Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hannu Liljemark

Pages: [1] 2 3 ... 9
1
Definition Files / ASA5508 and ASA5506 defs
« on: April 05, 2018, 11:08:21 AM »
Defs for new'ish ASA models:

1.3.6.1.4.1.9.1.2120.def ASA5508
1.3.6.1.4.1.9.1.2114.def ASA5506

Didn't see these defs in 1.6.100p4 tgz.

2
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:32:14 PM »
We run the cleaning script once a week every Saturday, but the network is rather small (<50 MB database).

3
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:07:17 PM »
We've just ignored the error regarding missing "RELOAD" permissions as it didn't seem important, but I think I have not seen this "RESET MASTER" error.

Now that the nodes table is clean from old legacy, do you see if it helped with the original mac address # per port issue at all? :)

4
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 09:39:50 AM »
The 1.6 html/log/Readme.txt has the following tip if you can't update via web interface:

> "nedi.pl -i updatedb" updates the DB from 1.5.225

So you can just backup nedi.conf and seedlist, then untar the tgz contents over your old files, maybe move new nedi.conf and seedlist to somewhere else and then restore the production nedi.conf and seedlist. Finally diff the old and new nedi.conf to see what has changed and then do the updatedb thing to update the database.

I've now switched to contrib/nedi_db_maintenance.sh and it seems to work ok once you modify the dbpass logic (use the stuff that's commented out, which grabs the dbpass from nedi.conf) and remove mysql's --ssl parameter if it doesn't work (or fix mysql to make it work). I think it's safer to use the script that comes with the same Nedi version as table names might have changed. The http://forum.nedi.ch/index.php?topic=1446.0 script was also pretty good with 1.5.225 and I think it also cleaned up the rrd files, where as nedi_db_maintenance.sh only does DB maintenance as its name implies.

Br,
Hannu

5
Definition Files / Cisco Catalyst 3650 stack def
« on: December 11, 2017, 09:04:08 AM »
Cisco Catalyst Cat3650 Stack 1.3.6.1.4.1.9.1.2066

For now it's a copy of 1.3.6.1.4.1.9.1.1745.def.

6
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 07, 2017, 09:31:29 AM »
Looks like we're still using the script from this thread:

http://forum.nedi.ch/index.php?topic=1446.0

I need to look into implementing the current contrib/nedi_db_maintenance.sh :)

7
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 06, 2017, 03:22:16 PM »
Does population count decrease if you run scheduled maintenance to delete old nodes from the DB?

We've used three ways to find rogue switches, but you're probably familiar with them all:

Reports->Nodes->"Node distribution" -> "Nodes / Port"
Reports -> Devices -> "device connections" -> "Neighbor undiscovered"
Monitoring -> Events -> Discover events (class like ned%)

And next step would be to deploy 802.1x to manage what gets connected to the network...

Br,
Hannu

8
Definition Files / Definition for Cisco 888EA
« on: November 27, 2017, 10:20:02 AM »
Didn't see this included with 1.6.100p4:

Cisco 888EA 1.3.6.1.4.1.9.1.1542

9
Installation / Re: Fortigate backup
« on: November 27, 2017, 10:15:25 AM »
Is there a specific reason you'd want to use scp backup with NeDi for Fortigate? You can use the export button in the NeDi GUI if you want to export the configs to a file and use that file with a new Fortigate device e.g. when replacing a faulty one.

I guess the reason NeDi does "show full-config", and similar commands, is to be able to easily get diff from earlier configs and other benefits. That would require extra steps with external scp backups.

NeDi's backup mechanism has been pretty good in our experience, although we have two sites where NeDi is not used for Cisco backups and instead we do "snmpset -t 5 -c <comm> -v1 <device-ip-addr> .1.3.6.1.4.1.9.2.1.55.<tftp-serverip-addr> s <filename>" from cron with a separate script. It doesn't integrate into NeDi, which isn't an ideal situation, but it gets the job done.

Br,
Hannu

10
Discovery / Re: JunOS cli and collecting configs
« on: November 17, 2017, 09:41:26 AM »
You could create new OS type, call it JunOS-shell or whatever, and choose that for that device in the definition generator. Then you don't have to break the existing JunOS setup in libcli.pm. But of course it might still break the same def file for your other EX2200 devices that give you the normal cli with enable command.

11
Definition Files / Definition for HP 2530-8 1.3.6.1.4.1.11.2.3.7.11.147
« on: October 30, 2017, 12:52:28 PM »
Hi

Definition for HP 2530-8 1.3.6.1.4.1.11.2.3.7.11.147 attached. Didn't see it in 1.6C tar.gz.

12
Definition Files / Definition for C881-K9 1.3.6.1.4.1.9.1.1852
« on: October 13, 2017, 07:23:03 AM »
Hey

so many models of these small Cisco routers! Here's def for C881-K9 1.3.6.1.4.1.9.1.1852. I think it wasn't included with version 1.5.225.

Br,
Hannu

13
Definition Files / Re: WANTED - .def files for Raisecom Gazelle series
« on: August 03, 2017, 01:52:31 PM »
Quote
IfAddresses  ------------------------------------------------------------------
IFIP:No useip policy set, always using discovered IPs
SNMP:Connect 172.18.0.222 public v2 Tout:2s MaxMS:1472 Retry:1 NB:0
IFIP:Walking ifaddress table
ERR :ifAddressTable The requested table is empty or does not exist

DisProtocol  ------------------------------------------------------------------
SNMP:Connect 172.18.0.222 public v2 Tout:7s MaxMS:4095 Retry:1 NB:0
ERR :LLDP nbr The requested table is empty or does not exist

Modules      ------------------------------------------------------------------
SNMP:Connect 172.18.0.222 public v2 Tout:2s MaxMS:1472 Retry:1 NB:0
MOD :Walking module description
ERR :Description The requested table is empty or does not exist

In Defgen check the ARP/ND and try the different methods to see which mechanism your switch supports for IfAddresses.

Same for DisProtocol - can you get any data from the switch if you try CDP, FDP or NDP? You may have to investigate the switch CLI or manuals to see if it supports LLDP/CDP even there.

Modules section is near the bottom of Defgen. I guess the defaults are for devices that support ENTITY-MIB. It may be that Raisecom doesn't support that... yet another thing to investigate.

If there's any publicly available MIB file available from Raisecom or in google, you might want to look at that and see if there's anything useful that could be used to pull the data.

Not all devices have support so you may be left without e.g. module or neighbour data.

I guess you can do this also in NEDIO: go to the OS using ssh, find nedi/sysobj directory and do:

grep Modesc * | awk '{print $2}'|grep -v '^$'|sort -u

Here there's currently 38 different OIDs one can use to pull module descriptions depending on device vendor, model and possible even software version. So, either Raisecom supports one of those, or there's something completely new OID which you need to find, or you can just leave the module section empty so Nedi doesn't try to poll the data if it's not available :)

Br,
Hannu

14
Definition Files / Re: WANTED - .def files for Raisecom Gazelle series
« on: August 03, 2017, 11:49:27 AM »
Okay, in that case I think the regexp should be modified to something like:

$cmd{'RaisecomOS'}{'ropr'} = '[\w.-]+>\s?$';
$cmd{'RaisecomOS'}{'enpr'} = '[\w.-]+#\s?$';

There's the \s removed since there's no whitespace between the hostname and the > or # part in the prompt.

Try that and then run the config backup again.

15
Definition Files / Re: WANTED - .def files for Raisecom Gazelle series
« on: August 02, 2017, 11:46:49 AM »
Hi

If you simply login using telnet/putty, what does the switch prompt look like right after you've entered username and password? Does the prompt you see match the regexp you're using:

$cmd{'RaisecomOS'}{'ropr'} = '[\w.-]+\s>\s?$';
$cmd{'RaisecomOS'}{'enpr'} = '[\w.-]+\s#\s?$';

Sometimes the switch gives you full access after entering username and password, and it's not necessary to do "enable". For those cases you can see in libcli.pm for example:

$cmd{'FortiOS'}{'ropr'} = 'GitsDoNid';
$cmd{'FortiOS'}{'enpr'} = '[\w+().-]+\$\s?$';

There is no "$cmd{'FortiOS'}{'enab'} = 'enable';" because after login you have all the privileges you need.

So, I wonder how these Raisecom devices behave, if they require you to use a enable-like command or if you can do the "show startup-config" right after entering login and password? That will affect what you need for RaisecomOS in libcli.pm.

Br,
Hannu

Pages: [1] 2 3 ... 9