Recommendations for Running a NetMRI Trial

Author
Carole Warner Reece
Architect

Because NetCraftsmen was offering a free 30 dial trial of Netcordia’s NetMRI software, we have had some recent discussions on the best way to run a trial.

Here is my summary of the recommendations from the discussions:

  1. If you plan to run a trial, make sure you have time to install and configure the software. If needed, ask for help in getting it set up.  (NetCraftsmen can help!)
    • You also need to commit the  time to follow up. Check in on it at least weekly – is the software still running, or has someone repurposed your test machine?
  2. You should follow your site procedures to let your security team know that you are placing a monitoring device in the network.
    • By default, the portscan function of NetMRI is disabled. You should confirm that it is off. If you enable it, your IDS/IPS systems should notice.
  3. On our 30 day trial, you will be only be able to monitor up to 25 devices and 1000 interfaces. So, choose appropropriate devices that may be able to provide you some interesting information about your network status:
    • To speed up a trial, you can explicitly configure the IP addresses of the 25 devices.
      • This is likely the best option for a small trial.
    • Typically with NetMRI, you would set up the CIDR blocks that make up the network you want to monitor.
      • This is not a starting address/ending address, but a block of addresses based on an address and mask.
      • Given some time, NetMRI can learn the address of all the devices in the CIDR blocks.
      • You could then configure a device group (under the Groups tab of the Collections & Groups section) to set the priority of the devices you want to include in the trial.
    • To get a good view of your network, you may want to look at a wedge of the network from the center out:
      • Select a couple core level devices, a few of the attached distribution level devices, and several of the attached edge/access level devices.
    • If you have time, run a second test looking at all the devices in the core, as well as the most important distribution level devices.
  4. You need to configure credentials such as the SNMP read-only community string or strings that you are using in your network.
    • If you are running TACACS in your environment, you will need to configure TACACS to allow NetMRI to login, and configure the CLI credentials in NetMRI.
  5. You need to verify that any access lists limiting SNMP traffic are open enough to allow NetMRI to request and receive information.
    • Some site establish a small management subnet and allow any device in the subnet SNMP access. If this is the case in your environment, place the NetMRI device in that subnet.
    • Other sites control SNMP access by speicifc IP address. If this is the case in your organization, add the IP address of the NetMRI device to the ACL.
    • Some sites have no restriction on which devices can use SNMP to poll network devices. If this is the case at your site, you probably should consider adding some controls.
  6. You will want to verify that NetNRI and your network is configured correctly, and that NetMRI can successfully poll the devices you want to monitor.
  7. In addition to letting NetMRI gather data, a very key step is to go back and review the list of issues found. You will want to resolve the issues you can.
  8. You can also test out the configuration capabilities of NetMRI, probably on non-production lab devices. For example, you can use a NetMRI script to add ACLs to a bunch of devices, first checking to make sure that the ACL has not already been added to a specific device, then adding the ACL if it is not present, and then using a ‘sh run’ to confirm that it is in the config.

I hope this gives you some good ideas on running your NetMRI trial!

— cwr

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.