Professional Documents
Culture Documents
Documentacion GestioIP English
Documentacion GestioIP English
v3.2
IPaddressmanagementsoftware
Documentation
v0.3
www.gestioip.net
GestiIPCopyrightMarcUebel2015
DocumentationGestiIPIPAMv3.2
TableofContents
1Introduction......................................................................................................................................6
2Use....................................................................................................................................................7
2.1Access.......................................................................................................................................7
2.2Shownetworks..........................................................................................................................7
2.2.1Rootnetworks...................................................................................................................8
2.3Showhosts..............................................................................................................................10
2.3.1Hostlistview..................................................................................................................10
2.3.2Hostoverview.................................................................................................................11
2.3.3Hoststatusview..............................................................................................................12
2.3.4Hostcheck.......................................................................................................................12
2.4Searchfunctions......................................................................................................................14
2.4.1Quicksearch....................................................................................................................14
2.4.2Advancednetworksearch...............................................................................................15
2.4.3Advancedhostsearch......................................................................................................15
2.5History....................................................................................................................................16
2.6Audit.......................................................................................................................................16
3Administration................................................................................................................................19
3.1Administrationofhostentries/IPaddresses............................................................................19
3.1.1Insertoredithostentries.................................................................................................19
3.1.2Deletehostentries...........................................................................................................20
3.1.3Hostmassupdate............................................................................................................21
3.1.3.1Editmultiplehostentries.........................................................................................21
3.1.3.2Deletemultiplehostentries.....................................................................................22
3.2Networkadministration..........................................................................................................23
3.2.1Newaddnetworksmanually........................................................................................23
3.2.1.1Createonenetwork..................................................................................................23
3.2.1.2Createmultiplenetworkswithsamebitmasks........................................................24
3.2.1.3Createmultiplenetworkswithdifferentbitmasks..................................................24
3.2.2Change/deletenetworks..................................................................................................25
3.2.2.1Edit..........................................................................................................................26
3.2.2.2Reservedranges.......................................................................................................27
3.2.2.3ManualupdateagainstDNS....................................................................................28
3.2.2.3.1GenericrDNSentries.......................................................................................29
3.2.2.4ManualhostupdateviaSNMP................................................................................31
3.2.2.5Split.........................................................................................................................31
3.2.2.6Clear........................................................................................................................33
3.2.2.7Delete.......................................................................................................................33
3.2.2.8Networkmassupdate..............................................................................................33
3.2.2.8.1Editmultiplenetworkentries..........................................................................34
3.2.2.8.2Clearmultiplenetworks...................................................................................34
3.2.2.8.3Deletemultiplenetworkentries.......................................................................35
3.2.3Joinnetworks..................................................................................................................35
3.2.4Showfreeranges.............................................................................................................36
2
DocumentationGestiIPIPAMv3.2
3.2.5Subnetcalculator.............................................................................................................36
3.3VLANs....................................................................................................................................37
3.3.1show,edit,delete.............................................................................................................37
3.3.2New.................................................................................................................................38
3.3.3Unify...............................................................................................................................38
3.3.4VLANprovider...............................................................................................................39
3.3.4.1ShowVLANprovider.............................................................................................39
3.3.4.2NewVLANprovider...............................................................................................40
3.3.5ImportVLANsviaSNMP..............................................................................................40
3.4Autonomoussystemmanagement..........................................................................................41
3.4.1show,edit,delete.............................................................................................................41
3.4.2new..................................................................................................................................42
3.4.3showASclients...............................................................................................................42
3.4.4newASclient..................................................................................................................42
3.5Linemanagement....................................................................................................................42
3.5.1show,edit,delete.............................................................................................................42
3.5.2new..................................................................................................................................43
3.5.3showlineprovider...........................................................................................................44
3.5.4newlineprovider............................................................................................................44
3.6ManageGestiIP(globalconfigurationparameters)..............................................................44
3.6.1Clientindependentconfigurationparameters.................................................................44
3.6.2Clientspecificconfigurationparameters........................................................................45
3.6.2.1SmallestimportableBM..........................................................................................45
3.6.2.2Pingtimeout............................................................................................................46
3.6.2.3DNSserver..............................................................................................................46
3.6.2.4Manualupdate.........................................................................................................47
3.6.2.5ExtendedsupportforOCSInventoryNG...............................................................48
3.6.3Manageauditdb..............................................................................................................49
3.6.4Resetdatabase.................................................................................................................50
3.7Clients.....................................................................................................................................50
3.7.1Manageclients................................................................................................................51
3.7.1.1Addclients...............................................................................................................51
3.7.1.2Editclients...............................................................................................................51
3.7.1.3Deleteclients...........................................................................................................52
3.8Sitesandcategories.................................................................................................................53
3.8.1Sites.................................................................................................................................53
3.8.2Networkcategories.........................................................................................................53
3.8.3Hostcategories................................................................................................................53
3.9Customcolumns.....................................................................................................................54
3.9.1Predefinedcustomhostcolumns.....................................................................................55
3.9.2Predefinedcustomnetworkcolumns..............................................................................57
3.9.3Addcolumns...................................................................................................................57
3.9.4Deletecolumns................................................................................................................57
4Statistics.....................................................................................................................................59
3
DocumentationGestiIPIPAMv3.2
4.1Generaloverview....................................................................................................................59
4.2Network/rangeoccupation......................................................................................................59
4.3Miscellaneous.........................................................................................................................60
5Databaseinitialization....................................................................................................................61
5.1Discovery................................................................................................................................61
5.2ImportnetworksviaSNMP....................................................................................................65
5.2.1ManualimportviaSNMP...............................................................................................65
5.2.2ScriptbasednetworkimportviaSNMP.........................................................................66
5.3Importfromspreadsheet.........................................................................................................67
5.3.1Importnetworksfromspreadsheets................................................................................67
5.3.2Importhostsfromspreadsheet........................................................................................69
5.3.3ImportVLANsfromspreadsheet....................................................................................71
6Accesscontrol................................................................................................................................72
6.1Authentication.........................................................................................................................72
6.1.1Defaultauthentication.....................................................................................................72
6.1.1.1Createnewaccounts................................................................................................72
6.1.1.2Changeuserspassword...........................................................................................73
6.1.1.3Deleteaccounts........................................................................................................73
6.2Authorization..........................................................................................................................74
6.2.1Activation........................................................................................................................74
6.2.2Users................................................................................................................................75
6.2.2.1CreateUsers............................................................................................................75
6.2.2.2EditUsers................................................................................................................76
6.2.2.3DeleteUsers............................................................................................................76
6.2.3UserGroups....................................................................................................................76
6.2.3.1Permissions..............................................................................................................77
6.2.3.2CreateUserGroups.................................................................................................79
6.2.3.3EditUserGroups.....................................................................................................79
6.2.3.4DeleteUserGroups.................................................................................................79
6.2.4UsergipoperofGestiIPversions<3.2......................................................................80
7Advancedfunctions........................................................................................................................81
7.1Updatecheck...........................................................................................................................81
7.2Databaseconfiguration(ip_config)........................................................................................82
7.3Exportnetworks,VLANsorhoststoCSV.............................................................................82
7.4Addanewlanguage................................................................................................................84
8IPv6Addressplan...........................................................................................................................85
8.1Directtranslation.....................................................................................................................85
8.1.1Createtheaddressplan...................................................................................................86
8.2HierarchicalIPv6addressplanbasedonsitesandcategories................................................87
8.2.1Createtheaddressplan...................................................................................................88
9Automaticupdate............................................................................................................................93
9.1Scriptdirectorystructure........................................................................................................94
9.2Commandlineoptions............................................................................................................95
4
DocumentationGestiIPIPAMv3.2
9.3Configuration..........................................................................................................................96
9.4Automaticexecutionwithcron...............................................................................................99
9.5RequiredPerlModules.........................................................................................................100
9.5.1ManualinstallationofmissingPerlmodules................................................................101
9.5.1.1SNMP::InfoandNetdiscoMIBs...........................................................................102
10Generalinformation....................................................................................................................103
10.1Backup................................................................................................................................103
10.2Firewallrules......................................................................................................................103
10.3JavaScript............................................................................................................................104
10.4Cookies...............................................................................................................................104
11Troubleshooting..........................................................................................................................104
11.1SNMP..................................................................................................................................104
11.1.1GeneralSNMPproblems............................................................................................104
11.1.2ProblemswithVLANdiscovery.................................................................................106
11.1.3Problemswithnetworkdiscovery...............................................................................106
11.2Database..............................................................................................................................107
11.3UnistallingGestiIP............................................................................................................107
12Licence.......................................................................................................................................108
AppendixA......................................................................................................................................109
DocumentationGestiIPIPAMv3.2
1Introduction
GestiIPisanautomated,webbasedIPaddressmanagement(IPAM)software.ItsupportsIPv4as
wellasIPv6.Thesoftwareisdesignedtocollectinformationinanautomatedway,makingits
maintenancecostlow.Itofferswebformstoimportnetworksfromspreadsheetsorfromtherouting
tablesofSNMPenableddevicesandwebbasedsynchronizationofthenetworksagainsttheDNS.
ItalsoallowsforcronscheduledautomaticupdateofthehostentriesviaSNMP,againsttheDNS
oranOCSInventoryNGthatensuresthatGestiIP'sdatabaseisalwaysuptodate(see9).
Over90%oftheworkwithanIPAMsystemaccountsforaccesstoinformation.GestiIPis
optimizedinordertofindeasilyandfastthedesiredinformationbyfeaturingeffectivesearch
functionswhichareaccessiblefromeverypage,allowingtheuseofInternetSearchEngine
equivalentexpressions(see2.4).
Sincethesystemdisposesaboutcustomizablecolumns,GestioIP'snetworkandhostlistviewscan
beadaptedtomeetthespecificneedsforeveryorganization(see3.9).
However,italsodependsonusers.Userscanintroducetheinformationinuser'sfieldof
responsibilitywhichseemsrelevantforthisuserorfortheircolleagues:Thewindowsadmincan
pute.g.commentslikePDCdomainXYZ,BDC...ThedatabaseadmincanintroducetheSIDs...
andthenetworkadmincanaddacommentlike"TFTP"ormarktheadministrativeinterfacesofthe
firewallsandrouters.Ifthisisdone,GestiIPcanbemorethananoverviewofcurrentnetworks
andIPaddresses.Itisaknowledgebaseforthesmallthingsadminmustremembereveryday.
DocumentationGestiIPIPAMv3.2
2Use
2.1Access
OpenthefollowingURLtoaccessGestiIP:
http://servername/gestioip
Replace"servername"withtheDNSnameortheIPaddressofthewebserver.
rwdefaultuser:gipadmin
rodefaultuser:gipoper
Usethepasswordswhichyouintroducedduringtheinstallation(usingcommandhtpasswd).
2.2Shownetworks
GestiIP'sfrontpagegivesanoverviewofallnetworks.
Fig.1:FrontPage(networklistview)
Clickoverthecorrespondingnetworktolistallofit'sIPaddressesoraccessdirectlyto
historyofthisnetwork
7
DocumentationGestiIPIPAMv3.2
generalinformationaboutthisnetwork(%usageandsubnetcalculatorlikeinformation)
hostoverviewofthisnetwork
Hoveroverthebitmask(BM)ofthenetworkstodisplaythenetmaskandthemaximalnumberof
hosts.
Fig.2:DetailsshownbyhoveringoveraBMentry
WiththefilterIPversionyoucanchooseifIPv4orIPv6networksshouldbedisplayed
Note
GestiIPdefaultmodeisIPv4only.ToenableIPv6supportgotomanage>GestiIP,set
parameterIPv4onlymodetonoandclicksave.
Withthefilters"site"and"category"youcanlistnetworksbysiteand/orbycategory.Youcanfor
instancelistallnetworksfromsiteX,allnetworksoftheproductionenvironmentorallnetworks
fromsiteXwhichareintheproductionenvironment.
Withthefiltershowsupernetsandshowendnetsyoucandeterminewhichtypeofnetworks
shouldbeshown()
Note
Usenetworkquicksearchtolocateindividualnetworks.Searche.g.for150tofindnetwork
192.168.150.0.Orusenetworkquicksearchortodisplaynetworkranges.Searche.g.for
192.168todisplayallnetworkswhichIPinclude192.168(see2.4).
2.2.1Rootnetworks
GestiIPsupportstotypesofnetworks.Rootnetworkswhichcancontainothernetworksbutno
hostentriesandendnetworkswhichcontainthehostentries.
8
DocumentationGestiIPIPAMv3.2
Rootnetworksarecontainersfornetworkspermittingtostructureorganization'snetworks
hierarchically.Rootnetworkscancontainendnetworksaswellasotherrootnetworks.
Activatecheckboxshowrootnetstodisplaytherootnetworkswithinnetworklistview.Root
networksaredisplayedwithabrownbackground.
Fig.3:Networklistviewshowingrootnetworks
Clickingoverarootnetworksdisplaysallnetworkswhichareincludedwithinthisrangeaswellas
thefreerangesbetweenthedefinedendnetworks.
Fig.4:Rootnetworklisview
DocumentationGestiIPIPAMv3.2
2.3Showhosts
GestiIPoffersthreedifferentviewsofnetworks:hostlistview,hostoverviewandhoststatusview.
2.3.1Hostlistview
TolistallIPaddressofanetwork,openthefrontpageandclickoverthecorrespondingnetwork.
Fig.5:Hostlistview(standardcolumns)
ClickfreetoshowonlyunassignedorusedtoshowonlyassignedIPaddresses.
ThecoloredpointinfrontoftheIPaddressesshowstheresultofthelastcheckviaping(see9).
Byhoveringoverthepoint,dateoflastcheckwillbedisplayed.Clickingthepointexecutesthe
hostcheck.
hostlistviewoffersattheendofeachlinefurthermorelinksto
accessthehistoryofthisIPaddress
edittheentry
deletetheentry
andlinkstothefollowingnetworkmanipulationbuttonsatthetopofthepage.
edittoresizebitmaskoreditdescription,site,category,commentorstatusofautomatic
synchronization(see3.2.2.1)
10
DocumentationGestiIPIPAMv3.2
reservedrangestoreserveordeletereservedIPaddressranges(see3.2.2.2)
manualupdatetosynchronizethenetworkentriesagainsttheDNS(see3.2.2.3)
manualupdateviaSNMPtosynchronizethenetworksviaSNMP(see3.2.2.4)
splitnetworktosplitnetworkintosmallersubnets(see3.2.2.5)
clearnetworkdeleteallentriesofthenetwork(entriesofreservedrangeswillbe
maintained)(see3.2.2.2)
Note
Functionsreservedranges,manualsynchronization,"networkoverview"and"hoststatus
view"arenotavailableforIPv4networkswithaBMsmallerthan20andIPv6networkswithprefix
lengthsmallerthan120.
2.3.2Hostoverview
Thehostoverviewgivesanoverviewaboutthehosttypesofanetwork.
Fig.6:Hostoverview
AccesstoedithostformbyclickingonanIPaddress.
11
DocumentationGestiIPIPAMv3.2
2.3.3Hoststatusview
HoststatusviewshowsthestatusofallIPaddressesofanetworkinacompactmanner.
Fig.7:Hoststatusview
ExecutethehostcheckbyclickingonanIPaddress.Tocheckthestatusofalladdressesofa
networkclick"checkallIPs".Unassignedaddresseswillbeindicatedwithablinkingnumber.
2.3.4Hostcheck
ToexecutethehostcheckaccesstherelevantnetworkandclickoverthepointinfrontoftheIP
address.
Fig.8:"Hostcheck"executionfromhostlistview
GestiIPcheckstheIPaddresswithanICMPechorequest("ping")andexecutesaDNSPTR
12
DocumentationGestiIPIPAMv3.2
query.WhentheIPaddresshasanPTRentry,GestiIPexecutesaDNSAquerywiththeresultof
thePTRquery.
Fig.9:Hostcheckwindow
Thehostcheckisalsoavailablefromhoststatusviewandfromtheedithostform.
Note
IfresultsofDNSAandPTRquerydon'tcorrespondmakesurethatthereisnoDNS
misconfiguration.
13
DocumentationGestiIPIPAMv3.2
2.4Searchfunctions
GestiIPofferstwodifferentsearchengines.Thequicksearchandtheadvancedsearch.
Note
YoucanexportthesearchresulttoCSVformatbyclickingthelinkexportsearchresult.
2.4.1Quicksearch
Thequicksearchfornetworksandforhostsinthemenubarareaccessiblefromallpages.
Thequicksearchfornetworksexecutesasearchinthefollowingdatabasefields:network(IP),
description,site,category,commentandcustomnetworkcolumns.
ThequicksearchforhostentriessearchesthefieldsIP,hostname,description,site,type,comment
andcustomhostcolumns.
ThequicksearchallowsInternetSearchEngineequivalentexpressionslikestring_to_ignore,
+exact_matchand"exactmatch".Asinglestringwillbeprocessedlike"%searchstring%".By
usingsearchstring"192",GestiIPlistsallnetworkswithanIDcontaining"192".Withsearch
string"dhcp",itlistsallnetworkswithdescriptionsorcommentscontaining"dhcp".Withsearch
string192proditwilllistallnetworksofproductionenvironmentwhoseIDcontains192.
Thesearchisn'tcasesensitive.
Searchexpressionexamples:
entry:foobar
expression
result
fo
match
FO
match
foo
match
barfoo
match
fooba
match
foobar
nomatch
+fo
nomatch
+foo
match
"barfoo"
nomatch
"foobar"
match
"ooba"
match
14
DocumentationGestiIPIPAMv3.2
2.4.2Advancednetworksearch
Theadvancedsearchexecutesasearchinspecificdatabasefields.
Fig.10:Advancednetworksearch
Youcansearchforinstanceallproductionnetworkswhicharenotincludedwithintheautomatic
synchronization(see9)orallnetworksofsitexywherethedescriptioncontains"backup".
Whenthecheckbox"tochange/deletenetworks"ischecked,thenetworkmanipulationbuttons
change,ranges,synchronize,split,clearanddeletenetworksareshownwithinthesearchresult.
Note
Ifyouhavemultipleclientsconfigured,thereappearsthenewcheckboxclientindependent
searchwhichpermitstoexecuteasearchthroughGestioIP'sdatabaseignoringtowhichclientthe
networkbelongs.Theclientwillbeshownwithinthesearchresult.
2.4.3Advancedhostsearch
Ifthecheckbox"exactmatch"behindthehostnamefieldischecked,onlyhostswithhostname
entriesidenticaltothesearchstringwouldbelisted.Ifnot,thesearchstringwouldbeprocessed
like"%search_string%".
Example:searchfor"foo"
Resultwithoutmarkedcheckbox:foo,foo1,foo.bar.com...
Resultwithmarkedcheckbox:foo
15
DocumentationGestiIPIPAMv3.2
2.5History
Thehistoryisavailableforboth,networksandhosts.ItlistsIPaddressornetworkspecificevents
fromtheauditdb.Accessnetworkhistoryfromthenetworklistviewandhosthistoryfromhostlist
viewbyclickingthe icon.
Note
Historyinformationisextractedfromauditlog.Deletingoldauditeventscauseshistoryentriesto
alsobedeleted.
2.6Audit
TheauditsystemlogsalleventstoGestioIP'sdatabase.
Toaccesstheauditlogclickon"manage">"audit".
Fig.11:Auditlogfilter
Theauditpageoffersflexiblesearchandfilterfunctionsforallauditfields.
"timerange"or"datefrom...to"marktheradiobuttontoeithershowentriesofatime
range(e.g.last4weeks)ortospecifyastartandanenddate.
"searchstring"searchforanindividualsearchstring.Searchesallauditspecificdatabasefields.
"type"searchforaspecificeventtype.
GestiIPrecognizesthefollowingeventtypes:
eventtype
description
man
manualeventslaunchedfromGestiIP'swebinterface
auto
eventcreatedbytheautomaticupdatingofGestiIPv2.2.5(DNS,OCS,import
16
DocumentationGestiIPIPAMv3.2
viaSNMP)
mandns
manualnetworksynchronizationagainsttheDNS(viaWebinterface)
autodns
automaticnetworksynchronizationagainsttheDNS
autoocs
automaticnetworksynchronizationagainsttheOCSInventoryNG
mansnmp
manualimportofnetworksfromsnmpenableddevices
autosnmp
automaticimportofnetworksfromsnmpenableddevices
mannetsheet
manualimportofnetworksfromspreadsheet
manrange
Eventsinrelationwithranges(create,delete)
manhostsheet
manualimportofhostsfromspreadsheet
redcleared
allentriesofanetworkmanuallydeleted
"class":Searchforeventclass
GestiIPrecognizesthefollowingeventclasses:
eventclass
description
host
foreventsrelatedtohostentries(e.g.hostdeleted,hostedited,...)
net
foreventsrelatedtonetworks(e.g.networkadded,networksplit,reservedrange
added,networksynchronizedagainstDNS,...)
security
foreventsrelatedtosecurity(e.g.oldauditeventsdeleted)
dns
unused
admin
ForchangesinGestioIP'sconfiguration
conf
automaticnetworksynchronizationagainsttheDNS
man_vlan
manualeventsrelatedtotoVLANs
vlan_auto
automaticupdateofVLANdatabase
ini_man
Manualexecutionofdiscoveryprocess
ini_auto
unused
AS
Foreventsrelatedtoautonomoussystems
ASclient
Foreventsrelatedtoautonomoussystemsclients
line
Foreventsrelatedtoleasedordialuplines
lineclient
Foreventsrelatedtoleasedordialuplinesclients
"event":Searchforeventslike(hostedited,hostdeleted,rangeadded,...)
17
DocumentationGestiIPIPAMv3.2
"entries/page":Definethenumberoffoundentriesperpage.
user:Canbefoundusingthefieldsearchstring.
Theshownusercaneitherbeasystemuser(forAUTOevents)oraGestiIPuser(forMANevents
createdfromactionscarriedoutmanuallyviafrontendWeb).
Note
Ifyouconfigureauthenticationwithindividualaccounts,auditwillshowindividualusers(see2.6).
Whenusinggenericaccounts(e.g.gipadmin)itisnotpossibletodirectlyreproducewhohasmade
whichchanges.
Formatofentries:
Hostsevents:IP,hostname,description,site,category,comment,administrativeinterface
Networkevents:IP/bitmask,description,site,category,comment,synchronized
Note
Ifyouhavemultipleclientsconfigured,thereappearsthenewcheckboxallclientswhich
permitstoperformaclientindependentsearchthroughGestioIP'sdatabase.Theclientwillbe
shownwithinthesearchresult.
Note
Todeleteoldauditeventsortoseehowmanyeventsarecurrentlystoredinthedatabase,goto
manage>"manageGestiIP
18
DocumentationGestiIPIPAMv3.2
3Administration
3.1Administrationofhostentries/IPaddresses
Tomanagehostentries/IPaddresses,accesshostlistviewbyclickingontherelevantnetwork.
Fig.12:Hostlistview
3.1.1Insertoredithostentries
Clickonthe"edit"icon
behindtheIPaddresstoinsertoredithostentries.
Fig.13:Edithostformwithenabledcustomcolumnsvendor,modelandURL
19
DocumentationGestiIPIPAMv3.2
HostnameNametoidentifythenode.Ifanodehasmorethanoneinterfaceitisadvisableto
introducethesamehostnameforallIPsortointroducethehostnameinthecommentfieldofallIPs
ofthenodesothatthesearchfunctionfindsallIPsofanodewhensearchingforitshostname
mandatoryfield
DescriptionShortdescriptionofthenodeoptionalfield
SitePhysicallocationofthenodemandatoryfield
CategoryCategoryofthenodeoptionalfield
AI(AdministrativeInterface)TomarktheIPaddresstoaccessthenode(toadministrateit)in
casethenodehasmorethanonenetworkinterfaceoptionalfield
CommentTopointoutwhateverseemstobeinterestingregardingthisnodeoptionalfield
UT(UpdateType):RelevantformanualsynchronizationagainstDNSandautomaticupdate(see
9)
manEntrieswhicharemarkedas"man"willneverbeoverwritten.
ocsEntriescreatedbytheautomaticupdateagainstanOCSInventoryNG.Entries
whicharemarkedas"ocs"willnotbeoverwrittenbymanualorautomaticupdate
againstDNS.
dnsForentriescreatedbymanualorautomaticupdateagainstDNS.Entrieswhichare
markedas"dns"willbeoverwrittenbyautomaticupdateagainstDNSandOCS.
Entrieswithnoupdatetypewillbeoverwrittenbymanualandautomaticupdateagainst
DNSandOCS.
Customcolumns
Withconfiguredpredefinedorselfdefinedcolumnsthereappeartextboxesforeveryofthese
columns,permittingtoeditthevalue(see3.9).
Note
Topreventanentryfrombeingoverwrittenbytheautomaticupdate,itmustbeclassifiedas
"man".
3.1.2Deletehostentries
Clickdelete"
todrophostentriesfromGestiIP'sdatabase.
20
DocumentationGestiIPIPAMv3.2
3.1.3Hostmassupdate
Hostmassupdatefeatureoffersthepossibilitytoperformactionsonmultiplehostentriesatonce.
Itallowstoeditoneormultiplehostcolumnentriesortodeletemultiplehostentries.
3.1.3.1Editmultiplehostentries
Toeditmultiplehostentriesaccesstohostlistview,markthecorrespondingcheckboxesinfrontof
thehostentriestoedit,selectactiontypeedit,selectthecolumnstoeditandpressmassupdate
Fig.14:Editmultiplehostentries
Editthevaluesandpresschangetosavethemtothedatabase.
Fig.15:Editmultiplehostentriesform
21
DocumentationGestiIPIPAMv3.2
Note
Ifaentrywithoutassignedhostisedited,thehostnamewillbeautomaticallysettounknown
NoteforcustomcolumnURL
CustomcolumnURLallowstousevariablesfortheIPaddressesandforthehostnames(see
3.9.1).
IftheURLentryisequalforallselectedhost,theentrywillbeproposedasURLvaluewhen
enteringmultiplehostentriesform.
3.1.3.2Deletemultiplehostentries
Todeletemultiplehostentriesaccesstohostlistview,markthecorrespondingcheckboxesinfront
ofthehostentriestodelete,selectactiontypedeleteandpresschange.
22
DocumentationGestiIPIPAMv3.2
3.2Networkadministration
GestiIPoffersseveraltoolstocreate,deleteormanipulatenetworks.
3.2.1Newaddnetworksmanually
Toaddanewnetworksmanually,clicknetworks>"new"onthemenubar.
Thenewformoffersthepossibilitytocreateonenetwork,multipleconsecutivenetworkswiththe
samebitmasksormultipleconsecutivenetworkswithdifferentbitmasks.
3.2.1.1Createonenetwork
Fig.16:"newnetwork"formcreateonnetwork
networkIDofthenetwork.e.g.:192.168.0.0mandatoryfield
BM(bitmask)Bitmaskofthenetworkmandatoryfield
descriptionShortdescriptionofthenetworkmandatoryfield
commentOptionalcomment
siteWhereisthenetworkphysicallylocated?Whenthesiteofthenetworkischanged(or
renamed),siteofthehostentriesofthenetworkwillbechangedaswellmandatoryfield
23
DocumentationGestiIPIPAMv3.2
categoryTocategorizethenetworkine.g.production,preproduction,developmentmandatory
field
rootnetworkcheckthisboxifthenewnetworkshouldbearootnetwork
includenetworkwithinautomaticupdateToincludethenetworkwithintheautomaticupdate
(see9)onlyavailableforendnetsoptionalfield
Clickonthecalculatelinktocheckwhethernetworkandbitmaskarecorrectlyintroduced.
3.2.1.2Createmultiplenetworkswithsamebitmasks
Withthecreatemultiplenetworksformitispossibletocreateupto50consecutivenewnetworksin
onestep.EnterthenetworkID(e.g.172.16.0.0),chooseabitmaskandchoosethenumberof
networkstocreate.
Fig.17:"newnetwork"formcreatemuliplenetworkswithsameBMs
3.2.1.3Createmultiplenetworkswithdifferentbitmasks
Withthisformyoucancreatemultiplenetworkswithdifferentbitmasks.
Introducethebitmasksinthefollowingformat:/BM1/BM2[/BMn].
24
DocumentationGestiIPIPAMv3.2
Fig.18:"newnetwork"formcreatenewnetworkswithdifferentBMs
Example
Tocreatenetworks4.4.1.0/25,4.4.1.128/27,4.4.1.160/27,4.4.1.192/26inonestep,introducethe
followingvalues:
firstnetwork:4.4.1.0
bitmasks:/25/27/27/26
Note
"showfreeranges"viewoffersthepossibilitytocreatenewnetworksdirectlybyclickingafree
range.
3.2.2Change/deletenetworks
Clicknetworks"change/delete"onthemenubartoaccessthenetworkmanipulationform.
Fig.19:"change/delete"networkform
25
DocumentationGestiIPIPAMv3.2
Thechange/deleteformoffersthefollowingfunctions:
EditToresizebitmaskoreditdescription,site,category,commentorstatusofautomatic
synchronization(see3.2.2.1)
ReservedrangesToreserveordeletereservedIPaddressranges(see3.2.2.2)
ManualsynchronizationviaDNSToupdatethenetworkentriesagainsttheDNS(see
3.2.2.3)
ManualsynchronizationviaSNMPToupdatethenetworkentriesviaSNMP(see
3.2.2.4)
SplitnetworkTosplitnetworkintosmallersubnets(see3.2.2.5)
ClearnetworkDeleteallentriesofthenetwork(entriesofreservedrangeswillbe
maintained)(see3.2.2.2)
DeletenetworkDeletenetworkwithallentriesandreservedranges(see3.2.2.7)
3.2.2.1Edit
Click"networks">"change/delete/">edit toresizethebitmaskortoeditdescription,site,
category,comment,sync(synchronization)orcustomcolumnsvalues.
Fig.20:"editnetwork"formwithenabledcustomcolumnVLANs
26
DocumentationGestiIPIPAMv3.2
Foradescriptionofthefieldssee3.2.1.
ClickingontheIPaddressexecutesthehostcheck.
3.2.2.2Reservedranges
GestiIPoffersthepossibilitytoreserverangesforspecialusage(e.g.forDHCP).Thisoptionis
onlyforIPv4networksavailable.
Creatingareservedrange,GestiIPaddsacommenttothecorrespondingnetworkandtothehosts
thatareincludedintherange.ThehosttypeoftheIPaddressesofthereservedrangeis
predetermined(butchangeable).Thismeansthatautomaticupdatesetshosttypeautomatically
whencreatingnewhostentrieswithinreservedranges(e.g.rangetype:workst(DHCP)=>host
type:workst).
Clicknetworks>change/delete>ranges
toaccessrangemanipulationform.
Note
HostoverviewshowsIPaddressesofreservedrangeswithagraybackground.
Insertranges
MarkthefirstandthelastIPaddressoftherangeyouwanttoadd,insertashortdescriptive
commentandmarktherangetype(hosttypesofthereservedrange).Thenclickaddtocreate
thenewrange.
Fig.21:"newrange"form
27
DocumentationGestiIPIPAMv3.2
Note
Ifyousetconfigurationparameterdyn_ranges_onlytoyes(see9.3),automaticupdatewill
onlyprocessentriesofreservedranges.
Note
Whencreatingareservedrange,allentriesbetween"FirstIP"and"LastIP"willbedeleted.
Deleteranges
Todeleteareservedrangeaccesstotherangemanipulationform,choosetherangeyouwantto
deleteandpress"delete"button.ThiswilldeletetherangewithallofitsentriesfromGestioIP's
database.
Fig.22:"deleterange"form
Note
Whensplittingnetworkswithreservedranges,therangesandalloftheirentrieswillbedropped.
3.2.2.3ManualupdateagainstDNS
Thefunction"sync" (networksynchronizationagainstDNS)isintendedtoupdateallIP
addressesofanetworkwiththeactualDNSentries.Thenetworksynchronizationexecutesan
ICMPechorequest(ping)toallIPaddressesandanrDNSqueryofallIPaddressesofthenetwork.
Thedecisionifandhowanentryisupdatedfollowsthefollowingscheme:
Answerstoping?
rDNSentry
configured?
Matchignoreor
ignore_generic_auto?
Update? Hostnamesetto
Yes
Yes
Yes
Yes
unknown
Yes
Yes
No
Yes
rDNSname
Yes
No
Yes
unknown
28
DocumentationGestiIPIPAMv3.2
No
Yes
Yes
No
No
Yes
No
Yes
rDNSname
No
No
No
Note
Updatetypeocsormanavoidsthatmanualsynchronizationupdatestheseentries(see3.1.1).
Note
TopreventthatthenetworksbeingfilledwithgenericrDNSentriesread3.2.2.3.1.
3.2.2.3.1GenericrDNSentries
GenericrDNS(PTR)entriesareoftenusedinrelationwithdynamicassignedIPaddressesorto
preventnetworkreversediscovery.WithconfiguredrDNSentriesyouwillgetavalidanswerto
rDNSqueriesforalladdressesofanetwork(butwithoutusefulinformationcontent).GenericrDNS
entriesmaylooklikethis:
1245.domain.org
2245.domain.org
3245.domain.org
....
GestiIP'supdatefunctions(AUTOandMAN)updateunassignedaddresseswhentheyreceivea
validanswertoanrDNSquery.Thiscausesthedatabasetobefilledwith(undesired)rDNSentries.
GestiIPofferstwomechanismstopreventtheupdatefromactualizingthenetworkwithgeneric
rDNSentries(like10245.domain.org):
ignoregenericauto:Setthisvalueto"yes"iftheupdatescriptshouldignoreDNSentriesthat
matchautogeneratedgenericrDNSstringsandthatdoesnotrespondtoping.
Example:
IPaddress
autogeneratedgenericrDNSstring(generatedbyGestiIP)
192.168.200.8
192168200
200168192
1682008
8200192
29
DocumentationGestiIPIPAMv3.2
Withignoregenericautosetto"yes"theautogeneratedgenericrDNSstringmatchesifyour
rDNSentrieslooklike
19216820015.some_stringor15200168192.abc.de.fg
IPaddresseswithrDNSentriesthatmatchautogeneratedgenericrDNSstringsbutdontanswer
topingwillbeignored.Iftheaddressanswerstopingandmatchesautogeneratedgeneric
rDNSstrings,thehostnameissettounknown.
ignore:IfyouuseaschemeforrDNSentriesotherthantheschemessupportedbyGestiIP,the
stringstobeignoredcanbesetheremanually.Thefieldacceptsasinglestringoracomma
separatedlistofstringstoignore.
Example:
ToavoidthatanetworkisfilledwithgenericPTRentrieslike10.200.168.192.domain.organd
55.0.16.172.domain.orgsetthe"ignore"variableto:
200.168.192,0.16.172
MakesurethatthestringtoignoreisspecificforyourrDNSentries.Ifyousetignoreinthe
exampleaboveto"domain",thegenericrDNSentrieswillbeignoredbutentriessuchas
"host.domain.org"("goodentries")willbeignoredaswell.
Note
ConfigureignoreandignoregenericautoglobalconfigurationparametersfrommanageGestiIP
form(see3.6).
30
DocumentationGestiIPIPAMv3.2
3.2.2.4ManualhostupdateviaSNMP
ThemanualhostupdateviaSNMPofferstheoptiontoupdatethehostentriesofanetworkby
queryingallIPsviaSNMP.Click
toaccesstomanualupdateform.
ManualupdateviaSNMPwilltrytoconnecttoeveryIPaddressofthenetworkandactualizehost
informationwithfoundvalues.
Fig.23:ManualupdateviaSNMPform
Insertacommunityname(SNMPv1/2c)orausername(SNMPv3),chooseSNMPversionandclick
discovertostarttheupdateprocess.
Note
ExecutionofmanualhostupdateviaSNMPmaytakesomeminutes.
Note
HostupdateviaSNMPactualizespredefinedhostcolumns,too(see3.9).
Note
GestiIPcurrentlysupportsonlySNMPv3withtheSecurityLevel'noAuthNoPriv'.
3.2.2.5Split
Thesplitnetworkformoffersthepossibilitytosplitanetworkeitherintosmallernetworkswiththe
samebitmasksorintosmallernetworkswithdifferentbitmasks.
Clicknetworks>change/delete>"split"
toaccessthesplitnetworkform.
31
DocumentationGestiIPIPAMv3.2
Fig.24:"splitnetwork"form
Tosplitnetworksintosmallernetworkswiththesamebitmaskselectthenewbitmaskandclick
send.
Tosplitnetworksintosmallernetworkswithdifferentbitmasksinserta/(slash)separatedlistof
thebitmasksofthenewsubnetsinthebitmasksfield(/bitmask1/bitmask2[/bitmaskN])andclick
send.
Example
Ifyouwanttosplitnetwork172.16.5.0/24intothenetworks
172.16.5.0/25
172.16.5.128/26
172.16.5.192/26
introduce/25/26/26intothebitmasksfield.
Whenthe"bitmasks"arecorrectlyintroduced,alistofthenewsubnetsisshown.Ifthelistis
correct,introducedescription;choosesitesandcategoriesforthenewnetworksandpress"send"to
splittheoriginalnetworkintothenewsubnets.Ifthebitmasksareincorrectlyintroduced,adetailed
errornotificationwillbedisplayed.
32
DocumentationGestiIPIPAMv3.2
Fig.25:Confirmsplitnetwork
Ifthenewnetworksdontincludetheentireoriginalnetwork,awarningwillbedisplayed.By
clickingsendthenewnetworkswillbecreatedandthehostsoftheoriginalnetworkthatarenot
includedwithinthenewrangeswillbedropped.
Note
Splittinganetworkcausesallreservedrangesofthisnetworktobedropped.
3.2.2.6Clear
Clicknetworks>change/delete>"clear"
todeleteallentriesofanetwork.
3.2.2.7Delete
Clicknetworks>change/delete>"delete"
reservedrangesfromGestiIP'sdatabase.
todeletethenetworkwithallofitsentriesand
3.2.2.8Networkmassupdate
Networksmassupdatefeatureoffersthepossibilitytoperformactionsonmultiplenetworkentries
33
DocumentationGestiIPIPAMv3.2
atonce.
Itallowstoeditoneormultiplenetworkcolumnentries,toclearnetworks(deleteallhostentries)
andtodeletemultiplenetworks.
Gotonetworkchange/deletetoaccesstonetworkmassupdateform.
3.2.2.8.1Editmultiplenetworkentries
Toeditmultiplenetworksmarkthecheckboxinfrontofthenetworkstoedit,selecteditfrom
actionselectbox,selectthecolumnstoeditandpressmassupdate.
Fig.26:Networkmassupdate
Edit/selectthenewvaluesandpresschangetosavethemtothedatabase.
Fig.27:Networkmassupdateeditform
3.2.2.8.2Clearmultiplenetworks
Todeletethehostentriesofmultiplenetworksmarkthecheckboxinfrontofthecorresponding
networks,selectactiontypeclearandpresschange.
34
DocumentationGestiIPIPAMv3.2
3.2.2.8.3Deletemultiplenetworkentries
Todeletemultiplenetworksandalloftheirhostentriesmarkthecheckboxinfrontofthe
correspondingnetworks,selectactiontypedeleteandpresschange.
3.2.3Joinnetworks
Tojoinnetworksclicknetworks>change/delete>"join"onthemenubar.
MarktwonetworksthatyouwishtojoinandpressENTERorclick"join"atthebottomofthepage.
Fig.28:Joinnetworksform
Thenetworksdonotneedtobeconsecutive.GestiIPsuggestsonewaytojointhenetworks.The
suggestioncanbeacceptedorthenewnetworkcanbeintroducedmanually.Incaseitisnot
possibletojointhenetworksdirectly,GestiIPoffersthepossibilitytointroducethenewnetwork
manually.
Formatofnetworkformanualintroduction:network/bitmaske.g.192.168.0.0/24
Fig.29:Confirmjoinnetworks
35
DocumentationGestiIPIPAMv3.2
3.2.4Showfreeranges
Foranoverviewoftheunusedspacesbetweentheexistingnetworksclicknetworks>"showfree
rages"onthemenubar.Clickontheunusedspacetocreateoneormultiplenetworksdirectlyfrom
theunusedspace.
Fig.30:Freeranges
3.2.5Subnetcalculator
GestiIP'ssubnetcalculatorsupportsbothclassfulandclasslessnetworks.
Clicknetworks>"subnetcalculator"onthemenubartoopenthesubnetcalculatorwindow.
Fig.31:Integratedsubnetcalculator
36
DocumentationGestiIPIPAMv3.2
Note
ThesubnetcalculatoracceptsIPsinintegerformat,too.
Note
Thesubnetcalculaterisalsoavailableasonlineversion:http://www.gestioip.net/cgi
bin/subnet_calculator.cgi
3.3VLANs
GestiIPincorporatesanautomatedVLANmanagementsystemintegratingthepossibilitytoimport
VLANseasilyfromnetworkdevicesviaSNMP.
ThepredefinednetworkcolumnVLANsisaimedtoassociateVLANstospecificnetworks.With
configuratedVLANcolumn,VLANinformationwillbeshownwithinnetworklistview(see3.9).
3.3.1show,edit,delete
AccesstoVLANlistview("VLANs">"show")toshow,editordeleteVLANs.
Fig.32:ShowVLANs
Clickoverthe
symboltoopentheVLANsearchform.
37
DocumentationGestiIPIPAMv3.2
VLANlistviewfeaturesthefollowingcolumns
numberVLANnumber(mandatory).
nameVLANname(mandatory).
descriptionAdescriptionfortheVLAN(optional).
providerTheremightbeVLANswithdifferentInternetServiceProviders(ISPs)contracted.This
columnallowstospecifyanInternetServiceProvider(optional).
devicesThiscolumnliststhenetworkdeviceswheretheVLANwasfoundbyVLANdiscovery.
HoveringovertheIPaddressdisplaysthedevicename.Thisfieldcannotbeeditedmanually.
unifiedVLANsToassociatesameVLANswhichappearsindifferentdeviceswithdifferent
names(e.g.VLAN1mayhavethename"default"ononeand"default_vlan"onanotherdevice)
(see3.3.3).
3.3.2New
Clickover"VLANs">"new"tointroducenewVLANsmanually.
Fig.33:NewVLANform
3.3.3Unify
UnifyVLANsisaimedtoassociatesameVLANswhichappearindifferentdeviceswithdifferent
names,sothattheyappearlikeoneVLANinGestiIP'sdatabase.
BecauseVLANnameisconfiguredmanuallybynetworkadministrators,sameVLANsmayappear
indifferentdeviceswithdifferentnames(e.g.VLAN1mayhavethename"default"ononeand
"default_vlan"onanotherdevice).AutomaticVLANimportationwillimportthatkindofVLANs
likedifferentVLANs.ThatcausesthatthisVLANswillappearliketwoVLANsinVLANlistview.
Withunifyoptionit'spossibletoassociatethisVLANssothattheyappearlikeoneVLANin
38
DocumentationGestiIPIPAMv3.2
GestioIP'sVLANlistview.
Click"VLANs">"unify"toaccessVLANunifyform.ThereappearonlyVLANswithsame
numberbutdifferentnames.MarktwoormoreVLANswithsamenumbersthatshouldbeunified
andclick"unify"atthebottomoftheVLANlist.
Fig.34:UnifyVLANsform
SelectthenamethatshouldappearfortheunifiedVLANandclick"send"tounifytheVLANs.
Fig.35:UnifyVLANsform
3.3.4VLANprovider
AnorganizationmayhaveVLANswithISPscontracted.OptionVLANproviderisintendedto
associatethisVLANswithanISP.
3.3.4.1ShowVLANprovider
Click"VLANs">"showVLANproviders"tolist,editordeleteVLANproviders.
39
DocumentationGestiIPIPAMv3.2
3.3.4.2NewVLANprovider
Click"VLANs">"newVLANproviders"toaccessnewVLANproviderform
Fig.36:AddVLANproviderform
Toaddanewproviderintroduceanameandanoptionalcommentandclick"add".
3.3.5ImportVLANsviaSNMP
Clickimport/export>importVLANsviaSNMPtoaccesstoVLANimportationform.
Fig.37:ImportVLANsform
ImportVLANsfunctioncanbelancedagainstonedevicebyintroducinganIPAddress(textfiled
node)oragainstmultipledeviceswhichareclassifiedlikeL2deviceorL3devicebymaking
themintheLayerIIdevicesorLayerIIIdevicesselectbox.
40
DocumentationGestiIPIPAMv3.2
Note
IftherearenodevicesclassifiedwithhosttypeL2orL3device,thereappearsthenote"Nolayer
II/IIIdevicesdefined".Tochangethehosttypeofadevicegoto"shownetworks",accesstothe
correspondingnetworkandclickdevice"edithost"button.
Note
Column"switches"ofVLANoverviewwillonlybeupdatedifdiscoveryislancedagainstadevice
fromLayerIIorLayerIIIdevicesselectbox.
Note
VLANdiscoveryisbaseonthePerlModuleSNMP::Info(see9.5.1.1).VLANdiscoveryworksonly
withdevicessupportedbySNMP::Info.Consultthedevicecompatibilitymatrixtoverifyifyour
devicesaresupported(http://netdisco.org/DeviceMatrix.html).Ifthedeviceisnotsupportedorifit
isnotpossibletoconnecttothedevice,GestiIPwilldisplaythemessageCANNOTCONNECT.
3.4Autonomoussystemmanagement
GestiIPfeaturesasimplemanagementsystemforautonomoussystems.Tousethisfeatureyou
needtoenableautonomoussystemsupportfrommanage>gestioip(see3.6.1).Thisfeatureis
thoughttobeusebyInternetserviceproviders(ISP).
3.4.1show,edit,delete
Accesstoautonomoussystemslistviewtoshow,editordeleteAS("AS">"show").
Fig.38:Autonomoussystemlistview
Clickoverthe
symboltoopentheASsearchform.
ASnumberASnumber(mandatory).
descriptionAdescriptionfortheAS(optional).
ASclientTheclienttowhichtheASisassignedto(optional).
ASclienttypeThetypeofclienttowhichtheASisassignedto(optional).
commentAoptionalcomment.
41
DocumentationGestiIPIPAMv3.2
Click
Click
toedittheAS
todeletetheASfromGestiIP'sdatabase
3.4.2new
Clickover"AS">"new"tointroducenewASmanually.
Fig.39:Newautonomoussystemform
3.4.3showASclients
Autonomoussystemclientsallowtospecifytowhichclientanautonomoussystemisassignedto.
AccesstoASclientlistviewtoshow,editordeleteASclients.
3.4.4newASclient
TointroduceanewASclientclickoverASnewASclient.
3.5Linemanagement
GestiIPfeaturesamanagementsystemforleasedanddialuplines.Tousethisfeatureyouneedto
enablelinesupportfrommanage>gestioip(see3.5)
3.5.1show,edit,delete
Accesstoleastlinelistviewtoshow,editordeletetheleasedlines("lines">"show").
42
DocumentationGestiIPIPAMv3.2
Fig.40:Lineslistview
Clickoverthe
symboltoopentheASsearchform.
providerISPfromwhichthelineiscontracted
typetypeofthedialupline(e.g.leasedordialup)
serviceservice(e.gT1,T3,...forleasedorADSL,SDSL,ISDN,fordialup)
descriptionanoptionaldescription
phonenumberphonenumberprovidedbytheIPS(fordialuplines)
adnumberAdministrativnumberassignedbytheISP
sitethesitewheredialuplineends
roomtheroomwherethedialuplineends
connecteddevicedevicewhichisconnectedtotheleasedline(e.g.manufacturer,model)
commentanykindofcomments
3.5.2new
Clickover"lines">"new"tointroducenewleasedordialuplinesmanually.
Fig.41:Newlineform
43
DocumentationGestiIPIPAMv3.2
3.5.3showlineprovider
Lineproviderallowtospecifyfromwhichprovideraleasedordialuplineiscontracted.
3.5.4newlineprovider
Tointroduceanewlineproviderclickoverlinenewlineclient.
3.6ManageGestiIP(globalconfigurationparameters)
GestiIP'sconfigurationisdividedinfoursections:
Clientindependentconfigurationparameters
Clientspecificconfigurationparameters
Deleteauditevents
Resetdatabase/deletenetworks
Toconfigureglobalconfigurationparametersortodeleteoldauditeventsfromthedatabaseclick
manage>"manageGestiIP"fromthemenubar.
3.6.1Clientindependentconfigurationparameters
defaultclientClienttodisplaywhenaccessingtoGestiIP.
IPv4onlymodToenableIPv6supportsetthisparametertono.WithenabledIPv6support
therewillappearnewIPv6relatedelementswithinmanyformsallowinge.g.toimport/export,
discoverandmanageIPv6networksandhosts.
AutonomoussystemsupportSetthisparametertoyestoenabletheautonomoussystem(AS)
managementsystem.WithenabledASsupportthereappearanewitemASwithinthemenubar
allowingtoaccesstotheASrelevantforms(see3.4).
LinessupportSetthisparametertoyestoenabletheleasedanddialuplinemanagement
system.Withenabledlinesupportthereappearanewitemlineswithinthemenubarallowingto
accesstotheLeastlinemanagementrelevantforms(see3.5).
askforconfirmationIfthisparameterissettoyes,therewillbeaconfirmationwindow
displaywhenexecutingcriticalactionslikeclearnetworkordeletenetwork.
44
DocumentationGestiIPIPAMv3.2
MIBdirectoryDirectorywhereNetdiscoMIBsarestored(see9.5.1.1).
VendorspecificMIBsManufacturerspecificdirectories.Thisparametershouldbeonlybeedited
afterupdatingtoanewerversionofNetdiscoMIBs.
Afterchangingtheparametersclicksettosavethenewvalues.
Fig.42:Clientindependentconfigurationparameters
Note
AfterenablingASorlinesupportbyclickingset,thenewmenuelementsAS
(autonomoussystems)andlineswillnotappearinstantly.Theywillappearafterclickingthe
nexttimeoveranylink.
3.6.2Clientspecificconfigurationparameters
Withtheclientspecificconfigurationparametersit'spossibletoinfluenceGestiIP'scomportment.
3.6.2.1SmallestimportableBM
45
DocumentationGestiIPIPAMv3.2
smallestimportableBMIPv4networkswithabitmasksmallerthanthisparameterwillnotbe
imported.
Example
IfGestiIP'sSNMPbaseddiscoverymechanismimportsthenetwork192.168.0.0/16fromarouter,
allothernetworkswithinthisrange(e.g.192.168.0.0/24,192.168.1.0/24,)whicharefoundlater
wouldbeignoredbecausetheyareoverlappingwiththenetwork192.168.0.0/16.Toavoidthat
networkswithabitmaskof/16willbeimportedsetthisparametertoavalue>=17.
Note
Thisparameterhaschangedfromolderversion.InversionsbeforeGestiIPv3.0,networkswitha
bitmask<thevalueofsmallestimportableBMwherenotpresentableinthehostviews.GestiIP
v3.0haseliminatedthislimitandallowsnowtolistIPv4networkswithanykindofbitmask.
Note
ThisparameterinsnotrelevantforIPv6discovery.AllIPv6networkswithaprefixlengthsmaller
than64willbeautomaticallyclassifiedasrootnetworkandbecauseofthis,thisnetworkswill
notcauseoverlappingerrors.
3.6.2.2Pingtimeout
"ping"timeoutGestiIPworkswithNet::Ping::ExternalPerlmodule.Becausethemodule
ignorestimeoutargumentunderLinux,hostcheckandupdateagainstDNSworkwiththedefault
timeoutof10s.PatchNet::Ping::ExternalPerlmoduletomakethefunctionswhichuse"ping"faster
(withatimeoutof2secondsitwouldbe5xfaster).
Seehttp://www.gestioip.net/docu/Ping_External_Timeout_Problem.txtforinstructionsonhowto
patchit.
3.6.2.3DNSserver
ThefollowingparametersarerelatedtotheDNSserverstousefortheactualclient:
usedefaultresolverCheckthisradiobuttonifDNSqueriesforthisclientshouldbelanced
againstthedefaultDNSserver(specifiedin/etc/resolv.conf)(default)
specifyDNSserverCheckthisradiobuttonifDNSqueriesforthisclientshouldbelanced
againstcustomDNSservers(hostcheck,updateagainstDNS,updateviaSNMP).
DNSserverIIIISpecifyheretheDNSServertoqueryinthecasethatspecifyDNSserver
radiobuttonischecked.
Note
46
DocumentationGestiIPIPAMv3.2
GestiIPv3.0doesnotsupportsignedDNSzonetransfers(TSIG).Thiswillbeimplementedinnext
versionv.3.1.
3.6.2.4Manualupdate
Thefollowingparametersarerelatedtomanualupdate:
ignoreStringthatmatchgenericrDNSentriesinthecasethatyourgenericrDNSentriesdon't
match"genericautoPTRentries"(seeignoregenericauto).Thisoptionhelpsupdatetorecognize
genericrDNSentries.Example:rDNSentry:dhcp2.3.5.2.gestioip.net>ignore:dhcp
ignoregenericautoSetthisvalueto"yes"iftheupdatescriptshouldcreateautogenerated
genericrDNSentries.Example:IP:1.2.3.4>genericautoPTRentriesgeneratedbyGestiIP:43
2and234(default:yes).
See3.2.2.3.1formoreinformationaboutignoreandignoregenericautovariables
genericdynamicnameSetheregenericnamesthatmatchthehostnamesassociatedbyanDHCP
server.IfanIPaddresshasanentryinthedatabasethatmatchgenericdynamicnameanddoesnot
respondtopingitwouldbedeleted.IfyouusebothupdateagainstDNSandupdateagainstOCS
InventoryNG,thisparameteralsoavoidsactualizationcreatedbyupdateagainstOCSthatmatch
genericdynamicnamefrombeingoverwrittenbyupdateagainstDNS(inthecasethat
synchronizationagainstOCS'sconfigurationvalue"set_update_type_to_ocs"issetto"no")(coma
separatedlist,casesensitive).
Example:IfyourdynamicallyassignednameslooklikePC001,PC002,LAP001,LAP002set
genericdynamicnametoPC,LAP.
maxnumberparallelprocessesMaximumnumberofparallelprocessestoforkwhenupdating
networks(eachprocessexecutesapingto,andaDNSAandPTRqueryofoneIPaddress).
IncreasingthisvaluereducesexecutiontimebutincreasesCPUload;decreasingthevalueincreases
executiontimebutreducesCPUload.
(IfthemachinethatrunsGestiIPisn'ttoooccupied,avalueof254shouldn'tbeaproblem).
Afterchangingtheparametersclicksettosavethenewvalues.
Note
HighvaluesofmaxnumberparallelprocessesmayalsocausepeaksoftheCPUloadoftheDNS
server.
47
DocumentationGestiIPIPAMv3.2
3.6.2.5ExtendedsupportforOCSInventoryNG
WithenabledOCSsupporttherewillthenewbutton
behindeveryentrywithinhostlistview
bedisplayed,allowingtofetchdirectlytheinformationforthisIPfromanOCSInventoryNG.
Fig.43:HostinformationfetchedfromanOCSInventoryNG
ClicklinkupdateentrytoupdatethedefinedhostcolumnswiththeinformationfoundintheOCS
database.
ToenableOCSsupportsetparameterenableOCSsupporttoyesandclicksave.Afterenabling
OCSsupporttherewillbenewformelementtoconfiguretheparameterfortheOCSdisplayed.Edit
theparametersandclicksavetosavetheconfiguration.
ThefollowingparametersarerelatedtoOCSInventoryNGsupport:
enableOCSsupportsetthisparametertoyestoenableOCSsupport.Thisparameterisonly
relatedtothefrontendwebanddoesnotaffecttheautomaticupdateagainstOCS.
48
DocumentationGestiIPIPAMv3.2
OCSDBnamenameofOCSdatabase
OCSDBusernameofOCSdatabaseuser
OCSDBpasswordOCSdatabasepassword
OCSDBIPaddressIPaddressoftheOCSdatabaseserver
OCSDBportPortwheretheOCSdatabseislistening(default:3306)
3.6.3Manageauditdb
Auditdatabasewillgrowwithtime.Youcandeleteeventscreatedbyautomaticupdateagainst
DNS,SNMPorOCS(AUTOevents)oreventscreatedbyactionsmadeviaGestiIPsfrontend
Web(MANevents)independently(see2.6).
Fig.44:Manageauditdb
Todeleteoldauditevents:
Chooseatimefromwhichtheeventsshouldbedeleted.
Selectifeitheronlyeventsfortheactualclientortheeventsforallclientsshouldbedeleted.
Markcheckboxkeepnetworkseventsifnetworkspecificeventsshouldbekept.
Clickdeletetodeletetheauditevents.
Note
WitholderversionsofMysqlDBtotalsizemaynotbedisplayed.
49
DocumentationGestiIPIPAMv3.2
Note
Historyinformationfornetworksandhostsisextractedfromauditlog.Deletingoldauditevents
causeshistoryentriestoalsobedeleted.
3.6.4Resetdatabase
ResettingthedatabasecausesthatallnetworksandhostsoftheselectedIPversionwillbedeleted
fortheactualclient.Ifboth,IPv4andIPv6isselected,VLANswillalsobedeletedfromGestiIPs
database.
3.7Clients
GestioIPpermitstomanagedifferentclientswithindependentnetworksandVLANs.Ifthereis
morethanoneclientdefined,thereappearsanewselectboxinthemenubarindicatingtheactual
client.
Fig.45:Chooseclientselectbox
Tochangeactualclientchoosethenewclientfromclientselectboxandclickrefresh
button
Fig.46:Changeactualclientrefreshbutton
50
DocumentationGestiIPIPAMv3.2
Note
Clientoptioncanbealsousedtosubdivideacomplexnetworkinfrastructureintosections.You
maycreate"clients"like"offrange"foryourofficialnetworks,"privrange"foryourprivat
networks,...Inthecaseyouthatdiscoverainfrastructurethatissubdivideintosectionsviathe
"client"option,thenetworkdevicesmayholdofficialandprivatenetworksinit'sroutingtables.
Thatmeansthatyouneedtospecifythenetworkswhichshouldbeimportedtomakesure,thatonly
thenetworksforthis"client"willbeimported.SpecifythefirstoctetsoftheNetworkswhichshould
beimportedforthis"client"withtheoption"ProcessonlyIPv4/6networksbeginningwith"within
theimportforms("discovery"(see5.1)),"importnetworksviaSNMP"(see5.2.1)andscript
"get_networks_snmp.pl"(see5.2.2)).
3.7.1Manageclients
Manageclientsformoffersthefollowingoptions:
listclientdetails
addclients
editclients
deleteclients
Click"manage">"clients"toaccesstomanageclientsform.
3.7.1.1Addclients
Whencreatingthefirstclient,allexistingnetworks,VLANsandsiteswillbeassociatedwiththis
client.Becausesitesaremanagedclientindependentlyyouhavetoinsertatleastonesiteforevery
newclient(textfieldsites).Multiplesitesmustbeintroducedinformofacommaseparatedlist.
Note
Youcanchangesitesfrom"manage">"sitesandcategories".
Toaddthenewclientcompleteaddclientformandclick"add".Thenewclientwillnowappearin
clientselectboxinthemenu.
3.7.1.2Editclients
Click"manage">"clients"toaccesstoeditclientform.Choosetheclientyouwanttoeditand
clickeditbutton .
51
DocumentationGestiIPIPAMv3.2
Fig.47:Editclientsform
Click
"update"atthebottomoftheeditclientformtosavethechanges.
3.7.1.3Deleteclients
Todeleteaclientchoosetheclienttodeletefromdeleteclientformanclick"delete".
Fig.48:Deleteclientsform
Deletingaclientcausesthatallinformationspecifictothisclientwillbedeleted(networks,hosts,
sites,auditevents).
52
DocumentationGestiIPIPAMv3.2
3.8Sitesandcategories
Tointroduce,renameordeletesites,hostcategoriesornetworkcategories,open"manage">
"sitesandcategories"onthemenubar.
3.8.1Sites
GestioIP'ssitesareindentedtoassociateaphysicallocation(e.g.adatacenter)withinthenetworks
andhosts.
Note
Sitesfornetworkandhostareindependentlyconfigurable.Ifyouhavenetworksthataredistributed
overdifferentsites(e.g.AandB)youcancreateanadditionalsiteA_B,assignthisnewsitetothe
networkandassignsiteAorBindividuallytothehosts.
Note
Withmultipleclientsconfiguredtherewillonlythesitesoftheactualclientbedisplayed.
3.8.2Networkcategories
DuringinstallationGestiIPproposesthefollowingnetworkscategories:
ProdFornetworksoftheproductionenvironment
PreFornetworksofpreproductionenvironment
TestFornetworksoftestenvironment
DevFornetworksofdevelopmentenvironment
DevtestFornetworksofdevelopmenttestenvironment
CorpForcorporatenetworks(e.g.withPCofendusers,printers,...)
otherForallothernetworks
3.8.3Hostcategories
GestiIPcomeswiththefollowinghostcategories:
L2device
devicesthatworkinlayer2(e.g.hubsorswitches)
L3device
devicesthatworkinlayer3(e.g.multilayerswitchesorrouter)
53
DocumentationGestiIPIPAMv3.2
FW
firewalls
DB
fordatabaseservers
server
anykindofserver
workstation workstations
wifi
wirelessdevices
VoIP
VoIPphones
printer
printers
other
allothertypesofdevices
Note
Selfdefinedhostcategoriesappearinnetworkoverviewwiththe"other"symbol.
Note
Defaulthostcategoriescan'tbedeletednorrenamed.
3.9Customcolumns
GestiIPoffersthepossibilitytodefinecustomcolumnstobeshowninnetworklistview(network
columns)orinhostlistview(hostcolumns)makingitadaptabletoorganizationspecificneeds.
Fig.49:NetworklistviewwithpredefinedhostcolumnsupdatedbySNMPdiscovery
Click"manage">"customcolumns"todefinenewortodeletecolumnsfornetworksandhosts.
GestiIPfeaturestwotypesofcustomcolumns:Predefinedandselfdefinedcolumns.Predefined
hostcolumnswillbeupdatedbySNMPdiscoverymechanisms,selfdefinedcolumnsnot.
54
DocumentationGestiIPIPAMv3.2
3.9.1Predefinedcustomhostcolumns
PredefinedcustomhostcolumnswillbeprocessedbySNMPbaseddiscoverymechanisms.Forthis
reasonit'spreferabletousepredefinedcolumnsifavailableinsteadofselfdefinedcolumns.
GestiIPoffersthefollowingpredefinedhostcolumns:
vendormanufacturer(willbedisplayedwithanicon).GestiIPdistinguishesactuallybetween
morethan140manufactures(vendors)whichwillautomaticallyberecognizedbySNMPdiscovery
functions(seeAppendixAforacompletelistofthemanufacturers)
modelmodel
contactcontact(OIDsystem.sysContact)
serialserialnumber
MACMACaddress
OSoperatingsystem(willbedisplayedwithanicon).GestiIPdistinguishesactuallybetween22
operatingsystemswhichwillautomaticallyberecognizedbySNMPdiscoverfunctions(see
AppendixAforacompletelistoftheoperatingsystems)
device_descrdescription(OIDsystem.sysDescr.)
device_namehostname(OIDsystem.sysName)
device_loclocation(OIDsystem.sysLocation)
URLexternallink(willbedisplayedwithanicon).Thiscolumnallowstoconfigurelinksto
externalwebpagesaswellastoopenremotesessionsagainstthehost(e.g.ssh,telnet,rdesktop
(rdp),vnc,).Specifythelinkinthefollowingformat:SERVICE::URL[,SERVICE1::URL1]
Example:
WiththefollowingURLentry
mrtg::http://mrtg_server/mrtg/server_192.168.7.1.rrd,ssh::ssh//192.168.7.1,VNC::vnc://192.168.7.
1
URLcolumnwilldisplayedasshowninFig.50
Fig.50:CustomhostcolumnURL
CustomcolumnURLallowstousevariables(actuallytwovariables).Thisisusefulin
conjunctionwithmassupdatefeature(see3.2.2.8)whichgivesthepossibilitytoeditmultiple
networksatonce.
Variable
Replacedby
55
DocumentationGestiIPIPAMv3.2
[[IP]]
IPaddressofthehost
[[HOSTNAME]]
hostnameentryofthehost
Example:
Entry:192.168.0.10jupiterdescriptionLondI
Entrywithvariable
Displayedentry
telnet::telnet://[[IP]]
telnet::telnet://192.168.0.10
telnet::telnet://[[HOSTNAME]]
telnet::telnet://jupiter
telnet::telnet://[[HOSTNAME]].domain.org
telnet::telnet://jupiter.domain.org
mrtg::http://mrtg_server/mrtg/server_[[IP]].rrd
mrtg::http://mrtg_server/mrtg/server_192.168.0.10.rrd
Note
Notallbrowsersupporttheformatservice://...forallservices.
NoteforFirefoxusers
IfyougettheerrormessagelikeFirefoxdoesn'tknowhowtoopenthisaddress,becausethe
protocol(rdp)isn'tassociatedwithanyprogramopenanewFirefoxwindow,typeabout:config
intotheURLfield,clickrightmousebuttonaddnewBoolean,insertthevalue
network.protocolhandler.expose.rdpfalse.
Whenclickingnexttimeoverthelink,Firefoxwillaskwithwhichapplicationitshouldopenthe
link.
Rackidentificatoroftherackwherethedeviceismountedphysically
RUrackunitwherethedeviceismountedphysically
switchnetworknodewherethedeviceisconnectedto.Thiscolumnsmightbeprocessedina
futurversionofGestiIPbynetworkdiscovery
portportofthenetworknodewherethedeviceisconnectedto.Thiscolumnsmightbeprocessed
inafuturversionofGestiIPbynetworkdiscovery
linkedIPAllowstoassociateanIPwithoneIPoralistofotherIPaddresses(forexampleto
associateaninternalIPwithit'sVIPaddress).ConfiguringalinkedIPforanIPwillautomatically
createalinkedIPentryfortheassociatedIP,too.
Note
Predefinedaswellasselfdefinedcustomcolumnswillbeprocessedbynetworkandhostquick
search.
Note
Predefinednetworkcolumn"VLAN"andpredefinedhostcolumnsMAC,Rack,switchand
56
DocumentationGestiIPIPAMv3.2
portwillnotbeupdatedbySNMPbaseddiscovery.
Note
Ifyouhavemultipleclientsdefinedthereappearsaradiobuttonwhichletyouchoosetoeitheradd
columnsforalloronlyfortheactualclient.
3.9.2Predefinedcustomnetworkcolumns
GestiIPdisposesaboutthefollowingpredefinedcustomnetworkcolumns:
VLANVLANcolumnisaimedtoassociateVLANswithnetworkstobeshowninnetworklist
view.
FavTomarknetworksasfavoritenetworks.ActivatingtheFavcolumnwilladdthefavorite
button( )tonetworklistviewtoeasilylistthefavoritenetworks.
VRFToindicatetheVRFnamefornetworkswithinVRFs.
3.9.3Addcolumns
Withaddcolumnsfunctionyoucandefinenewcolumnstobeshowninnetworkorhostlistview.
Fig.51:Addhostcolumnsform
Chooseifthecolumnshouldeitherbeshownforalloronlyforactualclientandclickadd.
3.9.4Deletecolumns
Choosethecolumnwhichshouldbedeletedandclickdelete.
57
DocumentationGestiIPIPAMv3.2
Fig.52:Deletecolumnsform
Note
Thedeletecolumnformwillonlybedisplayediftherearecustomcolumnsdefined.
Note
DeletingacolumncausesthatallentriesofthiscolumnwillbedeletedfromGestiIP'sdatabase.
58
DocumentationGestiIPIPAMv3.2
4Statistics
GestiIP'sstatisticspageshowsthenumberofmanagednetworks,hostsandVLAN.Itgivesan
overviewofhowmanynetworksandhostsareinthedifferentenvironments(networkcategories)
andinthedifferentsites,aswellasofthemanufacturersofthedevices.Itoffersthepossibilityto
showtheoccupationofthenetworksandnetworkrangesanditallowstolistthenetworkswhich
onlycontainhostwithstatusdown.
Toaccessthestatisticspagegoto"manage">"statistics".
4.1Generaloverview
Fig.53:Statisticspage
Note
Withmultipleclientsconfigured,onlyclientspecificstatisticswillbedisplayedhere.Toseethe
totalnumberofmanagedclients,networksandhostgotohelp>about.
4.2Network/rangeoccupation
Inaddition,thestatisticspageoffersthepossibilitytoshowanoverviewofnetorrangeoccupation.
59
DocumentationGestiIPIPAMv3.2
Thismaybeusefultodetectpoorlyutilizedaddressranges.Youcanfilterthenetworksthatshould
appearinthereportbyIP(orpartsofIP),description,site,categoryandcomment.
Fig.54:Networkandrangeoccupationform
4.3Miscellaneous
Thisoptionallowtolistnetworksonlycontaininghostswithstatusdownornetworksonly
containinghostwithstatusdownorstatusneverchecked.
Fig.55:Shownetworkswithstatusdown
Note
Thereasonbecauseallhostsofanetworkappearasdownmaybethemissingoffirewallrules.
60
DocumentationGestiIPIPAMv3.2
5Databaseinitialization
GestiIPoffersseveralmechanismstoimportdataintoitsdatabase.
networks/hosts/VLANsviaSNMPquery
hostsviaDNSqueries
networks/hostsfromspreadsheets
5.1Discovery
TheDiscoveryisintendedtoinitializeGestiIP'sdatabaseafteranewinstallation.Itexploresthe
networkinfrastructureusingSNMPandDNSandaddsfoundVLANs,networksandhoststo
GestiIP'sdatabase.
Itexecutesthefollowingprocesses:
VLANdiscoveryviaSNMPusingPerlModuleSNMP::Info
NetworkdiscoveryviaSNMPqueryingroutingtablesfromnetworkdevices
HostdiscoveryofnewfoundnetworksviaSNMPusingSNMP::Infoandowndiscovery
mechanisms
HostdiscoveryofnewfoundnetworksviaDNS
Thediscoveryprocessneedsabout45sforoneclassCnetworkswith254addresses,dependingon
thevalueofmaxprocs(numberofparalleldiscoveryprocesses)andtheCPU/memoryofthe
server.NotethatdiscoveryforoneclassBnetworkwithabitmaskof/16(65.534addresses)may
takehoursbecausediscoveryprocessesthenetworkportionwiseeachwith128parallelprocesses
(dependingoftheglobalconfigurationparametermaxprocs).
Clickimport/exportDiscoverytoaccessdiscoveryform.
Note
Discoveryprocesswilloptionallyprocessnetworksfoundbylastrunofimportnetworksfrom
spreadsheets.Soimportyournetworkspreadsheetsbeforeyouexecutethediscoveryprocess.
Note
Discoveryprocesswillupdatepredefinedcolumns,too.Soconfigurepredefinedcolumnsfirst
beforeexecutingthediscoveryprocess.
61
DocumentationGestiIPIPAMv3.2
Fig.56:"Discovery"form
NetworkdevicesOneoralistofIPaddressesofdevicesholdingroutingand/orVLAN
information.Thesearetypicallynetworkdeviceslikeroutersormultilayerswitches.
ImportnetworksIPversionTochooseforwithIPversionthediscoveryshouldbeexecuted
(thisoptionisonlyavailablewhenglobalconfigurationparameterIPv4onlyissettono)
ImportrouteslearnedfromTodefinefromwhichroutingprotocolsthelearnednetworks
shouldbeimported.
SNMPversionTochoosetheSNMPversionwhichshouldbeusedfordiscovery
SNMPv1andSNMPv3:
communitySNMPcommunitystring
SNMPv3
SelectingSNMPversionv3thereappearSNMPv3specificoptions.
62
DocumentationGestiIPIPAMv3.2
Fig.57:SNMPv3form
usernameSNMPv3username
SecurityLevelSNMPv3securitylevel
AuthalgorithmAuthenticationalgorithm(onlyauthNoPrivandauthPriv)
AuthpasswordAuthenticationpassword(onlyauthNoPrivandauthPriv)
PrivacyalgorithPrivacyalgorithm(onlyauthPriv)
PrivacypasswordPrivacypassword(onlyauthPriv)
ProcessonlyIPv4networksbeginningwithIfyoudevideacomplexnetworkinfrastructureinto
smallersectionviatheclientoption(see3.7)youcanspecifyherethefirstoctetsofthenetworks
whichshouldbeimportedandprocessedduringthediscoveryprocess.Toimportonlynetworks
startingwith192.168introduce192.168.Thefieldacceptsacomaseparatedlistofnetworks(e.g.
10,172.16,192.168)
ProcessonlyIPv6networksbeginningwithLikeProcessonlyIPv4networksbeginningwith
butforIPv6networks.Example:2001::ab,2002::
maximalnumberofparalleldiscoveryprocessesNumberofchildprocesseslancedby
discovery.AugmentofthisvaluewillspeedupdiscoveryprocessbutincreaseCPUloadand
memoryusage.
Includenetworkswhichwereaddedbylastrunofimportnetworksfromspreadsheetwithin
discoverymarkthischeckboxifyouwantthatdiscoveryprocessesthenetworkswhichwere
importedbylastrunofimportnetworksfromspreadsheet,too.
DiscovernewfoundnetworksonlyIfthischeckboxischecked,onlynewfoundnetworkswill
beprocessed.Ifyouuncheckit,allfoundnetworkwillbeprocessed.
addcommenttofoundnetworksmarkthischeckboxifdiscoveryshouldaddautomatically
commentlikeStaticroutefrom192.168.239.
Clickdiscovertolancediscoveryprocess.
63
DocumentationGestiIPIPAMv3.2
Itappearsanewpageofferingtheoptionstoconsultthestatusofthediscoveryprocessorto
interruptthediscoveryprocess.
Fig.58:"Discoverystartedform
Clickingconsultdiscoverystatusopensanewwindowshowingtheactualstatusofdiscovery
process(Fig.59).Thestatuspagerefreshesautomaticallyevery10sduringdiscovery.
Clickstopdiscoverytointerruptthediscoveryprocess.Itmaytakeupto15stostopalldiscovery
childprocesses.
Fig.59:Discoverystatuswindow
Clicklinklogfiletodisplaydetailedloginformationofthediscoveryprocess.TypeCTRRto
refreshlogfilewindow.Thelogfilewillbedeletedwhendiscoveryprocessisexecutedagain.
Note
IfyouuseaSNMPcommunityotherthanthedefaultpublic,SNMPbasedpartsofthediscovery
64
DocumentationGestiIPIPAMv3.2
processwilltrytoquerythedeviceswithcommunitystringpublic,too.Thatmakessurethat
deviceswiththecustomcommunitypublicconfigured,nottobeignored(e.g.it'sacommon
errortoforgettosetcommunityforprintersortoconfigureacustomcommunityforadevicebut
notdisablethecommunitypublic).Executeasearchforpublicthroughtheauditlogto
identifydeviceswithdefaultcommunitystringsconfigured.
Note
Youcanalsoconsulttheauditlogtoseethedetailsofthediscoveryprocess.
5.2ImportnetworksviaSNMP
The"importnetworksviaSNMP"functionqueriesroutingtablesfromSNMPenableddevicesand
addsthefoundnetworkstothedatabase.LetitrunagainstyourlayerIIIdevices(e.g.routersor
multilayerswitches).
5.2.1ManualimportviaSNMP
ToimportnetworksviaSNMPclickimport/export"importnetworksviaSNMP".
Fig.60:"importviaSNMP"form
See5.1foradescriptionoftheoptions
65
DocumentationGestiIPIPAMv3.2
Ifthefoundnetworksshouldbeincludedwithinautomaticupdate,mark"includenetworkswithin
theautomaticupdatecheckbox.
Note
Ifyouquerydeviceswithenableddynamicroutingprotocols(e.g.BGP),aquerymaytakequitea
longtimeandcancausea"webservertimeout"error(becausetheroutingtablescanbevery
large).Inthiscase,usescript"get_networks_snmp.pl"fromthedirectory/usr/share/gestioip/bin.
Note
NetworkimportviaSNMPwillalthoughbeexecutedduringdiscoveryprocess(see5.1)
5.2.2ScriptbasednetworkimportviaSNMP
GestiIPcomeswiththescript"/usr/share/gestioip/bin/get_networks_snmp.pl"toimportnetworks
viaSNMP.Thescriptacceptssingledevicesoralistofdevicestoqueryandcanbeexecuted
manuallyorbycron.
Itreadsmostparameterfromconfigurationfile/usr/share/gestioip/etc/ip_update_gestioip.conf.
However,youhavetoconfiguresomeparameterdirectlyinthescript.Todosoopenthescriptwith
yourfavoriteeditorandconfiguretheparameterinthesectionbetween
#########################################
###changefromhere...#################
#########################################
.....
#########################################
####...tohere#########################
#########################################
get_networks_snmp.plreadsitstargetnodesfromafilecalledsnmp_targets.Thisfileislocatedin
thedirectory/usr/share/gestioip/etc/.Openthefileandenterthenodesthatshouldbequeried(one
hostperline).
ThescriptdependsonthefollowingPerlmodules:
SNMP,Net::IP,DBI
IfyouexecutethescriptfromaserverotherthanthatwhichcomeswiththeinstallationofGestiIP,
66
DocumentationGestiIPIPAMv3.2
youmaygetanerrormessagesuchas"Can'tlocateSNMP.pmin@INC"
ThismeansthattherearePerlmodulesmissing.See9.5.1forinstructionshowtoinstallthem.
5.3Importfromspreadsheet
GestiIPpossessesflexiblemechanismstoimportnetworksorhostsfromspreadsheets.
Spreadsheetsmusthave.xlsextension(MSExcel).IfyouuseOpenOfficeusethe"SaveAs..."
optiontosavethespreadsheetin.xlsformat.
5.3.1Importnetworksfromspreadsheets
Goto"import/export">mark"networks"radiobuttonanduploadthespreadsheetwiththe
networkstoimport.
Yourspreadsheetmayconsistsofdifferentsheets.InstepIIyouhavethepossibilitytoimportall
sheets,onesheetbyitsnameormultiplesheetsbynumbers.
Fig.61:"Importfromspreadsheet"form
Toimportallsheetsmark"allsheets".Toimportonesheetmarktheradiobutton"sheetname"and
introducethesheetname(e.g."server")(seeFig.62).Toimportmultiplesheetsmarkthe"sheets"
radiobuttonandintroducethenumbersofthesheetstoimport.Theformacceptsasinglenumber,a
commaseparatedlistorarangeofsheets(e.g.24toimportsheets"LANI,LANIIandSheet4"in
theexamplebelow).
67
DocumentationGestiIPIPAMv3.2
Fig.62:Sheetnumbers
Next,indicatewhatinformationisineachcolumn:Associatethelettersofthecolumnswiththe
correspondingcontent.
Thelettersofthecolumnsarefoundatthetopofeachcolumnofyourspreadsheet(seeError:
Referencesourcenotfound).
networksColumnwithnetworks.Exampleofformatsupportedentries:192.168.0.0entriesthat
dontmatchtheformatwillbeignored.
netmask/bitmaskColumnwithnetmaskorbitmask(columnswithmixednetmaskandbitmask
arealsosupported).Exampleofformatsupportedentries:24,255.255.255.0entriesthatdont
matchtheformatwillbeignored.
networksandnetmask/bitmaskinonecolumnColumnwithbothnetworkandnet/bitmask.If
yourspreadsheetcontainsonecolumnwithbothnetworksandnet/bitmasks,leavenetworksand
netmask/bitmaskblank.
Examplesofsupportedformats:
1.1.1.0/24,1.1.1.0/255.255.255.255,1.1.1.024,1.1.1.0255.255.255.0,1.1.1.0xyz24
Networkentriesthatdontmatchthesupportedformatswillbeignored.
descriptionColumnwithnetworkdescriptionsoptional.
siteColumnwithsites.Thesitesofthenetworkstoimportmustbeidenticaltothesitesin
GestiIP'sdatabase.Ifthesitedoesn'texistinthedatabaseitwillbeignoredcasesensitive
optional.
categoryColumnwithcategories.ThecategorymustbeidenticaltothecategoriesinGestiIP's
database.Ifthecategorydoesn'texistitwillbeignoredcasesensitiveoptional.
commentColumnwithcommentsoptional.
Mark"includenetworkswithinautomaticupdate"ifthenetworkshouldbeprocessedbyautomatic
update.
68
DocumentationGestiIPIPAMv3.2
Fig.63:Spreadsheettoimport
Note
Oldscriptimport_from_excel.plisobsoleteandnotlongerincludedwithinGestiIP.
5.3.2Importhostsfromspreadsheet
ToimporthostsfromspreadsheetsintoGestioIP'sdatabaseclickimport>markhostsradio
buttonanduploadthespreadsheetcontaininghostentriestoimport.
Note
Thenetworkscontainingthehoststoimportmustexist;soimportorintroducenetworksfirst.
Ifimportfunctiondoesn'tfindanadequatenetworkforthehostentries,theywillbeignored.
Indicateifyouwanttoimportallsheets,onesheetbyitsnameormultiplesheets(see.5.3.1).
IndicatetheformatoftheIPaddressesinthespreadsheet:
69
DocumentationGestiIPIPAMv3.2
Fig.64:IndicateIPaddressformat
IfyourspreadsheetcontainsIPaddressesinstandardformat(e.g.82.98.146.69)selectstandard
radiobutton.IfyourspreadsheetcontainsonlythelastoctetoftheIPaddress,markonlylast
octetandspecifythefieldcontainingthenetworkaddress(e.g.A1).Networksmusthaveoneof
thefollowingformats:
NetworkID/netmask(192.168.9.0/255.255.255.0)
NetworkID/bitmask(192.168.9.0/24)
Leadingorfollowingstringswillbeignored(e.g.theentryNetwork192.168.9.0/24XXXwill
alsobeaccepted)(seeFig.65).
Fig.65:SpreadsheetcontaininglastoctetofIPaddressestoimport
Next,associatethelettersofthecolumnswiththecorrespondingcontent(see5.3.1)andclick
import.
70
DocumentationGestiIPIPAMv3.2
Fig.66:ImportspreadsheetcontaininglastoctetofIPaddresses
5.3.3ImportVLANsfromspreadsheet
ToimportVLANsfromspreadsheetsintoGestioIP'sdatabaseclickimport>markVLANs
radiobuttonanduploadthespreadsheetcontainingVLANstoimport.Choosethesheetsthatshould
beimported,associatelettersandcolumnsandclickimport.
71
DocumentationGestiIPIPAMv3.2
6Accesscontrol
Becauseofhistoricalreasons,authenticationandauthorizationishandleddifferent.
Theauthentication(identificationofusers)iscarriedoutthroughmod_authoftheApacheweb
server.ItnotmadebyGestiIPsoftwareitself.Theauthorization(grantingpermissions)ismadeby
GestiIP.ThismeansthattheauthenticationisconfiguredintheApacheconfigurationfileandthe
authorizationisconfiguredwiththeGestiIPwebinterface.
6.1Authentication
GestiIP'sauthenticationprocessiscarriedoutthroughApache'smod_auth.Thedefaultinstallation
workswithHTTPBasicAuthentication.Butyoucanuseanykindofauthenticationwhichis
supportedbytheApachewebserver(e.g.user/groups,LDAP,MSActiveDirectory,
certificates,...).YoucanfindsampleApacheconfigurationswithauthenticationagainstaLDAP
directory,againstKERBEROS5andagainstaMicrosoftActiveDirectoryinthedocumentation
pageofhttp://www.gestioip.net.
6.1.1Defaultauthentication
Duringthesetup,theadministratorcreatesmanuallythedefaultuser"gipadmin(usingthe
commandhtpasswd).Thatmeansthatthereisnodefaultpassword.Theuserisauthenticated
withthepasswordwhichwerecreatedduringsetup.Thedefaultuserhasaccesstoallfunctionsof
GestiIP.
Note
Toenhancesecurityitisrecommendedtoconfigureauthenticationwithindividualaccounts.This
hastheadvantagethatMANauditeventscanbeassociatedwithaspecificuser.
6.1.1.1Createnewaccounts
TocreatenewaccountstousewithHTTPBasicAuthenticationyouneedtoaddauserwiththe
commandhtpasswdandconfigurenew"Requireuser"directivesinApache'sconfigurationfile
gestioip.conf.
Usersarestoredinthepasswordfileusersgestioipwhichyoufindintheconfigurationdirectory
oftheApacheWebserver(e.g./etc/apacheor/etc/httpd,dependingtheLinuxdistribution).To
createanewaccountchangetoApache'sconfigurationdirectoryandexecutethefollowing
commandfromashell:
72
DocumentationGestiIPIPAMv3.2
$sudohtpasswd./usersgestioipnewaccount
GestiIP'sApacheconfigurationgestioip.confisstoredinApache'sincludedirectory(e.g.
/etc/apache/conf.d,/etc/httpd/conf.d,/etc/apache/sitesenableddependingoftheLinux
distribution).
Tohabilitatethenewaccountyouneedtoadda"RequireUser"directivesforthedirectories
DocumentRoot/gestioip(ro/rwuser)andDocumentRoot/gestioip/res(rwuser)toApache's
gestioip.conf.
Forarwuseropengestioip.confwithyourfavoriteeditorandsearchthelines
Requireusergipadmin
Copyandinsertthelineandreplace"gipadmin"withthenewaccount(newaccount).Closeand
savegestioip.conf.
TotakechangesaffectyouneedtoreloadtheApacheWebserver.
Note
gestioip.confcontainsoneRequireUserdirectiveforarouserandtwodirectivesforarw
user.
6.1.1.2Changeuserspassword
TochangeauserpasswordgotoApache'sconfigurationdirectoryandexecutethefollowing
commandfromashell:
$sudohtpasswd./usersgestioipaccount
6.1.1.3Deleteaccounts
TodeleteaGestiIPaccount,authenticatedbyHTTPbasicauthentication,youneedtodeleteit
fromthepasswordfileusersgestioip(e.g.in/etc/apache/or/etc/httpd/)andfromGestiIP'sApache
configurationgestioip.conf(e.g.in/etc/apache/conf.dor/etc/httpd/conf.d).
TodeleteaaccountfromthepasswordfilechangetoApache'sconfigurationdirectoryandexecute
thefollowingcommandfromashell:
$sudohtpasswdD./usersgestioipaccount
TodeleteanaccountformGestiIP'sApacheconfigurationopengestioip.confwithyourfavorite
73
DocumentationGestiIPIPAMv3.2
editoranddeletethedirectivesRequireuseraccount
ReloadtheApacheWebservertotakechangesaffect.
6.2Authorization
TheauthorizationforthedifferentfunctionsofGestiIPismadebytheGestiIPsoftware.Itis
disabledbydefault.
ThepermissionstoaccessthedifferentfeaturesofGestiIParedefinedfortheUserGroups.To
assignpermissionstoaUsermakeitmemberofanadequateUserGroup.
Toenabletheauthorizationfeatureyouneedtoexecutethefollowingsteps:
Activatetheauthorizationfeature.
Adaptthedefaultusergroupstoyourequirementsorcreateusergroups.
Createusersandassigntheadequateusergrouptotheuser.
Note:
IfyouusetheauthorizationfeatureitisrecommendedtouseindividualaccountsforeveryGestiIP
user.
6.2.1Activation
ToactivatetheauthenticationgotomanagemanageGestiIP,settheparameterUser
managementtoyesandclicksave.Thiswillcreateanentryfortheactualuserintheuser
databaseandmakeitmemberofthegroupGestiIPAdmin,whichhasallpermissions,including
thepermissiontocreatenewusersandusergroups.
ActivatingtheauthorizationfeaturealsocreatesthetwonewmenuitemsUsersandUser
Groupsundermanageitem(afteractivatingauthorizationclickoveranylinktomakethenew
menuitemsappear).
74
DocumentationGestiIPIPAMv3.2
Fig.67:MenuitemsUsersandUserGroups
6.2.2Users
WithactivatedauthorizationfeatureyouneedtodefineGestiIPusersforalluserswhichshould
accesstoGestiIP.TheGestiIPusersmustbethesameuserwhichareusedforauthentication(see
6.1).
Accesstomanage>Userstocreate,updateordeleteGestiIPusers.
Fig.68:Userlistview
6.2.2.1CreateUsers
ClickaddUsertocreatenewUsers.
75
DocumentationGestiIPIPAMv3.2
Fig.69:AddUserform
name:Username.Usernamesmustbethesamenamesastheusernameswhichareusedtoaccessto
GestiIP's.(mandatory)
UserGroup:Theusergroupdeterminethepermissionsoftheuser.(mandatory)
email:emailaddressoftheuser1@domain.org.(optional)
phone:phonenumber.(optional)
comment:Anoptionalcomment.
ClickaddtocreatethenewUser.
6.2.2.2EditUsers
Clickoverthe
symboltoaccesstheeditUserform.
6.2.2.3DeleteUsers
Clickoverthe
symboltodeleteusers.
Note:
TheactualUsercannotbedeleted.
6.2.3UserGroups
UserGroupsareusedtodeterminetheUserpermissions.Accesstomanage>UsersGroupsto
create,updateordeleteGestiIPUserGroups.
76
DocumentationGestiIPIPAMv3.2
Fig.70:UserGrouplistview
GestiIPcomeswiththreedefaultUserGroups:
GestiIPAdmin:Groupwithallpermissions
Admin:Groupwithallpermissionexceptthepermissionstomanageusersandtochange
theGestiIPconfigurations
Readonly:Groupwithpermissionstoshow,butnottoeditnetworks,host,VLANs,ASand
leasedlines.
6.2.3.1Permissions
Theauthorizationsystemoffersthefollowingpermission:
GlobalPermissions
ManageGestiIPpermissionspermissiontodisplayandchangeallfunctionunder
manage>manageGestIP
Manageuserpermissionspermissionstocreate,read,updateanddeleteUsersandUser
Groups
Managesitesandcategoriespermissionstocreate,read,updateanddeletesitesand
categories
Managecustomcolumnspermissionstocreate,updateanddeletecustomhostand
networkcolumns
Readauditpermissionstoaccessauditlog
clientstoselectifthenonglobalpermissionsshouldbeavailableforalloronlyfora
specificclient
Clientspecificpermissions(nonglobalpermissions)
Networks
createnetworkspermissiontocreatenetworks
readnetworkinformationpermissiontolistnetworks
updatenetworkinformationpermissiontoupdatenetworks
deletenetworkspermissiontodeletenetworks
77
DocumentationGestiIPIPAMv3.2
Hosts
createhostspermissionstocreatehost
readhostinformationpermissiontolisthostentries
updatehostinformationpermissionsupdatehosts
deletehostspermissiontodeletehosts
VLANs
createVLANspermissionstocreateVLANs
readVLANinformationpermissionstolistVLANs
updateVLANinformationpermissionstoupdateVLANs
deleteVLANspermissionstodeleteVLANs
ConfigurationManagement(CM)
Showbackupeddeviceconfigurationspermissionstoshowthestoredconfigurationsof
thenetworkdevices
Uploaddeviceconfigurationspermissionstouploadconfigurationsorfilestodevices
whichareundercontroloftheCMmodule
AdministrateCMpermissionstochangetheCMconfigurationfordevices
AutonomousSystems
createASpermissionstocreateASs
readASinformationpermissiontolistASs
updateASinformationpermissionstoupdateASs
deleteASpermissionstodeleteASs
LeasedLines(LLs)
createLeasedLinespermissionstocreateLLs
readLeasedLineinformationpermissionstolistLLs
updateLeasedLineinformationpermissionstoupdateLLs
deleteLeasedLinespermissiontodeleteLLs
78
DocumentationGestiIPIPAMv3.2
6.2.3.2CreateUserGroups
ClickaddUserGrouptocreatenewUsersGroups.
Fig.71:AddUserGroupform
nameUserGroupname(mandatory)
descriptionanoptionaldescriptions
AssignthedesiredpermissiontotheUserGroupbyselectingtheadequatepermissioncheckboxes.
6.2.3.3EditUserGroups
Clickoverthe
symboltoaccesstheeditUserform.
6.2.3.4DeleteUserGroups
Clickoverthe
symboltodeleteusers.
Note:
TheactualUserGroupcannotbedeleted.
79
DocumentationGestiIPIPAMv3.2
6.2.4UsergipoperofGestiIPversions<3.2
Theauthorizationsystemwhichwasimplementedinrelease3.2eliminatestheneedoftheoldro
usergipoper.ThataffectstheApacheconfiguration.Astheauthorizationisnowmadebythe
GestiIPsoftware,thereisnotlongertheneedofthedirectivesforthedirectory
[DocumentRoot]/gestioip/res.Itisrecommendedtodeletetheconfigurationpartfortheres
directoryfromtheApacheconfigurationfileforGestiIP(gestioip.conf):
<Directory"/var/www/gestioip/res">
AddHandlercgiscript.cgi
AddDefaultCharsetutf8
AllowOverrideNone
Options+ExecCGI
AuthTypeBasic
AuthNameGestioIP
AuthUserFile/etc/apache2/usersgestioip
Requireusergipadmin
ErrorDocument401/gestioip/errors/error401.html
ErrorDocument403/gestioip/errors/error403.html
ErrorDocument404/gestioip/errors/error404.html
ErrorDocument500/gestioip/errors/error500.html
</Directory>
RestarttheApachewebservertotakethechangeaffect.
80
DocumentationGestiIPIPAMv3.2
7Advancedfunctions
7.1Updatecheck
GestiIPdisposesaboutamechanismtocheckiftherearesoftwareupdatesavailable.Clickover
helpcheckforupdatestoexecutetheupdatecheck.
Inthecasethatthereareupdatesavailable,theupdatecheckshowsalinktodownloadthelast
actualizationtarball,aswellasalinktothechangelogandanexplicationhowtoapplytheupdate.
Fig.72:Onlineupdatecheck
81
DocumentationGestiIPIPAMv3.2
7.2Databaseconfiguration(ip_config)
ThedatabaseconfigurationofGestiIPisstoredin/DocumentRoot/priv/ip_config
Becausethedatabasepasswordisstoredincleartext,theApachewebservermustbecorrectly
configuredandthepermissionsoftheconfigurationfile(500)mustbecorrectlyset.Tocheck
whethertheApache2webserveriscorrectlyconfigured,youcantrytoaccesstheconfigurationof
GestiIPwithabrowser.OpenthefollowingURLwithabrowser:
http://servername/gestioip/priv/ip_config
Youshouldreceivean"accessdenied"message.Incaseitispossibletoaccessthefileip_config,
checkfilepermissionsofip_configandreviewtheconfigurationofApache2.
Configurationparameterdescription:
parameter
description
bbdd_host
HostwheretheGestiIPMysqldatabaseruns
bbdd_port
Portonwhichthedatabaselistens
sid_gestioip
SIDoftheGestiIPdatabase
user_gestioip
GestiIPdatabaseuser
pass_gestioip
GestiIPdatabaseuserpassword
7.3Exportnetworks,VLANsorhoststoCSV
GestiIPincludesthepossibilitytoexportnetworksaswellashosttoCSVfiles(commaseparated
list)whichyoucanimporteasilye.g.intoLibreOfficeorMSExcel.
Clickimport/exportexportnetworksorhoststoCSVtoaccesstheexportform.
82
DocumentationGestiIPIPAMv3.2
Fig.73:Network,VLANorhostexportform
Thereiseithertheoptiontoexportallnetworks/VLANs/hostsortoexportnetworks,VLANsor
hostswithmatchaspecificstring.ThestringcouldbeanIPaddress(orapartofanIPaddress),a
partofthedescription,site,categoryorcomment.
HostexportoffersfurthermoretheoptiontoexportallIPaddressesofadedicatednetworkby
introducingthenetworkID(e.g.172.16.4.0)intothetextboxfromnetwork.
Clickexporttoexecuteexportfunction.Afterasuccessfulexportalinktodownloadtheexported
dataisshown.
Fig.74:Linktodownloadtheexporteddata
83
DocumentationGestiIPIPAMv3.2
WhenimportingthedataintoaspreadsheetapplicationchooseUTF8likecharactersetand,
(coma)likeseparator.
7.4Addanewlanguage
CurrentlyGestiIPsupportsthefollowinglanguages:Catalan,Spanish,Italian,Germanand
English.GestiIPpossessesasystemthatmakesiteasytoaddnewlanguages.Toaddanew
languageyouneedtotranslateonofthefilescontainingthelanguagevariables.:
Totranslatethelanguagefilemakeacopyofoneoftheexistinglanguagefiles(e.g.
/DocumentRoot/vars/vars_en)andnameitvars_xy(replacethexywiththeabbreviationofthenew
languageforFrench"vars_fr",forDanish"vars_dk".Theabbreviationmustcontaintwoorthree
characters).Thefilecontainsvariablessuchas:
name_of_the_variable=valueofthevariable
examplefile/DocumentRoot/vars/vars_en
mostrar_redes_message=shownetworks
mostrar_red_message=shownetwork
busqueda_detallada_message=advancedsearch
crear_red_message=createnewnetwork
Translatethetextstartingattherightofthe"="
SpecialcharactersmustbeintroducedencodedinHTML(>ú)
And...
Sendthenewlanguagefiletocontact@gestioip.net.Itwouldbeapleasuretoinclude
supportforyourlanguagewithinthenextactualizationofGestiIP!
84
DocumentationGestiIPIPAMv3.2
8IPv6Addressplan
GestiIPofferstoolswhichcanhelptobuildtoyourorganizationadaptedIPv6addressplanes.
ItsupportstwodifferentmethodstocreateIPv6addressplans:TranslationoftheexistingIPv4
subnetschemetoIPv6onthebaseofanIPv6addressblockortocreateanhierarchicalIPv6
addressplanonthebaseofsitesandcategories.
8.1Directtranslation
Withthismethodyoucantranslatethewholeorarecognizable,uniquepartoftheIPv4address
rangestoIPv6.ItbasesonanspecifiedIPv6addressblock.TheoctetsoftheIPv4addressesare
translatedonebyonetoanhexadecimalvalue.ThecorrespondingIPv6networksarecreatedfrom
thegivenIPv6addressrangeplusthetohexadecimalconvertedvaluesoftheindividualoctetsof
theIPv4address.
Example
IPv6addressblocktobuildtheplanfrom:2001:bd8::
IPv4addressrangeusedbyorganization:192.168.0.0192.168.255.255
Examplenetwork:192.168.190.32/27
Octett
Decimal hexadecimal
oct1
192
C0
oct2
168
A8
oct3
190
BE
oct4
32
20
IfitispossibletotraduceallIPv4networksoronlyapartofthemtoIPv6dependsintheprefix
lengthofthespecifiedIPv6addressblock.PrefixLength>32donotofferenoughbitstomapthe
wholeIPv4addressspace.IfyouuseanIPv6addressblockswithaprefixlength>32youmust
curtailtheIPv4addressrangeyouwanttotranslate.TableaboveshowsthetranslatedIPv6address
fordifferentcombinationsofPrefixLength,IPv4octetsandtheIPv4bitmasks(IPv6addressblock
2001:bd8::andIPv4network192.168.190.32/27).
85
DocumentationGestiIPIPAMv3.2
Prefixlegth RequieredIPv4
octets
Translationonlyfor
networkswithIPv4
Bitmask
translatedIPv6address
<=32
all
2001:db8:C0A8:BE20::
3340
oct1
all
2001:db8:A8BE:2000::
4148
oct1+oct2
1724
N/A(networkBitmaskis27)
oct1+oct3+oct4 2532
2001:db8:0:2000::
8.1.1Createtheaddressplan
TotranslateyourexistingIPv4networkstoIPv6clickovernetworks>IPv6addressplan.
Step(1)
IntroducetheIPv6addressblockyouwanttocreatetheplanfromandpresssend.
Fig.75:CreatehierarchicalIPv6addressbytranslationexistingIPv4networks
Step(2)
CurtailtheIPv4addressrangeyouwanttotranslatebyintroducingtherequiredoroptionaloctets
oftheIPv4addressrange.IfyouworkwithanIPv6addressblockwithaprefixlength>40you
needtospecifyatleastthefirsttwooctets.Byintroducingthefirsttwooctets,onlytheIPv4
networkswithbitmaskfrom1724willbetranslated.Byintroducingthefirstthreeoctets,onlythe
IPv4networkswithbitmasksfor2532willbetranslated.
86
DocumentationGestiIPIPAMv3.2
Fig.76:Curtailaddressrangetotranslate
Afterclickingsend,alistwiththenetworkstocreatewillbedisplayed.TocreatethenewIPv6
networkswithinGestiIP'sdatabaseeditthenetworksfieldsandpresscreate.Toavoidthat
specificnetworkswillbecreated,unselectthecheckboxcreatebehindtheregardingnetworks.
8.2HierarchicalIPv6addressplanbasedonsitesand
categories
GestiIP'shierarchicaladdressplanbuilderoffersthepossibilitytomapthenetworkstructureofan
organizationtothe(physical)structureofit'ssitesandnetworkscategories.Thereforeit'snecessary
todefinewellthedifferentsitesandcategoriesofyourorganizationbeforeyoubegintocreatea
hierarchicaladdressplan.
OneofthebenefitsofahierarchicalplanisthatyoucanrecognizedirectlyfromtheIPaddressto
whichsitetheaddressbelongs.
Example
Aorganizationhasthreesites(site1,site2,site3),sevencategories(prod,preprod,test,dev,test,
corpA,corpB)andatmost95networkspercategory.It'sISPhasassignedittheIPv6addressblock
2001:AAAA:BBBB:/48.
Withaprefixlengthof48remain4bitstomaptheexistingsites,categoriesandnetworksper
category.Howmanybitswillbereservedforeachonedependsonit'snumber.
ThefollowingtableshowshowGestiIPwoulddistributethefreefourbitsinrelationwiththe
numberofsites,categoriesandnetworkspercategoriesforthisexample:
87
DocumentationGestiIPIPAMv3.2
IPv6addressblock:2001:aaaa:bbbb:0000:0000:0000:0000:0000/48
site
2001:aaaa:bbbb:0000::
categories
2001:aaaa:bbbb:0000::
Networkspercategory
2001:aaaa:bbbb:0000::
Thetableaboveshowssomeaddressesthatcouldbecreatedwithinthisplan.
LevelI(sites)
LevelII(categories)
LevelIIInetworks/categorie
2001:aaaa:bbbb:0000::
2001:aaaa:bbbb:0000::
2001:aaaa:bbbb:0000::
2001:aaaa:bbbb:0001::
2001:aaaa:bbbb:0100::
2001:aaaa:bbbb:0100::
2001:aaaa:bbbb:0101::
2001:aaaa:bbbb:0102::
2001:aaaa:bbbb:0200::
2001:aaaa:bbbb:0200::
2001:aaaa:bbbb:1000::
2001:aaaa:bbbb:1000::
2001:aaaa:bbbb:1000::
2001:aaaa:bbbb:2000::
2001:aaaa:bbbb:2000::
2001:aaaa:bbbb:2000::
8.2.1Createtheaddressplan
TocreateahierarchicalIPv6addressplanclickovernetworks>IPv6addressplan
Step(1)
IntroducetheIPv6addressblockyouwanttocreatetheplanfromandpresssend.
Fig.77:createhierarchicalIPv6addressplanfromanIPv6block
88
DocumentationGestiIPIPAMv3.2
Step(2)
Choosethenumberofsites,categoriesandnetworkspercategorywhichyouneedtomapyour
organization'sstructure(takefuturegrowinginmind).
Fig.78:Numberofsiteandcategorynetworksandnetworkspercategroy
GestiIPmakeshereaproposalbasedonexistingsites,categoriesandnetworkspercategory.With
markedcheckboxCarryoverthedescriptionsandcommentsofexistingIPv4networks,the
descriptionsoftheexistingIPv4networkswillbeassignedtothenewIPv6networkswiththe
correspondingsitesandcategories.GestiIP'sdefaultbehavioristocreateasmanynewnetworks
persiteandcategoryasexistingIPv4networks.WithselectedcheckboxCreatenewendnetworks
independentlyofthenumberofexistingsitesandcategoriesyouwillhaveinalaterstepthe
possibilitytointroducethenumberofnetworkstocreateforeachsiteandcategoryindependently.
Onceyouhavechosenthenumbersclicknext.
Step(3)
GestiIPcalculatesallpossiblecombinationsofnetworkdistributionsonthebaseofthenumbers
whichwhereintroducedinthepreviousstepanddisplaysalistwithpossiblenumbersoflevelI
subnets(designatedforthelocationrootnetworks).
89
DocumentationGestiIPIPAMv3.2
Fig.79:LevelInetworks(sites)
Clickoverthelinkwiththenumberofnetworksyouwanttoreserveforthelocations.
Step(4)
InthissteptherewillbealistofpossiblenumbersoflevelIIsubnetsdisplayed(designatedforthe
categoryrootnetworks).
Fig.80:LevelIInetworks(categories)
Choosethenumberofnetworksyouwanttoreserveforthecategoriesandclickoverthe
correspondinglink.AlistoflevelIIandlevelIIInetworkswillbedisplayed(thenumberoflevel
IIIsubnetswillautomaticallybecalculatedfromtheprefixlengthofthelayerIInetworks).Ifyou
arenotsatisfiedwiththeresultusethebacklinktoreturntopreviouspagetochangethenumberof
levelIsubnets.
90
DocumentationGestiIPIPAMv3.2
Step(5)
AlistoflevelIIandlevelIIInetworkswillbedisplayed(thenumberoflevelIIIsubnetswill
automaticallybecalculatedfromtheprefixlengthofthelayerIInetworks).
Fig.81:LevelIIInetworks(networkspercategory)
Ifyouaresatisfiedwiththeresultclickoversend.IfthecheckboxCreatenewendnetworks
independentlyofthenumberofexistingsitesandcategoriesfromstep(2)wasselected,therewill
beaformdisplayedwhichallowstointroducethedefinitivenumberofnewnetworksperlocation
andcategorythatshouldbecreated.
Step(6)(optional)
Introducethenumberofnetworkswhichyouwanttobecreatedforeachlocation/categoryand
clicknext
91
DocumentationGestiIPIPAMv3.2
Fig.82:Numberofnetworkstocreate
Step(7)
Alistofthenetworkswhichshouldbecreatedwillbedisplayed.WithmarkedcheckboxCarry
overthedescriptionsandcommentsofexistingIPv4networks(Step(2)),thecommentsofthe
IPv4networksaretakenoverforthenewIPv6networks.Editthedescriptionsofthenetworks,add
anoptionalcommentandselectthesynccheckboxityouwantthatthenewnetworkwillbe
processedbyautomaticactualization(see9).Ifyouwanttoavoidnetworksfrombeingcreated
unselectthecheckboxcreate.Onlynetworkswithselectedcreatecheckboxwillbecreated.
92
DocumentationGestiIPIPAMv3.2
Fig.83:Editnetworkparamters
ClicklinkcreateatthebottomofthepagetoinsertthenewnetworksintoGestiIP'sdatabase.
9Automaticupdate
GestiIPcomeswithscriptswhichautomaticallyupdatethedatabaseofGestiIPviaSNMP
(ip_update_gestioip_snmp.pl),againsttheDNS(ip_update_gestioip_dns.pl)andagainstanOCS
InventoryNG(ip_update_gestioip_ocs.pl).
It'shighlyrecommendedtoenableautomaticupdate(AU)tomakesurethatGestioIP'sdatabaseis
alwaysuptodate.AUagainstDNSandviaSNMPcanberuninanyenvironmentswhichdispose
ofaDNSserver.IfyouhaveaninstallationofanOCSInventoryNGyoucanalsoupdate
GestioIP'sdatabaseagainsttheOCSdatabase.
AUagainstDNS/SNMPandAUagainstOCSInventoryNGworkdifferent.AUagainst
DNS/SNMPprocessesalladdressesofanetwork.AUagainstOCSonlyprocessestheentrieswhich
arefoundintheOCSdatabase.Thatcauses,thatentrieswhicharedeletedfromOCSdatabasewill
notlongerprocessedbyAUagainstOCSandwillnotbedeletedformGestioIP'sdatabasebyAU
againstOCS.AUagainstDNSisabletodetectanddeletethisentries.SoifyourunAUagainst
OCS,runalwaysAUagainstDNS,too.Configurethecronjobsinthatway,thatAUagainstOCS
willbeexecutedbeforeAUagainstDNS.
93
DocumentationGestiIPIPAMv3.2
Note
IfyouruntheautomaticupdateagainstDNS(ip_update_gestioip_dns.pl)againstanIPv6network
youneedtoallowDNSzonetransfersfromtheGestiIPserverontheDNSservers.
Note
Createacronjobtoexecutethescriptsautomatically(see9.4).
Note
Theautomaticupdateprocessesonlynetworkswithchecked"sync"field(see3.2.1).
Note
AUneednotrunonthehostwiththeinstallationofGestiIP.Ifyouhaveamonitoringserver(e.g.
withNagios)whichcanreachallrelevantnetworkswithpingandSNMP,thiscouldbeagood
placetorunscriptsfrom.
Note
AUmightriseloadonthehostwherethescriptsrunandonDNSservers
9.1Scriptdirectorystructure
Sinceversion3.0theinstallationcreatesthefollowingdirectorystructurefortheAUscripts
under/usr/share:
/usr/share/gestioip/bin
DirectorywithAUscripts
/usr/share/gestioip/bin/web
DirectoryforWebbaseddiscoveryscripts(notrelevantforAU)
/usr/share/gestioip/etc
DirectorywithconfigurationforAUscripts
(ip_update_gestioip.conf)
/usr/share/gestioip/etc/vars
Directorywherethelanguagefilesarestored
/usr/share/gestioip/var/log
Directorytostorelogfiles
/usr/share/gestioip/var/run
Directorytostorelockypidfiles
Importantnote
AUofolderversionarenotcompatiblewithGestiIPv3.0.DisableAUcronjobsbeforeupdating
tov3.0andreconfigurecronjobswithnewscriptafterupdatingGestiIP.DoNOTuseAU
scriptsofolderversionswithv3.0.
94
DocumentationGestiIPIPAMv3.2
9.2Commandlineoptions
$./ip_update_gestioip_snmp.plhelp
usage:ip_update_gestioip.pl[OPTIONS...]
v,verbose
verbose
V,Version
printversionandexit
l,log=logfile
logfile
d,disable_audit
disableauditing
c,config_file_name=config_file_namenameoftheconfigurationfile(withoutpath)
L,Location=locationscomasepartedlistoflocations
N,Network_file=networks.listfilewiththelistofnetworkstoprocess
C,CSV_networks=csv_listcomaseparatedlistofnetworkstoprocess
m,mail
sendtheresultbymail(mail_destinatarios)
h,help
help
./ip_update_gestioip_snmp.plhelp
configurationfile:/usr/share/gestioip/etc/ip_update_gestioip.conf
$./ip_update_gestioip_dns.plhelp
usage:ip_update_gestioip_dns.pl[OPTIONS...]
t,test
testingmodenodatabasechangeswouldbemade(needsoptionv)
v,verbose
verbose
V,Version
printversionandexit
l,log=logfile
logfile
c,config_file_name=config_file_name nameoftheconfigurationfile(withoutpath)
L,Location=locations
comasepartedlistoflocations
N,Network_file=networks.list
filewiththelistofnetworkstoprocess
C,CSV_networks=csv_list
comaseparatedlistofnetworkstoprocess
d,disable_audit
disableaudit
m,mail
sendtheresultbymail(mail_destinatarios)
h,help
help
configurationfile:/usr/share/gestioip/etc/ip_update_gestioip.conf
95
DocumentationGestiIPIPAMv3.2
$./ip_update_gestioip_ocs.pl
usage:ip_update_gestioip.pl[OPTIONS...]
v,verbose
V,Version
l,log=logfile
m,mail
h,help
verbose
Version
logfile
sendtheresultbymail(mail_destinatarios)
help
configurationfile:/usr/share/gestioip/etc/ip_update_gestioip.conf
Note
Ifyourunthescriptsmanuallyuseverboseoption(./ip_update_gestioip.plv)toseewhat's
happening.
Note
Ifyouwanttoruntheactualizationscriptsforvariousclients,createconfigurationfilesforevery
clientandspecifytheconfigurationfileforeveryscriptinstancewiththecoption
(ip_update_gestioip.pldoesnotdisposeaboutthecoption,specifytheconfigurationfiledirectly
inthescript).
9.3Configuration
Theconfigurationofip_update_gestioip_dns.plandip_update_gestioip_ocs.plisstoredinthefile
"/usr/share/gestioip/etc/ip_update_gestioip.conf".
Configurationparameterdescription:
parameter
description
defaultvalue
sid_gestioip
SIDoftheGestiIP'sdatabase
gestioip
user_gestioip
GestiIP'sdatabaseuser
gestioip
pass_gestioip
GestiIP'sdatabaseuserpassword
bbdd_host_gestioip
HostwheretheGestiIPMysqldatabaseruns
localhost
bbdd_port_gestioip
PortwhereGestiIP'sMysqldatabaseis
listening
sid_osc
SIDoftheOCSdatabase
ocsweb
user_ocs
OCS'sdatabaseuser
ocs
96
DocumentationGestiIPIPAMv3.2
pass_ocs
OCS'sdatabaseuserpassword
bbdd_host_ocs
HostwheretheOCSMysqldatabaseruns
bbdd_port_ocs
PortwhereOCSMysqldatabaseislistening
3306
GlobalparametersrelevantforupdateviaSNMP,againstDNSoragainstOCS
lang
languagesupportedvalues:en,es,cat,de
en
mail_destinatarios
Wheretosendthereport.Comaseparatedlist
ofmailaddresses.
Example:
user1@domain.org,user2@domain.org
mail_from
Fromforthereportmail.Changeyour
domaintoyourdomain.
GestioIP@your
domain.org
logdir
Wheretostorethelogfile
.
(actualdirectory)
ignore_generic_auto
Setthisvalueto"yes"iftheupdatescript
shouldignoreDNSentriesthatmatchauto
generatedgenericrDNSentries(see3.2.2.3)
yes
ignorar
GenericrDNSentriestoignorewhenupdating
anetworkagainsttheDNS(see3.2.2.3)
max_sinc_procs
Maximumnumberofparallelprocessestofork 128
whensynchronizinganetworkagainstthe
DNS.
Decreasethisvalueiftheautomaticupdateuses
toomuchCPUloadorincreaseitforfasterrun.
Also,havealookatCPUloadofyourDNS
serversduringtherunofscripts(iftheservers
arenotverybusyavalueof254shouldnotbea
problem).
possiblevalues:4,8,16,32,64,128,254
generic_dyn_host_name
Configureherestringsthatmatchgeneric
nameswithareassignedviaDHCP(see3.6.2).
Commaseparatedlist,casesensitive.
Example:PC,LAP
(fordynamicassignednamessuchasPC
001,PC002,LAP001,LAP002)
dyn_rangos_only
Setdyn_ranges_onlyto"yes"ifyouonlywant no
toupdateIPsofreservedranges
ParameterrelevantforupdateagainstDNS
actualize_ipv4_dns
Setthisparametertoyesifyouwantthatthe yes
updateagainstDNSprocessesIPv4networks
actualize_ipv6_dns
Setthisparametertoyesifyouwantthatthe yes
97
DocumentationGestiIPIPAMv3.2
updateagainstDNSprocessesIPv6networks
delete_dns_hosts_all_down
Setthisparameterto"yes"ifyouwantupdating yes
againstDNStodeleteallIPsthatdontrespond
topingandthatdon'thaverDNSentries.
ParameterrelevantforupdateagainstDNS
no_ocs_redes
Fornetworkswhichshouldnotbesynchronized
againsttheOCS.
Onlyforip_update_gestioip_ocs.pl
Commaseparatedlist.
Example:10.0.1.0,192.168.0.0
set_update_type_to_ocs
Setthisto"yes"ifautomaticupdateagainst
no
OCSshouldsettheupdatetypeto"ocs".When
update_typeissetto"ocs"automaticupdate
againstDNSwillnotoverwriteupdatesfrom
OCS.
Onlyforip_update_gestioip_ocs.pl
ignore_ocs_host_down
OCSdoesn'talwaysdeleteoldentriesfromits yes
database.Ifyouset"ignore_ocs_host_down"to
"yes",updateagainstOCSwillonlyupdate
GestiIPsdatabasewithIPswhichrespondto
"ping".
Onlyforip_update_gestioip_ocs.pl
Setthisparameterto"yes"ifyouwantupdating no
againstOCStodeleteallIPsthatdontrespond
toping
Onlyforip_update_gestioip_ocs.pl
ParameterrelevantforupdateviaSNMP
actualize_ipv4_snmp
Setthisparametertoyesifyouwantthatthe yes
updateviaSNMPprocessesIPv4networks
actualize_ipv6_snmp
Setthisparametertoyesifyouwantthatthe yes
updateviaSNMPprocessesIPv6networks
snmp_community_string
SNMPCommunity(SNMPv1/v2c)orusername public
(SNMPv3)
snmp_version
SNMPversion
allowedvalues:1,2,3
snmp_user_name
SNMPusername(SNMPv3)
98
DocumentationGestiIPIPAMv3.2
sec_level
SNMPsecuritylevel(noAuthNoPriv,
authNoPriv,authPriv)
authNoPriv
auth_proto
SNMPauthenticationprotocol
MD5
auth_pass
SNMPauthenticationpasssword
priv_proto
SNMPprivacyprotocol(DES,3DES,AES)
priv_pass
SNMProvacypassword
3DES
Note
Ifyouuseboth,AUagainstDNSandAUagainstOCS,checklogfilesorauditforpingpongeffects
(e.g.AUagainstDNSupdatesanentryandAUagainstOCSdeletesit.).Ifpingpongeffects
occurcheckwhetherAandrDNSentriesfortheaffectedIPaddressarecorrectlyconfigured.
9.4Automaticexecutionwithcron
Createacronjobtoactivatetheautomaticupdate.
ExampleI
Withthecrontabentriesbelowip_update_gestioip_snmp.plwillbeexecutedeverySaturdayat
22:30.
3022**6/usr/share/gestioip/bin/ip_update_gestioip_snmp.plm>/dev/null
2>&1
ExampleII
Withthecrontabentriesbelow,ip_update_gestioip_dns.plandip_update_gestioip_ocs.plwillbe
executedeverydayonceperhour(ip_update_gestioip_dns.plat00:30,01:30,02:30,...and
ip_update_gestioip_ocs.plat00:45,01:45,...)assumingthatip_update_gestioip_dns.plneedless
than15minforonerun.
30****/usr/share/gestioip/bin/ip_update_gestioip_dns.plm>/dev/null
2>&1
45****/usr/share/gestioip/bin/ip_update_gestioip_dns.plm>/dev/null
2>&1
99
DocumentationGestiIPIPAMv3.2
Note
Chooseafrequencythatensuresthatthelastrunofthescripthasfinishedwhencronexecutesthe
scriptagain(scriptscreatesemaphorefilessoit'ssurethatthereareneverrunningmultiple
instancesofthescript)
Youcanusethecommandtimetodeterminehowlogthescriptneedsforonerun.Execute
$time./ip_update_gestioip_dns.plv
....
real0m14.431s<timethescripneedstorun
user0m1.864s
sys0m2.432s
(resultforoneclassCnetwork)
9.5RequiredPerlModules
AutomaticupdatescriptsdependamongstothersonthefollowingPerlModules:
DBI,DBDmysql,Net::IP,Net::Ping::External,Parallel::ForkManager,Net::DNS,SNMP::Info,
ParseExcel(optional),OLEStorage_Lite(optional,neededbyParseExcel).
IfyouruntheupdatescriptsfromahostotherthantheGestiIPhost,youneedtoinstallthisPerl
Modulesonthemachine,too.
Ifyouexecutetheupdatescriptsfromcommandline,missingmoduleswillbeindicatedbyanerror
messagelike:
Can'tlocateParseExcel.pmin@INC(@INCcontains:...
HerearesomeexamplesofhowtoinstalltherequiredPerlModulesfordifferentLinux
distributions(alreadyinstalledmoduleswillbeignored):
Debian/Ubuntu
ManyofthispackagesarefromUniverserepository.Youhavetoenable(uncomment)itin
/etc/apt/sources.list.Don'tforgettoexecutesudoaptgetupdatetoresynchronizethepackage
indexfilesfromtheirsourcesaftereditingsources.list
$sudoaptgetinstalllibdbiperllibdbdmysqlperllibparallelforkmanager
perllibnetpingexternalperllibwwwperllibnetipperllibspreadsheet
parseexcelperllibsnmpperllibdatemanipperllibdatecalcperllibtime
modulesperllibmailtoolsperllibnetdnsperllibsnmpinfoperl
100
DocumentationGestiIPIPAMv3.2
Suse
$sudozypperinstallPerlDBDmysqlperlDBIPerlNetIPperllibwwwperlperl
SNMPperlMailToolsperlTimemodulesperlDateCalcperlDateManipperlNet
DNS
ThefollowingPerlmodulearenotavailablefromSuserepository:Parallel::ForkManager,
ParseExcel,OLEStorage_LiteandSNMP::Info
Downloadthemodulesfromhttp://search.cpan.org/andinstallitmanually(see9.5.1).
Fedora/RedHat/CentOS
$sudoyuminstallperlNetIPperlNetPingExternalperlParallelForkManager
perlDBIperlDBDmysqlperlSpreadsheetParseExcelnetsnmpperlperlDateManip
perlDateCalcperlTimeDateperlMailToolsperlSNMPInfoperlNetDNS
NoteforRedhat5andCentOS5.3
ThefollowingPerlmodulesarenotavailablefromrepositories:ParallelForkManager,NetPing
External,Net::DNSandSNMP::INFO
Downloadthemodulesfromhttp://search.cpan.org/andinstallthemmanually(see9.5.1).
9.5.1ManualinstallationofmissingPerlmodules
Ifyourunautomaticupdatefromadifferenthostthanthatwhichcomeswithinstallationof
GestiIPtheremightbePerlmodulesmissing.
Downloadthemissingmodulesfromhttp://search.cpan.organdinstallthemusingthefollowing
commands(requiresthatmakeisinstalled):
$tarvzxfmodule.tar.gzorratherunzipmodule.zip
$cdmodule
$perlMakefile.pl
$make
$sudomakeinstall
101
DocumentationGestiIPIPAMv3.2
9.5.1.1SNMP::InfoandNetdiscoMIBs
VLANdiscoveryaswellaspartsofhostdiscoveryviaSNMParebasedonthePerlModule
SNMP::Info,developedbyMaxBackerfortheNetdiscoproject.SNMP::InforequirestheNetdisco
MIBstobeinstalledonthesystem.IfNetdiscoMIBsarealreadyinstalledontheserveryoucan
specifythepathtothedirectorywheretheMIBfilesarestoredfromManageGestiIP.
ToinstallMIBfilesdownloadthemlatestversionoftheNetdiscoMIBsfromSourceforge:
https://sourceforge.net/projects/netdisco/files/netdiscomibs/
Untarthefilenetdiscomibsx.y.tar.gz
$tarvzxfnetdiscomibsx.y.tar.gz
Copythecontentofnetdiscomibsx.y/to/usr/share/gestioip/mibs/
$sudocprnetdiscomibsx.y/*/usr/share/gestioip/mibs/
ChangetheownerandgrouptotheuserunderwhichisrunningtheApacheWebserver(e.g.
Ubuntu:wwwdata)
$sudochownRwwwdata:wwwdata/usr/share/gestioip/mibs
102
DocumentationGestiIPIPAMv3.2
10Generalinformation
10.1Backup
Don'tforgettoincludeGestiIP'sdatabasewithinyourbackupstrategy.
TomakeamanualbackupofGestiIP'sdatabaseexecutethefollowingcommand:
$mysqldumpugestioippgestioip>backup_gestioip.sql
Torecoverabackupmadewithmysqldumpexecutethefollowingcommand:
$mysqlugestioippgestioip<backup_gestioip.sql
10.2Firewallrules
GestioIP'sWebbased,aswellasthescriptbaseddiscoveryandupdatefunctionsareworkingwith
withDNSandSNMPqueriesplusICMPechorequests(ping).Thatmeansthatthenameservers
mustbeaccessibleandthatthetargetnetworksmustbereachablewithSNMPandICMPfromthe
hostwiththeinstallationofGestiIPandthehostwheretheupdatescripts(see9)arerunning(if
notthesame).AllconnectionsareinitializedbyGestiIP.Thatmeansthatthefollowingfirewall
rulesarenecessarytorunGestiIP'supdatefunctionsproperly.
protocol
srcaddress
srcport
destaddress
destport
ICMPechorequest(type GestiIPhost
8)
destinationnetworks
UDP
GestiIPhost
>1023
destinationnetworks
161
UDP
GestiIPhost
>1023
DNSservers
53
TCP(forzonetransfers) GestiIPhost
>1023
DNSservers
53
ICMPechoreply
(type0)
destinationnetworks
GestiIPhost
UDP
destinationnetworks
161
GestiIPhost
>1023
UDP
DNSservers
>1023
GestiIPhost
53
TCP(forzonetransfers) DNSservers
>1023
GestiIPhost
53
103
DocumentationGestiIPIPAMv3.2
10.3JavaScript
GestiIPusesJavaScript.YouhavetoenableJavaScriptinyourbrowsertouseGestiIP.
10.4Cookies
GestiIPusesthefollowingsixcookies:
GestioIPLangtorememberthelastusedlanguage
EntriesRedPorPagetorememberthelastvalueofentries/page(networkentriesshownper
page)
scrollxandscrollytoscrolltolastpositionaftermanipulatinghostfromlistview
net_scrollxandnet_scrollytoscrolltolastpositionaftermanipulatingnetworksfrom
listview
ShowRootNettodecideofrootnetworksshouldbedisplayed
ShowEndNettodecideofendnetworksshouldbedisplayed
11Troubleshooting
InthischapteryoufindtipshowtotroubleshootsomecommonproblemswhilerunningGestiIP.If
thischapterdoesn'thelpyoutoresolveaproblempleasevisittheHelpForum
(http://sourceforge.net/projects/gestioip/forums/forum/981984)orreporttheproblem
tocontact@gestioip.net.
11.1SNMP
ProblemrelatedconSNMPbaseddiscoverymechanismsarefrequentlycausedbymissingof
requiredstandardMIBsoraincorrectinstallationofNetdiscoMIBs(requiredbySNMP::Info).
11.1.1GeneralSNMPproblems
(1)snmpwalk
RunthecommandsnmpwalkfromashelloftheserverwiththeGestiIPinstallationtocheckifthe
targetmachineisreachableandiftherequiredstandardMIBs(SNMPv2MIB,IPFORWARD
MIB,RFC1213MIB)arecorrectlyinstalled(MIBsarecorrectlyinstalledifOIDsappearasstring).
104
DocumentationGestiIPIPAMv3.2
$snmpwalkv1cCOMMUNITYIP_ADDRESS_TO_QUERY|head10
SNMPv2MIB::sysDescr.0=STRING:Linuxhostname2.6.3811generic
#50UbuntuSMPMonSep1221:18:14UTC2011i686
SNMPv2MIB::sysObjectID.0=OID:NETSNMPMIB::netSnmpAgentOIDs.10
DISMANEVENTMIB::sysUpTimeInstance=Timeticks:(372953)1:02:09.53
SNMPv2MIB::sysContact.0=STRING:Me<me@example.org>
SNMPv2MIB::sysName.0=STRING:hostname
SNMPv2MIB::sysLocation.0=STRING:SittingontheDockoftheBay
SNMPv2MIB::sysServices.0=INTEGER:72
SNMPv2MIB::sysORLastChange.0=Timeticks:(1)0:00:00.01
SNMPv2MIB::sysORID.1=OID:
SNMPFRAMEWORKMIB::snmpFrameworkMIBCompliance
SNMPv2MIB::sysORID.2=OID:SNMPMPDMIB::snmpMPDCompliance
andnot
.1.3.6.1.2.1.1.1.0=STRING:Linuxhostname2.6.3811generic#50Ubuntu
SMPMonSep1221:18:14UTC2011i686
.1.3.6.1.2.1.1.2.0=OID:.1.3.6.1.4.1.8072.3.2.10
.1.3.6.1.2.1.1.3.0=Timeticks:(380424)1:03:24.24
.1.3.6.1.2.1.1.4.0=STRING:Me<me@example.org>
.1.3.6.1.2.1.1.5.0=STRING:hostname
.1.3.6.1.2.1.1.6.0=STRING:SittingontheDockoftheBay
.1.3.6.1.2.1.1.7.0=INTEGER:72
.1.3.6.1.2.1.1.8.0=Timeticks:(1)0:00:00.01
.1.3.6.1.2.1.1.9.1.2.1=OID:.1.3.6.1.6.3.10.3.1.1
.1.3.6.1.2.1.1.9.1.2.2=OID:.1.3.6.1.6.3.11.3.1.1
IfOIDsappearnumericallytherequiredMIBfilesaremissing.Install
themtoresolvetheproblem.E.g.Ubuntu:
$sudoaptgetinstallsnmpmibsdownloader
$sudodownloadmibs
Note
ErrormessageUnknownObjectIdentifierishabituallycausedbymissingofrequiredstandard
MIBsorabadconfigurationofsnmpclient.
Note
Havealthoughalookat/etc/snmp/snmp.conf
(2)Checkdependencies
ExecutethefollowingscriptfromashelloftheserverwiththeGestiIPinstallationtocheckifthe
105
DocumentationGestiIPIPAMv3.2
dependenciesarecomplied:
http://www.gestioip.net/files/gestioip_snmp_test.pl
Pleaseconfigureadeviceandthecommunitydirectlyinthescript.
11.1.2ProblemswithVLANdiscovery
VLANdiscoverydependsonthePerlmoduleSNMP::Info.VLANdiscoveryonlyworkswith
deviceswhicharesupportedbySNMP::Info.ConsultNetdisco(SNMP::Info)DeviceCompatibility
Matrixtocheckifyourdeviceissupported
http://netdisco.org/DeviceMatrix.html
Note
NetworkdiscoverydoesnotdependinSNMP::Info.SNMP::InfoisonlyrequiredforVLAN
discoveryandpartiallyforthehostdiscoveryviaSNMP.
11.1.3Problemswithnetworkdiscovery
AfailofthenetworkimportviaSNMPmaybecausedbymissingMIBfiles(see11.1.1)orbecause
thedevicedoesnotsupporttherequiredOIDs.
IPv4basednetworkimportdependsoneithertheOIDsipCidrRouteDest,ipCidrRouteMask,
ipCidrRouteProtoortheOIDsipRouteDest,ipRouteMask,ipRouteProto.
IPv6basednetworkimportdependsoneithertheOIDinetCidrRouteProtoortheOID
ipv6RouteProtocol.
YoucancheckiftherequiredODIsaresupportedbyyourdevicebyrunningthecommand
snmpwalk(thismaytakesometime):
$snmpwalkv1cCOMMUNITYIP_ADDRESS_TO_QUERY|grepinetCidrRouteProto
IPFORWARD
MIB::inetCidrRouteProto.ipv6."fe:80:00:00:00:00:00:00:03:c4:df:f3:fe:95:ac:12".1
28.1.4.ipv6."00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"=INTEGER:
local(2)
...
106
DocumentationGestiIPIPAMv3.2
11.2Database
GestiIPcomeswiththescriptgip_health_check.plwhichexecutesacoupleofconsistency
checksfortheMysqldatabase.Beforeyouexecutethescriptyouneedtoconfigurethedatabase
parametersdirectlyinthescript.YoufindthescriptinthescriptdirectoryoftheGestiIPtarball.
OpenitwithyourfavoriteeditorandconfigureSID,username,passwordandtheIPofthehost
wherethedatabaseisrunning.
############################
####Changefromhere...###
############################
my$sid_gestioip="gestioip";#SIDoftheGestioIPMysqldatabase
my$user_gestioip="gestioip";#GestioIP'sdatabaseuser
my$pass_gestioip="XXXXXX";#PasswordofGestioIP'sdatabaseuser
my$bbdd_host_gestioip="localhost";#HostnameorIPwheretheGestioIPMysql
databaseisrunning
############################
####...tohere###########
############################
Saveandclosethescript.Toexecutethescriptchangetothescriptdirectoryandexecutethe
followingcommand:
$./gip_health_check.pl
11.3UnistallingGestiIP
GestiIPdoesnotdisposeaboutanautomaticdeinstallationscript.Deinstallationmustbe
performedmanually.GestiIPconsistsinCGIfiles,theupdatescripts,theapacheconfiguration
andtheMysqldatabase.TouninstallGestiIPremovethisfiles,disabletheCronjobs(if
configured)anddeleteGestiIP'sdatabase.
Openashellandexecutethefollowingcommandos:
RemovetheCGIfiles:
$sudormr[DocumentRoot]/gestioip
(replace[DocumentRoot]withtheDocumentRootofyourApachewebserver)
Disablethecronjobs.
Removethescriptfiles:
$sudormr/usr/share/gestioip
107
DocumentationGestiIPIPAMv3.2
Removetheapacheconfiguration:
$sudormAPACHE_INCLUDE_DIR/gestioip.conf
(e.g.Ubuntu:rm/etc/apache/conf.d/gestioip.conf)
RemoveGestiIP'sApacheuserfile
$sudormAPACHE_CONF_DIR/usersgestioip
(e.g.Ubuntu:rm/etc/usersgestoip)
DeleteGestiIP'sMysqldatabase:
LogintomysqlCLI:
$mysqlurootp
mysql>dropdatabasegestioip;
mysql>exit;
12Licence
GestiIPisfreesoftware.ItisdistributedundertheGNUGENERALPUBLICLICENCEversion3
(GPLv3).
108
DocumentationGestiIPIPAMv3.2
AppendixA
ListofmanufacturesrecognizedbyGestioIP'sSNMPdiscoverymechanisms(displayedwith
iconsinhostlistview)
3com,Accton,Actiontec,Adder,Adtran,Aerohive,Aficio,Allied,Alps,Altiga,Alvaco,Anitech,
Apc,Apple,Arista,Arquimedes,Aruba,Asante,Astaro,Avaya,Avocent,Axis,Barracuda,Belair,
Billion,Bluecoat,Broadcom,Brocade,Brother,Calix,Canon,Checkpoint,Cisco,Citrix,
Cyberoam,Dell,Dialogic,Dlink,Dothill,Draytek,Eci,Edgewater,Eeye,Emc,Emerson,
Enterasys,Epson,Ericsson,Extreme,Extricom,F5,Fluke,Force10,Fortinet,Foundry,Fujitsu,Gta,
H3c,Heidelberg,Hitachi,Hp,Huawei,Ibm,Iboss,Imperva,Juniper,Kasda,Kemp,Kodak,Konica,
Lancom,Lanier,Lanner,Lantronix,Lenovo,Lexmark,LG,Liebert,Lifesize,Linksys,Lucent
alcatel,Lucent,Macafee,Megaware,Meru,Microsemi,Microsoft,Mikrotik,Mitsubishi,
Mobileiron,Motorola,Moxa,Multitech,Nec,Netapp,Netgear,Netsweeper,Nitro,Nokia,Nortel,
Novell,Oce,Oki,Olivetti,Olympus,Optibase,Oracle,Ovislink,Packetfront,Paloalto,Panasonic,
Passport,Patton,Peplink,Pica8,Polycom,Procurve,Proxim,Qnap,Radvision,Radware,Rapid7,
Realtek,Redback,Reflex,Ricoh,Riverbed,Riverstone,Ruckus,Samsung,Savin,Seiko_infotec,
Shinko,Siemens,Silverpeak,Sipix,Smc,Sonicwall,Sony,Sourcefire,Star,Stillsecure,Stonesoft,
Storagetek,Sun,Supermicro,Symantec,Tallygenicom,Tandberg,Tenda,Thomson,Tippingpoint,
Toplayer,Toshiba,Ubiquiti,Vegastream,Vidyo,Vmware,Vyatta,Watchguard,Websense,
Westbase,Xante,Xerox,Xiro,Zebra,Zyxel
ListofoperationsystemsrecognizedbyGestioIP'sSNMPdiscoverymechanisms(displayed
withicons)
AIX,ArchLinux,CentOS,Debian,Fedora,FreeBSD,FunToo,GenToo,JunOS,Linux,NetBSD,
Netware,OpenBSD,Redhat,Slackware,Solaris,Suse,Ubuntu,Turbolinux,Unix,Windows
GestiIPCopyrightMarcUebel2015
109