Discovering SNMP Routers, Switches, and Firewalls

Download this manual as a PDF file

The following sections describe how to create SNMP credentials and discover SNMP network devices in SL1:

Prerequisites

If you configure your network device to respond to SNMP requests from SL1, you can discover your devices as SNMP devices. When SL1 discovers a device as an SNMP device, SL1 will automatically collect data supplied by the SNMP agent.

  • To configure your devices to respond to SNMP requests, see the documentation for your devices.
  • To use events in SL1, configure your devices to send syslog messages and traps to the SL1 system. See the documentation for your devices to determine how to configure syslog and trap forwarding.

Creating an SNMP Credential

SNMP Credentials allow SL1 to access SNMP data on a managed device. SL1 uses SNMP credentials to perform discovery, run auto-discovery, and gather information from SNMP Dynamic Applications.

To create an SNMP credential:

  1. Go to the Credential Management page (System > Manage > Credentials).

  2. Click the Actions button and select Create SNMP Credential. The Credential Editor page appears.

  3. Supply values in the following fields:
  • Profile Name. Name of the credential. Can be any combination of alphanumeric characters. This field is required.
  • SNMP Version. SNMP version. Choices are SNMP V1, SNMP V2, and SNMP V3. The default value is SNMP V2.
  • Port. The port SL1 will use to communicate with the external device or application. The default value is 161. This field is required.
  • Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the SNMP device. The default value is 1500.
  • Retries. Number of times SL1 will try to authenticate and communicate with the external device. The default value is 1.

SNMP V1/V2 Settings

These fields appear if you selected SNMP V1 or SNMP V2 in the SNMP Version field. The fields are inactive if you selected SNMP V3.

  • SNMP Community (Read-Only). The SNMP community string (password) required for read-only access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read/Write) field.
  • SNMP Community (Read/Write). The SNMP community string (password) required for read and write access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read Only) field.

SNMP V3 Settings

These fields appear if you selected SNMP V3 in the SNMP Version field. These fields are inactive if you selected SNMP V1 or SNMP V2.

  • Security Name. Name for SNMP authentication. This field is required.
  • Security Passphrase. Password to authenticate the credential. This value must contain at least 8 characters. This value is required if you use a Security Level that includes authentication.
  • Authentication Protocol. Select an authentication algorithm for the credential. This field is required. Choices are:
  • MD5. This is the default value.
  • SHA
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

The SHA option is SHA-128.

  • Security Level. Specifies the combination of security features for the credentials. This field is required. Choices are:
  • No Authentication / No Encryption.
  • Authentication Only. This is the default value.
  • Authentication and Encryption.
  • SNMP v3 Engine ID. The unique engine ID for the SNMP agent you want to communicate with. (SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID.) This field is optional.
  • Context Name. A context is a mechanism within SNMPv3 (and AgentX) that allows you to use parallel versions of the same MIB objects. For example, one version of a MIB might be associated with SNMP Version 2 and another version of the same MIB might be associated with SNMP Version 3. For SNMP Version 3, specify the context name in this field. This field is optional.
  • Privacy Protocol. The privacy service encryption and decryption algorithm. This field is required. Choices are:
  • DES. This is the default value.
  • AES-128
  • AES-192
  • AES-256
  • AES-256-C. This option is for discovering Cisco devices only.
  • Privacy Protocol Passphrase. Privacy password for the credential. This field is optional.
  1. Click the Save button to save the new SNMP credential.
  2. Repeat steps 1-4 for each SNMP-enabled device in your network that you want to monitor with SL1.

NOTE: When you define an SNMP Credential, SL1 automatically aligns the credential with all organizations of which you are a member.

For more details on creating credentials, see the section on credentials.

Creating an SNMP Credential for Monitoring Multiple VRFs

To monitor multiple VRFs on your Nexus devices, you must create the SNMP credential with SNMP v2 or SNMPv3 settings and then manually align the "Cisco: VRF BGP Peers" Dynamic Application.

To create the SNMP credential:

  1. Go to the Credential Management page (System > Manage > Credentials).

  2. Click the Actions button and select Create SNMP Credential. The Credential Editor page appears.

  1. Supply values in the following fields:
  • Profile Name. Name of the credential. Can be any combination of alphanumeric characters.

  • SNMP Version. SNMP version. Select SNMP V2 or SNMP V3. SNMP v1 is not supported for monitoring multiple VRFs.
  • Port. The port SL1 will use to communicate with the external device or application. The default value is 161.
  • Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the SNMP device. The default value is 1500.
  • Retries. Number of times SL1 will try to authenticate and communicate with the external device. The default value is 1.

SNMP V2 Settings

Supply values in the following field if you selected SNMP V2 in the SNMP Version field:

  • SNMP Community (Read-Only). Type the SNMP community string (password) required for read-only access of SNMP data on the remote device or application. If you are specifying more than one community string, separate them with a comma.

SNMP V3 Settings

Supply values in the following fields if you selected SNMP V3 in the SNMP Version field:

  • Security Name. Name for SNMP authentication. This field is required.

  • Security Passphrase. Password to authenticate the credential. This value must contain at least 8 characters. This value is required if you use a Security Level that includes authentication.

  • Authentication Protocol. Select SHA.

The SHA option is SHA-128.

  • Security Level. Select Authentication and Encryption.

  • Context Name. Specify the context(s) in this field. If you are adding more than one, separate each with a comma.

  • Privacy Protocol. Select AES-128.
  • Privacy Protocol Pass Phrase. Privacy password for the credential. This field is optional.

  1. Click the Save button to save the new SNMP credential.

To align the "Cisco: VRF BGP Peers" Dynamic Application:

  1. Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface, or Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface in the SL1 classic user interface).
  2. Locate your Cisco device and click its wrench icon ().
  3. In the Collections tab, click the Actions button and then select Add Dynamic Application. The Dynamic Application Alignment page appears.
  4. In the Dynamic Applications field, select the "Cisco: VRF BGP Peers" Dynamic Application.
  5. In the Credentials field, select the SNMP credential you just created.
  6. Click the Save button.

Discovery for SNMP-Enabled Routers, Switches, and Firewalls

To maximize the data that can be collected from SNMP-enabled routers and switches, ensure that your devices include the following MIBs:

  • BRIDGE-MIB
  • CISCO-CDP-MIB
  • CISCO-ETHERNET-FABRIC-EXTENDER-MIB
  • CISCO-FCOE-MIB
  • CISCO-PORT-CHANNEL-MIB
  • CISCO-PROCESS-MIB
  • CISCO-SYSTEM-EXT-MIB
  • HOST-RESOURCES-MIB
  • IF-MIB
  • IP-MIB
  • SYSTEM-MIB
  • UCD-SNMP-MIB

During initial discovery, SL1 automatically performs the following actions to gather information from each SNMP-enabled router and switch:

  • Uses the SYSTEM-MIB to retrieve a system description, SysObject ID, system uptime, system contact, system name, and system location

  • Uses the IF-MIB to retrieve information about all network interfaces on the device
  • Uses the IP-MIB to determine the IP address and netmask associated with each interface
  • Uses the retrieved SysObject ID to assign a device class to each device
  • Assigns a device ID, a device name, a primary IP address for use in SL1, and a primary credential
  • Checks each discovered device against the list of already-defined Dynamic Applications. SL1 searches each discovered device to find "discovery objects" and aligns devices with the appropriate Dynamic Application(s).
  • Immediately after the initial discovery session is completed, SL1 will use the aligned Dynamic Applications to collect additional data from devices.
  • Shortly after the initial discovery session, SL1 uses internal processes to create network records for each IP address and interface.
  • Shortly after the initial discovery session, SL1 uses the BRIDGE-MIB and the CISCO-CDP-MIB to create topology relationships for routers and switches.

For details on discovery, see the .section on Discovery.

Adding Devices Using Unguided Discovery

To run an unguided discovery:

  1. On the Devices page () or the Discovery Sessions page (Devices > Discovery Sessions), click the Add Devices button. The Select page appears.
  2. Click the Unguided Network Discovery Workflow button. Additional information about the requirements for discovery appears in the General Information pane to the right.
  3. Click Select. The Add Devices page appears.
  4. Complete the following fields:
  • Discovery Session Name. Type a unique name for this discovery session. This name is displayed in the list of discovery sessions on the Discovery Sessions tab.
  • Description. Type a short description of the discovery session. You can use the text in this description to search for the discovery session on the Discovery Sessions tab. Optional.
  • Select the organization to add discovered devices to. Select the name of the organization to which you want to add the discovered devices.
  1. Click Next. The Credentials page of the Add Devices wizard appears.
  2. On the Credentials page, you can optionally do one of the following:
  • If the credential you need is not in the list, click the Create New button to open the Create Credential window, where you can specify the name and organization for the credential, the third-party username and password, and other data such as Cloud Type and Proxy information. You can also test the credential before you save using the Credential Tester panel. Click Save & Close to save the credential and return to the Credential Selection page of the guided discovery session. For more information on creating new credentials or testing credentials, see the section on Defining Credentials or Using the Credential Tester Panel.
  • To edit a credential on the Credential Selection page, click the name of the credential you would like to edit from the Name column and edit that credential as needed. You can also test the credential before you save using the Credential Tester panel. Click the Save & Close button on the Edit Credential window to save your updates.
  1. On the Credentials page of the Add Devices wizard, select one or more credentials to allow SL1 to access a device's SNMP data and click Next. The Discovery Session Details page of the Add Devices wizard appears.
  2. Complete the following fields:
  • List of IPs/Hostnames. Provide a list of IP addresses, hostnames, or fully-qualified domain names for SL1 to scan during discovery. This field is required. In this field, you can enter a combination of one or more of the following:
  • One or more single IPv4 addresses separated by commas and a new line. Each IP address must be in standard IP notation and cannot exceed 15 characters. For example, "10.20.30.1, 10.20.30.2, 10.20."
  • One or more ranges of IPv4 addresses with "-" (dash) characters between the beginning of the range and the end of the range. Separate each range with a comma. For example, "10.20.30.1 – 10.20.30.254".
  • One or more IP address ranges in IPv4 CIDR notation. Separate each item in the list with a comma. For example, "192.168.168.0/24".
  • One or more ranges of IPv6 addresses with "-" (dash) characters between the beginning of the range and the end of the range. Separate each range with a comma. For example, "2001:DB8:0:0:0:0:0:0-2001:DB8:0:0:0:0:0:0003".
  • One or more IP address ranges in IPv6 CIDR notation. Separate each item in the list with a comma. For example, "2001:DB8:0:0:0:0:0:0/117".
  • One or more hostnames (fully-qualified domain names). Separate each item in the list with a comma.

You can also click the Upload File button to upload a comma-separated list of IPs.

  • Which collector will monitor these devices?. Select an existing collector group to monitor the discovered devices. Required.

When assigning devices to a collector group, SL1's multi-tenancy rules will validate that the collector group you select belongs to the organization you selected in the previous field. If you attempt to run a discovery session where the devices, collector group, and credentials do not all belong to the same organization, you will receive an error message and will not be able to save or execute the discovery session.

  • Run after save. Select this option to run this discovery session as soon as you click Save and Close.
  • Advanced options. Click the down arrow icon () to access additional discovery options. 

In the Advanced options section, complete the following fields as needed:

  • Initial Scan Level. For this discovery session only, specifies the data to be gathered during the initial discovery session. The options are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior) in the classic user interface of SL1.
  • 1. Model Device Only. Discovery will discover if the device is up and running and if so, collect the make and model of the device. SL1 will then generate a device ID for the device so it can be managed by SL1.
  • 2. Initial Population of Apps. Discovery will search for Dynamic Applications to associate with the device. The discovery tool will attempt to collect data for the aligned Dynamic Applications. Discovery will later retrieve full sets of data from each Dynamic Application. Discovery will also perform 1. Model Device Only discovery.
  • 3. Discover SSL Certificates. Discovery will search for SSL certificates and retrieve SSL data. Discovery will also perform 2. Initial Population of Apps and 1. Model Device Only.
  • 4. Discover Open Ports. Discovery will search for open ports. Discovery will also perform 3. Discover SSL Certificates, 2. Initial Population of Apps, and 1. Model Device Only.

If your system includes a firewall and you select 4. Discover Open Ports, discovery might be blocked and/or might be taxing to your network.

  • 5. Advanced Port Discovery. Discovery will search for open ports, using a faster TCP/IP connection method. Discovery will also perform 3. Discover SSL Certificates, 2. Initial Population of Apps, and 1. Model Device Only.

If your system includes a firewall and you select 5. Advanced Port Discovery, some devices might remain in a pending state (purple icon) for some time after discovery. These devices will achieve a healthy status, but this might take several hours.

  • 6. Deep Discovery. Discovery will use nmap to retrieve the operating system name and version. Discovery will also scan for services running on each open port and can use this information to match devices to device classes. Discovery will search for open ports, using a faster TCP/IP connection method. Discovery will also perform 3. Discover SSL Certificates, 2. Initial Population of Apps, and 1. Model Device Only.

For devices that don't support SNMP, option 6. Deep Discovery allows you to discover devices that don't support SNMP and then align those devices with a device class other than "pingable". Note that option 6. Deep Discovery is compute-intensive.

If SL1 cannot determine the appropriate Device Class, it will assign the device to the Generic SNMP Device Class.

  • Scan Throttle. Specifies the amount of time a discovery process should pause between each specified IP address (specified in the IP Address/Hostname Discovery List field). Pausing discovery processes between IP addresses spreads the amount of network traffic generated by discovery over a longer period of time. The choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior) in the classic user interface for SL1.
  • Disabled. Discovery processes will not pause.
  • 1000 Msec to 10000 Msec. A discovery process will pause for a random amount of time between half the selected value and the selected value.
  • Port Scan All IPs. For the initial discovery session only, specifies whether SL1 should scan all IP addresses on a device for open ports. The choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior) in the classic user interface for SL1.
  • Enabled. SL1 will scan all discovered IP addresses for open ports.
  • Disabled. SL1 will scan only the primary IP address (the one used to communicate with SL1) for open ports.
  • Port Scan Timeout. For the initial discovery session only, specifies the length of time, in milliseconds, after which SL1 should stop trying to scan an IP address for open ports and begin scanning the next IP address (if applicable). Choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior).
  • Choices between 60 to 1,800 seconds.
  • Scan Ports. Specify a list of ports to scan, separated by colons (:). The default is 21:22:25:80:136.
  • Interface Inventory Timeout (ms). Specifies the maximum amount of time that the discovery processes will spend polling a device for the list of interfaces. After the specified time, SL1 will stop polling the device, will not model the device, and will continue with discovery. The default value is 600,000 ms (10 minutes).
  • During the execution of this discovery session, SL1 uses the value in this field first. If you delete the default values and do not specify another value in this field, SL1 uses the value in the Global Threshold Settings page (System > Settings > Thresholds).
  • If you specify a value in this field and do not apply a device template to this discovery session, the Interface Inventory Timeout setting in the Device Thresholds page (Devices > Classic Devices > wrench icon > Thresholds, or Registry > Devices > Device Manager > wrench icon > Thresholds in the classic SL1 user interface) is set to this value for each discovered device. If there is no device template applied to the discovery session and no value is supplied in this field, SL1 uses the value in the Global Threshold Settings page (System > Settings > Thresholds).
  • Maximum Allowed Interfaces. Specifies the maximum number of interfaces per devices. If a device exceeds this number of interfaces, SL1 will stop scanning the device, will not model the device, and will continue with discovery. The default value is 10,000.
  • During the execution of this discovery session, SL1 uses the value in this field first. If you delete the default values and do not specify another value in this field, SL1 uses the value in the Global Threshold Settings page.
  • If you specify a value in this field and do not apply a device template to this discovery session, the Maximum Allowed Interfaces setting in the Device Thresholds page is set to this value for each discovered device. If there is no device template applied to the discovery session and no value is supplied in this field, SL1 uses the value in the Global Threshold Settings page.
  • Bypass Interface Inventory. Specifies whether or not the discovery session should discover network interfaces.
  • Selected. SL1 will not attempt to discover interfaces for each device in the discovery session. For each discovered device, the Bypass Interface Inventory checkbox on the Device Investigator Settings tab will be selected.
  • Not Selected. SL1 will attempt to discover network interfaces, using the Interface Inventory Timeout value and Maximum Allowed Interfaces value.
  • Discover Non-SNMP. Specifies whether or not SL1 should discover devices that don't respond to SNMP requests.
  • Selected. SL1 will discover devices that don't respond to the SNMP credentials selected in the SNMP Credentials field. These devices will be discovered as "pingable" devices.
  • Not Selected. SL1 will not discover devices that don't respond to the SNMP credentials selected in the SNMP Credentials fields.

You must either select a credential for the discovery session or select the Discover Non-SNMP option. SL1 will prevent you from proceeding with discovery if you have not met those conditions.

  • Model Devices. Determines whether or not the devices that are discovered with this discovery session can be managed through SL1. Choices are:
  • Enabled. When a device is modeled, SL1 creates a device ID for the device; you can then access the device through the Device Manager page and manage the device in SL1.
  • Disabled. If a device is not modeled, you cannot access the device through the Device Manager page, and you cannot manage the device in SL1. However, each discovered device will still appear in the Discovery Session logs. For each discovered device, the discovery logs will display the IP address and device class for the device. This option is useful when performing an initial discovery of your network, to determine which devices you want to monitor and manage with SL1. For the amount of time specified in the Device Model Cache TTL (h) field, a user can manually model the device from the Discovery Session window.
  • Enable DHCP. Specifies whether or not the specified range of IPs and hostnames use DHCP.
  • Selected. SL1 will perform a DNS lookup for the device during discovery and each time SL1 retrieves information from the device.
  • Not Selected. SL1 will perform normal discovery.
  • Device Model Cache TTL (h). Amount of time, in hours, that SL1 stores information about devices that are discovered but not modeled, either because the Model Devices option is not enabled or because SL1 cannot determine whether a duplicate device already exists. The cached data can be used to manually model the device from the Discovery Session window.
  • Log All. Specifies whether or not the discovery session should use verbose logging. When you select verbose logging, SL1 logs details about each IP address or hostname specified in the IP Address/Hostname Discovery List field, even if the results are "No device found at this address."
  • Selected. This discovery session will use verbose logging.
  • Not Selected. This discovery session will not use verbose logging.
  • Apply Device Template. As SL1 discovers a device in the IP discovery list, that device is configured with the selected device template. You can select from a list of all device templates in SL1. For more information on device templates, see the Device Groups and Device Templates section.

  1. Click Save and Close to save the discovery session. The Discovery Sessions page (Devices > Discovery Sessions) displays the new discovery session.

  2. If you selected the Run after save option on this page, the discovery session runs, and the Discovery Logs page displays any relevant log messages. If the discovery session locates and adds any devices, the Discovery Logs page includes a link to the Device Investigator page for the discovered device.

Running Discovery in the SL1 Classic User Interface

To perform a discovery session for one IP address, multiple IP addresses, or a range of IP addresses on the Classic Discovery page:

To discover all the devices in your network, you must first know the range of IP addresses used in your network. If you need help, ask your network administrator.

  1. Go to the Discovery Control Panel page (System > Manage > Classic Discovery).
  2. In the Discovery Control Panel, click Create. The Discovery Session Editor page appears:
  3. Supply values in the following fields:
  • Name. Type a name for the discovery session. This name is displayed in the list of discovery sessions in the Discovery Control Panel page.
  • Description. Optionally, type a description of the discovery session.
  • IP Address/Hostname Discovery List. Provide a list of IP addresses or fully-qualified domain names for SL1 to scan during discovery. In this field, you can enter a combination of one or more of the following:

Instead of manually entering a list of IP addresses and hostnames, you can upload a file that contains the list of IP addresses and hostnames. See the description of the Upload File field.

  • One or more single IPv4 addresses separated by commas. Each IP address must be in standard IP notation and cannot exceed 15 characters. For example, "10.20.30.1, 10.20.30.2, 10.20.30.3".
  • One or more ranges of IPv4 addresses with "-" (dash) characters between the beginning of the range and the end of the range. Separate each range with a comma. For example, "10.20.30.1 – 10.20.30.254".
  • One or more IP address ranges in IPv4 CIDR notation. Separate each item in the list with a comma. For example, "192.168.168.0/24".
  • One or more ranges of IPv6 addresses with "-" (dash) characters between the beginning of the range and the end of the range. Separate each range with a comma. For example, "2001:DB8:0:0:0:0:0:0-2001:DB8:0:0:0:0:0:0003".
  • One or more IP address ranges in IPv6 CIDR notation. Separate each item in the list with a comma. For example, "2001:DB8:0:0:0:0:0:0/117".
  • One or more hostnames (fully-qualified domain names). Separate each item in the list with a comma.

If you enter both the hostname and IP address of the same devices, SL1 will discover two duplicate devices.

The following types of notation are not supported: IPv4 netmask with comma notation (e.g., 192.168.168.0,24); a list of single IPv6 addresses, separated by comma.

SL1 will display an error if your discovery session exceeds the maximum size for optimum performance. SL1 will display a warning message if your discovery session includes 100 or more IP addresses. The warning message will tell you that discovery with more than 100 IP addresses might "take a long time to discover".

  • Upload File. Instead of manually entering a list of IP addresses and hostnames in the IP Address/Hostname Discovery List field, you can upload a file that contains a list of IP addresses and hostnames. The IP addresses and hostnames in the file must be in a format that is allowed for the IP Address/Hostname Discovery List field. Each address or range of addresses in the file must be separated by a newline character instead of a comma. You can browse to the file and then select it. After uploading the file, the IP Address/Hostname Discovery List field will display the IP addresses and hostnames from the file.
  • SNMP Credentials. A community string that allows SL1 to access a device's SNMP data. SNMP credentials are defined in the Credential Management page (System > Manage > Credentials). If you want to retrieve SNMP data from one or more devices, you must select one or more working SNMP credentials in this field. You can select multiple credentials from this field. SL1 will try each selected credential when discovering devices and retrieving device data.
  • Other Credentials. A username and password pair (among other fields) that allows SL1 to access a device's database data, SOAP data, XML data, WMI data, WBEM data, or data that is monitored with a Snippet Dynamic Application. These credentials are defined in the Credential Management page (System > Manage > Credentials). You can select multiple credentials from this field. SL1 will try each selected credential when searching for Dynamic Applications to align with each discovered device.

You can use the field at the top of the SNMP Credentials field and the Other Credentials field to filter the list of credentials. If you enter an alpha-numeric string in the field, the SNMP Credentials field or the Other Credentials field will include only credentials that match the string.

Your organization membership(s) might affect the list of credentials you can see in the SNMP Credentials field and the Other Credentials field.

  • Initial Scan Level. For this discovery session only, specifies the data to be gathered during the initial discovery session. The options are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior).
  • 0. Model Device Only. Discovery will discover if the device is up and running and if so, collect the make and model of the device. SL1 will then generate a device ID for the device so it can be managed by SL1.
  • 1. Initial Population of Apps. Discovery will search for Dynamic Applications to associate with the device. The discovery tool will attempt to collect data for the aligned Dynamic Applications. Discovery will later retrieve full sets of data from each Dynamic Application. Discovery will also perform 0. Model Device Only discovery.
  • 2. Discover SSL Certificates. Discovery will search for SSL certificates and retrieve SSL data. Discovery will also perform 1. Initial Population of Apps and 0. Model Device Only.
  • 3. Discover Open Ports. Discovery will search for open ports. Discovery will also perform 2. Discover SSL Certificates, 1. Initial Population of Apps, and 0. Model Device Only.

If your system includes a firewall and you select 3. Discover Open Ports, discovery might be blocked and/or might be taxing to your network.

  • 4. Advanced Port Discovery. Discovery will search for open ports, using a faster TCP/IP connection method. Discovery will also perform 2. Discover SSL Certificates, 1. Initial Population of Apps, and 0. Model Device Only.

If your system includes a firewall and you select 4. Advanced Port Discovery, some devices might remain in a pending state (purple icon) for some time after discovery. These devices will achieve a healthy status, but this might take several hours.

  • 5. Deep Discovery. Discovery will use nmap to retrieve the operating system name and version. Discovery will also scan for services running on each open port and can use this information to match devices to device classes. Discovery will search for open ports, using a faster TCP/IP connection method. Discovery will also perform 2. Discover SSL Certificates, 1. Initial Population of Apps, and 0. Model Device Only.

For devices that don't support SNMP, option 5. Deep Discovery allows you to discover devices that don't support SNMP and then align those devices with a device class other than "pingable". Note that option 5. Deep Discovery is compute-intensive.

If SL1 cannot determine the appropriate Device Class, it will assign the device to the Generic SNMP Device Class.

  • Scan Throttle. Specifies the amount of time a discovery process should pause between each specified IP address (specified in the IP Address/Hostname Discovery List field). Pausing discovery processes between IP addresses spreads the amount of network traffic generated by discovery over a longer period of time. The choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior).
  • Disabled. Discovery processes will not pause.
  • 1000 Msec to 10000 Msec. A discovery process will pause for a random amount of time between half the selected value and the selected value.
  • Port Scan All IPs. For the initial discovery session only, specifies whether SL1 should scan all IP addresses on a device for open ports. The choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior).
  • 0. Disabled. SL1 will scan only the primary IP address (the one used to communicate with SL1) for open ports.
  • 1. Enabled. SL1 will scan all discovered IP addresses for open ports.
  • Port Scan Timeout. For the initial discovery session only, specifies the length of time, in milliseconds, after which SL1 should stop trying to scan an IP address for open ports and begin scanning the next IP address (if applicable). Choices are:
  • System Default (recommended). Use the value defined in the Behavior Settings page (System > Settings > Behavior).
  • Choices between 60,000 to 1,800,000 milliseconds.
  • Detection Method & Port. During discovery, SL1 will scan the list of ports selected in this field to determine if the range of devices is up and running and which ports are open on each discovered device. If a device does not respond to SNMP or ICMP, SL1 uses an open port to collect availability data for that device. If you are not sure which ports are used by the range of devices, select the entry Default Method. SL1 will check ICMP (ping), FTP, SSH, Telnet, SMTP, and HTTP ports.

You can use the field at the top of the Detection Method & Port field to filter the list of ports. If you enter an alpha-numeric string in the field, the Detection Method & Port field will include only ports that match the string.

  • Interface Inventory Timeout (ms). Specifies the maximum amount of time that the discovery processes will spend polling a device for the list of interfaces. After the specified time, SL1 will stop polling the device, will not model the device, and will continue with discovery. The default value is 600,000 ms (10 minutes).
  • During the execution of this discovery session, SL1 uses the value in this field first. If you delete the default values and do not specify another value in this field, SL1 uses the value in the Global Threshold Settings page (System > Settings > Thresholds).
  • If you specify a value in this field and do not apply a device template to this discovery session, the Interface Inventory Timeout setting in the Device Thresholds page (Devices > Classic Devices > wrench icon > Thresholds, or Registry > Devices > Device Manager > wrench icon > Thresholds in the classic SL1 user interface) is set to this value for each discovered device. If there is no device template applied to the discovery session and no value is supplied in this field, SL1 uses the value in the Global Threshold Settings page (System > Settings > Thresholds).
  • Maximum Allowed Interfaces. Specifies the maximum number of interfaces per devices. If a device exceeds this number of interfaces, SL1 will stop scanning the device, will not model the device, and will continue with discovery. The default value is 10,000.
  • During the execution of this discovery session, SL1 uses the value in this field first. If you delete the default values and do not specify another value in this field, SL1 uses the value in the Global Threshold Settings page.
  • If you specify a value in this field and do not apply a device template to this discovery session, the Maximum Allowed Interfaces setting in the Device Thresholds page is set to this value for each discovered device. If there is no device template applied to the discovery session and no value is supplied in this field, SL1 uses the value in the Global Threshold Settings page.
  • Bypass Interface Inventory. Specifies whether or not the discovery session should discover network interfaces.
  • Selected. SL1 will not attempt to discover interfaces for each device in the discovery session. For each discovered device, the Bypass Interface Inventory checkbox in the Device Properties page will be selected.
  • Not Selected. SL1 will attempt to discover network interfaces, using the Interface Inventory Timeout value and Maximum Allowed Interfaces value.

If a device has already been discovered and then is rediscovered through the Discovery Session Editor page, the Bypass Interface Inventory. checkbox in the Device Properties page will retain its previous value, regardless of what is selected in the Discovery Session Editor page.

  • Discover Non-SNMP Devices. Specifies whether or not SL1 should discover devices that don't respond to SNMP requests.
  • Selected. SL1 will discover devices that don't respond to the SNMP credentials selected in the SNMP Credentials field. These devices will be discovered as "pingable" devices.
  • Not Selected. SL1 will not discover devices that don't respond to the SNMP credentials selected in the SNMP Credentials fields.
  • Model Devices. Determines whether or not the devices that are discovered with this discovery session can be managed through SL1. Choices are:
  • Enabled. When a device is modeled, SL1 creates a device ID for the device; you can then access the device through the Device Manager page and manage the device in SL1.
  • Disabled. If a device is not modeled, you cannot access the device through the Device Manager page, and you cannot manage the device in SL1. However, each discovered device will still appear in the Discovery Session logs. For each discovered device, the discovery logs will display the IP address and device class for the device. This option is useful when performing an initial discovery of your network, to determine which devices you want to monitor and manage with SL1. For the amount of time specified in the Device Model Cache TTL (h) field, a user can manually model the device from the Discovery Session window.
  • DHCP. Specifies whether or not the specified range of IPs and hostnames use DHCP.
  • Selected. SL1 will perform a DNS lookup for the device during discovery and each time SL1 retrieves information from the device.
  • Not Selected. SL1 will perform normal discovery.
  • Device Model Cache TTL (h). Amount of time, in hours, that SL1 stores information about devices that are discovered but not modeled, either because the Model Devices option is not enabled or because SL1 cannot determine whether a duplicate device already exists. The cached data can be used to manually model the device from the Discovery Session window.
  • Collection Server PID. This field contains a list of all Data Collectors on the network. Select the Data Collector that is local or closet to the devices to be discovered.
  • For SL1 appliances, only the name of the appliance will appear in this field.

After initial discovery, each device will use the collector group that contains this Data Collector for collection and rediscovery.

  • Organization. This field contains a list of all organizations defined in SL1. Devices discovered during the discovery session will be assigned to the selected organization.

Make sure you have the desired organization created and selected before running the discovery process. This field assigns all devices and networks in the specified IP range to a single organization. However, you can later assign individual devices and networks to different organizations.

  • Add Devices to Device Group(s). When SL1 discovers a device in the IP discovery list, that device is added to each selected device group. You can select one or more device groups from a list of device groups in SL1 that have "Discovery" selected in the Visibility field. For more information on device groups, see the Device Groups and Device Templates section.

You can use the field at the top of the Add Devices to Device Group(s) field to filter the list of device groups. If you enter an alpha-numeric string in the field, the Add Devices to Device Group(s) field will include only device groups that match the string.

  • Apply Device Template. As SL1 discovers a device in the IP discovery list, that device is configured with the selected device template. You can select from a list of all device templates in SL1. For more information on device templates, see the Device Groups and Device Templates section.
  • Log All. Specifies whether or not the discovery session should use verbose logging. When you select verbose logging, SL1 logs details about each IP address or hostname specified in the IP Address/Hostname Discovery List field, even if the results are "No device found at this address."
  • Selected. This discovery session will use verbose logging.
  • Not Selected. This discovery session will not use verbose logging.
  1. Click the Save button to save the discovery session. Close the Discovery Session Editor page.
  2. In the Discovery Control Panel page, click the Reset button. The new discovery session will appear in the Session Register pane.
  3. To launch the new discovery session, click its Queue this Session icon ().
  4. If no other discovery sessions are currently running, the session will be executed immediately. If another discovery session is currently running, your discovery session will be queued for execution.