Introduction

NeDidiscoversyournetworkdevicesandtracksconnectedend-nodes.Itcontainsmanyadditionalfeaturesformanagingenterprisenetworks:

IntelligenttopologyawarenessMACaddressmapping/trackingTraffic,error,discardandbroadcastgraphingwiththresholdbasedalertingUptime,BGPpeerandinterfacestatusmonitoringCorrelatesyslogmessagesandtrapswithdiscoveryeventsNetworkmapsfordocumentationandmonitoringdashboardsDetectirougeaccesspointsandfindmissingdevicesExtensivereportingrangingfromdevices,modules,interfacesallthewaytoassetsandnodes

NeDi'smodulararchitectureallowsforsimpleintegrationwithothertools.ForexampleCactigraphscanbecreated,basedondiscoveredinformation.DuetoNeDi'sversatilitythingslikeprinterresourcescanbemonitoredaswell...

PublishedonSatOct1413:45:052017

2

InstallationInstructions

NeDi'swebsiteprovidesallnecessaryinformationforasuccessfulinstallation.

Thegenericprocedurewithsomelinkstoexternaldocumentation:http://www.nedi.ch/installation

OSSpecificinformation:http://www.nedi.ch/installation/freebsdhttp://www.nedi.ch/installation/os-xhttp://www.nedi.ch/installation/suse-installation

NeDiAppliance

There'safreeOpenBSDbasedappliancecalledNeDiO14availableontheDownloadpage.ItwillbesucceededbyaDebianbasedOVAcalledNeDian17.

PartnerSolutions

NeDiisintegratedincommerciallysupportedsolutionsaswell.HavealookatthepartnersonNeDi'sDownloadpagetogetmoreinformation.

3

GeneralOverview

ThischapterhelpstogetyouacquaintedwithNeDi:

Architecture:AquickoverviewofNeDi'scomponentsFunctionalBreakdown:AdescriptionofusecasesTerminology:DefinitionoftopicsfoundinNeDi

ThefollowingchapterscoverNeDiusecases:

NetworkManagement:TheoriginalintentionAssetDiscovery:Collectdetailsonyournodesanddevices

Thefrontenddocumentationisdividedintothefollowingsections:

RESTAPIGUIoverviewGUImodules

4

Architecture

NeDi'sarchitecturecanbedividedintothefollowingcomponents:

Networkdiscovery(nedi.pl)inlightblueaboveMonitoring(moni.pl,trap.plandsyslog.pl)inblueMasterdaemonandagentlistforcentralizingdistributedNeDiinstances,inpurpleNodediscoveryforassetdetails(gatheredbynodi.plusingWMIandSSH)inblueModularwebfrontendwritteninPHPandsomejavascriptinyellowRestfulAPIfrontendwritteninPHPindarkyellowMastersettingsfile(nedi.conf)indarkblueDependenciesareindicatedaboveaswell(e.g.APIonlytalkstotheDBandflow.plusesTrafficdatatogenerategraphs)NFDUMPcanoptionallybeintegrated,inthatthefrontendcanaccessanddisplaynetflowdata

5

FunctionalBreakdown

Usethistableinordertolearnhowthecomponentscanbeusedtoachievedifferentgoals.Detailedinformationisprovidedinthefollowingchapters:

Goal Component Description

DiscovernetworkdevicesusingSNMPandSSH/Telnet nedi.pl

Runnedi.plviaconsole,System-NeDiinthewebGUIorusecrontabtodiscoveronfixedintervalsThiswillalsotrackMACandIPadressesandcollecttheinterfacestatistics

Monitordiscoverednetworkdevices moni.pl

Runmoni.plviaconsole,System-ServicesinthewebGUI,orhaveitautostartwithinit.dscriptsAdddesireddevices(whichusuallyhavebeendiscoveredbefore)tomonitoringControlthemonitoringfrequency(defaultisuptimecheckevery3minutes)

ReceiveSyslogmessages syslog.pl Runsyslog.plviaconsole,System-ServicesinthewebGUI,orhaveitautostartwithinit.dscripts

ReceiveSNMPtraps trap.pl Configuretrap.plastraphandlerforsnmptrapd

MonitorremoteNeDihosts master.pl

AddremoteNeDiinstallationsinagentlistRunmaster.plviaconsole,System-ServicesinthewebGUIorhaveitautostartwithinitdscriptsConfigurehowtheremoteagentsprovidetheirAPIconnection(e.g.httpsandrootpath)Note:Don'trunanyothercomponentsonthishosttoavoidconfusion

Discoverassets nodi.plRunnodi.plviaconsole,System-NoDiinthewebGUIorusecrontabtodiscoveronfixedintervalsIt'srecommendedtouseadifferentDB(andconfigfile),ifnedi.plisrunninghereaswell

TrafficMonitoring nfdump,flowi.pl

Runnfcapd(fornetflow),sfcapd(forsflow)ornfpcapd(tocapturetrafficonaninterface)Specifypathtonetflowdatainnedi.confEditnedi.conftosetnfdpathandtheIP-portsyouwanttographRunflowi.plevery5minutestocreatetheProtocolandPortgraphsMakesurethefrontendcanexecutenfdump(especiallyifnfdumpisinstalledonanotherhostandthedatadirismounted)

6

Terminology

Devices:

SNMPcapablenetworkequipment,printerorserverWMIcapableWindowsserverorclientSSHcapableUnix(namelyLinuxandBSD)serverorclient

Modules:

Linecards,powersupplies,fantraysoropticaltransceivers(usuallywithserialnumber)innetworkdevicesMembers(usuallyclassifiedaschassis)inastackVirtualmachinesinhypervisorsSuppliesinprintersCPU,Ram,HDD,displayorinstalledsoftwareinWMIorSSHdevicesGotoModulesformorenetworkingrelatedinformation

Nodes:

MACaddressfromabridge-forwardtableonaswitch(required)IPaddressesofARPtablesonroutersorlayer3switches(optional)DNSnamesoptainedbyreverselookupofIPaddresses(optional)GotoNetworkPopulationformorenetworkingrelatedinformation

Links:

ConnectionbetweendevicesstoredinthelinkstableCreatedusingCDP,LLDP(ISDPunderinvestigation)Calculatedautomaticallywithinformationderivedfrombridge-forwardtables(MAC)AddedstaticallyusingTopology-Linked(STAT)

Assets:

ItemswithaserialnumberintheinventorytableAddedbyNeDi's-YoptionAddedbyhandusingAssets-ManagementImportedviaCSVfileusingAssets-Management

Policies:

RulesdefinedinSystem-PoliciestocreatealertsoractionsThey'reevaluatedatdifferentpointsduringthediscoveryPackets,BytesorFlowsrulesareevaluatedbyflowi.pl

AgeShading

Dateandtimefieldsareusuallydisplayedwithaagebasedbackgroundcolor.Thishelpstoquicklyspotanomaliesinalistforexample:

Firstseendatesstartouttobebrightgreen(affectedbythe"retire"settinginnedi.conf)likeafreshfruitLastseendatesturnmoreredaftertimelikeasunsetThegreaterthedifferencebetweenthetwothemoreblueisadded

7

Colorsquicklyshownewdevicesandthosebeingofflineforawhile

8

NetworkManagement

Prerequisites

Beforeyoubegin,decidehowyouwilluseNeDi,andwhatyouneedtodotomakeitaneffectivetoolinyournetwork.Thediscoverynedi.plneedsSNMPreadaccessinordertodiscovernetworkdevices.PrivilegedCLIaccesscanbeusedtoreadtheMACaddresstablesonCiscodevices,whichisfasterthanvlanindexingviaSNMP,andsupportsportsecurityaswell.TheconfigurationsarereadviaCLIandstoredinthedatabaseorastextfiles.IfyouwanttouseNeDitobackupyourconfigurations,youwillneedtoenableprivilegedCLIaccess.

NeDirequiresuniquedevicenames,sincethisistheprimarykeyinthedatabase.Thedomainpartofthedevicenameisusuallydiscarded,becauseCDPisnotconsistentwithdomainnamesonalldevices,andthiscanleadtoproblemswhencreatingdevicelinks.Makesureyounameyourdevicesuniquely.

NeDireachesitsfullpotentialwhenusedwithCDP,FDPand/orLLDPcapabledevicesinyournetwork.Thediscoveryandtopologyvisualizationsnolongerdependontheseprotocolsbeingenabled,however,soNeDicanbeusedeffectivelywithoutthem.

NeDicandrawmapsfordocumentationandmonitoringdashboards

9

TopologyAwareness

Ifmappingyournetworkwithaclearandautomatedvisualrepresentationisimportanttoyou,youwillwanttoenablethetopologyawarenessfeaturesbypreparingyourdevicestobeplacedinNeDi'svisualizationsandmaps.NeDiiscapableofvisualizingyournetworkdowntoracklevel!Inordertodothis,aspecificformatfortheSNMPlocationstringisrequiredoneachdeviceasfollows(separatorscanbeconfiguredinnedi.confwithlocsep):

Region;City;Street;Floor;[Room;][Rack;][RU;][Height]

Thebuildingorstreetaddressmaycontainseveralsub-buildingsseparatedwithasecondseparator(e.g._)TheRUiscountedupwardsfromthebottomofarackTheheightisonlynecessary,ifthedevicecomesindifferentsizes(e.g.aVMwareESXserver)

Switzerland;Zurich;MainStation;5;DC;Rack17;7

Thisexampleputsadeviceinposition7ofrack17intheDCroomatthe5thfloor

FL;Orlando;42PineSt_A;54;Closet;Wallrack;1

Thisdeviceislocatedinacloset'swallrackinBuilding-Aof42Pinest(theremightbeabuilding-Batthesameaddress)

fnetworkdevicescanbeconfiguredwiththisSNMPlocationscheme,NeDicanvisualizeyourentirenetworktopology.Ifit'snotfeasibletoreconfigureallyourdevices,youcanoverridelocationsforsomeofthemintheseedlist,ormapotherinformationtothelocationscheme.You'lllosesomeofthedynamismofthemapping,butyoucanstillleveragesometopologyfeaturesthisway.

TopologyawareoverviewinMonitoring-Health

10

Citiesshowtheirsizebasedondevices:

Icon Size #ofDevices

small 1-2

medium 3-9

large 10-19

extralarge 20+

ThesameappliestoBuildingswhereasimportantonescanbe“painted”redusingredbuildinnedi.conf:

Icon Size #ofDevices

small 1-2

medium 3-9

large 10-19

extralarge(important) 20+

11

ConfigurationBackup

NeDiiscapableofbackingupswitch,routerandfirewallconfigurations.Commonbrandsandmodelsaresupportedaswellassomelessknownones(backingupofsomeFWcontextsneedsmorework).ThebackupisperformedviaCLIandcorresponding"showconf"commands.

Thebackupcanbeperformedin2ways:

1. DBonly:-b2. DBandkeepingthelastxversionsasfile:-Bx

IngeneralNeDionlywritesanewbackup,iftheconfigacutallydiffersfromthepreviousversion.SomedevicesprovideanSNMPOIDthatholdsthetimestampofthelastconfigchange(CiscoandComwareareknown).Thismakestheprocessmoreefficientasitwon'trequiredownloadingtheconfigtodeterminewhetherithaschangedornot.A2ndOIDmakesitpossibletodeterminewhethertherunningconfighasbeenwrittentothedevice'sflashandalert,ifnot:

CFGC:Lastchange@5858408suptime

EVNT:MOD=B/1L=150CL=cfgsTGT=3560CXMSG=Configchanged

(@5858408s)54.15daysafterwritingtoflash(@1179413s)

Onceconfigsarebackedup,theycanbetestedforcompliance,searched,compared,beusedastemplatefornewdeployments(e.g.viatftp)orbetranslatedintonewconfigsforcompletelydifferentbrandsandmodels(startingwithNeDi1.7).

ConfigurationCompliancePolicies

12

DeviceModules

Mostswitchesandrouterscontainlinecards,removablefantraysandpowersuppliesandopticaltransceivers.NeDiisabletodiscoverthosemodulestoagoodextent.TheycanbelistedinDevices-Modulesforreview.HoweverNeDitriestopresentthisinformationinamostusefulmanner.Stacksforexamplehavebecomemorepopularinrecentyears.ManagementtoolslikeNeDishouldbeawareofhowtheyarephysicallybuilt,butdon'toverwhelmtheuserwithlessrelevantinformation.ThisgetsevenmorecomblicatedwhenwholenetworkfabricsarebeingmanagedwithasingleIPaddress.Toanswerasimplequestionlikehowmanyswitchportsareavailableinacertainrack,becomesmorechallengingtoanswer.NeDicombinesthemoduleswiththeinterfacestopresentsuchananswer:

NeDibreakscomplexfabricsdowntoreportportsperextender

13

NetworkPopulation(Nodes)

NeDitreatsallMACaddressesfoundinthebridge-forwardtablesofswitchesasnodes.TheyarecombinedwithARPinformationfromlayer3switchesandrouters.TheIPaddressesareresolvedtoprovideactualhostnames,whichwillideallycompletethewholepictureonthenetwork.

OvertimethemovementoftheMACaddressesandchangingofIPaddressesistrackedinseparatetablesaswell:

/>Databaserelationshiparoundnodes

NodescanbelistedinNodes-ListandthenbecloserexaminedinNodes-Status.Alltablesshownabovearegraphicallyrepresentedinthisview:

Nodestatusisgraphicallyorganized

14

Editnedi.conf

ThemainconfigurationinputforNeDiisthenedi.conffile.ThefirsttaskinconfiguringNeDiiseditingthisfile.YoucanuseSystem-FilesinthewebGUItoeditnedi.conf,theseedlistandfinallycrontabtoschedulerecurringdiscoveries.Makesureyoueditnedi.confbeforestartingtodiscoveryournetwork.Theconfigurationshouldbeselfexplanatorywiththecommentsinthefile.

It'sdividedintothefollowingsections:

1. DeviceAccessdefinescredentialsandmethodsforcontactingdevices2. DiscoverycontrolsIPadrressspace,portsused,andborderswithinwhichdiscoveryshouldoccur3. BackendsetsDBaccess,systemsettingsandintegrationwithothertools4. Messaging&Monitoringtakescareofpollingandnotificationsettings5. NodesRelatedcontrolshownodesshouldbereadfromdevices,andhowtheyshouldbetreatedafterwards6. GUISettingscontrolmenuitemsandappearance

Userpasswordscanbeenteredencryptedwiththeusrseckeyword.ThesecretusedtoencryptisinthefunctionXORpass()withininc/libmisc.pm.Changeitformoresecurity(butdon'tforgettoadaptafteraNeDiupgradeorpatch).Thisprotectsthepasswordsfrompryingeyesinnedi.conf,butofcoursenot,ifthepersonhasaccesstolibmisc.pm.

Manythingscanbefine-tunedatalaterstage,buttheseparametersshouldbeconfiguredproperlyfromthestart:

rrdstepsetsthetimestepofthegraphsupontheircreation(correspondstothediscoveryinterval)cli-credentialsforCLIaccestogetMACaddresstablesonCiscoswitchesand/orconfigurationbackup

Ifyoudiscoveryourentirenetworkwiththosesettingswrong,youhavetodeleteallgraphsorresetthe"CLIaccessinformation"ondeviceswhichfailedduetoincorrectcredentials.

Ifyou'reusingdiscoveryprotocols,youmayhavetospecifyaregualrexpresion(regexp)tospecifyborderdeviceswherethediscoveryshouldstop,orlimitthevalidIPaddressrangewithnetfilterregexps.OtherwiseNeDimightwanderoffandsendreadcommunityandCLIcredentialstoalldestinationsitcanreach.Limitingthediscoverymayalsobenecessaryif,forexample,youdoparalleldiscoveries(seetablebelow).

15

Editseedlist

AddsingleIPsorrangeslike:

10.10.10.1

10.11.10.1-254

10.12.1,3,5,17.10mycomm

10.13.1,3.10-15newcomm-CH;Zug;Seeweg1;U;Lab

Itisrecommendedtoadd"-Ptimeout"topingseedsdevicespriortodiscovery,ifyouuseranges.AcommunitystringcanbeaddedaftertheIPtooverridethoseinnedi.conf(Note:SNMPv3credentialsstillneedtobedefinedinnedi.conf,astheyrequiremoreargumentsthattheseedlistdoesnotsupport)Name,locationandcontactcanbeaddedaswelltooverrideinformationderivedfromdevices(puta-toignore,e.g.thenamecannotbesetforranges)Use-uoptiontospecifyseedlistfile(e.g.forparalleldiscoveries)

Afterthelinesthataddseeds,youcanrestrictrangesaswell.Justputa!atthebeginning.Thisallowsformoresophisticatedscanningofnetworkranges.Here'sanotherexample:

#Addingdesiredranges

10.11.10-13,15.1-254

10.11.22.11-200

#ExcludingunnecessaryIPs

!10.11.11,22.17

!10.11.11,22.17

Ifyoudon’twanttoeditseedlistsyoucanaddtarget(s)withthe-aoptionfollowedbyanIPorrange.

16

DiscovertheNetwork

Onceyouhavetheprerequisitesinplance,andyouhaveyournedi.conffile(andoptionallyyourseedlist)settogo,itistimetolaunchyourdiscovery.TheeasiestwaytodosoisfromthewebGUI,andforinstructionsondoingthis,readon.Youcan,however,launchthediscoveryscript,nedi.pl,fromacommandline,andcontrolagivendiscoveryrunwithcommand-lineoptions.Ithasevolvedtobeaflexibletool,coveringdifferentneeds.Ifyouonlywanttoknowforexample,wherecomputersareconnectedtoanddon'tcareaboutlinecardsorinterfaces,youcansimplyskipthem.Thisspeedsupthediscoveryandcauseslesstrafficonthenetwork.Itcanalsomakesensetoupdatemodules,deviceaddressesandvlansonlyonceatnight(andmaybeskipARPandMACaddresstablesinstead).That'swhereapropercrontabscheduleletsyouoptimizeregulardiscoveries(seebelow).

It'salsoimportanttogetafeelingfordiscoveringnetworkcomponents.Somedevices(likestackedswtiches)cantaketheirtimetorevealtheirmodulesorevenrefuseifthey'rebusy(asseenonCiscoCat4k5).

Anotheraspectofthediscoveryishowalldevicesofthenetworkshouldbefound.Theseedlist(describedabove)isoneoptionandcanbeusedinconjunctionwithdiscoveryprotocols,routingtablesorOUIlistings.Ofcoursenewdevicescanbeaddedmanuallyaswell...

Youcanusethefollowingexamplestodeterminethebestapproachtodiscoveringyournetwork,andoptimizeyourNeDiinstallationaccordingly.Whencalculatingdiscoverytimes,agoodruleofthumbistoassumea5saveragediscoverytimeperdevice:

NetworkType DiscoverMethod

1site,upto100devicesofsamevendorwithLLDPorCDPenabled

Setrrdstepto900innedi.confLeaveseedlistemptyorspecifyacoreswitchRun"nedi.pl-p"every15minutes

1mainsiteandacoupleofremotelocations,upto500devicesofseveralvendors

Leaverrdstepat3600innedi.confPutanIPforeveryCDPorLLDP"island"intheseedlistRun"nedi.pl-p"everyhour

1or2mainsitesandmanyremotelocations,upto2000devices

Leaverrdstepat3600innedi.confCreate4seedlistssplittingupthesitesRun"nedi.pl-puseedlist"foreveryseedlistyou'vecreatedinpreviousstepwith5min.offseteveryhour

Manysiteswith5000devicesormore

Setrrdstepto14400(4h)innedi.confCreateseedlistssplittingupthediscoveries,withthatthelongestonestakearound2hRun"nedi.pl-puseedlist"with5min.offsetevery4hYoumayalsoconsidersettingupNeDiagentsineverymajorsiteanduseacentralNeDimaster

Additionalhints:

Ifyoudon'twanttoaddeverydevicenotsupportingdiscoveryprotocolstotheseedlist,youcandiscoverthemmanuallywithnedi.pl-a.Thenyoujusthavetomakesurethey'rerediscoveredbyusing-Adbqueryinsubsequentdiscoverieswhichwilladdthemasseedsfromthedatabase.Ifyouwanttohavelesscommondevicesaddedautomatically,trytheouidiscoverymethod:Addavendortotheouidevregexpinnedi.confandusenedi.pl-o.TheMACaddressesofallarpentriesarenowresolvedtotheirvendorsandcheckedagainstthisregexp.Ifitmatches,theIPaddressisthenusedasnewseeddevice.This

17

methodisnotrecommendedforvendorsproducingNICchipsetsorcomputersasNeDiwouldtrySNMPaccessonallofthoseaswell!EitherusetheGUImoduleSystem-NeDiorstartitdirectlyfromtheCLI.Makesureyou'redoingthelatterasthesameuserasyourunthecrontabwithorRRDswon'tgetupdatedcorrectly.You'llprobablygetthebestresults,withusingtheCLIandthe-voptionstocloselyfollowthediscovery.

Theseoptionsdefinehowneighborsshouldbeadded:

1. -pUsedynamicdiscoveryprotocolslikeCDPorLLDP2. -osearcharpentriesfornetworkequipmentvendorsmatchedbyouidevinnedi.conf3. -ruseroutetableentriesofL3devices

ArunwithoutanyoptionswillresultinaplainstaticdiscoveryusingtheSeedlistorthedefaultgateway,ifyouhaven'taddedanyseedsthereyet.

Using-AletsyouaddseedsdirectlyfromDB.Forexamplequeueallsnmpdevices:

nedi.pl-Aall

OrqueueallIOSdevices:

nedi.pl-A"devos='IOS'"

Similarly-OcanbeusedtoqueueARPrecordsmatchingcertainMACaddressesorvendorstrings:

nedi.pl-O"oui~'Extreme'"

18

Editcrontab

Afteryousetupnedi.pltorunthediscoverythewayyouwantitto,youwillwanttohaveitregularlycheckthenetworkfornewdevices.NeDiwillkeepaddingwhatitfinds,andtellyouwhendevicesappearanddisappear.Asshownabove,howoftenyourunitisuptoyou,andshoulddependonthesizeofyournetwork,howlongdiscoverytakes,andhowimportantitistoyoutofinddevicessoonaftertheyappear.Mostinstallationsliketohavedatauptodatewithinafewhours,butforsomeonceadaywillsuffice.Notethatthefrequencyofdiscoveryismostlyindependentofthefrequencyofmonitoring,andthissectiondescribeshowyoucansetthefrequencyofdiscoverywiththecrondaemon.

CronisastandardUnixdaemonallowingexecutionofspecificprogramsatgiventimes.Afilecalledcrontabisusedtoschedulethetasks.Itsformatisfairlysimple.Everylinestartswiththetimefields(minutehourdaymonthweekday)followedbythecommandtobeexecuted.Theoutputofthecommandscanberedirectedtologfiles.ThesecanbereviewedinthewebGUIunderSystem-Files.Thedefaultpathis/var/log/nedi.A%characterneedstobeprecededwithabackslash.

#Crontabexamplerunningevery4h

0*/4***/var/nedi/nedi.pl>/var/log/nedi/nedi-`date+%H`.run2>&1

YoucansimplyuseSystem-Filestoeditthecrontabfile.It'llbeautomaticallyappliedfortheuserrunningthewebserveruponwriting.ThismeansRRDfilesshouldbelongtothesameuserortheycan'tbeupdatedbythescheduleddiscovery.It'scommonpracticetosimplyletthisuserownallfilesintheNeDifolder.

19

AssetDiscovery

LifecyclemanagementofITinfrastructurehasbecomemoreandmoreimportantoverthepastyears.NeDicanbeoptimizedtocovermanyaspectsofthisprocess.Itstartswithcollectinganinventory,andcomparingittovendorlife-cycleinformationandmaintenancecontracts.ThedatacanthenbeexportedwithNeDi'sAPIforfurtherprocessinginyourenvironment.

UsingNeDi

Asmentionedbefore,thediscoveryhasbecomeveryflexibleandcanbeoptimizedforgatheringassetsonly.Inthisscenarioyou'reprobablynotinterestedingraphs,interfacesstatistics,ARPorMAC-addresstables.

Ontheotherhandyouwanttoadddiscovereddevicesandmodulestotheinventorytable.Thefollowingcommandwillachievethat:

nedi.pl-SAFGgadobewitjupv-Yam

IfyouuseSystem-Fileswith"update-replaceconfig"andselect"ciscoeol.tgz",it'llessentiallyunpackafilecalled"ciscoeol.csv"inthenedirootfolder.Ifnedi.pliscalledwith-Yoptions,alldevicetypesandmodulemodelsarecomparedagainstthatfileforEoLinformation,whichwillbeaddedtotheassetrecord.

AsofnowonlyCiscoproductsaresupported.Datafromothervendorswillbeprovided,shoulditbecomeavailableAsanalternativetoEoLdata,youcanuploadmaintenancecontractinformationinAssets-Management

UsingNoDi

NoDistandsfornode-discoveryandmovesonestepfurtherawayfromnetworkinfrastructure,towardstheendnodes.ThisfeatureallowsforcompletingtheITinventoryorprovidingmoreinsightinregardstosecurityormonitoringtasks.Asasideeffect,NodimonitorsandgraphsCPU,Memory,TemperatureandDiskIOaswell.

ItusesSSHorWMItoretrieveinformationfromUnixorWindowshosts.ThelatterreliesonwmicprovidedbyOpenvas.

Editnodi.conftodefinethecredentials(encryptedpasswordsaresupportedaswell):

Thefirstusrorusrsecentryshouldbeadomainadminasit'susedfordefaultWMIauthenticationAllsubsequentusrorusrsecentriesareusedforSSHAusercanbeforcedwith-uoptionTheworkinguserisstoredintheDBandwillautomaticallybeusedinsuccessivediscoveries

It'spossibletostorethenodediscoveryinformationinanewdatabase,tokeepnetworkmangamentseparated:

Changedbnameinnodi.conftosomethinglikenedi_nodeChangearpwatchinnodi.conftothenedidbname(usedwith-Otoreadarpentries)Usenedi.pl-i-Unodi.conftocreateitUsenodi.pltodiscoverthenodesUseSystem-Snapshottoswitchbetweenthedatabases

20

Troubleshooting

Testing

The-toptionletsyoutestaparticulardiscoveryaspect.Nodatawillbewrittenuponcompletion.

Forexample,ifyoucreatedacomplexseedlist,youcantestitwith-ts.Thisshouldbecombinedwithverboseordebuggingoutput,toactuallyseesomething:

nedi.pl-vts

Debugging

Ifyouencounterproblems,makesureyouunderstandwhatyou'relookingfor.Anydiscoveryrelatedproblems,suchasdynamicdiscoveryprotocols,authenticationorjustproperlyidentifyingdevicescanbedebuggedwith-dand-D:

-dbshowbasicdebuginformation-ddshowdatabasequeries-dsshowsystemstats-dclogCLIaccesstoinput.logandoutput.log(open2moreterminalsandtail-ftothem)-dvcreate*.dbfilestostoreinternalvariablesafterthediscovery(forusewith-D)-Dwillnotdiscoveryournetwork,butratherusethepreviouslygenerated*.dbfilesonfunctionstobedebuggedinnedi.pl's"DebugMode"section(intendedfordevelopers/meonly)

21

FrontendOverview

RESTAPI

PriortoNeDi1.7onlyPOSTcallswiththefollowingvariablesweresupported:

u=username(onlyuserswithoutaDevice-Filterareaccepted)p=passwordt=table(e.g.devices)q=query(e.g.device='charon')

Arewriterule(e.g.fornginx)makestherequestsmorehumanreadable:

location/api{

rewrite^/api/(w*)$/query.php?t=$1&q=$argslast;

}

AsofNeDi1.7regularGETcallsusing"BasicAuthentication"becameavailableaswell.Thismakesintegrationmucheasierasshownwiththe"RESTClient"addonforFirefox:

Asyoucansee,someinformationabouttheNeDihostisreturnedinthefirstelement.

22

ManagingAssets

Nedimanagesthelife-cycleofyournetworkinfrastructurefrompurchasinguntildisposal.Itallowsyoutoincludevendor'sendoflifeinformationinordertoidentifyunsupportedhardwareandmaintenancecontracts.Thelatterletsyoufindhardwarenotundermaintenanceoritemsyou'repayingfor,thatdon'tevenexistinyournetwork!

Assetsarestoredintheinventorytable.TheycanbemanuallyaddedwithAssets-Managementorautomaticallywiththe-Yswitchinnedi.pl.

Possiblelife-cyclestages:

1. New:Addingdevicesandmodulestoinventoryviabarcodescanner(keepingtrackofspares)2. Active:Itemswithserialnumberscanautomaticallyupdatedupondiscovery(managingequipmentinuse)3. Used:Itemhasbeenremovedfromnetworkandputbackinstorage.4. Replaced:Itemhasbeenreplacedbyaanotherone(e.g.RMA)5. Disposed:Itemhasbeenremovedfromnetworkandandtrashed6. Traded-in:Itemhasbeenremovedfromnetworkandtradedinfornewones

CiscoEoLinformation

Afilecalledciscoeol.tgzcanbeuploadedwithSystem-Files.ItcontainsalistofallproductswithknownEoLinformation.Thefieldsaremappedasfollows:

"MigrationProductID"isaddedtocomment"EndofRoutineFailureAnalysis"Dateismappedtoendsupport"EndofServiceContractRenewal"ismappedtoendwarranty"LastDateofSupport"ismappedtoendlife

23

TheNeDiGUI

NeDifeaturesamodularfrontend,whichcaneasilybecustomized.Thisisdonebycommentingoutorincludinglinesbeginningwith"module"innedi.conf.Ifamoduleisenabledinthefile,themenuitemcorrespondingtothemoduleisincluded.The"Section"controlsthetopmenu,andthe"module"tothemenuitem.TheSection-Module.phpinterpreststheselines.Theiconusedisspecifiedinthe3rdcolumn.Thegroupdetermineswhichusersareallowedtoseeandusethatparticularmodule,soitcanbecustomizedforclassesofusersaswell.

TheNeDiwebGUImoduleshavemanycommonelements.Here'ssomeusefulinformationtokeepinmindwhileusingtheGUI:

Eachmoduleconsistsofaheaderrowandamaininputform.Alargerversionofthemenuiconalwaysshowsuptotheleftandaclickonitresetsthemoduletoitsdefaults.Ifyouhoveroverit,theexactmodulenameisrevealed(showninthefooteraswell)If"Listoptimize"isselected(nextto inUser-Profile),ahistoryisshownnexttothemenuUsethe"FindIT"searchfieldintheheader,togetquickresultsonanytext,IPorMACaddressTheprinticon intheheaderopensaprintableviewofthecurrentmodule(usuallywithoutthemaininputform).OnmostlistsyoucanclickontherowstohighlightthemYoucansavethestateofmostmodulestoabookmarkorusethenotepadicon intheheadertoaddalinktotheadminmessageinUser-Profile(lookfor"EDIT"onthebottomandchangeaccordingly)TextlinksusuallyleadtoapplyingafilterwithinthecurrentformNumbersafterabar-image(e.g.#ofdevicetypes)takeyoutothecorrespondinglistmoduleUsedSQLqueriescanbeshownbyclickingonthedebugicon (onlyshownforadmin).ItexecutesthequeryinOther-ExportforquickanalysisRegularuserssee andthosehavingaviewfilterappliedget instead.Hoveringoveritrevealstheusernameandcurrentservertime

24

Lists

NeDidisplaysmostofthedataitfindsintabulardisplays,andthesearecontrolledby"Listmodules".Thepresentationofdatacanbehighlycustomizedandexportedtovariousformats.Ifyouneedtofilter,show,andsearchthroughthedata,youshouldlearnhowtomasterlists.Here'swhatthelistcontrolsdo:

Bydefaultsomereportsareshownonthebottomofmostlistmodules.The settinginUser-ProfiledetermineshowmanyentriesareshownClickingonatextlinktakesyoutothefull-featuredreportUsethe"Columns"selectboxtoaddorremovethecolumnsyouwishtosee(holddownCTRLtoselectmultiplecolumns)If"Listoptimize"isselected(nextto inUser-Profile),thecolumnsarepersistentfortheentiresessionandareportisshownbydefaultYoucanusethetemplatesasquicklistshortcutsInthefiltersection,youcandefineacriteriaandselectthecombinationoperatorsAND/ORtoadduptofourconditions(firstandsecondpairsmaybegroupedtogetherwithbrackets)Alternativelyyoucancompare2columnsdirectlybyusingtheothercombinationoperators(e.g."1=2"withcolumns"FirstDiscover"and"LastDiscover"selectedtolistdevicesonlyfoundonce)Thelastmapcanbeincludedvia andalimit canbechosenaswell(defaultis250)Thetriangles intheheaderrowallowforthelisttobesortedaccordingly.They'renotavailableonspecialcolumnscontainingrealtimedataorgraphsandotherstatisticsYoucanexportlistsasXLSbyclickingonthespreadsheeticon ,ifshownintheheader

25

Monitoring

NeDidoesmonitoringaswellasdiscovery.Theprogrammoni.plisusedtocheckthehealthanduptimeofdevices,andyoucancombineitwithtrap.plforSNMPtraptranslation,syslog.plforlogmessages,andnedi.plitselfforthemonitoringofdiscoveryevents.NeDiuseslevelsandtriggerstocategorizeandalertyouwhenmonitoringfindssomethinginteresting.Discovereddevicesarenotmonitoredbydefault.Anythresholds(CPU,Memetc.)andnotificationtriggersareappliedfromnedi.conf.Syslogeventsonlyreceivealevelof30(Other),andthuscan'tgeneratealerts.

Inordertomonitortargetstheyneedtobeaddedtothemonitoringtable,sincedevicesandnodesaredynamicallyoverwrittenbythenetworkdiscovery(nedi.pl)andyoudon'twanttolosethelistofmonitoreddeviceseachtimethishappens.YoucandothisinDevices-ListorNodes-Listbyfirstfilteringthedevicesyouwanttomonitorwiththelistcontrols,thenclickingthe"Monitor"button.AlternativelyyoucanaddsingletargetsinDevices-Statusbyclickingonthebinoculars .Onceaddedtomonitoring,targetscanbefurtherconfiguredininMonitoring-Setup.

Themonitoringdaemonmoni.plfirstsendsnon-blockinguptimerequeststoallSNMPtargets.Afterwardsallothertargetsaretestedsequentially(factoringinavailabilityoftheirdependencies).Forexample,adualhomedweb-serverwillonlybecheckedifatleastoneoftheconnectedswitchesreturnedanSNMPuptime.

TCPpingisusedbydefaultfornodesandnon-SNMPdevices(thiscanbechangedtoICMPinMonitoring-Setup)Uptime(orSNMP-Enginetime,ifsetin.def)ischosenfordevicesasitcandetectintermittentrebootsaswellBGPpeerscanbemonitoredaswell,ifBGP4-MIBissupportedonadeviceIFoper-statuscanbemonitoredaswell(e.g.onrouterorserverswitches)Themonitoringdaemonshouldbestartedautomatically.Italsoreliesonnedi.conf,whereyoucansettheintervalbetweenpolls,howmanytestsadevicecanfailbeforeitismarkedasdown,andhowalertsshouldbesentIfyouchangethesettings,theywillbeeffectiveasofthenextpollingcycle.Ifyouwanttoseeresultsimmediately,restartthedaemonfromSystem-ServicesIfatargetisreportedtobedown,anentryiscreatedintheincidentstablewiththestarttimesettothetimeit'sdetectedat.Theendtimewillbeaddedautomatically,whenthetargetisrespondingagain.IncidentsareacknowledgedbyclassificationinMonitoring-Incidents

DuetolimitationsoftheSNMPperlmoduleandnon-blockingrequests,latenciesarenotaccurateunlessyoumodifyNet::SNMP'sMessage.pm:

Line23:

useTime::HiRes;

Line691orso,abovedebugoutputinsend():

$this->{_transport}->{_send_time}=Time::HiRes::time;

MessageFlows

Thefollowingdiagramexplainshowevents(originatingfromsyslog,trap,discoveryandmonitoring)areprocessed.

26

27

Reporting

Thissectionaggregatesinformationandprovidesextensiveviewsofthecollectedinformation.Thereareseveralreportstiedtotheirrespectivedatabasetables(i.e.devices,modulesornodes)anda"CombinationReport",whichfocussesonatask(likeassetmanagement),whichdependsonseveraltables.Usingthereportssectioninvolvesthefollowing:

Settingafilter,ifdesired.AnyfilteryousetistakenintoaccountforlinkstoothermodulesSelectingthereportsyouwant(holddownCTRLformultipleselection)Usethetemplatesasquickfiltershortcuts(seetheiconsontheleftofreportselectbox)Thelastmapcanbeincludedvia andadisplaylimit canbechosenaswell(defaultis10)Reportscanbe"optimized"with (tablecaptionsreveal,what'sbeenoptimized)"Alternativesort"via useskeysratherthanvalues(tablecaptionsrevealwhathasbeensortedon)

28

GUIModules

Thissectiondescribesthevariousmodulesandtheirfunctions.YoucanenableordisablethesemodulesintheGUIsettingssectionofthenedi.conffile.

29

Assets-List

Thismodulelistsassetsfromtheinventorytable.

Youcanmakechangestomultipleassetsforthestateandmaintenancerenewalbyselectingdesiredvaluesandclickingupdate.Youcandeleteallfilteredassets(ignoringlimitsetting)byclickingdelete.Thisfeatureshouldbeusedwithcare!

30

Assets-Locations(LocationList)

ListlocationscreatedwiththelocationeditorAssets-Loced.Thefollowingfunctionsareavailable:

TheexecutecolumnrevealslinkstoothermodulesorexternalmapsIfphotosareuploadedtotheappropriatetopofolder,theycanbeaccessedintheFilescolumnANeDi-orstatic-mapcanbeaddedaswell.Ifthecoordinatesareavailable,labeledmarkersaredrawn

31

Assets-Loced(LocationEditor)

Thismodulecanbeusedtoplacelocationsonpreviouslyuploadedbackgrounds,usingSystem-Files.Alternatively,ifyoucheckthefirstboxtotherightof youwillenableNeDi'sgeocodingAPI,whichautomatestheplacementoflocations.Whenenabled,locationnamesareusedtosearchforthecorrectcoordinates.Ifyoucheckthesecondbox,thedescriptionisusedinstead.Createthelocationsandenterdescriptionspriortoenablingcheckingthisoptionforbestresults.

UsagewithBackgroundImages

Thedefaultletsyouplaceyourlocationsonabackgroundimageandcanbeleveragedwiththe"bgmap"maptypeinTopology-Maps.Atfirstyou'llseethetoplevelmap,whichisaworldmapbydefault(I'llchangethisassoonasNeDimanagesnetworksonothercelestialbodies).Selectaregionandclickonthemaptosetthecoordinates.You'llnoticethatvaluesarebeingpopulatedandthe'Add'buttonbecomes'Update',ifthelocationalreadyexists.Ifyouwantmultiplelayersforyourmaps,uploadlowerlevelmapstothecorrectlocationinthetopofolder.Forexample,sayyournetworksitesarelocatedin2regions(USAandEurope).Justnamethemapfilesbackground.jpganduploadthemtotopo/USAandtopo/Europe.Now,whenyouselectcitiesinthoseregions,theappropriatemapshouldbeshown,andyoucanplacecitiesaccordingly.Thisalsoworkswithincities(makessensewhereyou'vegotabigmetropolitannetwork).Justuploadbackground.jpgtotopo/Europe/ZurichandassoonasyouclickonbuildingsinZurichyoucanplacetheminthatmetropolitanmap.ThesubfoldersarecreatedautomaticallywhenyoudrilldowninTopology->TablewithOpenstreetmapsenabled.

UsagewithGeocoding

SelectthelocationyouwishtoaddIfitdoesn'texistorthecoordinatesare0(ifit'sbeenaddedtoabackgroundimagepreviously),ageocodinglookupisperformedandthecoordinatesareshowninblueIfyouuseinternalnamesforyourlocations,youcanentera"geocodable"nameascommentandclickaddActivatedescriptionmodewiththe2ndcheckmarkrightofAdraggablemarkerisplacedonthemap,whichcanbeadjustedtofityourneeds(coordinatesturngreen).EnteradescriptionandclicktheaddbuttonIfthisdoesn'tworkforyou,clickon toenteranaddressmanuallyThecoordinatesshouldstayblack,asthey'rereadfromtheDBnow

32

Assets-Management

Thismoduleallowsyoutoaddoreditoneassetatatime.

Assetsummariesareshownbydefault.Clickonthetexttogetafilteredlistofmatchingassets,andclickonthevaluetoadditemstotheAssets-Listmodule.Useabarcodescanner(senda"tab"uponsuccessfulreads)toscantypeandserialnumber,orjustenterthemmanually.Specifylocation,condition,source/providerandwarranty.Ifthelatteroneiscloserthanamonthawayit'llbehighlightedwiththe"warning"color,orwiththe"critical"colorifalreadyexpired.Clickonthe Icontoopenthepanelbrowser.RefertoDevices-Modulesforalistofpossibleclasses.Ifyoulistbyaproperty(e.g.location),theappropriatefieldonthetopispopulatedaswellforeasierbatchadditions.Youcanedittheitemslistedbyclickingontheirserialnumbers.Thecurrentlistwillstay.Notethatthefocuswillmovetothelocationfield,asserialnumberscannotbeedited.Youcaneitherupdateordeleteanitemnow.Ifyouclickonaclassicon,yougettotherespectivedeviceormoduleifithasbeendiscoveredYoucanexportalistasXLS,buttheAssets-Listmoduleismoreflexibleinthatrespect.

YoucanuploadaCSVfilecontainingassetswiththeirmaintenancecontractinformationaswell.Specifythefollowingintheformandselectthefile:

SelectdateformatusedintheCSVfileFieldseparatorRowstoskipfromtop

Currentlythecolumnsinthefiletobeimportedneedtobearrangedlikethis:

Field Example Description

Class License OnlySoftwareorLicenseisidentified.Everythingelse(e.g.Chassis)canbedeterminedupondiscovery

SLA 7x24 Storedin'ServicesLevel'

type 2520-8G-PoE ThetypeasspecifiedbyvendorcanbeusedtodetermineitsEoLstatus

serial 123456ABC TheSN#istheprimarykeyintheinventorytable

count - Currentlyignored(justaddanemptycolumnfornow)

serial2 ITEM2345 Willbeused,ifthefirstSN#wasnotavailableforsomereason

contact SherlockHolmes Storedin'AssetContact'

address 221bBakerStreet Combinedinassetlocationwithplace(toplace;address)

place London Combinedinassetlocationwithaddress(toplace;address)

description anythinguseful Storedin'MaintenanceDescription'

renewal Yes/NoJa/Nein Determineswhethermaintenancecontractsarerenewedornot(MaintenanceStatus)

endofmaintenance 05/26/2015 Currentmaintenanceenddate

endofsale - Currentlyignored(justaddanemptycolumnfornow)

endofsupport 05/26/2036 Endofroutinefailureanalysis

EndofLife 05/26/2071 Lastdateofanysupport

33

Devices-Config

NeDiwillbackupyourdeviceconfigurationsifithasprivilegedCLIaccessandyoutellittowith-b,or-Bx.WiththeDevices-Configmoduleyoucanreviewandcomparebackedupconfigurationsandtheirchanges.

Aconfigreportandrecentbackup-relatedeventsareshownbydefault.Therearetwomodesofoperationwhicharelistandcompare.

ListConfigurations

Forsimplelistingofconfigurationvalues,followthesesteps:

1. Searchfortextbysettingafilter2. Limitnumberofdisplayedcharactersintheexcerpts3. Limitnumberofdisplayeddevices4. Clickonanexcerpttoviewthewholeconfiguration

CompareConfigurations

Youcanusethismoduletoquicklyseedifferencesbetweenstoredconfigurations.

1. Chooseareferencedevicefromthe"List"selectbox.2. Noweitherselectthe2nddevicefromtheleftselectboxin"Comparison"orleaveitat-Type-tocompareagainst

allconfigurationsofthesametype.3. Selecthowtheoutputshouldbedisplayed.

Whenviewingaconfigurationyou'vegotthefollowingoptions:

Toggleslinenumberdisplayforeasierchangereview.SuppressesthemotdcharacterwiththatconfigurationsofCiscodevicescandirectlybecopiedanpasted.UseSystem-Databasetodisplaytheconfigasplain-textorselectafileversioninthechangesareatoeditthe

actualfile(availablewhenyourunnedi.pl-Bx).Clearsconfigurationorchanges.

34

Devices-Doctor(DeviceDoctor)

Presentsdevicespecificdiagnosticreportsandpointoutpotentialproblems(alternativelyyoucanselectaconfigwhichwillbedisplayedincontextgroups).

1. Generatea"showtechall"fileonaHPProCurve/ArubaorCiscodeviceandstoreitlocally.2. Browseforthetechfileyouwishtoanalyze.3. ClickShowtoprocessit.

Note:Thisfeatureisstillbeingrefinedformoreaccurateresults.

Redlettersonayellowbackgroundrevealpotentialproblems(hoveroverit,tolearnwhy).Adjustthebroadcast/trafficratio(default10%)toidentifyproblemsoninterfaces.Greenlinesmeanthatacheckedconditionlooksok.DarkredandOlivegreenlettersrepresentinterfacestatusintherespectivecontext.

35

Devices-Graph

Thismoduleallowsyoutodynamicallygeneratestackedinterfacegraphsandmuchmore.

PleasenotethatNeDi'sgraphingfeaturewasimplementedasanadditiontothediscoverywithlowestpossibleresourceandmaintenancecostinmind.

Itwillnotgraphthose5minutepeaks(unlessyourunNeDievery5minutesinverysmallnetworks),butprovidesalongtermviewofeachandeveryinterface.Thistranslatestobaseliningandpredictionofpotentialbottlenecks,insteadofidentifyingerraticoutburstsofanykind(You'dpreferusingatoollikeCactitomonitorthisinstead).

Selectanytopgraphsifyouwishtogetthebigpictureonyournetwork.Selectingadevicewillrevealitsinterfaces.Youcanchooseseveralofthemtobestackeddynamically(doesn'tworkforIFstatus!).Selectseveralgraphsourcesatoncetocorrelateandinvestigateproblems(e.g.CPUload,broadcastsonsomeinterfacesofadevice)SystemrelatedgraphsareCPU,MemoryandTemperatureandacustomgraphforothervalues.Usedoublearrowstomovestart(topone),thewholegraph(middle)oritsend(bottomone)byweeksorsinglearrowsfordays.Clickonadateicontomanuallysetastartorendtime.Ifyoucan'tlivewithoutdegreesinFahrenheit,adjustthesettinginUser-Profile.CPUandmemorycorrespondstoSystemloadandbatterycapacityonUPSunits'.

IfyouuseCactionthesamehost,youcanintegrateitintoNeDi:

Configurethecactioptionsinnedi.conf.NowyoucanadddevicesandinterfacestoCactihereinDevices-Graph.AcactiiconwillbeshowninDevices-Status,ifthedeviceisavailableinCacti.Clickingonittakesyouthere.

36

Devices-Install

Thisisapremiummodule,onlyavailablewithNeDi+.Findmoredetailshere

AtthistimeonlyHPProCurveSwitcheshavebeentested!

ThismoduleispartofNeDi'sprovisioningsystem.Itallowsforinstallingunconfiguredswitchesupondiscovery.Theprocedureisdividedintothefollowingsetps:

1. CreateinstallentriesspecifyingdevicetypeandIPaddresstobematched.ThedesirednameandIPsettingsneedtobesetaswell,restisoptional

2. CreateaninstalltemplatewithSystem-Files(seebelow)3. Performinstallation(withnedi.pl-Torchecking"Install"inSystem-NeDi).IftypeandIPmatchaninstallentrywith

thestate"New",thetargetIPispinged4. Ifnoanswercomesbacktheentryisusedtocreateadeviceconfigurationfromtheinstalltemplate.Thestateof

theinstallentryischangedto"Active"5. IfthedeviceisdiscoveredwiththenewIPaddressthestateoftheinstallentryischangedto"Used"6. Checkverbosenedi.ploutput,ifstatuschangesto"Broken"7. Bydefaultaninstallentriessummaryreportisshown

InstallTemplate

Aninstalltemplatepersistsofaseriesofcommands(1commandperlinewithoptionalconfirmationandtimeoutseparatedby;)topreparethetargetdeviceandaconfigtemplatewithplaceholders,whicharefilledinfromtheinstallentry.Ifused,thepasswordistakenfromtheappropriateuserinnedi.conf,butusuallyisafixed/encrypedstring

Clicommand1

Clicommand2;y;600

Clicommand3;y;0

===

sysname%NAME%

ipaddr%IPADDR%%MASK%

ipdefaultroute%GATEWAY%

vlan%VLANID%

snmplocation%LOCATION%

snmpcontact%CONTACT%

username%LOGIN%

password%PASSWORD%

enablepassword%ENABLEPW%

37

Devices-Interfaces(InterfaceList)

Listdeviceinterfaces,theirpopulationandgraphs.ItalsoallowstoaddselectiontoNode-Trackorsetindividualthresholds.

Iftheinterfacestatusisdiscovered,thetypeiconisimbuedwiththerespectivecolor(notrealtime).It'llbe"admindown"(or0),ifit'sbeenskippedineverydiscovery.Interfacesofcontrolledaccesspointsarenotpolledandsettounknown(or128).Setalertthresholdsnextto andclickUpdatetooverridethevaluesinnedi.conf(enter0toclear)Settrafficto101%orbroadcaststo65000,ifyouwanttoignorerespectivealertsonparticularinterfaces(101%duetopotentialroundingerrors,largervaluesareignoredasofNeDi1.8)SettingaMACfloodthresholdallowsthisinterfacetodiscovermultipleCDP/LLDPneighbors(e.g.inahubandspoketpoplogy)ThepopulationtakesyoutotheNodes-Listwhereyougetdetailedinformationontheconnectednodes.ThegraphsizecorrespondstosettinginUser-Profile.Bydefaultaporttypeandstatusdistributionreportisshown

38

Devices-List

Listdevices,systemgraphs,population,freeaccessportsandconfigurationstatus.RealtimeSpanning-Treeinformationcanbeaddedfortroubleshootingaswell.

Unselectingthedevicecolumnhidestheiconsi.e.tocreateasimpletextlist.Theserialnumberischeckedagainsttheinventoryandreflectssupportandmaintenancestatus.Clickonittoadditorupdateanexistingasset(e.g.totrackdecomissioneddevices).TheselecteddevicescanbemonitoredbyclickingtheMonitorbutton(gotoMonitor-Setuptoconfigurethemfurther).Theselecteddevicesandrelatedinformation(e.g.modulesandinterfaces)canbedeleted,byclickingtheDeletebutton.Bydefaultavendorandtypedistributionreportwithoutpiechartsisshown.Devicespecificthresholdscanbeeditedbyclicking andUpdatetochangeitonvisibledevicesIfyousetsupply-alert,PoE-warningorARPpoison-thresholdto0,thedefaultsfromnedi.confaretakeninstead

DeviceOptionsareusedinternallytodescribethedevice'scapabilities.Theycanbeusedforfilteringaswell.A'-'indicatesthatapropertyisnotavailable:

Position Character Description

1 A,- ifAliasfromIF-MIB

2 C,W,- CPUutilizationorWattageonUPSdevices

3 P,S,N,- Power-EthernetMIBsupportandhowinterfacesrelatetoit

4 I,- Hasinterfacesornot

5 d,s,i,m,r NamefromDNS,sysname,IP,mapped,mappedwithregex

6 c,m Contactfromsyscontact,mapped

7 l,m Locationfromsyslocation,mapped

8 U,S Uptime(overflowevery1.3years,SNMP-engine-time)

39

Devices-Modules(ModuleList)

Listmodulesandcomparehard-andsoftwarerevisionsforexample.You'llalsoseeVMs,Serverblades(onHPBladechassis)orevenprintsuppliesaswell(ThesupplylevelsareheldintheFWandHWfields).

Bydefaultamodelanddescriptiondistributionreportisshown

ModuleClasses

Thefollowingtablelistspossibleclassesformodules.Theycanbeusedforassetsaswell:

Icon Class Description

1 Other

2 Unknown

3 Chassis

4 Backplane

5 Container

6 PowerSupply

7 Fan

8 Sensor

9 Module

10 Port

11 Stack

18 Keypad

19 Camera

20 Patchpanel

21 Cover

30 Printsupply

40 VirtualMachine

50 ControlledAP

60 Server

61 CPU

62 Mem

63 HDD

64 Card

69 Display

80 OS

81 Software

82 License

40

Devices-Status(DeviceStatus)

Thisisthecenterpointofindividualdevicemanagement.It'sdividedinto6sections(GeneralInfo,Modules,Vlans,Links,InterfacesandMonitoringStats),whichcorrespondtothetablesDevices,Modules,Vlans,LinksandInterfaces.Themonitoringpartisshownonthebottomrepresentingdatafromevents,monitoringandincidents.

Youcancreatedeviceslikecloudsvia .OnthosedevicesyoucanaddmoreinterfaceswiththesamebuttonintheInterfacesection.ThosedevicescanbeusedtolinkWAN-routerstoacloudormonitorexternalservices.

Duetoperformancereasons,onlyuptime,poe,interface(andVM)operationalstatusandinterfacelast-changeisrealtime(ifdevicewasseeninlastdiscovery).Everthingelseisretrievedfromthedatabase.

Overview

Hoverovertheiconsforhintsonwhattheydo.You'llseeprintsupplylevelsonsupportedprintersorVMsonVMwareESXis.Ifsshaccessisenabledinaddition,theVMscanbeturnedonandoff.

takesyoustraighttoDefGen,incaseyouwanttoeditthedefinitionfile.addsthedevicetomonitoringandtestsSNMPuptimebydefault.Thisiconsturnsintoaclockinthatcaseor

anothersymbol,ifyouchangethetestmethodinMonitoring-Setup(clickonicontogetthere).Theserialnumberischeckedagainsttheinventoryandreflectssupportandmaintenancestatus.Clickonittoadditorupdateanexistingasset(e.g.totrackdecomissioneddevices).

Interfaces

Activeinterfaces'namesareblueandclickingonitpopsuparealtimeSVGgraphwindow,whichletsyouobservethetrafficina1-300secondinterval.Iftheabsolutecounterisnot0,thebackgroundbecomesblue,showingyoutherehasbeentrafficonthisinterface.Recentstatuschanges,higherrorcountorPoEvalueswillbeaffectthebackgroundaswell.Ifthelaststatuschangeismorerecentthanlastdiscovery,Vlan,SpeedandDuplexbecomegreyastheymayhavechanged.Thebackgroundofpopulationturnsblueifanodewaseverdiscoveredonthisport,evenifit'semptynow.ThelastseenMACwillberevealeduponhoveringoverit.Filterinterfacesbystatus(onlyworks,ifdeviceisreachable)FilterinterfacesbyVlanusesthePVIDfieldfromtheinterfacestable.Ifyoucheck"Untagged&Tagged"thevlanporttableisusedinstead"IFInformation"letsyouchoosewhatinterfacerelateddataisdisplayedBydefaultpopulation,addressesandcountervaluesareshown(0fieldsareleftempty)InterfacegraphsizecorrespondstothesettinginUser-Profile

Chancesareyouwon'tgetcomplaintsifyouunplugaportwhere:

1. Nolink(iconnotgreen)2. Lastchangeisasmuchasswitchuptime...oratleastalongtimeago!3. NonodesshownwhenPopulationischeckedandfielditselfisnotblue.4. Notrafficisshownandrespectivefieldsarenotblue.

Iftheswitchhasbeenrebootedlatelyyoumaywanttoclickon inthesummarysectiontoreviewfreeportsintheInterfaceList.

Managing

SNMPwriteenabled:

41

Youcanchangelocation,contactandadminstatusofinterfacesdirectly.IfthedeviceisusingstandardMIBsyoumayalsoeditIF-alias(entera"-"toclear)ortogglePoEdelivery(e.g.toresetahangingAPorVoIPphone).

CLIaccessenabled:

Clickon tosavetherunningconfigurationtoflash.Clickon tolookatthedevice'slog.The"CLISend->"selectboxallowsforsendingcommandfiles(filesstartingwith'cmd'intheclifolder)toadevice.RefertoSystem-Filesforcreatingcommandfiles.

Customizing

AgreatwayofcustomizingorintegratingNeDiwithothertoolsaretwoincludes,whichcanbeeditedinSystem-Files:

1. devtools.phpisincludedonceandwillbeshownnexttothedeviceicon2. iftools.phpisincludedwitheveryinterfaceandshownwiththeinterfaceaddresses.

42

Devices-Translator(ConfigurationTranslator)

Thismoduleallowsforautomatedmigrationfromanolddevicetoanewmodel.

1. Addrulesonhowconfigurationblocksshouldbetranslatedtoanewdevice2. InDevices-StatusorDevices-Configclick toprepareactualtranslation3. Selecttargetgroup(s)togeneratedesiredconfig.4. Writeconfigtotftpfolder(canbeeditedbeforeinSystem-Files)

TranslationRules

Field Description

SourceType Exactdevicetypetofilterapropriaterulesfortheexistingdevice

TargetGroupShoulddescribethenewdevicesAgroupusuallycontainsmanyrulesOneormoreareselectedwhenpreparingthetranslation,toenableflexibletranslationsonthefly

Context Forexample"interface"or"vlan"tolimitcontextspecificmatches

Source

Regularexpressiontomatchanexistingconfiglinelike"/interface(\d)$/"(if"interface"isusedascontextinotherrules,they'llbeaddedafterthisrule)Append_&&_regexptomatchcontextnames,e.g.adding_&&_/Fa([1-9]|1[0-9]|2[0-2])$/matchesonlyFa1-9,Fa10-19andFa20-22Ifyouappend_&&_USEPRIthepriorityoftheruleisused(nottheonefromthecontext),usefultomovealinefromacontexttotheglobalconfig

Destination Areplacementstringlike"interfaceFa0/$1"whereas$1,$2,$3replaceSourcematchesin()

Priority CanbeA-Ztodefinewheretheresultingconfigshouldbeplacedintheoutput

User NeDiuserwhoupdatedrule(atimestampisavailableforfilteringrulesaswell)

Clickon toduplicateallrulesforspecificsourcetypetoanewsourcetypeand/ordestinationgroup(onlyshownwithfirstruleofasourcetype)Clickon toeditaruleClickon tocopyaruleClickon todeletearuleClickShowtolistall,oravalueinthedefaultreporttolistspecificrulesClickDeletetoremoveallvisiblerules(usewithcare)YoumaywanttoexportthetranslationstableasgzipinSystem-Databaseforbackup

SpecialMethods

Herearesomeusefuladditionsforsettingsthatcan'tbeextractedfromthesourceconfigorhavebeenmappedtoothervaluesbyNeDi(e.g.location).IfnecessarythefunctionProTrans()atthebottomofDevices-Translator.phpcanbecustomizedevenfurther.

UseCase Description

DeviceIPaddressfromDB Theplaceholder%DEVIP%inthedestinationisreplacedbydevipfromthedevicestable

DevicelocationfromDB Theplaceholder%LOCATION%inthedestinationisreplacedbylocationfromthedevicestable

DevicecontactfromDB Theplaceholder%CONTACT%inthedestinationisreplacedbycontactfromthedevicestable

43

DevicegroupfromDB Theplaceholder%DEVGROUP%inthedestinationisreplacedbydevgroupfromthedevicestable

GetVlansfromDB Use"VLANNAMES"assourceandsomethinglike"VLAN%VLID%name%VLANNAME%"asdestinationtolistvlansfromvlanstable(e.g.ifthesourceconfigisunusable)

GetinterfaceVlansfromDBUse"VLPORT-TAG"(or"VLPORT-UNTAG")assourceandspecifyaninterfacecontext.Entersomethinglike"switchportallowedvlanadd%VLID%tagged"asdestinationtolisttaggedvlansfromDBonthatinterface

Gettaggedvlansfromavlancontextandapplytoaninterfacecontext

Thismethodisabletoextractstatementslike"tagged1-10"withinavlancontextandmapittointerfacebasedconfigs(e.g.translatefromHPProCurvetoCiscoIOS)

Useamatchlike"/tagged(.*)/"assourceand"VLCONTEXT-TAG-ADD"asdestinationtoaddtaggedvlanstolistUseamatchlike"/untag(.*)/"assourceand"VLCONTEXT-TAG-DEL"asdestinationtoremoveTheninthe"interface"(orsimilar)contextuse"VLCONTEXT-TAG"assourceandsomethinglike"switchportallowedvlanadd%VLID%tagged

CopytaggedVlansfromaninterfacetoanother

EnterVLPORT-TAG-COPY(sourceinterface)insourceCommaseparatedinterfacelistindestinationAddVLCONTEXT-TAGasdescribedabove,ifyouhaven'tdonesoalready

Thisonlyworkswithnumericinterfacenamesatthemoment.Thereasonbehind,itwasspecifallydevelopedtounderstandZyxelconfigs.

44

Devices-Vlans(VlanList)

Listsvlansandtheirrespectivenodepopulationonthedevicesforexample.

Bydefaultaemptyvlanreportwithalimitof1000isshown

45

Devices-Write

Thisisaveryhelpful,butalsodangerousmodule!Alwaysusewithcaution,becauseyoucouldcreateabigmessratherquickly!

ThismoduleletsyousendCLIcommandstodevicesandreviewtheoutputinstantly:

Usefiltertoselectthedesireddevices.Entersomecommandsinthe"Execute/Configuration"areaClick"Show"tosimulatetheprocessClick"Execute"tosendthecommandsClick"Configuration"toenterconfigurationmodebeforesendingthecommandsandsavetheconfigurationafterwards.OnIOSordevicesdevicewithsimilarinterfacenamesyoucanusethe"InterfaceConfiguration"sectiontoconfigureaninterfacerange.Onlydevicesofthesameoperatingsystemcanbeusedatonce.MakesureyouadjustGUIauthentication(towardstheendofnedi.conf)tofityourneeds.Ifyou'reunsureaboutthiswholething,deleteinc/devwrite.pltocompletelydisablesendingcommandsviawebinterface!

46

Monitoring-Events

Incomingmonitoring,discoveryorsyslogeventsandsnmptraps(ifenabled)arepresentedhere.Severalfilteroptionsallowyoutoexamineproblemsveryefficiently.Usethearrowkeys(beneathshow)topagearoundinyourselection.

MACandIPaddressesprovidedirectlinksforfurtherinvestigation(e.g. )EventscanbeacknowledgedbyclickingitsId.Thelevelbackgroundturnsgreyandtheirlevelisdividedby10Basedonthefilteryougetnewshortcuticonsforfurtherinvestigation

Conditionsinvolvingcriterias(e.g.locationorcontact)fromthedevicestable,cannotbeusedtodeleteeventsduetoqueryrestrictions!

EventClasses

Classesrevealthecauseandsourceofanevent(likesyslogordiscovery)Classesarerepresentedwithaniconandamouseoverdescription

EventLevels

Image Level Name Description

<30 - Anyacknowledgedeventisdividedby10(imageshowsanacknowledgedeventwithalarmlevel)

30 Other Unspecifiedlevel(e.g.fromunknownsyslogsources)

50 Info Informationalandgoodnews

100 Notice Youmightwanttolookatthis,iftimepermits

150 Warning Youprobablyshouldlookatthis...

200 Alert Definitelylookatthis!

250 Critical Seriouscondition,fixitnow!

47

Monitoring-Health

IfyoudouseNeDi'snetworkmonitoringfeatures,thisisthemoduletojustleaveopeninabrowser.

It'llrefresheveryminutetoalertyou(withoriginalwww.PSI.chsirensounds!),ifsomethinggoesdownIfyoudrilldownintolocations,themessagesandeventswillbefilteredaccordinglyAmobileversionwithoutgraphsandsessionmanagement(nologinrequired)canbeaccessedwithmh.php(deletethisfile,ifyoudon'twanttoallowthis)

Topsection:

DisplaysoverallnetworkconditionThesizeofthegraphscanbeset(orturnedoffaltogether)inUser-ProfileTargetavailability,excessivetrafficorerrorsoninterfacesExceededCPU,memoryandtemperaturethresholdsofdevices

Eventsection:

Somestatistictotheleftandimportanteventswithinthelast24htotherightareshownbydefaultAdjust#topeventsinUser-Profile(<6showslessstatistics,<3noeventsatall)AnyeventcanbeacknowledgedbyclickingitsId(internallydividingitslevelby10;acknowledgedeventsreceiveagraybackground)

Topologysection:

WorksjustlikeTopology-Map,providingoperationalstatusoflocationsinadditionFailednodesandnon-SNMPinalocationareshownwith ,butdon'taffectthebackgroundAshadedbackgrounindicatesthatnotallSNMPdevicesaremonitoredinalocationEventswithalevelof250causearedflagtoappearontherespectivelocation(acknowledgingitremovesflagfromlocation)Adjust#columnsinUser-Profilefityourscreen(settingitto0hidesthissection)

48

Monitoring-History

Analyzeeventsovertimetodiscloseabnormalbehaviourinthepast.

UsethefiltertonarrowdowntheeventsSelectstartandendpointandthegranularityforyouranalysisGrouptheeventsbylevel,sourceorclassTheoutputformatcanbebarsorinterfactivegraphs

49

Monitoring-Incidents(IncidentList)

Anincidentiscreatedwheneveradevicedidnotrespondfor'uptime-alert'times(seenedi.conf).Hereyoucanacknowledgeandclassifythemforfutureanalysis.

OnceyouknowwhathappenedselectanappropriatecategoryandentersomeinfoYoucanfilteronacategoryoractiveincidentswheretargethasn'trecoveredyet

Theeasiestwaytoacknowledgeaheapofnewincidents:

1. Setfilterto"new"2. Enteradescription,whereapplicable3. Selectclass(eventdisappearsasyoufilteronnewones)

50

Monitoring-Map

ThisisanalternativetoMonitoring-Health,displayingdynamicnetworkmapsonvariousdashboards.Alternativelyyoucanaddlocations(atleastthebuildings)inAssets-Locedandusetheircoordinatesforinteractivemaps.

Setting"NoGraphs"inUser-Profilehidesthechartsontop(othersizesaffecttheirsizeandthepreviewsintheeditor)ClickmaintitletohidethesectionuntilrefreshClick tohidethesectionforentiresessionLookatthePHPcodefortweakingthedefaulttimeouts

AddingNeDiMaps

1. CreateapngmapinTopology-Map2. Click"Monitor"whenfinished3. GotoMonitoring-Mapandclick toaccesstheeditor

Thereare6groups(A-F)whichrotatethroughtheassignedmaps(change/refreshevery10s)Thereare6groups(a-f)whichdisplaytheassignedmapsatonce(refreshwithreloadofpage,every180s)TheprioritydeterminestheorderofthemapswithinagroupClickon or toeditorcopyamapviaTopology-MapIfyousetaccesstoall,themapwillbevisibletootherusers,allowingforcopyingitintotheirownviews

AddingGeoMaps

1. Click toswitchtotheinteractiveGeomap2. Eachflagrepresentsaregion(clickonetheseeit'spopupmenu)3. 'FilterMap'zoomsintotheselectedregionanddisplaysit'scities4. Ifyoudidn'tcreateregionorcitylocationsinLoced,it'llplacetheflagononeofitschildren5. Click onthebottomtoshowallbuildings(withcurrentfilter)6. Click todisplaysiteswithbrokentargetsonly7. Click whenfinished8. Entereditorwith toadjustthesize(100%=FullHD)9. Ifyouwanttoshowseveralmapsputthemindifferentgroups(1-9)

AddingRRDGraphs

1. SelectgraphsandtheirsizeinDevices-Graphs2. Selectgroupwheretheyshouldbeaddedto3. ClickShow

51

Monitoring-Master

ThemasterconsoleisintendedforuseonacentralNeDihost,whereonlythemaster.pldaemonisrunning.AllotherGUImodulesexceptDevices-List,Devices-Status,Reports-MonitoringandMonitoring-Eventsshouldbedisabledtoavoidconfusion.InadditionauniquethemeshouldbeselectedtofurtherdistinguishthishostfromregularNeDiinstallations.

Setup

1. AddremoteNeDiinstallationstotheagentlistandaddtheusernamesandpasswordstoaccesstheminnedi.conf2. Runmaster.plfromSystem-Services(onlyvisibleifMonitoring-Masterisenabledinnedi.conf)3. GotoDevices-Listandadddetectedagentstomonitoring(NeDiagentsaretreatedasdevices)4. GotoMonitoring-Setupandselecthttporhttpsastest ,totellmaster.plhowtoaccesstheagents5. Youcanaddapathlikenedi/astestoption ,ifnediisnotaccessibleintherootpath6. GobacktoSystem-Servicestorestartmaster.plorwaitfora'pause'intervalltogettheagentspolled

Operation

Uponfirstaccess,master.plreadsthelasteventwithlevel200(alert)oraboveandallunacknowledgedincidents.Onsubsequentrunsonlynewalert-eventsareread.Incidentsareremovedfromthemasterconsole,ifthey'reacknowledgedontheagent.Monitoring-Mastershowsthoseeventsandincidentswithquicklinkstotherespectiveagents.

52

Monitoring-Setup

Configurehowtargetsaremonitoredandhowusersarenotifieduponafailure.TheconceptofMonitoring-Setupistousethefilterinordertoapplysettingstoasingleormultipletargets.Ifyoudon'tsetafilter,alltargetsareupdatedatonce.

Filter

Usethetemplates(iconsabovefilter)orclickonthelinksofTarget(tomatchasingletarget)Clickingonatesticon(e.g. )executesamonitoringtestonthistargetClickingonAlertorEventsAction(e.g. )fromthelistappliesitasfilter

Monitor

DefinetheTest (Shouldbeuptimeforallswitchesandroutersalready)Settingitto"No"skipsactivepolling.Canbeusedasmaintenancemodeorifyoujustwanttosetevent-actionsordiscoverythresholdsonadeviceSelecticmpifTCPpingdoesn'tworkonatarget.Enter#ofpacketsin ,ifyouwanttosendmorethan1Testhttp/https:Youcanenterastringlike"index.html"in andaregexpmatchingasuccessfulresponsein .OnlyaSYNcheck(TCPpingonport80)isperformed,ifyoudon'tTestdns:youcansendahostnameandaregexpmatchingtheexpectedIPaddressTestntp:youcansendRFC2030fieldslike"Stratum"andenteramatch [̂1-5]$todetectifyourntpserverlostsyncClicking"Update"appliesthesettingstothedisplayedtargetsClicking"Delete"removesthedisplayedtargetsfrommonitoringSelectemailorSMSalerts,justhaveincidentscreateMonitoring-Eventsornothingatall.Ifyouselectarepeatoption,thealertisresentevery100thfailedtestTheLatencytextboxallowsforchangingthelatencythresholdforindividualtargetsClickon tosimulateanouttageofthefirstmonitoredtarget

Events/Threshold

Youcanforwardeventsasemailsbasedontheirlevelorcontainedtext:

WithForwardinthefirstboxselectaminimumeventlevelWithForwardinthefirstboxenteraregexpastheFilterAlternativelyyoucanselectDiscard,amaximumeventleveland/oraregexpandmatchingeventswillnotevenbestoredintheDB(LevellimitcanonlybeusedtoforwardORdiscardbutnotboth)SettingaregexpforMaximumraisesmatchingeventstolevel250(Emergency)andshowsthosewithinthepast24hinMonitoring-Health(usefultoidentifyfailedpowersuppliesorstackmembers)Thenotifysettingsfromnedi.confcanbeoverriddenforeachtargetinthe"DiscoverNotice"fieldToclearanyfitlerentera"-"byitself

Reset

Setsdependencyinfo,ifavailablevialinksordeviceinformation(incaseofnodetargets).Afterthat,thedependenciescanbeadjustedoneachtargetindividually

UpdatestargetIPaddressfromdevicesornodes(incasethey'vechanged,there'sa iconinthetargetstatus)

Resettheavailabilitycounters(lost&ok)onceayearifyouneedtoknowannualavailabilityforexampleAyellow/shadedtargetstatusindicatesthatitsnotfoundasnodeordeviceanymore(andshouldprobablybedeleted)

53

Nodes-Create

CanbeusedtocreateVMsonanESXhypervisor,ifSSHaccessisenabledandcredentialsareset

SelecthypervisorandVMtobeusedastemplateEnteratargetnameSpecifynumberofCPUs,memoryanddisksizeEnterfullpathandfilename,ifyouwanttoinstallfromaISOimageClickshowtoreviewtheVMconfigandAddtocreateit

CLITips

IfpoweringonaVMdoesn'tprovideanyresult:vim-cmdvmsvc/message(vmid)

Ifmessageaskforananswer:vim-cmdvmsvc/message(vmid)_vmx11

Ifaprocessgetsstuckandyouget"Anothertaskisalreadyinprogress"error:Determineidofprocessinquestion:esxclivmprocesslist

Thenkillit:esxclivmprocesskill--type=force--world-id=(id-from-above)

ShrinkthinprovisionedHDDimage(zerofillunusedspacefirst)vmkfstools-Khdd.vmdk

54

Nodes-List

Listnodes,correspondinginterfaces,theirgraphsandavailableservicesforexample.

ThenodestablewithMAC-interfacesmappingsisthebaseforthismodule.ItscombinedwithIP,IPv6andDNStables,whichmayresultinmanyentries,ifseveralIPaddressesarefoundforaparticularMACaddress.Ifyoulistrealtimeservices,makesureyoudon'tmatchtoomanynodesasitwilltakealongtimetoscantheopenports.ClickingontheNICvendoricontakesyoutoNodes-Statuswhereyougetallnodedetailsataglance.Youcanaddthedisplayednodestomonitoring(testingwithaTCPpingbydefault).Bydefaultthe"NodeSummary"reportisshown

Conditionsinvolvingcriterias(e.g.locationorcontact)fromthedevicesorinterfaces(e.g.IFalias)table,cannotbeusedtodeletenodesduetoqueryrestrictions!

55

Nodes-RogueAP(RogueAPList)

Thisisanapproachtodetectpotentiallyrogueaccesspointsfromthewiredside.AllnodesarecomparedagainstalistofMACaddresssamplesfromconsumeraccesspoints.

Check'Population>1'toonlyshowmatcheswhereseveralnodesarefoundonaportwithmatchingMACsample

56

Nodes-Status(NodeStatus)

ThisistheDevices-Statuscounterpartfornodes.Itdisplaysthenoderelevantinformationontheleft,deviceandinterfaceontherightwiththeconnectioninbetween.

You'dusuallylandherecomingfromothermoduleslikeNodes-List.Alternativelyyoucanenter/pasteaMAC-addressinanycommonformat(groupedby-or.or:orplainHEX)IfyouneedtheMAC-addressinaCLIwindowofadevice,simplycopytheappropriateformatshown

ViewsyslogeventscontainingthisMACaddressCreateaMACpolicy(e.g.markthisnodeasstolen)Allowsadministratorstodeletethenode

ClickingonthenetworkiconofanIPaddressrevealsacontextmenu:

ViewsyslogeventscomingfromthisIPGototheToolboxwiththisIPSendWakeonLanpacketsProvisiondeviceusingentryfromDevices-InstallIdentifieshostandavailableservicesDiscoverasanSNMPdevice

57

Nodes-Toolbox

Somenoderelatedfunctionstotroubleshootproblems.

BydefaultclientcustomizationsforbetterinteroperabilitywithNeDiareshown.Ifyou'reaccessingitfromaclientinthefield,thismightbeofinterestaswell:

Downloadkitty.exetoaccessdevicesusingtelnetorSSH.Downloadiperf.exetotestnetworktrhoughput(requiresenablingtheserverinSystem-Services,oranother

iperfserversomewhereelse).

58

Nodes-Traffic

ThisisthemainNetflowmodule.Knowledgeaboutnfdumpandthetcpdumpfiltersyntaxishelpfulhere.

Thenetflowdatauseslocalunixtimestamps,whicharenotadjustedtotheclient'stimezone,ifdifferent!

Thefirstselectboxletsyouselectthecolumnstobeaggregatedby(defaultstoproto,src/dstandsrc/dstport)The2nddeterminessortingThe3thletsyouselecttheflowsource(s)Thetextboxallowsforusingafilter(sometemplatesabove)IPsarecheckedagainstdns,arp,nodes,networkanddevicestablesandsetaniconaccordinglyTheslideradjuststhestarttime(canbesetwithdatepickerbydoubleclickontimefield)Youcanaddagraphlikepiechart,sankeyorRRD(latterisnotadjustingtodisplayedtraffic)Enablingnamelookupwith usesdnsandwhois(storingtheresultinthenetinfotable,whichcantakeamoment)Clickingonthesourcesanddestinationscyclesthefilter(src/dstip,ip,src/dstnet,net)forquickchangesCreateanalertpolicyfromanappliedbyfilterbyclickingthe icon(requiresSystem-Policy)

59

Other-Calculator(IPCalculator)

Subnetcalculatorforsub-andsupernetting

Check"DBComparison"tofindusedandunusedaddressrangesAtableofsubnetscanbeexportedtoXLSforfurtherprocessing

60

Other-Converter(NumberConverter)

Averysimplenumberconverter,whichcanbehelpfulinfindingthecorrectOIDswithDef-Editor:

PasteOIDsorstringcontainingHEXordecimalnumbersandclickShowThevaluesareshownindecimal,HEXandASCII

61

Other-Defed(DeviceDefinitionEditor)

Generatethoseinfamous.deffileswiththehelpofthismodule,tomakethemasaccurateandreliableaspossible.Emailmetheresulting.deffilesbyclickingon ,ifthey're100%workingandI'llincludetheminthedistribution.

You'dusuallyclickonasysobjidcolumnofanunknowndeviceinDevices-Listor inDevices-Status.ThiswilladdanIPaddressandSNMPcommunityalongwiththesysobjidyouwishtotakecareof.

Incasea.deffileexistsalready,it'svalueswillbefilledintotheform.

The buttonsubmitsIPandcommunity,readstheexisting.defandmarksthesysobjidtobeusedassourceforanunknowndevicewithnosuitablesource.defswithinrange.

Incasea.defexistswithit'slastsysobjiddigitwithin-+10ofthechosenone,it'llbeaddedtoalistofpotentialsource.defs,whichcanbecopiedastemplate.(apreviouselymarked.defappearsassourcewithgreenbackground,ifnonewerefound).

Here'ssomeusefulinformationonSysobjids:Cisco

It'salsorecommendedtowatchtheDefGenTutorial!

Hoverovertheinputfields,togethintsonwhattofillin.Findthemostofficialtype(there'susuallyastickerwithabarcodesomewhere).SelecttheiconaccordingtotheGUIdocsontheNeDiHomepage.Contactme,ifyouneedanewOSselection.SomevendorsusevlancommunityindexingtogetBridgeforwardinginformationontheswitches.Somevendorsusetwicethebandwidthtoindicatefullduplex.Justuse'doublespeed'askeywordforIFDuplex.OnlypopulatetheAlias-Duplex-andVlan-Indexfields,ifthey'renotthesameastheinterfaceindexes.IfMAUtype(1.3.6.1.2.1.26.2.1.1.11)isused,noactualduplexvaluesarerequired.Usemodifierstomultiply/dividetemperatureandmemoryifnecessary.Thelatteralsoaccepts%ifthevaluereflectspercentageofavailablememoryor-%inthecaseofusedmemory.Addan"N"toanOID,ifofthelastnumbercanvaryforCPUortemperature.Add1-xtobootimage,iftheinfoisspreadacrossseveralOIDs(e.g.Zyxel,ESXi)UseanegativecustomthresholdtoalertifresultislessthanthresholdOnceyoustarteditingthetextarea,theinputfieldsabovewillbelockedtopreventaccidentalinput.

62

Other-Flower(FlowerOpenflows)

Openflowisastandard,whichallowsforacontrollertodirectlymanageflowtablesonswitches.ThisformsthefoundationofSoftwareDefinedNetworking(SDN)andcanbeusedtobuildfirefwalls,loadbalancersandalotmorethatwecan'teventhinkof,yet.

ThismodulemakesiteasytocreateandremovestaticflowsonsuchanOpenflowcontroller(rightnowFloodlightissupportedandtested).

SetthenameorIPaddressofyourcontrollerinthe$flcvariableatthetopofthephpcodeorsimplycallitwithOther-Flower.php?flc=CONTROLLERAllswitchesmanagedbythecontrollershowupwiththeirflowsinalistonthebottompart.Hoveringovericonsandinputfieldsrevealtheirpurpose.IfOther-Flowerisenabledinnedi.conf,you'llseeitsiconinNodes-List'sMACandIPaddressfields,whichletsyouquicklyaddnewflowsbasedonthemTopushanewflow,enteranameforitandapriorityifdesired.Definethefiltertomatchpacketsbasedoningressport,source/destMACorIPaddressorUDP/TCPports.You'llneedtoadd0x800asEthertypeand6asprotocol,ifyouwishtomatchTCPpacketsforexample.Nowsetanactiontotake,whichcanbeadestinationinterface,vlanandevenmodifyingMACorIPaddressorport.Ifyoudon'tspecifyanaction,thematchingpacketwillbedropped.Selecttheswitchesfromthelistbelow,whereyouwanttoinstalltheflowonandclickAdd.

63

Other-Info

Simplewrapperforphpinfo();

64

Other-Invoice(InvoiceGenerator)

Here'sawaytofinanceNeDi'sdevelopmentinformofanannualcontributionbasedonthesizeofyournetwork:

Enteryouraddress,acommenttoinformpurchasingwhatit'sforandclickupdateDeselectcheckboxes,ifyoudon'twanttopayfortherespectiveitemsselectacurrencyandclickonthe"Print"iconthecreateaninvoiceTheresultinginvoicecanbeprintedbyclickingontoplefticon

THANKSINADVANCE!

65

Other-Noodle(NoodleSearch)

Thisisasimplesearchtool(Google-likeNeDiSearch)tofindstringsinthewholedatabase.It'susuallycalledbythe"FindIT"boxintheheader

66

Reports-Combination(CombinationReports)

Thismodulecombinesactualreportsfromtheotherreportingmodulesinordertoprovideenhancedviewsonspecificaspects:

1. Assetlistsalldevicerelevantinfoandthedistributionofmoduleswithin2. Populationshowshowthenodesaredistributedacrossyournetwork3. Monitoringsummarizeseventsandincidents4. Errorlistsduplicatesthatshouldn'tbe,IFerrors/discardsandlinkmismatches

67

Reports-Custom(CustomReport)

Thismoduleallowsforcreatingcustomizedreports.Someknowledgeabouthowdatabaseswork,ishelpfulhere.

TheDevicetableisusedasbaseforeveryreportSelectanothertable,ifyoudon'tjustwanttolookatdevicesDefineafilter(upto4conditions)Select(multiple)columnstogrouptheresultsbySelectacharttypetobedisplayedontopUselocationlevelincombinationwithlocationcolumnstogrouponcitiesforexampleUsethetemplateiconsforquickexamples

68

Reports-Devices(DeviceReports)

Reportsfocussingondevices,theirconnectionsandconfigurations.

TypeDistribution Distributionofdevicevendorsandtypes

ClassDistribution Distributionofdeviceclassesandtheirservices

SWDistribution Distributionofoperatingsystemsandsoftwareversions

DuplicateSerial# Duplicateserialnumbersofdevicesandmodules

DuplicateIP DuplicatemgmtIPaddressesofdevices

GroupDistribution Devicegroupandmodestatistics(canbeVTPrelatedorAPgroupsinWlancontrollers)

Configuration CLIdevicesmissingconfigandconfigswithoutchanges

DevicePoE TopPoEbudgedsandtheirusage(basedonPower-EthernetMIB)

DiscoverHistory Discoverhistory,whereeachcoloumnislimitedindividually(usefiltertonarrowdownthetimeframe)

DeviceConnection Unlinkeddevicesandundiscoveredneighbors

ConnectionErrors Linkmismatchesbasedondiscoveryprotocolinformation

69

Reports-Interfaces(InterfaceReports)

Interfacereportsprovideinformationontheperimeterofyournetwork,butalsorevealinternalproblemsormisconfiguration.

Summary ShowsTopinterfacetypesandrespectivestatus

Traffic,Errors,DiscardsandBroadcasts

liststhebusiestandmostproblematicinterfacesofyournetwork.Check'AlternativeSort'totakeIFspeedintoaccountofthetrafficstatsandtheactualtrafficfortheerrors.'Optimize'usesabsoluteerrorsratherthanthoseseenwithinthelastdiscoveryperiod

PortAvailability Revealswhichswitchescanbereplacedbysmalleronesorwhicharegettingreallyfull(basedonrecentingresstraffic).'Optimize'restrictsthisstatistictobridgesandethernetinterfaces

PortDisabled Quicklyfindthatinterfaceyoudisabledaweekago,becausesomeinfectednotebooktriedtoattacktherestofyournetwork

PoEStatistics Displaystoppowerdeliveryperdeviceandinterfaceaverage,basedonperinterfacePoEinformation(e.g.fromdiscoveryprotocolorinterfaceMIBs)

VlanDistribution

Generatesavlanmatrix,showingnumberofuntaggedportswithanicon(1,2and3ormore)andnumberoftaggedportswithbackgroundcolor(shaded,ifuntaggedportsarefound)

70

Reports-Modules(ModuleReports)

Needtoknowhowmanymodulesofakindyou'vegot?Thisreportalsohelps,ifyouneedtogenerateaHWinventoryforsupportcontractsbasedonserialnumbersetc.

Distribution Presentsanoverviewofwhichmodulesareinstalledinwhichdevices

Inventory Generatesacompletelistofdevicesandtheirindividualmodules

Printsupplies Listsprintsuppliessortedbyavailabilityorlocation(tomakefillingthemupeasierfortheguywhohastogotoeveryprinter)

VirtualMachines ListallhypervisorswithallocatedVMs,CPUsandmemory

71

Reports-Monitoring(MonitoringReports)

Generalmonitoringstatisticslikeavailability,eventsourcesandincidentsandhowthey'reacknowledged.

AvailabilityDistribution Statisticsoftargetsandtheirlocations

LatencyStatistics Last,averageandmaximumlatencyoftargets(inaccurateatthemoment,sorry)

UptimeStatistics Listdeviceswiththehighestservicetime

EventsDistribution Statisticalbreakdownofevents,theirlevelsandsources

IncidentGroup Distributionanddurationofcathegorizedincidents

IncidentDistribution Distributionofincidentsacrosstargetsandtheirlocations

IncidentAcknowledge Acknowledgestatisticsandtimeperuser

IncidentHistory Logincalendarformto"spotpatterns"(optimizerevealsdetailedview,increaselimitformoreyears)

72

Reports-Networks(InterfaceReports)

FindhownodesaredistributedacrossyourIPrangesorhowsubnetsarebeingused.

NetworkDistribution

Listsdiscoverednetworksandtheirusage.ClickoptimizetoverifyallinterfaceIPsandprefixesondeviceswitheachother

NetworkPopulation

Showsallsubnets(</16)andmapsIPsofnodes(green)anddevices(blue)orboth(yellow)intotheaddressspace.EmptyDNSentriesshowupred

73

Reports-Nodes(NodeReports)

Reportsfocusedaroundtheanythingconnectedtoyournetwork.

Summary Nodestatisticsataglance

NodeDistribution Distributionofnodesbyportanddevicetodetectunmanagedswitchesorhubs

DuplicateNodes Showsduplicatenodenames(e.g.havingaWlanandEthernetconnection)orMACaddresses

NodeAddress ShowsduplicateormultipleIPaddresses

OS&Services ShowtopnodeOSandtypestatisticsifnodesareidentifiedwithNeDi'sscanfeature

Nomads IPandIFchangesmultipliedyieldNeDi'snomadfactor,anindicatorforthosewhoseemtotravelalot

DiscoverHistory

Thishisorycanrevealmajorchangesorproblemsinyournetwork.Eachcoloumnislimitedindividually(usefiltertonarrowdownthetimeframe)

EmptyVlans Unpopulatedvlanscanbeidentifiedandeventuallyremoved,ifnotneededonparticulardevices

74

System-Database

BackupSQLtables,performDBmaintenance,exportconfigurationsastextfilesorothertablesasCSVfiles.BydefaultthecompleteDBstructureincludingnumberofrecordsisshown:

Quicklyview(thefirst1000)entriesofatablebyclickingonthe ,ifshownOptimizeatablewith orrepairwithDeleteallrecordswith

Execute

Selectaqueryfromthe"--DBList--selectbox.EntriesbeginwithsimpleSELECTstatementstodisplayentiretables,butalsocontainmaintenancetaskstowardsthebottom"ConfigurationBackup"simplyaddsaquerytoselectallconfigs,butcreatesadownloadablegziparchiveaswellAllotherselectstatementslisttherespectivetablecontents,whichcanbedisplayedasCSV(withdestinationsetto"plain")

changesIPaddressesandtimestampstoahumanreadableformatandaddsatimestamptothearchivename,ifdestinationisGziporBzip2Bzip2needsmoreresources,butgenerallycreatessmallerarchives.Dependingontheamountofdatayou'redealingwith,themodulerequiresmorememoryortimetofinishprocessing!

SQLDump

Select(holddownCTRLformultiple)tablestobeexportedinSQLformatTheresultingfilecanbeimportedagainviaSystem-Files,ifDestinationwassettoGzip

75

System-Files

Thismodulesprovidesthefollowingmajorfeatures:

1. Edit/Viewsystem,deviceconfigurationandnedilogfiles2. ImportSQLdataorupdateNeDifiles3. Managefilesinhtml/log,map,topoandtftpboot4. ManageCLIcommandfilesandinstalltemplates(seeDevices-Install)5. DeleteoutdatedRRDs(olderthanretireinnedi.conf)tofreeupdiskspace

Editor/Viewer

Simplychoosethefileyouwanttoeditandclicksave,whenyou'redone.Youcanonlyeditfiles,whicharewritablebythewebserver.Adeviceconfigurationcanbewrittento"tftpboot"andusedforPXEprovisioningWheneditingnedi.confornodi.confyoucanclick forthepasswordencryptionpop-upClickon tocreateanewinstalltemplatesorCLIcommandfiles

Import/Update

Select"ImportDB"anduploada.sql.gz(packed)filewhichwillreplacetheDBdata.YoucanrestoredumpscreatedwithSystem-Exportforexample.CreateandactivateasnapshottoadddatafromanotherNeDisystemSelect"UpdateImage"anduploadanarchivewithalternativeusericons(usr/0-99.jpg)ordevicepanels(panel/devtype.jpg)Uploadanedi.tgzarchiveandchoosewhetheryouwhishtobackupyourexistingconfig(checkforcompatibilty!)ornot(e.g.forpatches)

ManageFiles

Uploadfilesintheapropriatearea.Filesinhtml/logcanbeaccesseddirectlybyclickingonfilename.DeletefilesbyclickingonFoldersinthetoposectioncanbeselectedtouploadabackground.jpgorotherfilestothislocation.TheycanbeusedbyTopology-Mapas"geo"mapbackgroundsorTopology-TableandAssets-LocationfordocumentationClickon tocreateanewfilein"tftpboot"forPXEprovisioning

76

System-NeDi

Executenedi.plfromtheGUI.Themodulecanbeusedtoperformthefollowingtasks:

1. Bydefaultthehelpisdisplayed,whichrevealsoptionsandtheoutputlegend2. Definitionsshowsallavailable.deffiles,sysobjidsarelinkedtoDef-Editor3. Discoverwillactuallyfinddevices4. ServicesscansforcertainopenportsongivenIPaddressesandusestheanswersforhostidentification5. Initdropsandrecreatethewholedatabase,butdoesnotremoveanyconfigfilesorRRDs

Doubleclickintheoutputareatohaveitturnyellowandscrolldownautomatically.Doitagaintoturnthisfeatureoff.

Discover

ThisisNeDi'score.Youcanusethismoduletodeterminethebestwaytodiscoveryournetwork.Onceyou'vefoundtherightoptions,copythecommandabovetheoutputandputitincrontabviaSystem-Files.Thereareseveralapproachestodiscoveranetwork.Firsttherightmethodtousethesourcesneedstobefound:

1. Don'taddanyIPstotheseedlistandcheck"Protocol".ThisdiscoversthedefaultgatewayoftheNeDihostandanyneighborsviaCDPorLLDP

2. Ifyouhavefirewallsorother"hurdles"separatingyournetworks(notsupportingCDPorLLDP),youneedtoaddaseedforeachisland

3. Useastaticseedlistanddon'tuseanydiscoveryprotocols4. Select"Address"fromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-155. Alternativelyyoucanclick toselectDeviceswiththe'all'optiontodiscoveralldevicesintheDB6. Youcanalsouseaquerytoonlydiscoverasubsetandusecrontabtoparallelizethediscoveriesthisway7. Tofindmore"exotic"devices,addthevendorstringstoouidevinnedi.confandcheck"OUI".Discoverarouter

connectedtothosedevicesandthey'llbequeued8. Youcanuseroutetablesaslayer3discoverybychecking"Routes"

Thebehaviorcanbecontrolledwiththefollowingoptions:

SelectaConfigurationoptiontobackupdeviceconfigurationstoDBandtheconfigfolderClick toskipinterfaceinfo, toavoidgraphsor toignorenodes(anycombinationispossible,tospeedupthediscovery)Select"Version"toforceusinganSNMPversion(onlytesteduponfirstdiscoveryandthefirstoneworkingisstoredinDB)Check"Read"tore-testSNMPreadaccess(usefultorediscoveranexistingdeviceinconjunctionwith-V)Check"Write"tore-testSNMPwritecommunitystrings(onlytesteduponfirstdiscovery,canbeturnedofviasnmpwriteinnedi.conf)CheckFQDNtousecompletedevicenames.Otherwiseeverythingaftera'.'istruncatedasfqdn'scancausewronglinksNeDireliesonuniquedevicenames.CheckDevIPtousetheirIPaddressesinsteadSelectacommandfilefromCLI-Sendselectboxtohaveitexecutedoneachdiscovereddevice(seeSystem-Filesforcreatingthem)

DNSNames

SelectAddressfromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-15CheckverbosetofollowtheprogressofthenameresolutionClickExecutetoresolveallnamesinthatIPrangeTheNetworkPopulationreportinReports-NetworksleveragesthisinformationtoshowunusedDNSrecordsforexample

77

Services

SelectAddressfromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-15AlternativelyyoucanselectNodesandenteraquerylikeoui~'intel'SelectPing(1-3stimeout)tomakesureanaddressisinuse(TCPechoisusedandmaynotworkonsomehosts)CheckverbosetofollowtheprogressofthehostidentificationThe'id'optionusesssh,sendmail,http,httpsandnetbiosforhostidentificationIfusedfromCLI,additionalportscanbecheckedlike-sid,3128,5900

78

System-NoDi

Executenodi.plfromtheGUI.

NoDistandsfornode-discovery(refertotheNeDiGuideformoreinformation).Makesureyoueditnodi.confbeforeusingthismodule.

1. Bydefaultthehelpisdisplayed,whichrevealsoptionsandtheoutputlegend2. EnteranIPaddress/rangeorselectNodesandenteraSQLquery3. Selectausertoavoidtryingallavailableones4. Skipwhatyoudon'tneed5. Click"Execute"tostartdiscovery

Doubleclickintheoutputareatohaveitturnyellowandscrolldownautomatically.Doitagaintoturnthisfeatureoff.

79

System-Policy

Thisisapremiummodule,onlyavailablewithNeDi+.Findmoredetailshere

Makesureyouunderstandhowpolicyactionswork!Youcandisableallnetworkinterfacesforexample,ifyoudon'tknowwhatyou'redoing!

Searchfor'safetyon!'inlibmisc.pmandtogglecommentingonthe2'$clistat'lines,ifyou'reconfident!

Thismoduleletsyoudefineconditionsondeviceconfigurations,neighborsorlearnedMACaddressesandtakeactionuponhitormiss.

Theclassofapolicydetermineswhereinthediscoveryit'sprocessed.Thisisimportant,ifyouwanttotakeactiononneighbornamesandlearnedMACaddressesforexample,asonlythelastmatchingpolicywithanactionwillbeexecuted.

Order Class Operator Description

1 NeighborName ~or!~ AftercollectingallLLDP,CDPorFDPneighborstheirnamesareprocessed

2 NeighborType ~or!~ Rightafterthenames,theirtypesareprocessed

3 MACAddress ~or!~ Aftercollectingthebridge-forwardentries(MACaddresstable)they'reprocessed

4 ConnectionBefore ~or!~ WhenwritingtheinterfacestotheDB,thepreviousconnectioninformation(linktype)is

processedtodetectchangesindeviceinterconnections

- Configuration ~or!~ Configurationsareprocessedwith-bor-Bx,butthispolicydoesnotdependontheothersabove

- PortConfiguration ~or!~ Configurationofinterfacecontexts(e.g.inconjunctionwith"ConnectionType")

- DeviceMonitor any

Addnewdevicestomonitoring.Ifyouenter-ornointarget,it'llbeaddedinmaintenancemode.CPU&Memthresholdsaretakenfrom.def,alertactionisappliedtotargetanddoesnotcreatealertsitself

- Total#ofMACs >or< Thispolicyreferstototal#oflearnedMACaddresses(includingthoseonuplinks).It

doesnotdependontheothersaboveasit'sevaluatedafterwritingnodesofadevice

-Packets,BytesandFlows

>or< Thosepoliciesareusedbyflowi.pl(onnfdumpfiles)allowingforalertsonexcessiveormissingtraffic

StolenNodes

1. Clickon inNodes-StatustocreateaMACpolicyofthatnode2. AdjustAlertsettingorinfotextandclickadd3. EverytimethisMACaddressisfound,you'llbenotifiedaccordingtothealertsetting

ConfigurationCompliance

1. Select"Configuration"fromtheclassselectboxandenterregexptomatch(e.g.'snmp-servercommunitypublic')2. Alternativelyyoucanchangetheoperatorto'!~'togetalertsonmissingconfigurationstatements3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample

80

4. AdjustAlertsettingandinformationtextandclickadd

PortConfigurationCompliance

1. Select"PortConfiguration"fromtheclassselectboxandenterregexptomatch(e.g.'switchportmodetrunk')2. Alternativelyyoucanchangetheoperatorto'!~'togetalertsonmissingconfigurationstatements3. Narrowdownthematchesbyspecifyingaregexpfordevicetypeorconnection-type=Phoneforexample4. AdjustAlertsettingandinformationtextandclickadd

DeviceMonitor

1. Select"DeviceMonitor"fromtheclassselectbox,enter"-"or"no"astargettosettesttononeorspecifyatestlike"ping"

2. Ifyouleavetargetblankit'lldefaulttouptimeforSNMPdevicesandicmpfornon-SNMPones3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample4. AdjustAlertsettingforthemonitoredtarget(repeatoptionsarenotsupportedyet)andclickadd5. DependenciesarenotresolvedautomaticallyandshouldbeconfiguredinMonitoring-Setup

PoEPolice

1. AddaNeighborPolicywiththe"SkipAction"toallowPoedeliverytophonesorcontrolledAPs.2. AddaMACPolicytoeithermatch(~)onparticularaddressesorentera'.'tomatchany3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample4. OptionallyselectaninterfaceconditiontoonlytriggerifPoEwasactiveinthepreviousdiscovery5. Select'PoEDisabled'ActionandaddaresetpolicybyselectingatimeframeafterwhichPoEshouldbere-enabled6. Uponthefirstdiscovery,whenitstimestampisinthepast,theresetpolicyisexecutedtorestorePoEdelivery7. AdjustAlertsettingandinformationtextandclickadd

LinkAlerts

1. Adda"ConnectionBefore"Policyandenter"D$"tomatchregulardevices2. Selectthe"StatusChange"condition3. Alternativelyyoucanselectaconnectiontypetomatchthecurrentstatus(e.g.ifsomeonereplaceadevicewitha

phone)4. AdjustAlertsettingandinformationtextandclickadd

Traffic

1. InNodes-Trafficchoosecolumnstoaggregate(group),sorting,sourceandafilterthenclickShow2. TheSystem-Policyiconappears,clickit3. Setoperatorandathreshold,thenspecifyhowyouwanttogetnotified4. Thispolicycreateseventswithclass'sptr'(System-Policy-Traffic)usingitsidassource

GeneralTopics

Apolicycannotbeedited,butcopiedbyclickingon andthenaddedagainApolicycanbedisabledbyclickingon (andenabledrespectively)ApolicycanberemovedbyclickingonThe"SkipAction" withelistsaport,thusavoidsanyotheractiontobeexecutedYoushouldaddaresetactiontorecoverdisabledportsorre-enablePoEafteragiventime(they'readdedwithstatusnewandatimestampsetinthefuture,whentheactiontakesplace)Theresetactionisperformed,whenitstimestampisinthepastIfskippolor-ScontainsporFnoactionswilltakeplace,exceptthoseofresetpoliciesIfskippolor-ScontainsPpoliciesarecompletelyignoredThoroughlytestpolicieswithoutactionsbefore'arming'themwithoneActionsaresupportedonIOSandProCurvedevicesatthemoment(changedconfigisnotsavedtoflash)Incaseanerroroccuredwhilegettingdeviceneighbors,theskipactionisappliedtoconcernedinterfaces(inhibiingerraticactions)

81

Theinformationtextisusedinevents,emailsandsms,butalsoservesascommentinthepolicylist(e.g.ifnoAlertisselected)Actionscommandsarewrittentopol_filesintheclifolderandcanbereviewedalongwiththeirlogsinSystem-FilesBydefaultapolicysummaryreportisshown

82

System-Services(NeDiServices)

ViewprocessesandresourcesofyourNeDihostandstartorstopcertainservices.

ThetopsectionshowsandcontrolsNeDirelatedservices.Thelowersectionshowsallrunningprocessesandsomesystemstats.Clickon tostopor startaserviceThisonlyworks,iftheservicesdon'tneedtoopenanypriviledgedports(<1024).Ofcourseyoucouldrunthewebserverasroot,butthatcancreatesecurityrisks!ThereforeNeDi'sSyslog(syslog.pl)andsnmptrapdrunonhigh-portsandusuallyareredirectedbyaninternalfirewall.

Discovery

Dependingonthesizeandtopologyofyournetwork,itmakessensetorunseveraldiscoverythreadsatthesametime.

DothisbydividingthenetworkinafewsectionsusingbordersanddifferentseedfilesandaddcrontabentriesaccordinglyOnthefarrightyouseethediscoverystatus(#ofthreadsisrevealedbyhoveringoverIncaseadiscoveryterminatedunexpectedly,youcanresetitbyclickingon .

83

System-Snapshot

Thismodulesletsyoutakeasnapshotofthecurrentdatabase.Thismaybeveryhelpfulforanetworkmigrationforexample,asyoucangobackintimeandexamineyournetworkprioranychanges

InadditionyoucanimportaNeDidatabasefromacompletelydifferentnetworkforreview,withoutaffectingyour"real"data.

AddingaSnapshot

Enterasuffixtoidentifyyoursnapshot.Bydefaultatimestampisfilledin.ProvideDBadminuser(usuallyroot)andpassword.Clickthe"Add"buttontocopythecurrentdatabasetothesnapshot(mighttakeawhile).

ActivatingaSnapshot

Thedatabaseusedinthecurrentsessionisindicatedby .Clickon inthesnapshotlisttoactivateeitherthemaindatabaseorasnapshot.The logoonthetopleftisreplacedby toremindyou,thatyou'reworkinginasnapshotnow.Hoveroverittorevealwhichone.Alarmsoundsandrrdgraphsareturnedoffaswelltoavoidanyconfusionuntilyouselectthemaindatabaseagain(usually'nedi').Youcanmanipulatedatainasnapshot,butitwon'thaveaneffectonthecurrentdatabase,sincethediscoverykeepsusingthemaindatabase.ThisappliesforimportingaDBwithSystem-Filesaswell,meaningyoucanactuallyimportacompletelydifferentdatabase

DeletingaSnapshot

Clickon todeleteasnapshot(onlyshownoninactivesnapshots).Afterconfirmationthesnapshotwillbedeletedanditsdiskspacefreedup.

84

Topology-Linked(LinkEditor)

Editstaticlinkshere,ifthediscoveryprotocolsdon'tdeliversatisfyingresults.

Selectadevice,anyexistinglinksofthisdeviceareshownautomatically.Selectthedesiredinterface(greenindicateslink-statusisup)Dothesamefortheneighbour.Click'Add'tocreatethisandthereverselink.Bothlinksneedtobedeletedseparately,ifthey'renolongerrequired.Theright deletesthelinkandshowstheneighborforeasierdeletionoftheoppositelink.Selectthelinktype,ifyoujustwanttoseewhat'sintheDB.SelectIsolatedtoidentifylinks,withoutdeviceintheDB.Bydefaultthe"ConnectionError"reportisshown

85

Topology-Links(LinkList)

Listlinksofthedevices.

Bydefaultthe"DeviceConnection"reportisshown

86

Topology-Map

Thismodulewasintendedfordocumentationpurposes,eventhoughitfeaturesinteractivehandlingnow.Itcanalsobeusedtoobservetraffic,errors,broadcasts,discards,cpuusageortemperatureofdevices.Mapsarewrittenonaperuserbasistohtml/logorusedinMonitoring-Map.Uponaccessingthismodulethelastmapwillbedisplayedwithoutinteractivefeatures.

GraphsareonlydrawninPNGandonlyforthe1sttimethemapisgenerated,becausethey'llbedeletedafterwards.Thismaybeaproblem,ifyouwishtosavethepicture(screenshotalwaysworks,though).AlternativelySVGoreveninteractiveD3jsmapscanbecreated.Draganodetofixitonthecanvas.Doubleclicktoletitfloatagain."PNG"png"generatestruecolor,"8bit"generates256colorpngimagesrespectively.Theycanbeincludedinthecombinationreportorvariouslists.SVGisusedforvectordrawings,whichcanbeimportedbyotherapplications.Youprobablywanttouse"shapes"insteadof"icons"unlessyoucopythemintotherightplaceonthedestination.Hoverovertheinputfieldsandiconstogethints.Ifyouenabledynamic-edit(farrightwalk-iconabove"Execute"),themapwillberedrawnuponanyinputandfieldsaredisabledifthey'reofnousewiththecurrentsettings.ThisworksbestifthebrowsersupportsHTML5properly.TogetafeelforthisrathercomplexpartofNeDi,clickonthe iconsinothermodulestocreatemapsindifferentcontexts.A"bgmap"mapfindsthebestsuitedbackgroundimageautomatically.E.g.theregionalone,ifyou'reonlydrawingthe"Shire"regionandyou'veuploadedabackground.jpgtotopo/ShirewithSystem-Filesforexample.Assumingyou'veeditedthisregionwithLocedbefore,it'llnowusethecitycoordinates,you'veenteredtoputthecityicons.Ifyoudrawatbuildinglevel,they'llsimplybearrangedaroundthecitycoordinatesinaring.ClicktheMonitorbuttontoaddcurrentmaptoMonitoring-Map

Internallymapsarecalculatedusingpolarcoordinates(exceptin"layer"mode),whereeachlevel(e.g.acity)formsaring.Devicesarearrangedbasedontheirneighbors.Thisdoesnotalwaysworkout,butgenerallyyieldsacceptableresultsaftersometweaking.Thefollowingsectionsexplainhowthisisdone.

Filter

Layermode:The4fieldscorrespondtocore,distribution,accessandaccess2layersandselectdevicesforeachdesiredlayerAllothers:Sameasthefiltersectioninthelistmodules

Main

TitleofMapSize(canbeadjustedinURI)andoutputformatofmapForhierarchicalmapsuse"bld"(drawsbuildingswithfloors)or"ring"(drawsbuildingsascircles).Thisletsyoudrawregion,cityorbuildinglevelmapsleveragingNeDi'sSNMPlocationscheme.The"bgmap"typereliesuploadedbackgroundsandinformationyou'veaddedwithLocedAlternativelyyoucanselect"flat"whichstillgivesyoutheabilitydrawmapswithoutanylocationawarenessbutdisplaynon-SNMPdevicesorevennodes

addsanadditionalconditionstofilteronSNMPdevicesonlydefinesthecenterofyourmap

Rotatemapattop,cityorbuildinglevel(shiftlayersonX-axisin"layer"mode)

Layout

defineshowlinksarepresented.Lengh/leveldetermineshowmuchshorteralinkbetweenbuildingsisgoingtobethanalinkbetweencitiesforexample.Thenextfielddefinestheoffsetfromthelinkendpointforinterface

87

information(ifdisplayed)lengthsetsthetop-levellinklength(canbelookedatzoom-leveltoo).They'redrawn"straight"asdefault,but

sometimesyou'dpreferan"arc"LinkInformationcanbebandwidthorevenaRRDgraph.Itcanbemovedawayfromthecenter,ifitgetsinthe

wayofotheritemsdefineshowmap-nodesarerepresented.Positivenumbersusethepositioninthetopology,negativejust

numberofneighborstodetermineitsdistancefromthecenter.In"layer"modethisonlysety-amplitudeforaccesslayeralternating

Floorsizesetsthebuildingsizewhenactualdevicesaredrawninhierarchicalmaps.Thisvaluecanbeassmallas8if"TinyShapes"isselectedabovetogenerateabird-eyeviewofyournetworkColumnsletsyoucontrolhowwidethosebuildingsarerepresented

Show

Selectvariousdetailstoshowuponthemap

88

Topology-Multicast

SimpletooltoshowPIMroutingtableonaCisco�routerorIGMPinfoonaProCurve�switch.

89

Topology-Networks(NetworkList)

ListIPv4andIPv6addressesbyVRFsforexample.

IfanIPv4addressisempty,theentryisanIPv6address.Hoveroverthenetworkicontorevealit'sclass.ThestatusofthecorrespondinginterfaceorVRF/VPNisshownwiththenetworkicon(stayswhiteifnotavailable).YoucansearchfornetworksusingCIDRnotation(1.2.3.4/24)orregexps( 1̂.2.3)Someprefixesshow0,ifNeDicouldn'treadthemproperlyfromthedevice.

90

Topology-Routes(RoutesToolbox)

ThisistheformerRealtimeRoutesmodule,whichnowprovides3modesofoperation:

Listroutesstoredinthedatabase(NeDi1.8feature)Displaytheroutingtableofadeivce,byselectingonewiththerightselectboxandclicking"Show"Tracearoutebyselectingsource,destinationandclicking"Route"

91

Topology-Spanningtree(RealtimeSpanningtree)

DisplaysSpanningtreestatusofalayer2device.

Selectswitchfromlist.Selectvlan,todisplaypervlanspanningtreeinformation,ifapplicable.Additionallydisplaytrafficgraphs(ifRRDisenabled)toverifyoperation.TheinterfacepointingtotherootbridgeisindicatedwithTheMACaddressoftherootbridgecanbesearchedforbyclickingonIntheIFstatuscolumnyoucanseeifaportisblockingorforwardingetc.

92

Topology-Table

IfyourdevicesareconfiguredwithSNMPlocationinformationaccordingtoNeDi'sscheme,youcandrilldownintoyournetworkinatabularfashionhere.

Thosebuttonsonthetoprighthelpnavigatingandrevealmoreinformation:

Click togettothetop, toregion, tocity,or tobuildinglevel.displaysnumberofdevicesperlocationaddsnodepopulationperlocationaddsfreeaccessportsperlocation

Clickingonlocationnameslistsallitsdevices(thedisplayedwidthissetinUser-Profile ).Youcan"paint"importantbuildingsred(ish)withredbuildinnedi.conf.Astreetaddresscanhaveseveralbuildings,ifbldsepisconfiguredcorrectly.Adigitshowingtheamountofsub-buildingsisadded,iftherearemorethanone.

Thenextbuttoncyclesthedisplayofyoursites.ThestateispreservedwithinthesessionandisusedinMonitoring-Healthaswell:

Switchestosmallicons(goodfordisplayinghundredsofsites)ShowsNeDimaps(foraglanceinside)Showsstaticmapswhicharecachedinthe"topo/"treeAddswheatherinformationforcities,withthatyouknowwhenit'sdownbecauseofathunderstorm.Revertstothedefaulticondisplay.

BuildingLevel

Insideabuildingyougettoseethedevicesoneachfloorandroom.Ifyouspecifiedtherackandrack-unit,theroomnamebecomesalinkwhichtakesyoutotherackview.

Clickingonafloorlistsallmatchingdevices.Togglesdisplayingnon-SNMPdevices.Showsdevicepanelsinsteadoficons.

IfphotosordocumentsnamedBuilding-Floor-something(ignoringnon-wordcharacters)arefoundintopo/Region/Citythey'representedwithaniconunderneaththefloorlabel.Clickingonthemrevealsthephotoinapopupwindoworopensthefile.

93

User-Chat

AverysimplechatinterfaceforNeDiusers.Youcanalsorunstati.pleveryweekorsoanditwilladdstatisticstothechat,similartoabotinanIRCchannel.

Hoveroverauserimage,ifyou'reunsurewhoitisThegreeneramessagethemorerecentYoureventsarealittlebrighterthanthoseofothers

94

User-Management

Adminscanaddandmanageusersandtheirgroupshere.InadditionaDeviceFiltercanbeappliedtoanon-adminusertorestricthisaccesstothenetwork.

AssigngroupsbyclickingontheGroupicons.Selectdevicefilter,ifrequired.Entera-toclear,clickon toverifyDeleteanaccountbyclickingUse toresetalostpasswordOthericonslistdevices,assetsandeventsrelatedtotheuser

95

User-Profile

Thisisyourstartingpage,whensigningin(exceptforDecember;-).Italsoservestodisplayanyadministativenotificationsandtoedityourpasswordandinformation.

You'llonlyreceivemonitoringemailsandSMS,ifyouenteryourinfoaccordinglyandareinthemonitoringgroupletslisttablesrememberthecolumnsettingsandadds"breadcrumps"totheheader.Ifyouareusinganssh

andtelnetpluginthatreckognizesplainIPaddresses,youcanturnoffanyIPlinksaswell#ofeventsorreportentriesareshownincertainmodules#ofcolumnstobeshownintopologytableviewslabellengthintablesandmaps

LanguageandthemearenotupdatedimmediatelyandrequireareloadletsyouedittheAdminMessage(ifyou'reanadmin)

96

User-Radius

ThisisaNeDiEnterprisemodule,onlyavailablethroughacertifiedpartner

ManagerscanaddRadiusgroupsanduserswiththismodule(requiresradiusdatabasesettingsinnedi.conf).

IntheVlansectionofDevices-Statusclickon toprefillthegroupfieldsChangetoyourneedsandclick"Add"tocreateagroupreplyentryForMACauthentication,filterdesirednodesinNodes-ListSelectagroup(ornot)andclick"Radius"toaddvisiblenodestotheradiusDBAddotherusersbyenteringname,passwordimUser-Radiusandselectgroup(ornot)andclick"Add"Createauserlistbyusingthefilterandclicking"Show"Bydefaulttheavailablegroupsanduser-groupmappingsareshown

97

TableofContents

Introduction 2InstallationInstructions 3

GeneralOverview 4Architecture 5FunctionalBreakdown 6Terminology 7

NetworkManagement 9Prerequisites 9TopologyAwareness 10ConfigurationBackup 12DeviceModules 13NetworkPopulation(Nodes) 14Editnedi.conf 15Editseedlist 16DiscovertheNetwork 17Editcrontab 19

AssetDiscovery 20Troubleshooting 21FrontendOverview 22RESTAPI 22ManagingAssets 23TheNeDiGUI 24Lists 25Monitoring 26Reporting 28

GUIModules 29Assets-List 30Assets-Locations(LocationList) 31Assets-Loced(LocationEditor) 32Assets-Management 33Devices-Config 34Devices-Doctor(DeviceDoctor) 35Devices-Graph 36Devices-Install 37Devices-Interfaces(InterfaceList) 38Devices-List 39Devices-Modules(ModuleList) 40Devices-Status(DeviceStatus) 41Devices-Translator(ConfigurationTranslator) 43Devices-Vlans(VlanList) 45Devices-Write 46Monitoring-Events 47Monitoring-Health 48Monitoring-History 49

98

Monitoring-Incidents(IncidentList) 50Monitoring-Map 51Monitoring-Master 52Monitoring-Setup 53Nodes-Create 54Nodes-List 55Nodes-RogueAP(RogueAPList) 56Nodes-Status(NodeStatus) 57Nodes-Toolbox 58Nodes-Traffic 59Other-Calculator(IPCalculator) 60Other-Converter(NumberConverter) 61Other-Defed(DeviceDefinitionEditor) 62Other-Flower(FlowerOpenflows) 63Other-Info 64Other-Invoice(InvoiceGenerator) 65Other-Noodle(NoodleSearch) 66Reports-Combination(CombinationReports) 67Reports-Custom(CustomReport) 68Reports-Devices(DeviceReports) 69Reports-Interfaces(InterfaceReports) 70Reports-Modules(ModuleReports) 71Reports-Monitoring(MonitoringReports) 72Reports-Networks(InterfaceReports) 73Reports-Nodes(NodeReports) 74System-Database 75System-Files 76System-NeDi 77System-NoDi 79System-Policy 80System-Services(NeDiServices) 83System-Snapshot 84Topology-Linked(LinkEditor) 85Topology-Links(LinkList) 86Topology-Map 87Topology-Multicast 89Topology-Networks(NetworkList) 90Topology-Routes(RoutesToolbox) 91Topology-Spanningtree(RealtimeSpanningtree) 92Topology-Table 93User-Chat 94User-Management 95User-Profile 96User-Radius 97

99