Advanced Settings
Contents
The advanced settings for each domain include:
Network Security
By default, the system masks the a variety of sensitive data in the configuration file of each device and GUI.
Check Box |
Default Value |
Description |
|---|---|---|
Remove the following sensitive data from the device configurations and UI |
Enabled |
The sensitive data include: 1.Line and console passwords 2.Local user passwords 3.Enable passwords 4.Enable Secret 5.SNMP community string 6.TACACS and Radius keys 7.VPN Keys and/or Certs 8.SSH Private keys (these may show up on CSS devices) |
Note: Any changes to the settings will take effect from the next discovery and benchmark task.
Build L3 Topology Option
Check Box |
Default Value |
Description |
|---|---|---|
Use the main class mask to calculate L3 topology for an IP without mask |
Disabled |
Control whether to calculate L3 topology for IP addresses that do not have masks. When this option is enabled, the system calculates L3 topology for theses IP addresses by borrowing the masks of their main class network addresses. |
Automatically create zones and assign VRF interface based on VRF names |
Disabled |
Control whether to automatically create zones based on VRF names. If this function is enabled, the system does the following when detecting two interfaces configured with the same IP address but different VRFs. 1.Create a zone per VRF after the IPv4 L3 topology is built. 2.Move the two interfaces to the corresponding zone according to its configured VRF. |
Note: Any changes to the settings will take effect from the next L3 topology calculation.
Build L2 Topology Option
Field/Check Box |
Default Value |
Description |
|---|---|---|
Minimum subnet mask |
16 |
The minimum bits of subnet mask of LANs that the system can calculate when building L2 topology. |
Filter DHCP Entries |
Disabled |
If enabled, the system filters out the outdated DHCP entries and only keeps the latest IP addresses when building build L2 topology. |
Only save One-IP table entries that have values in Switch Port or DNS Name parameter |
Enabled |
If enabled, the system only saves entries with switch ports and DNS names in the One-IP table. It helps decrease the storage size and increase the query efficiency of the One-IP table. |
Note: Any changes to the settings will take effect from the next L2 topology calculation.
Configure Email Alerts for Qapp
Option |
Sample Email |
|---|---|
Merge all alerts in one email (default) |
▪Sample Email Title: xxx errors xxx warning detected in Domain_Name
|
Separate alert emails for different tasks |
▪Sample Email Title: xxx errors xxx warning detected in Task_Name ▪Sample Email For Task 1: ▪Sample Email For Task 2: |
Separate alert emails for different objects (devices or paths) |
▪Sample Email Title For Device: xxx errors xxx warning detected on Device_Name ▪Sample Email For Device 1: ▪Sample Email For Device 2: |
▪Sample Email Title For Path: xxx errors xxx warning detected on Path_Name ▪Sample Email For Path: |
|
Duplicate an alert in emails when alert count increases by X |
The delta threshold (X) controls when the system will email an alert again if it is repetitively recurring and increasingly reaches the value. By default, the value is 60. |
Access Credential for Telnet/SSH CLI, Smart CLI and Change Management
Specify to use the private or shared credentials for SSH/Telnet CLI access, Smart CLI access and network change management.
Option |
Description |
|---|---|
Use Private Credentials and Shared Privilege Credentials (default) |
Use the credentials defined in the Private CLI Settings to log in to devices and then use privilege credentials defined in the Shared Device Settings to enter the privileged mode. |
Use Private Credentials and Private Privilege Credentials |
Use the credentials in the Private CLI Settings to log in to devices and then use privilege credentials defined in the Private Device Settings to enter the privileged mode. |
Use Shared Credentials and Shared Privilege Credentials |
Use the credentials defined in the Shared Device Settings to log in to devices and then use privilege credentials defined in the Shared Device Settings to enter the privileged mode. |
Live Access
Field/Check Box |
Default Value |
Description |
|
|---|---|---|---|
Timeout |
SNMP |
2 seconds |
The timeout value when an SNMP request does not get a reply. That is, the maximum time for the Front Server to monitor, discover live paths, retrieve ARP/MAC tables, and obtain interface indexes by SNMP. If your network is unstable or slow, configure a larger number. |
CLI |
30 seconds |
The timeout value when a CLI request does not get a reply. That is, the maximum time for the Front Server to retrieve route/ARP/MAC tables, configuration files, and other data by Telnet/SSH. If your network is unstable or slow, configure a larger number. |
|
SNMP Hostname |
Trim all strings after dot in SNMP hostname (default) |
Enabled |
Trim all strings after the first dot in an SNMP hostname and use the remaining strings as the hostname in the system. For example, if the original SNMP hostname is "router.netbrain.tech.com", it will be parsed into "router". |
Trim following domain names from SNMP hostname |
Disabled |
Trim the specified domain names from an SNMP hostname. For example, if you enter the ".tech.com" string as input, the "router.netbrain.tech.com" string will be parsed into "router.netbrain". Tip: Use || as the separation character for multiple strings. Press the Enter key to wrap text to the next line. |
|
Management Interface Selection Order |
management;loopback;vlan;ve;ethernet |
The order of interface types used to set the management interface of a device. When the system retrieves live data for a device, it accesses the device through its management IP address in the Shared Device Settings. In the tuning live access process, the system can reset the management IP address by following the management interface selection order. Note: The management IP addresses of all devices in the domain will change immediately if they are in unlocked status in the Shared Device Settings. |
|
Polling Order |
Trying to login device directly, then login via Jumpbox |
Enabled |
Attempt to directly log in to devices via Front Server first. If the direct login fails, then the Front Server will attempt to connect to the Jumpbox to log in to the device. |
Trying to login device via Jumpbox, then login directly |
Disabled |
Attempt to log in to devices via Jumbox first and then attempt direct login through Front Server if the login via Jumpbox fails. |
|
If ping fails, don't try Telnet/SSH in Tune Live Access and Seed Discovery |
Enabled |
Disable the use of Telnet/SSH access method in the tuning live access and seed discovery features when ping fails. |
|
If ping fails, don't try SNMP/Telnet/SSH in Scan IP Range |
Enabled |
Disable the use of SNMP/Telnet/SSH access method to access a device in the scanning IP range feature when ping fails. |
|
Third Party Telnet/SSH Tool |
Enable Telnet/SSH CLI via third party tool |
Disabled |
Determine whether to call third-party Telnet/SSH tools in NetBrain systems. See Logging in to a device via CLI for details. |
SSH Fingerprint Check |
Enable SSH Fingerprint Check and Auto Fill-in Fingerprint Key to the Devices |
Disabled |
Determine whether to use fingerprint for authentication when logging in to the device via SSH. |
Note: Any changes to the settings will take effect from the next discovery and benchmark task.
Others
Field |
Default Value |
Description |
|
|---|---|---|---|
Max Route Table Entries |
10000 |
The maximum route entries that the system can retrieve from the routing table of a device in a discovery or benchmark task. |
|
Limit how parser original results are saved |
Minimum Time Interval |
6 hours |
The minimum time interval that the system automatically saves the original result of a parser. |
Maximum Size |
2 MB |
The maximum size of the original result of a parser that the system can save. |
|
Note: Any changes to the settings will take effect from the next discovery or benchmark task.