Configuring SNMP, SSH, and WMI Credentials

About Network Scan

Network Scan uses a configured seed network device (typically a switch, router, or controller) to discover endpoints and network devices. You can schedule network scans and subnet Subnet is the logical division of an IP network. scans (see Configuring Network Scans and Subnet Scans).

The following information is read from the seed device:

SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  information

An SNMP description is necessary for discovering and profiling the network devices. For more information, see SNMP Credentials Configuration.

SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. credentials

For Linux server or network device discovery, specify SSH configuration credentials. For more information, see SSH Credentials Configuration.

WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. credentials

For Windows device discovery, specify WMI (Windows Management Instrumentation) credentials. For more information, see WMI Credentials Configuration.

Connected endpoints

Information about endpoints connected to the network device (typically MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses of endpoints connected to switch ports). These are added as discovered endpoints. For more information, see Configuring SNMP, SSH, and WMI Credentials.

ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. table

Policy Manager supports Address Resolution Protocol (ARP) probes for network discovery scans. When the Read ARP Table Info option is enabled, the scan also probes all available ARP entries. The ARP table provides information about MAC address > IP associations for endpoints that were recently seen by this device. These endpoints are probed further in an attempt to profile those devices. For more information, see Adding a Network Device.

Neighbor network devices

Other network devices connected to the seed device as determined by neighbor discovery protocols such as Cisco Discovery Protocol (CDP Cisco Discovery Protocol. CDP is a proprietary Data Link Layer protocol developed by Cisco Systems. CDP runs on Cisco devices and enables networking applications to learn about the neighboring devices directly connected to the network.) and Link Layer Discovery Protocol (LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet.) (if enabled in your network).

Each of the discovered neighbor network devices are further queried as seed devices; this is repeated for multiple levels in your network up to a specified scan depth. For more information, see Monitoring Discovered Devices).

Services and processes running on an Endpoint

During the subnet scan, Network Discovery and the OnConnect domain-joined Windows client will be queried to retrieve all the services and processes running on the endpoint. This information will be displayed in the Policy Manager Insight Endpoint reports.

Network Scan High-Level Tasks

Configuring Network Scan consists of these major tasks:

1. Add the Domain/WMI, SNMP, or SSH configurations needed to query all the devices in the target network.

You must configure SNMP, SSH, and WMI credentials for the devices that you want to discover as part of the network scan. These credentials are used during a network scan or a subnet scan to profile Linux servers and machines (SSH credentials), Windows servers and machines (WMI credentials), and network devices (SNMP).

2. Configure a network scan or subnet scan (see Configuring Network Scans and Subnet Scans).

3. Import the discovered network devices into Policy Manager (see Importing Network Devices).

4. Review the set of discovered devices and view the connected endpoints and neighbors (see Viewing Details on a Discovered Device).

WMI Credentials Configuration

For Windows device discovery, specify WMI (Windows Management Instrumentation) configuration credentials. WMI configuration is necessary to discover Windows systems and device fingerprint details.

WMI a key part of the Windows operating system. It's used to gather system statistics, monitor system health, and manage system components. To work properly, WMI relies on the WMI service. This service must be running and properly configured for your environment.

For WMI, the login format for username is usually domain\username. Whatever domain you provide, it will be prepended to the username before logging into that machine.

Suppose you have provided an IP subnet address:

Policy Manager first checks to see if WMI is configured for that subnet/IP address.

If WMI is configured, Policy Manager checks to see if port 135 is open.

If port 135 is open, Policy Manager attempts the WMI login with those credentials.

If you provide just one IP address, the WMI login is performed for that particular IP address only.

To configure WMI credentials for a network scan or subnet scan:

1. If you have not already done so, you must create a Domain/WMI External Account. For details on that procedure, refer to Adding a Domain/WMI External Account.

2. From the Administration > External Accounts page, click the Profiler Subnet Mappings link.

The Profiler Subnet Mappings page is displayed.

3. Click the Add link.

The Profiler Subnet Mappings configuration dialog opens:

Figure 1  Configuring WMI Subnet Mapping

SNMP Credentials Configuration

For querying hosts discovered by a subnet scan, specify SNMP configuration. An SNMP-based scan sends an SNMP request to retrieve network device information.

To add the SNMP configuration for a network scan or subnet scan:

1. If you have not already done so, you must create an SNMP External Account. For details on that procedure, refer to Adding an SNMP External Account.

2. From the Administration > External Accounts page, click the Profiler Subnet Mappings link.

The Profiler Subnet Mappings page opens.

3. Click the Add link.

The Profiler Subnet Mappings page is displayed.

4. Click the Add link.

The Profiler Subnet Mappings configuration dialog opens.

Figure 2  Configuring SNMP Subnet Mapping

5. Specify the Subnet Mappings parameters as described in the following table:

Table 1: SNMP Subnet Mapping Parameters

Parameter

Action/Description

IP Subnets/ IP Addresses

Enter either one or more IP subnets or one or more IP addresses.

For multiple entries, separate multiple IP addresses or subnets with commas.

When you configure the network scan, Policy Manager will use the SNMP configuration to fetch the network device information for discovered devices.

Scan Type

From the Scan Type drop-down, select SNMP:

External Accounts

Select the check boxes for the corresponding SNMP accounts.

6. Click Save.

You return to the Profiler Subnet Mappings dialog, where the new SNMP configuration has been added and the following message is displayed:

SNMP configuration added successfully

7. Click Add to add another subnet mapping; or click Close to exit.

SSH Credentials Configuration

For Linux servers or network device discovery, specify SSH (Secure Shell) configuration credentials. When SSH is found for an IP address or subnet, Network Scan looks for any Linux server or machine associated with that IP address or subnet.

You can configure multiple user names and passwords. These credentials are organized in the order in which they were created. You can configure multiple user names and passwords. These credentials are organized in the order in which they were created.

To add the SSH configuration for a network scan or subnet scan:

 

The SSH configuration can be for a single IP address or a subnet. These credentials are used when an SSH scan is initiated.

1. If you have not already done so, you must create an SSH External Account. For details on that procedure, refer to Adding an SSH External Account.

2. From the Administration > External Accounts page, click the Profiler Subnet Mappings link.

The Profiler Subnet Mappings page is displayed.

3. Click the Add link.

The Profiler Subnet Mappings configuration dialog opens:

Figure 3  Configuring SSH Subnet Mapping

4. Specify the SSH Subnet Mapping parameters as described in the following table:

Table 2: SSH Subnet Mapping Parameters

Parameter

Action/Description

IP Subnets/ IP Addresses

Enter either one or more subnets or one or more IP addresses.

For multiple entries, separate multiple IP addresses or subnets with commas.

When you configure the network scan, Policy Manager will use the SSH configuration to fetch the network device information for discovered devices.

Scan Type

From the Scan Type drop-down, select SSH:

External Accounts

Select the check boxes for the corresponding SSH accounts.

5. Click Save.

You return to the Profiler Subnet Mappings dialog, where the new SSH configuration has been added.

6. Click Add to add another subnet mapping; or click Close to exit.