1© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)1.2 Implementation Training
CNAC Engineering Team
Support: http://www.cisco.com/go/ssc
2© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Agenda
Solution Objectives (Design logic, Scope, System requirements)
Decoding Network Discovery
Decoding Discovery Troubleshooting
Decoding Intelligent Inventory
Inventory Transport
Test Case Processing / Reporting
Support
3© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Organized Networks – consistent configuration of Cisco hardware (SNMP, Telnet)
Streamlined Security – pre-designed access for NMS applications implemented
Centralized management of Network Elements
Cisco Hardware Product Diversity – the wider variety of Cisco chassis models the better
Moderate Network Size – ~500 to ~1,500 Cisco chassis in production
CNAC – Optimal Environments
4© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
IPv4, SNMP enabled, Telnet/SSH enabled, SNMP R/O Strings, CLI non-privileged mode credentials
CNAC – Network System Requirements
1 Cisco Chassis Hardware
2 Network Configuration
Access to IP source address permitted bi-directional ICMP port 7, UDP Ports 161, 445 TCP Ports 22, 23, 25, 53, 80, 137 to all IP networks containing Cisco hardware
5© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Solution Objectives
6© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
CNAC – Solution Objectives
ReduceResources
E2E solution to exceed 70% accuracy, average ~40%
QualityLowerImpact
Attentionto Detail
Fast in installation / operation, ease of use
Tool operator requires moderate network knowledge and tool training
1st Cisco E2E solution focused on Asset ID and Service Status
7© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
CNAC – Solution Objectives Expanded
Singular focus
Complexity Simplified
Less is More
Flexibility
Research Applied
Quality
On Cisco hardware ID and associated service status
Myriad of complex instructions automatically performed
Less data collected, data collected is of optimal quality
Designed to work in most partner / customer environments, based upon Industry standards
Cisco has re-tested most of it’s Chassis hardware and resulting solutions are embedded in CNAC
Reports are sourced / validated using most advanced Cisco logic available
8© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
CNAC – Scope of Solution
90%>
85%>
Near Time Inventory
Sole Focus
Discovery of Cisco Chassis = all models supporting IP and SNMP AND using a Cisco Operating System
Customized Inventory of Cisco Chassis and Cards
Reusable, but not an ongoing Move, Add, Change probe
Electronic Asset Identification of Cisco Serviceable Hardware
9© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Cisco Electronic Asset Identification ElementsN
etw
ork
Dis
cove
ry
Net
wo
rk I
nve
nto
ry
Dat
a Q
ual
ity
Electronic ID of Cisco chassis, including quantity by model
Cisco 3640qty 87Cisco 7513qty 36
Electronic retrieval of Product ID and Serial Number data from Cisco chassis and card hardware (serviceable hardware)
Cisco 3640 S/N 86343720NM2E2W S/N 38619874
Programmatic analysis, validation, and linking of retrieved inventory data to service status
10© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Discovery vs. Inventory
Discovery Inventory
Determine Network Equipment and Model (Chassis Only)
Uniquely Identify Equipment (i.e. Serial Number)
Ascertain Chassis and Card info
Extract Software info and ad-hoc data
Pre-Requisites None Discovery or manual asset mgmt documentation
X
X
X
X
11© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Network Discovery
12© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Network Discovery Decoded
ICMP Echo RelyEach host address receiving Echo and capable of transmitting an Echo reply via ICMP Port 7 is “discovered”
ICMP Echo Transmitted
SNMP Discovery Query
sysObjectID Query Value Provided
sysObjectID Query Null Result
The sysObjectID OID is queried using each SNMP R/O String provided over UDP Port 161 until a value is returned or all the R/O strings are exhausted. When / if value returned the Local Interfaces are collected and used to consolidate multiple local interface chassis to a single device.
CNAC examines the IANA Enterprise Number (1.3.6.1.4.1.9.1.162) the 7 th octet, Cisco Systems registered the value “9” all other Cisco acquired companies IANA values are also known. If sysObjectID IANA value is Cisco or Cisco Acquired Company, CNAC lists the chassis by it’s sysObjectID value (i.e. ciscoAS5300) as a Cisco chassis in device manager under “Cisco Devices”, if the IANA value is non-Cisco the device is listed in CNAC Device Manager as a “Non-Cisco Device”
CNAC lists the logical device by either it’s DNS or IP Address as a “Partially Discovered Device”
Each host address queried with ICMP Query
13© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
CNAC Performance Adjustments
System Preferences – Global Preferences: default settings can be adjusted lower in high performance network environments
System Preferences – Performance Preferences: set to High if possible
14© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Network Security Credentials
Settings Credentials – SNMP R/O Community: enter all known, used strings, arrange in order of frequency of use for maximum performance
Settings Credentials – CLI Credentials: enter all known Telnet passwords in the “Telnet Password”, enter all known Telnet usernames and Telnet passwords in the “Telnet Non-Privileged UserName / Password” arrange in order of preference
15© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Network Discovery Implemented
Two Methods; IP Address Range or IP Network: easily configurable, only 1 can be selected at a time
16© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Network Discovery Status
Confirmation: CNAC will confirm approximate number of IP hosts that will be discovered
Results: Details on the Number of Cisco, Non-Cisco and Partially Discovered Devices
17© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Discovery Troubleshooting
18© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Discovery Troubleshooting Decoded
UDP Port 161 and 445 Queried – port 161 is SNMP R/O “Get” packets, port 445 is MS Directory Services, If a UDP Query is received by a host, and the host has the port closed it will attempt to reply with an “ICMP Port Unreachable” message, if the port is open however, no reply is generated/transmitted
TCP Ports 22,23,25, 53,80 Queried – port 22 is SSH, port 23 is Telnet, port 25 is SMTP Server, port 53 is DNS Server, and Port 80 is HTTP Server. Each port replies with an open port sequence if the port is open, and a “closed” reply if the port is closed and the port connection query is received.
SNMP R/O String Values Queried – Each R/O string provided by the CNAC user is sequentially used to query the sysObjectID OID, until a value is a retrieved or all the strings have been attempted.
Port Query Summary Code Logic – CNAC examines the results of each port query to each partially discovered device and provides a summarized summary of the logical status of the device along with detailed description of likely root causes for not supporting standard Discovery services
Non-Cisco Devices Identified – CNAC will classify all devices which be logically determined to not have been manufactured by Cisco , reducing the amount of troubleshooting required to accurately discover all Cisco devices
19© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Discovery Troubleshooting Results
Summary: CNAC will sort the devices into Non-Cisco, No/Restricted Connectivity Devices and Inconclusive devices
20© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Discovery Troubleshooting Detail
View Results Detail: Detailed status provided for troubleshooting guidance, including port by port result interpretation, this is a key unique feature of CNAC, please use extensively.
21© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Cisco Product Instrumentation
22© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Cisco CLI Instrumentation Decoded
Non-Volatile – CNAC engineering research validated that CLI command is read-only non-volatile data with regard to Electronic Asset ID data elements
Non-Privileged Mode – CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved using CLI commands which are read-only
CLI Command Logic – Most of the Cisco CLI commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM “IDPROM” chips typically embedded onto almost all Cisco serviceable hardware components
Serial Numbers – CLI commands simply retrieve the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN
Serial Number Format Compatibility – unlike some legacy Cisco SNMP MIB’s, Cisco CLI Commands are capable of accurately displaying both integer and alphanumeric serial number values
23© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Cisco SNMP Instrumentation Decoded
Mostly Non-Volatile – CNAC engineering research validated that most SNMP commands are read-only with regard to electronic asset ID values, a notable exception is the legacy chassis serial number MIB, chassisID
Read-Only Community Strings – CNAC engineering research validated that the necessary Electronic Asset ID data elements can be retrieved exclusively with SNMP R/O credentials, there is no need to modify values, the lone exception being rare environments that have extensively modified the chassisID default values
SNMP Command Logic – Most of the Cisco SNMP commands that retrieve various electronic asset ID data elements are coded to query the values burned into NVRAM “IDPROM” chips typically embedded onto almost all Cisco serviceable hardware components
Serial Numbers – SNMP commands simply retrieve in almost all cases the values embedded in IDPROM chips, so for those Cisco chassis products that had a value other than the Chassis Serial Number burned into the cSN field, CLI commands report this value as the cSN
Serial Number Format Compatibility – Some legacy Cisco SNMP MIB’s, such as the popular legacy MIB, cardSerial, cannot properly display serial numbers in anything other than an integer format, Intelligent Inventory adapts to this issue
24© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Intelligent Inventory
25© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory Decoded
Total Cisco Unique Chassis Population Researched – CNAC engineers examined and collated all Cisco assignment of SNMP sysObjectID values to all Chassis equipment from the companies inception in 1984 to mid – 2006, determining that 613 unique products have been manufactured by Cisco
Reverse Engineering Performed – 335 of primarily the most popular Cisco chassis were tested to determine the optimal SNMP and CLI commands which yield the best possible electronic asset ID values with minimal data using read-only security
sysObjectID is unique identifier – CNAC first queries the sysObjectID OID, determines the exact SNMP OID’s and CLI Commands to query against a table of Intelligent Inventory sysObjectID Solutions embedded in CNAC
Global Inventory Commands – a very small number of SNMP OID’s (i.e. sysObjectID, ciscoImageString, etc.) have been determined to be close to universally supported by Cisco equipment and are automatically queried on all CNAC devices.
Default Commands – a minimal number of common SNMP OID’s and CLI Commands are used to query any Cisco device for which the sysObjectID value does not yet have an Intelligent Inventory solution defined
26© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory – Global Commands
Global Commands: SNMP commands automatically queried on all Cisco devices, almost universally supported across Cisco products
27© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory – Unique Identifier
sysObjectID Key Unique Identifier: CNAC uses this value to determine the Intelligent Inventory “Group Solution”
28© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory – Solution Logic
Group Solution: unique combination of SNMP MIB’s and / or CLI Commands specific to this product and asset management values decoded
29© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory – Default Logic
Default Solution: SNMP and CLI commands automatically queried on any Cisco devices which does not currently have an Intelligent Inventory “Group Solution” provided, these commands are almost universally supported across Cisco products, less than 10% of products by volume in production networks should be in this category
30© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Intelligent Inventory – Data Entry Options
Options: CNAC can automatically inventory all discovered devices, a subset of discovered devices, manually added devices or devices from a seed file
31© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232 – CNAC Technical Guide_v1.1.ppt
Cisco Network Asset Collector (CNAC)Data Export / Data Security
32© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Data Collection / Transmission Decoded
• Intelligent Inventory “Raw” Data – A directory is created using the DNS/IP for each device that is inventoried by CNAC. The directory is located by default at the following location: c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\inventory\xxxxxxx. Within this directory there is a file called, “ExportData.csv” which is unencrypted and contains the output of all data (SNMP and CLI) collected by CNAC.
• Export Intelligent Inventory – When this CNAC feature is selected, the data from all of the chassis that are inventoried is consolidated into a single winzip file, located inside the following directory:c:\program files\cisco systems\cnac\eclipse\plugins\ondc_1.0.0\data\export\xxxxxxx. This file is encrypted using Cisco’s PGP Public Key and emailed to cnac-reporting@ cisco.com. Upon export, ensure that the CNAC Inventory file is attached to the ISIR request.
• CNAC Inventory Decrypted and Post Processed – Using Cisco’s PGP Private Key, CNAC engineers decrypt the CNAC inventory file and begin a series of data extraction and post processing services that result in the generation of a CNAC ISIR report in a Microsoft Excel format.
• CNAC Report Secure Transmission – Cisco encrypts the ISIR report using a WinZip archive, this file is then posted. An e-mail which contains the password is distributed to the external Partner/Customer.
33© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Support of CNAC
Cisco Service Support Center – All CNAC Registration and Support
http://www.cisco.com/go/ssc
34© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
CNAC – Benefits of Implementation
1
2
3
Network Identified Inventory
Customer In-Service Inventory
Knowledge Acquisition
All accessible Cisco hardware
All accessible Cisco hardware
Optimal methods of Network Discovery and Network Inventory
35© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialKTN0232–CNAC Technical Guide_v1.1.ppt
Top Related