New products added to Nectus device platform database (Oct 2017)

Platform_id Product_name Product_category
.1.3.6.1.4.1.2496.1.1 Cisco PGW 2200 Softswitch Cisco Protocol Gateways
.1.3.6.1.4.1.4413.2.1.6 Motorola Surfboard SBG6580 Cable Modem and Wireless Router Motorola Cable Modem and Wireless Routers
.1.3.6.1.4.1.99.1.1.3.34 Cisco Virtual PSTN Gateway Cisco Virtual PSTN Gateways
.1.2.826.0.1.4616240.1.1.4515 Cisco TelePresence MCU 4515 Multiparty Conferencing Unit Cisco TelePresence MCU 4500 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4505 Cisco TelePresence MCU 4505 Multiparty Conferencing Unit Cisco TelePresence MCU 4500 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4501 Cisco TelePresence MCU 4501 Multiparty Conferencing Unit Cisco TelePresence MCU 4501 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4210 Cisco TelePresence MCU 4210 Multiparty Conferencing Unit Cisco TelePresence MCU 4200 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4205 Cisco TelePresence MCU 4205 Multiparty Conferencing Unit Cisco TelePresence MCU 4200 Series Video Conferencing Units
.1.3.6.1.4.1.9.1.2141 Cisco cBR-8 Converged Broadband Router Cisco cBR Series Converged Broadband Routers
.1.2.826.0.1.4616240.1.1.4220 Cisco TelePresence MCU 4220 Multiparty Conferencing Unit Cisco TelePresence MCU 4200 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4510 Cisco TelePresence MCU 4510 Multiparty Conferencing Unit Cisco TelePresence MCU 4500 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4215 Cisco TelePresence MCU 4215 Multiparty Conferencing Unit Cisco TelePresence MCU 4200 Series Video Conferencing Units
.1.2.826.0.1.4616240.1.1.4203 Cisco TelePresence MCU 4203 Multiparty Conferencing Unit Cisco TelePresence MCU 4200 Series Video Conferencing Units
.1.3.6.1.4.1.9.1.2008 Cisco C897VA Integrated Servises Router Cisco 890 Series Integrated Services Routers
.1.3.6.1.4.1.9.1.2229 Cisco C841M-4X Integrated Services Router Cisco 800M Series Integrated Services Routers
.1.3.6.1.4.1.9.1.973 Cisco UC520-S8-U2-BRIWK9J Switch Cisco 520 Series Switches
.1.3.6.1.4.1.9.1.888 Cisco UC520-M48-U12-FXO Switch Cisco 520 Series Switches
.1.3.6.1.4.1.9.1.2250 Cisco Aironet 1850 Access Point Cisco Aironet 1850 Series Access Points
.1.3.6.1.4.1.9.1.931 Cisco RF Gateway 10 Cisco Universal Edge QAM
.1.2.826.0.1.4616240.1.1.4520 Cisco TelePresence MCU 4520 Multiparty Conferencing Unit Cisco TelePresence MCU 4500 Series Video Conferencing Units
.1.3.6.1.4.1.9.1.594 Cisco 1718 Router Cisco 1700 Series Routers
.1.3.6.1.4.1.9.1.1860 Cisco C891FW Integrated Services Router Cisco 890 Series Integrated Services Routers
.1.3.6.1.4.1.9.1.1056 Cisco SM-X Layer 2/3 EtherSwitch Service Module Cisco EtherSwitch Modules
.1.3.6.1.4.1.9.1.1397 Cisco 881 Integrated Services Router Cisco 880 Series Integrated Services Routers
.1.2.826.0.1.4616240.1.1.8510 Cisco TelePresence MCU MSE 8510 Multiparty Conferencing Unit Cisco TelePresence MCU MSE Series Video Conferencing Units
.1.3.6.1.4.1.11829 Corvil CorvilProbe CNE5100 CorvilNet Engine Software Corvil CorvilProbe CNE5100 CorvilNet Engine Software
.1.3.6.1.4.1.9.1.1384 Cisco C819 Integrated Services Router Cisco 819 Series Integrated Services Routers
.1.3.6.1.4.1.9.1.1854 Cisco C886VA Integrated Services Router Cisco 880 Series Integrated Services Routers
.1.3.6.1.4.1.9.1.2058 Cisco 887VA Integrated Services Router Cisco 880VA Series Integrated Services Routers
.1.3.6.1.4.1.9.1.1746 Cisco VG202XM Voice Gateway Cisco VG Series Gateways
.1.3.6.1.4.1.9.1.1882 Cisco Catalyst 3650-48TQ-E Switch Cisco Catalyst 3650 Series Switches
.1.3.6.1.4.1.9.1.2230 Cisco C841M-8X Integrated Services Router Cisco 800M Series Integrated Services Routers
.1.3.6.1.4.1.9.1.2130 Cisco Catalyst 3560CX-8PT-S Switch Cisco Catalyst 3500 Series Switches

Network Discovery timers vs Network Monitoring timers

, ,

One of the first steps that we normally perform during POC is timer tuning for ICMP and SNMP for Discovery and Monitoring services.

Normally Discovery should have different timer values than Monitoring because Discovery operates in a “pessimistic” model when IP address

that is being probed by Discovery engine is likely not to be alive or  not to respond to SNMP therefore timeoute values and retry counts has to be very aggressive

for example 100 ms Timeoute with 2 Retries  for ICMP is normally sufficient. SNMP timer for Discovery have typical values of 1000ms and 1 retry.

Aggressive Discovery timers also reduces amount of traffic being generated and make discovery jobs run faster.

 

Monitoring Service timers are in opposite spectrum,  as Monitoring service operate in “optimistic” mode where it expects for all devices that are enabled for monitoring

to respond and timers has to be tuned to maximum wait time with ICMP timers as high as 300ms and SNMP timers as high as 5000 ms to support bigger/busier devices like Nexus 7018.

 

 

How fast is your Network Discovery Tool?

,

Nectus Network Discovery engine is one of the fastest among all that I worked with .. and I worked with most of them

(Cisco Works, Prime, Solarwinds, ManageEngine, Remedy, BMC)

I remember when it took Cisco Prime to scan 10.0.0.0/8 whooping 24 hours. Nectus finishes 10.0.0.0/8 in under 3 hours.

Speed of the discovery is very important quality as it minimizes impact on your network and allows you to schedule Discovery jobs in very

specific and narrow windows on weekends or during night times.

 

 

I am inviting users of other tools to post their Discovery times for 10.0.0.0/8 ..   there has to be some other good tools out there..

How to Manually Start Network Discovery

,

Normally Discovery process runs every night or every weekend, but sometimes it is required to manually initiate Network Discovery at this specific moment.

User has two options:

Option 1 (Discovery starts within 6 min)

Change the value of “Minimum  Interface Between Discoveries” to smallest possible

value of 0.1 hour (6 min) and Network Discovery will start withing next 6 min.

 

 

Option 2 (Immediate Start)

If waiting for 6 minute is not an option then user can clear discovery log  “Logs -> Network Discovery” by deleting all discovery log records

and restart Discovery Service in “Settings -> Service Status”

 

 

When Discovery service is restarted and Discovery log is empty , Discovery process starts immediately.

 

Nectus Syslog and keyword based alerting

,

One of the unique features of Nectus Syslog service is ability to alert users via Email or Text messages not only

on Syslog message Severity level but on specific keywords inside Syslog message. For example you can configure a rule

to alert via email when there is Syslog message with Severity 2+ and there is string “VPC Peer-Link” inside Syslog message body,

limiting your alerts to only syslog messages related to VPC Peerlinks. You can configure multiple keywords with Alerts going to

different recipients, so the Server team receives the Server specific keywords and Network Team receives the Alerts about

those ugly green boxes locked in MDF closets.

Find all the devices with misconfigured TACACS..

I was working with a client today on Nectus POC and he asked me to generate a list of all the routers and switches that have problems with TACACS.

Nectus didn’t have “out of the box” report that validates the SSH connection to each device so we had to be creative in this case.

Fist we enabled AAA integration on Nectus  (Settings ->General Settings ->AAA Integration) and configured Tacacs credentials (username/password)

so it can open SSH sessions to devices.

Next step was to enable  “Configuration Backup” Feature in “Settings -> Device configuration Backup” and start the config backup job one time manually.

In 15 min we had a list of all devices where config backup failed, so we exported it to CSV and client got what he wanted.  Piece of cake.

 

Finding MAC Address in a haystack

,

We all know how hard it is sometimes to find one single MAC address in the big network..

You have to look through the forwarding tables of many switches.

Nectus makes it easy. We scan forwarding tables from all the switches as part of regular Discovery jobs and save all MAC addresses and

corresponding Switch ports to a database. So you can find your MAC address in seconds.

Go to “Inventory-> MAC Addresses” for a complete MAC Address list

Free Nectus license for Cisco Academy Students

We offer free Nectus license to all Students of Cisco Network Academies. All Features Enabled.

Restricted to max 20 devices.

Contact us at admin@nectus5.com to get your personal licence key.

 

 

Changing color scheme for Nectus GUI pages

Some of the users complained about gloomy Nectus color scheme.

The reason for dork color scheme is lesser strain on eyes during long troubleshooting sessions but for those

who still wants to enjoy more contemporary colors we added ability to switch between dark and light colors scheme

for Go to “Settings -> Miscellaneous Settings” and switch between “Night” and “Day” schemes.

 

Preventing specific devices from sending messages to Syslog DB

,

If you want to prevent specific device from sending messages to Syslog, you can add its IP address

to Syslog Sender Blacklist. All messages from that IP address will be discarded.

 

Adding to Syslog keyword Blacklist

,

If you want to prevent specific Syslog messages from being added to Syslog Database,

you can add a specific keyword to a Syslog blacklist and all syslog messages that contain this keyword will be discarded.

This does not have retroactive effect on messages that are already in DB.

 

How to work with SNMP v2 Contexts in Nexus 7000

,

This is an example on how to obtain list of IP addresses assigned to Interfaces inside specific SNMP Context on Nexus 7000

Step 1.

Obtain list of all SNMP Contexts by sending SNMP GET Bulk for cContextMappingVrfName (.1.3.6.1.4.1.9.9.468.1.1.1.2)

Response:

‘1.3.6.1.4.1.9.9.468.1.1.1.2.10.109.97.110.97.103.101.109.101.110.116’=>”management”

In this response Nexus 7018 Switch has only one SNMP context with a name “management”

 

Step 2.

Obtain list of all IP addressses that exist in context “management” by sending SNMP GET Bulk for ipAdEntIfIndex (.1.3.6.1.2.1.4.20.1.2)

Note that for this step step we have append context name to V2 community string

(e.g public@management) to specify that this request is specific for context “management”.

Response:

‘1.3.6.1.2.1.4.20.1.2.10.255.27.34’=>”83886080″

In this response we have IP address [10.255.27.34] and associated interface ifIndex “83886080”

 

Step 3.

Find interface name with ifIndex 83886080 by sending SNMP GET Bulk for (.1.3.6.1.2.1.2.2.1.2)

Response:

‘1.3.6.1.2.1.2.2.1.2.83886080’ => “mgmt0”

 

So in these 3 steps we have found that  Interface Mgmt0 has assigned an ip address 10.255.27.34

 

Access Nectus GUI via firewall

Following ports needs to be opened for inbound access to Nectus GUI via Firewall

HTTPS: TCP 443

WebSockets: TCP 8000, 8100

CST signs partner agreement with Cisco Learning Academy to provide Network Visualization and Discovery tools

CST signs partner agreement with Cisco Learning Academy to provide

Network Visualization and Discovery tools to be used in training classes.

 

 

 

Supporting multiple SNMP versions within the same network

,

Very often our customers  has to live trough the M&A process where merging networks are configured with different SNMP parameters.

It can be just different  SNMP v2 community strings of different flavors of ciphers in SNMP v3.

To support multiple SNMP settings within the single management domain Nectus implements a concept of SNMP profiles.

User can define up to 10 different SNMP profiles and Nectus Discovery will try them all in predefined order.

For each live IP address Nectus discovery will try each of the profiles until match is found.

Once correct profile is found it gets associated with specific device or IP address  and all further SNMP communications

for this specific device will be done with its “good”  SNMP profile.

To configure  SNMP profiles “Settings -> Network Discovery Settings -> SNMP Profiles”

 

 

How to share Utilization Graphs with anyone?

You can share graphs generated in Nectus with other  people by providing graphs’ direct URLs from the right upper cortner

 

How to move devices between the Sites in Nectus GUI..

To reassign device to a different site right click on the device name and select “Move Device to..” option in context menu

Starting from version 1.2.2 Nectus includes web-based SSH client

To start a web-based SSH session to any device right-click on device and select “Open SSH Session” in context menu

(session will originate from Nectus server IP)

How to create a Command Script?

,

To create a new command script open  “Tools->Command Scripts” in main menu and select “Add New Script” Button.

Here is an example of the Script for Cisco router to push AAA config change.

 

To push the command script to devices, Press “Play” button, Select target Device View and press “Run”

Ping plotter is included in Nectus 1.2.6

Starting from Nectus version 1.2.6 Ping plotter functionality was added to a Toolset located in  “Tools” main menu.

Specify up to 10  IP address and track latency and availability in real time. Export metrics to a CSV file with 1 second resolution.