Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Changing a device's IP (Brian Kelly)
--- Begin Message ---
Thank you for testing it!
I tried it, deleted the device then re-added it, but it still seems to use
another interface as primary.
I also tried narrowing the 172.31.0.0/16 subnet to 172.31.4.0/24 in case one of
the other interfaces was problematic, but that didn’t help.
I'm going to keep playing, but let me know if you can think of anything else to
try.
Thanks!
BK
—
Configuration:
host_groups:
cisco_asa:
- 'op:and'
- 'vendor:cisco'
- 'model:.*(?i:ASA).*'
device_identity:
'group:cisco_asa':
- 'op:and'
- '172.31.4.0/24'
- 'port:(?i)management'
—
Delete, restart, discover:
$ netdisco-do delete -d 172.31.4.249
[1794147] 2023-03-08 19:30:23 info App::Netdisco version 2.052008 loaded.
[1794147] 2023-03-08 19:30:23 info delete: [x11.x11.119.28] started at Wed Mar
8 14:30:23 2023
[1794147] 2023-03-08 19:30:24 info delete: finished at Wed Mar 8 14:30:24 2023
[1794147] 2023-03-08 19:30:24 info delete: status done: Deleted device:
x11.x11.119.28
$ netdisco-backend restart
config watcher: sending TERM to the server (pid:1793091)...
Netdisco Backend [Stopped]
config watcher: watching /home/netdisco/environments for updates.
Netdisco Backend [Started]
$ netdisco-web restart
config watcher: sending TERM to the server (pid:1767861)...
Netdisco Web [Stopped]
config watcher: watching /home/netdisco/environments for updates.
Netdisco Web [Started]
$ netdisco-do discover -d 172.31.4.249
[1794224] 2023-03-08 19:30:27 info App::Netdisco version 2.052008 loaded.
[1794224] 2023-03-08 19:30:28 info discover: [172.31.4.249] started at Wed Mar
8 14:30:28 2023
[1794224] 2023-03-08 19:37:42 info discover: finished at Wed Mar 8 14:37:42
2023
[1794224] 2023-03-08 19:37:42 info discover: status done: Ended discover for
172.31.4.249
—
Device table entry after:
netdisco=> select * from device where name like '%TVPN%';
-[ RECORD 1 ]-+----------------------------------------------------
ip | x11.x11.119.28
creation | 2023-03-08 14:30:29.298955
dns | tvpn-outside.ntg.domain.tld
description | Cisco Adaptive Security Appliance Version 9.12(4)38
uptime | 725487500
contact | MSU IT (config 2022.10.18-00)
name | TVPN.domain.tld
location | UNIV-6008c
layers | 00000100
num_ports | 9
mac |
serial | FGL181540ZV
model | ASA5512
ps1_type |
ps2_type |
ps1_status |
ps2_status |
fan |
slots |
vendor | cisco
os | asa
os_ver | 9.12(4)38
log |
snmp_ver | 2
snmp_comm | N3tw0rk4M$U
snmp_class | SNMP::Info::Layer3::CiscoASA
vtp_domain |
last_discover | 2023-03-08 14:30:29.298955
last_macsuck |
last_arpnip | 2023-03-08 14:49:36.533793
snmp_engineid | 80000009fe6294cbab7f5a37b1e02104df4c5bb01a2fd97fe3
chassis_id |
is_pseudo | f
netdisco=>
—
Device_IP table entry after:
netdisco=> select * from device_ip where ip='x11.x11.119.28';
ip | alias | subnet | port |
dns | creation
----------------+----------------+-------------------+------------+--------------------------------+----------------------------
x11.x11.119.28 | 172.31.254.25 | 172.31.254.16/28 | CAMPUS |
tvpn-oncampus.domain.tld | 2023-03-08 14:30:29.333142
x11.x11.119.28 | 172.31.4.249 | 172.31.4.0/24 | management |
tvpn.netdev.domain.tld | 2023-03-08 14:30:29.333142
x11.x11.119.28 | x11.x11.119.28 | x11.x11.119.0/24 | outside |
tvpn-outside.ntg.domain.tld | 2023-03-08 14:30:29.333142
(3 rows)
—
> On Mar 5, 2023, at 4:11 PM, Oliver Gorwits <oli...@cpan.org> wrote:
>
> Hi Brian
>
> Thanks for your patience.
>
> The device_identity matches a device on the left hand side and one of its
> interfaces on the right hand side, but it does check that the interface is
> valid and receives SNMP connection (unlike, say, the "renumber" command which
> does not check).
>
> You cannot select a device on the left hand side based on its interfaces,
> sorry. But you can put the interface check in the right hand side and rely on
> it only matching ASA devices where such an interface exists.
>
> host_groups:
> cisco_asa:
> - 'op:and'
> - 'vendor:cisco'
> - 'model:.*(?i:ASA).*'
>
> device_identity:
> 'group:cisco_asa':
> - 'op:and'
> - '172.31.0.0/16 <http://172.31.0.0/16>'
> - 'port:(?i)management'
>
> I have tested this and it works.
>
> regards,
> Oliver.
>
> On Wed, 22 Feb 2023 at 17:16, Brian Kelly <hiwa...@gmail.com
> <mailto:hiwa...@gmail.com>> wrote:
> Thank you for writing back Oliver!
>
> I’m not that versed in YAML but trying. Following your lead, the website
> docs, and a lot of trial and error (including Deep recursion on subroutine
> "App::Netdisco::Util::Permission::check_acl"), I _think_ I have something
> that should work, but it doesn’t seem to.
>
> In a nutshell, I’m looking for something to match Cisco ASA devices if they
> have an IP in the 172.31.0.0/16 <http://172.31.0.0/16> space on their
> management interface and if so use the management IP for the device’s ID.
>
> I posted in the IRC (https://kiwiirc.com/nextclient/irc.libera.chat/netdisco
> <https://kiwiirc.com/nextclient/irc.libera.chat/netdisco>), but I’m probably
> being impatient waiting for an answer or posted it in the wrong area (haven’t
> used IRC in years), so apologies in advance.
>
> Thank you again for a great product and looking forward to maybe even making
> minor contributions in the future if I can!
>
> BK
>
> —
>
> host_groups:
> cisco_asa:
> - 'op:and'
> - 'vendor:cisco'
> - 'model:.*(?i:ASA).*'
> device_with_management_ip:
> - 'op:and'
> - 'port:(?i)management'
> - 172.31.0.0/16 <http://172.31.0.0/16>
> asa_with_management_ip:
> - 'op:and'
> - 'group:cisco_asa'
> - 'group:device_with_management_ip'
>
> device_identity:
> 'group:asa_with_management_ip':
> - 'port:(?i)management'
>
> —
>
>> On Feb 9, 2023, at 5:09 AM, Oliver Gorwits <oli...@cpan.org
>> <mailto:oli...@cpan.org>> wrote:
>>
>> Hi Brian
>>
>> The renumber feature is not what you want to use. That is for when you
>> actually change the IP of a device and remove the old one; it allows the
>> user to keep all the history of connected nodes and so on in the database.
>>
>> The feature you want is device_identity in the configuration file:
>> https://github.com/netdisco/netdisco/wiki/Configuration#device_identity
>> <https://github.com/netdisco/netdisco/wiki/Configuration#device_identity>
>>
>> At a guess, the config might look something like (check the Model field of
>> your Device Details tab and the Port Name in Addresses tab):
>>
>> device_identity:
>> 'model:asa': 'port:(?i)mgmt1'
>>
>> Hope that helps, and if you get stuck do come and ask on IRC.
>>
>> Thanks for using Netdisco :)
>>
>> regards,
>> oliver.
>>
>> On Thu, 9 Feb 2023 at 09:59, Brian Kelly <hiwa...@gmail.com
>> <mailto:hiwa...@gmail.com>> wrote:
>> Hello all! Longtime user, first time poster. :-) I tried searching the
>> archives for the mailing list, but I wasn’t about to find anything on this
>> topic from more recent that around 2007.
>>
>> I have a question about how Netdisco selects an IP to identify a device. I
>> have a Cisco ASA used as a VPN that is being identified by the IP address of
>> the outside interface, my guess is because it has the lowest IP address on
>> the system.
>>
>> If I use "netdisco-do renumber -d <old outside interface IP> -e <new
>> management interface IP>“ then Netdisco seems to use the IP I want it to,
>> but at some point later it reverts back to using the outside interface again.
>>
>> Is this expected behavior? Or, as I’m probably doing something wrong, what
>> would be the correct procedure?
>>
>> Thank you everyone and keep up the good work!
>>
>> BK
>> _______________________________________________
>> Netdisco mailing list
>> netdisco-users@lists.sourceforge.net
>> <mailto:netdisco-users@lists.sourceforge.net>
>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>> <https://sourceforge.net/p/netdisco/mailman/netdisco-users/>_______________________________________________
>> Netdisco mailing list
>> netdisco-users@lists.sourceforge.net
>> <mailto:netdisco-users@lists.sourceforge.net>
>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>> <https://sourceforge.net/p/netdisco/mailman/netdisco-users/>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
