vswitch_tep_ip

N/A

IP address of the virtual tunnel endpoint (VTEP) in the virtual switch.

vswitch_tep_port_group

N/A

Port group of the virtual tunnel endpoint (VTEP) in the virtual switch.

vswitch_tep_vlan

N/A

VLAN of the virtual tunnel endpoint (VTEP) in the virtual switch.

vswitch_tep_dhcp_server

N/A

DHCP server of the virtual tunnel endpoint (VTEP) in the virtual switch.

vswitch_tep_multicast

N/A

Multicast address of the virtual tunnel endpoint (VTEP) in the virtual switch.

vmhost_ip_address

N/A

IP address of the physical node on which the virtual machine is hosted.

vmhost_name

N/A

Name of the physical node on which the virtual machine is hosted.

vmhost_mac_address

N/A

MAC address of the physical node on which the virtual machine is hosted.

vmhost_subnet_cidr

N/A

CIDR subnet of the physical node on which the virtual machine is hosted.

vmhost_nic_names

N/A

List of all physical port names used by the virtual switch on the physical node on which the virtual machine is hosted. Represented as: eth1,eth2,eth3.

vmi_tenant_id

N/A

ID of the tenant to which the virtual machine belongs.

cmp_type

N/A

If the IP is coming from a Cloud environment, the Cloud Management Platform type.

vmi_ip_type

N/A

Discovered IP address type.

vmi_ip_type

N/A

Discovered IP address type.

vmi_private_address

N/A

Private IP address of the virtual machine.

vmi_is_public_address

N/A

Indicates whether the IP address is a public address.

cisco_ise_ssid

N/A

Service Set Identifier.

cisco_ise_security_group

N/A

Name of the security group created in Cisco ISE.

cisco_ise_quarantine_status

N/A

Quarantine status for the IPAddress as coming from Cisco ISE: NONE or QUARANTINE

cisco_ise_endpoint_profile

N/A

Endpoint profile in Cisco ISE.


Table 15.5 Supported Operators for Conversion Rules

Operators always result in boolean value: true or false. Therefore, you can use them only in logical expressions.

Name

Left Value (lvalue)

Right Value (rvalue)

ExampleDescription
LIKEvariable

string (regular expression in extended format)

${discovered_name} like "[vV]m-[0-9]+.devnet.org"

Evaluates as true if the lvaluevariable matches the given regular expression rvalue; otherwise false

==variablestring
${ip_address} == "167.45.13.29"

Evaluates to true if the lvalue variable equals to rvalue string literal, false otherwise

!=variablestring
${mac_address} != "00:50:56:00:00:01"

Evaluates to true if the lvalue variable is not equal to rvalue string literal, false otherwise


Table 15.6 Supported Functions or Predicates for Conversion Rules

Predicates accept either none or one argument. Depending on the predicate, it could accept both variables and strings or only one of them. The predicate can be compared only to boolean value: true or false.

NameArgument TypeExampleDescription
is_interfaceN/A
${is_interface} == true

Check discovered data in an interface. It validates the mgmt_ip_address variable.

is_ipv4N/A
${is_ipv4} == true
Check to see if the variable ip_address is an IPv4 address.
is_ipv6N/A
${is_ipv6} == false
Check to see if the variable ip_address is an IPv6 address.
is_belongs_tostring
${ip_belongs_to("10.0.0.0/8")} == false

Check to see if the ip_address variable belongs to the given IPv4 or IPv6 network range.

is_fqdnvariable
${is_fqdn(${discovered_name})} == true
Check to see if the given variable is an FQDN.

This page has no comments.