Network Devices

One of the object that can be created and then registered in the openNAC CMDB, Network devices are which send authentication information from user devices, there are a wide type of network devices that includes routers, switches, VPNs, Access Points, Wireless LAN Controller and many others.

First of all and in order to have the capability to register a network device in the openNAC CMDB go to ON CMDB -> Network Devices as shown by the step 1.

To add a new Network device into the openNAC CMDB use the bottom shown by the step 2.

Step 3 allows to include Network device description, a firmware version, brand, IP management and many others fields, on important field are the Tags, this allows to group the network devices based on different network devices characteristics, (physical location, device type…)

Editing a network device is also possible to view which compliance tags has the network devices, those are passed and failed ones as show by Step 4

../../../_images/oncmdbnd.png

ON CMDB -> Network Devices, modifying details of an existing network device already registered, an Additional info can be included, allows to include purchase, warranty, maintenance dates and purchase order, EOL and maintenance information, this is useful information that can be stored by is not going to be used by any product feature.

../../../_images/oncmdbnd1.PNG

In this section choose and editing one of the network device registered on CMDB, a Disconnection setting button appears as shown by the step 1.

This section or tab allows to include Disconnection methods, SNMP or COA are available, these protocols can be used to disconnect user devices connect to the network device just edited chosen one as shown by the step 2.

SNMP RO (Read only) and SNMP RW (Read Write) communities (passwords) are available to be configured along with COA Ports and its credentials as shown by the step3. At network device normally is required to apply a filter to allow COA access from outside, usually insert the openNAC Ips.

../../../_images/oncmdbnd2.PNG

In order to connect to network devices from openNAC Core:

ON CMDB -> Network Devices and editing one of the network device just registered, a connection settings can be included as shown by the step 1, this allows to include a connection method/type used to gain access to network devices (SSH or telnet are available).

Telnet and SSH credentials, privilege users allows to define an administrative credentials to connect to the network device can be defined as shown by the step 2, a common example to understand a “Privilege user” is the Privilege 15 (All the commands are available for the user) used by Cisco technologies.

../../../_images/oncmdbnd3.PNG

ON CMDB -> Network Devices and choose and editing one of the network device registered on CMDB, a Compliance button appears as shown by the step 1.

This section or tab allows to includes the options to carry out network devices compliance as step 2, this means that configuration checks are done.

As shown by the step 3 is possible to add new compliance check groups which allow us to use those groups with any network devices , define compliance tags, the scripts used and the parameters.

many out of the box configuration checks are available in openNAC as shown by the step4, can be validated configuration and ensure configuration compliance.

../../../_images/oncmdbnd-2-1.png

One of the main components of openNAC are Netconf and Netbackup

Netconf:

Allow to manage network devices configuration from a central point, this is an openNAC Core. Bulk configuration can be done, scheduler and configuration macros based on brands can be created. ref:ON Netconf<netconf>.

Netbackup:

Allow to manage network devices configuration backup from a central point, this is an openNAC Core. Scheduler can be used. For more information review ON Netbackup.

ON CMDB -> Network Devices and add one network device just registered in the openNAC CMDB as shown by the Step 1.

Step 2 and Step 3 allow to export and import network devices to and from CSV files, very useful to bulk deployments.

Step 4 and Step 5 allows to use Tags and filters to select network devices based on different aspects.

Network devices can be grouped based on different aspects, based on network device location, type of network device as shown by the step 6, these groups can be selected by the policy engine, ON NAC -> Policies section will explain that matter.

Step 7 shows the button to include additional and custom fields to Network devices registered in openNAC CMDB.

../../../_images/oncmdbnd4.PNG