Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring SNMP, SSH, and WMI Credentials
About Network Scan
Network Scan uses a configured seed network device (typically a switch, router, or controller) to discover endpoints and network devices. You can schedule network scans and subnet Subnet is the logical division of an IP network. scans (see Configuring Network Scans and Subnet Scans).
The following information is read from the seed device:
An SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. description is necessary for discovering and profiling the network devices. For more information, see SNMP Credentials Configuration.
SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. credentials
For Linux server or network device discovery, specify SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configuration credentials. For more information, see SSH Credentials Configuration.
For Windows device discovery, specify WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. (Windows Management Instrumentation) credentials. For more information, see WMI Credentials Configuration.
Connected endpoints
Information about endpoints connected to the network device (typically MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses of endpoints connected to switch ports). These are added as discovered endpoints. For more information, see Configuring SNMP, SSH, and WMI Credentials.
Policy Manager supports Address Resolution Protocol (ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. ) probes for network discovery scans. When the option is enabled, the scan also probes all available ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. entries. The ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. table provides information about MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address > IP associations for endpoints that were recently seen by this device. These endpoints are probed further in an attempt to profile those devices. For more information, see Adding a Network Device.
Neighbor network devices
Other network devices connected to the seed device as determined by neighbor discovery protocols such as Cisco Discovery Protocol (CDP Cisco Discovery Protocol. CDP is a proprietary Data Link Layer protocol developed by Cisco Systems. CDP runs on Cisco devices and enables networking applications to learn about the neighboring devices directly connected to the network.) and Link Layer Discovery Protocol (LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet.) (if enabled in your network).
Each of the discovered neighbor network devices are further queried as seed devices; this is repeated for multiple levels in your network up to a specified scan depth. For more information, see Monitoring Discovered Devices).
Services and processes running on an Endpoint
During the subnet Subnet is the logical division of an IP network. scan, Network Discovery and the OnConnect domain-joined Windows client will be queried to retrieve all the services and processes running on the endpoint. This information will be displayed in the Policy Manager Insight Endpoint reports.
Network Scan High-Level Tasks
Configuring Network Scan consists of these major tasks:
1. Add the Domain/WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification., SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. , or SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configurations needed to query all the devices in the target network.
You must configure SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. , SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. , and WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. credentials for the devices that you want to discover as part of the network scan. These credentials are used during a network scan or a subnet Subnet is the logical division of an IP network. scan to profile Linux servers and machines (SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. credentials), Windows servers and machines (WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. credentials), and network devices (SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. ).
2. Configure a network scan or subnet Subnet is the logical division of an IP network. scan (see Configuring Network Scans and Subnet Scans).
3. Import the discovered network devices into Policy Manager (see Importing Network Devices).
4. Review the set of discovered devices and view the connected endpoints and neighbors (see Viewing Details on a Discovered Device).
WMI Credentials Configuration
For Windows device discovery, specify (Windows Management Instrumentation) configuration credentials. WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. configuration is necessary to discover Windows systems and device fingerprint details.
WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. a key part of the Windows operating system. It's used to gather system statistics, monitor system health, and manage system components. To work properly, WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. relies on the WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. service. This service must be running and properly configured for your environment.
For WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification., the login format for is usually . Whatever domain you provide, it will be prepended to the username before logging into that machine.
Suppose you have provided an IP subnet Subnet is the logical division of an IP network. address:
Policy Manager first checks to see if WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. is configured for that subnet Subnet is the logical division of an IP network./IP address.
If WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. is configured, Policy Manager checks to see if is open.
If is open, Policy Manager attempts the WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. login with those credentials.
If you provide just one IP address, the WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. login is performed for that particular IP address only.
To configure WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. credentials for a network scan or subnet Subnet is the logical division of an IP network. scan:
1. If you have not already done so, you must create a . For details on that procedure, refer to Adding a Domain/WMI External Account.
2. From the > page, click the link.
The page is displayed.
3. Click the link.
The configuration dialog opens:
Figure 1 Configuring WMI Subnet Mapping
SNMP Credentials Configuration
For querying hosts discovered by a subnet Subnet is the logical division of an IP network. scan, specify configuration. An SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. -based scan sends an SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. request to retrieve network device information.
To add the SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. configuration for a network scan or subnet Subnet is the logical division of an IP network. scan:
1. If you have not already done so, you must create an . For details on that procedure, refer to Adding an SNMP External Account.
2. From the > page, click the link.
The page opens.
3. Click the link.
The page is displayed.
4. Click the link.
The configuration dialog opens.
Figure 2 Configuring SNMP Subnet Mapping
5. Specify the parameters as described in the following table:
6. Click .
You return to the dialog, where the new SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. configuration has been added and the following message is displayed:
SNMP configuration added successfully
7. Click to add another subnet Subnet is the logical division of an IP network. mapping; or click to exit.
SSH Credentials Configuration
For Linux servers or network device discovery, specify (Secure Shell) configuration credentials. When SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. is found for an IP address or subnet Subnet is the logical division of an IP network., Network Scan looks for any Linux server or machine associated with that IP address or subnet Subnet is the logical division of an IP network..
You can configure multiple user names and passwords. These credentials are organized in the order in which they were created. You can configure multiple user names and passwords. These credentials are organized in the order in which they were created.
To add the SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configuration for a network scan or subnet Subnet is the logical division of an IP network. scan:
|
|
The SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configuration can be for a single IP address or a subnet Subnet is the logical division of an IP network.. These credentials are used when an SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. scan is initiated. |
1. If you have not already done so, you must create an . For details on that procedure, refer to Adding an SSH External Account.
2. From the > page, click the link.
The page is displayed.
3. Click the link.
The configuration dialog opens:
Figure 3 Configuring SSH Subnet Mapping
4. Specify the SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. Subnet Subnet is the logical division of an IP network. Mapping parameters as described in the following table:
|
Parameter |
Action/Description |
|---|---|
|
IP Subnets Subnet is the logical division of an IP network./ IP Addresses |
Enter either one or more subnets Subnet is the logical division of an IP network. or one or more IP addresses. For multiple entries, separate multiple IP addresses or subnets Subnet is the logical division of an IP network. with commas. When you configure the network scan, Policy Manager will use the SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configuration to fetch the network device information for discovered devices. |
|
Scan Type |
From the drop-down, select : |
|
External Accounts |
Select the check boxes for the corresponding SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. accounts. |
5. Click .
You return to the dialog, where the new SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. configuration has been added.
6. Click to add another subnet Subnet is the logical division of an IP network. mapping; or click to exit.
