% Netdot exercise % Network Management Topics # Introduction The Network Documentation Tool (Netdot) is an open source tool designed to help network administrators collect, organize and maintain network documentation. Netdot is actively developed at the University of Oregon. ## Goals In these exercises we will install Netdot and demonstrate some of its most important features. ## Notes * Commands preceded with "$" imply that you should execute the command as a general user - not as root. * Commands preceded with "#" imply that you should be working as root. * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program. # Installation ## Package Dependencies Some packages are available in Ubuntu. We'll install those first (you will probably want to copy/paste the following): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo apt-get -y install apache2 libapache2-mod-perl2 rrdtool librrds-perl \ graphviz libmodule-build-perl libcgi-pm-perl libclass-dbi-perl \ libclass-dbi-abstractsearch-perl libapache2-request-perl libhtml-mason-perl \ libapache-session-perl liburi-perl libsql-translator-perl libsnmp-info-perl \ libnetaddr-ip-perl liblog-dispatch-perl liblog-log4perl-perl \ libparallel-forkmanager-perl libauthen-radius-perl libtest-simple-perl \ libtime-local-perl libfile-spec-perl libnet-dns-perl libcarp-assert-perl \ libdigest-sha-perl libssl-dev dnssec-tools libsocket6-perl libxml-simple-perl \ mysql-server libdbix-datasource-perl ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (If you had not installed mysql-server, you'll be asked for a DBA password. Use the password that you used to log in to the PC). Download the latest Netdot package: First check if it's available in your classroom's NOC server: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ cd /usr/local/src $ sudo wget http://noc.ws.nsrc.org/downloads/netdot-0.9.10.tar.gz ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If not, try from the official site: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo wget --no-check-certificate \ https://netdot.uoregon.edu/pub/dists/netdot-0.9.10.tar.gz ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Unpack the tarball: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo tar xzvf netdot-0.9.10.tar.gz $ cd netdot-0.9.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Install remaining dependencies: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo make installdeps ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Verify that we have all the necessary dependencies: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ make testdeps ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Initialize the site configuration: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo cp etc/Default.conf etc/Site.conf $ sudo EDITOR etc/Site.conf Find and change the following values: NETDOTNAME => 'pcX.ws.nsrc.org' DB_DBA_PASSWORD => '(the password you used when installing mysql)', DEFAULT_SNMPCOMMUNITIES => ['NetManage', 'public'], NMS_DEVICE => 'localhost', DEFAULT_DNSDOMAIN => 'ws.nsrc.org', DEVICE_NAMING_METHOD_ORDER => [ 'snmp_target', 'sysname' ], ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Install the application and initialize the database ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo make install APACHEUSER=www-data APACHEGROUP=www-data $ sudo make installdb $ sudo ln -s /usr/local/netdot/etc/netdot_apache2_local.conf \ /etc/apache2/conf.d/ $ sudo service apache2 graceful ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Install the cron jobs for automated tasks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo cp netdot.cron /etc/cron.d/netdot ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Operation ## Log into the web interface In your browser, go to: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://pcX.ws.nsrc.org/netdot ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log in with admin/admin ## Changing default passwords Netdot comes with three default user accounts. You should change the default passwords on those. Go to the "Contacts" tab, then search for "Admin". You should see the details for the Admin user. Click on [edit], and find the Password field. Type the password you used to log in to your PC, then click on the "Update" button. Repeat the same steps for the other default users: * operator * guest ## Discovering devices If you have not done so yet, configure SNMP on your PC and your router. * See Apendix A for instructions on configurin the Linux SNMP agent * See Apendix B for instructions on configuring SNMP on a Cisco router Now back to Netdot. Let's create a file with all the devices in the lab network that respond to SNMP: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo EDITOR /home/sysadm/discoverme.txt Copy and paste the following list: gw.ws.nsrc.org NetManage sw.ws.nsrc.org NetManage rtr1.ws.nsrc.org NetManage rtr2.ws.nsrc.org NetManage rtr3.ws.nsrc.org NetManage rtr4.ws.nsrc.org NetManage rtr5.ws.nsrc.org NetManage rtr6.ws.nsrc.org NetManage pc1.ws.nsrc.org NetManage pc2.ws.nsrc.org NetManage pc3.ws.nsrc.org NetManage pc4.ws.nsrc.org NetManage pc5.ws.nsrc.org NetManage pc6.ws.nsrc.org NetManage pc7.ws.nsrc.org NetManage pc8.ws.nsrc.org NetManage pc9.ws.nsrc.org NetManage pc10.ws.nsrc.org NetManage pc11.ws.nsrc.org NetManage pc12.ws.nsrc.org NetManage pc13.ws.nsrc.org NetManage pc14.ws.nsrc.org NetManage pc15.ws.nsrc.org NetManage pc16.ws.nsrc.org NetManage pc17.ws.nsrc.org NetManage pc18.ws.nsrc.org NetManage pc19.ws.nsrc.org NetManage pc20.ws.nsrc.org NetManage pc21.ws.nsrc.org NetManage pc22.ws.nsrc.org NetManage pc23.ws.nsrc.org NetManage pc24.ws.nsrc.org NetManage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Now, tell Netdot to discover those devices: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ cd /usr/local/netdot $ sudo bin/updatedevices.pl -E /home/sysadm/discoverme.txt -IAF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When that is done, go to the web interface and navigate to Management -> Devices In the search box, type "*", and hit ENTER You should see discovered devices in that list. Go to the link for your group's router (e.g. rtrX.ws.nsrc.org) * Navigate to all the tabs: Basic, Interfaces, Modules, IP Info, etc. Netdot allows you to augment the information gathered from the device with details entered manually. * In the ARP section, you should see one entry with a timestamp. Click on that entry. You should see a table associating IP addresses with MAC addresses. This is the ARP table discovered from rtr1. You should see your PC's IP address and MAC address. ## Finding a computer in your network * Obtain the MAC address from your laptop (or desktop) * In the Netdot web interface, go to Management -> Devices * Type (or paste) your MAC address and hit ENTER Netdot will show you which devices were seeing that MAC address the last time that it discovered the network. ## Managing IP address space Go to Management -> Address Space You should see a list of private IP blocks (from RFC-1918). These come pre-installed in Netdot. Click on 10.10.0.0/8 You will see a list of discovered IP blocks, which are marked as "Subnets". These were found in routers. * Click on 10.10.1.0/24. * Click on [edit] * In the Description field, type "Group 1 PCs" * Click "Save" ### Create a container to include all the group subnets In the section called "Address Space Tasks" on top, click on the "[new]" button and enter the following: * IP/Prefix: 10.10.0.0/16 * Owner: click on [new]. * In the new "Entity" window, enter: * Name: NSRC Lab * Insert button, then [close] * Used by: (leave blank) * Status: Container * Description: NSRC lab student networks * Save button You should now see the new Container page. It shows a graphical representation of the /16 block. All the existing subnets are shown in red. The green space represents unused or available address space. * On the top of the graph there is a section called "Zoom: set one row equal to" Select /24 from the drop-down menu. Each row now represents a /24 block * Click on [tree view] to see a tree graph view of the IP hierarchy # More information [Official Netdot Website](http://netdot.uoregon.edu) # Apendix A ## Install and configure an SNMP agent on your Linux PC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo apt-get install snmp snmpd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure the agent. First, make a copy of the distributed config file: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.dist ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And create a new simple configuration: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo EDITOR /etc/snmp/snmpd.conf And add the following lines: syslocation My University syscontact Network Services (nethelp@mydomain.com) sysservices 72 rocommunity NetManage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And then restart the daemon: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo service snmpd restart ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Test it: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ snmpwalk -v2c -c NetManage localhost system ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You should get some system information \pagebreak # Appendix B ## Configuring SNMP on your Cisco router Connect to the router. Substitute X for your group number: (your instructor will provide the username and password) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ ssh rtrX.ws.nsrc.org -l ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If SSH is not configured on the router, you may need to use telnet: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ telnet rtrX.ws.nsrc.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Note: Never use telnet on a production network! Then configure SNMP like this: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # configure terminal # snmp-server community NetManage # end # write memory # exit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Now test it: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ snmpwalk -v2c -c NetManage rtrX.ws.nsrc.org system ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~