Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Simultaneous V1/2 and V3 confiugration in the
deployment.yml file (Nick Nauwelaerts)
--- Begin Message ---
because a config snippet says more than a thousand screenshots:
here's some of my config with ip's changed to protect the sinners and change
strings to more nerdy versions.
i makes use of groups, nested groups, exclusions, ...
+++++
host_groups:
v3hosts_sha512_aes256:
- 22.5.5.1
v3hosts_sha_aes:
- 10.1.100.0/24
- 44.177.1.5
- 10.40.254.156-170
v3hosts_ruckus:
- 7.5.16.252
- 7.5.16.253
v3hosts:
- 'group:v3hosts_sha_aes'
- 'group:v3hosts_sha512_aes256'
- 'group:v3hosts_ruckus'
grp-explore:
- 'vendor:netdisco'
- 'vendor:fortinet'
- 'model:ASR1001HX'
snmppublic:
- 10.122.50.14
moretofollow:
- 4.4.4.0/16
# snmpsim support
snmp_remoteport:
1161: '127.0.0.0/8'
device_auth:
- tag: 'default_v2_readonly_2'
community: 'whatyousay'
read: true
write: false
no: "group:v3hosts"
- tag: 'default_v2_shame_4'
community: 'public'
read: true
write: false
only: "group:snmppublic"
- tag: 'v3read_thing'
user: 'iamtheone'
auth:
pass: 'SNMPverion3neo'
proto: 'SHA'
priv:
pass: 'halloisanyonethere'
proto: 'AES'
only: 'group:v3hosts_sha_aes'
- tag: 'v3strongerreadthing'
user: 'overninethousand'
auth:
pass: 'hydradominatus'
proto: 'SHA512'
priv:
pass: 'iAMalpharius'
proto: 'AES256'
only: 'group:v3hosts_sha512_aes256'
+++++
________________________________
From: Damian R. Cleveland <dcl...@idaccr.org>
Sent: Thursday, July 3, 2025 17:29
To: Oliver Gorwits <oli...@cpan.org>
Cc: netdisco-users <netdisco-users@lists.sourceforge.net>
Subject: Re: [Netdisco] Simultaneous V1/2 and V3 confiugration in the
deployment.yml file
Thanks for the guidance, Oliver.
So, currently all of my devices(Cisco, Barracuda, Palo Alto, etc.) are
configured with community ********.
I wan't to first change my Palos to v3. So first I make the necessary changes
on the Palos. Now I need make ND compatible.
Do I add the v3 information to the end of the "device_auth:" section like so?
device_auth:
- tag: All Segments
only:
- 192.168.42.0/24<http://192.168.42.0/24>
community: ************
write: false
read: true
- ***v3 details***
*************
*************
And when you say "no:[x.x.x.x,y.y.y.y]," is this the IP address of the device
no longer using v2?
Thank you
-------
Damian Cleveland
Networking Engineering
Institute For Defense Analyses, Princeton, NJ
Office:609-279-6265
Mobile:609-235-8870
--------
________________________________
From: "Oliver Gorwits" <oli...@cpan.org>
To: "Damian R. Cleveland" <dcl...@idaccr.org>, "netdisco-users"
<netdisco-users@lists.sourceforge.net>
Sent: Thursday, July 3, 2025 11:15:51 AM
Subject: Re: [Netdisco] Simultaneous V1/2 and V3 confiugration in the
deployment.yml file
Hi Damian
Because Netdisco caches the working community, you need to prevent use of the
tag and I suggest to use "no:[x.x.x.x,y.y.y.y]" to do that as you migrate.
Netdisco will then try the other tags, find that v3 works, and use (and cache)
that.
For troubleshooting you can run netdisco-do at the command line and add -D for
debug and SHOW_COMMUNITY=1 environment for details of the device_auth
processing. You can also run netdisco-do dumpconfig -e device_auth to check
your config is parsed OK.
regards
oliver.
On Thu, 3 Jul 2025 at 15:32, Damian R. Cleveland
<dcl...@idaccr.org<mailto:dcl...@idaccr.org>> wrote:
Good day,
I'm currently using v1/2 but need to move to v3.
I'd like to gracefully migrate to v3 by leaving the deployment.yml file's v1/2
config in place while handling device config changes on a platform by platform
basis. Is this possible? If so, do I just begin the v3 configuration below the
v1/2 block?
Here is my current config:
device_auth:
- tag: All Segments
only:
- 192.168.42.0/24<http://192.168.42.0/24>
community: ************
write: false
read: true
Thanks
-------
Damian Cleveland
Networking Engineering
Institute For Defense Analyses, Princeton, NJ
Office:609-279-6265
Mobile:609-235-8870
--------
_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net<mailto:netdisco-users@lists.sourceforge.net>
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
________________________________
Volg Aquafin op LinkedIn<http://www.linkedin.com/company/aquafin/products> |
Facebook<https://www.facebook.com/AquafinNV> |
Instagram<https://www.instagram.com/aquafin_nv/> |
YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee>
In het kader van de uitoefening van onze taken verzamelen we bij Aquafin
persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de
betrokkenen zijn, kan je nalezen in onze privacy
policy<https://www.aquafin.be/nl-be/privacy-policy>.
P Denk aan het milieu. Druk deze mail niet onnodig af.
[www.openbedrijvendag.be] <https://www.openbedrijvendag.be/bedrijven/aquafin/>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
