Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

    Detailed Procedures

    VLAN Discovery can run in Java Graphical User Interface (GUI) or in text mode for scripting purposes. The following describes how to use the VLAN Discovery task in the Task Manager on the client GUI, followed by the corresponding scripting interface.

    Setting up the Router Profile

    Before scheduling a VLAN Discovery task, the necessary connectivity information should be specified through the Router Profile, as described below. This includes the IP address or IP address range and the corresponding community string. SSH/telnet login information can also be optionally added for additional CLI collection which can be scheduled after the VLAN discovery.

    1. Select Admin > Task Manager to open the Task Manager, and then select Router Profiles.
    2. Click “New Profile” to create a new router profile, for example, with name VLANDiscovery.
    3. In the Router Profile window, click “Add” to add minimally the IP address and the SNMP community string for the routers that you would like to collect.

      Figure 61: Router Profile Window

      Router Profile Window
    4. On the General Parameters tab, enter in a specific IP address or an IP address range in the IP Address field. You can enter in each router as a separate entry with its own community string. Alternatively, to scan a range of IP addresses, you can enter in the range in braces, for example, 10.0.[0-15].[0-255].
    5. Specify a default login, password, and Enable password. If a jump server will be required to reach this device via SSH, specify the jump server IP address in the Agent(s) field. This information will not be used directly during the VLAN Discovery task, but will be used to create a device profile for the subsequent Network Config Data Collection Task.
    6. On the SNMP Parameters tab, enter in the SNMP community string information. Optionally click the button to the right of the community string field to encrypt the community string. Note that once the community string is encrypted, it is not possible to view it again in plaintext from IP/MPLSView.
    7. Click the “Add” button in the add window to add this new entry to the router profile.
    8. Repeat these steps to add subsequent IP addresses or ranges of IP addresses. When you are done entering in the router profile details, select Close.
    9. In the router profile window, click the Save button to save your router profile.

      Figure 62: Adding a Router Profile Entry for an IP Range

      Adding a Router Profile Entry for an IP Range

    Scheduling a VLAN Discovery Task

    Once the router profile has been created and validated with the IP addresses and associated SNMP community strings, the next step is to schedule the VLAN Discovery task to collect SNMP data.

    In the Task Manager, select New Task... and select the VLAN Discovery Task. Enter in a descriptive Task Name and then click Next.

    Figure 63: VLAN Discovery Task Parameters

    VLAN Discovery Task Parameters

    Collection Options


    In the top portion of this window select the router profile in the drop down list containing the devices to be collected. Then selected the desired IP addresses or IP address ranges to collect in this router profile, and click Add to move them to the right hand side list.

    The VLAN Discovery results can be imported directly into the Live Network for viewing purposes. Otherwise, select the checkbox “Check this if you want to save the collected data other than default directory” and click Browse to specify the Collection Directory.

    The Incremental Data Collection checkbox is checked by default to retain the data from the previously collected switches when starting a collection. In order to do a fresh collection from scratch, uncheck this option. In that case the old files in the bridge collection directory will be removed before recollecting to that same directory.

    The option “Collect all devices including switches and non-switches” can be used to collect unrecognized device types for discovery purposes.

    For certain hardware, the “Collect dot1dTpFdbTable” can also be collected to stitch links based on the forwarding table. However, this is often not a reliable source for link stitching.

    Include devices whose IP addresses end with .0 or .255: By default these IP addresses will be ignored when collecting from a range of IP addresses.

    Mark filename as Duplicate for collected files with duplicate hostnames: Since the same device may have multiple IP addresses, there may be more than one collected file for the same hostname. Select this option to keep track of the duplicate hostname.


    Discovery Options


    There are two methods that can be used for discovering additional devices-- pingsweep or autodiscovery. Autodiscovery is used to automatically discover other devices that are known to the task’s “seed” devices via neighbor discovery / crawling, specifically through SNMP-based ARP or Cisco CDP table information. Pingsweep is used to scan any specified IP address ranges before SNMP collection to determine which IP addresses are reachable. Note that both of these methods are advanced features which require a separate license from the VLAN discovery.

    1. To enable auto discovery, select the Discovery Options tab, and select “Enable auto discovery (Crawl the network)”.

      Figure 64: VLAN Discovery Options

      VLAN Discovery Options
    2. The method of autodiscovery can be selected to include both ARP Table and Cisco CDP Cache Table or only one of these methods. In case polling the ARP cache will put a burden on the network, it may be desirable to uncheck this option, and to use the alternative Cisco CDP Cache Table instead (Cisco devices only). Alternatively, the pingsweep option on the Advanced tab may be preferred.
    3. The “Maximum hop count (default=3)” is used to specify how many recursive levels to discover based on arp/mac address table. Valid values are between 2 and 5. Note that the hop count mentioned here is a not the same as the physical hop count, but refers to the number of recursive levels. For example, if A’s ARP table contains B, and B’s ARP table contains C, then C could be discovered from the seed device A via a hop count of 2.
    4. Enter in the “Maximum number of discovery threads (default=5) “ to divide the task into multiple threads instead of running everything sequentially. To speed up the collection, a higher number can be used, for example, 10. However, a smaller number can be used to minimize the load on the network.

    Advanced Options


    On the Advanced tab are options to perform a ping sweep to collect data, specify an alternative community string list, specify a directory in which to log the progress, warnings, and errors encountered during the polling, and specify a location in which to save the resulting router profile for the valid IP addresses that are polled.

    Figure 65: VLAN Discovery, Advanced Tab

    VLAN Discovery, Advanced Tab

    Task Parameter

    Description

    Generated device profile

    Specify the location of the profile that will be created from the polled devices. The default directory is /u/wandl/data/.TaskManager/profile Using the resulting router profile, devices that are polled via SNMP for VLAN Discovery can then be polled via CLI for additional details such as configuration, interface, and equipment inventory.

    Allow duplicated hostnames in profile

    IP addresses polled during the autodiscovery or pingsweep process may represent the same device, usually indicated through an identical hostname. The default option is to disallow duplicated hostnames, only selecting one IP address per hostname, to prevent polling the same device more than once.

    In some situations, however, the IP address selected by IP/MPLSView may not be accessible to telnet/SSH, although another IP address that was discovered is. This option can determine what the other IP addresses are. A Test Connectivity check can be used to determine the correct profile to choose for a hostname.

    Black/White List File containing IP addresses or ranges to discover (white list) or to skip (black list)

    This is a file containing a list of IP addresses, one per line, that should be ignored by the discovery task. Any bad IP addresses that the task encounters during the discovery will be appended to this file. This is a required file, even if initially empty.

    This file will also allow the specification of a range of IP addresses to permit or deny/block on a line. For example:

    permit 10.0.1.[10-255]
    block 20.0.0.[1-255]

    Either browse for this file or select the Edit icon to create this file. Click the Save button to specify where to save this file, and click the Close button to return to the VLAN Discovery window.

    Alternate Community String File with optional SNMP get community string(s)

    This is a file containing one SNMP community string per line. The VLANDiscovery process will try alternate SNMP community strings from this set if the default/configured SNMP community strings specified in the router profile does not work.

    Either browse for this file or select the Edit icon to create this file. Click the Save button to specify where to save this file, and click the Close button to return to the VLAN Discovery window.

    Domain Names

    To specify the Domain Names, click on the editor button. If the domain is found in the device’s hostname, it will be removed from the hostname for proper link stitching of the devices.

    Log Directory

    This points to the path of the directory that will contain logging information, including the overall progress of the task, the list of devices with reachability status and basic SNMP information, autodiscovery progress via CDP or ARP, and blacklisted IP addresses.

    Select “Create a timestamp subdirectory” if this task will be run more than one time and you would like a separate log directory for each time. A subdirectory will then be created in the log directory according to the timestamp.

    Maximum number of discovery and collection threads (default=5)

    Set the maximum number of simultaneous connections to devices for SNMP polling of bridge files. For example, if set to 5, then the program can connect to 5 devices simultaneously to collect SNMP information.

    Do ping sweep before collecting data

    If this option is selected, devices in the specified IP address range(s) that are reachable via ping sweep will then be polled via SNMP for VLAN details. Select either regular ping or fping (recommended). Note that to use fping, you should specify the file path of the fping program (/u/wandl/thirdparty/fping/fping). For fping, you can specify the number of threads to use and the number of IP addresses per fping, so that different threads can run in parallel. It is recommended to use the default settings

    Collect dot1dTpFdbTable

    This option should not be used in general, since the forwarding table can be large, and it is unreliable to create links based on forwarding table relationships. Devices in the forwarding table may be multiple hops away.

    Remove JUNOS RE extension in hostname

    For JUNOS dual routing engines, the RE extension can be removed from the device’s hostname if this option is selected.

    1. Click Next. The scheduling parameters, as shown in the Schedule Task step of the New Task Wizard shown below, are the same for all task types.
    2. If you have the remote polling module, the polling server selection will be available to select which polling server to use, based on User Admin privileges. If your polling server does not show up, make sure that it is configured in the /u/wandl/bin/changeconfig.sh script, and that the server had been stopped and restarted subsequent to this change.

      Figure 66: VLAN Discovery Scheduling

      VLAN Discovery Scheduling
    3. If you wish to chain a task to run immediately after the VLAN Discovery task, such as the Network Config Data Collection task, then avoid using the scheduled time “Immediately”. Choose instead “Once” and enter a date in the future in “Set Start Time” or select a regularly recurring interval.
    4. Click Finish to continue.

    Check the Task Manager for information on the polling status. When the polling is finished, the topology will be updated on the Standard map.

    Chaining VLAN Discovery with Network Config Data Collection

    Once the router profile is created from the autodiscovery or pingsweep step, the login profiles can be used to collect CLI information to build up the network model. If you will be chaining the Network Config Data Collection immediately after the VLAN Discovery task, continue with the following steps. Alternatively, if you wish to manually validate the router profile and then schedule the CLI collection afterwards, skip to Validating the Router Profile and Scheduling CLI Collection on page 101.

    1. From the Task Manager, select New Task, and then select Network Config Data Collection. Enter in a Task Name and then click Next.

      Figure 67: Network Config Data Collection

      Network Config Data Collection
    2. For the Collection Directory, select Browse to select the same output directory used for the VLAN Discovery, for example, /u/wandl/data/collection/vlan1.
    3. For Select the device(s) to be collected, select the checkbox “Use Profile Directly”. Then select the profiles to be collected. Select the router profile output file created from the VLAN Discovery task. Additionally, select the profile containing the login information for any jumpserver that is required to connect to these devices. (This assumes that the agent field was populated in the profile range before running the VLAN Discovery task as described in Setting up the Router Profile.)
    4. Under Data Consolidation, select the VLAN Discovery directory based on the VLAN Discovery output directory, for example, /u/wandl/data/collection/vlan1/bridge

      Figure 68: Network Config Data Collection, Bottom Half

      Network Config Data Collection, Bottom Half
    5. For Data to Be Collected or Processed, select the desired information, for example, Configuration, Interface, Tunnel Path, Transit Tunnel, and Equipment CLI.
    6. For Alternate Login, click the Edit icon to enter in alternate login/password information in case the default one carried over from the profile range specification fails. After adding in the alternate login/passwords, click Save to specify the file in which to save this information. Then select Close.

      Figure 69: Alternate Login Specification

      Alternate Login Specification
    7. Under Collector Settings, change the No. of processes in case you want to collect more devices simultaneously. The No. of retry can also be increased in case you want to retry a device if the device is unreachable at the time of polling.
    8. Click Next.
    9. In the scheduling screen, you can select the polling server. This should be the same one used for the VLAN Discovery task.
    10. Next, for the Schedule Type, choose Immediately After and select the preceding task.

      Figure 70: Scheduling Immediately After

      Scheduling Immediately After

    Validating the Router Profile and Scheduling CLI Collection

    The following steps can be used to validate the router profile if the tasks are to be run manually without the task chaining mentioned in Chaining VLAN Discovery with Network Config Data Collection.

    1. From the Router Profile window (Admin > Task Manager, Router Profile), select the router profile that has been generated in the last step and select Actions > Test Connectivity.
    2. In the Test Connectivity window, click the Options... button to enter in the following options:
      • Alternative login/password(s) on the Login/Password tab.

        Figure 71: Alternative Login/Passwords

        Alternative Login/Passwords
      • Optional SNMP get community string(s) on the SNMP tab.

        Figure 72: Alternative SNMP Community Strings

        Alternative SNMP Community Strings
      • Connectivity options (for example, Ping, Telnet, SSH, and/or SNMP) on the General tab.
      • Allow for concurrent access of a number of devices (Number of simultaneous access) on the General tab.

        Figure 73: Test Connectivity General Options

        Test Connectivity General Options
    3. Click the Start button to begin the connectivity test.
    4. Once the connectivity test is completed, accept the corrections that are made, for example, to the login information of the router profile, via the Profile Fix button menu.
    5. The resulting profile is now ready for CLI collection via the Scheduling Live Network Collection task. (Admin > Task Manager, New Task, Scheduling Live Network Collection). For the collection methods, select config, interface, equipment_cli, and any other information of interest.

    VLAN Discovery Text Mode

    VLAN Discovery task is also available from the command line interface. This scripted version is useful in situations where the IP/MPLSView application is running on a different machine than the machine used to poll the layer 2 devices. Some additional polling configuration options are also available only to the text mode. Note that the text mode is an advanced feature of VLAN discovery requiring a separate license.

    To run VLAN discovery, a parameter file is used for SNMP polling, which provides the IP addresses or IP address range(s) and the corresponding SNMP community string.

    The following collect.sh script can be placed in the /u/wandl/bin directory:

    #!/bin/sh
    # Please check 3 important prerequisites: #
    1) do you have java? Verify by "java -version
    # 2) env variable WANDL_HOME
    # 3) DO NOT FORGET to set a dummy -spec_dir
    WANDL_HOME=/u/wandl
    export WANDL_HOME
    
    WLIB=$WANDL_HOME/lib/wandl TLIB=$WANDL_HOME/lib/thirdparty LD_LIBRARY_PATH=$WANDL_HOME/thirdparty/ucdsnmp/lib:$WANDL_HOME/lib/wandl/:$LD_LI BRARY_PATH
    export LD_LIBRARY_PATH /u/wandl/java/bin/java -Xmx512M -Xms512M -classpath $WLIB/bki.jar:$WLIB/beans.jar:$WLIB/event. jar:$WLIB/tmng.jar:$TLIB/commons-collections-3.1.jar:$TLIB/commons-configuration -1.1.jar:$TLIB
    /commons-lang-2.0.jar:$TLIB/commons-logging.jar -DWANDL_HOME=$WANDL_HOME taskobj.VLANDiscoveryTask $1

    The script should be run with a parameter file with the following syntax:

    Usage: ./collect.sh <param_file>

    Basic Discovery

    A basic discovery can be performed by simply listing the IP address and SNMP community string information for each device to be collected.

    maxthreads=10
    target_dir=/tmp/bridge
    logdir=/tmp/log
    10.1.0.1 wandlcom
    10.2.0.1 wandlcom
    10.3.0.1 wandlcom

    Pingsweep

    Advanced discovery can use either pingsweep or autodiscovery by ARP and CDP cache tables.

    The parameter file for pingsweep allows the user to specify IP ranges and alternative SNMP community strings in case connectivity fails when using the default community string.

    pingsweep=1
    fpingpath=/u/wandl/thirdparty/fping/fping
    maxthreads=10
    community=/tmp/communityfile
    target_dir=/tmp/bridge
    logdir=/tmp/log
    profile=/u/wandl/data/.TaskManager/profile/newprofile
    inc_non_switches=1
    retry=1
    timeout=2
    # seed range for ping scan with default community
    10.1.0.1 wandlcom retry=1 timeout=10
    10.2.0.1 wandlcom
    192.168.2.[1-254] wandlcom login=wandl passwdenc=asdfasdfasdf
    ppasswdenc=asdfasdfasdf agents=11.2.3.4
    192.168.3.[1-254] wandlcom login=wandl passwdenc=asdfasdfasdf
    ppasswdenc=asdfasdfasdf agents=11.2.3.4

    Note that the login and password entries are used to populate the resulting router profile for use with CLI collection, and are not used during the pingsweep/VLAN discovery step.

    This method would run a ping sweep through the IP addresses in the above ranges. For the IP addresses which are reachable via ping, the SNMP information would be collected and parsed into an intermediates directory, which can later be imported during config extraction through the File > Create Network > From Collected Data wizard, Files tab, VLAN Discovery directory. If the pingsweep parameter is not used, SNMP will be used instead to test reachability to the devices.

    A router profile would also be created as a result of this ping sweep with the devices that were reachable, for further use to collect CLI data via the Scheduling Live Network Collection task. For this reason, the login, password, and enable (privilege) password can be specified for given ranges to automatically populate the login and password of the resulting router profile. The passwords are provided in encrypted format, using the same format as the passwords in the router profiles saved in the /u/wandl/data/.TaskManager/profile/.

    Autodiscovery

    Autodiscovery can be used to discover IP addresses outside of the range by using the ARP cache and/or CDP neighbor information. For autodiscovery, it is recommended to specify only a few seed devices. The maxhops parameter is used to specify how many recursive levels are needed to discover the rest of the network. In some cases, the required number of recursive levels may be up to 10, depending upon the seed devices that are chosen.

    discover=1
    discover_by_arp=0
    maxhops=8
    maxthreads=10
    community=/tmp/communityfile
    target_dir=/tmp/bridge
    logdir=/tmp/log
    profile=/u/wandl/data/.TaskManager/profile/newprofile
    inc_non_switches=1
    retry=1
    timeout=2

    # seed range for ping scan with default community

    10.1.0.1 wandlcom login=wandl passwdenc=asdfasdfasdf ppasswdenc=asdfasdfasdf
    agents=11.2.3.4
    10.2.0.1 wandlcom login=wandl passwdenc=asdfasdfasdf ppasswdenc=asdfasdfasdf
    agents=11.2.3.4

    Parameter File Options

    Table 31: Autodiscovery Options

    Parameter

    Description

    discover=1

    This option, when set to 1, enables autodiscovery by ARP and CDP cache tables. It corresponds to the Enable autodiscovery option being checked in the VLAN Discovery task’s Discovery Options tab in the client GUI. Both “seed” devices and devices learned from ARP and CDP cache tables are polled and collected.

    • When discovery is set to 0, only the “seed” devices specified are polled and collected.

    discover_by_arp=0

    If discover=1 and discover_by_arp=0, then ARP will not be used in autodiscovery.

    discover_by_cdp=0

    If discover=1 and discover_by_cdp=0, then CDP will not be used in autodiscovery.

    maxhops=n

    Specifies how many recursive levels to auto-discover based on arp/mac address table, for example, value between 2-5.

    rangefrom=IP address

    rangeto=IP address

    This corresponds to the IP address range to discover in the VLAN Discovery Task in the client GUI.

    Table 32: Pingsweep Options

    Parameter

    Description

    pingsweep=1

    The pingsweep parameter is used to find which IP addresses in a particular range are active so that they can be polled for SNMP bridge information. It will test accessibility by ICMP with small timeout (0.5sec) compared to SNMP timeout (3 sec with 5 retries). If this is commented out, then it will perform snmp scan (check SNMP).

    By default, this parameter is not enabled.

    fpingpath

    The location of the fping utility. If fping is not specified, the default is to use ping.

    ipsperfping

    The number of IP addresses that will be pinged by a single fping command. The default value is 128.

    maxfpingthreads

    The number of simultaneous fping’s can be run at a time. The default value is 10.

    Table 33: General Options

    Parameter

    Description

    Seed devices

    Specify the device IP addresses or ranges followed by the SNMP community string, For example, 192.10.21.[1-254] wandlc1.

    To specify per-range attributes, the following parameters are also available: timeout, retry, login, passwdenc, ppasswdenc (password and privilege/enable password), agents (in case of an intermediate jump server that must be used to reach the device.)

    ipskip=filename

    This points to the file containing IP addresses to whitelist or blacklist. It corresponds to the VLAN Discovery Task option “File containing IP addresses or ranges to discover (white list) or to skip (black list”.

    • Each line of this file contains a whitelist or blacklist rule of the format:
      “[permit|block|deny] <ip range>”

      specifiying a range of IP addresses to permit or deny/block. Note that the keywords block and deny are interchangeable.

    • For instance, a sample ipskip file could contain the following lines:
      permit 10.0.1.[10-255]
      deny 20.0.[10-20].[1-255]
    • An IP address will be evaluated sequentially against each of the lines of the file. The first line matching the IP address will be applied. An IP address not matching any of the rules in this file will be given a default “permit”.
    • Several alternate formats are also supported as shown in the 3 lines below which have identical meanings.
      block 10.10.20.*
      deny 10.10.20.[0-255]
      10.10.20
    • Note that the ipskip file has precedence over rangefrom and rangeto. For instance, if you specify an address that falls with in an addresses specified under rangefrom and rangeto ranges, but that address is specified under a block or deny statement in the ipskip file, then that device will not be visited by the neighbor discovery / crawling algorithm.

    inc_non_switches=1

    When set to 1, this option will include a device that is neither a switch nor a router. The default value is 0.

    community=file

    This points to and corresponds to the File with optional SNMP get community string(s) option in the VLAN Discovery Task in the client GUI. The file contains one SNMP community string per line with an optional version specification:

    mycommunity, v2c
    public, v1

    The VLAN Discovery process will try alternate SNMP community strings from this set if the default/configured SNMP community strings specified in the router profile does not work.

    By default, no plan B community file is used.

    target_dir=directory

    This points to the directory where the collected SNMP bridge data will be stored. The default directory is /u/wandl/data/collection/.LiveNetwork/bridge

    logdir=directory

    This points to the directory that will contain Layer 2 collection status and error logging. By default the log files are not saved.

    profile=file

    This points to where the resultant generated profile will be created and corresponds to the Generated result profile option in the VLAN Discovery Task in the client GUI. Any additionally discovered devices will also be added to this profile file.

    It is recommended to specify a file location in /u/wandl/data/.TaskManager/profile, so that the generated router profile will be automatically included in the Router Profile window. By default, no profile is saved.

    maxthreads=n

    This divides the task into multiple threads instead of running everything sequentially. By default the value is 5 to minimize the impact on the network.

    timeout

    Default 3 seconds

    retry

    Default 3 seconds


    Collection Log


    A log file is saved under the /u/wandl/data/collection/.LiveNetwork/bridge/intermediates directory, with the name collectionLog.runcode.date

    The format of this file is as follows:

    ## collectionLog.x.201105241249
    ## Report Date=05/24/2011 12:49, Runcode=x
    #IP,ErrorMessage,sysName,Vendor,sysObjectID,BridgeAddr,sysDescr
    200.200.0.1,not reachable via icmp,,,,,,
    200.200.0.2,not reachable via icmp,,,,,,
    200.200.200.6,,HKG3640,CISCO,.1.3.6.1.4.1.9.1.110,,Cisco IOS Software, 3600
    Software (C3640-JS-M), Version 12.4(7a), RELE...,

    Table 34: Sample Error Messages

    Error Message

    Explanation

    not reachable via icmp

    The device is not reachable from the pingsweep

    not accessible (check SNMP parameters)

    The device is reachable via ping but not accessible via SNMP. The community string could be incorrect.

    duplicated sysname

    A device with the same hostname has already been accessed using another IP address

    no bridge mib data

    The device might be a router without switching capabilities

    Missing node data

    A device’s CDP neighbor has not been collected

    cannot find designated port

    A spanning tree neighbor may be missing from the collected data


    Troubleshooting


    Constructing a complete and accurate layer 2 can be challenging at times.

    • A particular device may be configured to prevent the polling of certain SNMP MIBs to reduce the potential increase in CPU loading.
    • Another challenge could be trying to collect information from devices that do not support the standard SNMP MIBs.
    • If the timeout for a particular device is not long enough, the bridge files may be incomplete, in which case they may not be shown on the topology.

    Under these imperfect conditions where collected data is incomplete, the VLAN Discovery task will still make use of all the information that is collected to construct as complete and as accurate a topology as possible.

    Check the log file output for indication of reachability issues. If there are reachability issues, check if there is a firewall or if there are access lists configured on the device blocking ICMP packets or the polling of specific SNMP tables.

    Modified: 2015-12-29