Working with Next-Generation Discovery In LMS 3.1 [CiscoWorks Common Services Software]

In today's world, complicated networks that consist of devices from different vendors and that use various protocols to communicate between neighbors can spread across continents. A desperate need for a solution arises to handle these complex networks and discover the devices in them.

CiscoWorks Campus Manager, part of the CiscoWorks LAN Management Solution (LMS), discovers only the Cisco devices that support Cisco Discovery Protocol, a Layer 2 protocol. This application does not support discovery of devices from third-party vendors and with different protocols such as Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Hot Standby Router Protocol (HSRP). The Cisco device discovery feature is available in versions of Campus Manager prior to LMS 3.0.1.

CiscoWorks Common Services overcomes this limitation by offering a powerful set of web-based features for vendor-independent device discovery with various protocols used to communicate between the neighboring devices. These features are available in the LMS 3.0 December 2007 update and later versions, or LMS 3.0.1.

The network administrator can discover the devices using different protocols, such as Cisco Discovery Protocol, BGP, OSPF, Address Resolution Protocol (ARP), HSRP, cluster, routing table, and ping sweep on IP range, that are activated at different layers of the Open Systems Interconnection (OSI) model in the device.

Common Services device discovery features are based on next-generation discovery (NGD), a discovery engine framework. NGD helps the network administrator to configure modules, seed devices, Simple Network Management Protocol (SNMP), and filter settings to discover the desired devices from the networks. After the devices are discovered from the network, starting from the seed devices, the device information is updated in the Device Credentials Repository (DCR) by Common Services.

Working with Common Services Device Discovery

Common Services device discovery helps you in performing the following operations:

• Configuring discovery settings

• Starting discovery

• Stopping discovery

• Viewing discovery reports

• Scheduling discovery

• Running device discovery through the command-line interface (CLI)

• Debugging discovery

• Optimizing device discovery

User Privileges for Device Discovery Operations

• To configure device discovery settings and start device discovery, you should have network administrator privileges.

• To view the device discovery summary, any of the following roles should be assigned to you:

– Network administrator

– Network operator

– System administrator

Configuring Discovery Settings

You should configure the device discovery settings, such as the discovery module, seed device, SNMP, and so on, before you run device discovery.

To configure device discovery settings:

1. Select Common Services > Device and Credentials > Device Discovery > Discovery Settings. Click either the Configure button or the Configure link next to the module settings (see Figure 1).

The Discovery Settings wizard appears.

Figure 1. Common Services Device Discovery Settings

2. Select one, more than one, or all of the discovery modules to run the discovery. See Figure 2 for the list of available modules.

Note: By default, no discovery module is selected. If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, Cisco Discovery Protocol is selected by default.

You must select at least one of the modules to proceed further.

Click Next to proceed further or click Cancel to exit the Discovery Settings wizard.

Example: If you want to perform discovery using the Layer 3 protocols, you can select any one of the options BGP, OSPF, and ROUTING TABLE, or a select combination of them, or all of them.

Figure 2. Device Discovery Module Settings

3. Specify the seed device details for the modules that you have selected in the previous screen (the Module Settings page).

You can specify module-specific seed devices (see Figure 3) or global seed devices (see Figure 4).

Other than specifying the seed devices manually, you can:

• Import the seed devices from a text (.txt) or comma-separated value (.csv) file

• Select the Use DCR as Seed List option, which considers the devices in DCR as seed devices.

Note: By default, no seed device settings are available. If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, the Use DCR As Seed List option is selected by default.

To enter module-specific seed device information, select a module from the list of displayed modules in the Seed Devices wizard (see Figure 3).

Click Add to introduce a row and add the seed device information. To delete seed devices, select the check boxes corresponding to the seed devices and click Delete.

To restrict device discovery to a particular number of hops or subnets, you must specify:

• Hop Count for all the modules except Ping Sweep On IP Range

• Subnet Mask for the Ping Sweep On IP Range module only

Enter the following fields, which appear only for the Ping Sweep On IP Range discovery module.

– ICMP Retry: Number of retries to connect to a device using Internet Control Message Protocol (ICMP) if the device is not reachable or the network is down. The default is 1 retry.

– ICMP Timeout: Time within which the device should send its response to the network. The default timeout is 1000 milliseconds.

– InterPacket Timeout: Time delay between two ICMP packets. The default timeout is 20 milliseconds.

To enter global seed device information, click Global from the Seed Devices panel at the left.

You must enter at least one seed device or select the Use DCR As Seed List option to proceed further.

Click Next to proceed further or click Cancel to exit the Discovery Settings wizard.

Example 1: If you selected BGP in the Module Selection screen, you can specify the seed device as 10.77.213.245 and the hop count as 10 if you want to restrict discovery to the 10 next hops. Leave the Hop Count field blank if you do not want to restrict discovery.

Example 2: If you selected Ping Sweep On IP Range, you can specify the seed device as 10.77.209.209 and the subnet mask as 255.255.255.240. Entering a smaller subnet mask value may result in a longer discovery cycle, as discovery has to sweep IP addresses from more networks. It is recommended to enter a Class C mask instead of a Class A or B mask.

Figure 3. Module-Specific Seed Device Settings

Figure 4. Global Seed Device Settings

4. Specify the SNMP settings for the devices to be discovered from the network.

You can specify either SNMPv2 or SNMPv3 credentials.

Select the appropriate radio button to select the SNMP version. The user interface displays the appropriate fields for the SNMP version you selected.

See Figure 5 to view the SNMPv2 user interface and Figure 6 to view the SNMPv3 user interface.

You can also delete the SNMPv2/v3 settings using the Delete button after selecting the SNMP settings.

Note: Multiple community strings are taken into consideration by default, and also the community stings are encrypted by default, whereas in Campus Manager you need to explicitly select the check boxes for this functionality.

By default, no SNMP settings are available. If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, the following are the default SNMPv2 settings:

• Target - *.*.*.*

• Read Community - public

• SNMP Timeout - 3

• SNMP Retry - 2

You must configure at least one SNMPv2 or SNMPv3 credential set to proceed further.

You must click any one of the following buttons in this wizard:

• Next to proceed further

• Cancel to exit the wizard without saving the changes

• Back to change the previous settings

• Finish to apply the settings and exit the wizard

Example 1: Suppose all of your devices have the read community as public and you have entered the target as *.*.*.* and the read community as public. The Timeout and Retries fields appear with default values. You can change and enter different values for SNMP Timeout and SNMP Retry.

Example 2: If the read community value of some of your devices is public and the read community value of the rest of the devices is cwpublic, you can define two SNMPv2 settings, one for a range of devices with the read community string as public and another for a range of devices with the read community string as cwpublic.

Figure 5. SNMPv2 Settings page

Figure 6. SNMPv3 Settings page

5. Specify the discovery filter settings to include or exclude certain devices from device discovery.

You must select a filter type among the IP Address, SysObjectId, SysLocation, or Domain Name System (DNS) Domain Name filter types and click Add. You must also select Include Devices or Exclude Devices. See Figure 7.

Discovery filters based on DNS domain, SysObjectID, and SysLocation support regular expressions. You can use:

• Period (.) to match any character

• Opening and closing parentheses, ( and ), to mark the beginning and closing of a group of matched characters

• Asterisk (*) to match more than zero occurrences of the regular expression specified

• Plus (+) character to match more than one occurrence of the regular expression specified

• Trailing slash (\) character to identify a special character within a regular expression

To delete a filter setting or rule, click Delete after you select a filter rule.

By default, no filter settings are available. If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, the filter settings in LMS 3.0 will be preserved.

You must click any one of the following buttons in this wizard:

• Next to proceed further

• Cancel to exit the wizard without saving the changes

• Back to change the previous settings

• Finish to apply the settings and exit the wizard

Note: You can specify only one filter type at a time for a discovery job. You can either include or exclude devices based on the filters you have set. You cannot do both.

Figure 7. Filter Settings

6. Specify other discovery settings in the Global Settings page. See Figure 8.

You can configure:

• Preferred Management IP: The applications use the Preferred Management IP to manage a particular device. Resolve By Name is the default option. See Figure 8 for available other options.

• Preferred DCR Display Name: The applications use the Preferred Management IP to manage a particular device. Resolve By Name is the default option. See Figure 8 for available other options.

• Update DCR Display Name option: Select this check box if you want to update the display name of the devices that already exist in DCR in the next device discovery cycle.

• Use Default Credentials option: Select this check box if you want to add the discovered devices with the default SNMP and other credentials in DCR. You can enter the default credentials by clicking the Configure button next to this field.

• Email: Enter a valid email address to receive notification from the system on the start and completion of device discovery and for new discovery schedules.

• Add Discovered Devices to a Group option: Select this option if you want to add all reachable discovered devices to a group.

You must click any one of the following buttons in this wizard:

• Next to proceed further

• Cancel to exit the wizard without saving the changes

• Back to change the previous settings

• Finish to apply the settings and exit the wizard

By default, no global settings are available. If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, the settings in LMS 3.0 will be preserved.

Note: To receive email notifications, you must configure the SMTP server name and CiscoWorks server administrator email address in the System Preferences page in Common Services. You can click Common Services > Server > Admin > System Preferences.

Figure 8. Global Settings page.

7. When you click Next in the Global Settings wizard, the Discovery Settings Summary page appears. See Figure 9.

You must click any one of the following buttons in this wizard:

• Next to proceed further

• Cancel to exit the wizard without saving the changes

• Back to change the previous settings

• Finish to apply the settings and exit the wizard

When you click Finish or Cancel to exit the wizard, the Discovery Settings page appears.

Figure 9. Device Settings Summary Page in the Discovery Settings Wizard

Starting Device Discovery

After you have configured discovery settings, you can start a device discovery job.

Click Start Discovery either in:

• Device Discovery Summary page (Common Services > Device and Credentials > Device Discovery). See Figure 10.

• Discovery Settings page (Common Services > Device and Credentials > Device Discovery > Discovery Settings).

Device discovery starts as an immediate job. Email notification is sent to the email address configured in the Global Settings wizard.

After device discovery has started running, the Start Discovery button changes to Stop Discovery.

Meanwhile, the device discovery status is displayed as Initializing, as the required Uniform Resource Names (URNs) are to be published. After the URNs are published, the discovery status is changed to Running. Otherwise, if an error occurs while publishing URNs, the discovery status is displayed as Failed.

The discovery status is displayed as Running after the completion of device discovery and before the CSDiscovery process is stopped. After device discovery is completed successfully, the status changes to Completed.

You can view the summary of discovered devices from the Device Discovery Summary page or the Common Services Job Browser page.

To view the discovered devices summary from the Common Services Job Browser page, you should click the Job ID created on starting or scheduling device discovery.

Note: You cannot run more than one instance of device discovery at a time.

Figure 10. Starting Device Discovery

Stopping Device Discovery

You can stop device discovery by clicking the Stop Discovery button in the Device Discovery Summary page (see Figure 11).

You can also cancel device discovery jobs from the Common Services Job Browser page. Canceling jobs from the Common Services Job Browser page stops the device discovery process, and the status is displayed as Recent Discovery Info Not Found.

The "Discovery has been stopped successfully" informational message appears after discovery is stopped successfully.

Note: It may take some time after stopping discovery to kill all the discovery-related threads that were created at the start of discovery.

Figure 11. Stopping Device Discovery

Viewing Discovery Reports

You can navigate to Common Services > Device and Credentials > Device Discovery to view the discovery reports.

In the Device Discovery Summary page, you can view the device count of:

• Total Discovered Devices

• Reachable Devices

• Unreachable Devices

• Devices Added to DCR

• Devices Updated to DCR

You can click the device count displayed for these fields to view the respective reports (see Figure 12).

You can also view the summary from:

• Common Services Job Browser page by clicking the job ID of a discovery job

• Device Discovery Summary portlet in the LMS Portal application

Note: The discovery-related data is not available if the job is canceled from the Common Services Job Browser.

Figure 12. Device Discovery Details

Scheduling Device Discovery

You can schedule one or more device discovery jobs in Common Services. The optimum device discovery schedule depends on the size of the network and changes in the network.

After you have configured device discovery settings, you can schedule discovery jobs in the Discovery Schedule page. When you schedule discovery jobs, make sure that the scheduled times do not overlap each other. Otherwise, one of the device discovery jobs may fail.

You must go to Common Services > Device and Credentials > Device Discovery > Discovery Schedule to open this page and click Add. Enter the day(s) and time to configure a device discovery schedule and click Schedule (see Figures 13 and 14).

The discovery schedule is created and assigned with a job ID. Email notification is sent to the email address if you have configured an email address in the Global Settings page and an SMTP server in the System Preferences page.

You can edit or delete a scheduled job by clicking the Edit or Delete buttons, respectively.

In LMS 3.1, you can also schedule multiple jobs with different discovery settings. Once a job is scheduled, it is associated with the current discovery settings. To schedule another job with different settings, you need to change the discovery settings first and then schedule a job.

You can view or edit the settings of a scheduled discovery job by clicking the View Settings or Edit Settings button, respectively.

If you are upgrading or migrating to the LMS 3.0 December 2007 update (with Campus Manager) from LMS 3.0, the discovery settings in LMS 3.0 will be preserved and the migrated discovery jobs run with these settings.

Example: If you want to run discovery at 12:00 noon on Monday, Wednesday, and Friday, you should create a schedule by specifying the time as 12:00 and select the Monday, Wednesday, and Friday check boxes in the Recurrence Pattern panel. You must click the Schedule button to successfully create this schedule.

Figure 13. Device Discovery Schedule

Figure 14. Device Discovery Schedule

Using Discovery Features through CLI

You can use the DiscoveryCli command-line utility to start and stop device discovery and view the discovery status.

To run the DiscoveryCli commands, you must navigate to NMSROOT/bin, where NMSROOT is your CiscoWorks Installation directory.

Starting Discovery through CLI

To start device discovery through CLI, you must enter:

DiscoveryCli -u username -p password start

Example: C:\Program Files\CSCOpx\bin> DiscoveryCli -u admin -p test start

After you run the command, the following message appears:

DiscoveryCli

============

INFO: Discovery has been started as an immediate job with id 1037

INFO: Mail has been sent to the user.

Stopping Discovery through CLI

To stop device discovery through CLI, you must enter:

DiscoveryCli -u username -p password stop

Example: C:\Program Files\CSCOpx\bin> DiscoveryCli -u admin -p test stop

After you run the command, the following message appears:

DiscoveryCli

============

INFO: Discovery has been stopped successfully.

Viewing Device Discovery Status through CLI

To view the status of device discovery through CLI, you must enter:

DiscoveryCli -u username -p password status

Example: C:\Program Files\CSCOpx\bin> DiscoveryCli -u admin -p test status

After you run the command, the following message appears:

DiscoveryCli

============

INFO: Below is the status of recently completed discovery.

Discovery Status : Completed

Discovery Start Time : Sun Sep 02 07:00:12 GMT+05:30 2007

Discovery End Time : Sun Sep 02 07:02:47 GMT+05:30 2007

Total Devices Discovered : 28

Reachable Devices : 24

Unreachable Devices : 4

Devices Newly Added to DCR: 0

Devices Updated to DCR : 24

Viewing Device Discovery Help

To view the help content, you must enter:

DiscoveryCli -h

Example: C:\Program Files\CSCOpx\bin>DiscoveryCli -h

After you run the command, the following message appears:

DiscoveryCli

============

Usage:

DiscoveryCli -u <username> [-p <password>] [-h] start|stop|status

Options:

-u <username> : Ciscoworks username

-p <password> : Ciscoworks password

-h : Print this help, then exit

Tasks:

start : Start a discovery process now

stop : Stop the running device discovery instance

status : Show the status of running or completed discovery

Example:

DiscoveryCli -u admin start

DiscoveryCli Errors

If you are not authorized to perform DiscoveryCli tasks, an error message appears when you run the DiscoveryCli commands.

After you run the command, the following message appears:

DiscoveryCli

============

ERROR: Authorization failed. You are not authorized to perform this task.

When you provide a wrong username or password, the following message appears:

DiscoveryCli

============

ERROR: Authentication failed. Invalid username or password.

Debugging Device Discovery

In the LMS 3.0 December 2007 update, you can activate the debugging option for device discovery.

To do so, you should go to Common Services > Server > Admin > CS Log Configurations and select CSDiscovery as the component. You should select Enable as the debug mode and click Apply.

Debugging is activated without the restart of daemons within 60 seconds, and debug messages are logged into CSDiscovery.log. The CSDiscovery.log is available in NMSROOT\log on Windows and /var/adm/CSCOpx/logs on Solaris. This log file contains the information about discovery jobs, URNs published, discovery threads, and other information related to device discovery.

To debug more about device-level information, you must activate the debugging option for ngdiscovery.log located in the same top-level directories.

Example: If you have started device discovery but the discovery status is displayed as Failed, you can activate the debugging option and try once again to start discovery. The log file displays the reason for failure as a problem while publishing the discovery-related URN.

In LMS 3.1 you can activate the module-wise debugging option for components of Common Services device discovery without restarting the daemon manager. When you activate the debugging option for a selected component, the log level in the csdiscovery.properties file is changed to DEBUG and the debug messages are recorded into the CSDiscovery.log file.

To activate the debugging option for the Common Services device discovery components:

1. Go to the CiscoWorks home page and select Common Services > Device and Credentials > Device Discovery > Discovery Logging Configuration.

The Discovery Logging Configuration page appears. See Figure 15.

2. Select one or more discovery modules or components from the Disabled Modules list box.

3. Click Add to add the components to the Enabled Modules list box.

4. Click Apply.

Debugging is enabled for all the components listed in the Enabled Modules list box. The changes will come into effect after 60 seconds.

To disable the debugging option, move the selected component from the Enabled Modules list box to the Disabled Modules list box using the Remove button.

The debugging option for all the device discovery components is disabled by default.

Note: Enable the debugging option only if required. Otherwise the size of the log file grows bigger and device discovery could take more time.

Figure 15. Debugging Option for Device Discovery

Optimizing Device Discovery

• To discover devices in a particular subnet, you can select Ping Sweep On IP Range as the discovery module and specify the specific subnet mask in the seed device.

Entering a smaller subnet mask value may result in a longer discovery cycle, as discovery has to sweep IP addresses from more networks.

• To discover the edge routers that are being connected to your branch offices or ISPs, select the module as BGP if the protocol is enabled in those devices.

• If you have cluster setup in your network, then you can select the module as a cluster discovery module.

• If you have devices with the same configuration as a backup for the other devices where HSRP is enabled, you can use the HSRP module.

• You can use OSPF to discover your core devices in the network if it is enabled in those devices.

• You can use Cisco Discovery Protocol as the discovery module if your entire network contains Cisco devices.

• You can use other or multiple protocols that are available in NGD if your network contains devices from different vendors.

Use Cases

The use cases listed below explain how to configure device discovery settings and work with next-generation discovery effectively.

Use Case 1

Consider you want to discover the devices in your network with the following settings:

Device Discovery Module	Ping Sweep On IP Range
Seed Device	10.77.213.245 for the specified discovery module
Subnet Mask	255.255.255.240 for the specified discovery module
SNMPv2 Target	...
SNMPv2 Read Community	public
SNMPv2 Target	...
Exclude Devices	10.77.213.241 to 10.77.213.244
Update DCR Display Name	Yes
Preferred DCR Display Name	hostname+domain name
Preferred Management IP	loopback address
Use Default Credentials	No
Email	admin@domain.com

To configure the specified device discovery settings:

1. Go to Common Services > Device and Credentials > Device Discovery > Discovery Settings.

The Discovery Settings page appears.

2. Click Configure.

The Module Settings wizard appears.

3. Select Ping Sweep On IP Range and click Next.

The Seed Devices Settings wizard appears.

4. Click Module-specific Seed Devices > Ping Sweep On IP Range at the left.

5. Enter the seed device as 10.77.213.245 and subnet mask as 255.255.255.240.

6. Click Add and click Next to launch the SNMP Settings wizard.

7. Select the SNMPv2 radio button and click Add to open the SNMPv2 credentials popup window.

8. Enter the target as *.*.*.* and the read community as public.

9. Click OK to return to the SNMP Settings wizard.

10. Click Next to launch the Filter Settings wizard.

11. Select IP Address as the filter type and select the Exclude radio button.

12. Click Add to introduce a row for entering the filter rule.

13. Enter 10.77.213.[241-244] as the filter rule.

14. Click Next to launch the Global Settings wizard.

15. Select Hostname+Domain Name as the Preferred DCR Display Name option.

16. Select the Update DCR Display Name check box.

17. Select Use LoopBack Address as the Preferred Management IP.

18. Configure the email ID as admin@domain.com.

Hierarchical Navigation

CiscoWorks Common Services Software

Working with Next-Generation Discovery In LMS 3.1

Downloads