Find all the devices with misconfigured TACACS..

I was working with a client today on Nectus POC and he asked me to generate a list of all the routers and switches that have problems with TACACS.

Nectus didn’t have “out of the box” report that validates the SSH connection to each device so we had to be creative in this case.

Fist we enabled AAA integration on Nectus  (Settings ->General Settings ->AAA Integration) and configured Tacacs credentials (username/password)

so it can open SSH sessions to devices.

Next step was to enable  “Configuration Backup” Feature in “Settings -> Device configuration Backup” and start the config backup job one time manually.

In 15 min we had a list of all devices where config backup failed, so we exported it to CSV and client got what he wanted.  Piece of cake.

 

Finding MAC Address in a haystack

,

We all know how hard it is sometimes to find one single MAC address in the big network..

You have to look through the forwarding tables of many switches.

Nectus makes it easy. We scan forwarding tables from all the switches as part of regular Discovery jobs and save all MAC addresses and

corresponding Switch ports to a database. So you can find your MAC address in seconds.

Go to “Inventory-> MAC Addresses” for a complete MAC Address list

Free Nectus license for Cisco Academy Students

We offer free Nectus license to all Students of Cisco Network Academies. All Features Enabled.

Restricted to max 20 devices.

Contact us at admin@nectus5.com to get your personal licence key.

 

 

Changing color scheme for Nectus GUI pages

Some of the users complained about gloomy Nectus color scheme.

The reason for dork color scheme is lesser strain on eyes during long troubleshooting sessions but for those

who still wants to enjoy more contemporary colors we added ability to switch between dark and light colors scheme

for Go to “Settings -> Miscellaneous Settings” and switch between “Night” and “Day” schemes.

 

Preventing specific devices from sending messages to Syslog DB

,

If you want to prevent specific device from sending messages to Syslog, you can add its IP address

to Syslog Sender Blacklist. All messages from that IP address will be discarded.

 

Adding to Syslog keyword Blacklist

,

If you want to prevent specific Syslog messages from being added to Syslog Database,

you can add a specific keyword to a Syslog blacklist and all syslog messages that contain this keyword will be discarded.

This does not have retroactive effect on messages that are already in DB.

 

How to work with SNMP v2 Contexts in Nexus 7000

,

This is an example on how to obtain list of IP addresses assigned to Interfaces inside specific SNMP Context on Nexus 7000

Step 1.

Obtain list of all SNMP Contexts by sending SNMP GET Bulk for cContextMappingVrfName (.1.3.6.1.4.1.9.9.468.1.1.1.2)

Response:

‘1.3.6.1.4.1.9.9.468.1.1.1.2.10.109.97.110.97.103.101.109.101.110.116’=>”management”

In this response Nexus 7018 Switch has only one SNMP context with a name “management”

 

Step 2.

Obtain list of all IP addressses that exist in context “management” by sending SNMP GET Bulk for ipAdEntIfIndex (.1.3.6.1.2.1.4.20.1.2)

Note that for this step step we have append context name to V2 community string

(e.g public@management) to specify that this request is specific for context “management”.

Response:

‘1.3.6.1.2.1.4.20.1.2.10.255.27.34’=>”83886080″

In this response we have IP address [10.255.27.34] and associated interface ifIndex “83886080”

 

Step 3.

Find interface name with ifIndex 83886080 by sending SNMP GET Bulk for (.1.3.6.1.2.1.2.2.1.2)

Response:

‘1.3.6.1.2.1.2.2.1.2.83886080’ => “mgmt0”

 

So in these 3 steps we have found that  Interface Mgmt0 has assigned an ip address 10.255.27.34

 

Access Nectus GUI via firewall

Following ports needs to be opened for inbound access to Nectus GUI via Firewall

HTTPS: TCP 443

WebSockets: TCP 8000, 8100

CST signs partner agreement with Cisco Learning Academy to provide Network Visualization and Discovery tools

CST signs partner agreement with Cisco Learning Academy to provide

Network Visualization and Discovery tools to be used in training classes.

 

 

 

Supporting multiple SNMP versions within the same network

,

Very often our customers  has to live trough the M&A process where merging networks are configured with different SNMP parameters.

It can be just different  SNMP v2 community strings of different flavors of ciphers in SNMP v3.

To support multiple SNMP settings within the single management domain Nectus implements a concept of SNMP profiles.

User can define up to 10 different SNMP profiles and Nectus Discovery will try them all in predefined order.

For each live IP address Nectus discovery will try each of the profiles until match is found.

Once correct profile is found it gets associated with specific device or IP address  and all further SNMP communications

for this specific device will be done with its “good”  SNMP profile.

To configure  SNMP profiles “Settings -> Network Discovery Settings -> SNMP Profiles”

 

 

How to share Utilization Graphs with anyone?

You can share graphs generated in Nectus with other  people by providing graphs’ direct URLs from the right upper cortner

 

How to move devices between the Sites in Nectus GUI..

To reassign device to a different site right click on the device name and select “Move Device to..” option in context menu

Starting from version 1.2.2 Nectus includes web-based SSH client

To start a web-based SSH session to any device right-click on device and select “Open SSH Session” in context menu

(session will originate from Nectus server IP)

How to create a Command Script?

,

To create a new command script open  “Tools->Command Scripts” in main menu and select “Add New Script” Button.

Here is an example of the Script for Cisco router to push AAA config change.

 

To push the command script to devices, Press “Play” button, Select target Device View and press “Run”

Ping plotter is included in Nectus 1.2.6

Starting from Nectus version 1.2.6 Ping plotter functionality was added to a Toolset located in  “Tools” main menu.

Specify up to 10  IP address and track latency and availability in real time. Export metrics to a CSV file with 1 second resolution.

 

Why my devices are in “All CDP Devices” category only?

All network devices that responds to SNMP queries are being placed in “All SNMP Devices” category,

furthermore Nectus tries to obtain list of all CDP neighbors from SNMP enabled devices and  tries to communicate

to all CDP neighbors via SNMP. If CDP neighbor does not answer to SNMP queries is is being placed in “ALL CDP Devices”

category. So devices in “ALL CDP devices” category support CDP but don’t support (or answer) to SNMP queries.

Some of the devices that are normally seen in “ALL CDP devices” category: IP Phones, LWAP Access Points.

All devices with misconfigured or disabled SNMP  will appear there as well.

 

 

 

How to create Sites and assign discovered devices to Sites

,

When SNMP enabled  device is discovered for the first time it is placed in default group “Unassigned” in “All Sites” category.

User must manually move devices from “Unassigned” group to specific site where each device belongs to.

Initially each Site has to be manually defined. To create a Site right click on “All Sites” and select “Create New Site Level” in context menu

 

Define Site name, GPS coordinates  and Address

 

If  your devices share common hostname format with site specific prefix you can automate the placement of devices into each site

by defining a hostname prefix for this site.  This will ensure that all devices with the same prefix will be placed into  this Site.

 

Network device icon customization in Nectus

Nectus comes with hundreds of standard device icons but sometimes user may want

to change default icon for specific device type to something different.

Supported icon format is  SVG with width=”168px” height=”114px.

To change device icon, right click on Device Category and select “Properties”

 

 

Select “Upload SVG icon from Local Disk

 

Configuring Netflow collector integration on Nectus 1.28

,

Starting from version 1.28 Nectus supports processing of inbound Netflow packets.

To enable Netflow functionality separate standalone Server or VM is required for Storage.

64 bit MySQL Server has to be installed on Netflow storage VM and DB Name, Root credentials and TCP port

for Netflow Storage DB  has to be configured on main Nectus Server under “Settings -> General Settings -> Netflow Integration”

 

Netflow Collector can support up to 30,000 flow per second.

 

 

Netflow collector functionality added to Nectus starting from version 1.2.8

, ,

Netflow collector functionality added to Nectus starting from version 1.2.8