During network discovery phase Nectus collects S/N for each device that responds to basic SNMP queries.
One of the problem with Cisco Devices is that different platforms uses different OID to store S/N.
Following OIDs are being used for Cisco:
.1.3.6.1.2.1.47.1.1.1.1.11.1
.1.3.6.1.2.1.47.1.1.1.1.11.2
.1.3.6.1.2.1.47.1.1.1.1.11.10
.1.3.6.1.2.1.47.1.1.1.1.11.22
.1.3.6.1.2.1.47.1.1.1.1.11.1001
.1.3.6.1.2.1.47.1.1.1.1.11.24555730
.1.3.6.1.4.1.14179.1.1.1.4.0
.1.3.6.1.4.1.2467.1.34.4.0
.1.3.6.1.4.1.437.1.1.3.1.22.0
.1.3.6.1.4.1.9.20.1.1.1.1.3.0.1.3.6.1.4.1.7505.1.1.1.0
.1.3.6.1.4.1.9.6.1.101.53.14.1.5.1
.1.3.6.1.4.1.9.9.92.1.1.1.2.1
.1.3.6.1.4.1.9.3.6.3.0
.1.3.6.1.4.1.3076.2.1.2.22.1.63.0
.1.3.6.1.4.1.9.5.1.2.19.0
.1.3.6.1.4.1.9.9.719.1.9.35.1.47.1
Netflow collector functionality added to Nectus starting from version 1.2.8
Nectus News, NetFlow IPFIX CFlow SFlow, Technical NotesNetflow collector functionality added to Nectus starting from version 1.2.8
How to monitor reachibilty of external resources with Nectus?
Technical NotesIn addition to monitoring SNMP enabled devices located inside of your network Nectus can be configured to monitor
ICMP reachibility of any external IP address by adding it to a list of “IP Monitors”
First you need to define IP Monitor Group name where IP address will be added to:
Make sure that “Monitoring” flag is selected. Unchecking this flag stops monitoring if this Group.
and second add actual IP address to the IP Monitor Group and assign it a name.
Each IP monitor has a context menu with different reports such as Latency, Lost Pings, UP/DOWN Status etc..
How Nectus selects Management interface for the discovered devices?
Network Discovery, Technical NotesFor each router or switch found during discovery Nectus has to select one interface that will be used as a primary monitoring
interface for basic reachibility checks, destination for SNMP queries etc..
Here is the selection order logic that implemented in Nectus Discovery Service:
How to exclude specific subnets from Network Discovery?
Network Discovery, Technical NotesTo exclude specific subnet from Network Discovery add it to “Excluded subnets” list in “Settings -> Network Discovery Settings”
This will exclude this subnets from ICMP scan phase and subsequently prevent live devices in this subnets from being
queried via SNMP.
Interface Utilization issues on Cisco GRE tunnels (IOS-XR)
Technical NotesBy default when you create a GRE tunnel (tunnel-ip1) on ASR9K routers it gets assigned default Bandwidth value of 8Kbps
which usually causes utilization monitoring confusion as Tunnel can carry as much traffic as its hardware parent interface
where tunnel is anchored to. You would see utilization values as high a 10,000% percent with default Bandwidth settings.
To fix this issue correct bandwidth value has to be assigned to Tunnel interface.
Ideally it has to match Bandwidth value from the parent hardware interface.
Example:
interface tunnel-ip1
description BBL-0000: INTERNET-VPN-TO-JP
bandwidth 10000000
ipv4 address xx.xx.xx.xx/30
load-interval 30
tunnel mode gre ipv4
tunnel source yy.yy.yy.yy
keepalive 10
tunnel destination zz.zz.zz.zz
tunnel dfbit disable
How to read Cisco device S/N via SNMP?
Network Discovery, SNMP Hints, Technical NotesDuring network discovery phase Nectus collects S/N for each device that responds to basic SNMP queries.
One of the problem with Cisco Devices is that different platforms uses different OID to store S/N.
Following OIDs are being used for Cisco:
.1.3.6.1.2.1.47.1.1.1.1.11.1
.1.3.6.1.2.1.47.1.1.1.1.11.2
.1.3.6.1.2.1.47.1.1.1.1.11.10
.1.3.6.1.2.1.47.1.1.1.1.11.22
.1.3.6.1.2.1.47.1.1.1.1.11.1001
.1.3.6.1.2.1.47.1.1.1.1.11.24555730
.1.3.6.1.4.1.14179.1.1.1.4.0
.1.3.6.1.4.1.2467.1.34.4.0
.1.3.6.1.4.1.437.1.1.3.1.22.0
.1.3.6.1.4.1.9.20.1.1.1.1.3.0.1.3.6.1.4.1.7505.1.1.1.0
.1.3.6.1.4.1.9.6.1.101.53.14.1.5.1
.1.3.6.1.4.1.9.9.92.1.1.1.2.1
.1.3.6.1.4.1.9.3.6.3.0
.1.3.6.1.4.1.3076.2.1.2.22.1.63.0
.1.3.6.1.4.1.9.5.1.2.19.0
.1.3.6.1.4.1.9.9.719.1.9.35.1.47.1
SNMPv3 AES Cipher bug in IOS-XR 5.3.4 (ASR9000)
Technical NotesJust run into a IOS-XR bug with running SNMP v3 with AES-128 cipher (as well as AES-192 and AES-256) on ASR 9000 Routers running 5.3.4 Code.
Apparently Cisco BUG ID CSCvd35831. Fixed in 6.2.xx code.
Upgrading ASR9K is fun that can take 4-5 hours per box but having SNMP communications secure is more important. Consider upgrading.
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd35831
How to prevent specific network device types from being discovered?
Network Discovery, Technical NotesSometimes specific device categories (UPS units, Printers etc) must be excluded from network discovery due to their low importance
from the Network Monitoring prospective or due to security concerns or because of their impact on Nectus processing load.
This can be achieved with OID ignore list.
For example we want to prevent all Xerox ApeosPort Series Printers from being discovered
We need to take this category’s SNMP platform OID and add it to “OID ignore” list located under “Settings -> Network Discovery settings”
How to get Interfaces’ ifIndex values via SNMP
SNMP Hints, Technical NotesTo obtain list of ifIndex values for all interfaces for given device SNMP polling agent has to send
SNMP GET BULK request for the following OID: .1.3.6.1.2.1.2.2.1.1
Response Example:
‘.1.3.6.1.2.1.2.2.1.1.1’ => “1”
‘.1.3.6.1.2.1.2.2.1.1.2’ => “2”
‘.1.3.6.1.2.1.2.2.1.1.3’ => “3”
‘.1.3.6.1.2.1.2.2.1.1.4’ => “4”
‘.1.3.6.1.2.1.2.2.1.1.5’ => “5”
‘.1.3.6.1.2.1.2.2.1.1.6’ => “6”
‘.1.3.6.1.2.1.2.2.1.1.7’ => “7”
‘.1.3.6.1.2.1.2.2.1.1.8’ => “8”
‘.1.3.6.1.2.1.2.2.1.1.9’ => “9”
‘.1.3.6.1.2.1.2.2.1.1.10’ => “10”
‘.1.3.6.1.2.1.2.2.1.1.11’ => “11”
‘.1.3.6.1.2.1.2.2.1.1.12’ => “12”
‘.1.3.6.1.2.1.2.2.1.1.13’ => “13”
‘.1.3.6.1.2.1.2.2.1.1.14’ => “14”
‘.1.3.6.1.2.1.2.2.1.1.15’ => “15”
‘.1.3.6.1.2.1.2.2.1.1.17’ => “17”
Next Step is to get Interface names by sending SNMP GET BULK request for the following OID: .1.3.6.1.2.1.2.2.1.2
Response Example:
‘.1.3.6.1.2.1.2.2.1.2.1’ => “TenGigabitEthernet0/0/0”
‘.1.3.6.1.2.1.2.2.1.2.2’ => “TenGigabitEthernet0/0/1”
‘.1.3.6.1.2.1.2.2.1.2.3’ => “GigabitEthernet0/0/0”
‘.1.3.6.1.2.1.2.2.1.2.4’ => “GigabitEthernet0/0/1”
‘.1.3.6.1.2.1.2.2.1.2.5’ => “GigabitEthernet0/0/2”
‘.1.3.6.1.2.1.2.2.1.2.6’ => “GigabitEthernet0/0/3”
‘.1.3.6.1.2.1.2.2.1.2.7’ => “GigabitEthernet0/0/4”
‘.1.3.6.1.2.1.2.2.1.2.8’ => “GigabitEthernet0/0/5”
‘.1.3.6.1.2.1.2.2.1.2.9’ => “Crypto-Engine0/0/8”
‘.1.3.6.1.2.1.2.2.1.2.10’ => “GigabitEthernet0”
‘.1.3.6.1.2.1.2.2.1.2.11’ => “Null0”
‘.1.3.6.1.2.1.2.2.1.2.12’ => “Port-channel1”
‘.1.3.6.1.2.1.2.2.1.2.13’ => “Port-channel2”
‘.1.3.6.1.2.1.2.2.1.2.14’ => “Port-channel2.599”
‘.1.3.6.1.2.1.2.2.1.2.15’ => “Port-channel2.11”
‘.1.3.6.1.2.1.2.2.1.2.17’ => “Port-channel2.3213”
Now we are able to match Interface name to an ifIndex value.
Please note unless ifIndex persistence is enabled router (or switch) may assign different ifIndex value to the same interface after reboot.
To enable consistent ifIndex-to-Interface mapping ifIndex persistence must be enabled.
Configuration example for Catalyst 6500
Router(config)# snmp-server ifindex persist
Globally enables SNMP ifIndex persistence.
Generating Site level network topology with Nectus
Network Topology Visualization, Technical NotesThis short video shows basic steps to generate site level network topology
Nectus Datasheet
Nectus News, Technical NotesNectus Datasheet Medium
Nectus Logo
Technical NotesSNMPv3 Configuration example for IOS-XR (ASR9k)
SNMP Hints, Technical NotesIOS-XR SNMP v3 configuration example for username “user_des”
this configuration will use MD5 hash for authentication and DES cipher (DES56) for encryption.
IOS-XR (as of 5.3.4 code) also supports
3DES – 168 bit 3DES algorithm for encryption
AES – 128 bit AES algorithm for encryption
How does Nectus discover your network?
Network Discovery, Technical NotesDuring Nectus installation user can define up to 10 IPv4 subnets that will be used
as initial seed subnets for ICMP scan. Immediately after Installation is completed Nectus
starts ICMP scan of provided subnets and builds a list of live IP addresses that responded to Ping.
Read more
Submitting unknown SNMP devices for classification in Nectus
Network Discovery, Technical NotesWhen Nectus discovers a new device it uses its SNMP sysObjectID (1.3.6.1.2.1.1.2) value to classify device by manufacturer,
by major platform category and by model number.
For example sysObjectID value of 1.3.6.1.4.1.9.1.1018
Defined as:
Manufacturer Value: Cisco Systems (9)
Major Category: Cisco ASR 9000 Aggregation Services Routers
Model: Cisco ASR 9006 Routers Read more
Can I see your network diagram?
Network Discovery, Technical NotesWhat is the first question you ask when you start a new network project or start a new job as a network engineer?”:
– Can I see your network diagram?
Lucky you if you get it right away and in the “right” format (Visio?) but in my past I remember places where it took me weeks to find the right person who
had that diagram, which was very often not up to date or did not contain information I needed or was only showing application layer components and
I still had to spend hours doing “show cdp nei” and re-creating drawings the way I like it with the information I needed. Read more