Device Auto-Discovery
NetIM uses SNMP to discover devices in your network and then configures device entries for SNMP, CLI, or WMI access. When NetIM scheduled collection is run, as specified in the Basic Setup wizard, incremental discovery is performed. When you manually discover devices using the
“Add/Discover Devices Wizard" wizard, a greenfield discovery is performed.
Device discovery finds network devices and adds corresponding device entries in the Device Manager. It does not collect or import device data into the NetIM database.
Device discovery is most useful if you have SNMP access to network devices and permission to access those devices using SNMP. If you do not have SNMP access to devices but can access them using CLI from the NetIM, Device Discovery cannot create device entries but can still configure device entries for CLI access.
During auto-discovery, IP routing tables are collected using SNMP. During the collection of these tables, NetIM inserts a delay between data requests to try to avoid placing too heavy a load on the device CPU during auto-discovery.
“Contact Technical Support" for assistance if auto-discovery is having a significant negative impact on CPU usage for devices in your network.
Device auto-discovery adds traffic to the network and places a load on network devices during the discovery process. Use care when determining when you should schedule collection to avoid impacting network performance. Coordinate with network administrators to ensure that the collection is not interpreted as a security threat/intrusion.
The global configuration settings for device discovery are managed using the Global Discovery Settings Wizard. See
“Managing Global Credentials and Other Global Discovery Settings".
This following topics are covered in this section:
Related Topics
SNMP Discovery
Device discovery supports SNMP v1, v2c, and v3. The discovery process begins at one or more user-specified IP addresses/subnets. This starting point is called the discovery seed. The SNMP discovery engine attempts to access the discovery seed(s) using SNMP using a list of user-specified v1/v2c community strings and v3 USM credentials. The adapter tries each community string or set of USM credentials until one succeeds or the list is exhausted. If none of the community strings or USM credentials succeed, the adapter determines that the device is not SNMP-capable and moves on to the next IP address.
Upon successful SNMP access, the discovery engine queries MIB values to learn IP addresses. It then attempts to access each of the learned IP addresses that fall within the discovery range. In this way, discovery of the network expands from the discovery seed(s) based on IP addresses learned from each device that NetIM successfully accesses. In the default configuration, the process will run an unbounded discovery. This means that it will attempt to discover every IP address it learns during the discovery process. An unbounded discovery process can expand to devices outside of your network domain and/or management control and/or attempt to access devices that are not SNMP-enabled thus increasing the amount of time it takes to complete the discovery. It is therefore recommended that you limit discovery by using the
““Adding Devices to Device Manager"".
Riverbed recommends that you configure a discovery range to optimize adapter runtime. For more information, see
“Configure Discovery Range".
The final step in the SNMP discovery process is creation of entries in the Device Manager. When a device is discovered with SNMP and passes the include, exclude, capability, and vendor filters, the engine creates a corresponding device entry in the Device Manager. When an entry is added to the Device Manager, the community string or set of USM credentials that succeeded during the SNMP discovery process is filled in for the device in the device entry. For more information about filters that are applied to determine whether a device entry is created, see
“Filters for Device Entries".
See the following for more information about SNMP discovery:
Filters for Device Entries
When the discovery engine successfully accesses a device, it not only queries to learn IP addresses from the device, it also queries MIB values to learn the device capability and vendor for that device. The discovery engine uses the capability and vendor information to determine if an entry should be added to the Device Manager for that device. By default, entries are created only for devices with router, switch, or server capability, and all vendors are accepted.
Discovering Through Firewalls
If you want the process to discover devices that are located on either side of a firewall you will need to configure an access list for NetIM and open a port (default SNMP port is 161) to permit SNMP traffic between NetIM and devices on the other side of the firewall. You may also specify a seed device on either side of the firewall to speed discovery.
The discovery engine will be unable to discover a device if a firewall separates it from NetIM and bi-directional SNMP traffic between the devices and NetIM is not permitted through the firewall.
Discovering Firewall Devices
A firewall may not be SNMP-enabled for security reasons. If this is the case, NetIM will be unable to discover it. If you want to collect CLI data from a firewall, you can manually add an entry to the Device Manager.
If a firewall is SNMP-enabled and you want NetIM to discover it, you will need to configure the firewall to permit SNMP access from NetIM.
Related Topics
Device Entries Created in Device Manager
The following table lists the fields populated in a device entry by device discovery. For more information about the Device Manager see
“Controlling Direct Collection".
When NetIM successfully connects to a device using SNMP during the discovery phase, the corresponding device entry contains enough information for SNMP collection. Additional fields are required to successfully connect to a device using command line interface (CLI). This additional information is filled in the device entry during the auto-configuration phase of device discovery.
Device Entry Attribute | SNMP Discovery Engine |
Active flag | Set according to global settings configured using the
““Adding Devices to Device Manager"". |
Device Name | X
(sysName) |
Access Address | X |
Device Driver | X |
CLI Login Script | X2 |
CLI Credentials: User Name
Password
Privileged Password | X |
SNMP v1/v2c Community String | X
(SNMP v1/v2c community string used to discover the device) |
SNMP v3 USM Credentials: Security Level
User Name
Context Name
Authentication Protocol
Authentication Password
Privacy Protocol
Privacy Password |
X
(SNMP v3 USM credentials used to discover the device)
|
Collect Config flag |
Set according to the workflow settings in the “Basic Setup Wizard“. If no workflows are chosen, these flags are all unset.
|
Collect SNMP flag |
Collect Metrics flag |
1 The access address may be outside of the discovery range if the device has at least one interface with an IP address in the discovery range.
2 Determined by Device Discovery during the access configuration phase, if successful CLI credentials are supplied.
3 These CLI credentials are set in the device entry only if the user-supplied credentials lead to successful CLI login to the device.
Device discovery may find a device through more than one IP address; however it will only create one entry in the Device Manager. When determining which of the IP addresses to use as the Access Address for the device entry, it attempts to identify a loopback address in the domain defined by the Include Addresses List through which the device is both SNMP and CLI accessible. If it cannot identify such an address, it chooses the best IP address in the Include list range. If no Include list was provided, the discovery engine chooses the best address available. It is possible that the chosen address will be outside of the domain defined by the Include Addresses List and/or a non-loopback address.
Related Topics
Requirements for Device Discovery
The following is required for SNMP discovery:
• SNMPv1, v2c, or v3 must be enabled on all network devices that you want to discover (read-only level is adequate).
• NetIM must have access to network devices using SNMP (default SNMP port is 161).
• You must provide the set of SNMP read-only community strings or v3 credentials defined for the network domain of interest. See
“Global Credentials Lists".
• You must provide the IP address of at least one router or switch in each separately connected component that you want to discover.
• You must have permission to poll devices on your network using SNMP.
The following is required for auto-configuration of device entries:
• Network access to devices is required on the following ports for CLI access:
– telnet (23)
– SSH (22)
• You must provide the credentials needed for CLI login for devices in the network domain of interest. See
“Global Credentials Lists".
Related Topics
Configure Discovery Range
In the default configuration, auto-discovery is unbounded. For best results, Riverbed recommends that you limit auto-discovery to the SNMP-enabled devices in the network domain of interest over which you have access and management control and from which you want to collect data using NetIM’s direct collection adapters. You can do this by entering an Include Addresses List in the Add/Discover Devices wizard or the Global Discovery Settings wizard.
You can configure a discovery range to minimize the work performed by the discovery engine and optimize runtime. The discovery process can be bounded using an Include Addresses List, an Exclude Addresses List, or both. When creating an Include/Exclude Addresses List, you can specify an individual IP address, range of IP addresses, or subnet. See
“Global Include/Exclude Address Lists".
Related Topics
Troubleshooting Device Discovery
This section contains troubleshooting tips for device discovery.
If NetIM does not discover any devices:
• Ensure that discovery seeds are supplied, either by a seed file or by having active device entries in the Device Manager
• Verify that discovery seeds can be accessed using SNMP
– Ensure that SNMP is enabled on seed devices.
– Ensure that SNMP (default SNMP port is 161) is not blocked between NetIM and the devices.
– Verify that either SNMP v1/v2c community strings or SNMP v3 USM credentials for the seed devices are present in credentials file.
– Check SNMP timeouts to ensure they are not too low for the network.
– Use the MIB browser packaged with NetIM (app.sh MIB_BROWSER) to determine if seed devices can be accessed using SNMP.
This is a UI-based utility. You must use X or an xrdp session..
If the adapter does not discover a specific device or set of devices that is known to exist:
• Verify that the devices can be accessed using SNMP
– Ensure that SNMP is enabled on undiscovered devices
– Ensure that SNMP (default SNMP port is 161) is not blocked between NetIM and the devices
– Verify that either SNMP v1/v2c community strings or SNMP v3 USM credentials for the undiscovered devices are present in the credentials file
– Check SNMP timeouts to ensure they are not too low for the network
– Use the MIB browser packaged with NetIM (app.sh mib_browser) to determine if undiscovered devices can be accessed using SNMP
This is a UI-based utility. You must use X or an xrdp session.
• Check to see if IP addresses are being skipped
– Ensure that the IP addresses for undiscovered devices are within the discovery range as specified by the Include and Exclude files.
If the SNMP discovery engine cannot discover a device or set of devices using the configured seeds and discovery boundaries, it may be necessary to add device IP addresses/subnets to the seed file.
If Device Discovery does not create any entries in the Device Manager:
• SNMP discovery may not have discovered any routers or switches
• Filtering (device capability and/or vendor) configuration may be too restrictive
Related Topics
Working with Device Login Scripts
NetIM automatically creates login scripts required to log in to a device, like for example a CISCO router.
All login scripts are listed in the CONFIGURE->All Settings->Administer->Login Scripts->Login Scripts page, as follows:
The Login Scripts page is used in the rare occurrence that you need to add a new login script because NetIM could not automatically determine the correct login sequence.
From the Login Scripts page you can do the following:
• View an existing login script by clicking on the
Eye icon
. A screen like the following appears:
• Duplicate an existing login script by clicking on the
Duplicate icon
.
• Add a new login script by clicking on the
Add icon
. The following screen appears:
On this page provide a name, an initial prompt, and then click the
Add Step 
icon. The following screen appears:
Using the mouse-over tool tips for guidance, fill out the screen and when you are finished click the Submit button.
