The Cisco FindIT Network Management is a software that allows you to easily manage your whole network including your Cisco devices through your web browser. It automatically discovers, monitors, and configures all supported Cisco devices in your network. This software also sends you notification about firmware updates and information about the devices in your network that are no longer supported by warranty.
The Cisco FindIT Network Management has two separate components: a single Manager known as the FindIT Network Manager and one or more Probes known as the FindIT Network Probe.
This article contains the frequently asked questions in setting up, configuring, and troubleshooting the Cisco FindIT Network Management and their answers.
FindIT uses a variety of protocols to discover and manage the network. The exact protocol being used for a particular device varies depending on the device type. These protocols include:
Multicast Domain Name System (mDNS) and DNS Service Discovery — This protocol is also known as Bonjour. It locates devices such as printers, other computers, and the services that those devices offer on a local network. To learn more about mDNS, click here. For more information on DNS Service Discovery, click here.
Cisco Discovery Protocol (CDP) — A Cisco proprietary protocol used to share information about other directly connected Cisco equipment, such as the operating system version and IP address.
Link Layer Discovery Protocol (LLDP) — A vendor neutral protocol used to share information about other directly connected equipment, such as the operating system version and IP address.
Simple Network Management Protocol (SNMP) — A network management protocol used for collecting information and configuring network devices such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.
RESTCONF — An Internet Engineering Task Force (IETF) draft that describes how to map a Yet Another Next Generation (YANG) data modeling language specification to a RESTful interface. To know more, click here.
The FindIT Network Probe builds an initial list of devices in the network from listening to CDP, LLDP, and mDNS advertisements. The Probe then connects to each device using a supported protocol and gathers additional information such as CDP and LLDP adjacency tables, Media Access Control (MAC) address tables, and associated device lists. This information is used to identify additional devices in the network, and the process repeats until all devices have been discovered.
The Port Management illustrations are drawn based on the list of ports provided by the device via the management protocols. When in stacking mode, the stack ports are considered to be an internal connection within the stack, so the device does not include these ports in the lists provided via the management protocols.
New devices will be added to the default device group. If configuration profiles have been assigned to the default device group, then that configuration will also be applied to newly discovered devices.
Any Virtual Local Area Network (VLAN) or Wireless Local Area Network (WLAN) configuration associated with profiles that are currently applied to the original device group and are not applied to the new device group will be removed, and VLAN or WLAN configuration associated with profiles that are applied to the new group and are not applied to the original group will be added to the device. System configuration settings will be overwritten by profiles applied to the new group. If no system configuration profiles are defined for the new group, then the system configuration for the device will not change.
All communication between the Manager and the Probe is encrypted using a Transport Layer Security (TLS) 1.2 session authenticated with client and server certificates. The session is initiated from the Probe to the Manager. At the time the association between the Manager and Probe is first established, the user must log on to the Manager from the Probe, at which point the Manager and Probe exchange certificates to authenticate future communications.
No. When FindIT discovers a supported Cisco device, it will attempt to access the device using the factory default credentials for that device with the default username and password: cisco, or the default SNMP community: public. If the device configuration has been changed from the default, then it will be necessary for the user to supply correct credentials to FindIT.
Credentials for accessing FindIT are irreversibly hashed using the SHA512 algorithm. Credentials for devices and other services, such as the Cisco Active Advisor, are reversibly encrypted using the AES-128 algorithm.
If you have lost the password for all the admin accounts in the Administration GUI, you can reset the password by logging on the console of the Probe or Manager and running the recoverpassword tool. This tool resets the password for the cisco account to the default of cisco, or, if the cisco account has been removed, it will recreate the account with the default password. Following is an example of the commands to be provided in order to reset the password using this tool.
FindIT Network Management tunnels the remote access session between the device and the user. The protocol used will depend on the end device configuration, but FindIT will always establish the session using a secure protocol if one is enabled (e.g. HTTPS will be preferred over HTTP). If the user is connecting to the device via the Manager, the session will pass through an encrypted tunnel as it passes between the Manager and the Probe, regardless of the protocols enabled on the device.
When you access a device via FindIT Network Management, the browser sees each connection as being with the same web server (FindIT) and so will present cookies from each device to every other device. If multiple devices use the same cookie name, then there is the potential for one device cookie to be overwritten by another device. This is most often seen with session cookies, and the result is that the cookie is only valid for the most recently visited device. All other devices that use the same cookie name will see the cookie as being invalid and will logout the session.
After doing many remote access sessions with different devices, the browser will have a large number of cookies stored for the Probe domain. To work around this problem, use the browser controls to clear cookies for the domain and then reload the page.
The Manager uses the CentOS Linux distribution for an operating system. The packages and kernel may be updated using the standard CentOS processes. For example, to perform a manual update, log on to the console as the cisco user and enter the command sudo yum -y update. The system should not be upgraded to a new CentOS release, and no additional packages should be installed beyond those included in the virtual machine image supplied by Cisco.
The Probe uses OpenWRT for an operating system. Included packages may be updated using the opkg tool. For example, to update all packages on the system, log on to the console as the cisco user and enter the command update-packages. When necessary, kernel updates will be provided by Cisco as part of a new version of the Probe. No additional packages should be installed beyond those included in the virtual machine image supplied by Cisco.
The Cisco FindIT Kaseya Plugin is designed to increase operational efficiency by tightly integrating Cisco FindIT Network Manager with the Kaseya Virtual System Administrator (VSA). The Cisco FindIT Kaseya Plugin offers powerful features including action management, dashboards, device discovery, network topology, remote device management, actionable alerts and event history.
The Plugin is designed to be extremely easy to install, requiring only a few clicks. It complies with all third-party integration requirements for Kaseya on-premise VSA versions 9.3 and 9.4. To learn more, click here.