Network devices are scanned using SSH. Our SSH connection manager public key can either be added to the devices SSH authorized keys file or a username/password can be supplied. A satellite SSH connection manager can be deployed behind your firewall to avoid exposing SSH ports.

Adding

  1. To scan a Network Device node via SSH click the Add Nodes subnavigation button under the Discover heading.

    network-device

  2. Choose Network Device.

    network-device

  3. Click Manual Add Node.

    network-device

  4. The “add node” details form will then open and will allow you to specify the details for your Network Device node.

    network-01

    Field Description
    Type Select the applicable network device type.
    Operating System Family Select the applicable operating system family.
    Target Operating System Select the applicable operating system.
    Connection Type Select SSH.
    Connection Manager Group Can be left as “Default” to have scans performed by our internal SSH connection manager, or changed to the name of another SSH connection manager.
    Hostname The internet facing hostname/IP address of the node.
    Port Defaults to port 22.
    Username The username you are wanting UpGuard to scan as.
    Password The users password. Note: Passwords are stored encrypted in our database.
    Enable Password Optional, the password required for the user to use enable privileged commands.
  5. Click Create Node to complete adding your node.

Scanning

  1. Find your newly created node in the nodes list.
  2. Click on the node name.
  3. Click on the green Scan button to kick off a node scan.

Scan Details

Data retrieved for network devices scanning is treated slightly differently to that retrieved for servers for the simple reason that network device configuration is (more typically) file, rather than component, based. Here is an example scan workflow (simplified) for a Cisco device.

w400

  1. UpGuard connects to the device over SSH.
  2. Both stored and running configs are extracted and returned to the site.
  3. Configs are parsed to allow display both as files and objects to be displayed in the UpGuard graph visualization.

Visualization

From one UpGuard scan you get four different views of your network device’s configuration (again, if the device supports both).

Stored vs Running Configuration

Check the navigation on the node show page for both stored and running versions of your device’s configuration. Running configuration is denoted by an (R).

w500

Object vs File View

From the node show page you can access the traditional file based view of your device’s configuration from the File button.

network-devices-visualisation-02

This will take you to the file view page.

network-devices-visualisation-03

The object based view is what you see displayed in the main information window.

network-devices-visualisation-04

Differencing

The above flexibility in configuration display means you get multiple ways of differencing configuration data.

You can difference:

  • Device to device
  • Stored vs Running on a single device
  • Over time on a single device

You can also difference using both the default view.

network-devices-differencing-01

And the file view.

network-devices-differencing-02

Tags: ssh