Introduction
NeDidiscoversyournetworkdevicesandtracksconnectedend-nodes.Itcontainsmanyadditionalfeaturesformanagingenterprisenetworks:
IntelligenttopologyawarenessMACaddressmapping/trackingTraffic,error,discardandbroadcastgraphingwiththresholdbasedalertingUptime,BGPpeerandinterfacestatusmonitoringCorrelatesyslogmessagesandtrapswithdiscoveryeventsNetworkmapsfordocumentationandmonitoringdashboardsDetectirougeaccesspointsandfindmissingdevicesExtensivereportingrangingfromdevices,modules,interfacesallthewaytoassetsandnodes
NeDi'smodulararchitectureallowsforsimpleintegrationwithothertools.ForexampleCactigraphscanbecreated,basedondiscoveredinformation.DuetoNeDi'sversatilitythingslikeprinterresourcescanbemonitoredaswell...
PublishedonSatOct1413:45:052017
2
InstallationInstructions
NeDi'swebsiteprovidesallnecessaryinformationforasuccessfulinstallation.
Thegenericprocedurewithsomelinkstoexternaldocumentation:http://www.nedi.ch/installation
OSSpecificinformation:http://www.nedi.ch/installation/freebsdhttp://www.nedi.ch/installation/os-xhttp://www.nedi.ch/installation/suse-installation
NeDiAppliance
There'safreeOpenBSDbasedappliancecalledNeDiO14availableontheDownloadpage.ItwillbesucceededbyaDebianbasedOVAcalledNeDian17.
PartnerSolutions
NeDiisintegratedincommerciallysupportedsolutionsaswell.HavealookatthepartnersonNeDi'sDownloadpagetogetmoreinformation.
3
GeneralOverview
ThischapterhelpstogetyouacquaintedwithNeDi:
Architecture:AquickoverviewofNeDi'scomponentsFunctionalBreakdown:AdescriptionofusecasesTerminology:DefinitionoftopicsfoundinNeDi
ThefollowingchapterscoverNeDiusecases:
NetworkManagement:TheoriginalintentionAssetDiscovery:Collectdetailsonyournodesanddevices
Thefrontenddocumentationisdividedintothefollowingsections:
RESTAPIGUIoverviewGUImodules
4
Architecture
NeDi'sarchitecturecanbedividedintothefollowingcomponents:
Networkdiscovery(nedi.pl)inlightblueaboveMonitoring(moni.pl,trap.plandsyslog.pl)inblueMasterdaemonandagentlistforcentralizingdistributedNeDiinstances,inpurpleNodediscoveryforassetdetails(gatheredbynodi.plusingWMIandSSH)inblueModularwebfrontendwritteninPHPandsomejavascriptinyellowRestfulAPIfrontendwritteninPHPindarkyellowMastersettingsfile(nedi.conf)indarkblueDependenciesareindicatedaboveaswell(e.g.APIonlytalkstotheDBandflow.plusesTrafficdatatogenerategraphs)NFDUMPcanoptionallybeintegrated,inthatthefrontendcanaccessanddisplaynetflowdata
5
FunctionalBreakdown
Usethistableinordertolearnhowthecomponentscanbeusedtoachievedifferentgoals.Detailedinformationisprovidedinthefollowingchapters:
Goal Component Description
DiscovernetworkdevicesusingSNMPandSSH/Telnet nedi.pl
Runnedi.plviaconsole,System-NeDiinthewebGUIorusecrontabtodiscoveronfixedintervalsThiswillalsotrackMACandIPadressesandcollecttheinterfacestatistics
Monitordiscoverednetworkdevices moni.pl
Runmoni.plviaconsole,System-ServicesinthewebGUI,orhaveitautostartwithinit.dscriptsAdddesireddevices(whichusuallyhavebeendiscoveredbefore)tomonitoringControlthemonitoringfrequency(defaultisuptimecheckevery3minutes)
ReceiveSyslogmessages syslog.pl Runsyslog.plviaconsole,System-ServicesinthewebGUI,orhaveitautostartwithinit.dscripts
ReceiveSNMPtraps trap.pl Configuretrap.plastraphandlerforsnmptrapd
MonitorremoteNeDihosts master.pl
AddremoteNeDiinstallationsinagentlistRunmaster.plviaconsole,System-ServicesinthewebGUIorhaveitautostartwithinitdscriptsConfigurehowtheremoteagentsprovidetheirAPIconnection(e.g.httpsandrootpath)Note:Don'trunanyothercomponentsonthishosttoavoidconfusion
Discoverassets nodi.plRunnodi.plviaconsole,System-NoDiinthewebGUIorusecrontabtodiscoveronfixedintervalsIt'srecommendedtouseadifferentDB(andconfigfile),ifnedi.plisrunninghereaswell
TrafficMonitoring nfdump,flowi.pl
Runnfcapd(fornetflow),sfcapd(forsflow)ornfpcapd(tocapturetrafficonaninterface)Specifypathtonetflowdatainnedi.confEditnedi.conftosetnfdpathandtheIP-portsyouwanttographRunflowi.plevery5minutestocreatetheProtocolandPortgraphsMakesurethefrontendcanexecutenfdump(especiallyifnfdumpisinstalledonanotherhostandthedatadirismounted)
6
Terminology
Devices:
SNMPcapablenetworkequipment,printerorserverWMIcapableWindowsserverorclientSSHcapableUnix(namelyLinuxandBSD)serverorclient
Modules:
Linecards,powersupplies,fantraysoropticaltransceivers(usuallywithserialnumber)innetworkdevicesMembers(usuallyclassifiedaschassis)inastackVirtualmachinesinhypervisorsSuppliesinprintersCPU,Ram,HDD,displayorinstalledsoftwareinWMIorSSHdevicesGotoModulesformorenetworkingrelatedinformation
Nodes:
MACaddressfromabridge-forwardtableonaswitch(required)IPaddressesofARPtablesonroutersorlayer3switches(optional)DNSnamesoptainedbyreverselookupofIPaddresses(optional)GotoNetworkPopulationformorenetworkingrelatedinformation
Links:
ConnectionbetweendevicesstoredinthelinkstableCreatedusingCDP,LLDP(ISDPunderinvestigation)Calculatedautomaticallywithinformationderivedfrombridge-forwardtables(MAC)AddedstaticallyusingTopology-Linked(STAT)
Assets:
ItemswithaserialnumberintheinventorytableAddedbyNeDi's-YoptionAddedbyhandusingAssets-ManagementImportedviaCSVfileusingAssets-Management
Policies:
RulesdefinedinSystem-PoliciestocreatealertsoractionsThey'reevaluatedatdifferentpointsduringthediscoveryPackets,BytesorFlowsrulesareevaluatedbyflowi.pl
AgeShading
Dateandtimefieldsareusuallydisplayedwithaagebasedbackgroundcolor.Thishelpstoquicklyspotanomaliesinalistforexample:
Firstseendatesstartouttobebrightgreen(affectedbythe"retire"settinginnedi.conf)likeafreshfruitLastseendatesturnmoreredaftertimelikeasunsetThegreaterthedifferencebetweenthetwothemoreblueisadded
7
Colorsquicklyshownewdevicesandthosebeingofflineforawhile
8
NetworkManagement
Prerequisites
Beforeyoubegin,decidehowyouwilluseNeDi,andwhatyouneedtodotomakeitaneffectivetoolinyournetwork.Thediscoverynedi.plneedsSNMPreadaccessinordertodiscovernetworkdevices.PrivilegedCLIaccesscanbeusedtoreadtheMACaddresstablesonCiscodevices,whichisfasterthanvlanindexingviaSNMP,andsupportsportsecurityaswell.TheconfigurationsarereadviaCLIandstoredinthedatabaseorastextfiles.IfyouwanttouseNeDitobackupyourconfigurations,youwillneedtoenableprivilegedCLIaccess.
NeDirequiresuniquedevicenames,sincethisistheprimarykeyinthedatabase.Thedomainpartofthedevicenameisusuallydiscarded,becauseCDPisnotconsistentwithdomainnamesonalldevices,andthiscanleadtoproblemswhencreatingdevicelinks.Makesureyounameyourdevicesuniquely.
NeDireachesitsfullpotentialwhenusedwithCDP,FDPand/orLLDPcapabledevicesinyournetwork.Thediscoveryandtopologyvisualizationsnolongerdependontheseprotocolsbeingenabled,however,soNeDicanbeusedeffectivelywithoutthem.
NeDicandrawmapsfordocumentationandmonitoringdashboards
9
TopologyAwareness
Ifmappingyournetworkwithaclearandautomatedvisualrepresentationisimportanttoyou,youwillwanttoenablethetopologyawarenessfeaturesbypreparingyourdevicestobeplacedinNeDi'svisualizationsandmaps.NeDiiscapableofvisualizingyournetworkdowntoracklevel!Inordertodothis,aspecificformatfortheSNMPlocationstringisrequiredoneachdeviceasfollows(separatorscanbeconfiguredinnedi.confwithlocsep):
Region;City;Street;Floor;[Room;][Rack;][RU;][Height]
Thebuildingorstreetaddressmaycontainseveralsub-buildingsseparatedwithasecondseparator(e.g._)TheRUiscountedupwardsfromthebottomofarackTheheightisonlynecessary,ifthedevicecomesindifferentsizes(e.g.aVMwareESXserver)
Switzerland;Zurich;MainStation;5;DC;Rack17;7
Thisexampleputsadeviceinposition7ofrack17intheDCroomatthe5thfloor
FL;Orlando;42PineSt_A;54;Closet;Wallrack;1
Thisdeviceislocatedinacloset'swallrackinBuilding-Aof42Pinest(theremightbeabuilding-Batthesameaddress)
fnetworkdevicescanbeconfiguredwiththisSNMPlocationscheme,NeDicanvisualizeyourentirenetworktopology.Ifit'snotfeasibletoreconfigureallyourdevices,youcanoverridelocationsforsomeofthemintheseedlist,ormapotherinformationtothelocationscheme.You'lllosesomeofthedynamismofthemapping,butyoucanstillleveragesometopologyfeaturesthisway.
TopologyawareoverviewinMonitoring-Health
10
Citiesshowtheirsizebasedondevices:
Icon Size #ofDevices
small 1-2
medium 3-9
large 10-19
extralarge 20+
ThesameappliestoBuildingswhereasimportantonescanbe“painted”redusingredbuildinnedi.conf:
Icon Size #ofDevices
small 1-2
medium 3-9
large 10-19
extralarge(important) 20+
11
ConfigurationBackup
NeDiiscapableofbackingupswitch,routerandfirewallconfigurations.Commonbrandsandmodelsaresupportedaswellassomelessknownones(backingupofsomeFWcontextsneedsmorework).ThebackupisperformedviaCLIandcorresponding"showconf"commands.
Thebackupcanbeperformedin2ways:
1. DBonly:-b2. DBandkeepingthelastxversionsasfile:-Bx
IngeneralNeDionlywritesanewbackup,iftheconfigacutallydiffersfromthepreviousversion.SomedevicesprovideanSNMPOIDthatholdsthetimestampofthelastconfigchange(CiscoandComwareareknown).Thismakestheprocessmoreefficientasitwon'trequiredownloadingtheconfigtodeterminewhetherithaschangedornot.A2ndOIDmakesitpossibletodeterminewhethertherunningconfighasbeenwrittentothedevice'sflashandalert,ifnot:
CFGC:Lastchange@5858408suptime
EVNT:MOD=B/1L=150CL=cfgsTGT=3560CXMSG=Configchanged
(@5858408s)54.15daysafterwritingtoflash(@1179413s)
Onceconfigsarebackedup,theycanbetestedforcompliance,searched,compared,beusedastemplatefornewdeployments(e.g.viatftp)orbetranslatedintonewconfigsforcompletelydifferentbrandsandmodels(startingwithNeDi1.7).
ConfigurationCompliancePolicies
12
DeviceModules
Mostswitchesandrouterscontainlinecards,removablefantraysandpowersuppliesandopticaltransceivers.NeDiisabletodiscoverthosemodulestoagoodextent.TheycanbelistedinDevices-Modulesforreview.HoweverNeDitriestopresentthisinformationinamostusefulmanner.Stacksforexamplehavebecomemorepopularinrecentyears.ManagementtoolslikeNeDishouldbeawareofhowtheyarephysicallybuilt,butdon'toverwhelmtheuserwithlessrelevantinformation.ThisgetsevenmorecomblicatedwhenwholenetworkfabricsarebeingmanagedwithasingleIPaddress.Toanswerasimplequestionlikehowmanyswitchportsareavailableinacertainrack,becomesmorechallengingtoanswer.NeDicombinesthemoduleswiththeinterfacestopresentsuchananswer:
NeDibreakscomplexfabricsdowntoreportportsperextender
13
NetworkPopulation(Nodes)
NeDitreatsallMACaddressesfoundinthebridge-forwardtablesofswitchesasnodes.TheyarecombinedwithARPinformationfromlayer3switchesandrouters.TheIPaddressesareresolvedtoprovideactualhostnames,whichwillideallycompletethewholepictureonthenetwork.
OvertimethemovementoftheMACaddressesandchangingofIPaddressesistrackedinseparatetablesaswell:
/>Databaserelationshiparoundnodes
NodescanbelistedinNodes-ListandthenbecloserexaminedinNodes-Status.Alltablesshownabovearegraphicallyrepresentedinthisview:
Nodestatusisgraphicallyorganized
14
Editnedi.conf
ThemainconfigurationinputforNeDiisthenedi.conffile.ThefirsttaskinconfiguringNeDiiseditingthisfile.YoucanuseSystem-FilesinthewebGUItoeditnedi.conf,theseedlistandfinallycrontabtoschedulerecurringdiscoveries.Makesureyoueditnedi.confbeforestartingtodiscoveryournetwork.Theconfigurationshouldbeselfexplanatorywiththecommentsinthefile.
It'sdividedintothefollowingsections:
1. DeviceAccessdefinescredentialsandmethodsforcontactingdevices2. DiscoverycontrolsIPadrressspace,portsused,andborderswithinwhichdiscoveryshouldoccur3. BackendsetsDBaccess,systemsettingsandintegrationwithothertools4. Messaging&Monitoringtakescareofpollingandnotificationsettings5. NodesRelatedcontrolshownodesshouldbereadfromdevices,andhowtheyshouldbetreatedafterwards6. GUISettingscontrolmenuitemsandappearance
Userpasswordscanbeenteredencryptedwiththeusrseckeyword.ThesecretusedtoencryptisinthefunctionXORpass()withininc/libmisc.pm.Changeitformoresecurity(butdon'tforgettoadaptafteraNeDiupgradeorpatch).Thisprotectsthepasswordsfrompryingeyesinnedi.conf,butofcoursenot,ifthepersonhasaccesstolibmisc.pm.
Manythingscanbefine-tunedatalaterstage,buttheseparametersshouldbeconfiguredproperlyfromthestart:
rrdstepsetsthetimestepofthegraphsupontheircreation(correspondstothediscoveryinterval)cli-credentialsforCLIaccestogetMACaddresstablesonCiscoswitchesand/orconfigurationbackup
Ifyoudiscoveryourentirenetworkwiththosesettingswrong,youhavetodeleteallgraphsorresetthe"CLIaccessinformation"ondeviceswhichfailedduetoincorrectcredentials.
Ifyou'reusingdiscoveryprotocols,youmayhavetospecifyaregualrexpresion(regexp)tospecifyborderdeviceswherethediscoveryshouldstop,orlimitthevalidIPaddressrangewithnetfilterregexps.OtherwiseNeDimightwanderoffandsendreadcommunityandCLIcredentialstoalldestinationsitcanreach.Limitingthediscoverymayalsobenecessaryif,forexample,youdoparalleldiscoveries(seetablebelow).
15
Editseedlist
AddsingleIPsorrangeslike:
10.10.10.1
10.11.10.1-254
10.12.1,3,5,17.10mycomm
10.13.1,3.10-15newcomm-CH;Zug;Seeweg1;U;Lab
Itisrecommendedtoadd"-Ptimeout"topingseedsdevicespriortodiscovery,ifyouuseranges.AcommunitystringcanbeaddedaftertheIPtooverridethoseinnedi.conf(Note:SNMPv3credentialsstillneedtobedefinedinnedi.conf,astheyrequiremoreargumentsthattheseedlistdoesnotsupport)Name,locationandcontactcanbeaddedaswelltooverrideinformationderivedfromdevices(puta-toignore,e.g.thenamecannotbesetforranges)Use-uoptiontospecifyseedlistfile(e.g.forparalleldiscoveries)
Afterthelinesthataddseeds,youcanrestrictrangesaswell.Justputa!atthebeginning.Thisallowsformoresophisticatedscanningofnetworkranges.Here'sanotherexample:
#Addingdesiredranges
10.11.10-13,15.1-254
10.11.22.11-200
#ExcludingunnecessaryIPs
!10.11.11,22.17
!10.11.11,22.17
Ifyoudon’twanttoeditseedlistsyoucanaddtarget(s)withthe-aoptionfollowedbyanIPorrange.
16
DiscovertheNetwork
Onceyouhavetheprerequisitesinplance,andyouhaveyournedi.conffile(andoptionallyyourseedlist)settogo,itistimetolaunchyourdiscovery.TheeasiestwaytodosoisfromthewebGUI,andforinstructionsondoingthis,readon.Youcan,however,launchthediscoveryscript,nedi.pl,fromacommandline,andcontrolagivendiscoveryrunwithcommand-lineoptions.Ithasevolvedtobeaflexibletool,coveringdifferentneeds.Ifyouonlywanttoknowforexample,wherecomputersareconnectedtoanddon'tcareaboutlinecardsorinterfaces,youcansimplyskipthem.Thisspeedsupthediscoveryandcauseslesstrafficonthenetwork.Itcanalsomakesensetoupdatemodules,deviceaddressesandvlansonlyonceatnight(andmaybeskipARPandMACaddresstablesinstead).That'swhereapropercrontabscheduleletsyouoptimizeregulardiscoveries(seebelow).
It'salsoimportanttogetafeelingfordiscoveringnetworkcomponents.Somedevices(likestackedswtiches)cantaketheirtimetorevealtheirmodulesorevenrefuseifthey'rebusy(asseenonCiscoCat4k5).
Anotheraspectofthediscoveryishowalldevicesofthenetworkshouldbefound.Theseedlist(describedabove)isoneoptionandcanbeusedinconjunctionwithdiscoveryprotocols,routingtablesorOUIlistings.Ofcoursenewdevicescanbeaddedmanuallyaswell...
Youcanusethefollowingexamplestodeterminethebestapproachtodiscoveringyournetwork,andoptimizeyourNeDiinstallationaccordingly.Whencalculatingdiscoverytimes,agoodruleofthumbistoassumea5saveragediscoverytimeperdevice:
NetworkType DiscoverMethod
1site,upto100devicesofsamevendorwithLLDPorCDPenabled
Setrrdstepto900innedi.confLeaveseedlistemptyorspecifyacoreswitchRun"nedi.pl-p"every15minutes
1mainsiteandacoupleofremotelocations,upto500devicesofseveralvendors
Leaverrdstepat3600innedi.confPutanIPforeveryCDPorLLDP"island"intheseedlistRun"nedi.pl-p"everyhour
1or2mainsitesandmanyremotelocations,upto2000devices
Leaverrdstepat3600innedi.confCreate4seedlistssplittingupthesitesRun"nedi.pl-puseedlist"foreveryseedlistyou'vecreatedinpreviousstepwith5min.offseteveryhour
Manysiteswith5000devicesormore
Setrrdstepto14400(4h)innedi.confCreateseedlistssplittingupthediscoveries,withthatthelongestonestakearound2hRun"nedi.pl-puseedlist"with5min.offsetevery4hYoumayalsoconsidersettingupNeDiagentsineverymajorsiteanduseacentralNeDimaster
Additionalhints:
Ifyoudon'twanttoaddeverydevicenotsupportingdiscoveryprotocolstotheseedlist,youcandiscoverthemmanuallywithnedi.pl-a.Thenyoujusthavetomakesurethey'rerediscoveredbyusing-Adbqueryinsubsequentdiscoverieswhichwilladdthemasseedsfromthedatabase.Ifyouwanttohavelesscommondevicesaddedautomatically,trytheouidiscoverymethod:Addavendortotheouidevregexpinnedi.confandusenedi.pl-o.TheMACaddressesofallarpentriesarenowresolvedtotheirvendorsandcheckedagainstthisregexp.Ifitmatches,theIPaddressisthenusedasnewseeddevice.This
17
methodisnotrecommendedforvendorsproducingNICchipsetsorcomputersasNeDiwouldtrySNMPaccessonallofthoseaswell!EitherusetheGUImoduleSystem-NeDiorstartitdirectlyfromtheCLI.Makesureyou'redoingthelatterasthesameuserasyourunthecrontabwithorRRDswon'tgetupdatedcorrectly.You'llprobablygetthebestresults,withusingtheCLIandthe-voptionstocloselyfollowthediscovery.
Theseoptionsdefinehowneighborsshouldbeadded:
1. -pUsedynamicdiscoveryprotocolslikeCDPorLLDP2. -osearcharpentriesfornetworkequipmentvendorsmatchedbyouidevinnedi.conf3. -ruseroutetableentriesofL3devices
ArunwithoutanyoptionswillresultinaplainstaticdiscoveryusingtheSeedlistorthedefaultgateway,ifyouhaven'taddedanyseedsthereyet.
Using-AletsyouaddseedsdirectlyfromDB.Forexamplequeueallsnmpdevices:
nedi.pl-Aall
OrqueueallIOSdevices:
nedi.pl-A"devos='IOS'"
Similarly-OcanbeusedtoqueueARPrecordsmatchingcertainMACaddressesorvendorstrings:
nedi.pl-O"oui~'Extreme'"
18
Editcrontab
Afteryousetupnedi.pltorunthediscoverythewayyouwantitto,youwillwanttohaveitregularlycheckthenetworkfornewdevices.NeDiwillkeepaddingwhatitfinds,andtellyouwhendevicesappearanddisappear.Asshownabove,howoftenyourunitisuptoyou,andshoulddependonthesizeofyournetwork,howlongdiscoverytakes,andhowimportantitistoyoutofinddevicessoonaftertheyappear.Mostinstallationsliketohavedatauptodatewithinafewhours,butforsomeonceadaywillsuffice.Notethatthefrequencyofdiscoveryismostlyindependentofthefrequencyofmonitoring,andthissectiondescribeshowyoucansetthefrequencyofdiscoverywiththecrondaemon.
CronisastandardUnixdaemonallowingexecutionofspecificprogramsatgiventimes.Afilecalledcrontabisusedtoschedulethetasks.Itsformatisfairlysimple.Everylinestartswiththetimefields(minutehourdaymonthweekday)followedbythecommandtobeexecuted.Theoutputofthecommandscanberedirectedtologfiles.ThesecanbereviewedinthewebGUIunderSystem-Files.Thedefaultpathis/var/log/nedi.A%characterneedstobeprecededwithabackslash.
#Crontabexamplerunningevery4h
0*/4***/var/nedi/nedi.pl>/var/log/nedi/nedi-`date+%H`.run2>&1
YoucansimplyuseSystem-Filestoeditthecrontabfile.It'llbeautomaticallyappliedfortheuserrunningthewebserveruponwriting.ThismeansRRDfilesshouldbelongtothesameuserortheycan'tbeupdatedbythescheduleddiscovery.It'scommonpracticetosimplyletthisuserownallfilesintheNeDifolder.
19
AssetDiscovery
LifecyclemanagementofITinfrastructurehasbecomemoreandmoreimportantoverthepastyears.NeDicanbeoptimizedtocovermanyaspectsofthisprocess.Itstartswithcollectinganinventory,andcomparingittovendorlife-cycleinformationandmaintenancecontracts.ThedatacanthenbeexportedwithNeDi'sAPIforfurtherprocessinginyourenvironment.
UsingNeDi
Asmentionedbefore,thediscoveryhasbecomeveryflexibleandcanbeoptimizedforgatheringassetsonly.Inthisscenarioyou'reprobablynotinterestedingraphs,interfacesstatistics,ARPorMAC-addresstables.
Ontheotherhandyouwanttoadddiscovereddevicesandmodulestotheinventorytable.Thefollowingcommandwillachievethat:
nedi.pl-SAFGgadobewitjupv-Yam
IfyouuseSystem-Fileswith"update-replaceconfig"andselect"ciscoeol.tgz",it'llessentiallyunpackafilecalled"ciscoeol.csv"inthenedirootfolder.Ifnedi.pliscalledwith-Yoptions,alldevicetypesandmodulemodelsarecomparedagainstthatfileforEoLinformation,whichwillbeaddedtotheassetrecord.
AsofnowonlyCiscoproductsaresupported.Datafromothervendorswillbeprovided,shoulditbecomeavailableAsanalternativetoEoLdata,youcanuploadmaintenancecontractinformationinAssets-Management
UsingNoDi
NoDistandsfornode-discoveryandmovesonestepfurtherawayfromnetworkinfrastructure,towardstheendnodes.ThisfeatureallowsforcompletingtheITinventoryorprovidingmoreinsightinregardstosecurityormonitoringtasks.Asasideeffect,NodimonitorsandgraphsCPU,Memory,TemperatureandDiskIOaswell.
ItusesSSHorWMItoretrieveinformationfromUnixorWindowshosts.ThelatterreliesonwmicprovidedbyOpenvas.
Editnodi.conftodefinethecredentials(encryptedpasswordsaresupportedaswell):
Thefirstusrorusrsecentryshouldbeadomainadminasit'susedfordefaultWMIauthenticationAllsubsequentusrorusrsecentriesareusedforSSHAusercanbeforcedwith-uoptionTheworkinguserisstoredintheDBandwillautomaticallybeusedinsuccessivediscoveries
It'spossibletostorethenodediscoveryinformationinanewdatabase,tokeepnetworkmangamentseparated:
Changedbnameinnodi.conftosomethinglikenedi_nodeChangearpwatchinnodi.conftothenedidbname(usedwith-Otoreadarpentries)Usenedi.pl-i-Unodi.conftocreateitUsenodi.pltodiscoverthenodesUseSystem-Snapshottoswitchbetweenthedatabases
20
Troubleshooting
Testing
The-toptionletsyoutestaparticulardiscoveryaspect.Nodatawillbewrittenuponcompletion.
Forexample,ifyoucreatedacomplexseedlist,youcantestitwith-ts.Thisshouldbecombinedwithverboseordebuggingoutput,toactuallyseesomething:
nedi.pl-vts
Debugging
Ifyouencounterproblems,makesureyouunderstandwhatyou'relookingfor.Anydiscoveryrelatedproblems,suchasdynamicdiscoveryprotocols,authenticationorjustproperlyidentifyingdevicescanbedebuggedwith-dand-D:
-dbshowbasicdebuginformation-ddshowdatabasequeries-dsshowsystemstats-dclogCLIaccesstoinput.logandoutput.log(open2moreterminalsandtail-ftothem)-dvcreate*.dbfilestostoreinternalvariablesafterthediscovery(forusewith-D)-Dwillnotdiscoveryournetwork,butratherusethepreviouslygenerated*.dbfilesonfunctionstobedebuggedinnedi.pl's"DebugMode"section(intendedfordevelopers/meonly)
21
FrontendOverview
RESTAPI
PriortoNeDi1.7onlyPOSTcallswiththefollowingvariablesweresupported:
u=username(onlyuserswithoutaDevice-Filterareaccepted)p=passwordt=table(e.g.devices)q=query(e.g.device='charon')
Arewriterule(e.g.fornginx)makestherequestsmorehumanreadable:
location/api{
rewrite^/api/(w*)$/query.php?t=$1&q=$argslast;
}
AsofNeDi1.7regularGETcallsusing"BasicAuthentication"becameavailableaswell.Thismakesintegrationmucheasierasshownwiththe"RESTClient"addonforFirefox:
Asyoucansee,someinformationabouttheNeDihostisreturnedinthefirstelement.
22
ManagingAssets
Nedimanagesthelife-cycleofyournetworkinfrastructurefrompurchasinguntildisposal.Itallowsyoutoincludevendor'sendoflifeinformationinordertoidentifyunsupportedhardwareandmaintenancecontracts.Thelatterletsyoufindhardwarenotundermaintenanceoritemsyou'repayingfor,thatdon'tevenexistinyournetwork!
Assetsarestoredintheinventorytable.TheycanbemanuallyaddedwithAssets-Managementorautomaticallywiththe-Yswitchinnedi.pl.
Possiblelife-cyclestages:
1. New:Addingdevicesandmodulestoinventoryviabarcodescanner(keepingtrackofspares)2. Active:Itemswithserialnumberscanautomaticallyupdatedupondiscovery(managingequipmentinuse)3. Used:Itemhasbeenremovedfromnetworkandputbackinstorage.4. Replaced:Itemhasbeenreplacedbyaanotherone(e.g.RMA)5. Disposed:Itemhasbeenremovedfromnetworkandandtrashed6. Traded-in:Itemhasbeenremovedfromnetworkandtradedinfornewones
CiscoEoLinformation
Afilecalledciscoeol.tgzcanbeuploadedwithSystem-Files.ItcontainsalistofallproductswithknownEoLinformation.Thefieldsaremappedasfollows:
"MigrationProductID"isaddedtocomment"EndofRoutineFailureAnalysis"Dateismappedtoendsupport"EndofServiceContractRenewal"ismappedtoendwarranty"LastDateofSupport"ismappedtoendlife
23
TheNeDiGUI
NeDifeaturesamodularfrontend,whichcaneasilybecustomized.Thisisdonebycommentingoutorincludinglinesbeginningwith"module"innedi.conf.Ifamoduleisenabledinthefile,themenuitemcorrespondingtothemoduleisincluded.The"Section"controlsthetopmenu,andthe"module"tothemenuitem.TheSection-Module.phpinterpreststheselines.Theiconusedisspecifiedinthe3rdcolumn.Thegroupdetermineswhichusersareallowedtoseeandusethatparticularmodule,soitcanbecustomizedforclassesofusersaswell.
TheNeDiwebGUImoduleshavemanycommonelements.Here'ssomeusefulinformationtokeepinmindwhileusingtheGUI:
Eachmoduleconsistsofaheaderrowandamaininputform.Alargerversionofthemenuiconalwaysshowsuptotheleftandaclickonitresetsthemoduletoitsdefaults.Ifyouhoveroverit,theexactmodulenameisrevealed(showninthefooteraswell)If"Listoptimize"isselected(nextto inUser-Profile),ahistoryisshownnexttothemenuUsethe"FindIT"searchfieldintheheader,togetquickresultsonanytext,IPorMACaddressTheprinticon intheheaderopensaprintableviewofthecurrentmodule(usuallywithoutthemaininputform).OnmostlistsyoucanclickontherowstohighlightthemYoucansavethestateofmostmodulestoabookmarkorusethenotepadicon intheheadertoaddalinktotheadminmessageinUser-Profile(lookfor"EDIT"onthebottomandchangeaccordingly)TextlinksusuallyleadtoapplyingafilterwithinthecurrentformNumbersafterabar-image(e.g.#ofdevicetypes)takeyoutothecorrespondinglistmoduleUsedSQLqueriescanbeshownbyclickingonthedebugicon (onlyshownforadmin).ItexecutesthequeryinOther-ExportforquickanalysisRegularuserssee andthosehavingaviewfilterappliedget instead.Hoveringoveritrevealstheusernameandcurrentservertime
24
Lists
NeDidisplaysmostofthedataitfindsintabulardisplays,andthesearecontrolledby"Listmodules".Thepresentationofdatacanbehighlycustomizedandexportedtovariousformats.Ifyouneedtofilter,show,andsearchthroughthedata,youshouldlearnhowtomasterlists.Here'swhatthelistcontrolsdo:
Bydefaultsomereportsareshownonthebottomofmostlistmodules.The settinginUser-ProfiledetermineshowmanyentriesareshownClickingonatextlinktakesyoutothefull-featuredreportUsethe"Columns"selectboxtoaddorremovethecolumnsyouwishtosee(holddownCTRLtoselectmultiplecolumns)If"Listoptimize"isselected(nextto inUser-Profile),thecolumnsarepersistentfortheentiresessionandareportisshownbydefaultYoucanusethetemplatesasquicklistshortcutsInthefiltersection,youcandefineacriteriaandselectthecombinationoperatorsAND/ORtoadduptofourconditions(firstandsecondpairsmaybegroupedtogetherwithbrackets)Alternativelyyoucancompare2columnsdirectlybyusingtheothercombinationoperators(e.g."1=2"withcolumns"FirstDiscover"and"LastDiscover"selectedtolistdevicesonlyfoundonce)Thelastmapcanbeincludedvia andalimit canbechosenaswell(defaultis250)Thetriangles intheheaderrowallowforthelisttobesortedaccordingly.They'renotavailableonspecialcolumnscontainingrealtimedataorgraphsandotherstatisticsYoucanexportlistsasXLSbyclickingonthespreadsheeticon ,ifshownintheheader
25
Monitoring
NeDidoesmonitoringaswellasdiscovery.Theprogrammoni.plisusedtocheckthehealthanduptimeofdevices,andyoucancombineitwithtrap.plforSNMPtraptranslation,syslog.plforlogmessages,andnedi.plitselfforthemonitoringofdiscoveryevents.NeDiuseslevelsandtriggerstocategorizeandalertyouwhenmonitoringfindssomethinginteresting.Discovereddevicesarenotmonitoredbydefault.Anythresholds(CPU,Memetc.)andnotificationtriggersareappliedfromnedi.conf.Syslogeventsonlyreceivealevelof30(Other),andthuscan'tgeneratealerts.
Inordertomonitortargetstheyneedtobeaddedtothemonitoringtable,sincedevicesandnodesaredynamicallyoverwrittenbythenetworkdiscovery(nedi.pl)andyoudon'twanttolosethelistofmonitoreddeviceseachtimethishappens.YoucandothisinDevices-ListorNodes-Listbyfirstfilteringthedevicesyouwanttomonitorwiththelistcontrols,thenclickingthe"Monitor"button.AlternativelyyoucanaddsingletargetsinDevices-Statusbyclickingonthebinoculars .Onceaddedtomonitoring,targetscanbefurtherconfiguredininMonitoring-Setup.
Themonitoringdaemonmoni.plfirstsendsnon-blockinguptimerequeststoallSNMPtargets.Afterwardsallothertargetsaretestedsequentially(factoringinavailabilityoftheirdependencies).Forexample,adualhomedweb-serverwillonlybecheckedifatleastoneoftheconnectedswitchesreturnedanSNMPuptime.
TCPpingisusedbydefaultfornodesandnon-SNMPdevices(thiscanbechangedtoICMPinMonitoring-Setup)Uptime(orSNMP-Enginetime,ifsetin.def)ischosenfordevicesasitcandetectintermittentrebootsaswellBGPpeerscanbemonitoredaswell,ifBGP4-MIBissupportedonadeviceIFoper-statuscanbemonitoredaswell(e.g.onrouterorserverswitches)Themonitoringdaemonshouldbestartedautomatically.Italsoreliesonnedi.conf,whereyoucansettheintervalbetweenpolls,howmanytestsadevicecanfailbeforeitismarkedasdown,andhowalertsshouldbesentIfyouchangethesettings,theywillbeeffectiveasofthenextpollingcycle.Ifyouwanttoseeresultsimmediately,restartthedaemonfromSystem-ServicesIfatargetisreportedtobedown,anentryiscreatedintheincidentstablewiththestarttimesettothetimeit'sdetectedat.Theendtimewillbeaddedautomatically,whenthetargetisrespondingagain.IncidentsareacknowledgedbyclassificationinMonitoring-Incidents
DuetolimitationsoftheSNMPperlmoduleandnon-blockingrequests,latenciesarenotaccurateunlessyoumodifyNet::SNMP'sMessage.pm:
Line23:
useTime::HiRes;
Line691orso,abovedebugoutputinsend():
$this->{_transport}->{_send_time}=Time::HiRes::time;
MessageFlows
Thefollowingdiagramexplainshowevents(originatingfromsyslog,trap,discoveryandmonitoring)areprocessed.
26
27
Reporting
Thissectionaggregatesinformationandprovidesextensiveviewsofthecollectedinformation.Thereareseveralreportstiedtotheirrespectivedatabasetables(i.e.devices,modulesornodes)anda"CombinationReport",whichfocussesonatask(likeassetmanagement),whichdependsonseveraltables.Usingthereportssectioninvolvesthefollowing:
Settingafilter,ifdesired.AnyfilteryousetistakenintoaccountforlinkstoothermodulesSelectingthereportsyouwant(holddownCTRLformultipleselection)Usethetemplatesasquickfiltershortcuts(seetheiconsontheleftofreportselectbox)Thelastmapcanbeincludedvia andadisplaylimit canbechosenaswell(defaultis10)Reportscanbe"optimized"with (tablecaptionsreveal,what'sbeenoptimized)"Alternativesort"via useskeysratherthanvalues(tablecaptionsrevealwhathasbeensortedon)
28
GUIModules
Thissectiondescribesthevariousmodulesandtheirfunctions.YoucanenableordisablethesemodulesintheGUIsettingssectionofthenedi.conffile.
29
Assets-List
Thismodulelistsassetsfromtheinventorytable.
Youcanmakechangestomultipleassetsforthestateandmaintenancerenewalbyselectingdesiredvaluesandclickingupdate.Youcandeleteallfilteredassets(ignoringlimitsetting)byclickingdelete.Thisfeatureshouldbeusedwithcare!
30
Assets-Locations(LocationList)
ListlocationscreatedwiththelocationeditorAssets-Loced.Thefollowingfunctionsareavailable:
TheexecutecolumnrevealslinkstoothermodulesorexternalmapsIfphotosareuploadedtotheappropriatetopofolder,theycanbeaccessedintheFilescolumnANeDi-orstatic-mapcanbeaddedaswell.Ifthecoordinatesareavailable,labeledmarkersaredrawn
31
Assets-Loced(LocationEditor)
Thismodulecanbeusedtoplacelocationsonpreviouslyuploadedbackgrounds,usingSystem-Files.Alternatively,ifyoucheckthefirstboxtotherightof youwillenableNeDi'sgeocodingAPI,whichautomatestheplacementoflocations.Whenenabled,locationnamesareusedtosearchforthecorrectcoordinates.Ifyoucheckthesecondbox,thedescriptionisusedinstead.Createthelocationsandenterdescriptionspriortoenablingcheckingthisoptionforbestresults.
UsagewithBackgroundImages
Thedefaultletsyouplaceyourlocationsonabackgroundimageandcanbeleveragedwiththe"bgmap"maptypeinTopology-Maps.Atfirstyou'llseethetoplevelmap,whichisaworldmapbydefault(I'llchangethisassoonasNeDimanagesnetworksonothercelestialbodies).Selectaregionandclickonthemaptosetthecoordinates.You'llnoticethatvaluesarebeingpopulatedandthe'Add'buttonbecomes'Update',ifthelocationalreadyexists.Ifyouwantmultiplelayersforyourmaps,uploadlowerlevelmapstothecorrectlocationinthetopofolder.Forexample,sayyournetworksitesarelocatedin2regions(USAandEurope).Justnamethemapfilesbackground.jpganduploadthemtotopo/USAandtopo/Europe.Now,whenyouselectcitiesinthoseregions,theappropriatemapshouldbeshown,andyoucanplacecitiesaccordingly.Thisalsoworkswithincities(makessensewhereyou'vegotabigmetropolitannetwork).Justuploadbackground.jpgtotopo/Europe/ZurichandassoonasyouclickonbuildingsinZurichyoucanplacetheminthatmetropolitanmap.ThesubfoldersarecreatedautomaticallywhenyoudrilldowninTopology->TablewithOpenstreetmapsenabled.
UsagewithGeocoding
SelectthelocationyouwishtoaddIfitdoesn'texistorthecoordinatesare0(ifit'sbeenaddedtoabackgroundimagepreviously),ageocodinglookupisperformedandthecoordinatesareshowninblueIfyouuseinternalnamesforyourlocations,youcanentera"geocodable"nameascommentandclickaddActivatedescriptionmodewiththe2ndcheckmarkrightofAdraggablemarkerisplacedonthemap,whichcanbeadjustedtofityourneeds(coordinatesturngreen).EnteradescriptionandclicktheaddbuttonIfthisdoesn'tworkforyou,clickon toenteranaddressmanuallyThecoordinatesshouldstayblack,asthey'rereadfromtheDBnow
32
Assets-Management
Thismoduleallowsyoutoaddoreditoneassetatatime.
Assetsummariesareshownbydefault.Clickonthetexttogetafilteredlistofmatchingassets,andclickonthevaluetoadditemstotheAssets-Listmodule.Useabarcodescanner(senda"tab"uponsuccessfulreads)toscantypeandserialnumber,orjustenterthemmanually.Specifylocation,condition,source/providerandwarranty.Ifthelatteroneiscloserthanamonthawayit'llbehighlightedwiththe"warning"color,orwiththe"critical"colorifalreadyexpired.Clickonthe Icontoopenthepanelbrowser.RefertoDevices-Modulesforalistofpossibleclasses.Ifyoulistbyaproperty(e.g.location),theappropriatefieldonthetopispopulatedaswellforeasierbatchadditions.Youcanedittheitemslistedbyclickingontheirserialnumbers.Thecurrentlistwillstay.Notethatthefocuswillmovetothelocationfield,asserialnumberscannotbeedited.Youcaneitherupdateordeleteanitemnow.Ifyouclickonaclassicon,yougettotherespectivedeviceormoduleifithasbeendiscoveredYoucanexportalistasXLS,buttheAssets-Listmoduleismoreflexibleinthatrespect.
YoucanuploadaCSVfilecontainingassetswiththeirmaintenancecontractinformationaswell.Specifythefollowingintheformandselectthefile:
SelectdateformatusedintheCSVfileFieldseparatorRowstoskipfromtop
Currentlythecolumnsinthefiletobeimportedneedtobearrangedlikethis:
Field Example Description
Class License OnlySoftwareorLicenseisidentified.Everythingelse(e.g.Chassis)canbedeterminedupondiscovery
SLA 7x24 Storedin'ServicesLevel'
type 2520-8G-PoE ThetypeasspecifiedbyvendorcanbeusedtodetermineitsEoLstatus
serial 123456ABC TheSN#istheprimarykeyintheinventorytable
count - Currentlyignored(justaddanemptycolumnfornow)
serial2 ITEM2345 Willbeused,ifthefirstSN#wasnotavailableforsomereason
contact SherlockHolmes Storedin'AssetContact'
address 221bBakerStreet Combinedinassetlocationwithplace(toplace;address)
place London Combinedinassetlocationwithaddress(toplace;address)
description anythinguseful Storedin'MaintenanceDescription'
renewal Yes/NoJa/Nein Determineswhethermaintenancecontractsarerenewedornot(MaintenanceStatus)
endofmaintenance 05/26/2015 Currentmaintenanceenddate
endofsale - Currentlyignored(justaddanemptycolumnfornow)
endofsupport 05/26/2036 Endofroutinefailureanalysis
EndofLife 05/26/2071 Lastdateofanysupport
33
Devices-Config
NeDiwillbackupyourdeviceconfigurationsifithasprivilegedCLIaccessandyoutellittowith-b,or-Bx.WiththeDevices-Configmoduleyoucanreviewandcomparebackedupconfigurationsandtheirchanges.
Aconfigreportandrecentbackup-relatedeventsareshownbydefault.Therearetwomodesofoperationwhicharelistandcompare.
ListConfigurations
Forsimplelistingofconfigurationvalues,followthesesteps:
1. Searchfortextbysettingafilter2. Limitnumberofdisplayedcharactersintheexcerpts3. Limitnumberofdisplayeddevices4. Clickonanexcerpttoviewthewholeconfiguration
CompareConfigurations
Youcanusethismoduletoquicklyseedifferencesbetweenstoredconfigurations.
1. Chooseareferencedevicefromthe"List"selectbox.2. Noweitherselectthe2nddevicefromtheleftselectboxin"Comparison"orleaveitat-Type-tocompareagainst
allconfigurationsofthesametype.3. Selecthowtheoutputshouldbedisplayed.
Whenviewingaconfigurationyou'vegotthefollowingoptions:
Toggleslinenumberdisplayforeasierchangereview.SuppressesthemotdcharacterwiththatconfigurationsofCiscodevicescandirectlybecopiedanpasted.UseSystem-Databasetodisplaytheconfigasplain-textorselectafileversioninthechangesareatoeditthe
actualfile(availablewhenyourunnedi.pl-Bx).Clearsconfigurationorchanges.
34
Devices-Doctor(DeviceDoctor)
Presentsdevicespecificdiagnosticreportsandpointoutpotentialproblems(alternativelyyoucanselectaconfigwhichwillbedisplayedincontextgroups).
1. Generatea"showtechall"fileonaHPProCurve/ArubaorCiscodeviceandstoreitlocally.2. Browseforthetechfileyouwishtoanalyze.3. ClickShowtoprocessit.
Note:Thisfeatureisstillbeingrefinedformoreaccurateresults.
Redlettersonayellowbackgroundrevealpotentialproblems(hoveroverit,tolearnwhy).Adjustthebroadcast/trafficratio(default10%)toidentifyproblemsoninterfaces.Greenlinesmeanthatacheckedconditionlooksok.DarkredandOlivegreenlettersrepresentinterfacestatusintherespectivecontext.
35
Devices-Graph
Thismoduleallowsyoutodynamicallygeneratestackedinterfacegraphsandmuchmore.
PleasenotethatNeDi'sgraphingfeaturewasimplementedasanadditiontothediscoverywithlowestpossibleresourceandmaintenancecostinmind.
Itwillnotgraphthose5minutepeaks(unlessyourunNeDievery5minutesinverysmallnetworks),butprovidesalongtermviewofeachandeveryinterface.Thistranslatestobaseliningandpredictionofpotentialbottlenecks,insteadofidentifyingerraticoutburstsofanykind(You'dpreferusingatoollikeCactitomonitorthisinstead).
Selectanytopgraphsifyouwishtogetthebigpictureonyournetwork.Selectingadevicewillrevealitsinterfaces.Youcanchooseseveralofthemtobestackeddynamically(doesn'tworkforIFstatus!).Selectseveralgraphsourcesatoncetocorrelateandinvestigateproblems(e.g.CPUload,broadcastsonsomeinterfacesofadevice)SystemrelatedgraphsareCPU,MemoryandTemperatureandacustomgraphforothervalues.Usedoublearrowstomovestart(topone),thewholegraph(middle)oritsend(bottomone)byweeksorsinglearrowsfordays.Clickonadateicontomanuallysetastartorendtime.Ifyoucan'tlivewithoutdegreesinFahrenheit,adjustthesettinginUser-Profile.CPUandmemorycorrespondstoSystemloadandbatterycapacityonUPSunits'.
IfyouuseCactionthesamehost,youcanintegrateitintoNeDi:
Configurethecactioptionsinnedi.conf.NowyoucanadddevicesandinterfacestoCactihereinDevices-Graph.AcactiiconwillbeshowninDevices-Status,ifthedeviceisavailableinCacti.Clickingonittakesyouthere.
36
Devices-Install
Thisisapremiummodule,onlyavailablewithNeDi+.Findmoredetailshere
AtthistimeonlyHPProCurveSwitcheshavebeentested!
ThismoduleispartofNeDi'sprovisioningsystem.Itallowsforinstallingunconfiguredswitchesupondiscovery.Theprocedureisdividedintothefollowingsetps:
1. CreateinstallentriesspecifyingdevicetypeandIPaddresstobematched.ThedesirednameandIPsettingsneedtobesetaswell,restisoptional
2. CreateaninstalltemplatewithSystem-Files(seebelow)3. Performinstallation(withnedi.pl-Torchecking"Install"inSystem-NeDi).IftypeandIPmatchaninstallentrywith
thestate"New",thetargetIPispinged4. Ifnoanswercomesbacktheentryisusedtocreateadeviceconfigurationfromtheinstalltemplate.Thestateof
theinstallentryischangedto"Active"5. IfthedeviceisdiscoveredwiththenewIPaddressthestateoftheinstallentryischangedto"Used"6. Checkverbosenedi.ploutput,ifstatuschangesto"Broken"7. Bydefaultaninstallentriessummaryreportisshown
InstallTemplate
Aninstalltemplatepersistsofaseriesofcommands(1commandperlinewithoptionalconfirmationandtimeoutseparatedby;)topreparethetargetdeviceandaconfigtemplatewithplaceholders,whicharefilledinfromtheinstallentry.Ifused,thepasswordistakenfromtheappropriateuserinnedi.conf,butusuallyisafixed/encrypedstring
Clicommand1
Clicommand2;y;600
Clicommand3;y;0
===
sysname%NAME%
ipaddr%IPADDR%%MASK%
ipdefaultroute%GATEWAY%
vlan%VLANID%
snmplocation%LOCATION%
snmpcontact%CONTACT%
username%LOGIN%
password%PASSWORD%
enablepassword%ENABLEPW%
37
Devices-Interfaces(InterfaceList)
Listdeviceinterfaces,theirpopulationandgraphs.ItalsoallowstoaddselectiontoNode-Trackorsetindividualthresholds.
Iftheinterfacestatusisdiscovered,thetypeiconisimbuedwiththerespectivecolor(notrealtime).It'llbe"admindown"(or0),ifit'sbeenskippedineverydiscovery.Interfacesofcontrolledaccesspointsarenotpolledandsettounknown(or128).Setalertthresholdsnextto andclickUpdatetooverridethevaluesinnedi.conf(enter0toclear)Settrafficto101%orbroadcaststo65000,ifyouwanttoignorerespectivealertsonparticularinterfaces(101%duetopotentialroundingerrors,largervaluesareignoredasofNeDi1.8)SettingaMACfloodthresholdallowsthisinterfacetodiscovermultipleCDP/LLDPneighbors(e.g.inahubandspoketpoplogy)ThepopulationtakesyoutotheNodes-Listwhereyougetdetailedinformationontheconnectednodes.ThegraphsizecorrespondstosettinginUser-Profile.Bydefaultaporttypeandstatusdistributionreportisshown
38
Devices-List
Listdevices,systemgraphs,population,freeaccessportsandconfigurationstatus.RealtimeSpanning-Treeinformationcanbeaddedfortroubleshootingaswell.
Unselectingthedevicecolumnhidestheiconsi.e.tocreateasimpletextlist.Theserialnumberischeckedagainsttheinventoryandreflectssupportandmaintenancestatus.Clickonittoadditorupdateanexistingasset(e.g.totrackdecomissioneddevices).TheselecteddevicescanbemonitoredbyclickingtheMonitorbutton(gotoMonitor-Setuptoconfigurethemfurther).Theselecteddevicesandrelatedinformation(e.g.modulesandinterfaces)canbedeleted,byclickingtheDeletebutton.Bydefaultavendorandtypedistributionreportwithoutpiechartsisshown.Devicespecificthresholdscanbeeditedbyclicking andUpdatetochangeitonvisibledevicesIfyousetsupply-alert,PoE-warningorARPpoison-thresholdto0,thedefaultsfromnedi.confaretakeninstead
DeviceOptionsareusedinternallytodescribethedevice'scapabilities.Theycanbeusedforfilteringaswell.A'-'indicatesthatapropertyisnotavailable:
Position Character Description
1 A,- ifAliasfromIF-MIB
2 C,W,- CPUutilizationorWattageonUPSdevices
3 P,S,N,- Power-EthernetMIBsupportandhowinterfacesrelatetoit
4 I,- Hasinterfacesornot
5 d,s,i,m,r NamefromDNS,sysname,IP,mapped,mappedwithregex
6 c,m Contactfromsyscontact,mapped
7 l,m Locationfromsyslocation,mapped
8 U,S Uptime(overflowevery1.3years,SNMP-engine-time)
39
Devices-Modules(ModuleList)
Listmodulesandcomparehard-andsoftwarerevisionsforexample.You'llalsoseeVMs,Serverblades(onHPBladechassis)orevenprintsuppliesaswell(ThesupplylevelsareheldintheFWandHWfields).
Bydefaultamodelanddescriptiondistributionreportisshown
ModuleClasses
Thefollowingtablelistspossibleclassesformodules.Theycanbeusedforassetsaswell:
Icon Class Description
1 Other
2 Unknown
3 Chassis
4 Backplane
5 Container
6 PowerSupply
7 Fan
8 Sensor
9 Module
10 Port
11 Stack
18 Keypad
19 Camera
20 Patchpanel
21 Cover
30 Printsupply
40 VirtualMachine
50 ControlledAP
60 Server
61 CPU
62 Mem
63 HDD
64 Card
69 Display
80 OS
81 Software
82 License
40
Devices-Status(DeviceStatus)
Thisisthecenterpointofindividualdevicemanagement.It'sdividedinto6sections(GeneralInfo,Modules,Vlans,Links,InterfacesandMonitoringStats),whichcorrespondtothetablesDevices,Modules,Vlans,LinksandInterfaces.Themonitoringpartisshownonthebottomrepresentingdatafromevents,monitoringandincidents.
Youcancreatedeviceslikecloudsvia .OnthosedevicesyoucanaddmoreinterfaceswiththesamebuttonintheInterfacesection.ThosedevicescanbeusedtolinkWAN-routerstoacloudormonitorexternalservices.
Duetoperformancereasons,onlyuptime,poe,interface(andVM)operationalstatusandinterfacelast-changeisrealtime(ifdevicewasseeninlastdiscovery).Everthingelseisretrievedfromthedatabase.
Overview
Hoverovertheiconsforhintsonwhattheydo.You'llseeprintsupplylevelsonsupportedprintersorVMsonVMwareESXis.Ifsshaccessisenabledinaddition,theVMscanbeturnedonandoff.
takesyoustraighttoDefGen,incaseyouwanttoeditthedefinitionfile.addsthedevicetomonitoringandtestsSNMPuptimebydefault.Thisiconsturnsintoaclockinthatcaseor
anothersymbol,ifyouchangethetestmethodinMonitoring-Setup(clickonicontogetthere).Theserialnumberischeckedagainsttheinventoryandreflectssupportandmaintenancestatus.Clickonittoadditorupdateanexistingasset(e.g.totrackdecomissioneddevices).
Interfaces
Activeinterfaces'namesareblueandclickingonitpopsuparealtimeSVGgraphwindow,whichletsyouobservethetrafficina1-300secondinterval.Iftheabsolutecounterisnot0,thebackgroundbecomesblue,showingyoutherehasbeentrafficonthisinterface.Recentstatuschanges,higherrorcountorPoEvalueswillbeaffectthebackgroundaswell.Ifthelaststatuschangeismorerecentthanlastdiscovery,Vlan,SpeedandDuplexbecomegreyastheymayhavechanged.Thebackgroundofpopulationturnsblueifanodewaseverdiscoveredonthisport,evenifit'semptynow.ThelastseenMACwillberevealeduponhoveringoverit.Filterinterfacesbystatus(onlyworks,ifdeviceisreachable)FilterinterfacesbyVlanusesthePVIDfieldfromtheinterfacestable.Ifyoucheck"Untagged&Tagged"thevlanporttableisusedinstead"IFInformation"letsyouchoosewhatinterfacerelateddataisdisplayedBydefaultpopulation,addressesandcountervaluesareshown(0fieldsareleftempty)InterfacegraphsizecorrespondstothesettinginUser-Profile
Chancesareyouwon'tgetcomplaintsifyouunplugaportwhere:
1. Nolink(iconnotgreen)2. Lastchangeisasmuchasswitchuptime...oratleastalongtimeago!3. NonodesshownwhenPopulationischeckedandfielditselfisnotblue.4. Notrafficisshownandrespectivefieldsarenotblue.
Iftheswitchhasbeenrebootedlatelyyoumaywanttoclickon inthesummarysectiontoreviewfreeportsintheInterfaceList.
Managing
SNMPwriteenabled:
41
Youcanchangelocation,contactandadminstatusofinterfacesdirectly.IfthedeviceisusingstandardMIBsyoumayalsoeditIF-alias(entera"-"toclear)ortogglePoEdelivery(e.g.toresetahangingAPorVoIPphone).
CLIaccessenabled:
Clickon tosavetherunningconfigurationtoflash.Clickon tolookatthedevice'slog.The"CLISend->"selectboxallowsforsendingcommandfiles(filesstartingwith'cmd'intheclifolder)toadevice.RefertoSystem-Filesforcreatingcommandfiles.
Customizing
AgreatwayofcustomizingorintegratingNeDiwithothertoolsaretwoincludes,whichcanbeeditedinSystem-Files:
1. devtools.phpisincludedonceandwillbeshownnexttothedeviceicon2. iftools.phpisincludedwitheveryinterfaceandshownwiththeinterfaceaddresses.
42
Devices-Translator(ConfigurationTranslator)
Thismoduleallowsforautomatedmigrationfromanolddevicetoanewmodel.
1. Addrulesonhowconfigurationblocksshouldbetranslatedtoanewdevice2. InDevices-StatusorDevices-Configclick toprepareactualtranslation3. Selecttargetgroup(s)togeneratedesiredconfig.4. Writeconfigtotftpfolder(canbeeditedbeforeinSystem-Files)
TranslationRules
Field Description
SourceType Exactdevicetypetofilterapropriaterulesfortheexistingdevice
TargetGroupShoulddescribethenewdevicesAgroupusuallycontainsmanyrulesOneormoreareselectedwhenpreparingthetranslation,toenableflexibletranslationsonthefly
Context Forexample"interface"or"vlan"tolimitcontextspecificmatches
Source
Regularexpressiontomatchanexistingconfiglinelike"/interface(\d)$/"(if"interface"isusedascontextinotherrules,they'llbeaddedafterthisrule)Append_&&_regexptomatchcontextnames,e.g.adding_&&_/Fa([1-9]|1[0-9]|2[0-2])$/matchesonlyFa1-9,Fa10-19andFa20-22Ifyouappend_&&_USEPRIthepriorityoftheruleisused(nottheonefromthecontext),usefultomovealinefromacontexttotheglobalconfig
Destination Areplacementstringlike"interfaceFa0/$1"whereas$1,$2,$3replaceSourcematchesin()
Priority CanbeA-Ztodefinewheretheresultingconfigshouldbeplacedintheoutput
User NeDiuserwhoupdatedrule(atimestampisavailableforfilteringrulesaswell)
Clickon toduplicateallrulesforspecificsourcetypetoanewsourcetypeand/ordestinationgroup(onlyshownwithfirstruleofasourcetype)Clickon toeditaruleClickon tocopyaruleClickon todeletearuleClickShowtolistall,oravalueinthedefaultreporttolistspecificrulesClickDeletetoremoveallvisiblerules(usewithcare)YoumaywanttoexportthetranslationstableasgzipinSystem-Databaseforbackup
SpecialMethods
Herearesomeusefuladditionsforsettingsthatcan'tbeextractedfromthesourceconfigorhavebeenmappedtoothervaluesbyNeDi(e.g.location).IfnecessarythefunctionProTrans()atthebottomofDevices-Translator.phpcanbecustomizedevenfurther.
UseCase Description
DeviceIPaddressfromDB Theplaceholder%DEVIP%inthedestinationisreplacedbydevipfromthedevicestable
DevicelocationfromDB Theplaceholder%LOCATION%inthedestinationisreplacedbylocationfromthedevicestable
DevicecontactfromDB Theplaceholder%CONTACT%inthedestinationisreplacedbycontactfromthedevicestable
43
DevicegroupfromDB Theplaceholder%DEVGROUP%inthedestinationisreplacedbydevgroupfromthedevicestable
GetVlansfromDB Use"VLANNAMES"assourceandsomethinglike"VLAN%VLID%name%VLANNAME%"asdestinationtolistvlansfromvlanstable(e.g.ifthesourceconfigisunusable)
GetinterfaceVlansfromDBUse"VLPORT-TAG"(or"VLPORT-UNTAG")assourceandspecifyaninterfacecontext.Entersomethinglike"switchportallowedvlanadd%VLID%tagged"asdestinationtolisttaggedvlansfromDBonthatinterface
Gettaggedvlansfromavlancontextandapplytoaninterfacecontext
Thismethodisabletoextractstatementslike"tagged1-10"withinavlancontextandmapittointerfacebasedconfigs(e.g.translatefromHPProCurvetoCiscoIOS)
Useamatchlike"/tagged(.*)/"assourceand"VLCONTEXT-TAG-ADD"asdestinationtoaddtaggedvlanstolistUseamatchlike"/untag(.*)/"assourceand"VLCONTEXT-TAG-DEL"asdestinationtoremoveTheninthe"interface"(orsimilar)contextuse"VLCONTEXT-TAG"assourceandsomethinglike"switchportallowedvlanadd%VLID%tagged
CopytaggedVlansfromaninterfacetoanother
EnterVLPORT-TAG-COPY(sourceinterface)insourceCommaseparatedinterfacelistindestinationAddVLCONTEXT-TAGasdescribedabove,ifyouhaven'tdonesoalready
Thisonlyworkswithnumericinterfacenamesatthemoment.Thereasonbehind,itwasspecifallydevelopedtounderstandZyxelconfigs.
44
Devices-Vlans(VlanList)
Listsvlansandtheirrespectivenodepopulationonthedevicesforexample.
Bydefaultaemptyvlanreportwithalimitof1000isshown
45
Devices-Write
Thisisaveryhelpful,butalsodangerousmodule!Alwaysusewithcaution,becauseyoucouldcreateabigmessratherquickly!
ThismoduleletsyousendCLIcommandstodevicesandreviewtheoutputinstantly:
Usefiltertoselectthedesireddevices.Entersomecommandsinthe"Execute/Configuration"areaClick"Show"tosimulatetheprocessClick"Execute"tosendthecommandsClick"Configuration"toenterconfigurationmodebeforesendingthecommandsandsavetheconfigurationafterwards.OnIOSordevicesdevicewithsimilarinterfacenamesyoucanusethe"InterfaceConfiguration"sectiontoconfigureaninterfacerange.Onlydevicesofthesameoperatingsystemcanbeusedatonce.MakesureyouadjustGUIauthentication(towardstheendofnedi.conf)tofityourneeds.Ifyou'reunsureaboutthiswholething,deleteinc/devwrite.pltocompletelydisablesendingcommandsviawebinterface!
46
Monitoring-Events
Incomingmonitoring,discoveryorsyslogeventsandsnmptraps(ifenabled)arepresentedhere.Severalfilteroptionsallowyoutoexamineproblemsveryefficiently.Usethearrowkeys(beneathshow)topagearoundinyourselection.
MACandIPaddressesprovidedirectlinksforfurtherinvestigation(e.g. )EventscanbeacknowledgedbyclickingitsId.Thelevelbackgroundturnsgreyandtheirlevelisdividedby10Basedonthefilteryougetnewshortcuticonsforfurtherinvestigation
Conditionsinvolvingcriterias(e.g.locationorcontact)fromthedevicestable,cannotbeusedtodeleteeventsduetoqueryrestrictions!
EventClasses
Classesrevealthecauseandsourceofanevent(likesyslogordiscovery)Classesarerepresentedwithaniconandamouseoverdescription
EventLevels
Image Level Name Description
<30 - Anyacknowledgedeventisdividedby10(imageshowsanacknowledgedeventwithalarmlevel)
30 Other Unspecifiedlevel(e.g.fromunknownsyslogsources)
50 Info Informationalandgoodnews
100 Notice Youmightwanttolookatthis,iftimepermits
150 Warning Youprobablyshouldlookatthis...
200 Alert Definitelylookatthis!
250 Critical Seriouscondition,fixitnow!
47
Monitoring-Health
IfyoudouseNeDi'snetworkmonitoringfeatures,thisisthemoduletojustleaveopeninabrowser.
It'llrefresheveryminutetoalertyou(withoriginalwww.PSI.chsirensounds!),ifsomethinggoesdownIfyoudrilldownintolocations,themessagesandeventswillbefilteredaccordinglyAmobileversionwithoutgraphsandsessionmanagement(nologinrequired)canbeaccessedwithmh.php(deletethisfile,ifyoudon'twanttoallowthis)
Topsection:
DisplaysoverallnetworkconditionThesizeofthegraphscanbeset(orturnedoffaltogether)inUser-ProfileTargetavailability,excessivetrafficorerrorsoninterfacesExceededCPU,memoryandtemperaturethresholdsofdevices
Eventsection:
Somestatistictotheleftandimportanteventswithinthelast24htotherightareshownbydefaultAdjust#topeventsinUser-Profile(<6showslessstatistics,<3noeventsatall)AnyeventcanbeacknowledgedbyclickingitsId(internallydividingitslevelby10;acknowledgedeventsreceiveagraybackground)
Topologysection:
WorksjustlikeTopology-Map,providingoperationalstatusoflocationsinadditionFailednodesandnon-SNMPinalocationareshownwith ,butdon'taffectthebackgroundAshadedbackgrounindicatesthatnotallSNMPdevicesaremonitoredinalocationEventswithalevelof250causearedflagtoappearontherespectivelocation(acknowledgingitremovesflagfromlocation)Adjust#columnsinUser-Profilefityourscreen(settingitto0hidesthissection)
48
Monitoring-History
Analyzeeventsovertimetodiscloseabnormalbehaviourinthepast.
UsethefiltertonarrowdowntheeventsSelectstartandendpointandthegranularityforyouranalysisGrouptheeventsbylevel,sourceorclassTheoutputformatcanbebarsorinterfactivegraphs
49
Monitoring-Incidents(IncidentList)
Anincidentiscreatedwheneveradevicedidnotrespondfor'uptime-alert'times(seenedi.conf).Hereyoucanacknowledgeandclassifythemforfutureanalysis.
OnceyouknowwhathappenedselectanappropriatecategoryandentersomeinfoYoucanfilteronacategoryoractiveincidentswheretargethasn'trecoveredyet
Theeasiestwaytoacknowledgeaheapofnewincidents:
1. Setfilterto"new"2. Enteradescription,whereapplicable3. Selectclass(eventdisappearsasyoufilteronnewones)
50
Monitoring-Map
ThisisanalternativetoMonitoring-Health,displayingdynamicnetworkmapsonvariousdashboards.Alternativelyyoucanaddlocations(atleastthebuildings)inAssets-Locedandusetheircoordinatesforinteractivemaps.
Setting"NoGraphs"inUser-Profilehidesthechartsontop(othersizesaffecttheirsizeandthepreviewsintheeditor)ClickmaintitletohidethesectionuntilrefreshClick tohidethesectionforentiresessionLookatthePHPcodefortweakingthedefaulttimeouts
AddingNeDiMaps
1. CreateapngmapinTopology-Map2. Click"Monitor"whenfinished3. GotoMonitoring-Mapandclick toaccesstheeditor
Thereare6groups(A-F)whichrotatethroughtheassignedmaps(change/refreshevery10s)Thereare6groups(a-f)whichdisplaytheassignedmapsatonce(refreshwithreloadofpage,every180s)TheprioritydeterminestheorderofthemapswithinagroupClickon or toeditorcopyamapviaTopology-MapIfyousetaccesstoall,themapwillbevisibletootherusers,allowingforcopyingitintotheirownviews
AddingGeoMaps
1. Click toswitchtotheinteractiveGeomap2. Eachflagrepresentsaregion(clickonetheseeit'spopupmenu)3. 'FilterMap'zoomsintotheselectedregionanddisplaysit'scities4. Ifyoudidn'tcreateregionorcitylocationsinLoced,it'llplacetheflagononeofitschildren5. Click onthebottomtoshowallbuildings(withcurrentfilter)6. Click todisplaysiteswithbrokentargetsonly7. Click whenfinished8. Entereditorwith toadjustthesize(100%=FullHD)9. Ifyouwanttoshowseveralmapsputthemindifferentgroups(1-9)
AddingRRDGraphs
1. SelectgraphsandtheirsizeinDevices-Graphs2. Selectgroupwheretheyshouldbeaddedto3. ClickShow
51
Monitoring-Master
ThemasterconsoleisintendedforuseonacentralNeDihost,whereonlythemaster.pldaemonisrunning.AllotherGUImodulesexceptDevices-List,Devices-Status,Reports-MonitoringandMonitoring-Eventsshouldbedisabledtoavoidconfusion.InadditionauniquethemeshouldbeselectedtofurtherdistinguishthishostfromregularNeDiinstallations.
Setup
1. AddremoteNeDiinstallationstotheagentlistandaddtheusernamesandpasswordstoaccesstheminnedi.conf2. Runmaster.plfromSystem-Services(onlyvisibleifMonitoring-Masterisenabledinnedi.conf)3. GotoDevices-Listandadddetectedagentstomonitoring(NeDiagentsaretreatedasdevices)4. GotoMonitoring-Setupandselecthttporhttpsastest ,totellmaster.plhowtoaccesstheagents5. Youcanaddapathlikenedi/astestoption ,ifnediisnotaccessibleintherootpath6. GobacktoSystem-Servicestorestartmaster.plorwaitfora'pause'intervalltogettheagentspolled
Operation
Uponfirstaccess,master.plreadsthelasteventwithlevel200(alert)oraboveandallunacknowledgedincidents.Onsubsequentrunsonlynewalert-eventsareread.Incidentsareremovedfromthemasterconsole,ifthey'reacknowledgedontheagent.Monitoring-Mastershowsthoseeventsandincidentswithquicklinkstotherespectiveagents.
52
Monitoring-Setup
Configurehowtargetsaremonitoredandhowusersarenotifieduponafailure.TheconceptofMonitoring-Setupistousethefilterinordertoapplysettingstoasingleormultipletargets.Ifyoudon'tsetafilter,alltargetsareupdatedatonce.
Filter
Usethetemplates(iconsabovefilter)orclickonthelinksofTarget(tomatchasingletarget)Clickingonatesticon(e.g. )executesamonitoringtestonthistargetClickingonAlertorEventsAction(e.g. )fromthelistappliesitasfilter
Monitor
DefinetheTest (Shouldbeuptimeforallswitchesandroutersalready)Settingitto"No"skipsactivepolling.Canbeusedasmaintenancemodeorifyoujustwanttosetevent-actionsordiscoverythresholdsonadeviceSelecticmpifTCPpingdoesn'tworkonatarget.Enter#ofpacketsin ,ifyouwanttosendmorethan1Testhttp/https:Youcanenterastringlike"index.html"in andaregexpmatchingasuccessfulresponsein .OnlyaSYNcheck(TCPpingonport80)isperformed,ifyoudon'tTestdns:youcansendahostnameandaregexpmatchingtheexpectedIPaddressTestntp:youcansendRFC2030fieldslike"Stratum"andenteramatch [̂1-5]$todetectifyourntpserverlostsyncClicking"Update"appliesthesettingstothedisplayedtargetsClicking"Delete"removesthedisplayedtargetsfrommonitoringSelectemailorSMSalerts,justhaveincidentscreateMonitoring-Eventsornothingatall.Ifyouselectarepeatoption,thealertisresentevery100thfailedtestTheLatencytextboxallowsforchangingthelatencythresholdforindividualtargetsClickon tosimulateanouttageofthefirstmonitoredtarget
Events/Threshold
Youcanforwardeventsasemailsbasedontheirlevelorcontainedtext:
WithForwardinthefirstboxselectaminimumeventlevelWithForwardinthefirstboxenteraregexpastheFilterAlternativelyyoucanselectDiscard,amaximumeventleveland/oraregexpandmatchingeventswillnotevenbestoredintheDB(LevellimitcanonlybeusedtoforwardORdiscardbutnotboth)SettingaregexpforMaximumraisesmatchingeventstolevel250(Emergency)andshowsthosewithinthepast24hinMonitoring-Health(usefultoidentifyfailedpowersuppliesorstackmembers)Thenotifysettingsfromnedi.confcanbeoverriddenforeachtargetinthe"DiscoverNotice"fieldToclearanyfitlerentera"-"byitself
Reset
Setsdependencyinfo,ifavailablevialinksordeviceinformation(incaseofnodetargets).Afterthat,thedependenciescanbeadjustedoneachtargetindividually
UpdatestargetIPaddressfromdevicesornodes(incasethey'vechanged,there'sa iconinthetargetstatus)
Resettheavailabilitycounters(lost&ok)onceayearifyouneedtoknowannualavailabilityforexampleAyellow/shadedtargetstatusindicatesthatitsnotfoundasnodeordeviceanymore(andshouldprobablybedeleted)
53
Nodes-Create
CanbeusedtocreateVMsonanESXhypervisor,ifSSHaccessisenabledandcredentialsareset
SelecthypervisorandVMtobeusedastemplateEnteratargetnameSpecifynumberofCPUs,memoryanddisksizeEnterfullpathandfilename,ifyouwanttoinstallfromaISOimageClickshowtoreviewtheVMconfigandAddtocreateit
CLITips
IfpoweringonaVMdoesn'tprovideanyresult:vim-cmdvmsvc/message(vmid)
Ifmessageaskforananswer:vim-cmdvmsvc/message(vmid)_vmx11
Ifaprocessgetsstuckandyouget"Anothertaskisalreadyinprogress"error:Determineidofprocessinquestion:esxclivmprocesslist
Thenkillit:esxclivmprocesskill--type=force--world-id=(id-from-above)
ShrinkthinprovisionedHDDimage(zerofillunusedspacefirst)vmkfstools-Khdd.vmdk
54
Nodes-List
Listnodes,correspondinginterfaces,theirgraphsandavailableservicesforexample.
ThenodestablewithMAC-interfacesmappingsisthebaseforthismodule.ItscombinedwithIP,IPv6andDNStables,whichmayresultinmanyentries,ifseveralIPaddressesarefoundforaparticularMACaddress.Ifyoulistrealtimeservices,makesureyoudon'tmatchtoomanynodesasitwilltakealongtimetoscantheopenports.ClickingontheNICvendoricontakesyoutoNodes-Statuswhereyougetallnodedetailsataglance.Youcanaddthedisplayednodestomonitoring(testingwithaTCPpingbydefault).Bydefaultthe"NodeSummary"reportisshown
Conditionsinvolvingcriterias(e.g.locationorcontact)fromthedevicesorinterfaces(e.g.IFalias)table,cannotbeusedtodeletenodesduetoqueryrestrictions!
55
Nodes-RogueAP(RogueAPList)
Thisisanapproachtodetectpotentiallyrogueaccesspointsfromthewiredside.AllnodesarecomparedagainstalistofMACaddresssamplesfromconsumeraccesspoints.
Check'Population>1'toonlyshowmatcheswhereseveralnodesarefoundonaportwithmatchingMACsample
56
Nodes-Status(NodeStatus)
ThisistheDevices-Statuscounterpartfornodes.Itdisplaysthenoderelevantinformationontheleft,deviceandinterfaceontherightwiththeconnectioninbetween.
You'dusuallylandherecomingfromothermoduleslikeNodes-List.Alternativelyyoucanenter/pasteaMAC-addressinanycommonformat(groupedby-or.or:orplainHEX)IfyouneedtheMAC-addressinaCLIwindowofadevice,simplycopytheappropriateformatshown
ViewsyslogeventscontainingthisMACaddressCreateaMACpolicy(e.g.markthisnodeasstolen)Allowsadministratorstodeletethenode
ClickingonthenetworkiconofanIPaddressrevealsacontextmenu:
ViewsyslogeventscomingfromthisIPGototheToolboxwiththisIPSendWakeonLanpacketsProvisiondeviceusingentryfromDevices-InstallIdentifieshostandavailableservicesDiscoverasanSNMPdevice
57
Nodes-Toolbox
Somenoderelatedfunctionstotroubleshootproblems.
BydefaultclientcustomizationsforbetterinteroperabilitywithNeDiareshown.Ifyou'reaccessingitfromaclientinthefield,thismightbeofinterestaswell:
Downloadkitty.exetoaccessdevicesusingtelnetorSSH.Downloadiperf.exetotestnetworktrhoughput(requiresenablingtheserverinSystem-Services,oranother
iperfserversomewhereelse).
58
Nodes-Traffic
ThisisthemainNetflowmodule.Knowledgeaboutnfdumpandthetcpdumpfiltersyntaxishelpfulhere.
Thenetflowdatauseslocalunixtimestamps,whicharenotadjustedtotheclient'stimezone,ifdifferent!
Thefirstselectboxletsyouselectthecolumnstobeaggregatedby(defaultstoproto,src/dstandsrc/dstport)The2nddeterminessortingThe3thletsyouselecttheflowsource(s)Thetextboxallowsforusingafilter(sometemplatesabove)IPsarecheckedagainstdns,arp,nodes,networkanddevicestablesandsetaniconaccordinglyTheslideradjuststhestarttime(canbesetwithdatepickerbydoubleclickontimefield)Youcanaddagraphlikepiechart,sankeyorRRD(latterisnotadjustingtodisplayedtraffic)Enablingnamelookupwith usesdnsandwhois(storingtheresultinthenetinfotable,whichcantakeamoment)Clickingonthesourcesanddestinationscyclesthefilter(src/dstip,ip,src/dstnet,net)forquickchangesCreateanalertpolicyfromanappliedbyfilterbyclickingthe icon(requiresSystem-Policy)
59
Other-Calculator(IPCalculator)
Subnetcalculatorforsub-andsupernetting
Check"DBComparison"tofindusedandunusedaddressrangesAtableofsubnetscanbeexportedtoXLSforfurtherprocessing
60
Other-Converter(NumberConverter)
Averysimplenumberconverter,whichcanbehelpfulinfindingthecorrectOIDswithDef-Editor:
PasteOIDsorstringcontainingHEXordecimalnumbersandclickShowThevaluesareshownindecimal,HEXandASCII
61
Other-Defed(DeviceDefinitionEditor)
Generatethoseinfamous.deffileswiththehelpofthismodule,tomakethemasaccurateandreliableaspossible.Emailmetheresulting.deffilesbyclickingon ,ifthey're100%workingandI'llincludetheminthedistribution.
You'dusuallyclickonasysobjidcolumnofanunknowndeviceinDevices-Listor inDevices-Status.ThiswilladdanIPaddressandSNMPcommunityalongwiththesysobjidyouwishtotakecareof.
Incasea.deffileexistsalready,it'svalueswillbefilledintotheform.
The buttonsubmitsIPandcommunity,readstheexisting.defandmarksthesysobjidtobeusedassourceforanunknowndevicewithnosuitablesource.defswithinrange.
Incasea.defexistswithit'slastsysobjiddigitwithin-+10ofthechosenone,it'llbeaddedtoalistofpotentialsource.defs,whichcanbecopiedastemplate.(apreviouselymarked.defappearsassourcewithgreenbackground,ifnonewerefound).
Here'ssomeusefulinformationonSysobjids:Cisco
It'salsorecommendedtowatchtheDefGenTutorial!
Hoverovertheinputfields,togethintsonwhattofillin.Findthemostofficialtype(there'susuallyastickerwithabarcodesomewhere).SelecttheiconaccordingtotheGUIdocsontheNeDiHomepage.Contactme,ifyouneedanewOSselection.SomevendorsusevlancommunityindexingtogetBridgeforwardinginformationontheswitches.Somevendorsusetwicethebandwidthtoindicatefullduplex.Justuse'doublespeed'askeywordforIFDuplex.OnlypopulatetheAlias-Duplex-andVlan-Indexfields,ifthey'renotthesameastheinterfaceindexes.IfMAUtype(1.3.6.1.2.1.26.2.1.1.11)isused,noactualduplexvaluesarerequired.Usemodifierstomultiply/dividetemperatureandmemoryifnecessary.Thelatteralsoaccepts%ifthevaluereflectspercentageofavailablememoryor-%inthecaseofusedmemory.Addan"N"toanOID,ifofthelastnumbercanvaryforCPUortemperature.Add1-xtobootimage,iftheinfoisspreadacrossseveralOIDs(e.g.Zyxel,ESXi)UseanegativecustomthresholdtoalertifresultislessthanthresholdOnceyoustarteditingthetextarea,theinputfieldsabovewillbelockedtopreventaccidentalinput.
62
Other-Flower(FlowerOpenflows)
Openflowisastandard,whichallowsforacontrollertodirectlymanageflowtablesonswitches.ThisformsthefoundationofSoftwareDefinedNetworking(SDN)andcanbeusedtobuildfirefwalls,loadbalancersandalotmorethatwecan'teventhinkof,yet.
ThismodulemakesiteasytocreateandremovestaticflowsonsuchanOpenflowcontroller(rightnowFloodlightissupportedandtested).
SetthenameorIPaddressofyourcontrollerinthe$flcvariableatthetopofthephpcodeorsimplycallitwithOther-Flower.php?flc=CONTROLLERAllswitchesmanagedbythecontrollershowupwiththeirflowsinalistonthebottompart.Hoveringovericonsandinputfieldsrevealtheirpurpose.IfOther-Flowerisenabledinnedi.conf,you'llseeitsiconinNodes-List'sMACandIPaddressfields,whichletsyouquicklyaddnewflowsbasedonthemTopushanewflow,enteranameforitandapriorityifdesired.Definethefiltertomatchpacketsbasedoningressport,source/destMACorIPaddressorUDP/TCPports.You'llneedtoadd0x800asEthertypeand6asprotocol,ifyouwishtomatchTCPpacketsforexample.Nowsetanactiontotake,whichcanbeadestinationinterface,vlanandevenmodifyingMACorIPaddressorport.Ifyoudon'tspecifyanaction,thematchingpacketwillbedropped.Selecttheswitchesfromthelistbelow,whereyouwanttoinstalltheflowonandclickAdd.
63
Other-Info
Simplewrapperforphpinfo();
64
Other-Invoice(InvoiceGenerator)
Here'sawaytofinanceNeDi'sdevelopmentinformofanannualcontributionbasedonthesizeofyournetwork:
Enteryouraddress,acommenttoinformpurchasingwhatit'sforandclickupdateDeselectcheckboxes,ifyoudon'twanttopayfortherespectiveitemsselectacurrencyandclickonthe"Print"iconthecreateaninvoiceTheresultinginvoicecanbeprintedbyclickingontoplefticon
THANKSINADVANCE!
65
Other-Noodle(NoodleSearch)
Thisisasimplesearchtool(Google-likeNeDiSearch)tofindstringsinthewholedatabase.It'susuallycalledbythe"FindIT"boxintheheader
66
Reports-Combination(CombinationReports)
Thismodulecombinesactualreportsfromtheotherreportingmodulesinordertoprovideenhancedviewsonspecificaspects:
1. Assetlistsalldevicerelevantinfoandthedistributionofmoduleswithin2. Populationshowshowthenodesaredistributedacrossyournetwork3. Monitoringsummarizeseventsandincidents4. Errorlistsduplicatesthatshouldn'tbe,IFerrors/discardsandlinkmismatches
67
Reports-Custom(CustomReport)
Thismoduleallowsforcreatingcustomizedreports.Someknowledgeabouthowdatabaseswork,ishelpfulhere.
TheDevicetableisusedasbaseforeveryreportSelectanothertable,ifyoudon'tjustwanttolookatdevicesDefineafilter(upto4conditions)Select(multiple)columnstogrouptheresultsbySelectacharttypetobedisplayedontopUselocationlevelincombinationwithlocationcolumnstogrouponcitiesforexampleUsethetemplateiconsforquickexamples
68
Reports-Devices(DeviceReports)
Reportsfocussingondevices,theirconnectionsandconfigurations.
TypeDistribution Distributionofdevicevendorsandtypes
ClassDistribution Distributionofdeviceclassesandtheirservices
SWDistribution Distributionofoperatingsystemsandsoftwareversions
DuplicateSerial# Duplicateserialnumbersofdevicesandmodules
DuplicateIP DuplicatemgmtIPaddressesofdevices
GroupDistribution Devicegroupandmodestatistics(canbeVTPrelatedorAPgroupsinWlancontrollers)
Configuration CLIdevicesmissingconfigandconfigswithoutchanges
DevicePoE TopPoEbudgedsandtheirusage(basedonPower-EthernetMIB)
DiscoverHistory Discoverhistory,whereeachcoloumnislimitedindividually(usefiltertonarrowdownthetimeframe)
DeviceConnection Unlinkeddevicesandundiscoveredneighbors
ConnectionErrors Linkmismatchesbasedondiscoveryprotocolinformation
69
Reports-Interfaces(InterfaceReports)
Interfacereportsprovideinformationontheperimeterofyournetwork,butalsorevealinternalproblemsormisconfiguration.
Summary ShowsTopinterfacetypesandrespectivestatus
Traffic,Errors,DiscardsandBroadcasts
liststhebusiestandmostproblematicinterfacesofyournetwork.Check'AlternativeSort'totakeIFspeedintoaccountofthetrafficstatsandtheactualtrafficfortheerrors.'Optimize'usesabsoluteerrorsratherthanthoseseenwithinthelastdiscoveryperiod
PortAvailability Revealswhichswitchescanbereplacedbysmalleronesorwhicharegettingreallyfull(basedonrecentingresstraffic).'Optimize'restrictsthisstatistictobridgesandethernetinterfaces
PortDisabled Quicklyfindthatinterfaceyoudisabledaweekago,becausesomeinfectednotebooktriedtoattacktherestofyournetwork
PoEStatistics Displaystoppowerdeliveryperdeviceandinterfaceaverage,basedonperinterfacePoEinformation(e.g.fromdiscoveryprotocolorinterfaceMIBs)
VlanDistribution
Generatesavlanmatrix,showingnumberofuntaggedportswithanicon(1,2and3ormore)andnumberoftaggedportswithbackgroundcolor(shaded,ifuntaggedportsarefound)
70
Reports-Modules(ModuleReports)
Needtoknowhowmanymodulesofakindyou'vegot?Thisreportalsohelps,ifyouneedtogenerateaHWinventoryforsupportcontractsbasedonserialnumbersetc.
Distribution Presentsanoverviewofwhichmodulesareinstalledinwhichdevices
Inventory Generatesacompletelistofdevicesandtheirindividualmodules
Printsupplies Listsprintsuppliessortedbyavailabilityorlocation(tomakefillingthemupeasierfortheguywhohastogotoeveryprinter)
VirtualMachines ListallhypervisorswithallocatedVMs,CPUsandmemory
71
Reports-Monitoring(MonitoringReports)
Generalmonitoringstatisticslikeavailability,eventsourcesandincidentsandhowthey'reacknowledged.
AvailabilityDistribution Statisticsoftargetsandtheirlocations
LatencyStatistics Last,averageandmaximumlatencyoftargets(inaccurateatthemoment,sorry)
UptimeStatistics Listdeviceswiththehighestservicetime
EventsDistribution Statisticalbreakdownofevents,theirlevelsandsources
IncidentGroup Distributionanddurationofcathegorizedincidents
IncidentDistribution Distributionofincidentsacrosstargetsandtheirlocations
IncidentAcknowledge Acknowledgestatisticsandtimeperuser
IncidentHistory Logincalendarformto"spotpatterns"(optimizerevealsdetailedview,increaselimitformoreyears)
72
Reports-Networks(InterfaceReports)
FindhownodesaredistributedacrossyourIPrangesorhowsubnetsarebeingused.
NetworkDistribution
Listsdiscoverednetworksandtheirusage.ClickoptimizetoverifyallinterfaceIPsandprefixesondeviceswitheachother
NetworkPopulation
Showsallsubnets(</16)andmapsIPsofnodes(green)anddevices(blue)orboth(yellow)intotheaddressspace.EmptyDNSentriesshowupred
73
Reports-Nodes(NodeReports)
Reportsfocusedaroundtheanythingconnectedtoyournetwork.
Summary Nodestatisticsataglance
NodeDistribution Distributionofnodesbyportanddevicetodetectunmanagedswitchesorhubs
DuplicateNodes Showsduplicatenodenames(e.g.havingaWlanandEthernetconnection)orMACaddresses
NodeAddress ShowsduplicateormultipleIPaddresses
OS&Services ShowtopnodeOSandtypestatisticsifnodesareidentifiedwithNeDi'sscanfeature
Nomads IPandIFchangesmultipliedyieldNeDi'snomadfactor,anindicatorforthosewhoseemtotravelalot
DiscoverHistory
Thishisorycanrevealmajorchangesorproblemsinyournetwork.Eachcoloumnislimitedindividually(usefiltertonarrowdownthetimeframe)
EmptyVlans Unpopulatedvlanscanbeidentifiedandeventuallyremoved,ifnotneededonparticulardevices
74
System-Database
BackupSQLtables,performDBmaintenance,exportconfigurationsastextfilesorothertablesasCSVfiles.BydefaultthecompleteDBstructureincludingnumberofrecordsisshown:
Quicklyview(thefirst1000)entriesofatablebyclickingonthe ,ifshownOptimizeatablewith orrepairwithDeleteallrecordswith
Execute
Selectaqueryfromthe"--DBList--selectbox.EntriesbeginwithsimpleSELECTstatementstodisplayentiretables,butalsocontainmaintenancetaskstowardsthebottom"ConfigurationBackup"simplyaddsaquerytoselectallconfigs,butcreatesadownloadablegziparchiveaswellAllotherselectstatementslisttherespectivetablecontents,whichcanbedisplayedasCSV(withdestinationsetto"plain")
changesIPaddressesandtimestampstoahumanreadableformatandaddsatimestamptothearchivename,ifdestinationisGziporBzip2Bzip2needsmoreresources,butgenerallycreatessmallerarchives.Dependingontheamountofdatayou'redealingwith,themodulerequiresmorememoryortimetofinishprocessing!
SQLDump
Select(holddownCTRLformultiple)tablestobeexportedinSQLformatTheresultingfilecanbeimportedagainviaSystem-Files,ifDestinationwassettoGzip
75
System-Files
Thismodulesprovidesthefollowingmajorfeatures:
1. Edit/Viewsystem,deviceconfigurationandnedilogfiles2. ImportSQLdataorupdateNeDifiles3. Managefilesinhtml/log,map,topoandtftpboot4. ManageCLIcommandfilesandinstalltemplates(seeDevices-Install)5. DeleteoutdatedRRDs(olderthanretireinnedi.conf)tofreeupdiskspace
Editor/Viewer
Simplychoosethefileyouwanttoeditandclicksave,whenyou'redone.Youcanonlyeditfiles,whicharewritablebythewebserver.Adeviceconfigurationcanbewrittento"tftpboot"andusedforPXEprovisioningWheneditingnedi.confornodi.confyoucanclick forthepasswordencryptionpop-upClickon tocreateanewinstalltemplatesorCLIcommandfiles
Import/Update
Select"ImportDB"anduploada.sql.gz(packed)filewhichwillreplacetheDBdata.YoucanrestoredumpscreatedwithSystem-Exportforexample.CreateandactivateasnapshottoadddatafromanotherNeDisystemSelect"UpdateImage"anduploadanarchivewithalternativeusericons(usr/0-99.jpg)ordevicepanels(panel/devtype.jpg)Uploadanedi.tgzarchiveandchoosewhetheryouwhishtobackupyourexistingconfig(checkforcompatibilty!)ornot(e.g.forpatches)
ManageFiles
Uploadfilesintheapropriatearea.Filesinhtml/logcanbeaccesseddirectlybyclickingonfilename.DeletefilesbyclickingonFoldersinthetoposectioncanbeselectedtouploadabackground.jpgorotherfilestothislocation.TheycanbeusedbyTopology-Mapas"geo"mapbackgroundsorTopology-TableandAssets-LocationfordocumentationClickon tocreateanewfilein"tftpboot"forPXEprovisioning
76
System-NeDi
Executenedi.plfromtheGUI.Themodulecanbeusedtoperformthefollowingtasks:
1. Bydefaultthehelpisdisplayed,whichrevealsoptionsandtheoutputlegend2. Definitionsshowsallavailable.deffiles,sysobjidsarelinkedtoDef-Editor3. Discoverwillactuallyfinddevices4. ServicesscansforcertainopenportsongivenIPaddressesandusestheanswersforhostidentification5. Initdropsandrecreatethewholedatabase,butdoesnotremoveanyconfigfilesorRRDs
Doubleclickintheoutputareatohaveitturnyellowandscrolldownautomatically.Doitagaintoturnthisfeatureoff.
Discover
ThisisNeDi'score.Youcanusethismoduletodeterminethebestwaytodiscoveryournetwork.Onceyou'vefoundtherightoptions,copythecommandabovetheoutputandputitincrontabviaSystem-Files.Thereareseveralapproachestodiscoveranetwork.Firsttherightmethodtousethesourcesneedstobefound:
1. Don'taddanyIPstotheseedlistandcheck"Protocol".ThisdiscoversthedefaultgatewayoftheNeDihostandanyneighborsviaCDPorLLDP
2. Ifyouhavefirewallsorother"hurdles"separatingyournetworks(notsupportingCDPorLLDP),youneedtoaddaseedforeachisland
3. Useastaticseedlistanddon'tuseanydiscoveryprotocols4. Select"Address"fromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-155. Alternativelyyoucanclick toselectDeviceswiththe'all'optiontodiscoveralldevicesintheDB6. Youcanalsouseaquerytoonlydiscoverasubsetandusecrontabtoparallelizethediscoveriesthisway7. Tofindmore"exotic"devices,addthevendorstringstoouidevinnedi.confandcheck"OUI".Discoverarouter
connectedtothosedevicesandthey'llbequeued8. Youcanuseroutetablesaslayer3discoverybychecking"Routes"
Thebehaviorcanbecontrolledwiththefollowingoptions:
SelectaConfigurationoptiontobackupdeviceconfigurationstoDBandtheconfigfolderClick toskipinterfaceinfo, toavoidgraphsor toignorenodes(anycombinationispossible,tospeedupthediscovery)Select"Version"toforceusinganSNMPversion(onlytesteduponfirstdiscoveryandthefirstoneworkingisstoredinDB)Check"Read"tore-testSNMPreadaccess(usefultorediscoveranexistingdeviceinconjunctionwith-V)Check"Write"tore-testSNMPwritecommunitystrings(onlytesteduponfirstdiscovery,canbeturnedofviasnmpwriteinnedi.conf)CheckFQDNtousecompletedevicenames.Otherwiseeverythingaftera'.'istruncatedasfqdn'scancausewronglinksNeDireliesonuniquedevicenames.CheckDevIPtousetheirIPaddressesinsteadSelectacommandfilefromCLI-Sendselectboxtohaveitexecutedoneachdiscovereddevice(seeSystem-Filesforcreatingthem)
DNSNames
SelectAddressfromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-15CheckverbosetofollowtheprogressofthenameresolutionClickExecutetoresolveallnamesinthatIPrangeTheNetworkPopulationreportinReports-NetworksleveragesthisinformationtoshowunusedDNSrecordsforexample
77
Services
SelectAddressfromtheSeed-selectboxandenterasingleIPorrangelike1.2.3,6,8.10-15AlternativelyyoucanselectNodesandenteraquerylikeoui~'intel'SelectPing(1-3stimeout)tomakesureanaddressisinuse(TCPechoisusedandmaynotworkonsomehosts)CheckverbosetofollowtheprogressofthehostidentificationThe'id'optionusesssh,sendmail,http,httpsandnetbiosforhostidentificationIfusedfromCLI,additionalportscanbecheckedlike-sid,3128,5900
78
System-NoDi
Executenodi.plfromtheGUI.
NoDistandsfornode-discovery(refertotheNeDiGuideformoreinformation).Makesureyoueditnodi.confbeforeusingthismodule.
1. Bydefaultthehelpisdisplayed,whichrevealsoptionsandtheoutputlegend2. EnteranIPaddress/rangeorselectNodesandenteraSQLquery3. Selectausertoavoidtryingallavailableones4. Skipwhatyoudon'tneed5. Click"Execute"tostartdiscovery
Doubleclickintheoutputareatohaveitturnyellowandscrolldownautomatically.Doitagaintoturnthisfeatureoff.
79
System-Policy
Thisisapremiummodule,onlyavailablewithNeDi+.Findmoredetailshere
Makesureyouunderstandhowpolicyactionswork!Youcandisableallnetworkinterfacesforexample,ifyoudon'tknowwhatyou'redoing!
Searchfor'safetyon!'inlibmisc.pmandtogglecommentingonthe2'$clistat'lines,ifyou'reconfident!
Thismoduleletsyoudefineconditionsondeviceconfigurations,neighborsorlearnedMACaddressesandtakeactionuponhitormiss.
Theclassofapolicydetermineswhereinthediscoveryit'sprocessed.Thisisimportant,ifyouwanttotakeactiononneighbornamesandlearnedMACaddressesforexample,asonlythelastmatchingpolicywithanactionwillbeexecuted.
Order Class Operator Description
1 NeighborName ~or!~ AftercollectingallLLDP,CDPorFDPneighborstheirnamesareprocessed
2 NeighborType ~or!~ Rightafterthenames,theirtypesareprocessed
3 MACAddress ~or!~ Aftercollectingthebridge-forwardentries(MACaddresstable)they'reprocessed
4 ConnectionBefore ~or!~ WhenwritingtheinterfacestotheDB,thepreviousconnectioninformation(linktype)is
processedtodetectchangesindeviceinterconnections
- Configuration ~or!~ Configurationsareprocessedwith-bor-Bx,butthispolicydoesnotdependontheothersabove
- PortConfiguration ~or!~ Configurationofinterfacecontexts(e.g.inconjunctionwith"ConnectionType")
- DeviceMonitor any
Addnewdevicestomonitoring.Ifyouenter-ornointarget,it'llbeaddedinmaintenancemode.CPU&Memthresholdsaretakenfrom.def,alertactionisappliedtotargetanddoesnotcreatealertsitself
- Total#ofMACs >or< Thispolicyreferstototal#oflearnedMACaddresses(includingthoseonuplinks).It
doesnotdependontheothersaboveasit'sevaluatedafterwritingnodesofadevice
-Packets,BytesandFlows
>or< Thosepoliciesareusedbyflowi.pl(onnfdumpfiles)allowingforalertsonexcessiveormissingtraffic
StolenNodes
1. Clickon inNodes-StatustocreateaMACpolicyofthatnode2. AdjustAlertsettingorinfotextandclickadd3. EverytimethisMACaddressisfound,you'llbenotifiedaccordingtothealertsetting
ConfigurationCompliance
1. Select"Configuration"fromtheclassselectboxandenterregexptomatch(e.g.'snmp-servercommunitypublic')2. Alternativelyyoucanchangetheoperatorto'!~'togetalertsonmissingconfigurationstatements3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample
80
4. AdjustAlertsettingandinformationtextandclickadd
PortConfigurationCompliance
1. Select"PortConfiguration"fromtheclassselectboxandenterregexptomatch(e.g.'switchportmodetrunk')2. Alternativelyyoucanchangetheoperatorto'!~'togetalertsonmissingconfigurationstatements3. Narrowdownthematchesbyspecifyingaregexpfordevicetypeorconnection-type=Phoneforexample4. AdjustAlertsettingandinformationtextandclickadd
DeviceMonitor
1. Select"DeviceMonitor"fromtheclassselectbox,enter"-"or"no"astargettosettesttononeorspecifyatestlike"ping"
2. Ifyouleavetargetblankit'lldefaulttouptimeforSNMPdevicesandicmpfornon-SNMPones3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample4. AdjustAlertsettingforthemonitoredtarget(repeatoptionsarenotsupportedyet)andclickadd5. DependenciesarenotresolvedautomaticallyandshouldbeconfiguredinMonitoring-Setup
PoEPolice
1. AddaNeighborPolicywiththe"SkipAction"toallowPoedeliverytophonesorcontrolledAPs.2. AddaMACPolicytoeithermatch(~)onparticularaddressesorentera'.'tomatchany3. Narrowdownthematchesbyspecifyingaregexpfordevicetype,locationorgroupforexample4. OptionallyselectaninterfaceconditiontoonlytriggerifPoEwasactiveinthepreviousdiscovery5. Select'PoEDisabled'ActionandaddaresetpolicybyselectingatimeframeafterwhichPoEshouldbere-enabled6. Uponthefirstdiscovery,whenitstimestampisinthepast,theresetpolicyisexecutedtorestorePoEdelivery7. AdjustAlertsettingandinformationtextandclickadd
LinkAlerts
1. Adda"ConnectionBefore"Policyandenter"D$"tomatchregulardevices2. Selectthe"StatusChange"condition3. Alternativelyyoucanselectaconnectiontypetomatchthecurrentstatus(e.g.ifsomeonereplaceadevicewitha
phone)4. AdjustAlertsettingandinformationtextandclickadd
Traffic
1. InNodes-Trafficchoosecolumnstoaggregate(group),sorting,sourceandafilterthenclickShow2. TheSystem-Policyiconappears,clickit3. Setoperatorandathreshold,thenspecifyhowyouwanttogetnotified4. Thispolicycreateseventswithclass'sptr'(System-Policy-Traffic)usingitsidassource
GeneralTopics
Apolicycannotbeedited,butcopiedbyclickingon andthenaddedagainApolicycanbedisabledbyclickingon (andenabledrespectively)ApolicycanberemovedbyclickingonThe"SkipAction" withelistsaport,thusavoidsanyotheractiontobeexecutedYoushouldaddaresetactiontorecoverdisabledportsorre-enablePoEafteragiventime(they'readdedwithstatusnewandatimestampsetinthefuture,whentheactiontakesplace)Theresetactionisperformed,whenitstimestampisinthepastIfskippolor-ScontainsporFnoactionswilltakeplace,exceptthoseofresetpoliciesIfskippolor-ScontainsPpoliciesarecompletelyignoredThoroughlytestpolicieswithoutactionsbefore'arming'themwithoneActionsaresupportedonIOSandProCurvedevicesatthemoment(changedconfigisnotsavedtoflash)Incaseanerroroccuredwhilegettingdeviceneighbors,theskipactionisappliedtoconcernedinterfaces(inhibiingerraticactions)
81
Theinformationtextisusedinevents,emailsandsms,butalsoservesascommentinthepolicylist(e.g.ifnoAlertisselected)Actionscommandsarewrittentopol_filesintheclifolderandcanbereviewedalongwiththeirlogsinSystem-FilesBydefaultapolicysummaryreportisshown
82
System-Services(NeDiServices)
ViewprocessesandresourcesofyourNeDihostandstartorstopcertainservices.
ThetopsectionshowsandcontrolsNeDirelatedservices.Thelowersectionshowsallrunningprocessesandsomesystemstats.Clickon tostopor startaserviceThisonlyworks,iftheservicesdon'tneedtoopenanypriviledgedports(<1024).Ofcourseyoucouldrunthewebserverasroot,butthatcancreatesecurityrisks!ThereforeNeDi'sSyslog(syslog.pl)andsnmptrapdrunonhigh-portsandusuallyareredirectedbyaninternalfirewall.
Discovery
Dependingonthesizeandtopologyofyournetwork,itmakessensetorunseveraldiscoverythreadsatthesametime.
DothisbydividingthenetworkinafewsectionsusingbordersanddifferentseedfilesandaddcrontabentriesaccordinglyOnthefarrightyouseethediscoverystatus(#ofthreadsisrevealedbyhoveringoverIncaseadiscoveryterminatedunexpectedly,youcanresetitbyclickingon .
83
System-Snapshot
Thismodulesletsyoutakeasnapshotofthecurrentdatabase.Thismaybeveryhelpfulforanetworkmigrationforexample,asyoucangobackintimeandexamineyournetworkprioranychanges
InadditionyoucanimportaNeDidatabasefromacompletelydifferentnetworkforreview,withoutaffectingyour"real"data.
AddingaSnapshot
Enterasuffixtoidentifyyoursnapshot.Bydefaultatimestampisfilledin.ProvideDBadminuser(usuallyroot)andpassword.Clickthe"Add"buttontocopythecurrentdatabasetothesnapshot(mighttakeawhile).
ActivatingaSnapshot
Thedatabaseusedinthecurrentsessionisindicatedby .Clickon inthesnapshotlisttoactivateeitherthemaindatabaseorasnapshot.The logoonthetopleftisreplacedby toremindyou,thatyou'reworkinginasnapshotnow.Hoveroverittorevealwhichone.Alarmsoundsandrrdgraphsareturnedoffaswelltoavoidanyconfusionuntilyouselectthemaindatabaseagain(usually'nedi').Youcanmanipulatedatainasnapshot,butitwon'thaveaneffectonthecurrentdatabase,sincethediscoverykeepsusingthemaindatabase.ThisappliesforimportingaDBwithSystem-Filesaswell,meaningyoucanactuallyimportacompletelydifferentdatabase
DeletingaSnapshot
Clickon todeleteasnapshot(onlyshownoninactivesnapshots).Afterconfirmationthesnapshotwillbedeletedanditsdiskspacefreedup.
84
Topology-Linked(LinkEditor)
Editstaticlinkshere,ifthediscoveryprotocolsdon'tdeliversatisfyingresults.
Selectadevice,anyexistinglinksofthisdeviceareshownautomatically.Selectthedesiredinterface(greenindicateslink-statusisup)Dothesamefortheneighbour.Click'Add'tocreatethisandthereverselink.Bothlinksneedtobedeletedseparately,ifthey'renolongerrequired.Theright deletesthelinkandshowstheneighborforeasierdeletionoftheoppositelink.Selectthelinktype,ifyoujustwanttoseewhat'sintheDB.SelectIsolatedtoidentifylinks,withoutdeviceintheDB.Bydefaultthe"ConnectionError"reportisshown
85
Topology-Links(LinkList)
Listlinksofthedevices.
Bydefaultthe"DeviceConnection"reportisshown
86
Topology-Map
Thismodulewasintendedfordocumentationpurposes,eventhoughitfeaturesinteractivehandlingnow.Itcanalsobeusedtoobservetraffic,errors,broadcasts,discards,cpuusageortemperatureofdevices.Mapsarewrittenonaperuserbasistohtml/logorusedinMonitoring-Map.Uponaccessingthismodulethelastmapwillbedisplayedwithoutinteractivefeatures.
GraphsareonlydrawninPNGandonlyforthe1sttimethemapisgenerated,becausethey'llbedeletedafterwards.Thismaybeaproblem,ifyouwishtosavethepicture(screenshotalwaysworks,though).AlternativelySVGoreveninteractiveD3jsmapscanbecreated.Draganodetofixitonthecanvas.Doubleclicktoletitfloatagain."PNG"png"generatestruecolor,"8bit"generates256colorpngimagesrespectively.Theycanbeincludedinthecombinationreportorvariouslists.SVGisusedforvectordrawings,whichcanbeimportedbyotherapplications.Youprobablywanttouse"shapes"insteadof"icons"unlessyoucopythemintotherightplaceonthedestination.Hoverovertheinputfieldsandiconstogethints.Ifyouenabledynamic-edit(farrightwalk-iconabove"Execute"),themapwillberedrawnuponanyinputandfieldsaredisabledifthey'reofnousewiththecurrentsettings.ThisworksbestifthebrowsersupportsHTML5properly.TogetafeelforthisrathercomplexpartofNeDi,clickonthe iconsinothermodulestocreatemapsindifferentcontexts.A"bgmap"mapfindsthebestsuitedbackgroundimageautomatically.E.g.theregionalone,ifyou'reonlydrawingthe"Shire"regionandyou'veuploadedabackground.jpgtotopo/ShirewithSystem-Filesforexample.Assumingyou'veeditedthisregionwithLocedbefore,it'llnowusethecitycoordinates,you'veenteredtoputthecityicons.Ifyoudrawatbuildinglevel,they'llsimplybearrangedaroundthecitycoordinatesinaring.ClicktheMonitorbuttontoaddcurrentmaptoMonitoring-Map
Internallymapsarecalculatedusingpolarcoordinates(exceptin"layer"mode),whereeachlevel(e.g.acity)formsaring.Devicesarearrangedbasedontheirneighbors.Thisdoesnotalwaysworkout,butgenerallyyieldsacceptableresultsaftersometweaking.Thefollowingsectionsexplainhowthisisdone.
Filter
Layermode:The4fieldscorrespondtocore,distribution,accessandaccess2layersandselectdevicesforeachdesiredlayerAllothers:Sameasthefiltersectioninthelistmodules
Main
TitleofMapSize(canbeadjustedinURI)andoutputformatofmapForhierarchicalmapsuse"bld"(drawsbuildingswithfloors)or"ring"(drawsbuildingsascircles).Thisletsyoudrawregion,cityorbuildinglevelmapsleveragingNeDi'sSNMPlocationscheme.The"bgmap"typereliesuploadedbackgroundsandinformationyou'veaddedwithLocedAlternativelyyoucanselect"flat"whichstillgivesyoutheabilitydrawmapswithoutanylocationawarenessbutdisplaynon-SNMPdevicesorevennodes
addsanadditionalconditionstofilteronSNMPdevicesonlydefinesthecenterofyourmap
Rotatemapattop,cityorbuildinglevel(shiftlayersonX-axisin"layer"mode)
Layout
defineshowlinksarepresented.Lengh/leveldetermineshowmuchshorteralinkbetweenbuildingsisgoingtobethanalinkbetweencitiesforexample.Thenextfielddefinestheoffsetfromthelinkendpointforinterface
87
information(ifdisplayed)lengthsetsthetop-levellinklength(canbelookedatzoom-leveltoo).They'redrawn"straight"asdefault,but
sometimesyou'dpreferan"arc"LinkInformationcanbebandwidthorevenaRRDgraph.Itcanbemovedawayfromthecenter,ifitgetsinthe
wayofotheritemsdefineshowmap-nodesarerepresented.Positivenumbersusethepositioninthetopology,negativejust
numberofneighborstodetermineitsdistancefromthecenter.In"layer"modethisonlysety-amplitudeforaccesslayeralternating
Floorsizesetsthebuildingsizewhenactualdevicesaredrawninhierarchicalmaps.Thisvaluecanbeassmallas8if"TinyShapes"isselectedabovetogenerateabird-eyeviewofyournetworkColumnsletsyoucontrolhowwidethosebuildingsarerepresented
Show
Selectvariousdetailstoshowuponthemap
88
Topology-Multicast
SimpletooltoshowPIMroutingtableonaCisco�routerorIGMPinfoonaProCurve�switch.
89
Topology-Networks(NetworkList)
ListIPv4andIPv6addressesbyVRFsforexample.
IfanIPv4addressisempty,theentryisanIPv6address.Hoveroverthenetworkicontorevealit'sclass.ThestatusofthecorrespondinginterfaceorVRF/VPNisshownwiththenetworkicon(stayswhiteifnotavailable).YoucansearchfornetworksusingCIDRnotation(1.2.3.4/24)orregexps( 1̂.2.3)Someprefixesshow0,ifNeDicouldn'treadthemproperlyfromthedevice.
90
Topology-Routes(RoutesToolbox)
ThisistheformerRealtimeRoutesmodule,whichnowprovides3modesofoperation:
Listroutesstoredinthedatabase(NeDi1.8feature)Displaytheroutingtableofadeivce,byselectingonewiththerightselectboxandclicking"Show"Tracearoutebyselectingsource,destinationandclicking"Route"
91
Topology-Spanningtree(RealtimeSpanningtree)
DisplaysSpanningtreestatusofalayer2device.
Selectswitchfromlist.Selectvlan,todisplaypervlanspanningtreeinformation,ifapplicable.Additionallydisplaytrafficgraphs(ifRRDisenabled)toverifyoperation.TheinterfacepointingtotherootbridgeisindicatedwithTheMACaddressoftherootbridgecanbesearchedforbyclickingonIntheIFstatuscolumnyoucanseeifaportisblockingorforwardingetc.
92
Topology-Table
IfyourdevicesareconfiguredwithSNMPlocationinformationaccordingtoNeDi'sscheme,youcandrilldownintoyournetworkinatabularfashionhere.
Thosebuttonsonthetoprighthelpnavigatingandrevealmoreinformation:
Click togettothetop, toregion, tocity,or tobuildinglevel.displaysnumberofdevicesperlocationaddsnodepopulationperlocationaddsfreeaccessportsperlocation
Clickingonlocationnameslistsallitsdevices(thedisplayedwidthissetinUser-Profile ).Youcan"paint"importantbuildingsred(ish)withredbuildinnedi.conf.Astreetaddresscanhaveseveralbuildings,ifbldsepisconfiguredcorrectly.Adigitshowingtheamountofsub-buildingsisadded,iftherearemorethanone.
Thenextbuttoncyclesthedisplayofyoursites.ThestateispreservedwithinthesessionandisusedinMonitoring-Healthaswell:
Switchestosmallicons(goodfordisplayinghundredsofsites)ShowsNeDimaps(foraglanceinside)Showsstaticmapswhicharecachedinthe"topo/"treeAddswheatherinformationforcities,withthatyouknowwhenit'sdownbecauseofathunderstorm.Revertstothedefaulticondisplay.
BuildingLevel
Insideabuildingyougettoseethedevicesoneachfloorandroom.Ifyouspecifiedtherackandrack-unit,theroomnamebecomesalinkwhichtakesyoutotherackview.
Clickingonafloorlistsallmatchingdevices.Togglesdisplayingnon-SNMPdevices.Showsdevicepanelsinsteadoficons.
IfphotosordocumentsnamedBuilding-Floor-something(ignoringnon-wordcharacters)arefoundintopo/Region/Citythey'representedwithaniconunderneaththefloorlabel.Clickingonthemrevealsthephotoinapopupwindoworopensthefile.
93
User-Chat
AverysimplechatinterfaceforNeDiusers.Youcanalsorunstati.pleveryweekorsoanditwilladdstatisticstothechat,similartoabotinanIRCchannel.
Hoveroverauserimage,ifyou'reunsurewhoitisThegreeneramessagethemorerecentYoureventsarealittlebrighterthanthoseofothers
94
User-Management
Adminscanaddandmanageusersandtheirgroupshere.InadditionaDeviceFiltercanbeappliedtoanon-adminusertorestricthisaccesstothenetwork.
AssigngroupsbyclickingontheGroupicons.Selectdevicefilter,ifrequired.Entera-toclear,clickon toverifyDeleteanaccountbyclickingUse toresetalostpasswordOthericonslistdevices,assetsandeventsrelatedtotheuser
95
User-Profile
Thisisyourstartingpage,whensigningin(exceptforDecember;-).Italsoservestodisplayanyadministativenotificationsandtoedityourpasswordandinformation.
You'llonlyreceivemonitoringemailsandSMS,ifyouenteryourinfoaccordinglyandareinthemonitoringgroupletslisttablesrememberthecolumnsettingsandadds"breadcrumps"totheheader.Ifyouareusinganssh
andtelnetpluginthatreckognizesplainIPaddresses,youcanturnoffanyIPlinksaswell#ofeventsorreportentriesareshownincertainmodules#ofcolumnstobeshownintopologytableviewslabellengthintablesandmaps
LanguageandthemearenotupdatedimmediatelyandrequireareloadletsyouedittheAdminMessage(ifyou'reanadmin)
96
User-Radius
ThisisaNeDiEnterprisemodule,onlyavailablethroughacertifiedpartner
ManagerscanaddRadiusgroupsanduserswiththismodule(requiresradiusdatabasesettingsinnedi.conf).
IntheVlansectionofDevices-Statusclickon toprefillthegroupfieldsChangetoyourneedsandclick"Add"tocreateagroupreplyentryForMACauthentication,filterdesirednodesinNodes-ListSelectagroup(ornot)andclick"Radius"toaddvisiblenodestotheradiusDBAddotherusersbyenteringname,passwordimUser-Radiusandselectgroup(ornot)andclick"Add"Createauserlistbyusingthefilterandclicking"Show"Bydefaulttheavailablegroupsanduser-groupmappingsareshown
97
TableofContents
Introduction 2InstallationInstructions 3
GeneralOverview 4Architecture 5FunctionalBreakdown 6Terminology 7
NetworkManagement 9Prerequisites 9TopologyAwareness 10ConfigurationBackup 12DeviceModules 13NetworkPopulation(Nodes) 14Editnedi.conf 15Editseedlist 16DiscovertheNetwork 17Editcrontab 19
AssetDiscovery 20Troubleshooting 21FrontendOverview 22RESTAPI 22ManagingAssets 23TheNeDiGUI 24Lists 25Monitoring 26Reporting 28
GUIModules 29Assets-List 30Assets-Locations(LocationList) 31Assets-Loced(LocationEditor) 32Assets-Management 33Devices-Config 34Devices-Doctor(DeviceDoctor) 35Devices-Graph 36Devices-Install 37Devices-Interfaces(InterfaceList) 38Devices-List 39Devices-Modules(ModuleList) 40Devices-Status(DeviceStatus) 41Devices-Translator(ConfigurationTranslator) 43Devices-Vlans(VlanList) 45Devices-Write 46Monitoring-Events 47Monitoring-Health 48Monitoring-History 49
98
Monitoring-Incidents(IncidentList) 50Monitoring-Map 51Monitoring-Master 52Monitoring-Setup 53Nodes-Create 54Nodes-List 55Nodes-RogueAP(RogueAPList) 56Nodes-Status(NodeStatus) 57Nodes-Toolbox 58Nodes-Traffic 59Other-Calculator(IPCalculator) 60Other-Converter(NumberConverter) 61Other-Defed(DeviceDefinitionEditor) 62Other-Flower(FlowerOpenflows) 63Other-Info 64Other-Invoice(InvoiceGenerator) 65Other-Noodle(NoodleSearch) 66Reports-Combination(CombinationReports) 67Reports-Custom(CustomReport) 68Reports-Devices(DeviceReports) 69Reports-Interfaces(InterfaceReports) 70Reports-Modules(ModuleReports) 71Reports-Monitoring(MonitoringReports) 72Reports-Networks(InterfaceReports) 73Reports-Nodes(NodeReports) 74System-Database 75System-Files 76System-NeDi 77System-NoDi 79System-Policy 80System-Services(NeDiServices) 83System-Snapshot 84Topology-Linked(LinkEditor) 85Topology-Links(LinkList) 86Topology-Map 87Topology-Multicast 89Topology-Networks(NetworkList) 90Topology-Routes(RoutesToolbox) 91Topology-Spanningtree(RealtimeSpanningtree) 92Topology-Table 93User-Chat 94User-Management 95User-Profile 96User-Radius 97
99