Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hannu Liljemark

Pages: 1 [2] 3
16
Definition Files / Cisco SG350-10 def
« on: February 24, 2020, 01:25:17 pm »
Hi

another def that wasn't available with 1.9C: Cisco SG350-10 1.3.6.1.4.1.9.6.1.95.10.3.

zip/def attached!


17
Hi

please find attached defs for three models, missing from 1.9C package:

2930M-24G-PoE+ 1.3.6.1.4.1.11.2.3.7.11.181.4
2930M-48G-PoE+ 1.3.6.1.4.1.11.2.3.7.11.181.5
2930Stack 1.3.6.1.4.1.11.2.3.7.8.5.7


18
Discovery / Re: Change the location separator after discovery?
« on: February 18, 2019, 09:57:29 am »
Change the location string on all your devices consistently to match the new locsep. Then wait for Nedi to contact all devices so the location data gets a refresh. Done!

19
Definition Files / Re: HP and hirschman def files request
« on: October 19, 2018, 11:22:28 am »
Hi

I think you could explore Nedi and create the HP defs on your own!

Remo has made a great tutorial: https://www.youtube.com/watch?v=bunFHB-RoUQ (referred at http://www.nedi.ch/documentation/expand/ which is also a good read).

Most likely you can just copy 1.3.6.1.4.1.25506.11.1.82.def to 1.3.6.1.4.1.25506.11.1.167.def and do small tweaks to pull data from 1920-24g-PoE+.

Same for 1810-8G: try to take a copy of 1.3.6.1.4.1.11.2.3.7.11.151.def and use that as starting point for 1.3.6.1.4.1.11.2.3.7.11.158.def.

And something like 1.3.6.1.4.1.11.2.3.7.11.166.def as the starting point for 1.3.6.1.4.1.11.2.3.7.11.170.def.

In the end the HP defs are very similar, depending on whether the device is Comware OS or ProVision OS based.

Then continue with the Hirschmann devices and once you're done with the defs, share them on this forum :) Don't worry on getting things perfect the first time. First get Nedi to pull snmp data from the devices, then maybe look into libcli stuff to get cli access and backups of the configs.

Br,
Hannu

20
Discovery / Re: Unable to Backup HP Procurve Switches
« on: September 10, 2018, 10:25:31 am »
Actually, now that I rethink about it, Nedi is looking for enable-prompt but can't find it.

If you look at inc/libcli.pm, you'll see what Nedi looks for to determine if it needs to do "enable" or if it has enable-access:

$cmd{'ProCurve'}{'ropr'} = '(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()\'+.-]+>\s?(\x1b\[[;\?0-9A-Za-z]+)+$';
$cmd{'ProCurve'}{'enpr'} = '(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()\'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$';

So, here after login the switch prompt is:

SW-LOCATION-1#

Where I can type exit and I get readonly prompt:

SW-LOCATION-1>

So you want to look at what kind of prompt you get after login. Try logging in manually to the switch as I suggested and see what steps you need to do the get "show run" working. Maybe the prompt is not what Nedi regexps are expecting. I'm not sure if the "banner exec" (post-login) can mess up things.

Br,
Hannu

21
Discovery / Re: Unable to Backup HP Procurve Switches
« on: September 10, 2018, 10:12:22 am »
Hi

What exactly does it look like if you manually login via telnet or ssh to the switch from the Nedi host, and try to display the running config ("show run")?

A sample of how it should go:

SSH :manager@10.10.10.10:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l manager 10.10.10.10
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'any key' sending ctrl-Y
CLI8:Matched enable prompt, OK
CMDR:no page result is OK
CMDR:show run result is OK
WAIT:show run
WAIT:Running configuration:
WAIT:
CONF:; J9775A Configuration Editor; Created on release #YA.15.12.0007

So, looking at the output from your case, something goes wrong after nedi sends ctrl+y to the "Press any key to continue" prompt. Maybe your customer has a funky login banner that freaks out Nedi?

----
manager@10.10.10.10's password:
HP J9775A 2530-48G Switch
Software revision YA.15.12.0007

Copyright (C) 1991-2013 Hewlett-Packard Development Company, L.P.

                   RESTRICTED RIGHTS LEGEND
 Confidential computer software.  Valid license from HP required for possession,
 use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer
 Software, Computer Software Documentation, and Technical Data for Commercial
 Items are licensed to the U.S. Government under vendor's standard commercial
 license.
                   HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
                   20555 State Highway 249, Houston, TX 77070

Press any key to continue
----

Br,
Hannu

22
Discovery / Re: seedlist different community string
« on: June 21, 2018, 08:26:17 am »
Hey,

nedi.pl accepts the following parameters:

-u file Use specified seedlist
-U file Use specified configuration

And as you know, you can specify community in seedlist for each device and you can set default community in the configuration.

Maybe those help you create the setup you need? Simply run nedi.pl from crontab with the parameters and seedfile/config you want.

Br,
Hannu

23
Definition Files / ASA5508 and ASA5506 defs
« on: April 05, 2018, 11:08:21 am »
Defs for new'ish ASA models:

1.3.6.1.4.1.9.1.2120.def ASA5508
1.3.6.1.4.1.9.1.2114.def ASA5506

Didn't see these defs in 1.6.100p4 tgz.

24
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:32:14 pm »
We run the cleaning script once a week every Saturday, but the network is rather small (<50 MB database).

25
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 02:07:17 pm »
We've just ignored the error regarding missing "RELOAD" permissions as it didn't seem important, but I think I have not seen this "RESET MASTER" error.

Now that the nodes table is clean from old legacy, do you see if it helped with the original mac address # per port issue at all? :)

26
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 13, 2017, 09:39:50 am »
The 1.6 html/log/Readme.txt has the following tip if you can't update via web interface:

> "nedi.pl -i updatedb" updates the DB from 1.5.225

So you can just backup nedi.conf and seedlist, then untar the tgz contents over your old files, maybe move new nedi.conf and seedlist to somewhere else and then restore the production nedi.conf and seedlist. Finally diff the old and new nedi.conf to see what has changed and then do the updatedb thing to update the database.

I've now switched to contrib/nedi_db_maintenance.sh and it seems to work ok once you modify the dbpass logic (use the stuff that's commented out, which grabs the dbpass from nedi.conf) and remove mysql's --ssl parameter if it doesn't work (or fix mysql to make it work). I think it's safer to use the script that comes with the same Nedi version as table names might have changed. The http://forum.nedi.ch/index.php?topic=1446.0 script was also pretty good with 1.5.225 and I think it also cleaned up the rrd files, where as nedi_db_maintenance.sh only does DB maintenance as its name implies.

Br,
Hannu

27
Definition Files / Cisco Catalyst 3650 stack def
« on: December 11, 2017, 09:04:08 am »
Cisco Catalyst Cat3650 Stack 1.3.6.1.4.1.9.1.2066

For now it's a copy of 1.3.6.1.4.1.9.1.1745.def.

28
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 07, 2017, 09:31:29 am »
Looks like we're still using the script from this thread:

http://forum.nedi.ch/index.php?topic=1446.0

I need to look into implementing the current contrib/nedi_db_maintenance.sh :)

29
Discovery / Re: Identify where "rogue" switches are connected to
« on: December 06, 2017, 03:22:16 pm »
Does population count decrease if you run scheduled maintenance to delete old nodes from the DB?

We've used three ways to find rogue switches, but you're probably familiar with them all:

Reports->Nodes->"Node distribution" -> "Nodes / Port"
Reports -> Devices -> "device connections" -> "Neighbor undiscovered"
Monitoring -> Events -> Discover events (class like ned%)

And next step would be to deploy 802.1x to manage what gets connected to the network...

Br,
Hannu

30
Definition Files / Re: Cisco 3850 stack def
« on: November 18, 2016, 12:22:36 pm »
Oh, cool. I think yours is probably better!

Only thing is that the boot image OID reports "STRING: "flash:packages.conf" " on this stack that I have access to :) And module class I kept 3|6|10 as 9 reports both the switches on the stack but not serial numbers so I didn't think it was useful info. Maybe also collecting 9 class modules is handy for some reports...

Pages: 1 [2] 3