1 © 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 – CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) 1.2 Implementation.

  • Published on
    22-Dec-2015

  • View
    213

  • Download
    1

Transcript

Slide 1 1 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) 1.2 Implementation Training CNAC Engineering Team Support: http://www.cisco.com/go/sschttp://www.cisco.com/go/ssc Slide 2 2 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Agenda Solution Objectives (Design logic, Scope, System requirements) Decoding Network Discovery Decoding Discovery Troubleshooting Decoding Intelligent Inventory Inventory Transport Test Case Processing / Reporting Support Slide 3 3 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Organized Networks consistent configuration of Cisco hardware (SNMP, Telnet) Streamlined Security pre-designed access for NMS applications implemented Centralized management of Network Elements Cisco Hardware Product Diversity the wider variety of Cisco chassis models the better Moderate Network Size ~500 to ~1,500 Cisco chassis in production CNAC Optimal Environments Slide 4 4 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt IPv4, SNMP enabled, Telnet/SSH enabled, SNMP R/O Strings, CLI non-privileged mode credentials CNAC Network System Requirements 1 Cisco Chassis Hardware 2 Network Configuration Access to IP source address permitted bi-directional ICMP port 7, UDP Ports 161, 445 TCP Ports 22, 23, 25, 53, 80, 137 to all IP networks containing Cisco hardware Slide 5 5 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Solution Objectives Slide 6 6 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt CNAC Solution Objectives Reduce Resources E2E solution to exceed 70% accuracy, average ~40% Quality Lower Impact Attention to Detail Fast in installation / operation, ease of use Tool operator requires moderate network knowledge and tool training 1 st Cisco E2E solution focused on Asset ID and Service Status Slide 7 7 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt CNAC Solution Objectives Expanded Singular focus Complexity Simplified Less is More Flexibility Research Applied Quality On Cisco hardware ID and associated service status Myriad of complex instructions automatically performed Less data collected, data collected is of optimal quality Designed to work in most partner / customer environments, based upon Industry standards Cisco has re-tested most of its Chassis hardware and resulting solutions are embedded in CNAC Reports are sourced / validated using most advanced Cisco logic available Slide 8 8 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt CNAC Scope of Solution 90%> 85%> Near Time Inventory Sole Focus Discovery of Cisco Chassis = all models supporting IP and SNMP AND using a Cisco Operating System Customized Inventory of Cisco Chassis and Cards Reusable, but not an ongoing Move, Add, Change probe Electronic Asset Identification of Cisco Serviceable Hardware Slide 9 9 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Cisco Electronic Asset Identification Elements Network Discovery Network Inventory Data Quality Electronic ID of Cisco chassis, including quantity by model Cisco 3640qty 87 Cisco 7513qty 36 Electronic retrieval of Product ID and Serial Number data from Cisco chassis and card hardware (serviceable hardware) Cisco 3640 S/N 86343720 NM2E2W S/N 38619874 Programmatic analysis, validation, and linking of retrieved inventory data to service status Slide 10 10 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Discovery vs. Inventory DiscoveryInventory Determine Network Equipment and Model (Chassis Only) Uniquely Identify Equipment (i.e. Serial Number) Ascertain Chassis and Card info Extract Software info and ad-hoc data Pre-RequisitesNoneDiscovery or manual asset mgmt documentation X X X X Slide 11 11 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Network Discovery Slide 12 12 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Network Discovery Decoded ICMP Echo Rely Each host address receiving Echo and capable of transmitting an Echo reply via ICMP Port 7 is discovered ICMP Echo Transmitted SNMP Discovery Query sysObjectID Query Value Provided sysObjectID Query Null Result The sysObjectID OID is queried using each SNMP R/O String provided over UDP Port 161 until a value is returned or all the R/O strings are exhausted. When / if value returned the Local Interfaces are collected and used to consolidate multiple local interface chassis to a single device. CNAC examines the IANA Enterprise Number (1.3.6.1.4.1.9.1.162) the 7 th octet, Cisco Systems registered the value 9 all other Cisco acquired companies IANA values are also known. If sysObjectID IANA value is Cisco or Cisco Acquired Company, CNAC lists the chassis by its sysObjectID value (i.e. ciscoAS5300) as a Cisco chassis in device manager under Cisco Devices, if the IANA value is non-Cisco the device is listed in CNAC Device Manager as a Non-Cisco Device CNAC lists the logical device by either its DNS or IP Address as a Partially Discovered Device Each host address queried with ICMP Query Slide 13 13 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt CNAC Performance Adjustments System Preferences Global Preferences: default settings can be adjusted lower in high performance network environments System Preferences Performance Preferences: set to High if possible Slide 14 14 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Network Security Credentials Settings Credentials SNMP R/O Community: enter all known, used strings, arrange in order of frequency of use for maximum performance Settings Credentials CLI Credentials: enter all known Telnet passwords in the Telnet Password, enter all known Telnet usernames and Telnet passwords in the Telnet Non-Privileged UserName / Password arrange in order of preference Slide 15 15 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Network Discovery Implemented Two Methods; IP Address Range or IP Network: easily configurable, only 1 can be selected at a time Slide 16 16 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Network Discovery Status Confirmation: CNAC will confirm approximate number of IP hosts that will be discovered Results: Details on the Number of Cisco, Non-Cisco and Partially Discovered Devices Slide 17 17 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Discovery Troubleshooting Slide 18 18 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Discovery Troubleshooting Decoded UDP Port 161 and 445 Queried port 161 is SNMP R/O Get packets, port 445 is MS Directory Services, If a UDP Query is received by a host, and the host has the port closed it will attempt to reply with an ICMP Port Unreachable message, if the port is open however, no reply is generated/transmitted TCP Ports 22,23,25, 53,80 Queried port 22 is SSH, port 23 is Telnet, port 25 is SMTP Server, port 53 is DNS Server, and Port 80 is HTTP Server. Each port replies with an open port sequence if the port is open, and a closed reply if the port is closed and the port connection query is received. SNMP R/O String Values Queried Each R/O string provided by the CNAC user is sequentially used to query the sysObjectID OID, until a value is a retrieved or all the strings have been attempted. Port Query Summary Code Logic CNAC examines the results of each port query to each partially discovered device and provides a summarized summary of the logical status of the device along with detailed description of likely root causes for not supporting standard Discovery services Non-Cisco Devices Identified CNAC will classify all devices which be logically determined to not have been manufactured by Cisco, reducing the amount of troubleshooting required to accurately discover all Cisco devices Slide 19 19 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Discovery Troubleshooting Results Summary: CNAC will sort the devices into Non-Cisco, No/Restricted Connectivity Devices and Inconclusive devices Slide 20 20 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Discovery Troubleshooting Detail View Results Detail: Detailed status provided for troubleshooting guidance, including port by port result interpretation, this is a key unique feature of CNAC, please use extensively. Slide 21 21 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Cisco Product Instrumentation Slide 22 22 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Cisco CLI Instrumentation Decoded Non-Volatile CNAC engineering research validated that CLI command is read-only non-volatile data with regard to Electronic Asset ID data elements Non-Privileged Mode CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved using CLI commands which are read-only CLI Command Logic Most of the Cisco CLI commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM IDPROM chips typically embedded onto almost all Cisco serviceable hardware components Serial Numbers CLI commands simply retrieve the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN Serial Number Format Compatibility unlike some legacy Cisco SNMP MIBs, Cisco CLI Commands are capable of accurately displaying both integer and alphanumeric serial number values Slide 23 23 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Cisco SNMP Instrumentation Decoded Mostly Non-Volatile CNAC engineering research validated that most SNMP commands are read-only with regard to electronic asset ID values, a notable exception is the legacy chassis serial number MIB, chassisID Read-Only Community Strings CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved exclusively with SNMP R/O credentials, there is no need to modify values, the lone exception being rare environments that have extensively modified the chassisID default values SNMP Command Logic Most of the Cisco SNMP commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM IDPROM chips typically embedded onto almost all Cisco serviceable hardware components Serial Numbers SNMP commands simply retrieve in almost all cases the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN Serial Number Format Compatibility Some legacy Cisco SNMP MIBs, such as the popular legacy MIB, cardSerial, cannot properly display serial numbers in anything other than an integer format, Intelligent Inventory adapts to this issue Slide 24 24 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Intelligent Inventory Slide 25 25 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Decoded Total Cisco Unique Chassis Population Researched CNAC engineers examined and collated all Cisco assignment of SNMP sysObjectID values to all Chassis equipment from the companies inception in 1984 to mid 2006, determining that 613 unique products have been manufactured by Cisco Reverse Engineering Performed 335 of primarily the most popular Cisco chassis were tested to determine the optimal SNMP and CLI commands which yield the best possible electronic asset ID values with minimal data using read-only security sysObjectID is unique identifier CNAC first queries the sysObjectID OID, determines the exact SNMP OIDs and CLI Commands to query against a table of Intelligent Inventory sysObjectID Solutions embedded in CNAC Global Inventory Commands a very small number of SNMP OIDs (i.e. sysObjectID, ciscoImageString, etc.) have been determined to be close to universally supported by Cisco equipment and are automatically queried on all CNAC devices. Default Commands a minimal number of common SNMP OIDs and CLI Commands are used to query any Cisco device for which the sysObjectID value does not yet have an Intelligent Inventory solution defined Slide 26 26 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Global Commands Global Commands: SNMP commands automatically queried on all Cisco devices, almost universally supported across Cisco products Slide 27 27 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Unique Identifier sysObjectID Key Unique Identifier: CNAC uses this value to determine the Intelligent Inventory Group Solution Slide 28 28 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Solution Logic Group Solution: unique combination of SNMP MIBs and / or CLI Commands specific to this product and asset management values decoded Slide 29 29 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Default Logic Default Solution: SNMP and CLI commands automatically queried on any Cisco devices which does not currently have an Intelligent Inventory Group Solution provided, these commands are almost universally supported across Cisco products, less than 10% of products by volume in production networks should be in this category Slide 30 30 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Intelligent Inventory Data Entry Options Options: CNAC can automatically inventory all discovered devices, a subset of discovered devices, manually added devices or devices from a seed file Slide 31 31 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232 CNAC Technical Guide_v1.1.ppt Cisco Network Asset Collector (CNAC) Data Export / Data Security Slide 32 32 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Data Collection / Transmission Decoded Intelligent Inventory Raw Data A directory is created using the DNS/IP for each device that is inventoried by CNAC. The directory is located by default at the following location: c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\inventory\xxxxxxx. Within this directory there is a file called, ExportData.csv which is unencrypted and contains the output of all data (SNMP and CLI) collected by CNAC. Export Intelligent Inventory When this CNAC feature is selected, the data from all of the chassis that are inventoried is consolidated into a single winzip file, located inside the following directory: c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\export\xxxxxxx. This file is encrypted using Ciscos PGP Public Key and emailed to cnac-reporting@ cisco.com. Upon export, ensure that the CNAC Inventory file is attached to the ISIR request.cnac-reporting@ cisco.com CNAC Inventory Decrypted and Post Processed Using Ciscos PGP Private Key, CNAC engineers decrypt the CNAC inventory file and begin a series of data extraction and post processing services that result in the generation of a CNAC ISIR report in a Microsoft Excel format. CNAC Report Secure Transmission Cisco encrypts the ISIR report using a WinZip archive, this file is then posted. An e-mail which contains the password is distributed to the external Partner/Customer. Slide 33 33 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt Support of CNAC Cisco Service Support Center All CNAC Registration and Support http://www.cisco.com/go/ssc Slide 34 34 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt CNAC Benefits of Implementation 1 2 3 Network Identified Inventory Customer In-Service Inventory Knowledge Acquisition All accessible Cisco hardware Optimal methods of Network Discovery and Network Inventory Slide 35 35 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential KTN0232CNAC Technical Guide_v1.1.ppt

Recommended

View more >