Compliance Checks of Network Devices

OpenNAC core and openNAC Analytics should be at least version 7109. To upgrade please review. Update Core

Network Devices Compliance Checks

Create the tests on ON NetBackup –-> Network devices compliance –-> NetDevice check.

Check the test configuration as follows:

Compliance Test Configuration

The access port compliance test and global config compliance test have a file to customize the requirements to be compliance. The files are:

•       /usr/share/opennac/api/library/NetDevices/Compliance/CheckConfigs/GetAccessInterfaces.json
•       /usr/share/opennac/api/library/NetDevices/Compliance/CheckConfigs/CheckGlobalConfig.json

Group of Network Device Compliance Checks

Create a group tests at ON NetBackup –-> Network devices compliance –-> NetDevice checks

Add Group to Use in Network Device

Edit the network device at ON CMDB –-> Network Devices

Add Tags Policy of Network Devices

Add a new policy at ON NAC –-> Tag Policies –-> ND Tag Policies

Create a Scheduler and Execute Tests

Create and exec the scheduler at ON NetBackup –-> NetBackup Scheduler

Check Compliance Results

After the finish of scheduler, we can check the test tags in ON CMDC –-> Network Devices

As we can see, some compliance tests failed. We can check the dashboards for additional information about port types and port compliance at Analytics –-> Use Cases –-> Network Device Compliance

We can check the port types detected and the global port test compliance result:

Also, we can check the compliance status and compliance errors for each port:

The logs used for these dashboards can be found in:

•       /var/log/opennac/opennac-netdev-compliance.log

UNKNOWN Ports

Some ports could be detected as “UNKNOWN”. These ports not fulfil the minimum requirements to detect the port type.

The minimum requirements are:

•       Server: ("speed 100" && "duplex full")
•       Uplink: (“switchport mode trunk”)
•       Access: ("switchport mode access" && ("mab" || "dot1x pae authenticator"))