Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Network Change & Configuration Management

Reply

Device Groups by IP Address

RHastings
Techie
Posts: 4
3363     0

I would like to create a device group in a range of ip addresses. So something like "$IPAddress in [192.168.100.0/24]" in the memship criteria should work right? It's doesn't. What's the secret handshake to get this to work?

 

Example

Posts: 75
3364     0

Something like this should work:

$IPAddress in [192.168.100.0/24] and $Assurance > 75 and $Type in ["Firewall","VPN","Router","Switch", "Load Balancer", "Switch-Router",]

Then below you need to check at least SNMP Collection and Config Collection. Otherwise nothing will get collected from your devices. Groups take about 30 minutes to populate once you make them.

Adding a NOT expression to a new Device Group possible?

JBorstock
Techie
Posts: 4
3364     0

Is it possible to create a "new" Devie Group in NetMRI for specific Cisco Nexus 5K, 7K, 1K + cat switches?  

We tried:

$Assurance > 75 and $Type in ["Switch","Switch-Router"] and $Model in [".*cat.*", ".*N5k.*", ".*N7k.*", ".*N1K.*"]

and it failed.

Trying to prevent HP switches and NetGear switches from getting into this group.  Is there a way to test a Device Group's expressions for accuracy prior to implementing? 

Jim

By "failed" you mean it has

Adviser
Posts: 353
3364     0

By "failed" you mean it has the wrong membership? The "in" operartion like this will match strings exactly, I believe. You are trying to combine the "in" with regex matching. So, instead of:

 

$Assurance > 75 and $Type in ["Switch","Switch-Router"] and $Model in [".*cat.*", ".*N5k.*", ".*N7k.*", ".*N1K.*"]

 

You need to do something like

 

$Assurance > 75 and $Type in ["Switch","Switch-Router"] and

( $Model =~ /.*cat.*/ or $Model =~ /.*N5k.*/ or $Model =~ /.*N7k.*/ or $Model =~ /.*N1K.*/ )

 

 

Re: Adding a NOT expression to a new Device Group possible?

Expert
Posts: 231
3364     0

If you want a group that includes only Cisco switches and switch-routers, instead of testing for model strings, you could use:

   $Vendor eq "Cisco"

   $sysDescr like /IOS/

   $sysDescr like /NX-OS/    !All Nexus platforms

Also another way to try it:

Adviser
Posts: 408
3364     0

Also another way to try it:


$Assurance > 75 and $Type in ["Switch","Switch-Router"] and $Model like /(cat|N5k|N7k|N1K)/

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

This is perfect!  Awesome

JBorstock
Techie
Posts: 4
3364     0

This is perfect!  Awesome feedback.  How long should it take to start seeing this new group populate?

Depends on what code you are

Adviser
Posts: 408
3364     0

Depends on what code you are running the latest 6.8.3.  Refresh your browser in 5 to 10 minutes and it should be there.

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

That did it!

RHastings
Techie
Posts: 4
3364     0

Thanks James.

Showing results for 
Search instead for 
Do you mean 

Recommended for You