Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hannu Liljemark

Pages: [1] 2 3 ... 9
1
Definition Files / Re: HP and hirschman def files request
« on: October 19, 2018, 11:22:28 AM »
Hi

I think you could explore Nedi and create the HP defs on your own!

Remo has made a great tutorial: https://www.youtube.com/watch?v=bunFHB-RoUQ (referred at http://www.nedi.ch/documentation/expand/ which is also a good read).

Most likely you can just copy 1.3.6.1.4.1.25506.11.1.82.def to 1.3.6.1.4.1.25506.11.1.167.def and do small tweaks to pull data from 1920-24g-PoE+.

Same for 1810-8G: try to take a copy of 1.3.6.1.4.1.11.2.3.7.11.151.def and use that as starting point for 1.3.6.1.4.1.11.2.3.7.11.158.def.

And something like 1.3.6.1.4.1.11.2.3.7.11.166.def as the starting point for 1.3.6.1.4.1.11.2.3.7.11.170.def.

In the end the HP defs are very similar, depending on whether the device is Comware OS or ProVision OS based.

Then continue with the Hirschmann devices and once you're done with the defs, share them on this forum :) Don't worry on getting things perfect the first time. First get Nedi to pull snmp data from the devices, then maybe look into libcli stuff to get cli access and backups of the configs.

Br,
Hannu

2
Discovery / Re: Unable to Backup HP Procurve Switches
« on: September 10, 2018, 10:25:31 AM »
Actually, now that I rethink about it, Nedi is looking for enable-prompt but can't find it.

If you look at inc/libcli.pm, you'll see what Nedi looks for to determine if it needs to do "enable" or if it has enable-access:

$cmd{'ProCurve'}{'ropr'} = '(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()\'+.-]+>\s?(\x1b\[[;\?0-9A-Za-z]+)+$';
$cmd{'ProCurve'}{'enpr'} = '(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()\'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$';

So, here after login the switch prompt is:

SW-LOCATION-1#

Where I can type exit and I get readonly prompt:

SW-LOCATION-1>

So you want to look at what kind of prompt you get after login. Try logging in manually to the switch as I suggested and see what steps you need to do the get "show run" working. Maybe the prompt is not what Nedi regexps are expecting. I'm not sure if the "banner exec" (post-login) can mess up things.

Br,
Hannu

3
Discovery / Re: Unable to Backup HP Procurve Switches
« on: September 10, 2018, 10:12:22 AM »
Hi

What exactly does it look like if you manually login via telnet or ssh to the switch from the Nedi host, and try to display the running config ("show run")?

A sample of how it should go:

SSH :manager@10.10.10.10:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l manager 10.10.10.10
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'any key' sending ctrl-Y
CLI8:Matched enable prompt, OK
CMDR:no page result is OK
CMDR:show run result is OK
WAIT:show run
WAIT:Running configuration:
WAIT:
CONF:; J9775A Configuration Editor; Created on release #YA.15.12.0007

So, looking at the output from your case, something goes wrong after nedi sends ctrl+y to the "Press any key to continue" prompt. Maybe your customer has a funky login banner that freaks out Nedi?

----
manager@10.10.10.10's password:
HP J9775A 2530-48G Switch
Software revision YA.15.12.0007

Copyright (C) 1991-2013 Hewlett-Packard Development Company, L.P.

                   RESTRICTED RIGHTS LEGEND
 Confidential computer software.  Valid license from HP required for possession,
 use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer
 Software, Computer Software Documentation, and Technical Data for Commercial
 Items are licensed to the U.S. Government under vendor's standard commercial
 license.
                   HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
                   20555 State Highway 249, Houston, TX 77070

Press any key to continue
----

Br,
Hannu

4
Discovery / Re: seedlist different community string
« on: June 21, 2018, 08:26:17 AM »
Hey,

nedi.pl accepts the following parameters:

-u file Use specified seedlist
-U file Use specified configuration

And as you know, you can specify community in seedlist for each device and you can set default community in the configuration.

Maybe those help you create the setup you need? Simply run nedi.pl from crontab with the parameters and seedfile/config you want.

Br,
Hannu

5
Definition Files / ASA5508 and ASA5506 defs
« on: April 05, 2018, 11:08:21 AM »
Defs for new'ish ASA models:

1.3.6.1.4.1.9.1.2120.def ASA5508
1.3.6.1.4.1.9.1.2114.def ASA5506

Didn't see these defs in 1.6.100p4 tgz.

6
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:32:14 PM »
We run the cleaning script once a week every Saturday, but the network is rather small (<50 MB database).

7
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:07:17 PM »
We've just ignored the error regarding missing "RELOAD" permissions as it didn't seem important, but I think I have not seen this "RESET MASTER" error.

Now that the nodes table is clean from old legacy, do you see if it helped with the original mac address # per port issue at all? :)

8
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 09:39:50 AM »
The 1.6 html/log/Readme.txt has the following tip if you can't update via web interface:

> "nedi.pl -i updatedb" updates the DB from 1.5.225

So you can just backup nedi.conf and seedlist, then untar the tgz contents over your old files, maybe move new nedi.conf and seedlist to somewhere else and then restore the production nedi.conf and seedlist. Finally diff the old and new nedi.conf to see what has changed and then do the updatedb thing to update the database.

I've now switched to contrib/nedi_db_maintenance.sh and it seems to work ok once you modify the dbpass logic (use the stuff that's commented out, which grabs the dbpass from nedi.conf) and remove mysql's --ssl parameter if it doesn't work (or fix mysql to make it work). I think it's safer to use the script that comes with the same Nedi version as table names might have changed. The http://forum.nedi.ch/index.php?topic=1446.0 script was also pretty good with 1.5.225 and I think it also cleaned up the rrd files, where as nedi_db_maintenance.sh only does DB maintenance as its name implies.

Br,
Hannu

9
Definition Files / Cisco Catalyst 3650 stack def
« on: December 11, 2017, 09:04:08 AM »
Cisco Catalyst Cat3650 Stack 1.3.6.1.4.1.9.1.2066

For now it's a copy of 1.3.6.1.4.1.9.1.1745.def.

10
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 07, 2017, 09:31:29 AM »
Looks like we're still using the script from this thread:

http://forum.nedi.ch/index.php?topic=1446.0

I need to look into implementing the current contrib/nedi_db_maintenance.sh :)

11
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 06, 2017, 03:22:16 PM »
Does population count decrease if you run scheduled maintenance to delete old nodes from the DB?

We've used three ways to find rogue switches, but you're probably familiar with them all:

Reports->Nodes->"Node distribution" -> "Nodes / Port"
Reports -> Devices -> "device connections" -> "Neighbor undiscovered"
Monitoring -> Events -> Discover events (class like ned%)

And next step would be to deploy 802.1x to manage what gets connected to the network...

Br,
Hannu

12
Definition Files / Definition for Cisco 888EA
« on: November 27, 2017, 10:20:02 AM »
Didn't see this included with 1.6.100p4:

Cisco 888EA 1.3.6.1.4.1.9.1.1542

13
Installation / Re: Fortigate backup
« on: November 27, 2017, 10:15:25 AM »
Is there a specific reason you'd want to use scp backup with NeDi for Fortigate? You can use the export button in the NeDi GUI if you want to export the configs to a file and use that file with a new Fortigate device e.g. when replacing a faulty one.

I guess the reason NeDi does "show full-config", and similar commands, is to be able to easily get diff from earlier configs and other benefits. That would require extra steps with external scp backups.

NeDi's backup mechanism has been pretty good in our experience, although we have two sites where NeDi is not used for Cisco backups and instead we do "snmpset -t 5 -c <comm> -v1 <device-ip-addr> .1.3.6.1.4.1.9.2.1.55.<tftp-serverip-addr> s <filename>" from cron with a separate script. It doesn't integrate into NeDi, which isn't an ideal situation, but it gets the job done.

Br,
Hannu

14
Discovery / Re: JunOS cli and collecting configs
« on: November 17, 2017, 09:41:26 AM »
You could create new OS type, call it JunOS-shell or whatever, and choose that for that device in the definition generator. Then you don't have to break the existing JunOS setup in libcli.pm. But of course it might still break the same def file for your other EX2200 devices that give you the normal cli with enable command.

15
Definition Files / Definition for HP 2530-8 1.3.6.1.4.1.11.2.3.7.11.147
« on: October 30, 2017, 12:52:28 PM »
Hi

Definition for HP 2530-8 1.3.6.1.4.1.11.2.3.7.11.147 attached. Didn't see it in 1.6C tar.gz.

Pages: [1] 2 3 ... 9