1 | % Netdot exercise |
---|
2 | % Network Management Topics |
---|
3 | |
---|
4 | # Introduction |
---|
5 | |
---|
6 | The Network Documentation Tool (Netdot) is an open source software designed to |
---|
7 | help network administrators collect, organize and maintain network |
---|
8 | documentation. Netdot is actively developed at the University of Oregon. |
---|
9 | |
---|
10 | ## Goals |
---|
11 | |
---|
12 | In these exercises we will install Netdot and demonstrate some of its most |
---|
13 | important features. |
---|
14 | |
---|
15 | ## Notes |
---|
16 | |
---|
17 | * Commands preceded with "$" imply that you should execute the command as |
---|
18 | a general user - not as root. |
---|
19 | * Commands preceded with "#" imply that you should be working as root. |
---|
20 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
---|
21 | imply that you are executing commands on remote equipment, or within |
---|
22 | another program. |
---|
23 | |
---|
24 | # Installation |
---|
25 | |
---|
26 | _Netdot may already be installed in your PC. Ask the instructor._ |
---|
27 | |
---|
28 | Log in to your virtual machine as the sysadm user and make sure your machine |
---|
29 | is up-to-date with the rest of the class: |
---|
30 | |
---|
31 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
32 | $ sudo apt-get install snmp snmp-mibs-downloader snmpd cacti smokeping \ |
---|
33 | nagios3 joe postfix |
---|
34 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
35 | |
---|
36 | ## Download the Package |
---|
37 | |
---|
38 | First check if it's available in your classroom's NOC server: |
---|
39 | |
---|
40 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
41 | $ cd |
---|
42 | $ wget http://noc.ws.nsrc.org/downloads/netdot-1.0.4.tar.gz |
---|
43 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
44 | |
---|
45 | If not, try from the official site: |
---|
46 | |
---|
47 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
48 | $ wget http://netdot.uoregon.edu/pub/dists/netdot-1.0.4.tar.gz |
---|
49 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
50 | |
---|
51 | Unpack the tarball: |
---|
52 | |
---|
53 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
54 | $ tar xzvf netdot-1.0.4.tar.gz |
---|
55 | $ cd netdot-1.0.4 |
---|
56 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
57 | |
---|
58 | ## Install dependencies: |
---|
59 | |
---|
60 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
61 | $ sudo apt-get install build-essential |
---|
62 | $ sudo make apt-install |
---|
63 | |
---|
64 | Which RDBMS do you plan to use as backend: [mysql|Pg]? mysql |
---|
65 | |
---|
66 | We need to add a temporary repository of Netdot dependencies until all packages |
---|
67 | are in Debian/Ubuntu official repositories. |
---|
68 | Would you like to continue? [y/n] y |
---|
69 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
70 | |
---|
71 | This will download a lot of packages. Be patient. |
---|
72 | |
---|
73 | (If you had not installed mysql-server, you'll be asked for a DBA password. |
---|
74 | Ask the instructor for the Mysql root password). |
---|
75 | |
---|
76 | Say yes here: |
---|
77 | |
---|
78 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
79 | We will install the MIB files now. Continue? [y/n] y |
---|
80 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
81 | |
---|
82 | If you see this prompt, then answer yes: |
---|
83 | |
---|
84 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
85 | A new /etc/snmp/snmp.conf needs to be installed to point to the newly |
---|
86 | installed MIB files. The current file will be backed up. Continue? [y/n] y |
---|
87 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
88 | |
---|
89 | At the end of the installation you will see a list of Perl modules that |
---|
90 | have been installed (OK). If any did not install you will see "MISSING". |
---|
91 | |
---|
92 | If any of them are missing, type: |
---|
93 | |
---|
94 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
95 | $ sudo make installdeps |
---|
96 | |
---|
97 | Which RDBMS do you plan to use as backend: [mysql|Pg]? mysql |
---|
98 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
99 | |
---|
100 | You will now see three questions concerning CPAN setup to download the missing |
---|
101 | PERL dependency. Answer like this: |
---|
102 | |
---|
103 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
104 | Would you like to configure as much as possible automatically? [yes] yes |
---|
105 | |
---|
106 | What approach do you want? (Choose 'local::lib', 'sudo' or 'manual') |
---|
107 | [local::lib] <ENTER> |
---|
108 | |
---|
109 | Would you like me to automatically choose some CPAN mirror |
---|
110 | sites for you? (This means connecting to the Internet) [yes] |
---|
111 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
112 | |
---|
113 | If you still see missing dependencies do: |
---|
114 | |
---|
115 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
116 | $ sudo make installdeps |
---|
117 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
118 | |
---|
119 | Until you don't see any more missing dependencies. |
---|
120 | |
---|
121 | This will try to install the missing modules using the CPAN archive. At the |
---|
122 | end, all the modules should show "ok". |
---|
123 | |
---|
124 | ## Initialize the site configuration: |
---|
125 | |
---|
126 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
127 | $ cd ~/netdot-1.0.4/ |
---|
128 | $ cp etc/Default.conf etc/Site.conf |
---|
129 | $ editor etc/Site.conf |
---|
130 | |
---|
131 | Find and change the following values: |
---|
132 | |
---|
133 | NETDOTNAME => 'pcX.ws.nsrc.org', |
---|
134 | DB_DBA_PASSWORD => '(the password you used when installing mysql)', |
---|
135 | DEFAULT_SNMPCOMMUNITIES => ['NetManage', 'public'], |
---|
136 | NMS_DEVICE => 'pcX.ws.nsrc.org', |
---|
137 | DEFAULT_DNSDOMAIN => 'ws.nsrc.org', |
---|
138 | DEVICE_NAMING_METHOD_ORDER => [ 'sysname', 'snmp_target' ], |
---|
139 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
140 | |
---|
141 | Save and exit from the file. |
---|
142 | |
---|
143 | ## Install the application and initialize the database. |
---|
144 | |
---|
145 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
146 | $ sudo make installdb |
---|
147 | $ sudo make install APACHEUSER=www-data APACHEGROUP=www-data |
---|
148 | $ sudo ln -s /usr/local/netdot/etc/netdot_apache2_local.conf \ |
---|
149 | /etc/apache2/conf.d/ |
---|
150 | $ sudo service apache2 graceful |
---|
151 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
152 | |
---|
153 | Install the cron jobs for automated tasks |
---|
154 | |
---|
155 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
156 | $ sudo cp netdot.cron /etc/cron.d/netdot |
---|
157 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
158 | |
---|
159 | # Operation |
---|
160 | |
---|
161 | ## Log into the web interface |
---|
162 | |
---|
163 | In your browser, go to: |
---|
164 | |
---|
165 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
166 | http://pcX.ws.nsrc.org/netdot |
---|
167 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
168 | |
---|
169 | Log in with username: admin and password: admin |
---|
170 | |
---|
171 | ## Changing default passwords |
---|
172 | |
---|
173 | Netdot comes with three default user accounts. You should change the default |
---|
174 | passwords on those. |
---|
175 | |
---|
176 | Go to the "Contacts" tab, then search for "Admin". You should see the details |
---|
177 | for the Admin user. Click on [edit], and find the Password field. Type the |
---|
178 | password you used to log in to your PC, then click on the "Update" button. |
---|
179 | |
---|
180 | Repeat the same steps for the other default users: |
---|
181 | |
---|
182 | * operator |
---|
183 | * guest |
---|
184 | |
---|
185 | ## Discovering devices |
---|
186 | |
---|
187 | If you have not done so yet, configure SNMP on your PC and your router. |
---|
188 | |
---|
189 | _Ask the instructor to provide you with instructions for configuring SNMP |
---|
190 | on Cisco routers and Linux_ |
---|
191 | |
---|
192 | Now back to Netdot. Let's create a file with all the devices in the lab network |
---|
193 | that respond to SNMP: |
---|
194 | |
---|
195 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
196 | $ editor /home/sysadm/discoverme.txt |
---|
197 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
198 | |
---|
199 | Copy and paste the following list: |
---|
200 | |
---|
201 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
202 | gw.ws.nsrc.org NetManage |
---|
203 | s1.ws.nsrc.org NetManage |
---|
204 | sw.ws.nsrc.org NetManage |
---|
205 | rtr1.ws.nsrc.org NetManage |
---|
206 | rtr2.ws.nsrc.org NetManage |
---|
207 | rtr3.ws.nsrc.org NetManage |
---|
208 | rtr4.ws.nsrc.org NetManage |
---|
209 | rtr5.ws.nsrc.org NetManage |
---|
210 | rtr6.ws.nsrc.org NetManage |
---|
211 | rtr7.ws.nsrc.org NetManage |
---|
212 | rtr8.ws.nsrc.org NetManage |
---|
213 | rtr9.ws.nsrc.org NetManage |
---|
214 | pc1.ws.nsrc.org NetManage |
---|
215 | pc2.ws.nsrc.org NetManage |
---|
216 | pc3.ws.nsrc.org NetManage |
---|
217 | pc4.ws.nsrc.org NetManage |
---|
218 | pc5.ws.nsrc.org NetManage |
---|
219 | pc6.ws.nsrc.org NetManage |
---|
220 | pc7.ws.nsrc.org NetManage |
---|
221 | pc8.ws.nsrc.org NetManage |
---|
222 | pc9.ws.nsrc.org NetManage |
---|
223 | pc10.ws.nsrc.org NetManage |
---|
224 | pc11.ws.nsrc.org NetManage |
---|
225 | pc12.ws.nsrc.org NetManage |
---|
226 | pc13.ws.nsrc.org NetManage |
---|
227 | pc14.ws.nsrc.org NetManage |
---|
228 | pc15.ws.nsrc.org NetManage |
---|
229 | pc16.ws.nsrc.org NetManage |
---|
230 | pc17.ws.nsrc.org NetManage |
---|
231 | pc18.ws.nsrc.org NetManage |
---|
232 | pc19.ws.nsrc.org NetManage |
---|
233 | pc20.ws.nsrc.org NetManage |
---|
234 | pc21.ws.nsrc.org NetManage |
---|
235 | pc22.ws.nsrc.org NetManage |
---|
236 | pc23.ws.nsrc.org NetManage |
---|
237 | pc24.ws.nsrc.org NetManage |
---|
238 | pc25.ws.nsrc.org NetManage |
---|
239 | pc26.ws.nsrc.org NetManage |
---|
240 | pc27.ws.nsrc.org NetManage |
---|
241 | pc28.ws.nsrc.org NetManage |
---|
242 | pc29.ws.nsrc.org NetManage |
---|
243 | pc30.ws.nsrc.org NetManage |
---|
244 | pc31.ws.nsrc.org NetManage |
---|
245 | pc32.ws.nsrc.org NetManage |
---|
246 | pc33.ws.nsrc.org NetManage |
---|
247 | pc34.ws.nsrc.org NetManage |
---|
248 | pc35.ws.nsrc.org NetManage |
---|
249 | pc36.ws.nsrc.org NetManage |
---|
250 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
251 | |
---|
252 | Now, tell Netdot to discover those devices: |
---|
253 | |
---|
254 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
255 | $ cd /usr/local/netdot |
---|
256 | $ sudo bin/updatedevices.pl -E /home/sysadm/discoverme.txt -IAF |
---|
257 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
---|
258 | |
---|
259 | When that is done, go to the web interface and navigate to |
---|
260 | |
---|
261 | Management -> Devices |
---|
262 | |
---|
263 | Leave the search box empty, and click on the "Find" button. |
---|
264 | |
---|
265 | You should see all the discovered devices in that list. Go to the link for your |
---|
266 | group's router (e.g. rtrX.ws.nsrc.org) |
---|
267 | |
---|
268 | * Navigate to all the tabs: Basic, Interfaces, Modules, IP Info, etc. |
---|
269 | Netdot allows you to augment the information gathered from the device |
---|
270 | with details entered manually. |
---|
271 | |
---|
272 | * In the ARP section, you should see one entry with a timestamp. |
---|
273 | Click on that entry. You should see a table associating IP addresses |
---|
274 | with MAC addresses. This is the ARP table discovered from rtr1. You should |
---|
275 | see your PC's IP address and MAC address. |
---|
276 | |
---|
277 | |
---|
278 | ## Finding a computer in your network |
---|
279 | |
---|
280 | * Obtain the MAC address from your laptop (or desktop). Copy it in the clipboard. |
---|
281 | * In the Netdot web interface, go to Management -> Devices |
---|
282 | * Paste your MAC address and hit ENTER |
---|
283 | |
---|
284 | Netdot will show you which devices were seeing that MAC address the last |
---|
285 | time that it discovered the network. |
---|
286 | |
---|
287 | ## Managing IP address space |
---|
288 | |
---|
289 | Go to Management -> Address Space |
---|
290 | |
---|
291 | You should see a list of private IP blocks (from RFC-1918). These come |
---|
292 | pre-installed in Netdot. |
---|
293 | |
---|
294 | Click on 10.0.0.0/8 |
---|
295 | |
---|
296 | You will see a list of discovered IP blocks, which are marked as "Subnets". |
---|
297 | These were found in routers. |
---|
298 | |
---|
299 | * Click on 10.10.1.0/24. |
---|
300 | * Click on [edit] |
---|
301 | * In the Description field, type "Group 1 PCs" |
---|
302 | * Click "Save" |
---|
303 | |
---|
304 | ### Create a container to include all the group subnets |
---|
305 | |
---|
306 | In the section called "Address Space Tasks" on top, click on the "[new]" |
---|
307 | button and enter the following: |
---|
308 | |
---|
309 | * IP/Prefix: 10.10.0.0/16 |
---|
310 | * Owner: click on [new]. |
---|
311 | * In the new "Entity" window, enter: |
---|
312 | * Name: NSRC Lab |
---|
313 | * Insert button, then [close] |
---|
314 | * Used by: (leave blank) |
---|
315 | * Status: Container |
---|
316 | * Description: NSRC lab student networks |
---|
317 | * Save |
---|
318 | |
---|
319 | You should now see the new Container page. It shows a graphical representation |
---|
320 | of the /16 block. All the existing subnets are shown in red. The green space |
---|
321 | represents unused or available address space. |
---|
322 | |
---|
323 | * On the top of the graph there is a section called "Zoom: set one row equal to" |
---|
324 | Select /24 from the drop-down menu. Each row now represents a /24 block |
---|
325 | * Click on [Tree View] to see a tree graph view of the IP hierarchy |
---|
326 | |
---|
327 | ## Polling devices |
---|
328 | |
---|
329 | Periodically you will want to connect again to your routers and switches to |
---|
330 | fetch their routing tables, forwarding tables etc. You can run the command which |
---|
331 | does this: |
---|
332 | |
---|
333 | ~~~ |
---|
334 | $ sudo /usr/local/netdot/bin/updatedevices.pl -DIFAT |
---|
335 | ~~~ |
---|
336 | |
---|
337 | * -D: poll all devices already in the database |
---|
338 | * -I: get device info (e.g. sysName) |
---|
339 | * -F: get switch forwarding tables |
---|
340 | * -A: get router ARP tables |
---|
341 | * -T: re-calculate the topology |
---|
342 | |
---|
343 | To avoid having to run this by hand, you can install a crontab which will |
---|
344 | do it automatically at set times of day. We installed the crontab file in |
---|
345 | /etc/cron.d previously. If you look in /etc/cron.d/netdot you will see that |
---|
346 | this command executes once each hour by default. |
---|
347 | |
---|
348 | |
---|
349 | # More information |
---|
350 | |
---|
351 | [Official Netdot Website](http://netdot.uoregon.edu) |
---|
352 | |
---|
353 | |
---|
354 | |
---|
355 | |
---|