Download CNAC - Cisco

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Extensible Authentication Protocol wikipedia , lookup

Airborne Networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Parallel port wikipedia , lookup

Serial port wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Network tap wikipedia , lookup

Power over Ethernet wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
Cisco Network Asset
Collector (CNAC)
1.2 Implementation
Training
CNAC Engineering Team
Support: http://www.cisco.com/go/ssc
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Agenda
 Solution Objectives (Design logic, Scope, System requirements)
 Decoding Network Discovery
 Decoding Discovery Troubleshooting
 Decoding Intelligent Inventory
 Inventory Transport
 Test Case Processing / Reporting
 Support
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
CNAC – Optimal Environments
 Organized Networks – consistent
configuration of Cisco hardware (SNMP,
Telnet)
 Streamlined Security – pre-designed access
for NMS applications implemented
 Centralized management of Network
Elements
 Cisco Hardware Product Diversity – the
wider variety of Cisco chassis models the
better
 Moderate Network Size – ~500 to ~1,500
Cisco chassis in production
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
CNAC – Network System Requirements
1
Cisco Chassis Hardware
IPv4, SNMP enabled, Telnet/SSH enabled, SNMP
R/O Strings, CLI non-privileged mode credentials
2 Network Configuration
Access to IP source address permitted
bi-directional ICMP port 7, UDP Ports 161,
445 TCP Ports 22, 23, 25, 53, 80, 137 to all IP
networks containing Cisco hardware
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Cisco Network Asset
Collector (CNAC)
Solution Objectives
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
CNAC – Solution Objectives
Quality
E2E solution
to exceed
70%
accuracy,
average
~40%
Reduce
Resources
Fast in
installation /
operation,
ease of use
KTN0232–CNAC Technical Guide_v1.1.ppt
Lower
Impact
Tool
operator
requires
moderate
network
knowledge
and tool
training
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Attention
to Detail
1st Cisco
E2E
solution
focused on
Asset ID
and Service
Status
6
CNAC – Solution Objectives Expanded
Singular focus
On Cisco hardware ID and associated service status
Complexity Simplified Myriad of complex instructions automatically performed
Less is More
Flexibility
Research Applied
Quality
KTN0232–CNAC Technical Guide_v1.1.ppt
Less data collected, data collected is of optimal quality
Designed to work in most partner / customer
environments, based upon Industry standards
Cisco has re-tested most of it’s Chassis hardware
and resulting solutions are embedded in CNAC
Reports are sourced / validated using most advanced
Cisco logic available
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
CNAC – Scope of Solution
90%>
Discovery of Cisco Chassis = all models
supporting IP and SNMP AND using a
Cisco Operating System
85%>
Customized Inventory of Cisco Chassis
and Cards
Near Time Inventory Reusable, but not an ongoing Move,
Add, Change probe
Sole Focus
KTN0232–CNAC Technical Guide_v1.1.ppt
Electronic Asset Identification of Cisco
Serviceable Hardware
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Electronic ID of
Cisco chassis,
including
quantity by
model
Cisco 3640 qty 87
Cisco 7513 qty 36
Data Quality
Network Inventory
Network Discovery
Cisco Electronic Asset Identification Elements
Electronic
retrieval of
Product ID and
Serial Number
data from Cisco
chassis and card
hardware
(serviceable
hardware)
Programmatic
analysis, validation,
and linking of
retrieved inventory
data to service status
Cisco 3640 S/N 86343720
NM2E2W S/N 38619874
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Discovery vs. Inventory
Discovery
Determine Network
Equipment and Model
(Chassis Only)
Inventory
X
Uniquely Identify
Equipment (i.e. Serial
Number)
X
Ascertain Chassis
and Card info
X
Extract Software info
and ad-hoc data
X
Pre-Requisites
KTN0232–CNAC Technical Guide_v1.1.ppt
None
© 2008 Cisco Systems, Inc. All rights reserved.
Discovery or manual asset
mgmt documentation
Cisco Confidential
10
Cisco Network Asset
Collector (CNAC)
Network Discovery
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Network Discovery Decoded
ICMP Echo Transmitted
Each host address queried with ICMP Query
ICMP Echo Rely
Each host address receiving Echo and capable of transmitting an Echo reply via ICMP Port 7 is
“discovered”
SNMP Discovery Query
The sysObjectID OID is queried using each SNMP R/O String provided over UDP Port 161 until a value is
returned or all the R/O strings are exhausted. When / if value returned the Local Interfaces are collected
and used to consolidate multiple local interface chassis to a single device.
sysObjectID Query Value Provided
CNAC examines the IANA Enterprise Number (1.3.6.1.4.1.9.1.162) the 7th octet, Cisco Systems
registered the value “9” all other Cisco acquired companies IANA values are also known. If sysObjectID
IANA value is Cisco or Cisco Acquired Company, CNAC lists the chassis by it’s sysObjectID value (i.e.
ciscoAS5300) as a Cisco chassis in device manager under “Cisco Devices”, if the IANA value is
non-Cisco the device is listed in CNAC Device Manager as a “Non-Cisco Device”
sysObjectID Query Null Result
CNAC lists the logical device by either it’s DNS or IP Address as a “Partially Discovered Device”
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
CNAC Performance Adjustments
 System Preferences – Global Preferences: default settings can be
adjusted lower in high performance network environments
 System Preferences – Performance Preferences: set to High
if possible
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Network Security Credentials
 Settings Credentials – SNMP R/O Community: enter all known, used
strings, arrange in order of frequency of use for maximum performance
 Settings Credentials – CLI Credentials: enter all known Telnet passwords
in the “Telnet Password”, enter all known Telnet usernames and Telnet
passwords in the “Telnet Non-Privileged UserName / Password” arrange in
order of preference
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Network Discovery Implemented
Two Methods; IP Address Range
or IP Network: easily configurable,
only 1 can be selected at a time
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Network Discovery Status
 Confirmation: CNAC will confirm
approximate number of IP hosts that will
be discovered
 Results: Details on the Number of
Cisco, Non-Cisco and Partially
Discovered Devices
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Cisco Network Asset
Collector (CNAC)
Discovery
Troubleshooting
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Discovery Troubleshooting Decoded
 UDP Port 161 and 445 Queried – port 161 is SNMP R/O “Get” packets,
port 445 is MS Directory Services, If a UDP Query is received by a host,
and the host has the port closed it will attempt to reply with an “ICMP Port
Unreachable” message, if the port is open however, no reply is
generated/transmitted
 TCP Ports 22,23,25, 53,80 Queried – port 22 is SSH, port 23 is Telnet,
port 25 is SMTP Server, port 53 is DNS Server, and Port 80 is HTTP
Server. Each port replies with an open port sequence if the port is open,
and a “closed” reply if the port is closed and the port connection query is
received.
 SNMP R/O String Values Queried – Each R/O string provided by the
CNAC user is sequentially used to query the sysObjectID OID, until a value
is a retrieved or all the strings have been attempted.
 Port Query Summary Code Logic – CNAC examines the results of each
port query to each partially discovered device and provides a summarized
summary of the logical status of the device along with detailed description
of likely root causes for not supporting standard Discovery services
 Non-Cisco Devices Identified – CNAC will classify all devices which be
logically determined to not have been manufactured by Cisco , reducing the
amount of troubleshooting required to accurately discover all Cisco devices
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Discovery Troubleshooting Results
Summary: CNAC will sort the devices into
Non-Cisco, No/Restricted Connectivity
Devices and Inconclusive devices
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Discovery Troubleshooting Detail
View Results Detail: Detailed status
provided for troubleshooting guidance,
including port by port result interpretation,
this is a key unique feature of CNAC,
please use extensively.
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Cisco Network Asset
Collector (CNAC)
Cisco Product
Instrumentation
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Cisco CLI Instrumentation Decoded
 Non-Volatile – CNAC engineering research validated that CLI command is
read-only non-volatile data with regard to Electronic Asset ID data elements
 Non-Privileged Mode – CNAC engineering research validated that the necessary
Electronic Asset ID data elements can be retrieved using CLI commands which are
read-only
 CLI Command Logic – Most of the Cisco CLI commands that retrieve various
electronic asset ID data elements are coded to query the values burned into
NVRAM “IDPROM” chips typically embedded onto almost all Cisco serviceable
hardware components
 Serial Numbers – CLI commands simply retrieve the values embedded in
IDPROM chips, so for those Cisco chassis products that had a value other than the
Chassis Serial Number burned into the cSN field, CLI commands report this value
as the cSN
 Serial Number Format Compatibility – unlike some legacy Cisco SNMP MIB’s,
Cisco CLI Commands are capable of accurately displaying both integer and
alphanumeric serial number values
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Cisco SNMP Instrumentation Decoded
 Mostly Non-Volatile – CNAC engineering research validated that most SNMP
commands are read-only with regard to electronic asset ID values, a notable exception is
the legacy chassis serial number MIB, chassisID

Read-Only Community Strings – CNAC engineering research validated that the
necessary Electronic Asset ID data elements can be retrieved exclusively with SNMP
R/O credentials, there is no need to modify values, the lone exception being rare
environments that have extensively modified the chassisID default values
 SNMP Command Logic – Most of the Cisco SNMP commands that retrieve various
electronic asset ID data elements are coded to query the values burned into NVRAM
“IDPROM” chips typically embedded onto almost all Cisco serviceable hardware
components
 Serial Numbers – SNMP commands simply retrieve in almost all cases the values
embedded in IDPROM chips, so for those Cisco chassis products that had a value other
than the Chassis Serial Number burned into the cSN field, CLI commands report this
value as the cSN
 Serial Number Format Compatibility – Some legacy Cisco SNMP MIB’s, such as the
popular legacy MIB, cardSerial, cannot properly display serial numbers in anything other
than an integer format, Intelligent Inventory adapts to this issue
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Cisco Network Asset
Collector (CNAC)
Intelligent Inventory
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Intelligent Inventory Decoded
 Total Cisco Unique Chassis Population Researched – CNAC engineers examined
and collated all Cisco assignment of SNMP sysObjectID values to all Chassis
equipment from the companies inception in 1984 to mid – 2006, determining that 613
unique products have been manufactured by Cisco

Reverse Engineering Performed – 335 of primarily the most popular Cisco chassis
were tested to determine the optimal SNMP and CLI commands which yield the best
possible electronic asset ID values with minimal data using read-only security
 sysObjectID is unique identifier – CNAC first queries the sysObjectID OID,
determines the exact SNMP OID’s and CLI Commands to query against a table of
Intelligent Inventory sysObjectID Solutions embedded in CNAC
 Global Inventory Commands – a very small number of SNMP OID’s (i.e.
sysObjectID, ciscoImageString, etc.) have been determined to be close to universally
supported by Cisco equipment and are automatically queried on all CNAC devices.
 Default Commands – a minimal number of common SNMP OID’s and CLI Commands
are used to query any Cisco device for which the sysObjectID value does not yet have
an Intelligent Inventory solution defined
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Intelligent Inventory – Global Commands
Global Commands: SNMP
commands automatically queried on
all Cisco devices, almost universally
supported across Cisco products
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
Intelligent Inventory – Unique Identifier
sysObjectID Key Unique Identifier:
CNAC uses this value to determine
the Intelligent Inventory “Group
Solution”
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Intelligent Inventory – Solution Logic
Group Solution: unique combination of SNMP MIB’s and / or
CLI Commands specific to this product and asset management
values decoded
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
Intelligent Inventory – Default Logic
Default Solution: SNMP and CLI commands automatically queried on any
Cisco devices which does not currently have an Intelligent Inventory “Group
Solution” provided, these commands are almost universally supported across
Cisco products, less than 10% of products by volume in production networks
should be in this category
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Intelligent Inventory – Data Entry Options
Options: CNAC can automatically
inventory all discovered devices, a
subset of discovered devices,
manually added devices or devices
from a seed file
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Cisco Network Asset
Collector (CNAC)
Data Export / Data
Security
KTN0232 – CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Data Collection / Transmission Decoded
• Intelligent Inventory “Raw” Data – A directory is created using the DNS/IP for each
device that is inventoried by CNAC. The directory is located by default at the following
location: c:\program files\cisco
systems\cnac\eclipse\plugins\ondc_1.0.0\data\inventory\xxxxxxx. Within this
directory there is a file called, “ExportData.csv” which is unencrypted and contains the
output of all data (SNMP and CLI) collected by CNAC.
• Export Intelligent Inventory – When this CNAC feature is selected, the data from all
of the chassis that are inventoried is consolidated into a single winzip file, located
inside the following directory:
c:\program files\cisco
systems\cnac\eclipse\plugins\ondc_1.0.0\data\export\xxxxxxx. This file is
encrypted using Cisco’s PGP Public Key and emailed to cnac-reporting@ cisco.com.
Upon export, ensure that the CNAC Inventory file is attached to the ISIR request.
• CNAC Inventory Decrypted and Post Processed – Using Cisco’s PGP Private Key,
CNAC engineers decrypt the CNAC inventory file and begin a series of data extraction
and post processing services that result in the generation of a CNAC ISIR report in a
Microsoft Excel format.
• CNAC Report Secure Transmission – Cisco encrypts the ISIR report using a WinZip
archive, this file is then posted. An e-mail which contains the password is distributed to
the external Partner/Customer.
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Support of CNAC
Cisco Service Support Center –
All CNAC Registration and Support
http://www.cisco.com/go/ssc
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
CNAC – Benefits of Implementation
1
Network Identified Inventory
All accessible Cisco hardware
2
Customer In-Service Inventory
All accessible Cisco hardware
3
Knowledge Acquisition
Optimal methods of Network Discovery and Network Inventory
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
KTN0232–CNAC Technical Guide_v1.1.ppt
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
Related documents
Cisco on Cisco Chevron Presentation
Cisco on Cisco Chevron Presentation
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Learning Services
Learning Services
Network Addressing
Network Addressing
CCNP – Cisco Certified Network Professional -Routing and
CCNP – Cisco Certified Network Professional -Routing and
The End of the Network as You Know It
The End of the Network as You Know It
cisco certified network associate
cisco certified network associate
Cisco certified network associate
Cisco certified network associate
Cisco SPA932 32-Button Attendant Console Cisco Small Business IP Phone Highlights
Cisco SPA932 32-Button Attendant Console Cisco Small Business IP Phone Highlights
Learning Services Cisco Training on Demand Routing Protocol Bootcamp Overview
Learning Services Cisco Training on Demand Routing Protocol Bootcamp Overview
Network Research and Research Networks
Network Research and Research Networks