1 / 35

Cisco Network Asset Collector (CNAC) 1.2 Implementation Training

Cisco Network Asset Collector (CNAC) 1.2 Implementation Training. CNAC Engineering Team Support: http://www.cisco.com/go/ssc. Agenda. Solution Objectives (Design logic, Scope, System requirements) Decoding Network Discovery Decoding Discovery Troubleshooting Decoding Intelligent Inventory

quynh
Download Presentation

Cisco Network Asset Collector (CNAC) 1.2 Implementation Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cisco Network Asset Collector (CNAC)1.2 Implementation Training CNAC Engineering Team Support: http://www.cisco.com/go/ssc

  2. Agenda • Solution Objectives (Design logic, Scope, System requirements) • Decoding Network Discovery • Decoding Discovery Troubleshooting • Decoding Intelligent Inventory • Inventory Transport • Test Case Processing / Reporting • Support

  3. CNAC – Optimal Environments • Organized Networks – consistent configuration of Cisco hardware (SNMP, Telnet) • Streamlined Security – pre-designed access for NMS applications implemented • Centralized management of Network Elements • Cisco Hardware Product Diversity – the wider variety of Cisco chassis models the better • Moderate Network Size – ~500 to ~1,500 Cisco chassis in production

  4. 1 2 CNAC – Network System Requirements IPv4, SNMP enabled, Telnet/SSH enabled, SNMP R/O Strings, CLI non-privileged mode credentials Cisco Chassis Hardware Network Configuration Access to IP source address permitted bi-directional ICMP port 7, UDP Ports 161, 445 TCP Ports 22, 23, 25, 53, 80, 137 to all IP networks containing Cisco hardware

  5. Cisco Network Asset Collector (CNAC)Solution Objectives

  6. CNAC – Solution Objectives Quality ReduceResources LowerImpact Attentionto Detail E2E solution to exceed 70% accuracy, average ~40% Fast in installation / operation, ease of use Tool operator requires moderate network knowledge and tool training 1st Cisco E2E solution focused on Asset ID and Service Status

  7. Singular focus Complexity Simplified Less is More Flexibility Research Applied Quality CNAC – Solution Objectives Expanded On Cisco hardware ID and associated service status Myriad of complex instructions automatically performed Less data collected, data collected is of optimal quality Designed to work in most partner / customer environments, based upon Industry standards Cisco has re-tested most of it’s Chassis hardware and resulting solutions are embedded in CNAC Reports are sourced / validated using most advanced Cisco logic available

  8. 90%> Discovery of Cisco Chassis = all models supporting IP and SNMP AND using a Cisco Operating System 85%> Customized Inventory of Cisco Chassis and Cards Near Time Inventory Reusable, but not an ongoing Move, Add, Change probe Sole Focus Electronic Asset Identification of Cisco Serviceable Hardware CNAC – Scope of Solution

  9. Data Quality Network Inventory Network Discovery Cisco Electronic Asset Identification Elements Electronic ID of Cisco chassis, including quantity by model Electronic retrieval of Product ID and Serial Number data from Cisco chassis and card hardware (serviceable hardware) • Programmatic analysis, validation, and linking of retrieved inventory data to service status • Cisco 3640 qty 87 • Cisco 7513 qty 36 • Cisco 3640 S/N 86343720 • NM2E2W S/N 38619874

  10. Discovery vs. Inventory X X X X

  11. Cisco Network Asset Collector (CNAC)Network Discovery

  12. ICMP Echo Transmitted SNMP Discovery Query sysObjectID Query Value Provided sysObjectID Query Null Result Network Discovery Decoded Each host address queried with ICMP Query ICMP Echo Rely Each host address receiving Echo and capable of transmitting an Echo reply via ICMP Port 7 is “discovered” The sysObjectID OID is queried using each SNMP R/O String provided over UDP Port 161 until a value is returned or all the R/O strings are exhausted. When / if value returned the Local Interfaces are collected and used to consolidate multiple local interface chassis to a single device. CNAC examines the IANA Enterprise Number (1.3.6.1.4.1.9.1.162) the 7th octet, Cisco Systems registered the value “9” all other Cisco acquired companies IANA values are also known. If sysObjectID IANA value is Cisco or Cisco Acquired Company, CNAC lists the chassis by it’s sysObjectID value (i.e. ciscoAS5300) as a Cisco chassis in device manager under “Cisco Devices”, if the IANA value is non-Cisco the device is listed in CNAC Device Manager as a “Non-Cisco Device” CNAC lists the logical device by either it’s DNS or IP Address as a “Partially Discovered Device”

  13. CNAC Performance Adjustments • System Preferences – Global Preferences: default settings can be adjusted lower in high performance network environments • System Preferences – Performance Preferences: set to High if possible

  14. Network Security Credentials • Settings Credentials – SNMP R/O Community: enter all known, used strings, arrange in order of frequency of use for maximum performance • Settings Credentials – CLI Credentials: enter all known Telnet passwords in the “Telnet Password”, enter all known Telnet usernames and Telnet passwords in the “Telnet Non-Privileged UserName / Password” arrange in order of preference

  15. Network Discovery Implemented Two Methods; IP Address Range or IP Network: easily configurable, only 1 can be selected at a time

  16. Network Discovery Status • Confirmation: CNAC will confirm approximate number of IP hosts that will be discovered • Results: Details on the Number of Cisco, Non-Cisco and Partially Discovered Devices

  17. Cisco Network Asset Collector (CNAC)Discovery Troubleshooting

  18. Discovery Troubleshooting Decoded • UDP Port 161 and 445 Queried – port 161 is SNMP R/O “Get” packets, port 445 is MS Directory Services, If a UDP Query is received by a host, and the host has the port closed it will attempt to reply with an “ICMP Port Unreachable” message, if the port is open however, no reply is generated/transmitted • TCP Ports 22,23,25, 53,80 Queried – port 22 is SSH, port 23 is Telnet, port 25 is SMTP Server, port 53 is DNS Server, and Port 80 is HTTP Server. Each port replies with an open port sequence if the port is open, and a “closed” reply if the port is closed and the port connection query is received. • SNMP R/O String Values Queried – Each R/O string provided by the CNAC user is sequentially used to query the sysObjectID OID, until a value is a retrieved or all the strings have been attempted. • Port Query Summary Code Logic – CNAC examines the results of each port query to each partially discovered device and provides a summarized summary of the logical status of the device along with detailed description of likely root causes for not supporting standard Discovery services • Non-Cisco Devices Identified – CNAC will classify all devices which be logically determined to not have been manufactured by Cisco , reducing the amount of troubleshooting required to accurately discover all Cisco devices

  19. Discovery Troubleshooting Results Summary: CNAC will sort the devices into Non-Cisco, No/Restricted Connectivity Devices and Inconclusive devices

  20. Discovery Troubleshooting Detail • View Results Detail: Detailed status provided for troubleshooting guidance, including port by port result interpretation, this is a key unique feature of CNAC, please use extensively.

  21. Cisco Network Asset Collector (CNAC)Cisco Product Instrumentation

  22. Cisco CLI Instrumentation Decoded • Non-Volatile – CNAC engineering research validated that CLI command is read-only non-volatile data with regard to Electronic Asset ID data elements • Non-Privileged Mode – CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved using CLI commands which are read-only • CLI Command Logic – Most of the Cisco CLI commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM “IDPROM” chips typically embedded onto almost all Cisco serviceable hardware components • Serial Numbers – CLI commands simply retrieve the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN • Serial Number Format Compatibility – unlike some legacy Cisco SNMP MIB’s, Cisco CLI Commands are capable of accurately displaying both integer and alphanumeric serial number values

  23. Cisco SNMP Instrumentation Decoded • Mostly Non-Volatile – CNAC engineering research validated that most SNMP commands are read-only with regard to electronic asset ID values, a notable exception is the legacy chassis serial number MIB, chassisID • Read-Only Community Strings – CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved exclusively with SNMP R/O credentials, there is no need to modify values, the lone exception being rare environments that have extensively modified the chassisID default values • SNMP Command Logic – Most of the Cisco SNMP commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM “IDPROM” chips typically embedded onto almost all Cisco serviceable hardware components • Serial Numbers – SNMP commands simply retrieve in almost all cases the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN • Serial Number Format Compatibility – Some legacy Cisco SNMP MIB’s, such as the popular legacy MIB, cardSerial, cannot properly display serial numbers in anything other than an integer format, Intelligent Inventory adapts to this issue

  24. Cisco Network Asset Collector (CNAC)Intelligent Inventory

  25. Intelligent Inventory Decoded • Total Cisco Unique Chassis Population Researched – CNAC engineers examined and collated all Cisco assignment of SNMP sysObjectID values to all Chassis equipment from the companies inception in 1984 to mid – 2006, determining that 613 unique products have been manufactured by Cisco • Reverse Engineering Performed – 335 of primarily the most popular Cisco chassis were tested to determine the optimal SNMP and CLI commands which yield the best possible electronic asset ID values with minimal data using read-only security • sysObjectID is unique identifier – CNAC first queries the sysObjectID OID, determines the exact SNMP OID’s and CLI Commands to query against a table of Intelligent Inventory sysObjectID Solutions embedded in CNAC • Global Inventory Commands – a very small number of SNMP OID’s (i.e. sysObjectID, ciscoImageString, etc.) have been determined to be close to universally supported by Cisco equipment and are automatically queried on all CNAC devices. • Default Commands – a minimal number of common SNMP OID’s and CLI Commands are used to query any Cisco device for which the sysObjectID value does not yet have an Intelligent Inventory solution defined

  26. Intelligent Inventory – Global Commands Global Commands: SNMP commands automatically queried on all Cisco devices, almost universally supported across Cisco products

  27. Intelligent Inventory – Unique Identifier • sysObjectID Key Unique Identifier: CNAC uses this value to determine the Intelligent Inventory “Group Solution”

  28. Intelligent Inventory – Solution Logic • Group Solution: unique combination of SNMP MIB’s and / or CLI Commands specific to this product and asset management values decoded

  29. Intelligent Inventory – Default Logic • Default Solution: SNMP and CLI commands automatically queried on any Cisco devices which does not currently have an Intelligent Inventory “Group Solution” provided, these commands are almost universally supported across Cisco products, less than 10% of products by volume in production networks should be in this category

  30. Intelligent Inventory – Data Entry Options • Options: CNAC can automatically inventory all discovered devices, a subset of discovered devices, manually added devices or devices from a seed file

  31. Cisco Network Asset Collector (CNAC)Data Export / Data Security

  32. Data Collection / Transmission Decoded • Intelligent Inventory “Raw” Data – A directory is created using the DNS/IP for each device that is inventoried by CNAC. The directory is located by default at the following location: c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\inventory\xxxxxxx. Within this directory there is a file called, “ExportData.csv” which is unencrypted and contains the output of all data (SNMP and CLI) collected by CNAC. • Export Intelligent Inventory – When this CNAC feature is selected, the data from all of the chassis that are inventoried is consolidated into a single winzip file, located inside the following directory:c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\export\xxxxxxx. This file is encrypted using Cisco’s PGP Public Key and emailed to cnac-reporting@ cisco.com. Upon export, ensure that the CNAC Inventory file is attached to the ISIR request. • CNAC Inventory Decrypted and Post Processed – Using Cisco’s PGP Private Key, CNAC engineers decrypt the CNAC inventory file and begin a series of data extraction and post processing services that result in the generation of a CNAC ISIR report in a Microsoft Excel format. • CNAC Report Secure Transmission – Cisco encrypts the ISIR report using a WinZip archive, this file is then posted. An e-mail which contains the password is distributed to the external Partner/Customer.

  33. Support of CNAC Cisco Service Support Center – All CNAC Registration and Support http://www.cisco.com/go/ssc

  34. Network Identified Inventory Customer In-Service Inventory Knowledge Acquisition CNAC – Benefits of Implementation 1 All accessible Cisco hardware 2 All accessible Cisco hardware 3 Optimal methods of Network Discovery and Network Inventory

More Related