Welcome, Guest. Please login or register.

Recent Posts

Pages: [1] 2 3 ... 10
1
Discovery / Re: Discovery ignoring netfilter?
« Last post by pato on Today at 09:43:25 AM »
The thing is, I believe they will not show up in the GUI because of the filter, but they still get sent the credentials in the -p discovery.
2
Discovery / Re: Discovery ignoring netfilter?
« Last post by ascii on Today at 09:25:56 AM »
i*m quite sure.
i keep forgetting to add new subnets to the filter and NeDi will not discover them since they are out the netfilter range.
after i add them than the discovery works
3
Discovery / Re: Problem getting correct PoE Infos of Cisco Switches
« Last post by swepart on April 23, 2018, 10:37:44 PM »
I got it work now, but i had to change OID. 
This OID  1.3.6.1.4.1.9.9.402.1.2.1.9 give me wrong values, to low  (check with 'show power inline' )

1.3.6.1.4.1.9.9.402.1.2.1.7 gives me same values as 'show power inline' command

4
Installation / Re: upgrade from 1.6 to 1.8
« Last post by rickli on April 23, 2018, 07:10:11 PM »
BTW, I've just updated nebuntu.sh to detect the PHP version automatically. It should be a lot more robust now...
5
Discovery / Re: Discovery ignoring netfilter?
« Last post by pato on April 23, 2018, 03:46:40 PM »
That's how it is shown in the config file.
And you are sure that the credentials aren't sent to other devices if you do a -p discovery?
You need to enable -v (verbose) mode to actually see it.
6
Installation / Re: upgrade from 1.6 to 1.8
« Last post by nedijedi on April 23, 2018, 03:23:14 PM »
Thanks rickli that is the conclusion I came to, much easier to get running and maintain.
7
Discovery / Re: Problem getting correct PoE Infos of Cisco Switches
« Last post by MPell on April 23, 2018, 01:00:34 PM »
Hi swepart,

I use the folowing settings in nedi.conf

Code: [Select]
# Set policy how poe delivery should be tracked per device type,
# or default for all (comment to ignore PoE completely):
# disprot use the discovery protocol
# ifmib get real value from the interfaces
usepoe default ifmib

I think after the "usepoe" you have to define what method NeDi should use for gathering PoE Infos. Here you can say: as "default" use "ifmib" (or "disprot").
I defined it as default, because I had the problem with all of my Cisco-PoE capabel Switches. To define the ifmib-method only for several Switchdevices (by Type), it may work for you, if you define a special Line for your Cisco-Switchtype (as I understand for now):

Code: [Select]
usepoe default disprot
usepoe WS-C3560CX-12PC-S ifmib

Good luck.


PS: My switch is on IOS c3560cx-universalk9-mz.152-4.E2.bin as yours
8
Discovery / Re: Discovery ignoring netfilter?
« Last post by ascii on April 23, 2018, 11:53:36 AM »
i'm not sure if you realy need to escape the dots.

i use these filter and it works perfect.

Code: [Select]
netfilter 10.68.255.23[3-8]|10.68.16.8$|10.68.18.100|10.68.52.{1,3}|10.68.53.{1,3}|10.68.84.22[5-6]|10.68.14[4-7].[5-9]$|10.68.144.10$|10.72.3.{1,3}|10.72.15.{1,3}|10.72.49.1[5-8]$|10.72.99.[2,3]|10.72.4.[4,7]$|10.81.105.1[1-9]$|10.81.105.1$|10.81.220.15[1-4]|10.81.223.229|10.81.223.230|10.81.223.24[3-6]|10.81.223.254|10.81.223.16[1-9]|10.82.23.254|10.82.23.7[0-9]|10.81.64.241|10.81.64.225|10.81.64.235|10.81.92.{1,3}|10.81.172.10$|10.81.175.{1,3}|10.81.175.1[3-5][0-9]|10.81.192.1|10.81.194.73|10.81.175.[6-9][0-9]|10.81.175.1[0-2][0-9]|10.80.146.254|10.81.132.[1-5]$|10.81.134.[6-9][0-9]|10.81.134.1[0-2][0-9]|10.81.179.[6-9][0-9]|10.81.179.1[0-2][0-9]|10.80.140.[1-5]$|10.80.142.[6-9][0-9]|10.80.142.1[0-2][0-9]|10.80.148.[1-5]$|10.80.150.[6-9][0-9]|10.80.150.1[0-2][0-9]|10.81.128.[1-5]$|10.81.130.[6-9][0-9]|10.81.130.1[0-2][0-9]|10.80.49.[1-5]$|10.80.51.[6-9][0-9]|10.80.51.1[0-2][0-9]|10.80.105.[6-9][0-9]|10.80.105.1[0-2][0-9]|10.81.177.5$|10.80.100.[1-5]$|10.80.102.[6-9][0-9]|10.80.102.1[0-2][0-9]|10.80.136.[1-5]$|10.80.138.[6-9][0-9]|10.80.138.1[0-2][0-9]|10.80.39.[1-5]$|10.80.41.[6-9][0-9]|10.80.41.1[0-2][0-9]|10.80.108.[1-5]$|10.80.110.[6-9][0-9]|10.81.116.[1-5]$|10.81.118.[6-9][0-9]|10.81.118.1[0-2][0-9]|10.80.60.[1-5]$|10.80.62.[6-9][0-9]|10.80.62.1[0-2][0-9]|10.81.111.[1-5]$|10.81.113.[6-9][0-9]|10.81.113.1[0-2][0-9]|10.81.121.[1-5]$|10.81.123.[6-9][0-9]|10.81.123.1[0-2][0-9]|10.80.54.[1-5]$|10.80.56.[60-99]|10.80.56.1[0-29]|10.240.16.62$|10.80.254.249|10.80.254.245|10.72.243.246|10.72.129.20$|10.80.99.121|10.80.23.19[3-9]|10.80.23.2[0-29]|10.80.3.190|10.80.3.13[0-9]|10.80.181.19[3-9]|10.80.181.20[0-9]|10.80.17.[1-9]$|10.80.17.1[0-9]$|10.81.215.254|10.96.1.[0-99]|10.96.1.1[0-27]|10.80.167.[0-99]|10.80.167.1[0-27]|10.80.159.[0-99]|10.80.159.1[0-27]|10.80.32.254|10.81.240.5$|10.81.240.9$|10.80.202.254|10.80.202.66|10.81.191.254|10.81.191.7[0-9]|10.80.47.66|10.80.47.254|10.34.60.20$|10.34.94.10$|149.216.32.176|10.80.27.254|10.80.15.17[1-4]|10.80.22.4$|10.80.15.206|10.80.98.254|10.80.97.254
9
Discovery / Re: Problem getting correct PoE Infos of Cisco Switches
« Last post by swepart on April 22, 2018, 11:45:53 PM »
I still have problem with POE on this switch model

what IOS version are you on,, I have c3560cx-universalk9-mz.152-4.E2.bin

My nedi.conf
# Set policy how poe delivery should be tracked per device type,
# or default for all (comment to ignore PoE completely):
# disprot       use the discovery protocol
# ifmib         get real value from the interfaces
# usepoe                default disprot
ifmib


and I am using this OID for POE in combination with IF-Name2index
1.3.6.1.4.1.9.9.402.1.2.1.9

I am using 1.3.6.1.4.1.9.5.1.4.1.1.11 for poe index
10
Discovery / Discovery ignoring netfilter?
« Last post by pato on April 20, 2018, 10:04:10 AM »
Hi all
I'm using the current Nedi 1.6.100p4, which I've installed two days ago.
This all worked fine and after some time I even discovered why the discovery took hours instead of minutes (ssh access wasn't allowed).

What disturbs me though, if I run a ./nedi.pl -p -v, I can see that nedi sends my snmp v2 strings to devices that aren't in the filter list that I've configured. Don't have any snmpv3 ones. Not sure if it also does the same with my ssh credentials.

Is this by (undocumented) design or a bug?
My netfilter:
# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
;netfilter      ^192\.168\.0|^172\.16
netfilter       ^192\.168\.0|^192\.168\.62

# To avoid networks
;netfilter      ^(?!192.168.1).*$
netfilter       .

And I see in the debug that it tries to connect to 10.10.2.50 (for example), which it shouldn't based on the netfilter.

-
pato
Pages: [1] 2 3 ... 10